On Mon, Apr 24, 2023 at 12:50:46AM +0800, Ze Gan wrote: > Because the key server may not include dist sak and use sak in ONE packet, > Meanwhile, after dist sak, the current participant(Non-Key Server) will > install SC or SA(s) after decoding the dist sak which may take few seconds > in real physical platforms. Meanwhile, the peer expire time is always > initialized at adding the key server to peer list. The gap between adding > the key server to peer list and processing next use sak packet may exceed > the threshold of MKA_LIFE_TIME(6s). It will cause an unexpected cleanup > (delete SC and SA(s)). So, update the expire timeout at dist sak also. Thanks, applied. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
