> > + /* h_80211_src/dst is addr* field within hdr */
> > + h_80211_src = data + fast_tx->sa_offs;
> > + h_80211_dst = data + fast_tx->da_offs;
> > + if (bssid && ieee80211_has_fromds(hdr->frame_control))
> > + memcpy(h_80211_src, bssid, ETH_ALEN);
> > +
> > + if (bssid && ieee80211_has_tods(hdr->frame_control))
> > + memcpy(h_80211_dst, bssid, ETH_ALEN);
> I think this is probably wrong for 4-addr, since there both FromDS
> and ToDS are set. Maybe you should use !ieee80211_has_tods instead of
> ieee80211_has_fromds and vice versa.
It helps to look at the spec ;-)
For 4-addr frames, dest/src are addr 3/4 respectively, and in the spec
both *should* actually be set to the BSSID.
It's kinda pointless to be doing that and using a 4-addr frame here,
but I suppose it would be expected by the receiver in 4-addr mode, so
makes some sense.