Date: Sun, 8 Jul 2007 04:43:40 GMT From: Sepherosa Ziehau <sephe@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 123084 for review Message-ID: <200707080443.l684he6P020850@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=123084 Change 123084 by sephe@sephe_zealot:sam_wifi on 2007/07/08 04:43:02 Correct off-by-one bug when padding beacon's country ie. This should fix the problem that 11b STA can't associate with non-pureG 11g hostap. Sample beacon before this commit: 1 11:34:58.036277 Beacon (sephe-test) ESS CH: 6 2 0x0000: 8000 0000 ffff ffff ffff 0011 95ca 9a37 3 0x0010: 0011 95ca 9a37 200d 8151 5faf 0000 0000 4 0x0020: 6400 2104 000a 7365 7068 652d 7465 7374 5 0x0030: 0108 8284 8b96 0c12 1824 0301 0605 0400 6 0x0040: 0100 0007 044e 414f 2a01 0032 0430 4860 7 0x0050: 6c Let's take a look at line 6: vvvvv 0100 0007 044e 414f 2a01 0032 0430 4860 ^^^^^ 1) "2a01 00" in above line is ERP ie. 2) At position masked by "vvvvv", country ie is claimed to be 4bytes. It is actually 3 bytes, padding byte is missing. 3) STA is tricked into thinking country is 4 bytes and position marked by "^^^^^" is the start of next ie. 4) Position marked by "^^^^^" is unfortunately the supported rate set ie, but has 0 length. Since it is after the real supported rate set ie on line 5, STA will take this one as the supported rate set ie, then the supported rate ie saved at STA side is actually empty. 5) Ie at the position after "^^^^^" is a well formatted extended rate set ie. 6) Now STA will only have rates containd in extended rate set as AP's rate set. For a 11b STA, it will not even try to auth with the AP. Affected files ... .. //depot/projects/wifi/sys/net80211/ieee80211_regdomain.c#7 edit Differences ... ==== //depot/projects/wifi/sys/net80211/ieee80211_regdomain.c#7 (text+ko) ==== @@ -182,8 +182,10 @@ } } ie->len = frm - ie->cc; - if (ie->len & 1) /* pad to multiple of 2 */ + if (ie->len & 1) { /* Zero pad to multiple of 2 */ ie->len++; + *frm++ = 0; + } return frm; #undef CHAN_UNINTERESTING }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707080443.l684he6P020850>