[patch] wpa: ignore Michael MIC failure reports in CCMP-only mode

Andriy Tkachuk andriy.v.tkachuk
Tue Oct 4 07:50:04 PDT 2011


Hi,

some dummy STAs (like Axis camera) may send such reports when AP is
working on CCMP-only mode. I propose to just ignore such reports:

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e63ee90..a5eafcb 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1019,9 +1019,15 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
 			wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
 					"received EAPOL-Key Error Request "
 					"(STA detected Michael MIC failure)");
-			wpa_auth_mic_failure_report(wpa_auth, sm->addr);
-			sm->dot11RSNAStatsTKIPRemoteMICFailures++;
-			wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
+			if (wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
+				wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
+					"Cipher is not TKIP - "
+					"countermeasures won't start");
+			} else {
+				wpa_auth_mic_failure_report(wpa_auth, sm->addr);
+				sm->dot11RSNAStatsTKIPRemoteMICFailures++;
+				wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
+			}
 			/* Error report is not a request for a new key
 			 * handshake, but since Authenticator may do it, let's
 			 * change the keys now anyway. */


Regards,
  Andriy



More information about the Hostap mailing list