aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHelmut Schaa <helmut.schaa@googlemail.com>2010-11-19 02:11:01 -0500
committerJohn W. Linville <linville@tuxdriver.com>2010-11-22 15:48:51 -0500
commit18890d4b89d8507ad09289f6f57a71591c7e9e83 (patch)
treea183e9035f004f4e7676c59aab5679c74661c961
parentb2e253cf300c5e33f49b7dd8b593bfc722177401 (diff)
mac80211: Disable hw crypto for GTKs on AP VLAN interfaces
When using AP VLAN interfaces, each VLAN interface should be in its own broadcast domain. Hostapd achieves this by assigning different GTKs to different AP VLAN interfaces. However, mac80211 drivers are not aware of AP VLAN interfaces and as such mac80211 sends the GTK to the driver in the context of the base AP mode interface. This causes problems when multiple AP VLAN interfaces are used since the driver will use the same key slot for the different GTKs (there's no way for the driver to distinguish the different GTKs from different AP VLAN interfaces). Thus, only the clients associated to one AP VLAN interface (the one that was created last) can actually use broadcast traffic. Fix this by not programming any GTKs for AP VLAN interfaces into the hw but fall back to using software crypto. The GTK for the underlying AP interface is still sent to the driver. That means, broadcast traffic to stations associated to an AP VLAN interface is encrypted in software whereas broadcast traffic to stations associated to the non-VLAN AP interface is encrypted in hardware. Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/mac80211/key.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index ccd676b2f599..72df1ca7299b 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -84,10 +84,17 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
84 goto out_unsupported; 84 goto out_unsupported;
85 85
86 sdata = key->sdata; 86 sdata = key->sdata;
87 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 87 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
88 /*
89 * The driver doesn't know anything about VLAN interfaces.
90 * Hence, don't send GTKs for VLAN interfaces to the driver.
91 */
92 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
93 goto out_unsupported;
88 sdata = container_of(sdata->bss, 94 sdata = container_of(sdata->bss,
89 struct ieee80211_sub_if_data, 95 struct ieee80211_sub_if_data,
90 u.ap); 96 u.ap);
97 }
91 98
92 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 99 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
93 100