PATCH 1/1: AP: Add status/reason codes to PSK mismatch logs
Jouni Malinen
j at w1.fi
Thu Oct 2 13:38:57 PDT 2025
On Fri, Jun 27, 2025 at 07:27:21AM +0000, Nefi Guclu wrote:
> diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
> @@ -1767,9 +1767,13 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
> sta->sae->tmp->
> try_other_password = 1;
> resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
> + wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR " status=%d",
> + MAC2STR(sta->addr), resp);
It feels wrong to report AP-STA-POSSIBLE-PSK-MISMATCH for SAE failures
since SAE uses a password and PSK is quite different. In other words, a
new event message specific to SAE would seem like a better approach for
this.
> resp = WLAN_STATUS_CHALLENGE_FAIL;
> + wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR " status=%d",
> + MAC2STR(sta->addr), resp);
Same here.
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> @@ -3867,7 +3867,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
> LOGGER_DEBUG,
> "invalid MIC in msg 2/4 of 4-Way Handshake");
> if (psk_found)
> - wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
> + sm->disconnect_reason = WLAN_REASON_MICHAEL_MIC_FAILURE;
> + wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr, sm->disconnect_reason);
> goto out;
This is for a 4-way handshake validation which has nothing to do with
TKIP Michael MIC failure, i.e., that disconnect_reason is not for this
case.
> @@ -5360,8 +5361,10 @@ SM_STEP(WPA_PTK)
> LOGGER_DEBUG,
> "PTKSTART: Retry limit %u reached",
> conf->wpa_pairwise_update_count);
> - sm->disconnect_reason =
> - WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT;
> + if (sm->disconnect_reason != WLAN_REASON_MICHAEL_MIC_FAILURE) {
> + sm->disconnect_reason = WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT;
> + wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr, sm->disconnect_reason);
> + }
That WLAN_REASON_MICHAEL_MIC_FAILURE does not belong here either.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list