From 04b94a2b6c8c78d979dee3d6a5797f9f7fc2fa84 Mon Sep 17 00:00:00 2001 From: stsp Date: Tue, 23 Mar 2021 11:58:38 +0000 Subject: [PATCH] When moving the Rx block ack window forward do not implicitly rely on ieee80211_input_ba_flush() for updating ba->ba_winend. Required for an upcoming ieee80211_input_ba_flush() fix. Patch by Christian Ehrhardt who found one instance of this problem in ieee80211_input_ba_seq(). I spotted another in ieee80211_ba_move_window(). --- sys/net80211/ieee80211_input.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c index be88453fc70..84576f5f6e9 100644 --- a/sys/net80211/ieee80211_input.c +++ b/sys/net80211/ieee80211_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_input.c,v 1.229 2021/03/10 10:21:48 jsg Exp $ */ +/* $OpenBSD: ieee80211_input.c,v 1.230 2021/03/23 11:58:38 stsp Exp $ */ /*- * Copyright (c) 2001 Atsushi Onoe @@ -881,7 +881,7 @@ ieee80211_input_ba_seq(struct ieee80211com *ic, struct ieee80211_node *ni, seq = letoh16(*(u_int16_t *)wh->i_seq) >> IEEE80211_SEQ_SEQ_SHIFT; if (!SEQ_LT(seq, max_seq)) - return; + break; ieee80211_inputm(ifp, ba->ba_buf[ba->ba_head].m, ni, &ba->ba_buf[ba->ba_head].rxi, ml); ba->ba_buf[ba->ba_head].m = NULL; @@ -999,6 +999,7 @@ ieee80211_ba_move_window(struct ieee80211com *ic, struct ieee80211_node *ni, } /* move window forward */ ba->ba_winstart = ssn; + ba->ba_winend = (ba->ba_winstart + ba->ba_winsize - 1) & 0xfff; ieee80211_input_ba_flush(ic, ni, ba, ml); } -- 2.20.1