On Mon, Jun 10, 2019 at 05:33:43PM +0200, Sebastien Marie wrote: > Hi, > > I am seeing regular "Michael MIC failure" syslog message in my > /var/log/messages. > > Jun 10 16:17:47 clyde /bsd: athn0: Michael MIC failure > Jun 10 16:18:03 clyde /bsd: athn0: Michael MIC failure > Jun 10 16:28:44 clyde /bsd: athn0: Michael MIC failure > Jun 10 16:33:03 clyde /bsd: athn0: Michael MIC failure > Jun 10 16:50:35 clyde /bsd: athn0: Michael MIC failure > Jun 10 16:52:17 clyde /bsd: athn0: Michael MIC failure > Jun 10 17:04:04 clyde last message repeated 2 times > Jun 10 17:26:34 clyde /bsd: athn0: Michael MIC failure > > If I correctly understand the problem, Michael MIC failure is related to > TKIP. But my network doesn't use TKIP but CCMP. > > $ ifconfig athn0 > athn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > lladdr e4:a4:a0:f1:fe:15 > index 5 priority 4 llprio 3 > groups: wlan egress > media: IEEE802.11 autoselect (HT-MCS4 mode 11n) > status: active > ieee80211: nwid GUEST chan 6 bssid dc:08:56:15:be:14 -44dBm wpakey > wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp > inet 192.168.1.107 netmask 0xffffff00 broadcast 192.168.1.255 > > Is it expected ? I did I miss something with Michael MIC failure ? > > Thanks. > -- > Sebastien Marie >
I can't really explain why this is happening, but I can give you some clues. Important thing to keep in mind: athn uses hardware crypto, so this error occurs before our stack even sees the packet. The message gets printed when athn hardware signals michael mic failure during Rx interrupt, see ar5008_rx_process() in sys/dev/ic/ar5008.c which calls ieee80211_michael_mic_failure() which prints this message. Perhaps TKIP decryption is active in hardware even if no TKIP key is installed. In our software implementation, the MIC is checked after decryption so I suppose the hardware would do the same. Looks like someone is sending TKIP encrypted frames and when they get dropped you see this message. The only way to actually see such frames would be another device in monitor mode on the same channel.
