On Thu, 2015-03-26 at 20:40 +0100, Michael Braun wrote: > When using WPA security, the station and thus the required key is > identified by its mac address when packets are received. So a > station usually cannot spoof its source mac address. > > But when a station sends an A-MSDU frame, port control and crypto > is done using the outer mac address, while the packets delivered > and forwarded use the inner mac address. > > IEEE 802.11-2012 mandates that the outer source mac address should > match the inner source address (section 8.3.2.2). For the > destination mac address, matching is not required (section 10.23.15). > > So I was wondering whether some checking would be useful? Makes sense, but perhaps it should just be done in A-MSDU de-aggregation in ieee80211_amsdu_to_8023s() so we can simply not even allocate the skb for that frame if it's mismatched? It'd only be possible for those callers who set has_80211_header=true, but mac80211 would still be covered. Alternatively, we could pass the TA into the function, and then check against that. johannes -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
