atheros broadcast/multicast corruption with multiple hostap's
Sam Leffler
sam at errno.com
Sun Jan 17 18:45:04 UTC 2010
Russell Yount wrote:
>
>
> On Sat, Jan 16, 2010 at 3:21 PM, Sam Leffler <sam at errno.com
> <mailto:sam at errno.com>> wrote:
>
> Russell Yount wrote:
>
> It seems AP to client broadcasts/multicasts traffic is
> broken when using WPA2/802.11i with multiple hostapds in 8.0.
>
> Only the SSID associated with the last hostapd to be started has
> AP to client broadcasts/multicasts being delivered correctly.
>
> The AP and client are 8.0 freebsd systems althought I see same
> problems with windows XP as a client.
>
> The AP has 4 hostapds configured to use TLS with client
> certificates for
> authentication. (hostapd recompiled with
> HOSTAPD_CFLAGS=-DEAP_SERVER)
> The AP and client radio are shown as ath0: AR5212 mac 5.9 RF5112
> phy 4.3
> in dmesg.
>
> Client authenticate using client certificates associate correctly
> to all 4 SSIDs. Unicast traffic flows correctly between clients
> and AP
> for all for 4 SSIDs. Client to AP broadcast/multicast traffic works
> on of 4 SSIDs. AP to client broadcast/multicast traffic only works
> on 1 of the SSIDs. I have documented this using ARP broadcasts,
> but normal IP broadcasts also observed to corrupted.
>
> When an ARP request is send through the AP to an associated client
> it seems to be trashed on any of the SSID except the one associated
> with the last hostapd to be started. Here is the output of
> client side
> tcpdump showing the problems.
>
> In the first client side tcpdump with the hostapd associated
> with the SSID
> being associaed with the last hostapd started and the traffic
> flowing
> normally.
>
> In the second client side tcpdump with the hostapd associated
> with the SSID
> being not the last hostapd started the ARP request is resent
> multiple times
> and appears corrupted.
>
> I would really like to find a fix for this.
> Any help would be greatly appreciated.
>
>
> This sounds like the crypto encap of the frame is clobbering the
> mbuf contents. You can verify this by setting up multiple vaps w/o
> WPA. If this is the problem look for the mbuf copy logic for mcast
> frames and make sure a deep copy is done.
>
> Sam
>
>
>
>
> The four VAPs broadcast traffic works find without WPA if I do not start
> hostapds on them
>
> I have been trying to discovery why broadcast traffic only works
> correctly on the VAP associated with the last hostapd to be started. I
> have move with VAP has the working broadcast traffic by restarting the
> hostapd
> associated with it.
>
> It would seem something in the WPA/802.1x layer initialization remembers
> which hostapd was started last and that affected the crypto encap.
>
> I keep looking but do not see any place in the code that could account
> for this.
>
> It seems the corrupt crypto encap also happens on broadcast between
> stations.
> Please correct me if I am wrong:
> but when using hostapd normally traffic is bridged withing the card.
> So if a station sends to the VAP a broadcast it is actaully sending a
> non- broadcast frame to the AP
> and the AP sends the frame to all the other stations.
I told you waht the likely problem is. Look in the net80211 layer in
the kernel for the problem.
Sam
More information about the freebsd-stable
mailing list