aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMike Siedzik <msiedzik@extremenetworks.com>2018-02-20 19:28:45 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:42:25 (GMT)
commit302bbad5ac0df0b96b67ac67244dae9ec2c7b6b9 (patch)
treef72493c3d2257455f9b45c76fd6c7992966b1102 /src
parente4ae284bbaf82c4bf97f49dffb7a8723c1d43a9a (diff)
downloadhostap-302bbad5ac0df0b96b67ac67244dae9ec2c7b6b9.zip
hostap-302bbad5ac0df0b96b67ac67244dae9ec2c7b6b9.tar.gz
hostap-302bbad5ac0df0b96b67ac67244dae9ec2c7b6b9.tar.bz2
mka: Do not update potential peer liveness timer
To prevent a remote peer from getting stuck in a perpetual 'potential peer' state, only update the peer liveness timer 'peer->expire' for live peers and not for potential peers. Per IEEE Std 802.1X-2010, 9.4.3 (Determining liveness), potential peers need to show liveness by including our MI/MN in their transmitted MKPDU (within potential or live parameter sets). When a potential peer does include our MI/MN in an MKPDU, we respond by moving the peer from 'potential_peers' to 'live_peers'. If a potential peer does not include our MI/MN in an MKPDU within MKPDU_LIFE_TIME, let the peer expire to facilitate getting back in sync with the remote peer. Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
Diffstat (limited to 'src')
-rw-r--r--src/pae/ieee802_1x_kay.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index ddffdb2..12bdf4e 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3175,17 +3175,25 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay,
}
} else {
peer->missing_sak_use_count = 0;
+
+ /* Only update live peer watchdog after successful
+ * decode of all parameter sets */
+ peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
}
} else {
/* MKPDU is from new or potential peer */
peer = ieee802_1x_kay_get_peer(participant,
participant->current_peer_id.mi);
- }
+ if (!peer)
+ return -1;
- /* Only update live peer watchdog after successful decode of all
- * parameter sets */
- if (peer)
- peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+ /* Do not update potential peer watchdog. Per IEEE Std
+ * 802.1X-2010, 9.4.3, potential peers need to show liveness by
+ * including our MI/MN in their transmitted MKPDU (within
+ * potential or live parameter sets). Whena potential peer does
+ * include our MI/MN in an MKPDU, we respond by moving the peer
+ * from 'potential_peers' to 'live_peers'. */
+ }
kay->active = TRUE;
participant->retry_count = 0;