Date: Wed, 15 Feb 2012 06:20:12 GMT From: Adrian Chadd <adrian@freebsd.org> To: freebsd-wireless@FreeBSD.org Subject: Re: kern/165149: [ath] [net80211] Ping with data length more than iv_fragthreshold Message-ID: <201202150620.q1F6KCLi055015@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/165149; it has been noted by GNATS. From: Adrian Chadd <adrian@freebsd.org> To: bug-followup@FreeBSD.org, monthadar@gmail.com Cc: Subject: Re: kern/165149: [ath] [net80211] Ping with data length more than iv_fragthreshold Date: Tue, 14 Feb 2012 22:16:31 -0800 The problem is .. well, annoying: * ieee80211_fragment() creates a fragment list by chaining mbufs together using m->m_nextpkt; * IFQ_DEQUEUE() (well, _IF_DEQUEUE()) clears m->m_nextpkt when the mbuf is being returned; * ath_start() uses IFQ_DEQUEUE() to dequeue a frame; * .. since it notes its a fragment, it punts it to ath_txfrag_setup(); * .. and ath_txfrag_setup(), finding m->m_nextpkt to be NULL, bails out with an error (since the fragment list is empty.) * ath_start() tosses the initial frame, and nothing is sent. Now it looks like the rest of the frames in the list are also unceremoniously ignored (since m->m_nextpkt is completely blanked out); which is likely the mbuf leak you noticed. Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201202150620.q1F6KCLi055015>