On Sun, Oct 10, 2021 at 12:45:21PM +0200, Fabio Aiuto wrote: > > 1406 /* BIP packet number should bigger than previous BIP packet */ > > 1407 if (temp_ipn <= pmlmeext->mgnt_80211w_IPN_rx) > > 1408 goto BIP_exit; > > 1409 > > 1410 /* copy key index */ > > 1411 memcpy(&le_tmp, p+2, 2); > > > > But this part seems totally wrong again because we haven't incremented > > p. p + 10? > > I don't know what you mean. I guess that you are adressing the code above > (lines 1406-1411). > > Anyway I think the code it's right. MMIE layout is: > > 1 byte element_id; > 1 byte length; > 2 byte key_id; > 6 byte IPN; > 8 byte MIC; > > so to access key_id I have to increment p by 2. > Oh, yes. You're right. I think I got confused because we are not parsing the MMIE layout in order. 1, 2, 3 4. It goes 4 then 2. regards, dan carpenter
