From patchwork Fri Nov 19 07:11:01 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helmut Schaa X-Patchwork-Id: 338601 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.3) with ESMTP id oAJ7BTrk008112 for ; Fri, 19 Nov 2010 07:11:30 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751174Ab0KSHL2 (ORCPT ); Fri, 19 Nov 2010 02:11:28 -0500 Received: from mail-bw0-f46.google.com ([209.85.214.46]:49008 "EHLO mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750754Ab0KSHL1 (ORCPT ); Fri, 19 Nov 2010 02:11:27 -0500 Received: by bwz15 with SMTP id 15so3597857bwz.19 for ; Thu, 18 Nov 2010 23:11:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:from:to:cc:subject:date :message-id:x-mailer:in-reply-to:references; bh=rBFwGCI5erBpeWrZ5HRP8DzRVZky7lMTQWkS1uqnDzI=; b=o3swQoS1NOiK8HuT9ClTFLwwqqnW9F0MzAqiq+XrI9LfgpB4GRDKZh5WwtUTt6vnrd Mk2sw99A4mcN4eWbfE7yHiIWGjSj6+8CmJ3xz6ooLRlURA6gcu8X0K40KQL6afg4FTHX 8dgdbgkHHRzM3z7JSVuAZWwBC0ZuZz4O7/0tk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; b=FH8HztjvDdOw5wPMEhVDH5u879P313Se1jUd8VJPp4BiiOXGpISVxEtmoJgqrpMpN/ gNe9Y+gt4kRs3Vo4OzIpCg3131ACcZL/M0s6IP07fzDdy40vdlMqTOgFsLoJH5luWW4E WXYFCDu9ARWIpEQe3Fh4gs5eX9t1ZgM0MP3cA= Received: by 10.204.65.10 with SMTP id g10mr1663737bki.16.1290150686583; Thu, 18 Nov 2010 23:11:26 -0800 (PST) Received: from localhost.localdomain (p5495FCE2.dip.t-dialin.net [84.149.252.226]) by mx.google.com with ESMTPS id p34sm659822bkf.15.2010.11.18.23.11.24 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 18 Nov 2010 23:11:25 -0800 (PST) From: Helmut Schaa To: "John W. Linville" Cc: linux-wireless@vger.kernel.org, Helmut Schaa , Johannes Berg Subject: [PATCHv2] mac80211: Disable hw crypto for GTKs on AP VLAN interfaces Date: Fri, 19 Nov 2010 08:11:01 +0100 Message-Id: <1290150661-23541-1-git-send-email-helmut.schaa@googlemail.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1290094587-5387-1-git-send-email-helmut.schaa@googlemail.com> References: <1290094587-5387-1-git-send-email-helmut.schaa@googlemail.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter1.kernel.org [140.211.167.41]); Fri, 19 Nov 2010 07:11:30 +0000 (UTC) different AP VLAN interfaces. However, mac80211 drivers are not aware of AP VLAN interfaces and as such mac80211 sends the GTK to the driver in the context of the base AP mode interface. This causes problems when multiple AP VLAN interfaces are used since the driver will use the same key slot for the different GTKs (there's no way for the driver to distinguish the different GTKs from different AP VLAN interfaces). Thus, only the clients associated to one AP VLAN interface (the one that was created last) can actually use broadcast traffic. Fix this by not programming any GTKs for AP VLAN interfaces into the hw but fall back to using software crypto. The GTK for the underlying AP interface is still sent to the driver. That means, broadcast traffic to stations associated to an AP VLAN interface is encrypted in software whereas broadcast traffic to stations associated to the non-VLAN AP interface is encrypted in hardware. Cc: Johannes Berg Signed-off-by: Helmut Schaa --- Changes since v1: * Fix commit message net/mac80211/key.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/net/mac80211/key.c b/net/mac80211/key.c index ccd676b..72df1ca 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -84,10 +84,17 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) goto out_unsupported; sdata = key->sdata; - if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) + if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { + /* + * The driver doesn't know anything about VLAN interfaces. + * Hence, don't send GTKs for VLAN interfaces to the driver. + */ + if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) + goto out_unsupported; sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap); + } ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);