From: Johannes Berg <johannes@sipsolutions.net>
To: Michael Braun <michael-dev@fami-braun.de>
Cc: linux-wireless@vger.kernel.org, projekt-wlan@fem.tu-ilmenau.de,
kvalo@codeaurora.org, akarwar@marvell.com, nishants@marvell.com,
Larry.Finger@lwfinger.net, Jes.Sorensen@redhat.com
Subject: Re: [PATCHv3 2/3] mac80211: check A-MSDU inner frame source address on AP interfaces
Date: Wed, 12 Oct 2016 09:16:44 +0200 [thread overview]
Message-ID: <1476256604.5271.5.camel@sipsolutions.net> (raw)
In-Reply-To: <1475493257-21841-2-git-send-email-michael-dev@fami-braun.de> (sfid-20161003_131433_693019_40C59037)
On Mon, 2016-10-03 at 13:14 +0200, Michael Braun wrote:
> When using WPA security, the station and thus the required key is
> identified by its mac address when packets are received. So a
> station usually cannot spoof its source mac address.
>
> But when a station sends an A-MSDU frame, port control and crypto
> is done using the outer mac address, while the packets delivered
> and forwarded use the inner mac address.
> This might affect ARP/IP filtering on the AccessPoint.
>
> IEEE 802.11-2012 mandates that the outer source mac address should
> match the inner source address (section 8.3.2.2). For the destination
> mac address, matching is not required, as a wifi client may send all
> its traffic to the AP in order to have it forwarded.
This doesn't apply over my series now, so I'm dropping it - I have the
bare minimum mwifiex changes to let it compile, but no additional
checks.
Marvell folks: take note, you'll want to have these checks in your
driver, so need to pass the right check_da/check_sa arguments
(depending on the interface type) to the function. See
https://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211.git/commit/?id=002a02b6d1be6aba55c7391a030c0358fada81c5
johannes
next prev parent reply other threads:[~2016-10-12 7:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 11:14 [PATCHv2 1/3] mac80211: fix CMD_FRAME for AP_VLAN Michael Braun
2016-10-03 11:14 ` [PATCHv3 2/3] mac80211: check A-MSDU inner frame source address on AP interfaces Michael Braun
2016-10-12 7:16 ` Johannes Berg [this message]
2016-10-03 11:14 ` [PATCHv3 3/3] mwifiex: " Michael Braun
2016-10-12 7:12 ` [PATCHv2 1/3] mac80211: fix CMD_FRAME for AP_VLAN Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1476256604.5271.5.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=Jes.Sorensen@redhat.com \
--cc=Larry.Finger@lwfinger.net \
--cc=akarwar@marvell.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=michael-dev@fami-braun.de \
--cc=nishants@marvell.com \
--cc=projekt-wlan@fem.tu-ilmenau.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).