>Then, the call to ieee80211_amrr_choose uses amn, which is after the >struct the iwn_node was initalised with. ieee80211_amrr_choose then starts >by dereferencing bits of the amn. Isn't that pointing at garbage? > >I haven't used iwn as an "infrastructure station", so have never run into >trouble, but is the C analysis right?
Looks like to me that every time iwn_iter_func() is called, it's being called with a struct iwn_node as the argument that just happens to cast to a struct ieee80211_node (look at iwn_node_alloc(), and see how in iwn_attach() ic->ic_node_alloc is set to iwn_node alloc()). --Ken
