From 7f93038dad7c0432a86a23fe87a94c8f3c6d0856 Mon Sep 17 00:00:00 2001 From: nbd Date: Mon, 21 May 2007 06:25:34 +0000 Subject: [PATCH] madwifi: switch to latest madwifi-hal-0.9.30.13 snapshot as reference merge in refcount branch as well and clean up openwrt patches (a few fixes got merged upstream) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@7300 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/madwifi/Makefile | 11 +- .../madwifi/patches/010-refcount_merge.patch | 2208 +++++++++++++++++ package/madwifi/patches/101-fix_typo.patch | 12 - .../madwifi/patches/106-minstrel_crash.patch | 13 - .../madwifi/patches/111-wds_fix_PR_914.patch | 31 - .../madwifi/patches/112-keycache_PR_962.patch | 34 +- .../patches/114-fix_ff_corruption.patch | 21 - package/madwifi/patches/115-PR_1270_fix.patch | 104 - .../patches/116-adhoc_beacon_PR_1033.patch | 24 +- package/madwifi/patches/117-node_rates.patch | 11 - .../patches/118-txstop_workaround.patch | 22 +- package/madwifi/patches/200-no_debug.patch | 20 +- .../madwifi/patches/300-napi_polling.patch | 190 +- package/madwifi/patches/308-mlme_fix.patch | 12 - .../madwifi/patches/309-micfail_detect.patch | 77 +- 15 files changed, 2391 insertions(+), 399 deletions(-) create mode 100644 package/madwifi/patches/010-refcount_merge.patch delete mode 100644 package/madwifi/patches/101-fix_typo.patch delete mode 100644 package/madwifi/patches/106-minstrel_crash.patch delete mode 100644 package/madwifi/patches/111-wds_fix_PR_914.patch delete mode 100644 package/madwifi/patches/114-fix_ff_corruption.patch delete mode 100644 package/madwifi/patches/115-PR_1270_fix.patch delete mode 100644 package/madwifi/patches/117-node_rates.patch delete mode 100644 package/madwifi/patches/308-mlme_fix.patch diff --git a/package/madwifi/Makefile b/package/madwifi/Makefile index 6b85d3d65..9867a2e05 100644 --- a/package/madwifi/Makefile +++ b/package/madwifi/Makefile @@ -10,13 +10,14 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=madwifi -PKG_VERSION:=r2313-20070505 +PKG_VERSION:=r2351-20070519 +PKG_BRANCH:=madwifi-hal-0.9.30.13 PKG_RELEASE:=1 -PKG_SOURCE:=madwifi-ng-refcount-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://snapshots.madwifi.org/madwifi-ng-refcount -PKG_MD5SUM:=01ee9dfb1f174be6e009f9697f7267b8 -PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/madwifi-ng-refcount-r2313-20070505 +PKG_SOURCE:=$(PKG_BRANCH)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://snapshots.madwifi.org/$(PKG_BRANCH) +PKG_MD5SUM:=215b6c66eb1a3c4bcd947f358ade823f +PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_BRANCH)-$(PKG_VERSION) include $(INCLUDE_DIR)/package.mk diff --git a/package/madwifi/patches/010-refcount_merge.patch b/package/madwifi/patches/010-refcount_merge.patch new file mode 100644 index 000000000..a6c335958 --- /dev/null +++ b/package/madwifi/patches/010-refcount_merge.patch @@ -0,0 +1,2208 @@ +diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c +--- madwifi.old/ath/if_ath.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/ath/if_ath.c 2007-05-21 08:10:46.864754176 +0200 +@@ -158,8 +158,7 @@ + static int ath_desc_alloc(struct ath_softc *); + static void ath_desc_free(struct ath_softc *); + static void ath_desc_swap(struct ath_desc *); +-static struct ieee80211_node *ath_node_alloc(struct ieee80211_node_table *, +- struct ieee80211vap *); ++static struct ieee80211_node *ath_node_alloc(struct ieee80211vap *); + static void ath_node_cleanup(struct ieee80211_node *); + static void ath_node_free(struct ieee80211_node *); + static u_int8_t ath_node_getrssi(const struct ieee80211_node *); +@@ -2385,7 +2384,7 @@ + if (ath_tx_start(sc->sc_dev, ni, bf_ff, bf_ff->bf_skb, 0) == 0) + continue; + bad: +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + if (bf_ff->bf_skb != NULL) { + dev_kfree_skb(bf_ff->bf_skb); + bf_ff->bf_skb = NULL; +@@ -2525,8 +2524,10 @@ + skb = bf->bf_skb; + ATH_FF_MAGIC_PUT(skb); + ++#if 0 + /* decrement extra node reference made when an_tx_ffbuf[] was set */ +- //ieee80211_free_node(ni); /* XXX where was it set ? */ ++ ieee80211_unref_node(&ni); /* XXX where was it set ? */ ++#endif + + DPRINTF(sc, ATH_DEBUG_XMIT | ATH_DEBUG_FF, + "%s: aggregating fast-frame\n", __func__); +@@ -2585,7 +2586,7 @@ + ff_flushbad: + DPRINTF(sc, ATH_DEBUG_XMIT | ATH_DEBUG_FF, + "%s: ff stageq flush failure\n", __func__); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + if (bf_ff->bf_skb) { + dev_kfree_skb(bf_ff->bf_skb); + bf_ff->bf_skb = NULL; +@@ -2707,7 +2708,7 @@ + tbf->bf_node = NULL; + + if (ni != NULL) +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + + STAILQ_INSERT_TAIL(&sc->sc_txbuf, tbf, bf_list); + } +@@ -2789,7 +2790,7 @@ + /* fall thru... */ + bad: + if (ni != NULL) +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + if (bf != NULL) { + bf->bf_skb = NULL; + bf->bf_node = NULL; +@@ -3178,7 +3179,7 @@ + */ + ni = sc->sc_keyixmap[keyix]; + if (ni != NULL) { +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + sc->sc_keyixmap[keyix] = NULL; + } + /* +@@ -3189,7 +3190,7 @@ + ath_hal_keyreset(ah, keyix + 32); /* RX key */ + ni = sc->sc_keyixmap[keyix + 32]; + if (ni != NULL) { /* as above... */ +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + sc->sc_keyixmap[keyix + 32] = NULL; + } + } +@@ -3202,7 +3203,7 @@ + ath_hal_keyreset(ah, keyix + rxkeyoff); + ni = sc->sc_keyixmap[keyix + rxkeyoff]; + if (ni != NULL) { /* as above... */ +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + sc->sc_keyixmap[keyix + rxkeyoff] = NULL; + } + } +@@ -3764,10 +3765,8 @@ + dev_kfree_skb(bf->bf_skb); + bf->bf_skb = NULL; + } +- if (bf->bf_node != NULL) { +- ieee80211_free_node(bf->bf_node); +- bf->bf_node = NULL; +- } ++ if (bf->bf_node != NULL) ++ ieee80211_unref_node(&bf->bf_node); + + /* + * NB: the beacon data buffer must be 32-bit aligned; +@@ -3808,7 +3807,7 @@ + DPRINTF(sc, ATH_DEBUG_BEACON, + "%s: %s beacons, bslot %d intval %u tsfadjust(Kus) %llu\n", + __func__, sc->sc_stagbeacons ? "stagger" : "burst", +- avp->av_bslot, ni->ni_intval, (unsigned long long) tuadjust); ++ avp->av_bslot, ni->ni_intval, (long long) tuadjust); + + wh = (struct ieee80211_frame *) skb->data; + memcpy(&wh[1], &tsfadjust, sizeof(tsfadjust)); +@@ -4128,7 +4127,7 @@ + vap = sc->sc_bslot[(slot + 1) % ATH_BCBUF]; + DPRINTF(sc, ATH_DEBUG_BEACON_PROC, + "%s: slot %d [tsf %llu tsftu %u intval %u] vap %p\n", +- __func__, slot, (unsigned long long) tsf, tsftu, ic->ic_lintval, vap); ++ __func__, slot, (long long) tsf, tsftu, ic->ic_lintval, vap); + bfaddr = 0; + if (vap != NULL) { + bf = ath_beacon_generate(sc, vap, needmark); +@@ -4309,10 +4308,8 @@ + dev_kfree_skb(bf->bf_skb); + bf->bf_skb = NULL; + } +- if (bf->bf_node != NULL) { +- ieee80211_free_node(bf->bf_node); +- bf->bf_node = NULL; +- } ++ if (bf->bf_node != NULL) ++ ieee80211_unref_node(&bf->bf_node); + STAILQ_INSERT_TAIL(&sc->sc_bbuf, bf, bf_list); + } + +@@ -4331,10 +4328,8 @@ + dev_kfree_skb(bf->bf_skb); + bf->bf_skb = NULL; + } +- if (bf->bf_node != NULL) { +- ieee80211_free_node(bf->bf_node); +- bf->bf_node = NULL; +- } ++ if (bf->bf_node != NULL) ++ ieee80211_unref_node(&bf->bf_node); + } + } + +@@ -4620,7 +4615,7 @@ + /* + * Reclaim node reference. + */ +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } + } + +@@ -4679,37 +4674,39 @@ + } + + static struct ieee80211_node * +-ath_node_alloc(struct ieee80211_node_table *nt,struct ieee80211vap *vap) ++ath_node_alloc(struct ieee80211vap *vap) + { +- struct ath_softc *sc = nt->nt_ic->ic_dev->priv; ++ struct ath_softc *sc = vap->iv_ic->ic_dev->priv; + const size_t space = sizeof(struct ath_node) + sc->sc_rc->arc_space; + struct ath_node *an; + + an = kmalloc(space, GFP_ATOMIC); +- if (an == NULL) +- return NULL; +- memset(an, 0, space); +- an->an_decomp_index = INVALID_DECOMP_INDEX; +- an->an_avgrssi = ATH_RSSI_DUMMY_MARKER; +- an->an_halstats.ns_avgbrssi = ATH_RSSI_DUMMY_MARKER; +- an->an_halstats.ns_avgrssi = ATH_RSSI_DUMMY_MARKER; +- an->an_halstats.ns_avgtxrssi = ATH_RSSI_DUMMY_MARKER; +- /* +- * ath_rate_node_init needs a VAP pointer in node +- * to decide which mgt rate to use +- */ +- an->an_node.ni_vap = vap; +- sc->sc_rc->ops->node_init(sc, an); +- +- /* U-APSD init */ +- STAILQ_INIT(&an->an_uapsd_q); +- an->an_uapsd_qdepth = 0; +- STAILQ_INIT(&an->an_uapsd_overflowq); +- an->an_uapsd_overflowqdepth = 0; +- ATH_NODE_UAPSD_LOCK_INIT(an); ++ if (an != NULL) { ++ memset(an, 0, space); ++ an->an_decomp_index = INVALID_DECOMP_INDEX; ++ an->an_avgrssi = ATH_RSSI_DUMMY_MARKER; ++ an->an_halstats.ns_avgbrssi = ATH_RSSI_DUMMY_MARKER; ++ an->an_halstats.ns_avgrssi = ATH_RSSI_DUMMY_MARKER; ++ an->an_halstats.ns_avgtxrssi = ATH_RSSI_DUMMY_MARKER; ++ /* ++ * ath_rate_node_init needs a vap pointer in node ++ * to decide which mgt rate to use ++ */ ++ an->an_node.ni_vap = vap; ++ sc->sc_rc->ops->node_init(sc, an); + +- DPRINTF(sc, ATH_DEBUG_NODE, "%s: an %p\n", __func__, an); +- return &an->an_node; ++ /* U-APSD init */ ++ STAILQ_INIT(&an->an_uapsd_q); ++ an->an_uapsd_qdepth = 0; ++ STAILQ_INIT(&an->an_uapsd_overflowq); ++ an->an_uapsd_overflowqdepth = 0; ++ ATH_NODE_UAPSD_LOCK_INIT(an); ++ ++ DPRINTF(sc, ATH_DEBUG_NODE, "%s: an %p\n", __func__, an); ++ return &an->an_node; ++ } else { ++ return NULL; ++ } + } + + static void +@@ -4719,6 +4716,7 @@ + struct ath_softc *sc = ni->ni_ic->ic_dev->priv; + struct ath_node *an = ATH_NODE(ni); + struct ath_buf *bf; ++ struct ieee80211_cb *cb = NULL; + + /* + * U-APSD cleanup +@@ -4733,15 +4731,18 @@ + while (an->an_uapsd_qdepth) { + bf = STAILQ_FIRST(&an->an_uapsd_q); + STAILQ_REMOVE_HEAD(&an->an_uapsd_q, bf_list); +- bf->bf_desc->ds_link = 0; + ++ cb = (struct ieee80211_cb *) bf->bf_skb->cb; ++ ieee80211_unref_node(&cb->ni); + dev_kfree_skb_any(bf->bf_skb); ++ ++ bf->bf_desc->ds_link = 0; + bf->bf_skb = NULL; + bf->bf_node = NULL; ++ + ATH_TXBUF_LOCK_IRQ(sc); + STAILQ_INSERT_TAIL(&sc->sc_txbuf, bf, bf_list); + ATH_TXBUF_UNLOCK_IRQ(sc); +- ieee80211_free_node(ni); + + an->an_uapsd_qdepth--; + } +@@ -4749,19 +4750,25 @@ + while (an->an_uapsd_overflowqdepth) { + bf = STAILQ_FIRST(&an->an_uapsd_overflowq); + STAILQ_REMOVE_HEAD(&an->an_uapsd_overflowq, bf_list); +- bf->bf_desc->ds_link = 0; + ++ cb = (struct ieee80211_cb *) bf->bf_skb->cb; ++ ieee80211_unref_node(&cb->ni); + dev_kfree_skb_any(bf->bf_skb); ++ + bf->bf_skb = NULL; + bf->bf_node = NULL; ++ bf->bf_desc->ds_link = 0; ++ + ATH_TXBUF_LOCK_IRQ(sc); + STAILQ_INSERT_TAIL(&sc->sc_txbuf, bf, bf_list); + ATH_TXBUF_UNLOCK_IRQ(sc); +- ieee80211_free_node(ni); + + an->an_uapsd_overflowqdepth--; + } + ++ /* Clean up node-specific rate things - this currently appears to always be a no-op */ ++ sc->sc_rc->ops->node_cleanup(sc, ATH_NODE(ni)); ++ + ATH_NODE_UAPSD_LOCK_IRQ(an); + sc->sc_node_cleanup(ni); + ATH_NODE_UAPSD_UNLOCK_IRQ(an); +@@ -4772,7 +4779,6 @@ + { + struct ath_softc *sc = ni->ni_ic->ic_dev->priv; + +- sc->sc_rc->ops->node_cleanup(sc, ATH_NODE(ni)); + sc->sc_node_free(ni); + #ifdef ATH_SUPERG_XR + ath_grppoll_period_update(sc); +@@ -5660,7 +5666,7 @@ + an = ATH_NODE(ieee80211_ref_node(ni)); + ATH_RSSI_LPF(an->an_avgrssi, rs->rs_rssi); + type = ieee80211_input(ni, skb, rs->rs_rssi, rs->rs_tstamp); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } else { + /* + * No key index or no entry, do a lookup and +@@ -5682,7 +5688,7 @@ + if (keyix != IEEE80211_KEYIX_NONE && + sc->sc_keyixmap[keyix] == NULL) + sc->sc_keyixmap[keyix] = ieee80211_ref_node(ni); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } else + type = ieee80211_input_all(ic, skb, + rs->rs_rssi, rs->rs_tstamp); +@@ -6478,8 +6484,7 @@ + STAILQ_REMOVE_HEAD(&an->an_uapsd_q, bf_list); + dev_kfree_skb(lastbuf->bf_skb); + lastbuf->bf_skb = NULL; +- ieee80211_free_node(lastbuf->bf_node); +- lastbuf->bf_node = NULL; ++ ieee80211_unref_node(&lastbuf->bf_node); + ATH_TXBUF_LOCK_IRQ(sc); + STAILQ_INSERT_TAIL(&sc->sc_txbuf, lastbuf, bf_list); + ATH_TXBUF_UNLOCK_IRQ(sc); +@@ -7229,7 +7234,7 @@ + * this is a DEAUTH message that was sent and the + * node was timed out due to inactivity. + */ +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } + + bus_unmap_single(sc->sc_bdev, bf->bf_skbaddr, +@@ -7474,7 +7479,7 @@ + } + #endif /* ATH_SUPERG_FF */ + if (bf->bf_node) +- ieee80211_free_node(bf->bf_node); ++ ieee80211_unref_node(&bf->bf_node); + + bf->bf_skb = NULL; + bf->bf_node = NULL; +diff -ur madwifi.old/net80211/ieee80211_input.c madwifi.dev/net80211/ieee80211_input.c +--- madwifi.old/net80211/ieee80211_input.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_input.c 2007-05-21 08:10:46.865754024 +0200 +@@ -489,7 +489,7 @@ + nt = &ic->ic_sta; + ni_wds = ieee80211_find_wds_node(nt, wh->i_addr3); + if (ni_wds) { +- ieee80211_free_node(ni_wds); /* Decr ref count */ ++ ieee80211_unref_node(&ni_wds); /* Decr ref count */ + IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT, + wh, NULL, "%s", + "multicast echo originated from node behind me"); +@@ -543,10 +543,12 @@ + * the node table for the packet source address (addr4). + * If not, add one. + */ ++ /* XXX: Useless node mgmt API; make better */ + if (dir == IEEE80211_FC1_DIR_DSTODS) { + struct ieee80211_node_table *nt; + struct ieee80211_frame_addr4 *wh4; + struct ieee80211_node *ni_wds; ++ + if (!(vap->iv_flags_ext & IEEE80211_FEXT_WDS)) { + IEEE80211_DISCARD(vap, IEEE80211_MSG_INPUT, + wh, "data", "%s", "4 addr not allowed"); +@@ -569,7 +571,7 @@ + if (ni_wds == NULL) + ieee80211_add_wds_addr(nt, ni, wh4->i_addr4, 0); + else +- ieee80211_free_node(ni_wds); /* Decr ref count */ ++ ieee80211_unref_node(&ni_wds); /* Decr. ref count */ + } + + /* +@@ -936,7 +938,7 @@ + } + ni = ieee80211_ref_node(vap->iv_bss); + type = ieee80211_input(ni, skb1, rssi, rstamp); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } + if (skb != NULL) /* no vaps, reclaim skb */ + dev_kfree_skb(skb); +@@ -986,22 +988,14 @@ + } + + /* +- * Use this lock to make sure ni->ni_rxfrag is +- * not freed by the timer process while we use it. +- * XXX bogus +- */ +- IEEE80211_NODE_LOCK_IRQ(ni->ni_table); +- +- /* + * Update the time stamp. As a side effect, it + * also makes sure that the timer will not change + * ni->ni_rxfrag for at least 1 second, or in + * other words, for the remaining of this function. ++ * XXX HUGE HORRIFIC HACK + */ + ni->ni_rxfragstamp = jiffies; + +- IEEE80211_NODE_UNLOCK_IRQ(ni->ni_table); +- + /* + * Validate that fragment is in order and + * related to the previous ones. +@@ -1130,7 +1124,7 @@ + skb = NULL; + } + /* XXX statistic? */ +- ieee80211_free_node(ni1); ++ ieee80211_unref_node(&ni1); + } + } + if (skb1 != NULL) { +@@ -1265,6 +1259,7 @@ + int rssi, u_int32_t rstamp, u_int16_t seq, u_int16_t status) + { + struct ieee80211vap *vap = ni->ni_vap; ++ unsigned int tmpnode = 0; + + if (ni->ni_authmode == IEEE80211_AUTH_SHARED) { + IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_AUTH, +@@ -1272,22 +1267,21 @@ + "bad sta auth mode %u", ni->ni_authmode); + vap->iv_stats.is_rx_bad_auth++; /* XXX maybe a unique error? */ + if (vap->iv_opmode == IEEE80211_M_HOSTAP) { +- /* XXX hack to workaround calling convention */ +- +- /* XXX To send the frame to the requesting STA, we have to +- * create a node for the station that we're going to reject. +- * The node will be freed automatically */ + if (ni == vap->iv_bss) { +- ni = ieee80211_dup_bss(vap, wh->i_addr2); ++ ni = ieee80211_dup_bss(vap, wh->i_addr2, 0); + if (ni == NULL) + return; + + IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, + "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(ni->ni_macaddr), + ieee80211_node_refcnt(ni)); ++ tmpnode = 1; + } + IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, + (seq + 1) | (IEEE80211_STATUS_ALG << 16)); ++ ++ if (tmpnode) ++ ieee80211_unref_node(&ni); + return; + } + } +@@ -1315,23 +1309,16 @@ + } + /* always accept open authentication requests */ + if (ni == vap->iv_bss) { +- ni = ieee80211_dup_bss(vap, wh->i_addr2); ++ ni = ieee80211_dup_bss(vap, wh->i_addr2, 0); + if (ni == NULL) + return; + + IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, + "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(ni->ni_macaddr), + ieee80211_node_refcnt(ni)); +- +- } else if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) +- (void) ieee80211_ref_node(ni); +- /* +- * Mark the node as referenced to reflect that it's +- * reference count has been bumped to ensure it remains +- * after the transaction completes. +- */ +- ni->ni_flags |= IEEE80211_NODE_AREF; +- ++ tmpnode = 1; ++ } ++ + IEEE80211_SEND_MGMT(ni, IEEE80211_FC0_SUBTYPE_AUTH, seq + 1); + IEEE80211_NOTE(vap, IEEE80211_MSG_DEBUG | IEEE80211_MSG_AUTH, + ni, "station