Search Linux Wireless

Re: [ath9k-devel] mac80211/ath9k/hostapd: Some clients unable to associate with AP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2009/10/23 Jouni Malinen <j@xxxxx>:
> On Fri, Oct 23, 2009 at 05:27:27PM +0200, Björn Smedman wrote:
>
>> It seems the problem is a typo in net/mac80211/tx.c that causes
>> injected frames from hostapd not to be associated with the correct ap
>> interface before going into ieee80211_tx_h_sequence(). This tiny patch
>> solves my problems (and looks reasonable to me in any case):
>
> Thanks! Would you be able to make the same patch against the
> wireless-testing.git repository and add a Signed-off-by line to meet the
> kernel submission requirements?

It's time i learn. :) I'll give it a shot tomorrow.

>
>> diff -urN compat-wireless-2009-10-21-before_seqnum_fix/net/mac80211/tx.c
>> compat-wireless-2009-10-21/net/mac80211/tx.c
>> @@ -1445,7 +1445,7 @@
>>                                 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP)
>>                                         continue;
>>                                 if (compare_ether_addr(tmp_sdata->dev->dev_addr,
>> -                                                      hdr->addr2)) {
>> +                                                      hdr->addr2) == 0) {
>>                                         dev_hold(tmp_sdata->dev);
>>                                         dev_put(sdata->dev);
>>                                         sdata = tmp_sdata;
>
> This does indeed look like a typo. Though, I'm not sure how this would
> have caused a regression between compat-wireless-2009-06-02 and
> compat-wireless-2.6.32-rc1. The incorrect compare_ether_addr() use seems
> to be there in the original commit that added this code
> (25d834e16294c8dfd923dae6bdb8a055391a99a5 from September 12, 2008)..

Interesting puzzle. :) It looks like there was a complementary bug
(the pointer hdr was set to point len_rthdr * sizeof(struct
ieee80211_hdr) bytes into the skbuff) in that commit:
...
+		len_rthdr = ieee80211_get_radiotap_len(skb->data);
+		hdr = (struct ieee80211_hdr *)skb->data + len_rthdr;
...
So the frame source address used to be compared with random data which
was likely to result in inequality, causing the first ap interface to
be "found" and the code to work as expected. I guess the pointer bug
was fixed somewhere between 2006-06-02 and now "causing" the sequence
number problem.

/Björn
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux