[PATCH] MKA: Reliable election of the key_server
Greg Goblirsch
gregg at thinklogical.com
Mon Apr 25 07:08:44 PDT 2022
On Tue Jul 21 08:38:17 EDT 2020, Mickael Chazaux wrote:
> A reliable election of the key_server can be obtained by :
> - not changing the MI (the "0 && " in the patch) randomly,
> - and ignoring (eg commenting out) the if(peer->is_key_server) check
> in the election function.
> This is because the election function is called only when there is a new
> peer added or deleted to the live list, but it should be called also when
> the MKPDU KeyServer flag changes for a peer. Simple test : use three devices,
> let them elect one as the key server, and then kill the key server. The remaining
> have KeyServer == 0 in their MKPDUs at the deletion of the key server from the
> live list, and each declares "I am the key server, because the other has KS=0".
>This is of course random. Sometimes one gets elected, sometimes they lock up.
I concur.
@@ -2290,9 +2319,6 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
/* elect the key server among the peers */
dl_list_for_each(peer, &participant->live_peers,
struct ieee802_1x_kay_peer, list) {
- if (!peer->is_key_server)
- continue;
-
if (!key_server) {
key_server = peer;
continue;
More information about the Hostap
mailing list