#843: four extra bytes between 802.11 and LLC headers in frames recv'd by
AR5006EXS
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: madwifi: 802.11 stack | Version: v0.9.2
Resolution: | Keywords: AR5006EXS PCI Express
Patch_attached: 1 |
----------------------------------------+-----------------------------------
Comment (by [EMAIL PROTECTED]):
Hi!
I've spent few days analysing madwifi-ng code trying to find a place where
those "4 additional bytes" are inserted into IEEE802.11 incoming frame. I
also tried to find out why I get kernel panic after I apply jrengdajl's
patch. Here are my conclusions:
1) There are two "main" functions in your patch you use to move the data
block (in the skb structure):
{{{ memmove(skb->data+4, skb->data, hdrsize);}}}
{{{ skb_pull(skb, 4);}}}
I am not sure if it is necessary to use memmove function. I think
{{{ skb->data=skb_pull(skb, 4);}}}
is all we need. Thanks to this we just change the addres which is pointed
by skb->data (upgrading skb->len value at the same time).
2) I discovered that our "four bytes" bug sometimes changes to "six bytes"
bug. As we know our bug has place only in ieee802.11 DATA frames. There
are four additional bytes between 802.11 header and LLC when "To DS" and
"From DS" bits (in FRAME CONTROL filed of 802.11 header) are NOT set or
when only one of them is set. When both of them are set to 1 than 802.11
header is longer and there are SIX additional (not needed at this moment)
bytes which should be omited.
6 additional bytes case:
{{{
0000 08 0b d5 00 00 0e 2e 9a 42 6d 00 4f 62 08 11 57 ........
Bm.Ob..W
|
0000 1011
/ \
From DS To DS
0010 00 50 8b 51 23 1e e0 a8 00 0e 8e 7d 3f 1e 8e 1e .P.Q#...
...}?...
|
End of 802.11 header
0020 00 58 70 00 aa aa 03 00 00 00 08 00 45 00 00 28 .Xp.....
....E..(
|
Start of REAL LLC
0030 73 bd 40 00 80 06 5d 27 c0 a8 00 2f d0 41 98 d2 [EMAIL PROTECTED]'
.../.A..
0040 05 d2 00 50 92 48 41 17 ef a5 83 ae 50 10 ff ff ...P.HA.
....P...
0050 39 13 00 00 00 00 00 00 00 00 9....... ..
}}}
As You can see there are 6 additional bytes. I'll try to write some patch
and i hope it will work.
--
Ticket URL: <http://madwifi.org/ticket/843>
MadWifi <http://madwifi.org/>
Multiband Atheros Driver for Wireless Fidelity-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Madwifi-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/madwifi-tickets
