-
Notifications
You must be signed in to change notification settings - Fork 41
-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dynamic VLANs Broken, Possible GTK Issue #13
Comments
After reading through the hostapd thread linked, I suspect this is more than just a firmware issue. Maybe a potential fix is to modify my firmware (and probably the driver) to send some VLAN broadcast frames as raw software-encrypted frames, and normal peer traffic as 'hardware-crypted' frames. This is not a simple task, and I will most likely not try to work on this until I find some customer wanting to pay for this or similar features. |
Thanks for taking the time to review this. I was afraid that the issue was going to be complicated to resolve. If it indeed is (to some extent, at least) a firmware issue, as it appears, it is also pretty much impossible to fix without someone with access to the firmware sources. As for your proposed solution, wouldn't multicast traffic then have to be software encrypted? That seems like a downside, although it's still better than the current situation. I understand that this won't be prioritised for fixing, especially if it's a complicated procedure. I also don't think that I'm prepared to sponsor the entire cost of developing this feature, as acquiring equipment from some other vendor (like Broadcom chipsets) is going to be cheaper and more reliable in the short term. However, perhaps a Kickstarter campaign could be set up for developing this or related features? Thank you, |
On 09/05/2017 11:24 AM, Ricardo Iván Vieitez Parra wrote:
Thanks for taking the time to review this. I was afraid that the issue was going to be complicated to resolve. If it indeed is (to some extent, at least) a
firmware issue, as it appears, it is also pretty much impossible to fix without someone with access to the firmware sources.
As for your proposed solution, wouldn't multicast traffic then have to be software encrypted? That seems like a downside, although it's still better than the
current situation.
I understand that this won't be prioritised for fixing, especially if it's a complicated procedure. I also don't think that I'm prepared to sponsor the entire
cost of developing this feature, as acquiring equipment from some other vendor (like Broadcom chipsets) is going to be cheaper and more reliable in the short
term. However, perhaps a Kickstarter campaign <http://www.candelatech.com/ath10k_kickstarter.php> could be set up for developing this or related features?
I got a quite small amount of interest in the last kickstarter, and this feature is probably even more
obscure.
sw-crypt for just a few broadcast frames is likely trivial amount of CPU, but the amount
of work involved is probably multiple weeks of effort, and that is not cheap.
If you have another vendor that provides the needed features, that is probably your
best option at this point.
Thanks,
Ben
…--
Ben Greear <greearb@candelatech.com>
Candela Technologies Inc http://www.candelatech.com
|
Could this possible be related to the WDS (4addr) issue? 4addr mode can't be set, the wlanX.staY doesn't get created nor added to the bridge. Should I open a new issue? |
Yes, if you have more specific details based on more recent software/firmware, please do open a new bug. Let me know what CT FW you are using, platform, etc. And, whether stock driver/firmware has the same issue. |
I’m running LEDE 17.01.2 on an Archer C7 v2 using the ath10k-ct firmware and driver. I have my network setup to use WPA2 with 802.1X authentication and dynamic VLANs. Unfortunately, there seems to be some issue in the GTK setup for this use case, which I’m suspecting is related to the ath10k driver. The issue is at https://bugs.lede-project.org/index.php?do=details&task_id=488, and the discussions at https://lists.infradead.org/pipermail/ath10k/2016-May/007525.html and https://lists.infradead.org/pipermail/ath10k/2016-May/007525.html are most enlightening.
This is what happens:
I am submitting two test log files, using the ath10k (stock, version 2017-01-31) and ath10k-ct (version 2017-01-26), and using the Candela firmware version 10.1-ct-8x-__fW-019-395e9f1, firmware-2-ct-full-community.bin anc firmware-2-ct-full-htt-mgt-community.bin, respectively.
999_ath10k_swmode_if_disabled_hwmode.patch
kmod-ath10k-ct+10.1-ct-8x-__fH-019-395e9f1.log (firmware-2-ct-full-htt-mgt-community.bin)
kmod-ath10k+10.1-ct-8x-__fW-019-395e9f1.txt (firmware-2-ct-full-community.bin)
The text was updated successfully, but these errors were encountered: