From owner-p4-projects@FreeBSD.ORG Sun Jul 8 04:43:41 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 175A016A421; Sun, 8 Jul 2007 04:43:41 +0000 (UTC) X-Original-To: perforce@FreeBSD.org Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9132416A468 for ; Sun, 8 Jul 2007 04:43:40 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 7EA2813C45D for ; Sun, 8 Jul 2007 04:43:40 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l684he1O020853 for ; Sun, 8 Jul 2007 04:43:40 GMT (envelope-from sephe@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l684he6P020850 for perforce@freebsd.org; Sun, 8 Jul 2007 04:43:40 GMT (envelope-from sephe@FreeBSD.org) Date: Sun, 8 Jul 2007 04:43:40 GMT Message-Id: <200707080443.l684he6P020850@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sephe@FreeBSD.org using -f From: Sepherosa Ziehau To: Perforce Change Reviews Cc: Subject: PERFORCE change 123084 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Jul 2007 04:43:41 -0000 http://perforce.freebsd.org/chv.cgi?CH=123084 Change 123084 by sephe@sephe_zealot:sam_wifi on 2007/07/08 04:43:02 Correct off-by-one bug when padding beacon's country ie. This should fix the problem that 11b STA can't associate with non-pureG 11g hostap. Sample beacon before this commit: 1 11:34:58.036277 Beacon (sephe-test) ESS CH: 6 2 0x0000: 8000 0000 ffff ffff ffff 0011 95ca 9a37 3 0x0010: 0011 95ca 9a37 200d 8151 5faf 0000 0000 4 0x0020: 6400 2104 000a 7365 7068 652d 7465 7374 5 0x0030: 0108 8284 8b96 0c12 1824 0301 0605 0400 6 0x0040: 0100 0007 044e 414f 2a01 0032 0430 4860 7 0x0050: 6c Let's take a look at line 6: vvvvv 0100 0007 044e 414f 2a01 0032 0430 4860 ^^^^^ 1) "2a01 00" in above line is ERP ie. 2) At position masked by "vvvvv", country ie is claimed to be 4bytes. It is actually 3 bytes, padding byte is missing. 3) STA is tricked into thinking country is 4 bytes and position marked by "^^^^^" is the start of next ie. 4) Position marked by "^^^^^" is unfortunately the supported rate set ie, but has 0 length. Since it is after the real supported rate set ie on line 5, STA will take this one as the supported rate set ie, then the supported rate ie saved at STA side is actually empty. 5) Ie at the position after "^^^^^" is a well formatted extended rate set ie. 6) Now STA will only have rates containd in extended rate set as AP's rate set. For a 11b STA, it will not even try to auth with the AP. Affected files ... .. //depot/projects/wifi/sys/net80211/ieee80211_regdomain.c#7 edit Differences ... ==== //depot/projects/wifi/sys/net80211/ieee80211_regdomain.c#7 (text+ko) ==== @@ -182,8 +182,10 @@ } } ie->len = frm - ie->cc; - if (ie->len & 1) /* pad to multiple of 2 */ + if (ie->len & 1) { /* Zero pad to multiple of 2 */ ie->len++; + *frm++ = 0; + } return frm; #undef CHAN_UNINTERESTING }