authenticated (%s)", "open"); +@@ -1341,6 +1328,8 @@ + */ + if (ni->ni_authmode != IEEE80211_AUTH_8021X) + ieee80211_node_authorize(ni); ++ if (tmpnode) ++ ieee80211_unref_node(&ni); + break; + + case IEEE80211_M_STA: +@@ -1379,7 +1368,7 @@ + int istmp; + + if (ni == vap->iv_bss) { +- ni = ieee80211_tmp_node(vap, mac); ++ ni = ieee80211_dup_bss(vap, mac, 1); + if (ni == NULL) { + /* XXX msg */ + return; +@@ -1389,7 +1378,7 @@ + istmp = 0; + IEEE80211_SEND_MGMT(ni, subtype, arg); + if (istmp) +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } + + static int +@@ -1505,7 +1494,7 @@ + switch (seq) { + case IEEE80211_AUTH_SHARED_REQUEST: + if (ni == vap->iv_bss) { +- ni = ieee80211_dup_bss(vap, wh->i_addr2); ++ ni = ieee80211_dup_bss(vap, wh->i_addr2, 0); + if (ni == NULL) { + /* NB: no way to return an error */ + return; +@@ -1516,17 +1505,8 @@ + ieee80211_node_refcnt(ni)); + + allocbs = 1; +- } else { +- if ((ni->ni_flags & IEEE80211_NODE_AREF) == 0) +- (void) ieee80211_ref_node(ni); +- allocbs = 0; + } +- /* +- * Mark the node as referenced to reflect that it's +- * reference count has been bumped to ensure it remains +- * after the transaction completes. +- */ +- ni->ni_flags |= IEEE80211_NODE_AREF; ++ + ni->ni_rssi = rssi; + ni->ni_rstamp = rstamp; + ni->ni_last_rx = jiffies; +@@ -1620,14 +1600,13 @@ + } + return; + bad: +- /* +- * Send an error response; but only when operating as an AP. +- */ ++ /* Send an error response; but only when operating as an AP. */ + if (vap->iv_opmode == IEEE80211_M_HOSTAP) { + /* XXX hack to workaround calling convention */ + ieee80211_send_error(ni, wh->i_addr2, + IEEE80211_FC0_SUBTYPE_AUTH, + (seq + 1) | (estatus<<16)); ++ ieee80211_node_leave(ni); + } else if (vap->iv_opmode == IEEE80211_M_STA) { + /* + * Kick the state machine. This short-circuits +@@ -2600,7 +2579,7 @@ + u_int8_t *frm, *efrm; + u_int8_t *ssid, *rates, *xrates, *wpa, *rsn, *wme, *ath; + u_int8_t rate; +- int reassoc, resp, allocbs; ++ int reassoc, resp, allocbs = 0; + u_int8_t qosinfo; + + wh = (struct ieee80211_frame *) skb->data; +@@ -3008,13 +2987,13 @@ + ni = ieee80211_fakeup_adhoc_node(vap, + wh->i_addr2); + } else { +- ni = ieee80211_tmp_node(vap, wh->i_addr2); ++ ni = ieee80211_dup_bss(vap, wh->i_addr2, 1); + } + if (ni == NULL) + return; + allocbs = 1; +- } else +- allocbs = 0; ++ } ++ + IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_INPUT, wh->i_addr2, + "%s", "recv probe req"); + ni->ni_rssi = rssi; +@@ -3037,7 +3016,7 @@ + * Temporary node created just to send a + * response, reclaim immediately + */ +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } else if (ath != NULL) + ieee80211_saveath(ni, ath); + break; +@@ -3067,6 +3046,9 @@ + ni = vap->iv_xrvap->iv_bss; + else { + ieee80211_node_leave(ni); ++ /* This would be a stupid place to add a node to the table ++ * XR stuff needs work anyway ++ */ + ieee80211_node_reset(ni, vap->iv_xrvap); + } + vap = vap->iv_xrvap; +diff -ur madwifi.old/net80211/ieee80211_linux.c madwifi.dev/net80211/ieee80211_linux.c +--- madwifi.old/net80211/ieee80211_linux.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_linux.c 2007-05-21 08:10:46.866753872 +0200 +@@ -358,7 +358,7 @@ + struct ieee80211_node *ni; + struct ieee80211_node_table *nt = (struct ieee80211_node_table *) &vap->iv_ic->ic_sta; + +- //IEEE80211_NODE_LOCK(nt); ++ /* IEEE80211_NODE_LOCK(nt); */ + TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { + /* Assume each node needs 500 bytes */ + if (buf + space < p + 500) +@@ -376,7 +376,7 @@ + + } + } +- //IEEE80211_NODE_UNLOCK(nt); ++ /* IEEE80211_NODE_UNLOCK(nt); */ + return (p - buf); + } + +diff -ur madwifi.old/net80211/ieee80211_linux.h madwifi.dev/net80211/ieee80211_linux.h +--- madwifi.old/net80211/ieee80211_linux.h 2007-05-04 15:45:58.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_linux.h 2007-05-21 08:10:46.867753720 +0200 +@@ -63,6 +63,12 @@ + + #define IEEE80211_RESCHEDULE schedule + ++/* Locking */ ++/* NB: beware, spin_is_locked() is not usefully defined for !(DEBUG || SMP) ++ * because spinlocks do not exist in this configuration. Instead IRQs ++ * or pre-emption are simply disabled, as this is all that is needed. ++ */ ++ + /* + * Beacon handler locking definitions. + * Beacon locking +@@ -85,14 +91,14 @@ + #define IEEE80211_LOCK(_ic) spin_lock(&(_ic)->ic_comlock) + #define IEEE80211_UNLOCK(_ic) spin_unlock(&(_ic)->ic_comlock) + +-/* NB: beware, spin_is_locked() is unusable for !SMP */ +-#if defined(CONFIG_SMP) ++#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) + #define IEEE80211_LOCK_ASSERT(_ic) \ + KASSERT(spin_is_locked(&(_ic)->ic_comlock),("ieee80211com not locked!")) + #else + #define IEEE80211_LOCK_ASSERT(_ic) + #endif + ++ + #define IEEE80211_VAPS_LOCK_INIT(_ic, _name) \ + spin_lock_init(&(_ic)->ic_vapslock) + #define IEEE80211_VAPS_LOCK_DESTROY(_ic) +@@ -108,11 +114,10 @@ + } while (0) + #define IEEE80211_VAPS_UNLOCK_IRQ_EARLY(_ic) spin_unlock_irqrestore(&(_ic)->ic_vapslock, _vaps_lockflags) + +- +-/* NB: beware, spin_is_locked() is unusable for !SMP */ +-#if defined(CONFIG_SMP) ++#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) + #define IEEE80211_VAPS_LOCK_ASSERT(_ic) \ +- KASSERT(spin_is_locked(&(_ic)->ic_vapslock),("ieee80211com_vaps not locked!")) ++ KASSERT(spin_is_locked(&(_ic)->ic_vapslock), \ ++ ("ieee80211com_vaps not locked!")) + #else + #define IEEE80211_VAPS_LOCK_ASSERT(_ic) + #endif +@@ -121,29 +126,63 @@ + /* + * Node locking definitions. + */ ++#if 0 ++ + typedef spinlock_t ieee80211_node_lock_t; +-#define IEEE80211_NODE_LOCK_INIT(_nt, _name) spin_lock_init(&(_nt)->nt_nodelock) +-#define IEEE80211_NODE_LOCK_DESTROY(_nt) +-#define IEEE80211_NODE_LOCK(_nt) spin_lock(&(_nt)->nt_nodelock) +-#define IEEE80211_NODE_UNLOCK(_nt) spin_unlock(&(_nt)->nt_nodelock) +-#define IEEE80211_NODE_LOCK_BH(_nt) spin_lock_bh(&(_nt)->nt_nodelock) +-#define IEEE80211_NODE_UNLOCK_BH(_nt) spin_unlock_bh(&(_nt)->nt_nodelock) +-#define IEEE80211_NODE_LOCK_IRQ(_nt) do { \ ++#define IEEE80211_NODE_LOCK_INIT(_ni, _name) spin_lock_init(&(_ni)->ni_nodelock) ++#define IEEE80211_NODE_LOCK_DESTROY(_ni) ++#if 0 /* We should always be contesting in the same contexts */ ++#define IEEE80211_NODE_LOCK(_ni) spin_lock(&(_ni)->ni_nodelock) ++#define IEEE80211_NODE_UNLOCK(_ni) spin_unlock(&(_ni)->ni_nodelock) ++#define IEEE80211_NODE_LOCK_BH(_ni) spin_lock_bh(&(_ni)->ni_nodelock) ++#define IEEE80211_NODE_UNLOCK_BH(_ni) spin_unlock_bh(&(_ni)->ni_nodelock) ++#endif ++#define IEEE80211_NODE_LOCK_IRQ(_ni) do { \ ++ unsigned long __node_lockflags; \ ++ spin_lock_irqsave(&(_ni)->ni_nodelock, __node_lockflags); ++#define IEEE80211_NODE_UNLOCK_IRQ(_ni) \ ++ spin_unlock_irqrestore(&(_ni)->ni_nodelock, __node_lockflags); \ ++} while(0) ++#define IEEE80211_NODE_UNLOCK_IRQ_EARLY(_ni) \ ++ spin_unlock_irqrestore(&(_ni)->ni_nodelock, __node_lockflags); ++ ++#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) ++#define IEEE80211_NODE_LOCK_ASSERT(_nt) \ ++ KASSERT(spin_is_locked(&(_ni)->ni_nodelock), \ ++ ("802.11 node not locked!")) ++#else ++#define IEEE80211_NODE_LOCK_ASSERT(_ni) ++#endif ++ ++#endif /* node lock */ ++ ++/* ++ * Node table locking definitions. ++ */ ++typedef spinlock_t ieee80211_node_table_lock_t; ++#define IEEE80211_NODE_TABLE_LOCK_INIT(_nt, _name) spin_lock_init(&(_nt)->nt_nodelock) ++#define IEEE80211_NODE_TABLE_LOCK_DESTROY(_nt) ++#if 0 /* We should always be contesting in the same contexts */ ++#define IEEE80211_NODE_TABLE_LOCK(_nt) spin_lock(&(_nt)->nt_nodelock) ++#define IEEE80211_NODE_TABLE_UNLOCK(_nt) spin_unlock(&(_nt)->nt_nodelock) ++#define IEEE80211_NODE_TABLE_LOCK_BH(_nt) spin_lock_bh(&(_nt)->nt_nodelock) ++#define IEEE80211_NODE_TABLE_UNLOCK_BH(_nt) spin_unlock_bh(&(_nt)->nt_nodelock) ++#endif ++#define IEEE80211_NODE_TABLE_LOCK_IRQ(_nt) do { \ + unsigned long __node_lockflags; \ + spin_lock_irqsave(&(_nt)->nt_nodelock, __node_lockflags); +-#define IEEE80211_NODE_UNLOCK_IRQ(_nt) \ ++#define IEEE80211_NODE_TABLE_UNLOCK_IRQ(_nt) \ + spin_unlock_irqrestore(&(_nt)->nt_nodelock, __node_lockflags); \ + } while(0) +-#define IEEE80211_NODE_UNLOCK_IRQ_EARLY(_nt) \ ++#define IEEE80211_NODE_TABLE_UNLOCK_IRQ_EARLY(_nt) \ + spin_unlock_irqrestore(&(_nt)->nt_nodelock, __node_lockflags); + +-/* NB: beware, *_is_locked() are bogusly