From: Mark Kettenis Subject: Re: qwx(4) crypto offloading To: Stefan Sperling Cc: tech@openbsd.org Date: Thu, 23 May 2024 20:23:32 +0200 > Date: Thu, 23 May 2024 16:27:53 +0200 > From: Stefan Sperling > > With the patch below, qwx(4) offloads CCMP and TKIP to hardware. > The performance benefit is small with 11a/b/g modes but becomes > significant once 11n/11ac speeds will be enabled eventually. > > Also, there is a firmware bug which prevents reception of broadcast > and multicast frames when crypto is done in software. This is why > ARP and IPv6 are kind of broken on qwx right now, and this diff should > fix these issues on WPA networks at least. > > So far I have only tested CCMP-only (WPA2/AES). In ifconfig such > networks show up as: wpaciphers cmmp wpagroupcipher ccmp > > There are several other cases which still need to be tested: > 1) wpaciphers cmmp wpagroupcipher tkip > 2) wpaprotos wpa1 wpaciphers tkip wpagroupcipher tkip > 3) WEP (not sure if anyone ever tested qwx with WEP before?) > > Due to time constraints I would appreciate help with testing the above. > If you have an OpenBSD hostap then setting up all of these combinations > can be done with ifconfig. For APs from other vendors the non-CCMP modes > will usually be called something like "WPA1" or something that is not "AES". > In any case, ifconfig qwx0 will display the config provided by the AP. "wpaciphers ccmp wpagroupcipher tkip" works with my athn(4) OpenBSD access point: qwx0: flags=808843 mtu 1500 lladdr 00:03:7f:12:60:8f index 1 priority 4 llprio 3 groups: wlan egress media: IEEE802.11 autoselect (OFDM48 mode 11a) status: active ieee80211: join humppa chan 60 bssid 6c:71:d9:cd:39:76 0dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip inet 192.168.32.95 netmask 0xffffff00 broadcast 192.168.32.255 I can't get "wpaprotos wpa1 wpaciphers tkip wpagroupcipher tkip" to work. But it doesn't work with iwmx(4) either. Not tried WEP, but I don't think the lack of WEP support should hold this back.