Return-path: Received: from pool-71-115-156-71.gdrpmi.dsl-w.verizon.net ([71.115.156.71]:53763 "EHLO s0be.servebeer.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752079AbZBZAK0 (ORCPT ); Wed, 25 Feb 2009 19:10:26 -0500 Message-ID: <49A5DDED.1080408@erley.org> (sfid-20090226_011032_103628_F50DCEF8) Date: Wed, 25 Feb 2009 19:10:21 -0500 From: pat-lkml MIME-Version: 1.0 To: Jouni Malinen CC: Jouni Malinen , linux-wireless@vger.kernel.org Subject: Re: ath9k and TKIP hw crypto in AP mode References: <20090224114201.GB21933@jm.kir.nu> <49A40320.1040902@erley.org> <20090224150710.GA1419@jm.kir.nu> <49A41315.3030007@erley.org> <49A45378.50009@erley.org> <20090225181953.GA23880@jm.kir.nu> <49A5D83A.1090602@erley.org> In-Reply-To: <49A5D83A.1090602@erley.org> Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-wireless-owner@vger.kernel.org List-ID: pat-lkml wrote: > Jouni Malinen wrote: >> On Tue, Feb 24, 2009 at 03:07:20PM -0500, pat-lkml wrote: >>> pass phrase. Use nohwcrypt=1, hostapd now works perfectly with wep/wpa/wpa2, while >>> with nohwcrypt=0, I get errors (that I'll need physical access to my computer to >>> debug/log) in wpa only. >> Thanks, I was able to reproduce this and figure out what was happening. >> It looks like I have not tested TKIP in AP mode before (I've been mainly >> testing HT and that does not allow TKIP..). Anyway, the Michael MIC >> TX/RX keys are set incorrectly for the group key which will trigger >> Michael MIC errors on every broadcast frame. >> >> I have more complete cleanup of the key configuration for ath9k in >> progress, but as far as this particular issue is concerned, the >> following change should resolve it. So far, I've only tested this with >> the current hardware revision, but I will test this with older design, >> too, and submit a proper patch later. Anyway, you may want to test this >> as a fix for TKIP in AP mode. >> >> > I had to make some changes to get it to build, am going to test shortly. > > The relevant changes were adding: > > struct ieee80211_vif *vif; > vif = sc->vifs[0]; > > to the 'else' condition, like the if(key->keyidx) condition. That should have read 'below' the else condition. And it appears to be working. I have it set to 10 minute rekeying, so I'll have more success/failure for you then (and am waiting to send this e-mail until then). Well, it rekey'd with no interruption in service. I'd call it a success. Thanks! Pat Erley