From owner-freebsd-net@FreeBSD.ORG  Mon Jul  5 09:05:42 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C43F1106566B
	for <freebsd-net@freebsd.org>; Mon,  5 Jul 2010 09:05:42 +0000 (UTC)
	(envelope-from moonlightakkiy@yahoo.ca)
Received: from web51801.mail.re2.yahoo.com (web51801.mail.re2.yahoo.com
	[206.190.38.232])
	by mx1.freebsd.org (Postfix) with SMTP id 81DD98FC08
	for <freebsd-net@freebsd.org>; Mon,  5 Jul 2010 09:05:42 +0000 (UTC)
Received: (qmail 29983 invoked by uid 60001); 5 Jul 2010 09:05:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s1024;
	t=1278320739; bh=bdGXI5ufYkCKjecmz+6WYdu1xKTLkAkFu1NtNxNiMPU=;
	h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
	b=219eTZhV6KvF7dGWBKcmZldzQmzZImDVAQtYReVemg5COztZIAjQw7JyAzCClkKP+qisEYYKyrDhDQeE1NYzOosfAW0i81jFzN5iDMR0QQ73kekmqcIuS6zuGY0MbFWcJIlj4saiV+WqbAFI+x5KUdTCddy4/meKkWGI8TnjqWM=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.ca;
	h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
	b=0L8kJmvZuKCDOvYuVjnxEoQElkNMujEGLu6oQdfehKx2+rrbZvc+rQi/GH5Ht8GeBqcVlz0VY/I9dovXs+vrvK7t026XqNbTYUzd7IJvHvn3wuyTJH83pE6PHXY05d4qIow1KJ/Wl3xXpnE8QlcOziLeMGy1z+BCepX/WWZ+AE0=;
Message-ID: <338423.28480.qm@web51801.mail.re2.yahoo.com>
X-YMail-OSG: 9tVWPx4VM1mGjIjzlSuvBZO95mbjSTJTyAtZv9ctehZpFHT
	mzc5OhQuYltzQ9.ENLmm4g8aQ7UZXx0Jv4a3yTJFDR2DgwGLVtUl_BefCyUz
	oyDhrBnhzmv5c2IE_.IjcZ_6Zd9DfuWpJKZavRoflBHiw3Zqgj3ylui5wIcM
	HeOYXx3UgdXMrw0RhhLCYzmqw6ckJuso2lNnhDvg9lyave7_kUxmQyGeAJJR
	a..wUwFWlJp6JSK7TT.gXLcT9S_uMjYvWTa8oLp.K04K_k_g488fqNLwtD19
	mrh5n3Nbm2C_MybRlJWSTTTTsMRXBL2Rl_I2ofsfGfHB93DZL_jLwyOxOcY2
	TJgGv_diGmJaDjqBvaBPhwv3EwwAG
Received: from [173.183.132.20] by web51801.mail.re2.yahoo.com via HTTP;
	Mon, 05 Jul 2010 02:05:39 PDT
X-Mailer: YahooMailRC/397.8 YahooMailWebService/0.8.104.274457
Date: Mon, 5 Jul 2010 02:05:39 -0700 (PDT)
From: PseudoCylon <moonlightakkiy@yahoo.ca>
To: freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: trouble sending BAR frame
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jul 2010 09:05:42 -0000

Hello,

Hiccups sending BAR frame.

1) ieee80211_send_bar() in ieee80211_ht.c
http://fxr.watson.org/fxr/source/net80211/ieee80211_ht.c?im=bigexcerpts#L2146

 2146         ret = ic->ic_raw_xmit(ni, m, NULL);
 2147         if (ret != 0) {
 2148                 /* xmit failed, clear state flag */
 2149                 tap->txa_flags &= ~IEEE80211_AGGR_BARPEND;
 2150                 goto bad;
 2151         }
 2152         /* XXX hack against tx complete happening before timer is started */
 2153         if (tap->txa_flags & IEEE80211_AGGR_BARPEND)
 2154                 bar_start_timer(tap);
 2155         return 0;
 2156 bad:
 2157         ieee80211_free_node(ni);
 2158         return ret;

It says when ic_raw_xmit() succeeds, dose not free node, but free node when ic_raw_xmit() fails. Drivers free node ether success or fail, so node will be freed twice when tx fails, and we will get ambushed by page fault later.

2) bar_tx_complete()
http://fxr.watson.org/fxr/source/net80211/ieee80211_ht.c?im=bigexcerpts#L2044

 2044                 if (status)             /* ACK'd */
 2045                         bar_stop_timer(tap);
 2046                 ic->ic_bar_response(ni, tap, status);

and ieee80211_bar_response()
http://fxr.watson.org/fxr/source/net80211/ieee80211_ht.c?im=bigexcerpts#L2056
 2056         if (status != 0) {              /* got ACK */
 2057                 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_11N,
 2058                     ni, "BAR moves BA win <%u:%u> (%u frames) txseq %u tid %u",
 2059                     tap->txa_start,
 2060                     IEEE80211_SEQ_ADD(tap->txa_start, tap->txa_wnd-1),
 2061                     tap->txa_qframes, tap->txa_seqpending,
 2062                     WME_AC_TO_TID(tap->txa_ac));
 2063 
 2064                 /* NB: timer already stopped in bar_tx_complete */
 2065                 tap->txa_start = tap->txa_seqpending;
 2066                 tap->txa_flags &= ~IEEE80211_AGGR_BARPEND;
 2067         }

"status" the last argument of ieee80211_process_callback() is 0 on success according to IEEE80211_OUTPUT(9), so when tx succeeds, BAR frame is repeatedly sent max retry times and at the end DELBA will be sent.

I commented out
 2157         //ieee80211_free_node(ni);
and negated "status"
 2044                 if (!status)
 2056         if (status == 0)
It's been working fine for a couple of days.


AK