On Thu, Nov 24, 2022 at 02:45:29PM +0200, Andrei Otcheretianski wrote: > The underline driver is expected to translate the link > addresses to MLD addresses when processing an authentication > frame from a MLD AP. Thus, accept authentication frame when > the peer matches the expected MLD address. Where is that behavior defined? Is this design here implying that the Authentication are send to/from userspace with different header address field values that are used in the actual frame over air? Which component is enforcing the authentication, association, and initial EAPOL-Key 4-way handshake to be using the same link? What happens with association frames? Does this have any impact on how the protection for those, e.g., with FILS, works since that needs to use the actual link addresses for deriving KeyAuth? What if something similar would be needed in Authentication frames? -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
