802.11 frame sequence numbers are in the range 0x0 - 0xfff.
Don't let internal representations of sequence numbers grow beyond 0xfff.
ok?
diff 582540bcd55abf4efa3abe8c23ebc7f3c247245d
ba499e0f519999b139f9ad6d4b4ea18cbf56bd93
blob - 808b6e1f46b777ea408561c0fbf511e79d477c54
blob + 6c8057426973640ab03af4ec061adfa1d3c695bf
--- sys/net80211/ieee80211_output.c
+++ sys/net80211/ieee80211_output.c
@@ -190,7 +190,7 @@ ieee80211_mgmt_output(struct ifnet *ifp, struct ieee80
*(u_int16_t *)&wh->i_dur[0] = 0;
*(u_int16_t *)&wh->i_seq[0] =
htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT);
- ni->ni_txseq++;
+ ni->ni_txseq = (ni->ni_txseq + 1) & 0xfff;
IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr);
IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr);
IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
@@ -623,11 +623,11 @@ ieee80211_encap(struct ifnet *ifp, struct mbuf *m, str
*(u_int16_t *)qwh->i_qos = htole16(qos);
*(u_int16_t *)qwh->i_seq =
htole16(ni->ni_qos_txseqs[tid] << IEEE80211_SEQ_SEQ_SHIFT);
- ni->ni_qos_txseqs[tid]++;
+ ni->ni_qos_txseqs[tid] = (ni->ni_qos_txseqs[tid] + 1) & 0xfff;
} else {
*(u_int16_t *)&wh->i_seq[0] =
htole16(ni->ni_txseq << IEEE80211_SEQ_SEQ_SHIFT);
- ni->ni_txseq++;
+ ni->ni_txseq = (ni->ni_txseq + 1) & 0xfff;
}
switch (ic->ic_opmode) {
case IEEE80211_M_STA:
