New 22000 mode is USELESS GARBAGE

[ZerBea]

The key word is "and" because you want to protect MAC addr1 and MAC addr2 and MAC addrX.

Code:

create BPF to protect a MAC
$ tcpdump -i <interface> not wlan addr3 11:22:33:44:55:66 and not wlan addr2 11:22:33:44:55:66 -ddd > protect.bpf
where addr3 protect ACCESS POINTs and addr2 protect CLIENTs
recommended to protect own devices

example:
AP1 = 11:22:33:44:55:66
AP2 = 22:22:33:44:55:66
AP3 = 33:22:33:44:55:66

sudo tcpdump -i wlp3s0f0u1
not wlan addr3 11:22:33:44:55:66 and not wlan addr3 22:22:33:44:55:66 and not wlan addr3 33:22:33:44:55:66 > -ddd > own.bpfc
This BPF protect all frames containing BSSID in ADDR 3 field.

sudo tcpdump -i wlp3s0f0u1
not wlan addr3 11:22:33:44:55:66 and not wlan addr3 22:22:33:44:55:66 and not wlan addr3 33:22:33:44:55:66
and not wlan addr2 11:22:33:44:55:66 and not wlan addr2 22:22:33:44:55:66 and not wlan addr2 33:22:33:44:55:66 >
-ddd > own.bpfc
This BPF protect all frames containing BSSID in addr2 and addr3 field.

It is important to understand the purpose of the address fields to code a BPF.
If an AP transmit you can expect its MAC in addr2 and addr3 but never in addr1.
The address fields are explained here:
https://www.researchgate.net/figure/8021..._220205363