On Tue, Jan 24, 2017 at 03:34:59PM +0100, Imre Vadász wrote:
> Since m_split() in some cases returns an mbuf chain, where the pkthdr element
> contains no data (i.e. m_len == 0), the n->m_len == 0 check in
> sys/net80211/ieee80211_input.c in the amsdu_decap() function sometimes
> signals the end of the AMSDU frame too early.
> Instead it should check the actual length of the data in the remaining
> mbuf chain with n->m_pkthdr.len == 0.
Thanks. This makes sense to me.
Does anyone else want to provide another ok?
BTW, I do not remember ever encountering an AP that sends A-MSDUs, apart
from one I once set up specifically to test this code path. Most APs out
there seem to prefer sending A-MPDUs instead of A-MSDUs.
> Index: sys/net80211/ieee80211_input.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
> retrieving revision 1.184
> diff -u -r1.184 ieee80211_input.c
> --- sys/net80211/ieee80211_input.c 16 Jan 2017 09:35:06 -0000 1.184
> +++ sys/net80211/ieee80211_input.c 24 Jan 2017 14:26:19 -0000
> @@ -1096,7 +1096,7 @@
> }
> ieee80211_deliver_data(ic, m, ni, mcast);
>
> - if (n->m_len == 0) {
> + if (n->m_pkthdr.len == 0) {
> m_freem(n);
> break;
> }
>
