[Ieee80211-devel] CCMP decrypt errors

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi, 

[not sure if this is the right list to post to, but I didn't find a -user 
list for ieee80211] 

With the latest version of ieee80211 (and previous versions), I'm getting 
lots of CCMP decrypt errors when broadcast arps or spanning tree messages 
are sent over the link. Unicast traffic works fine. Switching to TKIP 
doesn't help (same errors messages, just TKIP instead of CCMP) 

The error messages look like: 

CCMP: decrypt failed: STA=00:0f:b5:61:08:14
(the mac address is that of the wireless interface on the access point) 

How to reproduce:
from a wired client on the same ethernet segment, after making sure the arp 
table does not contain the wireless client's mac address, ping the wireless 
client. A broadcast arp request gets sent over the wired link and is bridged 
onto the wireless link. Wireless client never receives the decrypted arp 
request and logs a "CCMP: decrypt failed..." message. 

Given that the wireless interface on the access point is in bridged mode, 
there are also stp "hello" bridge messages being sent over the wireless 
link. These produce the same errors, and are not received by the wireless 
client. 

I have posted to the ipw2200 and the hostapd lists, which didn't come up 
with anything. 

Here are some details about my setup : (Probably most of these are 
irrelevant, but included for the sake of completeness) 

Client: 

linux 2.6.17.13, ipw2200 1.1.4mprq, wpa_supplicant 0.4.8, ieee80211 1.2.15 

wpa_supplicant.conf: 

network={
        ssid="AdrenaLan"
        proto=RSN
        key_mgmt=WPA-EAP
        eap=TLS
        identity="asana.adrena.lan"
        ca_cert="/etc/certs/cacert.pem"
        client_cert="/etc/certs/clientcert.pem"
        private_key="/etc/certs/clientkey.pem"
        private_key_passwd="REMOVED"
} 

access point: 

linux 2.6.12.6, hostapd 0.5.4, madwifi 0.9.1, freeradius 1.0.2
this is a via epia box, everything is compiled with "-march=c3 -Os"
wireless interface is an atheros b/g card, bridged with a wired interface. 

hostapd.conf: 

interface=ath0
bridge=br0
driver=madwifi
logger_syslog=-1
logger_syslog_level=1
logger_stdout=-1
logger_stdout_level=2
debug=0
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=AdrenaLan
macaddr_acl=0
accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny
ieee8021x=1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=REMOVED
wpa=3
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
wpa_group_rekey=600
wpa_gmk_rekey=86400 

Thanks, 

Mike