The problem was that when the AP interface with BIGTK set received
beacons with MMIE from other BSSes, it tried to verify the MIC using its
BIGTK, which must fail and be notified to the upper layer by
cfg80211_rx_unprot_mlme_mgmt().
The solution is to prevent the AP interface from getting BIGTK in
the RX path, as the AP should only use the BIGTK to calculate the
beacon's MIC value.
Signed-off-by: Michael-CY Lee <michael-cy.lee@xxxxxxxxxxxx>
Reviewed-by: Money Wang <money.wang@xxxxxxxxxxxx>
---
net/mac80211/rx.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 7671fd39a60e..f2d63a7cc642 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1888,6 +1888,10 @@ ieee80211_rx_get_bigtk(struct ieee80211_rx_data *rx, int idx)
* index (i.e., a key that we do not have).
*/
+ /* AP interface sould not use BIGTK to decrypt */
+ if (rx->sdata->vif.type == NL80211_IFTYPE_AP)
+ return NULL;
+
if (idx < 0) {
idx = NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS;
idx2 = idx + 1;
--
2.25.1
