Bug 12519 - "CCMP: replay detected:" -- is it a bug?
Summary: "CCMP: replay detected:" -- is it a bug?
Status: CLOSED UNREPRODUCIBLE
Alias: None
Product: Networking
Classification: Unclassified
Component: Wireless (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: John W. Linville
URL:
Keywords:
Depends on:
Blocks: 12398
  Show dependency tree
 
Reported: 2009-01-22 04:10 UTC by Peter Teoh
Modified: 2009-01-29 06:23 UTC (History)
3 users (show)

See Also:
Kernel Version: 2.6.29-rc1
Subsystem:
Regression: Yes
Bisected commit-id:


Attachments

Description Peter Teoh 2009-01-22 04:10:18 UTC
Latest working kernel version:

2.6.28

Earliest failing kernel version:

2.6.29-rc1

Distribution:
Hardware Environment:
Software Environment:
Problem Description:

Not sure if it is a bug:

Got these in my dmesg output:

CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 0000004072f4 received PN 0000004072f2
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 0000004072f4 received PN 0000004072f3
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 00000040774f
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407750
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407751
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407752
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407753
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407754
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407755
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407756
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407757
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 000000407759 received PN 000000407758
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 0000004077e2 received PN 0000004077de
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 0000004077e2 received PN 0000004077df
CCMP: replay detected: STA=00:0e:2e:fe:88:50 previous PN 0000004077e2 received PN 0000004077e0

Steps to reproduce:

most of the time i did not see this since 2.6.29-rc1 was out.....first time.....
Comment 1 John W. Linville 2009-01-22 06:00:45 UTC
Any reason not to believe someone is trying to break your wireless security?  How often do you see these messages?
Comment 2 Johannes Berg 2009-01-22 06:03:05 UTC
Trying to break CCMP would be quite stupid, but I don't remember any changes in this area so I doubt it's a bug on our side.
Comment 3 Johannes Berg 2009-01-22 06:11:37 UTC
Oh, and next time, state which driver you're using! Clearly nothing of interest (i.e. either ipw* or hostap, which are both effectively unmaintained)
Comment 4 Johannes Berg 2009-01-22 06:13:43 UTC
looks like lib80211_ccmp_decrypt doesn't support qos, WONTFIX, I guess, should disable QoS in ipw* then, maybe?
Comment 5 Peter Teoh 2009-01-22 06:33:03 UTC
not sure what info is needed:

lsmod |grep ipw
ipw2200               131916  0 
libipw                 27268  1 ipw2200
lib80211                9348  3 lib80211_crypt_ccmp,ipw2200,libipw

CONFIG_IPW2200_QOS=y
CONFIG_BRIDGE_EBT_802_3=m
CONFIG_VLAN_8021Q=m
CONFIG_CFG80211=m
CONFIG_NL80211=y
CONFIG_LIB80211=m
CONFIG_LIB80211_CRYPT_WEP=m
CONFIG_LIB80211_CRYPT_CCMP=m
CONFIG_LIB80211_CRYPT_TKIP=m
CONFIG_MAC80211=m
CONFIG_MAC80211_RC_MINSTREL=y
CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y
CONFIG_MAC80211_RC_DEFAULT="minstrel"
CONFIG_MAC80211_LEDS=y
CONFIG_MAC80211_DEBUG_MENU=y
CONFIG_MAC80211_NOINLINE=y
CONFIG_MAC80211_VERBOSE_DEBUG=y
CONFIG_WLAN_PRE80211=y
CONFIG_WLAN_80211=y

if u suspect someone is trying to breakk my wireless security.....can u suspect a method to test this suspicion?   i mean, when tcpdumping the traffic - how do you filter off those specific packets that which will ultimately end up generating the CCMP messages?

Thanks you for your help.
Comment 6 John W. Linville 2009-01-22 12:16:03 UTC
OK, some code got moved and that message went from being turned-off to turned-on.  I wouldn't worry about it for now.  I'll see if I can make it disappear for you...
Comment 7 Andrew Morton 2009-01-27 16:06:14 UTC
I marked this as a post-2.6.28 regression so Rafael gets to bug you ;)
Comment 8 Peter Teoh 2009-01-28 21:56:32 UTC
Thank you Andrew, and everyone else.   I don't have access to the same hardware anymore, which did gave a consistent behavior over many attempts over a few reboots.   Now the same version of OS is not able to replicate the same behavior anymore, as I don't have access to that particular wireless router anymore.

So sorry, this can be close.

Note You need to log in before you can comment on or make changes to this bug.