From: Johannes Berg <johannes@sipsolutions.net>
To: Michael Braun <michael-dev@fami-braun.de>
Cc: linux-wireless@vger.kernel.org, projekt-wlan@fem.tu-ilmenau.de,
kvalo@codeaurora.org, akarwar@marvell.com, nishants@marvell.com,
Larry.Finger@lwfinger.net, Jes.Sorensen@redhat.com
Subject: Re: [PATCHv3 2/3] mac80211: check A-MSDU inner frame source address on AP interfaces
Date: Wed, 12 Oct 2016 09:16:44 +0200 [thread overview]
Message-ID: <1476256604.5271.5.camel@sipsolutions.net> (raw)
In-Reply-To: <1475493257-21841-2-git-send-email-michael-dev@fami-braun.de> (sfid-20161003_131433_693019_40C59037)
On Mon, 2016-10-03 at 13:14 +0200, Michael Braun wrote:
> When using WPA security, the station and thus the required key is
> identified by its mac address when packets are received. So a
> station usually cannot spoof its source mac address.
>
> But when a station sends an A-MSDU frame, port control and crypto
> is done using the outer mac address, while the packets delivered
> and forwarded use the inner mac address.
> This might affect ARP/IP filtering on the AccessPoint.
>
> IEEE 802.11-2012 mandates that the outer source mac address should
> match the inner source address (section 8.3.2.2). For the destination
> mac address, matching is not required, as a wifi client may send all
> its traffic to the AP in order to have it forwarded.
This doesn't apply over my series now, so I'm dropping it - I have the
bare minimum mwifiex changes to let it compile, but no additional
checks.
Marvell folks: take note, you'll want to have these checks in your
driver, so need to pass the right check_da/check_sa arguments
(depending on the interface type) to the function. See
https://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211.git/commit/?id=002a02b6d1be6aba55c7391a030c0358fada81c5
johannes
next prev parent reply other threads:[~2016-10-12 7:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 11:14 [PATCHv2 1/3] mac80211: fix CMD_FRAME for AP_VLAN Michael Braun
2016-10-03 11:14 ` [PATCHv3 2/3] mac80211: check A-MSDU inner frame source address on AP interfaces Michael Braun
2016-10-12 7:16 ` Johannes Berg [this message]
2016-10-03 11:14 ` [PATCHv3 3/3] mwifiex: " Michael Braun
2016-10-12 7:12 ` [PATCHv2 1/3] mac80211: fix CMD_FRAME for AP_VLAN Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476256604.5271.5.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=Jes.Sorensen@redhat.com \
--cc=Larry.Finger@lwfinger.net \
--cc=akarwar@marvell.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=michael-dev@fami-braun.de \
--cc=nishants@marvell.com \
--cc=projekt-wlan@fem.tu-ilmenau.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.