Am 30.09.2016 um 12:01 schrieb Johannes Berg: > A few more things: > > First of all - there's nothing specific to "AP interfaces", which you > say in the subject, as far as I can tell? That should be removed? >> if (unlikely(ta && >>+ (iftype == NL80211_IFTYPE_AP || >>+ iftype == NL80211_IFTYPE_AP_VLAN) && >>+ !ether_addr_equal(ta, eth.h_source) >>+ )) >>+ goto purge; So the A-MSDU packets are only dropped if received by an interface in AP or AP_VLAN mode, not on client side, as my original issue was about arp/ip filters being circumvented on AP side. >> IEEE 802.11-2012 mandates that the outer source mac address should >> match the inner source address (section 8.3.2.2). For the >> destination mac address, matching is not required (section 10.23.15). > > I think this is wrong. As we do not support DMS (yet), we should adhere > to 8.3.2.2 and only accept matching TA/SA and DA/RA. IEEE 802.11-2012 8.3.2.2 contains the note "NOTE—It is possible to have different DA and SA parameter values in A-MSDU subframe headers of the same A-MSDU as long as they all map to the same Address 1 and Address 2 parameter values." I conclude that embedding multicast in unicast A-MSDU frames is generally allowed, because "mapping" does not mean "be identical". Regards, M. Braun
