struct ieee802_1x_kay_peer *peer, *pre_peer;
time_t now = time(NULL);
bool lp_changed;
+ bool key_server_removed;
struct receive_sc *rxsc, *pre_rxsc;
struct transmit_sa *txsa, *pre_txsa;
}
lp_changed = false;
+ key_server_removed = false;
dl_list_for_each_safe(peer, pre_peer, &participant->live_peers,
struct ieee802_1x_kay_peer, list) {
if (now > peer->expire) {
participant, rxsc);
}
}
+ key_server_removed |= peer->is_key_server;
dl_list_del(&peer->list);
os_free(peer);
lp_changed = true;
}
}
+ /* The key server may be removed due to the ingress packets delay.
+ * In this situation, the endpoint of the key server may not be aware
+ * of this participant who has removed the key server from the peer
+ * list. Because the egress traffic is normal, the key server will not
+ * remove this participant from the peer list of the key server. So in
+ * the next MKA message, the key server will not dispatch a new SAK to
+ * this participant. And this participant cannot be aware that that is
+ * a new round of communication so it will not update its MI at
+ * re-adding the key server to its peer list. So we need to update MI
+ * to avoid the failure of the re-establishment MKA session. */
+ if (key_server_removed) {
+ if (!reset_participant_mi(participant))
+ wpa_printf(MSG_WARNING,
+ "KaY: Could not update mi on key server removal");
+ else
+ wpa_printf(MSG_DEBUG,
+ "KaY: Update mi on key server removal");
+ }
+
if (lp_changed) {
if (dl_list_empty(&participant->live_peers)) {
participant->advised_desired = false;
projects / thirdparty / hostap.git / commitdiff