defined for UP+!PREEMPT */ +-#if (defined(CONFIG_SMP) || defined(CONFIG_PREEMPT)) && defined(spinlock_is_locked) +-#define IEEE80211_NODE_LOCK_ASSERT(_nt) \ +- KASSERT(spinlock_is_locked(&(_nt)->nt_nodelock), \ ++#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) ++#define IEEE80211_NODE_TABLE_LOCK_ASSERT(_nt) \ ++ KASSERT(spin_is_locked(&(_nt)->nt_nodelock), \ + ("802.11 node table not locked!")) + #else +-#define IEEE80211_NODE_LOCK_ASSERT(_nt) ++#define IEEE80211_NODE_TABLE_LOCK_ASSERT(_nt) + #endif + + /* +@@ -163,8 +202,7 @@ + #define IEEE80211_SCAN_UNLOCK_IRQ_EARLY(_nt) \ + spin_unlock_irqrestore(&(_nt)->nt_scanlock, __scan_lockflags); + +-/* NB: beware, spin_is_locked() is unusable for !SMP */ +-#if defined(CONFIG_SMP) ++#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) + #define IEEE80211_SCAN_LOCK_ASSERT(_nt) \ + KASSERT(spin_is_locked(&(_nt)->nt_scanlock), ("scangen not locked!")) + #else +@@ -182,8 +220,7 @@ + #define ACL_LOCK_BH(_as) spin_lock_bh(&(_as)->as_lock) + #define ACL_UNLOCK_BH(_as) spin_unlock_bh(&(_as)->as_lock) + +-/* NB: beware, spin_is_locked() is unusable for !SMP */ +-#if defined(CONFIG_SMP) ++#if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) + #define ACL_LOCK_ASSERT(_as) \ + KASSERT(spin_is_locked(&(_as)->as_lock), ("ACL not locked!")) + #else +@@ -299,6 +336,7 @@ + * is the last reference, otherwise 0 + * ieee80211_node_refcnt reference count for printing (only) + */ ++typedef atomic_t ieee80211_node_ref_count_t; + #define ieee80211_node_initref(_ni) atomic_set(&(_ni)->ni_refcnt, 1) + #define ieee80211_node_incref(_ni) atomic_inc(&(_ni)->ni_refcnt) + #define ieee80211_node_decref(_ni) atomic_dec(&(_ni)->ni_refcnt) +@@ -379,8 +417,8 @@ + /* msecs_to_jiffies appeared in 2.6.7 and 2.4.29 */ + #include + #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) && \ +- LINUX_VERSION_CODE < KERNEL_VERSION(2,6,7)) || \ +- LINUX_VERSION_CODE < KERNEL_VERSION(2,4,29) ++ LINUX_VERSION_CODE < KERNEL_VERSION(2,6,7)) || \ ++ LINUX_VERSION_CODE < KERNEL_VERSION(2,4,29) + + /* The following definitions and inline functions are + * copied from the kernel src, include/linux/jiffies.h */ +diff -ur madwifi.old/net80211/ieee80211_node.c madwifi.dev/net80211/ieee80211_node.c +--- madwifi.old/net80211/ieee80211_node.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_node.c 2007-05-21 08:10:46.868753568 +0200 +@@ -65,16 +65,17 @@ + #define IEEE80211_AID_ISSET(_vap, _b) \ + ((_vap)->iv_aid_bitmap[IEEE80211_AID(_b) / 32] & (1 << (IEEE80211_AID(_b) % 32))) + ++static struct ieee80211_node *ieee80211_alloc_node(struct ieee80211vap *, const u_int8_t *); ++ + static int ieee80211_sta_join1(struct ieee80211_node *); + +-static struct ieee80211_node *node_alloc(struct ieee80211_node_table *, +- struct ieee80211vap *); ++static struct ieee80211_node *node_alloc(struct ieee80211vap *); + static void node_cleanup(struct ieee80211_node *); + static void node_free(struct ieee80211_node *); + static u_int8_t node_getrssi(const struct ieee80211_node *); + +-static void _ieee80211_free_node(struct ieee80211_node *); +-static void node_reclaim(struct ieee80211_node_table *, struct ieee80211_node*); ++static void _node_table_leave(struct ieee80211_node_table *, struct ieee80211_node *); ++static void _node_table_join(struct ieee80211_node_table *, struct ieee80211_node *); + + static void ieee80211_node_timeout(unsigned long); + +@@ -194,8 +195,7 @@ + + ieee80211_node_table_reset(&ic->ic_sta, vap); + if (vap->iv_bss != NULL) { +- ieee80211_free_node(vap->iv_bss); +- vap->iv_bss = NULL; ++ ieee80211_unref_node(&vap->iv_bss); + } + if (vap->iv_aid_bitmap != NULL) { + FREE(vap->iv_aid_bitmap, M_DEVBUF); +@@ -250,6 +250,7 @@ + nbss->ni_txpower = obss->ni_txpower; + nbss->ni_vlan = obss->ni_vlan; + nbss->ni_rsn = obss->ni_rsn; ++ nbss->ni_rates = obss->ni_rates; + /* XXX statistics? */ + } + +@@ -263,17 +264,17 @@ + "%s: creating ibss on channel %u\n", __func__, + ieee80211_chan2ieee(ic, chan)); + +- /* Check to see if we already have a node for this mac */ ++ /* Check to see if we already have a node for this mac ++ * NB: we gain a node reference here ++ */ + ni = ieee80211_find_node(&ic->ic_sta, vap->iv_myaddr); + if (ni == NULL) { +- ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); ++ ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr); + if (ni == NULL) { + /* XXX recovery? */ + return; + } + } +- else +- ieee80211_free_node(ni); + + IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, "%s: %p<%s> refcnt %d\n", + __func__, vap->iv_bss, ether_sprintf(vap->iv_bss->ni_macaddr), +@@ -339,7 +340,7 @@ + else if (IEEE80211_IS_CHAN_QUARTER(chan)) + ni->ni_rates = ic->ic_sup_quarter_rates; + +- (void) ieee80211_sta_join1(ieee80211_ref_node(ni)); ++ (void) ieee80211_sta_join1(PASS_NODE(ni)); + } + EXPORT_SYMBOL(ieee80211_create_ibss); + +@@ -363,9 +364,10 @@ + /* XXX multi-bss wrong */ + ieee80211_reset_erp(ic, ic->ic_curmode); + +- ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->iv_myaddr); ++ ni = ieee80211_alloc_node_table(vap, vap->iv_myaddr); + KASSERT(ni != NULL, ("unable to setup inital BSS node")); + obss = vap->iv_bss; ++ /* New reference for caller */ + vap->iv_bss = ieee80211_ref_node(ni); + + IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, "%s: new bss %p<%s> refcnt %d\n", +@@ -375,7 +377,8 @@ + if (obss != NULL) { + copy_bss(ni, obss); + ni->ni_intval = ic->ic_lintval; +- ieee80211_free_node(obss); ++ /* Caller's reference */ ++ ieee80211_unref_node(&obss); + } + } + +@@ -581,7 +584,7 @@ + vap->iv_state == IEEE80211_S_RUN && ssid_equal(obss, selbs)); + vap->iv_bss = selbs; + if (obss != NULL) +- ieee80211_free_node(obss); ++ ieee80211_unref_node(&obss); + ic->ic_bsschan = selbs->ni_chan; + ic->ic_curchan = ic->ic_bsschan; + ic->ic_curmode = ieee80211_chan2mode(ic->ic_curchan); +@@ -638,21 +641,20 @@ + + ni = ieee80211_find_node(&ic->ic_sta, se->se_macaddr); + if (ni == NULL) { +- ni = ieee80211_alloc_node(&ic->ic_sta, vap, se->se_macaddr); ++ ni = ieee80211_alloc_node_table(vap, se->se_macaddr); + if (ni == NULL) { + IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, + "%s: Unable to allocate node for BSS: %s\n", __func__, + ether_sprintf(ni->ni_macaddr)); + return 0; + } +- } else +- ieee80211_free_node(ni); ++ } + + /* + * Expand scan state into node's format. + * XXX may not need all this stuff + */ +- ni->ni_authmode = vap->iv_bss->ni_authmode; /* inherit authmode from iv_bss */ ++ ni->ni_authmode = vap->iv_bss->ni_authmode; /* inherit authmode from iv_bss */ + /* inherit the WPA setup as well (structure copy!) */ + ni->ni_rsn = vap->iv_bss->ni_rsn; + IEEE80211_ADDR_COPY(ni->ni_bssid, se->se_bssid); +@@ -686,9 +688,9 @@ + + IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, + "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(ni->ni_macaddr), +- ieee80211_node_refcnt(ni)+1); ++ ieee80211_node_refcnt(ni)); + +- return ieee80211_sta_join1(ieee80211_ref_node(ni)); ++ return ieee80211_sta_join1(PASS_NODE(ni)); + } + EXPORT_SYMBOL(ieee80211_sta_join); + +@@ -700,15 +702,13 @@ + ieee80211_sta_leave(struct ieee80211_node *ni) + { + struct ieee80211vap *vap = ni->ni_vap; +- struct ieee80211com *ic = vap->iv_ic; + + /* WDS/Repeater: Stop software beacon timer for STA */ + if (vap->iv_opmode == IEEE80211_M_STA && + vap->iv_flags_ext & IEEE80211_FEXT_SWBMISS) { + del_timer(&vap->iv_swbmiss); + } +- +- ic->ic_node_cleanup(ni); ++ + ieee80211_notify_node_leave(ni); + } + +@@ -717,11 +717,11 @@ + */ + + static void +-ieee80211_node_table_init(struct ieee80211com *ic, +- struct ieee80211_node_table *nt, const char *name, int inact) ++ieee80211_node_table_init(struct ieee80211com *ic, struct ieee80211_node_table *nt, ++ const char *name, int inact) + { + nt->nt_ic = ic; +- IEEE80211_NODE_LOCK_INIT(nt, ic->ic_dev->name); ++ IEEE80211_NODE_TABLE_LOCK_INIT(nt, ic->ic_dev->name); + IEEE80211_SCAN_LOCK_INIT(nt, ic->ic_dev->name); + TAILQ_INIT(&nt->nt_node); + nt->nt_name = name; +@@ -733,11 +733,31 @@ + mod_timer(&nt->nt_wds_aging_timer, jiffies + HZ * WDS_AGING_TIMER_VAL); + } + ++static __inline void _node_table_join(struct ieee80211_node_table *nt, struct ieee80211_node *ni) { ++ IEEE80211_NODE_TABLE_LOCK_ASSERT(nt); ++ ++ ni->ni_table = nt; ++ TAILQ_INSERT_TAIL(&nt->nt_node, ieee80211_ref_node(ni), ni_list); ++ LIST_INSERT_HEAD(&nt->nt_hash[IEEE80211_NODE_HASH(ni->ni_macaddr)], ni, ni_hash); ++} ++ ++static __inline void _node_table_leave(struct ieee80211_node_table *nt, struct ieee80211_node *ni) { ++ struct ieee80211_node *hni; ++ IEEE80211_NODE_TABLE_LOCK_ASSERT(nt); ++ ++ TAILQ_REMOVE(&nt->nt_node, ni, ni_list); ++ LIST_FOREACH(hni, &nt->nt_hash[IEEE80211_NODE_HASH(ni->ni_macaddr)], ni_hash) { ++ LIST_REMOVE(ni, ni_hash); ++ } ++ ni->ni_table = NULL; ++ _ieee80211_unref_node(ni); ++} ++ + /* This is overridden by ath_node_alloc in ath/if_ath.c, and so +- * should never get called ++ * should never get called. + */ + static struct ieee80211_node * +-node_alloc(struct ieee80211_node_table *nt, struct ieee80211vap *vap) ++node_alloc(struct ieee80211vap *vap) + { + struct ieee80211_node *ni; + +@@ -776,13 +796,6 @@ + IEEE80211_UNLOCK_IRQ(ni->ni_ic); + } + } +- /* +- * Clear AREF flag that marks the authorization refcnt bump +- * has happened. This is probably not needed as the node +- * should always be removed from the table so not found but +- * do it just in case. +- */ +- ni->ni_flags &= ~IEEE80211_NODE_AREF; + + /* + * Drain power save queue and, if needed, clear TIM. +@@ -791,10 +804,7 @@ + vap->iv_set_tim(ni, 0); + + ni->ni_associd = 0; +- if (ni->ni_challenge != NULL) { +- FREE(ni->ni_challenge, M_DEVBUF); +- ni->ni_challenge = NULL; +- } ++ + /* + * Preserve SSID, WPA, and WME ie's so the bss node is + * reusable during a re-auth/re-assoc state transition. +@@ -819,9 +829,16 @@ + static void + node_free(struct ieee80211_node *ni) + { ++#if 0 ++ /* We should 'cleanup' and then free'ing should be done automatically on decref */ + struct ieee80211com *ic = ni->ni_ic; + + ic->ic_node_cleanup(ni); ++#endif ++ KASSERT(ieee80211_node_refcnt(ni) == 0, ("node being free whilst still referenced")); ++ ++ if (ni->ni_challenge != NULL) ++ FREE(ni->ni_challenge, M_DEVBUF); + if (ni->ni_wpa_ie != NULL) + FREE(ni->ni_wpa_ie, M_DEVBUF); + if (ni->ni_rsn_ie != NULL) +@@ -831,6 +848,7 @@ + if (ni->ni_ath_ie != NULL) + FREE(ni->ni_ath_ie, M_DEVBUF); + IEEE80211_NODE_SAVEQ_DESTROY(ni); ++ + FREE(ni, M_80211_NODE); + } + +@@ -847,55 +865,70 @@ + * This interface is not intended for general use, it is + * used by the routines below to create entries with a + * specific purpose. ++ * Dont assume a BSS? + */ + struct ieee80211_node * +-ieee80211_alloc_node(struct ieee80211_node_table *nt, +- struct ieee80211vap *vap, const u_int8_t *macaddr) ++ieee80211_alloc_node_table(struct ieee80211vap *vap, ++ const u_int8_t *macaddr) + { +- struct ieee80211com *ic = nt->nt_ic; ++ struct ieee80211com *ic = vap->iv_ic; ++ struct ieee80211_node_table *nt = &ic->ic_sta; + struct ieee80211_node *ni; +- int hash; + +- ni = ic->ic_node_alloc(nt, vap); +- if (ni == NULL) { +- /* XXX msg */ +- vap->iv_stats.is_rx_nodealloc++; +- return NULL; +- } ++ ni = ieee80211_alloc_node(vap, macaddr); ++ if (ni != NULL) { ++ ni->ni_inact = ni->ni_inact_reload = nt->nt_inact_init; + +- IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, +- "%s: %p<%s> in %s table, refcnt %d\n", __func__, ni, +- ether_sprintf(macaddr), nt->nt_name, +- ieee80211_node_refcnt(ni)+1); ++ WME_UAPSD_NODE_TRIGSEQINIT(ni); ++ IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); + +- IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); +- hash = IEEE80211_NODE_HASH(macaddr); +- ieee80211_node_initref(ni); /* mark referenced */ +- ni->ni_chan = IEEE80211_CHAN_ANYC; +- ni->ni_authmode = IEEE80211_AUTH_OPEN; +- ni->ni_txpower = ic->ic_txpowlimit; /* max power */ +- ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, IEEE80211_KEYIX_NONE); +- ni->ni_inact_reload = nt->nt_inact_init; +- ni->ni_inact = ni->ni_inact_reload; +- ni->ni_ath_defkeyindex = IEEE80211_INVAL_DEFKEY; +- ni->ni_rxkeyoff = 0; +- IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); ++ _node_table_join(nt, ni); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); ++ } + +- IEEE80211_NODE_LOCK_IRQ(nt); +- ni->ni_vap = vap; +- ni->ni_ic = ic; +- ni->ni_table = nt; +- TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); +- LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); +- ni->ni_rxfrag = NULL; +- ni->ni_challenge = NULL; +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ return ni; ++} ++EXPORT_SYMBOL(ieee80211_alloc_node_table); ++ ++/* Allocate a node structure and initialise specialised structures ++ * This function does not add the node to the node table, thus this ++ * node will not be found using ieee80211_find_*node. ++ * This is useful when sending one off errors or request denials. ++ */ ++static struct ieee80211_node * ++ieee80211_alloc_node(struct ieee80211vap *vap, const u_int8_t *macaddr) ++{ ++ struct ieee80211com *ic = vap->iv_ic; ++ struct ieee80211_node *ni; ++ ++ /* This always allocates zeroed memoery */ ++ ni = ic->ic_node_alloc(vap); ++ if (ni != NULL) { ++ IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, ++ "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(macaddr), ++ ieee80211_node_refcnt(ni)+1); + +- WME_UAPSD_NODE_TRIGSEQINIT(ni); ++ ieee80211_node_initref(ni); /* mark referenced */ ++ ++ IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); ++ ++ ni->ni_chan = IEEE80211_CHAN_ANYC; ++ ni->ni_authmode = IEEE80211_AUTH_OPEN; ++ ni->ni_txpower = ic->ic_txpowlimit; ++ ++ ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, ++ IEEE80211_KEYIX_NONE); ++ ni->ni_ath_defkeyindex = IEEE80211_INVAL_DEFKEY; + ++ ni->ni_vap = vap; ++ ni->ni_ic = ic; ++ } else { ++ /* XXX msg */ ++ vap->iv_stats.is_rx_nodealloc++; ++ } + return ni; + } +-EXPORT_SYMBOL(ieee80211_alloc_node); + + /* Add wds address to the node table */ + int +@@ -917,11 +950,11 @@ + wds->wds_agingcount = WDS_AGING_COUNT; + hash = IEEE80211_NODE_HASH(macaddr); + IEEE80211_ADDR_COPY(wds->wds_macaddr, macaddr); +- ieee80211_ref_node(ni); /* Reference node */ +- wds->wds_ni = ni; +- IEEE80211_NODE_LOCK_IRQ(nt); ++ ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); ++ wds->wds_ni = ieee80211_ref_node(ni); + LIST_INSERT_HEAD(&nt->nt_wds_hash[hash], wds, wds_hash); +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + return 0; + } + EXPORT_SYMBOL(ieee80211_add_wds_addr); +@@ -934,22 +967,19 @@ + struct ieee80211_wds_addr *wds, *twds; + + hash = IEEE80211_NODE_HASH(macaddr); +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + LIST_FOREACH_SAFE(wds, &nt->nt_wds_hash[hash], wds_hash, twds) { + if (IEEE80211_ADDR_EQ(wds->wds_macaddr, macaddr)) { +- if (ieee80211_node_dectestref(wds->wds_ni)) { +- _ieee80211_free_node(wds->wds_ni); +- LIST_REMOVE(wds, wds_hash); +- FREE(wds, M_80211_WDS); +- break; +- } ++ LIST_REMOVE(wds, wds_hash); ++ ieee80211_unref_node(&wds->wds_ni); ++ FREE(wds, M_80211_WDS); ++ break; + } + } +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + } + EXPORT_SYMBOL(ieee80211_remove_wds_addr); + +- + /* Remove node references from wds table */ + void + ieee80211_del_wds_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) +@@ -957,19 +987,17 @@ + int hash; + struct ieee80211_wds_addr *wds, *twds; + +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + for (hash = 0; hash < IEEE80211_NODE_HASHSIZE; hash++) { + LIST_FOREACH_SAFE(wds, &nt->nt_wds_hash[hash], wds_hash, twds) { + if (wds->wds_ni == ni) { +- if (ieee80211_node_dectestref(ni)) { +- _ieee80211_free_node(ni); +- LIST_REMOVE(wds, wds_hash); +- FREE(wds, M_80211_WDS); +- } ++ LIST_REMOVE(wds, wds_hash); ++ ieee80211_unref_node(&wds->wds_ni); ++ FREE(wds, M_80211_WDS); + } + } + } +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + } + EXPORT_SYMBOL(ieee80211_del_wds_node); + +@@ -980,88 +1008,46 @@ + int hash; + struct ieee80211_wds_addr *wds, *twds; + +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + for (hash = 0; hash < IEEE80211_NODE_HASHSIZE; hash++) { + LIST_FOREACH_SAFE(wds, &nt->nt_wds_hash[hash], wds_hash, twds) { + if (wds->wds_agingcount != WDS_AGING_STATIC) { + if (!wds->wds_agingcount) { +- if (ieee80211_node_dectestref(wds->wds_ni)) { +- _ieee80211_free_node(wds->wds_ni); +- LIST_REMOVE(wds, wds_hash); +- FREE(wds, M_80211_WDS); +- } ++ LIST_REMOVE(wds, wds_hash); ++ ieee80211_unref_node(&wds->wds_ni); ++ FREE(wds, M_80211_WDS); + } else + wds->wds_agingcount--; + } + } + } +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + