Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-29 02:38:22 -05:00
Code Issues Projects Releases Wiki Activity

mka: Send MKPDUs forever if mode is PSK

Browse Source 
Issue: When 2 peers are running MACsec in PSK mode with CA
established, if the interface goes down and comes up after
time > 10 seconds, CA does not get re-established.

Root cause: This is because retry_count of both the peers
would have reached MAX_RETRY_CNT and stays idle for other to
respond. This is clear deadlock situation where peer A waits
for MKA packets from peer B to wake up and vice-versa.

Fix: If MACsec is running in PSK mode, we should send MKPDUs
forever for every 2 seconds.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
This commit is contained in:
Badrish Adiga H R 2017-02-07 14:28:31 +05:30 committed by Jouni Malinen
parent 8a303f09a2
commit 37e9f511eb
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/pae/ieee802_1x_kay.c
View File

@ -2428,7 +2428,8 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
participant->new_sak = FALSE; participant->new_sak = FALSE;
} }
if (participant->retry_count < MAX_RETRY_CNT) { if (participant->retry_count < MAX_RETRY_CNT ||
participant->mode == PSK) {
ieee802_1x_participant_send_mkpdu(participant); ieee802_1x_participant_send_mkpdu(participant);
participant->retry_count++; participant->retry_count++;
} }
@ -2828,7 +2829,7 @@ int ieee802_1x_kay_enable_new_info(struct ieee802_1x_kay *kay)
if (!principal) if (!principal)
return -1; return -1;
if (principal->retry_count < MAX_RETRY_CNT) { if (principal->retry_count < MAX_RETRY_CNT || principal->mode == PSK) {
ieee802_1x_participant_send_mkpdu(principal); ieee802_1x_participant_send_mkpdu(principal);
principal->retry_count++; principal->retry_count++;
} }
@ -3368,6 +3369,7 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) + participant->mka_life = MKA_LIFE_TIME / 1000 + time(NULL) +
usecs / 1000000; usecs / 1000000;
} }
participant->mode = mode;
return participant; return participant;

1
src/pae/ieee802_1x_kay_i.h
View File

@ -93,6 +93,7 @@ struct ieee802_1x_mka_participant {
Boolean active; Boolean active;
Boolean participant; Boolean participant;
Boolean retain; Boolean retain;
enum mka_created_mode mode;
enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate; enum { DEFAULT, DISABLED, ON_OPER_UP, ALWAYS } activate;