Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #404 (new defect)

Opened 16 years ago

Last modified 15 years ago

MLME-Replayfailure problem with wpa_supplicant; with possible workaround

Reported by: Assigned to:
Priority: major Milestone:
Component: madwifi: 802.11 stack Version: trunk
Keywords: MLME-REPLAYFAILURE DHCP dhclient Cc:
Patch is attached: 0 Pending:



I always got this error after (successfully) attaching to my Netgear WGR614v4 router via wpa_supplicant, just when dhclient tried to retrieve an IP:

MLME-REPLAYFAILURE.indication(keyid=1 broadcast addr=ff:ff:ff:ff:ff:ff)

I did not get this with other routers (however, they do not use WPA).

Actually, I do not know what this means. However, I guess this has something to do with the DHCP request. As a quick solution, I have uncommented the replay violation checks in net80211/ieee80211_crypto_tkip.c and ieee80211_crypto_ccmp.c, now it works.

Perhaps this check is too restrictive. Any ideas?

Best regards,

Christian Kohlschütter

Change History

02/19/06 09:39:59 changed by mrenzmann

Can you please explain your configuration more in detail? What version of MadWifi are you using (looks like madwifi-ng, but what revision is it)? What is the distance between AP and the client? Does this problem also occur if you use a fixed IP configuration?

03/08/06 06:35:44 changed by

I can replicate this using a D-Link AirPlus? DWL-G650 and a DLINK XTremeG wireless router using wireless-ng 1467M. once I removed said code, I can connect and get a dhcp response and then get verified network traffic. E-mail me if you need me to do any further testing.

03/24/06 17:37:35 changed by

  • version deleted.

Alright, after doing a lil bit of looking around here, I noticed that there are like 4 or 5 other wireless AP's around here on the same channel I was. I had SSID broadcasting off and was getting tons of Invalid nwid errors. I'm going to try putting said code back into the drivers, now that I'm running on a different channel and am not getting very many nwid errors wnymore and see if that was one of the issues with getting a dhcp response.

04/15/06 02:53:30 changed by

  • version set to trunk.
  • summary changed from MLME-Replayfailure problem with DHCP / dhclient and wpa_supplicant; with possible workaround to MLME-Replayfailure problem with wpa_supplicant; with possible workaround.

I also experience this with a DI-624 + G520, madwifi-ng r1502 (and going back a number of revs), wpa_supplicant 0.4.8.

This started happening sometime in the last several months. Intermittent at first, then worse and worse. Now I'm lucky to get it to work at all.

This problem makes WPA unusable w/ madwifi. I note that this same setup works fine when dual-booting into winxp. I also note it has nothing in particular to do with DHCP (btw, adjusted summary accordingly). It's just that sometimes when the system comes up, it works, and sometimes, not. If you're not lucky, and try to push anything over the link, be it a DHCP request or anything else, you fail.

Wondering if this is false positive on some kind of replay attack, or something more mundane. I'm still fuzzy on what the role of madwifi vs. the supplicant is in implementing WPA, but I get the feeling the problem's inside madwifi. That's less from my hazy grasp of what the code is trying to do and more from experiments.

If I see this problem on startup, I know it will not go away until the router is restarted. Restarting wpa_supplicant dozens of times would never fix it. BTW, restarting the router is not guaranteed to fix it. Sometimes it helps, sometimes not.

If I don't see the problem on startup, it will never manifest.

I can indeed see where you could comment out the test for this condition within wpa_supplicant, however, I'm not sure just disabling the test wouldn't open up a security hole?

Random hunch: something knocked lose in madwifi-ng that causes the sequence counter to miss a beat in some corner case?

06/24/06 17:05:39 changed by anonymous

You've described my symptoms exactly, except where you said "If I don't see the problem on startup, it will never manifest". Madwifi-ng r1545, Netgear WG511T adapter with Atheros 5212 chipset, and some no-name made-in-China AP. This combo works fine booting under Windows 98 (although sometimes I have to give it a kick by pulling the adapter and reinserting it, after which it is fine). Also using WPA there.

In linux, once it starts failing (usually after about half an hour, and assuming I got it working in the first place), it goes into a loop with about 6 of these MLME-REPLAYFAILURE messages (command is "8c02"), deauthentication, and reauthentication. Never recovers from that point.

I don't think it has to do with multiple APs around here; I'm out in the country with few neighbors and my scanner doesn't see another AP, unless I'm mistaken.

The distance of the AP is just above me, on the next floor up. I don't have the ability to change to a fixed IP in this setup.


12/25/06 05:40:57 changed by spacecowboy

i've got the same problem. any news on this??

12/25/06 07:00:44 changed by anonymous

Yeah, there's an interim solution. Tell your friends: boycott Atheros until they document their hardware (without NDA requirements), so there can be a proper GPL driver.

Begging and whining to some vendor and getting nothing for years was a big reason open source happened in the first place... There are alternatives that work with the open source community, so I don't see why you'd support this company.

12/25/06 08:02:10 changed by kelmo

Good one buddy.