git.ipfire.org Git - thirdparty/hostap.git/commit

author	Mike Siedzik <msiedzik@extremenetworks.com>
	Tue, 20 Feb 2018 19:28:38 +0000 (14:28 -0500)
committer	Jouni Malinen <j@w1.fi>
	Wed, 26 Dec 2018 14:42:25 +0000 (16:42 +0200)
commit	d9a0a72229cd71553be69dd76e7bf4560f2be05e
tree	4ce03449c0838caf24bb53e5844c06272c5f82e5	tree \| snapshot
parent	5864545492b7f35c0d74a19494e987538be92501	commit \| diff

mka: Fix MKPDU SAK Use Body's Delay Protect bit setting

Delay Protect and Replay Protect are two separate and distinct features
of MKA. Per IEEE Std 802.1X-2010, 9.10.1 "Delay Protect, TRUE if LPNs
are being reported sufficiently frequently to allow the recipient to
provide data delay protection. If FALSE, the LPN can be reported as
zero", and per 9.10 "NOTE--Enforcement of bounded received delay
necessitates transmission of MKPDUs at frequent (0.5 s) intervals, to
meet a maximum data delay of 2 s while minimizing connectivity
interruption due to the possibility of lost or delayed MKPDUs."

This means struct ieee802_1x_mka_sak_use_body::delay_protect should only
be set TRUE when MKPDUs are being transmitted every 0.5 s (or faster).
By default the KaY sends MKPDUs every MKA_HELLO_TIME (2.0 s), so by
default delay_protect should be FALSE.

Add a new 'u32 mka_hello_time' parameter to struct ieee802_1x_kay. If
delay protection is desired, the KaY initialization code should set
kay->mka_hello_time to MKA_BOUNDED_HELLO_TIME (500 ms).

Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>

src/pae/ieee802_1x_kay.c		diff \| blob \| blame \| history
src/pae/ieee802_1x_kay.h		diff \| blob \| blame \| history