> I looked at the mac80211 code, the problem is the skb_push() you > guys do in this situation. Thanks. > Things like loopback, which also orphan then reinject, don't trigger > this problem because the re-input path trims things, never adds. > > The good news is that this is easy to fix. > > Since you've orphaned the SKB, simply adjust skb->truesize as you > do pushes. Like this: > > mac80211: Adjust truesize in ieee80211_tx_status() when reinjecting. > > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> > + /* This is safe because the buffer has been orphaned. */ > + skb->truesize += sizeof(*rthdr); Hmm. The disconnect between truesize and skb->len+sizeof(*skb) was usually 17 or 19 bytes and sizeof(*rthdr) is only 11. On the other hand, I don't see where the other bytes should be coming from. I'll give this a try, thanks. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
