From c20cc5833eb615a2f840f8da3512cd586ed7e441 Mon Sep 17 00:00:00 2001
From: Andrey Kartashev <andrey.kartashev@afconsult.com>
Date: Fri, 2 Nov 2018 19:02:19 +0100
Subject: [PATCH] mka: Speed up processing of duplicated SCI

Decrease timeout for a peer with duplicated SCI to speed up process in
case it is a valid peer after MI change.

Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
---
 src/pae/ieee802_1x_kay.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 92f2bd329..8862a0a73 100644
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -840,8 +840,15 @@ ieee802_1x_mka_decode_basic_body(struct ieee802_1x_kay *kay, const u8 *mka_msg,
 		peer = ieee802_1x_kay_get_peer_sci(participant,
 						   &body->actor_sci);
 		if (peer) {
+			time_t new_expire;
+
 			wpa_printf(MSG_WARNING,
 				   "KaY: duplicated SCI detected - maybe active attacker or peer selected new MI - ignore MKPDU");
+			/* Reduce timeout to speed up this process but left the
+			 * chance for old one to prove aliveness. */
+			new_expire = time(NULL) + MKA_HELLO_TIME * 1.5 / 1000;
+			if (peer->expire > new_expire)
+				peer->expire = new_expire;
 			return NULL;
 		}