On Thu, 2017-05-11 at 16:22 -0400, Michael Skeffington wrote: > I am using an rt5350 SoC using the rt2x00 driver. We were doing > WiFi-alliance certification testing on our device and the it wasn't > issuing countermeasures appropriately. > > Your assumption is correct. I had overlooked that devices using this > driver have hardware decoding and the driver sets RX_FLAG_MMIC_ERROR. > In retrospect, the change I proposed is totally broken. > > I'm running through the failure case again so I can identify where in > the rx_decrypt function it falls through. It seems odd that it would > drop the packet in rx_decrypt given that it doesn't actually do any > decryption. I suspect thats related to the underlying bug. Here's the driver code from rt2500usb (but it's similar in the others): rxdesc->flags |= RX_FLAG_MMIC_STRIPPED; if (rxdesc->cipher_status == RX_CRYPTO_SUCCESS) rxdesc->flags |= RX_FLAG_DECRYPTED; else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC) rxdesc->flags |= RX_FLAG_MMIC_ERROR; I think if you just change it to be [...] else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC) rxdesc->flags |= RX_FLAG_MMIC_ERROR | RX_FLAG_DECRYPTED; things will start working. This is arguably correct since to be able to check the MMIC, the frame has to have been decrypted (properly) before. johannes
