Hi,I'm running OpenWRT von AR9003 (ath9k, Kernel 3.7.6 with compat-wireless 2013-01-07 and openwrt patches) cards and have trouble using vlans. In the test setup, two STAs connect using WPA (CCMP only) and are assigned into the same VLAN.
The VLAN device is bridged by hostapd.With the first STA, everything is fine. Then the second STA connects. Now hostapd sets it pairwise keys and moves the STA into the VLAN-WLAN-device (i.e. wlan0_2.501). Then, the broadcasts start to be encryted with the GTK of the primary wlan device (i.e. wlan0_2), although wlan0_2.501 is in the bridge. Hostapd did not change the GTK of any device while this happens. As soon as the second STA disconnects, the AP encrypts using the original key again. Sending broadcasts from the STA to the AP works fine, though.
Debug:I modified hostapd / wpa_supplicants driver_nl80211.c to print the keys whenever set_key is called, which uses nl80211's ADD_KEY/SET_KEY api. Further, the kernel was patched to print the key used to encrypt broadcasts packets by editing net/mac80211/tx.c:ieee80211_tx_h_select_k in the "else if (is_multicast_ether_addr(hdr->addr1)" section to call pr_err using the content of key->conf.key.
Logs:The first STA configures the GTK, sees broadcasts (router advertisments) incoming. The the second STAs connects and the first STA no longer receives (decrypted) broadcasts from the AP. AP Logs are attached. wlan0 has neither ipv4 nor ipv6 address assigned nor is it in any bridge. wlan0_2.501 is in a bridge. There is only one bssid (wlan0). First, you see hostapd assigning GTK to wlan0 and wlan0_2.501. Then thinks work fine, the wrong key is only used rarely. Then the second STA connects. A few packets later, the wrong key gets used mostly. Then the second STA disconnects. Almost immediately the good key is used again.
Any hints? Thanks alot! M. Braun
Attachment:
ap-log-20130212.txt.xz
Description: Binary data
