On Sun, Nov 01, 2015 at 05:10:01PM +0100, Michael Braun wrote: > This series introduces to hostapd: > * tagged VLAN support (RADIUS EGRESS_VLAN) > * per station AP_VLAN interface option > * RADIUS EGRESS_VLAN attribute support also for untagged VLANs Thanks. Could you please rebase this on top of the current master branch? There were some changes in src/ap/ieee802_11_auth.c a week or so before you sent this set and it conflicts with the first patch. Please also add the copyright/license header to any new source code file that gets added. > Why per station AP_VLAN interface option? > It brings > * per station group key for security > * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast > conversion in kernel for all traffic. > non-upstream patch for mac80211: [1] Could you please clarify what happens if that non-upstream patch is not there? Would it be possible to first submit only the hostapd changes that do not depend on any non-upstream patch? > radius: add tagged vlan parsing > radius: add EGRESS_VLANID to radius name attribute dumper It would make sense to merge these into a single patch. The second one looks like something was forgotten from the first one.. PS. It would be nice to get this set on the mailing list so that others who might be interested in reviewing it would get a chance to do so. I'm including the full cover letter of the set below for reference: This series introduces to hostapd: * tagged VLAN support (RADIUS EGRESS_VLAN) * per station AP_VLAN interface option * RADIUS EGRESS_VLAN attribute support also for untagged VLANs Why per station AP_VLAN interface option? It brings * per station group key for security * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast conversion in kernel for all traffic. non-upstream patch for mac80211: [1] * finer inter station traffic filtering using ebtables (traffic forwarded by an AP between stations connected locally) Actually, this change is really small when on top of tagged vlan support. How does this approach differ from the previous ones? * struct hostapd_vlan gets defined to be per AP_VLAN, as it is already. * int vlan_id points to a valid struct hostapd_vlan, as it is already. * Uplink configuration becomes a fixed size struct vlan_description that is independent from int vlan_id. This means no extra reference counting is needed, but there is a compile-limit for the maximum number of tagged vlans that can be applied to a single station. So multiple struct hostapd_vlan within a single BSS can share an uplink configuration (before they this could only happen within different BSS). * Uplink configuration is 1. read from RADIUS or file 2. copied to struct sta_info (when int vlan_id is set), 3. copied to struct hostapd_vlan 4. and then applied. So all other places can stick with int vlan_id. * When neither tagged vlan nor per station AP_VLAN interface is used, int vlan_id will continue to be equal the untagged vlan id requested. Stations with tagged vlans or per station AP_VLAN will have vlan_id > 4096. This change also enables easy addition of other uplink configuration options as they only need a config parser (for example in RADIUS), a member in struct vlan_description and code that applies this settings to the AP_VLAN interface. Example: add per station tagged_interface settings configured from RADIUS. Regards, M. Braun [1] http://git.fem.tu-ilmenau.de/?p=fem-wlan.git;a=blob;f=package/kernel/mac80211/patches/984-multicast-as-unicast.patch;h=98690557779ca6127281e878528cbdf2c8d5194d;hb=refs/heads/femwlan_stage2.kernel3.18.11 Michael Braun (13): Separate station grouping and uplink configuration add per-sta vif option radius: add tagged vlan parsing vlan: factor out per-vid code in newlink/dellink vlan: actually add tagged vlans to vif test: verify test_ap_vlan_iface_cleanup_multibss with per_sta_vif test: test sta assigned to vif under per_sta_vif test: test untagged vlan id with EGRESS_VLANID radius attribute radius: add EGRESS_VLANID to radius name attribute dumper wpa_supplicant: parse ifname argument from DATA_TEST_CONFIG test: verify tagged-only connectivity test: verify connectivity with untagged/tagged mixed configuration test: verify correct vlan after rsn pre-authentication hostapd/config_file.c | 8 +- hostapd/ctrl_iface.c | 10 +- hostapd/hostapd.conf | 3 + src/ap/ap_config.c | 19 +- src/ap/ap_config.h | 10 +- src/ap/ieee802_11.c | 30 +-- src/ap/ieee802_11_auth.c | 28 ++- src/ap/ieee802_11_auth.h | 3 +- src/ap/ieee802_1x.c | 58 +++-- src/ap/pmksa_cache_auth.c | 7 +- src/ap/pmksa_cache_auth.h | 2 +- src/ap/sta_info.c | 161 +++++++++++--- src/ap/sta_info.h | 8 +- src/ap/vlan.h | 12 ++ src/ap/vlan_init.c | 308 +++++++++++++++++---------- src/ap/vlan_init.h | 11 +- src/radius/radius.c | 55 ++++- src/radius/radius.h | 4 +- tests/hwsim/auth_serv/eap_user.conf | 12 ++ tests/hwsim/multi-bss-iface-per_sta_vif.conf | 43 ++++ tests/hwsim/test_ap_vlan.py | 91 +++++++- tests/hwsim/test_pmksa_cache.py | 7 + wpa_supplicant/ctrl_iface.c | 10 +- wpa_supplicant/tests/link_test.c | 3 +- 24 files changed, 688 insertions(+), 215 deletions(-) create mode 100644 src/ap/vlan.h create mode 100644 tests/hwsim/multi-bss-iface-per_sta_vif.conf -- 2.1.4 -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap