[patch] wpa: ignore Michael MIC failure reports in CCMP-only mode
Jouni Malinen
j
Wed Oct 5 11:42:36 PDT 2011
On Tue, Oct 04, 2011 at 05:50:04PM +0300, Andriy Tkachuk wrote:
> some dummy STAs (like Axis camera) may send such reports when AP is
> working on CCMP-only mode. I propose to just ignore such reports:
I agree with skipping TKIP counter measures if the error report is for a
key that is for something else than TKIP. However, the patch does not
seem to be doing this correctly.
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> @@ -1019,9 +1019,15 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
> wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
> "received EAPOL-Key Error Request "
> "(STA detected Michael MIC failure)");
> - wpa_auth_mic_failure_report(wpa_auth, sm->addr);
> - sm->dot11RSNAStatsTKIPRemoteMICFailures++;
> - wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
> + if (wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
The report can be either for pairwise or group cipher. As such, checking
wpa_group != WPA_CIPHER_TKIP here does not look correct. This needs to
be conditional on whether the WPA_KEY_INFO_KEY_TYPE field is set in key
info (if it is, error is for the pairwise cipher and sm->pairwise would
need to be used instead of wpa_group).
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list