Jeff Johnson <quic_jjohnson@xxxxxxxxxxx> writes: > The current logic in ieee80211_convert_to_unicast() uses skb_clone() > to obtain an skb for each individual destination of a multicast > frame, and then updates the destination address in the cloned skb's > data buffer before placing that skb on the provided queue. > > This logic is flawed since skb_clone() shares the same data buffer > with the original and the cloned skb, and hence each time the > destination address is updated, it overwrites the previous destination > address in this shared buffer. As a result, due to the special handing > of the first valid destination, all of the skbs will eventually be > sent to that first destination. Did you actually observe this happen in practice? ieee80211_change_da() does an skb_ensure_writable() check on the Ethernet header before writing it, so AFAICT it does not, in fact, overwrite the data of the original frame. > Fix this issue by using skb_copy() instead of skb_clone(). This will > result in a duplicate data buffer being allocated for each > destination, and hence each skb will be transmitted to the proper > destination. Cf the above, it seems this change will just lead to more needless copying. -Toke
