Josh Wright and I encountered this doing rawtx experiements some time ago. I bounced it to the prism54 guys but it must have gotten lost in the shuffle and we just noticed that it's still in the latest kernel so here we go again.
PROBLEM: Prism54 assumes frames must be at least ETH_ZLEN in size, and grows the skb to that size if they are not. However, it doesn't clear the grown skb so anything left in kernel buffers gets throw into the packet and transmitted onto the air. SOLUTION: Don't grow the frame size. 802.11 doesn't have a minimum frame size constraint. This was addressed on the Orinoco drivers recently in a similar situation. After talking to the Prism54 team there appears to be no constraint in the prism54 firmware that would prevent sending short frames like this. Patch attached. Signed off by: Mike Kershaw <[EMAIL PROTECTED]> -- Mike Kershaw/Dragorn <[EMAIL PROTECTED]> GPG Fingerprint: 3546 89DF 3C9D ED80 3381 A661 D7B2 8822 738B BDB1 Bus Error at 008BE426 while reading byte from DEADBEEF in User data space
diff --git a/drivers/net/wireless/prism54/islpci_eth.c
b/drivers/net/wireless/prism54/islpci_eth.c
index 5952e99..a2558c2 100644
--- a/drivers/net/wireless/prism54/islpci_eth.c
+++ b/drivers/net/wireless/prism54/islpci_eth.c
@@ -99,7 +99,9 @@ islpci_eth_transmit(struct sk_buff *skb,
/* determine the amount of fragments needed to store the frame */
- frame_size = skb->len < ETH_ZLEN ? ETH_ZLEN : skb->len;
+ /* Previously this was calculated by enforcing that a frame had to be
as
+ * large as ETH_ZLEN, however this should not be necessary on 802.11
frames */
+ frame_size = skb->len;
if (init_wds)
frame_size += 6;
pgp9Zx3BqWgBX.pgp
Description: PGP signature
