mka: Fix unexpected cleanup on missing MKA_LIFE_TIME while installing SC/SA

The key server may not include dist sak and use sak in one packet.
Meanwhile, after dist sak, the current participant (non-key server) will
install SC or SA(s) after decoding the dist sak which may take few
seconds in real physical platforms. Meanwhile, the peer expire time is
always initialized at adding the key server to peer list. The gap
between adding the key server to peer list and processing next use sak
packet may exceed the threshold of MKA_LIFE_TIME (6 s). It will cause an
unexpected cleanup (delete SC and SA(s)), so update the expire timeout
at dist sak also.

Signed-off-by: Ze Gan <ganze718@gmail.com>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index c7dcc3039fc765d37ce88407216819a7168306f9..9ce7072d16b74da4b4f52ed82dc1c8783056619f 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -1835,6 +1835,18 @@ ieee802_1x_mka_decode_dist_sak_body(
        kay->rcvd_keys++;
        participant->to_use_sak = true;
 
+       /*
+        * The key server may not include dist sak and use sak in one packet.
+        * Meanwhile, after dist sak, the current participant (non-key server)
+        * will install SC or SA(s) after decoding the dist sak which may take
+        * few seconds in real physical platforms. Meanwhile, the peer expire
+        * time is always initialized at adding the key server to peer list.
+        * The gap between adding the key server to peer list and processing
+        * next use sak packet may exceed the threshold of MKA_LIFE_TIME (6 s).
+        * It will cause an unexpected cleanup (delete SC and SA(s)), so,
+        * update the expire timeout at dist sak also. */
+       peer->expire = time(NULL) + MKA_LIFE_TIME / 1000;
+
        return 0;
 }