PERFORCE change 123084 for review
Sepherosa Ziehau
sephe at FreeBSD.org
Sun Jul 8 04:43:41 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=123084
Change 123084 by sephe at sephe_zealot:sam_wifi on 2007/07/08 04:43:02
Correct off-by-one bug when padding beacon's country ie.
This should fix the problem that 11b STA can't associate with non-pureG
11g hostap.
Sample beacon before this commit:
1 11:34:58.036277 Beacon (sephe-test) ESS CH: 6
2 0x0000: 8000 0000 ffff ffff ffff 0011 95ca 9a37
3 0x0010: 0011 95ca 9a37 200d 8151 5faf 0000 0000
4 0x0020: 6400 2104 000a 7365 7068 652d 7465 7374
5 0x0030: 0108 8284 8b96 0c12 1824 0301 0605 0400
6 0x0040: 0100 0007 044e 414f 2a01 0032 0430 4860
7 0x0050: 6c
Let's take a look at line 6:
vvvvv
0100 0007 044e 414f 2a01 0032 0430 4860
^^^^^
1) "2a01 00" in above line is ERP ie.
2) At position masked by "vvvvv", country ie is claimed to be 4bytes.
It is actually 3 bytes, padding byte is missing.
3) STA is tricked into thinking country is 4 bytes and position marked
by "^^^^^" is the start of next ie.
4) Position marked by "^^^^^" is unfortunately the supported rate set
ie, but has 0 length. Since it is after the real supported rate set
ie on line 5, STA will take this one as the supported rate set ie,
then the supported rate ie saved at STA side is actually empty.
5) Ie at the position after "^^^^^" is a well formatted extended rate
set ie.
6) Now STA will only have rates containd in extended rate set as AP's
rate set. For a 11b STA, it will not even try to auth with the AP.
Affected files ...
.. //depot/projects/wifi/sys/net80211/ieee80211_regdomain.c#7 edit
Differences ...
==== //depot/projects/wifi/sys/net80211/ieee80211_regdomain.c#7 (text+ko) ====
@@ -182,8 +182,10 @@
}
}
ie->len = frm - ie->cc;
- if (ie->len & 1) /* pad to multiple of 2 */
+ if (ie->len & 1) { /* Zero pad to multiple of 2 */
ie->len++;
+ *frm++ = 0;
+ }
return frm;
#undef CHAN_UNINTERESTING
}
More information about the p4-projects
mailing list