wpa_supplicant: WPA: EAPOL-Key Replay Counter did not increase - dropping packet

Bryan Kadzban bryan
Fri Feb 3 10:11:14 PST 2006

On Fri, Feb 03, 2006 at 05:39:32PM +0100, Vidar Normann wrote:
> WPA: EAPOL-Key Replay Counter did not increase - dropping packet

I saw this on Windows using the ndis driver backend (not ndiswrapper),
when the AP was reset.

The problem was that wpa_supplicant wasn't getting notified of the new
association event, so it didn't clear out its local replay counter, so
the EAPOL-Key frames got ignored.  The fix was to run ndis_events, so
that wpa_supplicant received the association event information.

ndis_events has been integrated into wpa_supplicant as of version 0.5.0
on Windows, so that won't be your issue if you're running a newer
version.  And I don't know whether it was an issue or not when running
the ndiswrapper driver; I suspect not, since Linux doesn't have WMI and
therefore ndis_events can't possibly work.

Stuff to check, though:

1) What happens just before this failing 4-way handshake?  The debug log
would be helpful here.

2) If you run wpa_supplicant in debug mode, do you see an ASSOCINFO
event before the 4-way handshake whose frames are getting dropped?  If
the 4-way handshake is happening because of a (re)association, then you
should.  This event is what clears wpa_supplicant's idea of the current
replay counter value.

3) How many successful 4-way handshakes happen (in total) before the
failing one?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20060203/a71b9857/attachment.pgp 

More information about the Hostap mailing list