Bug 558 – syslog getting spammed with 'decryption failed' messages

Bug 558 - syslog getting spammed with 'decryption failed' messages

Summary:

syslog getting spammed with 'decryption failed' messages

Status:	VERIFIED FIXED

Product:	IPW2100
Component:	WEP
Version:	1.0.3
Platform:	IBM All

Importance:	P2 normal
Assigned To:	James Ketrenos
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-01-31 14:43 by Randy
Modified:	2005-10-06 15:25 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Randy 2005-01-31 14:43:19

I work in a production environment with heavy wireless utilization on a
RF-centric team.  Our work networks often are running QVLAN and there are many
(15+) visible networks and 1-2 dozen users visible at any given time.  As such,
my kernel and syslog are constantly getting spammed with the following messages
(MAC changed):

eth0: decryption failed (SA=00:DE:AD:BE:EF:00) res=-2
eth0: WEP decryption failed ICV mismatch (key 0)

Is there any way a flag can be added to filter out 'decryption failed' messages?
 The great majority of packets I'm going to be getting won't be destined for me
or even my WEP/SSID, and I'd like to have my dmesg and syslog back... ;-)

------- Comment #1 From James Ketrenos 2005-01-31 17:38:13 -------

I assume you changed the MAC of the source address to 00DEADBEEF00.  That said,
the device /should/ already be filtering all packets not destined to your
station and should only be attempting to decrypt packets intended for you.  

Turning up the debug level for IEEE80211 to do a dump of Tx output should
provide the full SA and DA of the packets; it might be interesting to see if the
packets being dropped are being incorrectly filtered.

For now, you can configure your syslog facility to disregard KERN_DEBUG level
messages if you want to drop the messages.  We'll look at switching it to use
one of the IEEE80211 subsystem's debug message utilities long term.

------- Comment #2 From Randy 2005-01-31 18:56:29 -------

That works for me; I would like to re-include KERN_DEBUG someday, but it's an
acceptable workaround for the time being.  

I'll examine some greater debuging output to make sure there isn't anything
untoward; should be able to complete that in a couple of days (can't re-direct
too much work!)

------- Comment #3 From James Ketrenos 2005-02-28 13:35:09 -------

Fixed in 1.0.5 (changed to IEEE80211_DEBUG_DROP)

------- Comment #4 From Xiong Crystal 2005-03-02 01:48:30 -------

**** Comments from Randy ****
I've been running 1.0.5 for a bit now, removed the log 
filtering, and haven't seen any messages.  Looks to be good to go - thanks!
*****************************

Mark the bug as verified.