On Mon, 2016-10-03 at 13:14 +0200, Michael Braun wrote: > When using WPA security, the station and thus the required key is > identified by its mac address when packets are received. So a > station usually cannot spoof its source mac address. > > But when a station sends an A-MSDU frame, port control and crypto > is done using the outer mac address, while the packets delivered > and forwarded use the inner mac address. > This might affect ARP/IP filtering on the AccessPoint. > > IEEE 802.11-2012 mandates that the outer source mac address should > match the inner source address (section 8.3.2.2). For the destination > mac address, matching is not required, as a wifi client may send all > its traffic to the AP in order to have it forwarded. This doesn't apply over my series now, so I'm dropping it - I have the bare minimum mwifiex changes to let it compile, but no additional checks. Marvell folks: take note, you'll want to have these checks in your driver, so need to pass the right check_da/check_sa arguments (depending on the interface type) to the function. See https://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211.git/commit/?id=002a02b6d1be6aba55c7391a030c0358fada81c5 johannes
