Return-path: Received: from s3.sipsolutions.net ([5.9.151.49]:34889 "EHLO sipsolutions.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S964843AbbEOSfx (ORCPT ); Fri, 15 May 2015 14:35:53 -0400 Message-ID: <1431714949.2117.0.camel@sipsolutions.net> (sfid-20150515_203617_106073_A7B09F77) Subject: Re: mac80211 drops packet with old IV after rekeying From: Johannes Berg To: Emmanuel Grumbach Cc: linux-wireless Date: Fri, 15 May 2015 20:35:49 +0200 In-Reply-To: (sfid-20150515_095254_231754_1FF752D2) References: <1431674716.2426.2.camel@sipsolutions.net> (sfid-20150515_095254_231754_1FF752D2) Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org List-ID: On Fri, 2015-05-15 at 10:52 +0300, Emmanuel Grumbach wrote: > >> I'd be glad if someone could take a look. If not, I'll have someone > >> from our team to look at it, but I don't know how long it will take... > > > > Without looking too much - it seems to me that this is a fundamental > > problem with PTK rekeying, in that it re-uses the key index that is > > intended to avoid this. > > In this case, the AP is openWRT. I guess the Key idx is chosen in > software, so maybe the proper fix would be to have openWRT increment > the key index when it rekeys? Neither the spec nor the code allow that. johannes