NetBSD Problem Report #28676

From www@netbsd.org  Thu Dec 16 10:34:13 2004
Return-Path: <www@netbsd.org>
Received: by narn.netbsd.org (Postfix, from userid 31301)
	id 3B83863B400; Thu, 16 Dec 2004 10:34:13 +0000 (UTC)
Message-Id: <20041216103413.3B83863B400@narn.netbsd.org>
Date: Thu, 16 Dec 2004 10:34:13 +0000 (UTC)
From: dhudak@terabeam.com
Reply-To: dhudak@terabeam.com
To: gnats-bugs@netbsd.org
Subject: ieee80211 association requests use wrong rate set
X-Send-Pr-Version: www-1.0

>Number:         28676
>Category:       kern
>Synopsis:       ieee80211 association requests use wrong rate set
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Dec 16 10:36:00 +0000 2004
>Originator:     Dave Hudak
>Release:        2.0 RC3
>Organization:
Terabeam Wireless
>Environment:
NetBSD logan 2.0_RC3 NetBSD 2.0_RC3 (NET45X1) #2: Mon Dec 13 16:07:01 EST 2004  dhudak@build4.karlnet.com:/scratch/dhudak/1210/build/nortel-bbwap-net45x1-kernel_nfsroot/obj/logan/kernel/i386/NET45X1 i386

>Description:
Packet traces of a NetBSD 2.0RC3 802.11b madwifi station
associating with a NetBSD 2.0RC3 802.11g madwifi AP.  The station sends
an association request to the AP containing extended (802.11g) rates, which it received from the AP, instead of it's own supported (802.11b) rates.

>How-To-Repeat:
We found in ieee80211_send_mgmt() (in ieee80211_output.c), in the case where it
is sending an association request, it calls ieee80211_add_rates to
insert the rate information into the association request it is building
up as:
        ieee80211_add_rates(frm, &ni->ni_rates);
where ni is passed in from ieee80211_newstate() (in ieee80211_proto.c),
and ni was assigned with:
        ni = ic->ic_bss;

HOWEVER, in the probe request case (in ieee80211_send_mgmt() in
ieee80211_output.c), ieee80211_add_rates() was called as:
        ieee80211_add_rates(frm, &ic->ic_sup_rates[mode]);

>Fix:
===================================================================
RCS file: /home/cvs/logan-cvsroot/src/sys/net80211/ieee80211_output.c,v
retrieving revision 1.1.4.1
retrieving revision 1.1.4.2
diff -u -r1.1.4.1 -r1.1.4.2
--- src/sys/net80211/ieee80211_output.c	2004/11/19 19:36:01	1.1.4.1
+++ src/sys/net80211/ieee80211_output.c	2004/12/14 16:57:59	1.1.4.2
@@ -604,8 +604,9 @@
 		}

 		frm = ieee80211_add_ssid(frm, ni->ni_essid, ni->ni_esslen);
-		frm = ieee80211_add_rates(frm, &ni->ni_rates);
-		frm = ieee80211_add_xrates(frm, &ni->ni_rates);
+		mode = ieee80211_chan2mode(ic, ni->ni_chan);
+		frm = ieee80211_add_rates(frm, &ic->ic_sup_rates[mode]);
+		frm = ieee80211_add_xrates(frm, &ic->ic_sup_rates[mode]);
 		m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);

 		timer = IEEE80211_TRANS_WAIT;
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.