[PATCH v2] MKA: Reliable election of the key_server

Greg Goblirsch gregg at thinklogical.com
Mon Apr 25 10:13:34 PDT 2022

On Tue Jul 21 08:38:17 EDT 2020, Mickael Chazaux wrote:

> A reliable election of the key_server can be obtained by :
>       - not changing the MI (the "0 && " in the patch) randomly,
>       - and ignoring (eg commenting out) the if(peer->is_key_server) check 
>         in the election function.

> This is because the election function is called only when there is a new
> peer added or deleted to the live list, but it should be called also when 
> the MKPDU KeyServer flag changes for a peer. Simple test : use three devices, 
> let them elect one as the key server, and then kill the key server. The remaining
> have KeyServer == 0 in their MKPDUs at the deletion of the key server from the 
> live list, and each declares "I am the key server, because the other has KS=0". 
>This is of course random. Sometimes one gets elected, sometimes they lock up.

I concur.

Signed-off-by: Greg Goblirsch <gregg at thinklogical.com>

@@ -2290,9 +2319,6 @@ ieee802_1x_kay_elect_key_server(struct ieee802_1x_mka_participant *participant)
        /* elect the key server among the peers */
        dl_list_for_each(peer, &participant->live_peers,
                         struct ieee802_1x_kay_peer, list) {
-               if (!peer->is_key_server)
-                       continue;
                if (!key_server) {
                        key_server = peer;

More information about the Hostap mailing list