[patch] wpa: ignore Michael MIC failure reports in CCMP-only mode
Andriy Tkachuk
andriy.v.tkachuk
Tue Oct 4 07:50:04 PDT 2011
Hi,
some dummy STAs (like Axis camera) may send such reports when AP is
working on CCMP-only mode. I propose to just ignore such reports:
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index e63ee90..a5eafcb 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1019,9 +1019,15 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Error Request "
"(STA detected Michael MIC failure)");
- wpa_auth_mic_failure_report(wpa_auth, sm->addr);
- sm->dot11RSNAStatsTKIPRemoteMICFailures++;
- wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
+ if (wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
+ wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
+ "Cipher is not TKIP - "
+ "countermeasures won't start");
+ } else {
+ wpa_auth_mic_failure_report(wpa_auth, sm->addr);
+ sm->dot11RSNAStatsTKIPRemoteMICFailures++;
+ wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
+ }
/* Error report is not a request for a new key
* handshake, but since Authenticator may do it, let's
* change the keys now anyway. */
Regards,
Andriy
More information about the Hostap
mailing list