From: Johannes Berg <johannes@sipsolutions.net>
To: Larry Finger <larry.finger@lwfinger.net>
Cc: John Linville <linville@tuxdriver.com>, linux-wireless@vger.kernel.org
Subject: Re: [PATCH V3] mac80211: Turn off meaningless TKIP message when software WEP encryption is used
Date: Fri, 17 Aug 2007 00:32:25 +0200 [thread overview]
Message-ID: <1187303546.23489.74.camel@johannes.berg> (raw)
In-Reply-To: <46C2FCAB.6090607@lwfinger.net>
[-- Attachment #1: Type: text/plain, Size: 1344 bytes --]
On Wed, 2007-08-15 at 08:16 -0500, Larry Finger wrote:
> > Thing is, it looks as though all frames that trigger the message are
> > dropped, and I'm fairly certain we don't actually want that.
Looks like I was right. This is really strange, and it plays into the RX
key selection that Volker also complained about.
I've tested this with my network, which is using CCMP for pairwise and
TKIP for group keys, and I started getting the same message as you had
but with "CCMP failed" instead of "TKIP failed". Adding all the
addresses to the debug output got me:
CCMP decrypt failed for RX frame from 00:15:f2:3d:63:97 to 33:33:00:00:00:02
Note how it's sending to that IPv6 multicast address but trying to
decrypt with CCMP although I have TKIP GTK keys. And as expected, I see
*no* multicast traffic on wlan0.
The problem obviously is key selection:
if (rx->sta && rx->sta->key)
use rx->sta->key
well, duh, that's obviously wrong since we have a pairwise (sta) key for
the AP, but it's sending us a multicast frame.
I've been thinking about revamping key selection, I guess this is
something to really look into now... Anyhow, this confirms that the
patch is wrong, it suppresses messages that we failed to decrypt frames
that we should be seeing, in this case multicast and broadcast frames.
johannes
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 190 bytes --]
prev parent reply other threads:[~2007-08-17 10:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-13 22:13 [PATCH V3] mac80211: Turn off meaningless TKIP message when software WEP encryption is used Larry Finger
2007-08-13 22:54 ` Ivo van Doorn
2007-08-13 23:13 ` Larry Finger
2007-08-13 23:58 ` Michael Wu
2007-08-14 0:24 ` Larry Finger
2007-08-20 17:55 ` Ivo van Doorn
2007-08-21 10:17 ` Johannes Berg
2007-08-15 0:16 ` Johannes Berg
2007-08-15 13:16 ` Larry Finger
2007-08-15 13:30 ` Johannes Berg
2007-08-16 22:32 ` Johannes Berg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1187303546.23489.74.camel@johannes.berg \
--to=johannes@sipsolutions.net \
--cc=larry.finger@lwfinger.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).