From cee079da5b56d85e923e1c2bf312b8dcc83b126c Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Wed, 27 Aug 2025 05:54:57 -0700 Subject: [PATCH] handshake: use vendor quirk to disable check of replay counters This has been a long standing issue on Aruba APs where the scan IEs differ from the IEs received during FT. For compatibility we have been carrying a patch to disable the replay counter check but this isn't something that was ever acceptable for upstream. Now with the addition of vendor quirks this check can be disabled only for the OUI of Aruba APs. Reported-by: Michael Johnson Co-authored-by: Michael Johnson < --- src/handshake.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/handshake.c b/src/handshake.c index 02dfe2d8..ef1a8220 100644 --- a/src/handshake.c +++ b/src/handshake.c @@ -914,11 +914,15 @@ bool handshake_util_ap_ie_matches(struct handshake_state *s, if (msg_info->no_pairwise != scan_info.no_pairwise) return false; - if (msg_info->ptksa_replay_counter != scan_info.ptksa_replay_counter) - return false; + if (!(s->vendor_quirks.replay_counter_mismatch)) { + if (msg_info->ptksa_replay_counter != + scan_info.ptksa_replay_counter) + return false; - if (msg_info->gtksa_replay_counter != scan_info.gtksa_replay_counter) - return false; + if (msg_info->gtksa_replay_counter != + scan_info.gtksa_replay_counter) + return false; + } if (msg_info->mfpr != scan_info.mfpr) return false;