mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-02-18 01:53:06 -05:00
d9a0a72229
Delay Protect and Replay Protect are two separate and distinct features of MKA. Per IEEE Std 802.1X-2010, 9.10.1 "Delay Protect, TRUE if LPNs are being reported sufficiently frequently to allow the recipient to provide data delay protection. If FALSE, the LPN can be reported as zero", and per 9.10 "NOTE--Enforcement of bounded received delay necessitates transmission of MKPDUs at frequent (0.5 s) intervals, to meet a maximum data delay of 2 s while minimizing connectivity interruption due to the possibility of lost or delayed MKPDUs." This means struct ieee802_1x_mka_sak_use_body::delay_protect should only be set TRUE when MKPDUs are being transmitted every 0.5 s (or faster). By default the KaY sends MKPDUs every MKA_HELLO_TIME (2.0 s), so by default delay_protect should be FALSE. Add a new 'u32 mka_hello_time' parameter to struct ieee802_1x_kay. If delay protection is desired, the KaY initialization code should set kay->mka_hello_time to MKA_BOUNDED_HELLO_TIME (500 ms). Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com>