On 6/20/23 19:26, Brian Norris wrote:
This invocation seems a bit suspect, as it uses a 'sizeof' of a field
that doesn't match the actual pointer (it's off by 1 byte), but that's
not your fault. I suppose it's no wonder we had so many problems with
TDLS support on mwifiex...
Hm, ieee80211_prep_tdls_direct() seems takes this byte into account. But
do you know why 'u.action.u.tdls_discover_resp' is ended with a flexible
array, e.g.:
struct {
u8 action_code;
u8 dialog_token;
__le16 capability;
u8 variable[0];
} __packed tdls_discover_resp;
Dmitry
