[mka]: Fix re-establishment by reset MI
Jouni Malinen
j at w1.fi
Sun Nov 5 10:42:50 PST 2023
On Mon, Apr 24, 2023 at 12:50:09AM +0800, Ze Gan wrote:
> Key server maybe removed due to the ingress packets delay.
> In this situation, the endpoint of key server may not be aware of
> this participant who has removed the key server from peer list.
> Because the egress traffic is normal, the key server will not
> remove this participant from the peer list of key server.
> So in the next MKA message, the key server will not dispatch a
> new SAK to this participant.
> And this participant can not be aware of that is a new round
> of communication so that it will not update its mi at re-adding
> the key server to its peer list.
> So we need to update mi to avoid the failure of re-establishment
> MKA session.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list