Make qwx(4) offload TKIP and CCMP crypto to hardware.
This reduces CPU load during interrupts, but more importantly works
around an apparent firmware bug where incoming encrypted broadcast
and multicast frames are dropped by firmware if the hardware crypto
engine is unused. (This problem also affects Linux ath11k upstream.)
Offloading CCMP to hardware hence fixes ARP and IPv6 multicast with WPA2.
However, there are known issues with WPA1 and WEP:
While the WPA1 pairwise handshake succeeds, the TKIP group key handshake
fails for unknown reasons, resulting in association failure.
WEP is broken because software crypto is skipped entirely when the driver
uses the "native wifi" frame mode. This results in all packets being sent
in plaintext while WEP is active. In the future, we should be able to fix
this by offloading WEP to hardware as well, or by setting the frame mode
back to "raw" if WEP is used.
If the TKIP/WEP issues affect you badly then take this as an opportunity
to upgrade the access point to WPA2/AES where possible.
Tested by kettenis, kevlo, and myself.
ok kevlo@
projects / openbsd / commit