On 2021-03-16 21:21, Johannes Berg wrote:
On Tue, 2021-03-16 at 21:17 +0530, Govindaraj wrote:
Addba request action frame received with the extension element from
certain 11ac stations,
Please indicate which so we have a record of who's shipping broken
junk.
but the cmd id and length not matching to addba
extension and it failing in element parsing.
Due to this, addba request
not acknowledged and aggregation not started which is causing low
throughput. Hence validating the cmd id before processing addba
extension.
ies_len = len - offsetof(struct ieee80211_mgmt,
u.action.u.addba_req.variable);
- if (ies_len) {
+ if (ies_len &&
+ mgmt->u.action.u.addba_req.variable[0] == WLAN_EID_ADDBA_EXT) {
ieee802_11_parse_elems(mgmt->u.action.u.addba_req.variable,
ies_len, true, &elems, mgmt->bssid,
NULL);
if (elems.parse_error)
So we get into parse_error without this?
yes, we getting parse error.
What are they putting there instead?
first 9 bytes are addba request action frame and remaining 7 bytes
extension causing for parse error.
03 00 01 02 10 00 00 e0 0a cf 08 06 11a 46 09 fe
johannes