From patchwork Thu Nov 18 15:36:27 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helmut Schaa X-Patchwork-Id: 336651 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oAIFatFr008844 for ; Thu, 18 Nov 2010 15:36:55 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1759020Ab0KRPgx (ORCPT ); Thu, 18 Nov 2010 10:36:53 -0500 Received: from mail-yx0-f174.google.com ([209.85.213.174]:41392 "EHLO mail-yx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753255Ab0KRPgw (ORCPT ); Thu, 18 Nov 2010 10:36:52 -0500 Received: by yxf34 with SMTP id 34so1889091yxf.19 for ; Thu, 18 Nov 2010 07:36:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:date :message-id:x-mailer; bh=3yYQj/1tPzfDO62wu/Tr2dB+ASeThhHFp3sd/tcdh9g=; b=Y3o6d9rEI3yQcc2/01mfU1uea4zIi1i4tCL80FPnSQ95DD2Wfy64sI1znG4Cjk9DBx 5Vwhwd+/gxV0bDTj5/01ZTSflztMg9XdPb0FA4KbIoC6u8lNRzBknvnLD3NSQMzW0VZo 8Yc+zXksbdc3Wou/X3OHPx6rS8HuvKJzllzTA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; b=jj3/8eOsjAy3Do/ka2RayRIGCIkOiGQqnO9xnb/dZ/j1wOhP2dF3ImUVzPS1oQHk7v 8TY7D9ZId1O9pYmyHbAl87hcoqnoDhpzLlQcXLM40A+23c4Bj57Qw+SY+FpQ8o2ypd7I ikaRRnEG1jWotjUIvagg4eCDyGz/od8zkv2RA= Received: by 10.204.66.148 with SMTP id n20mr695833bki.137.1290094610259; Thu, 18 Nov 2010 07:36:50 -0800 (PST) Received: from localhost.localdomain (p5495B17C.dip.t-dialin.net [84.149.177.124]) by mx.google.com with ESMTPS id v1sm291789bkt.5.2010.11.18.07.36.47 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 18 Nov 2010 07:36:48 -0800 (PST) From: Helmut Schaa To: "John W. Linville" Cc: linux-wireless@vger.kernel.org, Helmut Schaa , Johannes Berg Subject: [PATCH] mac80211: Use sw crypto for GTKs on AP VLAN interfaces Date: Thu, 18 Nov 2010 16:36:27 +0100 Message-Id: <1290094587-5387-1-git-send-email-helmut.schaa@googlemail.com> X-Mailer: git-send-email 1.7.1 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Thu, 18 Nov 2010 15:36:55 +0000 (UTC) different AP VLAN interfaces. However, mac80211 drivers are not aware of AP VLAN interfaces and as such mac80211 sends the GTK to the driver in the context of the base AP mode interface. This causes problems when multiple AP VLAN interfaces are used since the driver will use the same key slot for the different GTKs (there's no way for the driver to distinguish the different GTKs from different AP VLAN interfaces). Thus, only the clients associated to one AP VLAN interface (the one that was created last) can actually use broadcast traffic. Fix this by not programming any GTKs for AP VLAN interfaces into the hw but fall back to using software crypto. The GTK for the underlying AP interface is still sent to the driver. That means, broadcast traffic to and from stations associated to an AP VLAN interface is encrypted and decrypted in software whereas broadcast traffic to and from stations associated to the non-VLAN AP interface is encrypted end decrypted in hardware. Cc: Johannes Berg Signed-off-by: Helmut Schaa --- This incidentally also fixes the mac8011 oops related to AP VLAN interfaces I've reported earlier. If we want to support hardware crypto for broadcast traffic on AP VLAN interfaces we'd either need to switch to per station GTKs or need to make drivers aware of VLAN interfaces. Not sure if it's worth it. At least current rt2x00 devices won't be able to support that due to the limited amount of available key space. net/mac80211/key.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/net/mac80211/key.c b/net/mac80211/key.c index ccd676b..72df1ca 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -84,10 +84,17 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) goto out_unsupported; sdata = key->sdata; - if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) + if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { + /* + * The driver doesn't know anything about VLAN interfaces. + * Hence, don't send GTKs for VLAN interfaces to the driver. + */ + if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) + goto out_unsupported; sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap); + } ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);