mka: Speed up processing of duplicated SCI

Decrease timeout for a peer with duplicated SCI to speed up process in case it is a valid peer after MI change. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
2018-11-02 19:02:19 +01:00 · 2018-11-02 19:02:19 +01:00 · c20cc5833e
commit c20cc5833e
parent c1576d44a8
1 changed files with 7 additions and 0 deletions
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@ -840,8 +840,15 @@ ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
 		peer = ieee802_1x_kay_get_peer_sci(participant,
 						   &body->actor_sci);
 		if (peer) {
+			time_t new_expire;
+
 			wpa_printf(MSG_WARNING,
 				   "KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU");
+			/* Reduce timeout to speed up this process but left the
+			 * chance for old one to prove aliveness. */
+			new_expire = time(NULL) + MKA_HELLO_TIME * 1.5 / 1000;
+			if (peer->expire > new_expire)
+				peer->expire = new_expire;
 			return NULL;
 		}