> Date: Thu, 23 May 2024 16:27:53 +0200
> From: Stefan Sperling <stsp@stsp.name>
> 
> With the patch below, qwx(4) offloads CCMP and TKIP to hardware.
> The performance benefit is small with 11a/b/g modes but becomes
> significant once 11n/11ac speeds will be enabled eventually.
> 
> Also, there is a firmware bug which prevents reception of broadcast
> and multicast frames when crypto is done in software. This is why
> ARP and IPv6 are kind of broken on qwx right now, and this diff should
> fix these issues on WPA networks at least.
> 
> So far I have only tested CCMP-only (WPA2/AES). In ifconfig such
> networks show up as: wpaciphers cmmp wpagroupcipher ccmp
> 
> There are several other cases which still need to be tested:
> 1) wpaciphers cmmp wpagroupcipher tkip
> 2) wpaprotos wpa1 wpaciphers tkip wpagroupcipher tkip
> 3) WEP  (not sure if anyone ever tested qwx with WEP before?)
> 
> Due to time constraints I would appreciate help with testing the above.
> If you have an OpenBSD hostap then setting up all of these combinations
> can be done with ifconfig. For APs from other vendors the non-CCMP modes
> will usually be called something like "WPA1" or something that is not "AES".
> In any case, ifconfig qwx0 will display the config provided by the AP.

"wpaciphers ccmp wpagroupcipher tkip" works with my athn(4) OpenBSD
access point:

qwx0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4> mtu 1500
        lladdr 00:03:7f:12:60:8f
        index 1 priority 4 llprio 3
        groups: wlan egress
        media: IEEE802.11 autoselect (OFDM48 mode 11a)
        status: active
        ieee80211: join humppa chan 60 bssid 6c:71:d9:cd:39:76 0dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip
        inet 192.168.32.95 netmask 0xffffff00 broadcast 192.168.32.255


I can't get "wpaprotos wpa1 wpaciphers tkip wpagroupcipher tkip" to
work.  But it doesn't work with iwmx(4) either.

Not tried WEP, but I don't think the lack of WEP support should hold
this back.