mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
mka: Loss of live peers to result in connect PENDING not AUTHENTICATED
When the number of live peers becomes 0 the KaY was setting kay->authenticated true and telling the CP to connect AUTHENTICATED. Per IEEE Std 802.1X-2010 Clause 12.2, MKA.authenticated means "the Key Server has proved mutual authentication but has determined that Controlled Port communication should proceed without the use of MACsec", which means port traffic will be passed in the clear. When the number of live peers becomes 0 the KaY must instead set kay->authenticated false and tell the CP to connect PENDING. Per Clause 12.3 connect PENDING will "prevent connectivity by clearing the controlledPortEnabled parameter." Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>
This commit is contained in:
parent
8fb546d8e6
commit
5762855abd
@ -2399,7 +2399,7 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
|
|||||||
participant->orx = FALSE;
|
participant->orx = FALSE;
|
||||||
participant->is_key_server = FALSE;
|
participant->is_key_server = FALSE;
|
||||||
participant->is_elected = FALSE;
|
participant->is_elected = FALSE;
|
||||||
kay->authenticated = TRUE;
|
kay->authenticated = FALSE;
|
||||||
kay->secured = FALSE;
|
kay->secured = FALSE;
|
||||||
kay->failed = FALSE;
|
kay->failed = FALSE;
|
||||||
kay->ltx_kn = 0;
|
kay->ltx_kn = 0;
|
||||||
@ -2416,7 +2416,7 @@ static void ieee802_1x_participant_timer(void *eloop_ctx, void *timeout_ctx)
|
|||||||
ieee802_1x_delete_transmit_sa(kay, txsa);
|
ieee802_1x_delete_transmit_sa(kay, txsa);
|
||||||
}
|
}
|
||||||
|
|
||||||
ieee802_1x_cp_connect_authenticated(kay->cp);
|
ieee802_1x_cp_connect_pending(kay->cp);
|
||||||
ieee802_1x_cp_sm_step(kay->cp);
|
ieee802_1x_cp_sm_step(kay->cp);
|
||||||
} else {
|
} else {
|
||||||
ieee802_1x_kay_elect_key_server(participant);
|
ieee802_1x_kay_elect_key_server(participant);
|
||||||
|
Loading…
Reference in New Issue
Block a user