+Index: madwifi-trunk-r3314/net80211/ieee80211_linux.c
+===================================================================
+--- madwifi-trunk-r3314.orig/net80211/ieee80211_linux.c 2008-02-20 21:52:06.810032443 +0100
++++ madwifi-trunk-r3314/net80211/ieee80211_linux.c 2008-02-20 21:55:45.318484528 +0100
+@@ -337,8 +337,8 @@
+ /* TODO: needed parameters: count, keyid, key type, src address, TSC */
+ snprintf(buf, sizeof(buf), "%s(keyid=%d %scast addr=" MAC_FMT ")", tag,
+ k->wk_keyix,
+- IEEE80211_IS_MULTICAST(wh->i_addr1) ? "broad" : "uni",
+- MAC_ADDR(wh->i_addr1));
++ IEEE80211_IS_MULTICAST(wh->i_addr2) ? "broad" : "uni",
++ MAC_ADDR(wh->i_addr2));
+ memset(&wrqu, 0, sizeof(wrqu));
+ wrqu.data.length = strlen(buf);
+ wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf);
+Index: madwifi-trunk-r3314/net80211/ieee80211_output.c
+===================================================================
+--- madwifi-trunk-r3314.orig/net80211/ieee80211_output.c 2008-02-20 21:50:40.197096654 +0100
++++ madwifi-trunk-r3314/net80211/ieee80211_output.c 2008-02-20 21:55:45.326484992 +0100
+@@ -1074,13 +1074,16 @@
+ cip = (struct ieee80211_cipher *) key->wk_cipher;
+ ciphdrsize = cip->ic_header;
+ tailsize += (cip->ic_trailer + cip->ic_miclen);
++
++ /* add the 8 bytes MIC length */
++ if (cip->ic_cipher == IEEE80211_CIPHER_TKIP)
++ pktlen += IEEE80211_WEP_MICLEN;
+ }
+
+ pdusize = vap->iv_fragthreshold - (hdrsize_nopad + ciphdrsize);
+ fragcnt = *framecnt =
+- ((pktlen - (hdrsize_nopad + ciphdrsize)) / pdusize) +
+- (((pktlen - (hdrsize_nopad + ciphdrsize)) %
+- pdusize == 0) ? 0 : 1);
++ ((pktlen - hdrsize_nopad) / pdusize) +
++ (((pktlen - hdrsize_nopad) % pdusize == 0) ? 0 : 1);
+
+ /*
+ * Allocate sk_buff for each subsequent fragment; First fragment
+Index: madwifi-trunk-r3314/net80211/ieee80211_node.c
+===================================================================
+--- madwifi-trunk-r3314.orig/net80211/ieee80211_node.c 2008-02-20 21:55:41.318256570 +0100
++++ madwifi-trunk-r3314/net80211/ieee80211_node.c 2008-02-20 21:55:45.326484992 +0100
+@@ -2261,11 +2261,13 @@
+ /* From this point onwards we can no longer find the node,
+ * so no more references are generated
+ */
+- ieee80211_remove_wds_addr(nt, ni->ni_macaddr);
+- ieee80211_del_wds_node(nt, ni);
+- IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
+- node_table_leave_locked(nt, ni);
+- IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
++ if (nt) {
++ ieee80211_remove_wds_addr(nt, ni->ni_macaddr);
++ ieee80211_del_wds_node(nt, ni);
++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt);
++ node_table_leave_locked(nt, ni);
++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt);
++ }
+
+ /*
+ * If node wasn't previously associated all