hostapd: rsn replay counters issue

Dmitry Shmidt dimitrysh
Wed Feb 29 16:19:47 PST 2012


On Wed, Feb 29, 2012 at 3:02 PM, Jouni Malinen <j at w1.fi> wrote:
> On Wed, Feb 29, 2012 at 10:23:02AM -0800, Dmitry Shmidt wrote:
>> According to the src/ap/wpa_auth_ie.c code:
>> Setting 16 rsn replay counters depends on if WMM mode was set.
>>
>> int wpa_write_rsn_ie()
>> {
>> ...
>> ? ? ? ? if (conf->wmm_enabled) {
>> ? ? ? ? ? ? ? /* 4 PTKSA replay counters when using WMM */
>> ? ? ? ? ? ? ? capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
>> ? ? ? }
>> ...
>> }
>>
>> However, if I don't want for my hostap to support WMM, it breaks ability to use
>> WPA/WPA2 security.
>
> Why would that break WPA/WPA2 security? If you do not enable WMM/QoS,
> you don't need 16 replay counters..
>
> Or are you running to an issue where the driver/firmware ends up
> generating different WPA/RSN IE for Beacon/Probe Response and supplicant
> rejects that due to mismatch in IEs? That has been somewhat of a common
> bug with multiple drivers where the IEs do not get synchronized properly
> between the driver and hostapd.

Thanks ! This is what I suspected.

>
> --
> Jouni Malinen ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap



More information about the Hostap mailing list