[patch] wpa: ignore Michael MIC failure reports in CCMP-only mode
Andriy Tkachuk
andriy.v.tkachuk at globallogic.com
Thu Oct 6 05:09:59 EDT 2011
Hi Jouni,
I just check configuration - if we configured to CCMP-only mode (in
this case group cipher can not be TKIP). Of course, there is alway
place for improvements, especially in this case.
Thank you,
Andriy
On 5 October 2011 21:42, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Oct 04, 2011 at 05:50:04PM +0300, Andriy Tkachuk wrote:
>> some dummy STAs (like Axis camera) may send such reports when AP is
>> working on CCMP-only mode. I propose to just ignore such reports:
>
> I agree with skipping TKIP counter measures if the error report is for a
> key that is for something else than TKIP. However, the patch does not
> seem to be doing this correctly.
>
>> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
>> @@ -1019,9 +1019,15 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
>> wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
>> "received EAPOL-Key Error Request "
>> "(STA detected Michael MIC failure)");
>> - wpa_auth_mic_failure_report(wpa_auth, sm->addr);
>> - sm->dot11RSNAStatsTKIPRemoteMICFailures++;
>> - wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
>> + if (wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
>
> The report can be either for pairwise or group cipher. As such, checking
> wpa_group != WPA_CIPHER_TKIP here does not look correct. This needs to
> be conditional on whether the WPA_KEY_INFO_KEY_TYPE field is set in key
> info (if it is, error is for the pairwise cipher and sm->pairwise would
> need to be used instead of wpa_group).
>
> --
> Jouni Malinen PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
More information about the HostAP
mailing list