addba_req_num[tid] is supposed to have the count of consecutive
addba request attempts on 'tid' which failed. This count is checked
against a retry threshold (3 times) before starting the addba negotiation.
This patch fixes the way this addba count is incremented/reset and thereby
avoids indefinite addba attempts.
Signed-off-by: Vasanthakumar Thiagarajan <[email protected]>
---
net/mac80211/agg-tx.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 43d00ff..9e5762a 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -132,6 +132,9 @@ static int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
state = &sta->ampdu_mlme.tid_state_tx[tid];
+ if (*state == HT_AGG_STATE_OPERATIONAL)
+ sta->ampdu_mlme.addba_req_num[tid] = 0;
+
*state = HT_AGG_STATE_REQ_STOP_BA_MSK |
(initiator << HT_AGG_STATE_INITIATOR_SHIFT);
@@ -337,6 +340,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
sta->ampdu_mlme.tid_tx[tid]->dialog_token,
sta->ampdu_mlme.tid_tx[tid]->ssn,
0x40, 5000);
+ sta->ampdu_mlme.addba_req_num[tid]++;
/* activate the timer for the recipient's addBA response */
sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires =
jiffies + ADDBA_RESP_INTERVAL;
@@ -606,7 +610,6 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
*state = HT_AGG_STATE_IDLE;
/* from now on packets are no longer put onto sta->pending */
- sta->ampdu_mlme.addba_req_num[tid] = 0;
kfree(sta->ampdu_mlme.tid_tx[tid]);
sta->ampdu_mlme.tid_tx[tid] = NULL;
@@ -689,7 +692,6 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
sta->ampdu_mlme.addba_req_num[tid] = 0;
} else {
- sta->ampdu_mlme.addba_req_num[tid]++;
___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR);
}
spin_unlock_bh(&sta->lock);
--
1.5.5.1
On Tue, Jun 09, 2009 at 07:31:58PM +0530, Johannes Berg wrote:
> On Tue, 2009-06-09 at 14:11 +0530, Vasanthakumar Thiagarajan wrote:
> > addba_req_num[tid] is supposed to have the count of consecutive
> > addba request attempts on 'tid' which failed. This count is checked
> > against a retry threshold (3 times) before starting the addba negotiation.
> > This patch fixes the way this addba count is incremented/reset and thereby
> > avoids indefinite addba attempts.
>
> I've never actually seen this hit in practise, so I'll trust you on
> it :)
>
> johannes
>
I have seen this happening with most of the 11n APs around when AMPDU
is disabled (configured to deny addba) on them.
Vasanth
On Tue, 2009-06-09 at 14:11 +0530, Vasanthakumar Thiagarajan wrote:
> addba_req_num[tid] is supposed to have the count of consecutive
> addba request attempts on 'tid' which failed. This count is checked
> against a retry threshold (3 times) before starting the addba negotiation.
> This patch fixes the way this addba count is incremented/reset and thereby
> avoids indefinite addba attempts.
I've never actually seen this hit in practise, so I'll trust you on
it :)
johannes
> Signed-off-by: Vasanthakumar Thiagarajan <[email protected]>
> ---
> net/mac80211/agg-tx.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
> index 43d00ff..9e5762a 100644
> --- a/net/mac80211/agg-tx.c
> +++ b/net/mac80211/agg-tx.c
> @@ -132,6 +132,9 @@ static int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
>
> state = &sta->ampdu_mlme.tid_state_tx[tid];
>
> + if (*state == HT_AGG_STATE_OPERATIONAL)
> + sta->ampdu_mlme.addba_req_num[tid] = 0;
> +
> *state = HT_AGG_STATE_REQ_STOP_BA_MSK |
> (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
>
> @@ -337,6 +340,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_hw *hw, u8 *ra, u16 tid)
> sta->ampdu_mlme.tid_tx[tid]->dialog_token,
> sta->ampdu_mlme.tid_tx[tid]->ssn,
> 0x40, 5000);
> + sta->ampdu_mlme.addba_req_num[tid]++;
> /* activate the timer for the recipient's addBA response */
> sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires =
> jiffies + ADDBA_RESP_INTERVAL;
> @@ -606,7 +610,6 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_hw *hw, u8 *ra, u8 tid)
>
> *state = HT_AGG_STATE_IDLE;
> /* from now on packets are no longer put onto sta->pending */
> - sta->ampdu_mlme.addba_req_num[tid] = 0;
> kfree(sta->ampdu_mlme.tid_tx[tid]);
> sta->ampdu_mlme.tid_tx[tid] = NULL;
>
> @@ -689,7 +692,6 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
>
> sta->ampdu_mlme.addba_req_num[tid] = 0;
> } else {
> - sta->ampdu_mlme.addba_req_num[tid]++;
> ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR);
> }
> spin_unlock_bh(&sta->lock);
On Tue, 2009-06-09 at 19:38 +0530, Vasanthakumar Thiagarajan wrote:
> I have seen this happening with most of the 11n APs around when AMPDU
> is disabled (configured to deny addba) on them.
Makes sense, I don't think I ever had an AP that supported that specific
setting (rather than simply disabling all of 11n). Anyway, thanks for
the testing and the fix.
johannes