Message ID | 20180302201103.16264-16-msiedzik@extremenetworks.com |
---|---|
State | Accepted |
Headers | show |
Series | MKA bugfixes and enhancements | expand |
On Fri, Mar 02, 2018 at 03:11:03PM -0500, msiedzik@extremenetworks.com wrote: > To prevent a remote peer from getting stuck in a perpetual 'potential > peer' state, only update the peer liveness timer 'peer->expire' for live > peers and not for potential peers. > > Per IEEE802.1X-2010 9.4.3 Determining liveness, potential peers need to > show liveness by including our MI/MN in their transmitted MKPDU (within > potential or live parameter sets). > > When a potential peer does include our MI/MN in an MKPDU, we respond by > moving the peer from 'potential_peers' to 'live_peers'. > > If a potential peer does not include our MI/MN in an MKPDU within > MKPDU_LIFE_TIME, then let the peer expire to facilitate getting back in > sync with the remote peer. Thanks, applied.
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 4323b6dc0..6ac7d02d1 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -3180,14 +3180,21 @@ static int ieee802_1x_kay_decode_mkpdu(struct ieee802_1x_kay *kay, } else { peer->missing_sak_use_count = 0; } + + /* Only update live peer watchdog after successful decode of all parameter sets */ + peer->expire = time(NULL) + MKA_LIFE_TIME / 1000; } else { /* MKPDU is from new or potential peer */ peer = ieee802_1x_kay_get_peer(participant, participant->current_peer_id.mi); - } + if (!peer) + return -1; - /* Only update live peer watchdog after successful decode of all parameter sets */ - if (peer) - peer->expire = time(NULL) + MKA_LIFE_TIME / 1000; + /* Do not update potential peer watchdog. Per IEEE802.1X-2010 9.4.3, + * potential peers need to show liveness by including our MI/MN in their + * transmitted MKPDU (within potential or live parameter sets). When + * a potential peer does include our MI/MN in an MKPDU, we respond by + * moving the peer from 'potential_peers' to 'live_peers'. */ + } kay->active = TRUE; participant->retry_count = 0;