[PATCH 09/13] SME: Accept authentication frame from an MLD AP

Jouni Malinen j at w1.fi
Thu Nov 24 12:36:14 PST 2022

On Thu, Nov 24, 2022 at 02:45:29PM +0200, Andrei Otcheretianski wrote:
> The underline driver is expected to translate the link
> addresses to MLD addresses when processing an authentication
> frame from a MLD AP. Thus, accept authentication frame when
> the peer matches the expected MLD address.

Where is that behavior defined? Is this design here implying that the
Authentication are send to/from userspace with different header address
field values that are used in the actual frame over air? Which component
is enforcing the authentication, association, and initial EAPOL-Key
4-way handshake to be using the same link?

What happens with association frames? Does this have any impact on how
the protection for those, e.g., with FILS, works since that needs to use
the actual link addresses for deriving KeyAuth? What if something
similar would be needed in Authentication frames?

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list