[PATCH] MKA: Do not enable MACsec transmission if there is any risk of a duplicate SCI
Greg Goblirsch
gregg at thinklogical.com
Mon Apr 25 07:25:32 PDT 2022
It is obvious that restarting wpa_supplicant could result in a live peer and a potential peer having the same SCI.
9.4.2 Member identification and message numbers
The KaY will not enable MACsec transmission if there is any risk of a duplicate SCI
@@ -683,6 +702,13 @@ ieee802_1x_kay_move_live_peer(struct ieee802_1x_mka_participant *participant,
if (!peer)
return NULL;
+ if (ieee802_1x_kay_get_live_peer_sci(participant,
+ &participant->current_peer_sci)) {
+ wpa_printf(MSG_WARNING,
+ "KaY: live peer and potential peer have the same SCI");
+ return NULL;
+ }
+
rxsc = ieee802_1x_kay_init_receive_sc(&participant->current_peer_sci);
if (!rxsc)
return NULL;
More information about the Hostap
mailing list