mod_timer(&nt->nt_wds_aging_timer, jiffies + HZ * WDS_AGING_TIMER_VAL); + } + + + /* +- * Craft a temporary node suitable for sending a management frame +- * to the specified station. We craft only as much state as we +- * need to do the work since the node will be immediately reclaimed +- * once the send completes. +- */ +-struct ieee80211_node * +-ieee80211_tmp_node(struct ieee80211vap *vap, const u_int8_t *macaddr) +-{ +- struct ieee80211com *ic = vap->iv_ic; +- struct ieee80211_node *ni; +- +- ni = ic->ic_node_alloc(&ic->ic_sta,vap); +- if (ni != NULL) { +- IEEE80211_DPRINTF(vap, IEEE80211_MSG_NODE, +- "%s: %p<%s> refcnt %d\n", __func__, ni, ether_sprintf(macaddr), +- ieee80211_node_refcnt(ni)+1); +- +- IEEE80211_ADDR_COPY(ni->ni_macaddr, macaddr); +- IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); +- ieee80211_node_initref(ni); /* mark referenced */ +- ni->ni_txpower = vap->iv_bss->ni_txpower; +- ni->ni_vap = vap; +- /* NB: required by ieee80211_fix_rate */ +- ieee80211_node_set_chan(ic, ni); +- ieee80211_crypto_resetkey(vap, &ni->ni_ucastkey, +- IEEE80211_KEYIX_NONE); +- /* XXX optimize away */ +- IEEE80211_NODE_SAVEQ_INIT(ni, "unknown"); +- +- ni->ni_table = NULL; /* NB: pedantic */ +- ni->ni_ic = ic; +- ni->ni_rxfrag = NULL; +- ni->ni_challenge = NULL; +- } else { +- /* XXX msg */ +- vap->iv_stats.is_rx_nodealloc++; +- } +- return ni; +-} +- +-/* + * Add the specified station to the station table. + */ + struct ieee80211_node * +-ieee80211_dup_bss(struct ieee80211vap *vap, const u_int8_t *macaddr) ++ieee80211_dup_bss(struct ieee80211vap *vap, const u_int8_t *macaddr, ++ unsigned char tmp) + { +- struct ieee80211com *ic = vap->iv_ic; + struct ieee80211_node *ni; ++ ++ /* FIXME: Hack */ ++ if (tmp) ++ ni = ieee80211_alloc_node(vap, macaddr); ++ else ++ ni = ieee80211_alloc_node_table(vap, macaddr); + +- ni = ieee80211_alloc_node(&ic->ic_sta, vap, macaddr); + if (ni != NULL) { +- /* +- * Inherit from iv_bss. +- */ +- ni->ni_authmode = vap->iv_bss->ni_authmode; +- ni->ni_txpower = vap->iv_bss->ni_txpower; +- ni->ni_vlan = vap->iv_bss->ni_vlan; /* XXX?? */ ++ copy_bss(ni, vap->iv_bss); + IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); +- ieee80211_node_set_chan(ic, ni); +- ni->ni_rsn = vap->iv_bss->ni_rsn; +- ni->ni_rxfrag = NULL; ++ /* Do this only for nodes that already have a BSS. Otherwise ++ * ic_bsschan is not set and we get a KASSERT failure. ++ * Required by ieee80211_fix_rate */ ++ ieee80211_node_set_chan(vap->iv_ic, ni); + } + return ni; + } +@@ -1069,19 +1055,16 @@ + static struct ieee80211_node * + _ieee80211_find_wds_node(struct ieee80211_node_table *nt, const u_int8_t *macaddr) + { +- struct ieee80211_node *ni; + struct ieee80211_wds_addr *wds; + int hash; +- IEEE80211_NODE_LOCK_ASSERT(nt); ++ IEEE80211_NODE_TABLE_LOCK_ASSERT(nt); + + hash = IEEE80211_NODE_HASH(macaddr); + LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) { + if (IEEE80211_ADDR_EQ(wds->wds_macaddr, macaddr)) { +- ni = wds->wds_ni; + if (wds->wds_agingcount != WDS_AGING_STATIC) + wds->wds_agingcount = WDS_AGING_COUNT; /* reset the aging count */ +- ieee80211_ref_node(ni); +- return ni; ++ return ieee80211_ref_node(wds->wds_ni); + } + } + return NULL; +@@ -1099,7 +1082,7 @@ + int hash; + struct ieee80211_wds_addr *wds; + +- IEEE80211_NODE_LOCK_ASSERT(nt); ++ IEEE80211_NODE_TABLE_LOCK_ASSERT(nt); + + hash = IEEE80211_NODE_HASH(macaddr); + LIST_FOREACH(ni, &nt->nt_hash[hash], ni_hash) { +@@ -1120,9 +1103,7 @@ + nodes. */ + LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) { + if (IEEE80211_ADDR_EQ(wds->wds_macaddr, macaddr)) { +- ni = wds->wds_ni; +- ieee80211_ref_node(ni); +- return ni; ++ return ieee80211_ref_node(wds->wds_ni); + } + } + return NULL; +@@ -1137,9 +1118,9 @@ + { + struct ieee80211_node *ni; + +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + ni = _ieee80211_find_wds_node(nt, macaddr); +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + return ni; + } + EXPORT_SYMBOL(ieee80211_find_wds_node); +@@ -1154,9 +1135,9 @@ + { + struct ieee80211_node *ni; + +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + ni = _ieee80211_find_node(nt, macaddr); +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + return ni; + } + #ifdef IEEE80211_DEBUG_REFCNT +@@ -1179,7 +1160,7 @@ + { + struct ieee80211_node *ni; + +- ni = ieee80211_dup_bss(vap, macaddr); ++ ni = ieee80211_dup_bss(vap, macaddr, 0); + if (ni != NULL) { + /* XXX no rate negotiation; just dup */ + ni->ni_rates = vap->iv_bss->ni_rates; +@@ -1202,14 +1183,13 @@ + * driver has an opportunity to setup it's private state. + */ + struct ieee80211_node * +-ieee80211_add_neighbor(struct ieee80211vap *vap, const struct ieee80211_frame *wh, ++ieee80211_add_neighbor(struct ieee80211vap *vap, const struct ieee80211_frame *wh, + const struct ieee80211_scanparams *sp) + { + struct ieee80211com *ic = vap->iv_ic; + struct ieee80211_node *ni; + +- ni = ieee80211_dup_bss(vap, wh->i_addr2); /* XXX alloc_node? */ +- /* TODO: not really putting itself in a table */ ++ ni = ieee80211_dup_bss(vap, wh->i_addr2, 1); + if (ni != NULL) { + ni->ni_esslen = sp->ssid[1]; + memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); +@@ -1284,12 +1264,12 @@ + /* XXX check ic_bss first in station mode */ + /* XXX 4-address frames? */ + nt = &ic->ic_sta; +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + if (IS_CTL(wh) && !IS_PSPOLL(wh) /*&& !IS_RTS(ah)*/) + ni = _ieee80211_find_node(nt, wh->i_addr1); + else + ni = _ieee80211_find_node(nt, wh->i_addr2); +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + + return ni; + #undef IS_PSPOLL +@@ -1326,9 +1306,9 @@ + + /* XXX can't hold lock across dup_bss due to recursive locking */ + nt = &vap->iv_ic->ic_sta; +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + ni = _ieee80211_find_node(nt, mac); +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + + if (ni == NULL) { + if (vap->iv_opmode == IEEE80211_M_IBSS || +@@ -1355,11 +1335,9 @@ + EXPORT_SYMBOL(ieee80211_find_txnode); + #endif + +-/* Caller must lock the IEEE80211_NODE_LOCK +- * +- * Context: hwIRQ, softIRQ and process context ++/* Context: hwIRQ, softIRQ and process context + */ +-static void ++void + _ieee80211_free_node(struct ieee80211_node *ni) + { + struct ieee80211vap *vap = ni->ni_vap; +@@ -1373,117 +1351,36 @@ + + if (vap->iv_aid_bitmap != NULL) + IEEE80211_AID_CLR(vap, ni->ni_associd); +- if (nt != NULL) { +- TAILQ_REMOVE(&nt->nt_node, ni, ni_list); +- LIST_REMOVE(ni, ni_hash); +- } ++ + vap->iv_ic->ic_node_free(ni); + } ++EXPORT_SYMBOL(_ieee80211_free_node); + +-void +-#ifdef IEEE80211_DEBUG_REFCNT +-ieee80211_free_node_debug(struct ieee80211_node *ni, const char *func, int line) +-#else +-ieee80211_free_node(struct ieee80211_node *ni) +-#endif ++static void _reset_node(void *arg, struct ieee80211_node *ni) + { +- struct ieee80211_node_table *nt = ni->ni_table; +- struct ieee80211com *ic = ni->ni_ic; ++ if (ni->ni_associd != 0) { ++ struct ieee80211vap *vap = ni->ni_vap; + +-#ifdef IEEE80211_DEBUG_REFCNT +- IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, +- "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, +- ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni) - 1); +-#endif +- /* +- * XXX: may need to lock out the following race. we dectestref +- * and determine it's time to free the node. between the if() +- * and lock, we take an rx intr to receive a frame from this +- * node. the rx path (tasklet or intr) bumps this node's +- * refcnt and xmits a response frame. eventually that response +- * will get reaped, and the reaping code will attempt to use +- * the node. the code below will delete the node prior +- * to the reap and we could get a crash. +- * +- * as a stopgap before delving deeper, lock intrs to +- * prevent this case. +- */ +- IEEE80211_LOCK_IRQ(ic); +- if (ieee80211_node_dectestref(ni)) { +- /* +- * Beware; if the node is marked gone then it's already +- * been removed from the table and we cannot assume the +- * table still exists. Regardless, there's no need to lock +- * the table. +- */ +- if (ni->ni_table != NULL) { +- IEEE80211_NODE_LOCK(nt); +- _ieee80211_free_node(ni); +- IEEE80211_NODE_UNLOCK(nt); +- } else +- _ieee80211_free_node(ni); ++ if (vap->iv_auth->ia_node_leave != NULL) ++ vap->iv_auth->ia_node_leave(ni); ++ if (vap->iv_aid_bitmap != NULL) ++ IEEE80211_AID_CLR(vap, ni->ni_associd); + } +- IEEE80211_UNLOCK_IRQ(ic); +-} +-#ifdef IEEE80211_DEBUG_REFCNT +-EXPORT_SYMBOL(ieee80211_free_node_debug); +-#else +-EXPORT_SYMBOL(ieee80211_free_node); +-#endif +- +-/* +- * Reclaim a node. If this is the last reference count then +- * do the normal free work. Otherwise remove it from the node +- * table and mark it gone by clearing the back-reference. +- */ +-static void +-node_reclaim(struct ieee80211_node_table *nt, struct ieee80211_node *ni) +-{ + +- IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, +- "%s: remove %p<%s> from %s table, refcnt %d\n", +- __func__, ni, ether_sprintf(ni->ni_macaddr), +- nt->nt_name, ieee80211_node_refcnt(ni)-1); +- if (!ieee80211_node_dectestref(ni)) { +- /* +- * Other references are present, just remove the +- * node from the table so it cannot be found. When +- * the references are dropped storage will be +- * reclaimed. This normally only happens for ic_bss. +- */ +- TAILQ_REMOVE(&nt->nt_node, ni, ni_list); +- LIST_REMOVE(ni, ni_hash); +- ni->ni_table = NULL; /* clear reference */ +- } else +- _ieee80211_free_node(ni); ++ ieee80211_node_leave(ni); + } + + static void + ieee80211_node_table_reset(struct ieee80211_node_table *nt, +- struct ieee80211vap *match) ++ struct ieee80211vap *vap) + { +- struct ieee80211_node *ni, *next; +- +- IEEE80211_NODE_LOCK_IRQ(nt); +- TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { +- if (match != NULL && ni->ni_vap != match) +- continue; +- if (ni->ni_associd != 0) { +- struct ieee80211vap *vap = ni->ni_vap; +- +- if (vap->iv_auth->ia_node_leave != NULL) +- vap->iv_auth->ia_node_leave(ni); +- if (vap->iv_aid_bitmap != NULL) +- IEEE80211_AID_CLR(vap, ni->ni_associd); +- } +- node_reclaim(nt, ni); +- } +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ ieee80211_iterate_dev_nodes(vap->iv_dev, nt, _reset_node, NULL); + } + + static void + ieee80211_node_table_cleanup(struct ieee80211_node_table *nt) + { ++ struct ieee80211com *ic = nt->nt_ic; + struct ieee80211_node *ni, *next; + + TAILQ_FOREACH_SAFE(ni, &nt->nt_node, ni_list, next) { +@@ -1495,11 +1392,11 @@ + if (vap->iv_aid_bitmap != NULL) + IEEE80211_AID_CLR(vap, ni->ni_associd); + } +- node_reclaim(nt, ni); ++ ic->ic_node_cleanup(ni); + } + del_timer(&nt->nt_wds_aging_timer); + IEEE80211_SCAN_LOCK_DESTROY(nt); +- IEEE80211_NODE_LOCK_DESTROY(nt); ++ IEEE80211_NODE_TABLE_LOCK_DESTROY(nt); + } + + /* +@@ -1527,19 +1424,22 @@ + IEEE80211_SCAN_LOCK_IRQ(nt); + gen = ++nt->nt_scangen; + restart: +- IEEE80211_NODE_LOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { + if (ni->ni_scangen == gen) /* previously handled */ + continue; ++ /* Temporary entries should no longer be in the node table */ + /* + * Ignore entries for which have yet to receive an + * authentication frame. These are transient and + * will be reclaimed when the last reference to them + * goes away (when frame xmits complete). + */ +- if (ic->ic_opmode == IEEE80211_M_HOSTAP && +- (ni->ni_flags & IEEE80211_NODE_AREF) == 0) +- continue; ++ /* ++ *if (ic->ic_opmode == IEEE80211_M_HOSTAP && ++ * (ni->ni_flags & IEEE80211_NODE_AREF) == 0) ++ * continue; ++ */ + ni->ni_scangen = gen; + /* + * Free fragment if not needed anymore +@@ -1591,7 +1491,7 @@ + * ref for us as needed. + */ + ieee80211_ref_node(ni); +- IEEE80211_NODE_UNLOCK_IRQ_EARLY(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ_EARLY(nt); + ieee80211_send_nulldata(ni); + /* XXX stat? */ + goto restart; +@@ -1614,18 +1514,18 @@ + */ + ni->ni_vap->iv_stats.is_node_timeout++; + ieee80211_ref_node(ni); +- IEEE80211_NODE_UNLOCK_IRQ_EARLY(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ_EARLY(nt); + if (ni->ni_associd != 0) { + IEEE80211_SEND_MGMT(ni, + IEEE80211_FC0_SUBTYPE_DEAUTH, + IEEE80211_REASON_AUTH_EXPIRE); + } + ieee80211_node_leave(ni); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + goto restart; + } + } +- IEEE80211_NODE_UNLOCK_IRQ(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + + IEEE80211_SCAN_UNLOCK_IRQ(nt); + } +@@ -1660,21 +1560,23 @@ + + IEEE80211_SCAN_LOCK_IRQ(nt); + gen = ++nt->nt_scangen; ++ + restart: +- IEEE80211_NODE_LOCK(nt); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); + TAILQ_FOREACH(ni, &nt->nt_node, ni_list) { + if (dev != NULL && ni->ni_vap->iv_dev != dev) + continue; /* skip node not for this vap */ + if (ni->ni_scangen != gen) { + ni->ni_scangen = gen; + (void) ieee80211_ref_node(ni); +- IEEE80211_NODE_UNLOCK(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ_EARLY(nt); + (*f)(arg, ni); +- ieee80211_free_node(ni); ++ ++ ieee80211_unref_node(&ni); + goto restart; + } + } +- IEEE80211_NODE_UNLOCK(nt); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); + + IEEE80211_SCAN_UNLOCK_IRQ(nt); + } +@@ -1948,9 +1850,20 @@ + "station with aid %d leaves (refcnt %u)", + IEEE80211_NODE_AID(ni), ieee80211_node_refcnt(ni)); + ++ /* From this point onwards we can no longer find the node, ++ * so no more references are generated ++ */ ++ ieee80211_remove_wds_addr(nt, ni->ni_macaddr); ++ ieee80211_del_wds_node(nt, ni); ++ IEEE80211_NODE_TABLE_LOCK_IRQ(nt); ++ _node_table_leave(nt, ni); ++ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); ++ + /* + * If node wasn't previously associated all + * we need to do is reclaim the reference. ++ * This also goes for nodes that are auth'ed but ++ * not associated. + */ + /* XXX ibss mode bypasses 11g and notification */ + if (ni->ni_associd == 0) +@@ -1968,9 +1881,11 @@ + IEEE80211_LOCK_IRQ(ic); + if (vap->iv_aid_bitmap != NULL) + IEEE80211_AID_CLR(vap, ni->ni_associd); ++ + ni->ni_associd = 0; + vap->iv_sta_assoc--; + ic->ic_sta_assoc--; ++ + #ifdef ATH_SUPERG_XR + if (ni->ni_vap->iv_flags & IEEE80211_F_XR) + ic->ic_xr_sta_assoc--; +@@ -1981,6 +1896,7 @@ + if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan)) + ieee80211_node_leave_11g(ni); + IEEE80211_UNLOCK_IRQ(ic); ++ + /* + * Cleanup station state. In particular clear various + * state that might otherwise be reused if the node +@@ -1990,19 +1906,10 @@ + ieee80211_sta_leave(ni); + done: + /* +- * Remove the node from any table it's recorded in and +- * drop the caller's reference. Removal from the table +- * is important to ensure the node is not reprocessed +- * for inactivity. +- */ +- if (nt != NULL) { +- IEEE80211_NODE_LOCK_IRQ(nt); +- node_reclaim(nt, ni); +- IEEE80211_NODE_UNLOCK_IRQ(nt); +- ieee80211_remove_wds_addr(nt,ni->ni_macaddr); +- ieee80211_del_wds_node(nt,ni); +- } else +- ieee80211_free_node(ni); ++ * Run a cleanup and then drop the caller's reference ++ */ ++ ic->ic_node_cleanup(ni); ++ ieee80211_unref_node(&ni); + } + EXPORT_SYMBOL(ieee80211_node_leave); + +@@ -2062,25 +1969,8 @@ + void + ieee80211_node_reset(struct ieee80211_node *ni, struct ieee80211vap *vap) + { +- if (ni != NULL) { +- struct ieee80211_node_table *nt = ni->ni_table; +- if (!nt) +- nt = &vap->iv_ic->ic_sta; +- IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); +- ni->ni_prev_vap = ni->ni_vap; +- ni->ni_vap = vap; +- ni->ni_ic = vap->iv_ic; +- /* +- * if node not found in the node table +- * add it to the node table . +- */ +- if(nt && ieee80211_find_node(nt, ni->ni_macaddr) != ni) { +- int hash = IEEE80211_NODE_HASH(ni->ni_macaddr); +- IEEE80211_NODE_LOCK_IRQ(nt); +- TAILQ_INSERT_TAIL(&nt->nt_node, ni, ni_list); +- LIST_INSERT_HEAD(&nt->nt_hash[hash], ni, ni_hash); +- ni->ni_table = nt; +- IEEE80211_NODE_UNLOCK_IRQ(nt); +- } +- } ++ IEEE80211_ADDR_COPY(ni->ni_bssid, vap->iv_bss->ni_bssid); ++ ni->ni_prev_vap = ni->ni_vap; ++ ni->ni_vap = vap; ++ ni->ni_ic = vap->iv_ic; + } +diff -ur madwifi.old/net80211/ieee80211_node.h madwifi.dev/net80211/ieee80211_node.h +--- madwifi.old/net80211/ieee80211_node.h 2007-03-06 11:59:28.