[PATCH] Beacon protection with MBSSID: Fix getting correct pn for bigtk
Jouni Malinen
j at w1.fi
Sat Jan 24 09:05:19 PST 2026
On Thu, Jan 15, 2026 at 10:18:28AM +0000, Nikita Chernikov wrote:
> When STA is connecting to a MBSSID non-TX BSS, pn for bigtk is requested from a non beaconing BSS,
> when it should be requested for the TX BSS in MBSSID.
> This is due to pn is requested from original auth when it should be requested from the tx_bss_auth
> which exists and replaced in case of MBSSID.
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> @@ -4211,7 +4211,7 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
> - wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, rsc) < 0)
> + wpa_auth_get_seqnum(wpa_auth, NULL, gsm->GN_bigtk, rsc) < 0)
Thanks for sending this. I happened to have another pending patch that
had the exact same change, so the change itself is now in hostap.git
even though I did not apply this specific patch.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list