Josh Wright and I encountered this doing rawtx experiements some time
ago.  I bounced it to the prism54 guys but it must have gotten lost in
the shuffle and we just noticed that it's still in the latest kernel so
here we go again.

PROBLEM:
Prism54 assumes frames must be at least ETH_ZLEN in size, and grows the
skb to that size if they are not.  However, it doesn't clear the grown
skb so anything left in kernel buffers gets throw into the packet and
transmitted onto the air.

SOLUTION:
Don't grow the frame size.  802.11 doesn't have a minimum frame size
constraint.  This was addressed on the Orinoco drivers recently in a 
similar situation.  After talking to the Prism54 team there appears to
be no constraint in the prism54 firmware that would prevent sending
short frames like this.

Patch attached.

Signed off by:  Mike Kershaw <[EMAIL PROTECTED]>


-- 
Mike Kershaw/Dragorn <[EMAIL PROTECTED]>
GPG Fingerprint: 3546 89DF 3C9D ED80 3381  A661 D7B2 8822 738B BDB1

Bus Error at 008BE426 while reading byte from DEADBEEF in User data space

diff --git a/drivers/net/wireless/prism54/islpci_eth.c 
b/drivers/net/wireless/prism54/islpci_eth.c
index 5952e99..a2558c2 100644
--- a/drivers/net/wireless/prism54/islpci_eth.c
+++ b/drivers/net/wireless/prism54/islpci_eth.c
@@ -99,7 +99,9 @@ islpci_eth_transmit(struct sk_buff *skb,
 
        /* determine the amount of fragments needed to store the frame */
 
-       frame_size = skb->len < ETH_ZLEN ? ETH_ZLEN : skb->len;
+       /* Previously this was calculated by enforcing that a frame had to be 
as 
+        * large as ETH_ZLEN, however this should not be necessary on 802.11 
frames */
+       frame_size = skb->len;
        if (init_wds)
                frame_size += 6;
 

Attachment: pgp9Zx3BqWgBX.pgp
Description: PGP signature

Reply via email to