LinuxLists.cc - possible bug in sta_info.c : ieee80211_send_null

2012-01-16 12:42:23

Subject: possible bug in sta_info.c : ieee80211_send_null_response

Hi,

in this function there is some effort to set the EOSP flag in QoS Null
frames:

if (reason == IEEE80211_FRAME_RELEASE_UAPSD)
nullfunc->qos_ctrl |=
cpu_to_le16(IEEE80211_QOS_CTL_EOSP);

ieee80211_xmit is called at the end of the function. Which then calls
ieee80211_set_qos_hdr.

But ieee80211_set_qos_hdr will completely overwrite the QoS header again.
So, what is wrong here?

Regards
Marco

Attachments:

marco_porsch.vcf (420.00 B)

2012-01-16 13:02:09

by Johannes Berg

[permalink] [raw]

Subject: Re: possible bug in sta_info.c : ieee80211_send_null_response

On Mon, 2012-01-16 at 13:15 +0100, Marco Porsch wrote:

> ieee80211_xmit is called at the end of the function. Which then calls
> ieee80211_set_qos_hdr.
>
> But ieee80211_set_qos_hdr will completely overwrite the QoS header again.
> So, what is wrong here?

You, I think?

void ieee80211_set_qos_hdr(struct ieee80211_sub_if_data *sdata,
struct sk_buff *skb)
...
/* preserve EOSP bit */
ack_policy = *p & IEEE80211_QOS_CTL_EOSP;
...
/* qos header is 2 bytes */
*p++ = ack_policy | tid;
*p = ieee80211_vif_is_mesh(&sdata->vif) ?
(IEEE80211_QOS_CTL_MESH_CONTROL_PRESENT >> 8) :
0;

johannes