Am 06.12.2015 um 10:54 schrieb Jouni Malinen: > On Sun, Nov 01, 2015 at 05:10:01PM +0100, Michael Braun wrote: >> This series introduces to hostapd: >> * tagged VLAN support (RADIUS EGRESS_VLAN) >> * per station AP_VLAN interface option >> * RADIUS EGRESS_VLAN attribute support also for untagged VLANs > > Thanks. Could you please rebase this on top of the current master > branch? There were some changes in src/ap/ieee802_11_auth.c a week or so > before you sent this set and it conflicts with the first patch. > > Please also add the copyright/license header to any new source code file > that gets added. ok >> Why per station AP_VLAN interface option? >> It brings >> * per station group key for security >> * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast >> conversion in kernel for all traffic. >> non-upstream patch for mac80211: [1] > > Could you please clarify what happens if that non-upstream patch is not > there? Would it be possible to first submit only the hostapd changes > that do not depend on any non-upstream patch? This change is about creating a unique AP_VLAN interface per station connected. This is independed from tagged VLAN support as such but benefits from common infrastructure (e.g. ap_sta_get_free_vlan_id). The series v2 will move per-sta-vif changes on top of tagged vlan support. Creating an AP_VLAN interface per station works regardless of whether the uplink changes are present or not. Even without upstream kernel patch per station group key and ebtables filtering become trivially available. Thought, the change also results in each multicast packet being submitted once per station at broadcast rate. Enabling IGMP/MLD snooping at bridg level will suppress this for those stations not subscribed to the target multicast group. The non-upstream kernel change is aiming at speeding this up by not using the broadcast rate but instead converting to unicast first, resulting in faster rates to be used for packet transmission a long with better reliability. >> radius: add tagged vlan parsing >> radius: add EGRESS_VLANID to radius name attribute dumper > > It would make sense to merge these into a single patch. The second one > looks like something was forgotten from the first one.. The second one is for debug out readability only, but anyway they got squashed in v2. Thanks, M. Braun _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap