FT: Check destination MAC address on RRB receive

As the Linux variant of l2_packet_init() does not use its own_addr
argument and l2_packet_receive() does not filter on destination MAC
address, this needs to be checked in the callback.

If there are multiple BSSes listening for FT RRB packets, all their
BSSIDs need to be local to the bridge interface. As l2_packet_init() is
going to receive all of them going for any local address, those RRB
messages started turning up on BSSes that were not destinated for and
cluttering logs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>

diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index e92415a824f5b97d0405596368b326402cc53785..5fe0987fd9e53a36aca499d1ee5684459ee10cf6 100644 (file)
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -573,6 +573,9 @@ static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
        ethhdr = (struct l2_ethhdr *) buf;
        wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
                   MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest));
+       if (!is_multicast_ether_addr(ethhdr->h_dest) &&
+           os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0)
+               return;
        wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr),
                      len - sizeof(*ethhdr));
 }