From owner-svn-src-user@FreeBSD.ORG Thu Sep 22 07:29:46 2011 Return-Path: Delivered-To: svn-src-user@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F33EE106567A; Thu, 22 Sep 2011 07:29:45 +0000 (UTC) (envelope-from adrian@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E1DB58FC08; Thu, 22 Sep 2011 07:29:45 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p8M7Tjap010991; Thu, 22 Sep 2011 07:29:45 GMT (envelope-from adrian@svn.freebsd.org) Received: (from adrian@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p8M7TjLk010989; Thu, 22 Sep 2011 07:29:45 GMT (envelope-from adrian@svn.freebsd.org) Message-Id: <201109220729.p8M7TjLk010989@svn.freebsd.org> From: Adrian Chadd Date: Thu, 22 Sep 2011 07:29:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-user@freebsd.org X-SVN-Group: user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r225724 - user/adrian/if_ath_tx/sys/dev/ath X-BeenThere: svn-src-user@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the experimental " user" src tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Sep 2011 07:29:46 -0000 Author: adrian Date: Thu Sep 22 07:29:45 2011 New Revision: 225724 URL: http://svn.freebsd.org/changeset/base/225724 Log: Free the mbuf before recycling the current rx ath_buf when doing a radiotap. ath_rxbuf_init() doesn't free/realloc existing mbufs (if they do exist), it just passes the buffer pointer/length to the HAL rx descriptor setup code. When doing radiotap however, the mbuf length is overridden before passing it off to radiotap/bpf. This means that the buffer will stay bein potentially shorter until it's next used for a valid frame. I was seeing short frames show up in packet traces, along with seemingly invalid frame contents, probe requests and other random stuff that didn't make sense. These only show up when doing a background radiotap/tcpdump. This patch fixes this behaviour. This is a merge candidate to HEAD. Modified: user/adrian/if_ath_tx/sys/dev/ath/if_ath.c Modified: user/adrian/if_ath_tx/sys/dev/ath/if_ath.c ============================================================================== --- user/adrian/if_ath_tx/sys/dev/ath/if_ath.c Thu Sep 22 03:03:40 2011 (r225723) +++ user/adrian/if_ath_tx/sys/dev/ath/if_ath.c Thu Sep 22 07:29:45 2011 (r225724) @@ -3824,11 +3824,13 @@ rx_error: /* NB: bpf needs the mbuf length setup */ len = rs->rs_datalen; m->m_pkthdr.len = m->m_len = len; + bf->bf_m = NULL; ath_rx_dump_wtf(sc, rs, bf, m, status); ath_rx_tap(ifp, m, rs, tsf, nf); ieee80211_radiotap_rx_all(ic, m); + m_freem(m); } /* XXX pass MIC errors up for s/w reclaculation */ goto rx_next;