[PATCH] mka: Some bug fixes for MACsec in PSK mode
Jouni Malinen
j at w1.fi
Mon Feb 6 12:57:36 PST 2017
On Fri, Jan 06, 2017 at 03:27:10PM +0530, Badrish Adiga H R wrote:
> Issue:
> ------
> The test setup has 2 peers running MACsec in PSK mode, Peer A with
> MAC address higher than MAC Address of peer B. Test sequence is
> 1. Peer B starts with actor_priority 255
> 2. Peer A starts with priority 16, becomes key server.
> 3. Peer A stops..
> 4. Peer A restarts with priority 255, but because of the stale values
> participant->is_key_server(=TRUE) and participant->is_elected(=TRUE)
> it continues to remain as Key Server.
> 5. For peer B, key server election happens and since it has lower MAC
> address as compared to MAC address of A, it becomes the key server.
> Now we have 2 key servers in CA and is not correct.
>
> Root-cause & fix:
> -----------------
> When number of live peers become 0, the flags such lrx, ltx, orx,
> otx etc. needs to be cleared. In MACsec PSK mode, these stale values
> create problems, while re-establishing CA...
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list