From: Michael Braun <michael-dev@xxxxxxxxxxxxx> This series introduces to hostapd: * tagged VLAN support (RADIUS EGRESS_VLAN) * per station AP_VLAN interface option * RADIUS EGRESS_VLAN attribute support also for untagged VLANs Why per station AP_VLAN interface option? It brings * per station group key for security * enables reuse of bridge IGMP/MLD snooping when doing multicast to unicast conversion in kernel for all traffic. non-upstream patch for mac80211: [1] * finer inter station traffic filtering using ebtables (traffic forwarded by an AP between stations connected locally) Actually, this change is really small when on top of tagged vlan support. How does this approach differ from the previous ones? * struct hostapd_vlan gets defined to be per AP_VLAN, as it is already. * int vlan_id points to a valid struct hostapd_vlan, as it is already. * Uplink configuration becomes a fixed size struct vlan_description that is independent from int vlan_id. This means no extra reference counting is needed, but there is a compile-limit for the maximum number of tagged vlans that can be applied to a single station. So multiple struct hostapd_vlan within a single BSS can share an uplink configuration (before they this could only happen within different BSS). * Uplink configuration is 1. read from RADIUS or file 2. copied to struct sta_info (when int vlan_id is set), 3. copied to struct hostapd_vlan 4. and then applied. So all other places can stick with int vlan_id. * When neither tagged vlan nor per station AP_VLAN interface is used, int vlan_id will continue to be equal the untagged vlan id requested. Stations with tagged vlans or per station AP_VLAN will have vlan_id > 4096. This change also enables easy addition of other uplink configuration options as they only need a config parser (for example in RADIUS), a member in struct vlan_description and code that applies this settings to the AP_VLAN interface. Example: add per station tagged_interface settings configured from RADIUS. Regards, M. Braun [1] http://git.fem.tu-ilmenau.de/?p=fem-wlan.git;a=blob;f=package/kernel/mac80211/patches/984-multicast-as-unicast.patch;h=98690557779ca6127281e878528cbdf2c8d5194d;hb=refs/heads/femwlan_stage2.kernel3.18.11 v2: rebase onto current HEAD and address comments v3: address comments on v2 regarding memory usage and struct comparison I still cannot reproduce the issues with the tests mentioned. Could you please send me hwsim test logs for those? Michael Braun (12): Separate station grouping and uplink configuration radius: add tagged vlan parsing vlan: factor out per-vid code in newlink/dellink VLAN: actually add tagged vlans to AP_VLAN vlan: add per-sta vif option wpa_supplicant: parse ifname argument from DATA_TEST_CONFIG test: verify tagged-only connectivity test: verify test_ap_vlan_iface_cleanup_multibss with per_sta_vif test: sta assigned to vif under per_sta_vif test: untagged vlan id with EGRESS_VLANID radius attribute test: verify connectivity with untagged/tagged mixed configuration test: verify correct vlan after rsn pre-authentication hostapd/Makefile | 1 + hostapd/config_file.c | 8 +- hostapd/ctrl_iface.c | 8 +- hostapd/hostapd.conf | 11 + src/ap/ap_config.c | 20 +- src/ap/ap_config.h | 10 +- src/ap/ieee802_11.c | 30 +-- src/ap/ieee802_11_auth.c | 35 +-- src/ap/ieee802_11_auth.h | 6 +- src/ap/ieee802_1x.c | 58 +++-- src/ap/pmksa_cache_auth.c | 25 ++- src/ap/pmksa_cache_auth.h | 2 +- src/ap/sta_info.c | 159 +++++++++++--- src/ap/sta_info.h | 8 +- src/ap/vlan.c | 27 +++ src/ap/vlan.h | 30 +++ src/ap/vlan_init.c | 312 +++++++++++++++++---------- src/ap/vlan_init.h | 11 +- src/ap/wpa_auth_ie.c | 7 +- src/radius/radius.c | 57 ++++- src/radius/radius.h | 4 +- tests/hwsim/auth_serv/eap_user.conf | 12 ++ tests/hwsim/multi-bss-iface-per_sta_vif.conf | 42 ++++ tests/hwsim/test_ap_vlan.py | 93 +++++++- tests/hwsim/test_pmksa_cache.py | 7 + wpa_supplicant/ctrl_iface.c | 10 +- 26 files changed, 772 insertions(+), 221 deletions(-) create mode 100644 src/ap/vlan.c create mode 100644 src/ap/vlan.h create mode 100644 tests/hwsim/multi-bss-iface-per_sta_vif.conf -- 2.1.4 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap