Fix for CP state machine issues #33
Conversation
|
is this upstreamed? |
I check the spec, IEEE 802.1X 2010 MACsec, this fix looks correct. |
It is definitely an upstream issue. Does this mean you would prefer not to merge this pull request? I was not able to find the wpa-supplicant project on github.com to submit this fix directly to that project. |
wpa-supplicant belongs to hostap project https://w1.fi/hostapd/ . Its community maintains or contributes the repository by mail-list https://w1.fi/cgit/hostap/plain/CONTRIBUTIONS. But I think we should merge this PR into our repo, because we don't always follow the latest commit of upstream. |
Signed-off-by: Ze Gan <ganze718@gmail.com> 986a835153b3df3a37492fbd3a83fc8e38a40c10 Proactively rekey sonic-net/sonic-wpa-supplicant#36 b84dd21ac7b76686caf53f2e9a2c8eb80519ab31 Fix azurepieline download sonic swss common deb pakcage sonic-net/sonic-wpa-supplicant#37 66002de9d5e3165ccdbed40451db86ae0a8b3944 [macsec_sonic] driver support for macsec_include_sci sonic-net/sonic-wpa-supplicant#35 dae8f59cb54c90bc9011bd675806a75dd0808d27 MACsec XPN changes sonic-net/sonic-wpa-supplicant#34 c2271b2879ed157718edb51e842a3e33debeab7f Move SSCI from SC to SA and change packet number field name to adapt sai 1.7.1 sonic-net/sonic-wpa-supplicant#26 1bbc8f1ef463dd21428ce80b72da107f3bd2f3f0 Fix for CP state machine issues sonic-net/sonic-wpa-supplicant#33
This PR is to fix issues with CP state machine found during testing AN rollover.
It was seen that when MACsec live peer timeout coincides with AN rollover on Key server, there can be two valid state machine transitions from CP Receiving state: Abandon and Transmit. This results in both Abandon and Transmit handling being executed by CP state machine, Key server will remain stuck in invalid Transmit state, and CP state machine will not recover without manual intervention.
Changes update CP state machine so that multiple transition paths cannot be executed from any given CP state.