On Wed, Sep 26, 2007 at 09:39:54AM +0200, Johannes Berg wrote: > So any STA can actually send EAPOL frames with an arbitrary destination > MAC address except our own into our 802.3 interface. Hence, it looks > like the first case above is only for having eapol on mgmt iface. EAPOL ethertype is not supposed to be bridged, so it would be perfectly fine dropping these wherever it is most convenient to do. > The only problem I see with not doing this is that hostapd will have to > listen for EAPOL frames on all VLAN interfaces but I suppose that is > doable. That's fine. This should be doable with just one packet socket that is not bound to any interface or alternatively with multiple sockets (one per interface). I wouldn't be too concerned about the extra cost here as long as the other EAPOL related silliness (e.g., the difference in encryption of re-keying packets in 802.1X with dynamic WEP vs. WPA). -- Jouni Malinen PGP id EFC895FA - To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
