hostapd: rsn replay counters issue

Jouni Malinen j at w1.fi
Wed Feb 29 18:02:16 EST 2012


On Wed, Feb 29, 2012 at 10:23:02AM -0800, Dmitry Shmidt wrote:
> According to the src/ap/wpa_auth_ie.c code:
> Setting 16 rsn replay counters depends on if WMM mode was set.
> 
> int wpa_write_rsn_ie()
> {
> ...
>         if (conf->wmm_enabled) {
> 		/* 4 PTKSA replay counters when using WMM */
> 		capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
> 	}
> ...
> }
> 
> However, if I don't want for my hostap to support WMM, it breaks ability to use
> WPA/WPA2 security.

Why would that break WPA/WPA2 security? If you do not enable WMM/QoS,
you don't need 16 replay counters..

Or are you running to an issue where the driver/firmware ends up
generating different WPA/RSN IE for Beacon/Probe Response and supplicant
rejects that due to mismatch in IEs? That has been somewhat of a common
bug with multiple drivers where the IEs do not get synchronized properly
between the driver and hostapd.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list