mka: Fix unexpected cleanup on missing MKA_LIFE_TIME while installing SC/SA
The key server may not include dist sak and use sak in one packet. Meanwhile, after dist sak, the current participant (non-key server) will install SC or SA(s) after decoding the dist sak which may take few seconds in real physical platforms. Meanwhile, the peer expire time is always initialized at adding the key server to peer list. The gap between adding the key server to peer list and processing next use sak packet may exceed the threshold of MKA_LIFE_TIME (6 s). It will cause an unexpected cleanup (delete SC and SA(s)), so update the expire timeout at dist sak also. Signed-off-by: Ze Gan <ganze718@gmail.com>
This commit is contained in:
Ze Gan
Jouni Malinen
parent
c84388ee4c
commit
61f0e19b86
1 changed files with 12 additions and 0 deletions
|
|
@ -1835,6 +1835,18 @@ ieee802_1x_mka_decode_dist_sak_body(
|
||||||
kay->rcvd_keys++;
|
kay->rcvd_keys++;
|
||||||
participant->to_use_sak = true;
|
participant->to_use_sak = true;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* The key server may not include dist sak and use sak in one packet.
|
||||||
|
* Meanwhile, after dist sak, the current participant (non-key server)
|
||||||
|
* will install SC or SA(s) after decoding the dist sak which may take
|
||||||
|
* few seconds in real physical platforms. Meanwhile, the peer expire
|
||||||
|
* time is always initialized at adding the key server to peer list.
|
||||||
|
* The gap between adding the key server to peer list and processing
|
||||||
|
* next use sak packet may exceed the threshold of MKA_LIFE_TIME (6 s).
|
||||||
|
* It will cause an unexpected cleanup (delete SC and SA(s)), so,
|
||||||
|
* update the expire timeout at dist sak also. */
|
||||||
|
peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue