Logs filled by "WEP decryption failed"

Jouni Malinen jkmaline at cc.hut.fi
Sun Apr 4 21:43:06 EDT 2004


On Wed, Mar 24, 2004 at 07:27:50PM -0500, Pavel Roskin wrote:

> If I use hostap with 802.1x and WEP enabled, the kernel log is filled with
> messages like this:
> 
> wifi0: WEP decryption failed (not set) (SA=00:60:1d:f0:e6:27)
> wifi0: WEP decryption failed (not set) (SA=00:02:2d:0d:1a:ac)
> wifi0: WEP decryption failed (not set) (SA=00:02:2d:0d:1a:ac)
> wifi0: WEP decryption failed (not set) (SA=00:60:1d:f0:34:d2)
> 
> If I print frame_control for those frames, it's always 0x4208 (data with
> WEP enabled, from DS).  The data is not sent to our AP and the senders
> have no relationship with the AP.  It's just some encrypted data that we
> are not supposed to see.

These could be multicast frames from another BSS.. Unicast frames should
have been filtered out before, but maybe multicast frames can go that
far in the processing.

> The problem is that such messages fill the kernel log and make it hard to
> find more important messages.

Indeed.. I just commented that printk out from the driver. It is kind of
useful for debugging IEEE 802.1X/WPA, but those frames should just be
dropped silently in most cases.

> The message is printed in hostap_80211_rx() if host_decrypt is enabled.
> Also, hostap does something to enable those messages.  It there any
> legitimate need in that message?  Are we supposed to receive data frames
> from other APs?  Do we need to decrypt them?  Is it a firmware bug?

If the data frames are indeed multicast frames from other BSSes, the
driver should be changed to drop them earlier in the RX path. If they
were unicast frames, I believe the firmware should drop them for us.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list