Index: sys/net80211/ieee80211_adhoc.c
===================================================================
--- sys/net80211/ieee80211_adhoc.c
+++ sys/net80211/ieee80211_adhoc.c
@@ -352,7 +352,10 @@
 	dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
 	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 	subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
-	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
+	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0 ||
+    	    !(type == IEEE80211_FC0_TYPE_MGT &&
+	    (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
+	     subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP))) {
 		if (dir != IEEE80211_FC1_DIR_NODS)
 			bssid = wh->i_addr1;
 		else if (type == IEEE80211_FC0_TYPE_CTL)
Index: sys/net80211/ieee80211_hostap.c
===================================================================
--- sys/net80211/ieee80211_hostap.c
+++ sys/net80211/ieee80211_hostap.c
@@ -535,7 +535,10 @@
 	dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
 	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 	subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
-	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
+	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0 ||
+    	    !(type == IEEE80211_FC0_TYPE_MGT &&
+	    (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
+	     subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP))) {
 		if (dir != IEEE80211_FC1_DIR_NODS)
 			bssid = wh->i_addr1;
 		else if (type == IEEE80211_FC0_TYPE_CTL)
Index: sys/net80211/ieee80211_sta.c
===================================================================
--- sys/net80211/ieee80211_sta.c
+++ sys/net80211/ieee80211_sta.c
@@ -588,7 +588,10 @@
 	dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
 	type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 	subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
-	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0) {
+	if ((ic->ic_flags & IEEE80211_F_SCAN) == 0 ||
+	    !(type == IEEE80211_FC0_TYPE_MGT &&
+	    (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
+	     subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP))) {
 		bssid = wh->i_addr2;
 		if (!IEEE80211_ADDR_EQ(bssid, ni->ni_bssid)) {
 			/* not interested in */
@@ -605,12 +608,6 @@
 		 *
 		 * If we receive a data frame that isn't
 		 * destined to our VAP MAC, drop it.
-		 *
-		 * XXX TODO: This is only enforced when not scanning;
-		 * XXX it assumes a software-driven scan will put the NIC
-		 * XXX into a "no data frames" mode before setting this
-		 * XXX flag. Otherwise it may be possible that we'll still
-		 * XXX process data frames whilst scanning.
 		 */
 		if ((! IEEE80211_IS_MULTICAST(wh->i_addr1))
 		    && (! IEEE80211_ADDR_EQ(wh->i_addr1, IF_LLADDR(ifp)))) {