mka: Disable peer detection timeout for PSK mode

The first peer may take a long time to come up. In PSK mode we are
basically in a p2p system, and we cannot know when a peer will join the
key exchange. Wait indefinitely, and let the administrator decide if
they want to abort.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 2841b108b50e08348292975ece7ff5fdccae6018..19b2c2f5b10c8114c606c2ca1ac8378c71667025 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3339,8 +3339,16 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
        usecs = os_random() % (MKA_HELLO_TIME * 1000);
        eloop_register_timeout(0, usecs, ieee802_1x_participant_timer,
                               participant, NULL);
-       participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
-               usecs / 1000000;
+
+       /* Disable MKA lifetime for PSK mode.
+        * The peer(s) can take a long time to come up, because we
+        * create a "standby" MKA, and we need it to remain live until
+        * some peer appears.
+        */
+       if (mode != PSK) {
+               participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
+                       usecs / 1000000;
+       }
 
        return participant;