RSN Capabilities field

Chris Zimmermann cbzimmermann
Mon May 15 06:05:37 PDT 2006

I found an issue with hostapd v0.5.3

Currently, hostapd only sets the RSN capabilities field to either set  
or clear Bit 0: Pre-Authentication.  Bit 1: No Pairwise, Bits 2-3:  
PTKSA Replay Counter, and Bits 4-5: GTKSA Replay Counter are all not  
addressed (unless I am missing something).

 From what I have seen PTKSA and GTKSA Replay Counters tend to vary  
based on semiconductor vendor.  This means it should not be a part of  
the /etc/hostapd.conf file.  The driver interface should query the  
driver for these values.  Under the net80211 interface it could be  
covered by doing a get of IEEE80211_IOC_RSNCAPS.  This would need to  
be done before generating the RSN-IE with the call to wpa_gen_wpa_ie().

I worked around this in the following manner:

I added an int rsn_caps field to struct hostapd_bss_config and struct  
wpa_auth_config.  Since ieee802_1x_init() is called before wpa_init 
(), I made the driver_bsd.set_ieee8021x handler, inside  
bsd_configure_wpa(), get the RSN caps, clear or set the preauth bit  
appropriately, and then save that to hapd->conf->rsn_caps.

	v = 0;
	if (get80211param(drv, IEEE80211_IOC_RSNCAPS, &v)) {
		printf("Unable to set RSN capabilities to 0x%x\n", v);
		return -1;
		"%s: got rsn capabilities=0x%x\n", __func__, v);
	if (conf->rsn_preauth) {
	else {
		v &= ((0xFF << 8) | (0xFF & ~RSN_CAP_PREAUTH));
		"%s: setting rsn capabilities=0x%x\n", __func__, v);
	if (set80211param(drv, IEEE80211_IOC_RSNCAPS, v)) {
		printf("Unable to set RSN capabilities to 0x%x\n", v);
		return -1;
	conf->rsn_caps = v;

hostapd_wpa_auth_conf() then stores this value into the struct  
wpa_auth_config along with the rest of the values. Now that the  
proper version of RSN caps is passed around wpa_write_rsn_ie() can  
generate this by changing

	*pos++ = conf->rsn_preauth ? BIT(0) : 0;

to do the following

	*pos++ = conf->rsn_caps;

All of this is predicated upon the vendor driver actually handling  
rsn_caps appropriately, and not just for the preauth bit.


Chris Zimmermann
cbzimmermann at

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Hostap mailing list