trouble sending BAR frame

PseudoCylon moonlightakkiy at yahoo.ca
Mon Jul 5 09:05:42 UTC 2010 

Hello,

Hiccups sending BAR frame.

1) ieee80211_send_bar() in ieee80211_ht.c
http://fxr.watson.org/fxr/source/net80211/ieee80211_ht.c?im=bigexcerpts#L2146

 2146         ret = ic->ic_raw_xmit(ni, m, NULL);
 2147         if (ret != 0) {
 2148                 /* xmit failed, clear state flag */
 2149                 tap->txa_flags &= ~IEEE80211_AGGR_BARPEND;
 2150                 goto bad;
 2151         }
 2152         /* XXX hack against tx complete happening before timer is started */
 2153         if (tap->txa_flags & IEEE80211_AGGR_BARPEND)
 2154                 bar_start_timer(tap);
 2155         return 0;
 2156 bad:
 2157         ieee80211_free_node(ni);
 2158         return ret;

It says when ic_raw_xmit() succeeds, dose not free node, but free node when ic_raw_xmit() fails. Drivers free node ether success or fail, so node will be freed twice when tx fails, and we will get ambushed by page fault later.

2) bar_tx_complete()
http://fxr.watson.org/fxr/source/net80211/ieee80211_ht.c?im=bigexcerpts#L2044

 2044                 if (status)             /* ACK'd */
 2045                         bar_stop_timer(tap);
 2046                 ic->ic_bar_response(ni, tap, status);

and ieee80211_bar_response()
http://fxr.watson.org/fxr/source/net80211/ieee80211_ht.c?im=bigexcerpts#L2056
 2056         if (status != 0) {              /* got ACK */
 2057                 IEEE80211_NOTE(ni->ni_vap, IEEE80211_MSG_11N,
 2058                     ni, "BAR moves BA win <%u:%u> (%u frames) txseq %u tid %u",
 2059                     tap->txa_start,
 2060                     IEEE80211_SEQ_ADD(tap->txa_start, tap->txa_wnd-1),
 2061                     tap->txa_qframes, tap->txa_seqpending,
 2062                     WME_AC_TO_TID(tap->txa_ac));
 2063 
 2064                 /* NB: timer already stopped in bar_tx_complete */
 2065                 tap->txa_start = tap->txa_seqpending;
 2066                 tap->txa_flags &= ~IEEE80211_AGGR_BARPEND;
 2067         }

"status" the last argument of ieee80211_process_callback() is 0 on success according to IEEE80211_OUTPUT(9), so when tx succeeds, BAR frame is repeatedly sent max retry times and at the end DELBA will be sent.

I commented out
 2157         //ieee80211_free_node(ni);
and negated "status"
 2044                 if (!status)
 2056         if (status == 0)
It's been working fine for a couple of days.


AK

More information about the freebsd-net mailing list