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_node.h 2007-05-21 08:10:46.869753416 +0200 +@@ -52,14 +52,14 @@ + * authorized. The latter timeout is shorter to more aggressively + * reclaim nodes that leave part way through the 802.1x exchange. + */ +-#define IEEE80211_INACT_WAIT 15 /* inactivity interval (secs) */ ++#define IEEE80211_INACT_WAIT 15 /* inactivity interval (secs) */ + #define IEEE80211_INACT_INIT (30/IEEE80211_INACT_WAIT) /* initial */ + #define IEEE80211_INACT_AUTH (180/IEEE80211_INACT_WAIT) /* associated but not authorized */ + #define IEEE80211_INACT_RUN (300/IEEE80211_INACT_WAIT) /* authorized */ + #define IEEE80211_INACT_PROBE (30/IEEE80211_INACT_WAIT) /* probe */ + #define IEEE80211_INACT_SCAN (300/IEEE80211_INACT_WAIT) /* scanned */ + +-#define IEEE80211_TRANS_WAIT 5 /* mgt frame tx timer (secs) */ ++#define IEEE80211_TRANS_WAIT 5 /* mgt frame tx timer (secs) */ + + #define IEEE80211_NODE_HASHSIZE 32 + /* simple hash is enough for variation of macaddr */ +@@ -94,7 +94,8 @@ + struct ieee80211_node_table *ni_table; + TAILQ_ENTRY(ieee80211_node) ni_list; + LIST_ENTRY(ieee80211_node) ni_hash; +- atomic_t ni_refcnt; ++ // ieee80211_node_lock_t ni_nodelock; /* on node - notably for ref counting */ ++ ieee80211_node_ref_count_t ni_refcnt; + u_int ni_scangen; /* gen# for timeout scan */ + u_int8_t ni_authmode; /* authentication algorithm */ + u_int16_t ni_flags; /* special-purpose state */ +@@ -121,13 +122,13 @@ + u_int16_t ni_associd; /* assoc response */ + u_int16_t ni_txpower; /* current transmit power (in 0.5 dBm) */ + u_int16_t ni_vlan; /* vlan tag */ +- u_int32_t *ni_challenge; /* shared-key challenge */ ++ u_int32_t *ni_challenge; /* shared-key challenge */ + u_int8_t *ni_wpa_ie; /* captured WPA ie */ + u_int8_t *ni_rsn_ie; /* captured RSN ie */ + u_int8_t *ni_wme_ie; /* captured WME ie */ + u_int8_t *ni_ath_ie; /* captured Atheros ie */ +- u_int16_t ni_txseqs[17]; /* tx seq per-tid */ +- u_int16_t ni_rxseqs[17]; /* rx seq previous per-tid*/ ++ u_int16_t ni_txseqs[17]; /* tx seq per-tid */ ++ u_int16_t ni_rxseqs[17]; /* rx seq previous per-tid*/ + u_int32_t ni_rxfragstamp; /* time stamp of last rx frag */ + struct sk_buff *ni_rxfrag; /* rx frag reassembly */ + struct ieee80211_rsnparms ni_rsn; /* RSN/WPA parameters */ +@@ -156,7 +157,7 @@ + struct ieee80211_channel *ni_chan; + u_int16_t ni_fhdwell; /* FH only */ + u_int8_t ni_fhindex; /* FH only */ +- u_int8_t ni_erp; /* ERP from beacon/probe resp */ ++ u_int8_t ni_erp; /* ERP from beacon/probe resp */ + u_int16_t ni_timoff; /* byte offset to TIM ie */ + + /* others */ +@@ -168,7 +169,7 @@ + struct ieee80211vap *ni_prev_vap; /* previously associated vap */ + u_int8_t ni_uapsd; /* U-APSD per-node flags matching WMM STA Qos Info field */ + u_int8_t ni_uapsd_maxsp; /* maxsp from flags above */ +- u_int16_t ni_uapsd_trigseq[WME_NUM_AC]; /* trigger suppression on retry */ ++ u_int16_t ni_uapsd_trigseq[WME_NUM_AC]; /* trigger suppression on retry */ + __le16 ni_pschangeseq; + }; + MALLOC_DECLARE(M_80211_NODE); +@@ -186,20 +187,6 @@ + #define WME_UAPSD_NODE_INVALIDSEQ 0xffff + #define WME_UAPSD_NODE_TRIGSEQINIT(_ni) (memset(&(_ni)->ni_uapsd_trigseq[0], 0xff, sizeof((_ni)->ni_uapsd_trigseq))) + +-static __inline struct ieee80211_node * +-ieee80211_ref_node(struct ieee80211_node *ni) +-{ +- ieee80211_node_incref(ni); +- return ni; +-} +- +-static __inline void +-ieee80211_unref_node(struct ieee80211_node **ni) +-{ +- ieee80211_node_decref(*ni); +- *ni = NULL; /* guard against use */ +-} +- + void ieee80211_node_attach(struct ieee80211com *); + void ieee80211_node_detach(struct ieee80211com *); + void ieee80211_node_vattach(struct ieee80211vap *); +@@ -242,43 +229,39 @@ + * is a second table for associated stations or neighbors. + */ + struct ieee80211_node_table { ++ const char *nt_name; /* for debugging */ + struct ieee80211com *nt_ic; /* back reference */ +- ieee80211_node_lock_t nt_nodelock; /* on node table */ ++ ieee80211_node_table_lock_t nt_nodelock; /* on node table */ + TAILQ_HEAD(, ieee80211_node) nt_node; /* information of all nodes */ + ATH_LIST_HEAD(, ieee80211_node) nt_hash[IEEE80211_NODE_HASHSIZE]; + ATH_LIST_HEAD(, ieee80211_wds_addr) nt_wds_hash[IEEE80211_NODE_HASHSIZE]; +- const char *nt_name; /* for debugging */ + ieee80211_scan_lock_t nt_scanlock; /* on nt_scangen */ + u_int nt_scangen; /* gen# for timeout scan */ + int nt_inact_init; /* initial node inact setting */ + struct timer_list nt_wds_aging_timer; /* timer to age out wds entries */ + }; + +-struct ieee80211_node *ieee80211_alloc_node(struct ieee80211_node_table *, +- struct ieee80211vap *, const u_int8_t *); +-struct ieee80211_node *ieee80211_tmp_node(struct ieee80211vap *, +- const u_int8_t *); +-struct ieee80211_node *ieee80211_dup_bss(struct ieee80211vap *, ++struct ieee80211_node *ieee80211_alloc_node_table(struct ieee80211vap *, + const u_int8_t *); ++struct ieee80211_node *ieee80211_dup_bss(struct ieee80211vap *, ++ const u_int8_t *, unsigned char); + void ieee80211_node_reset(struct ieee80211_node *, struct ieee80211vap *); + #ifdef IEEE80211_DEBUG_REFCNT +-void ieee80211_free_node_debug(struct ieee80211_node *, const char *, int); + struct ieee80211_node *ieee80211_find_node_debug(struct ieee80211_node_table *, + const u_int8_t *, const char *, int); + struct ieee80211_node *ieee80211_find_rxnode_debug(struct ieee80211com *, + const struct ieee80211_frame_min *, const char *, int); + struct ieee80211_node *ieee80211_find_txnode_debug(struct ieee80211vap *, + const u_int8_t *, const char *, int); +-#define ieee80211_free_node(ni) \ +- ieee80211_free_node_debug(ni, __func__, __LINE__) +-#define ieee80211_find_node(nt, mac) \ +- ieee80211_find_node_debug(nt, mac, __func__, __LINE__) +-#define ieee80211_find_rxnode(nt, wh) \ +- ieee80211_find_rxnode_debug(nt, wh, __func__, __LINE__) +-#define ieee80211_find_txnode(nt, mac) \ +- ieee80211_find_txnode_debug(nt, mac, __func__, __LINE__) ++#define ieee80211_unref_node(_ni) \ ++ ieee80211_unref_node_debug(_ni, __func__, __LINE__) ++#define ieee80211_find_node(_nt, _mac) \ ++ ieee80211_find_node_debug(_nt, _mac, __func__, __LINE__) ++#define ieee80211_find_rxnode(_nt, _wh) \ ++ ieee80211_find_rxnode_debug(_nt, _wh, __func__, __LINE__) ++#define ieee80211_find_txnode(_nt, _mac) \ ++ ieee80211_find_txnode_debug(_nt, _mac, __func__, __LINE__) + #else +-void ieee80211_free_node(struct ieee80211_node *); + + struct ieee80211_node *ieee80211_find_node(struct ieee80211_node_table *, + const u_int8_t *); +@@ -287,6 +270,53 @@ + struct ieee80211_node *ieee80211_find_txnode(struct ieee80211vap *, + const u_int8_t *); + #endif ++ ++void _ieee80211_free_node(struct ieee80211_node *); ++ ++static __inline struct ieee80211_node * ++ieee80211_ref_node(struct ieee80211_node *ni) ++{ ++ ieee80211_node_incref(ni); ++ return ni; ++} ++ ++static __inline struct ieee80211_node * ++_ieee80211_pass_node(struct ieee80211_node **pni) { ++ struct ieee80211_node *tmp = *pni; ++ *pni = NULL; ++ return (tmp); ++} ++ ++#define PASS_NODE(_ni) \ ++ _ieee80211_pass_node(&_ni) ++ ++static __inline int ++_ieee80211_unref_node(struct ieee80211_node *ni) { ++ if (ieee80211_node_dectestref(ni)) { ++ _ieee80211_free_node(ni); ++ return 1; ++ } else { ++ return 0; ++ } ++} ++ ++static __inline void ++#ifdef IEEE80211_DEBUG_REFCNT ++ieee80211_unref_node_debug(struct ieee80211_node **pni, const char *func, int line) ++#else ++ieee80211_unref_node(struct ieee80211_node **pni) ++#endif ++{ ++ struct ieee80211_node *ni = *pni; ++#ifdef IEEE80211_DEBUG_REFCNT ++ IEEE80211_DPRINTF(ni->ni_vap, IEEE80211_MSG_NODE, ++ "%s (%s:%u) %p<%s> refcnt %d\n", __func__, func, line, ni, ++ ether_sprintf(ni->ni_macaddr), ieee80211_node_refcnt(ni) - 1); ++#endif ++ _ieee80211_unref_node(ni); ++ *pni = NULL; /* guard against use */ ++} ++ + int ieee80211_add_wds_addr(struct ieee80211_node_table *, struct ieee80211_node *, + const u_int8_t *, u_int8_t); + void ieee80211_remove_wds_addr(struct ieee80211_node_table *, const u_int8_t *); +diff -ur madwifi.old/net80211/ieee80211_output.c madwifi.dev/net80211/ieee80211_output.c +--- madwifi.old/net80211/ieee80211_output.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_output.c 2007-05-21 08:10:46.870753264 +0200 +@@ -254,7 +254,7 @@ + goto bad; + } + +- cb->ni = ni; ++ cb->ni = ieee80211_ref_node(ni); + + /* power-save checks */ + if (WME_UAPSD_AC_CAN_TRIGGER(skb->priority, ni)) { +@@ -293,13 +293,14 @@ + } + #endif + ieee80211_parent_queue_xmit(skb); ++ ieee80211_unref_node(&ni); + return 0; + + bad: + if (skb != NULL) + dev_kfree_skb(skb); + if (ni != NULL) +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + return 0; + } + +@@ -453,7 +454,7 @@ + if (skb == NULL) { + /* XXX debug msg */ + vap->iv_stats.is_tx_nobuf++; +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + return -ENOMEM; + } + cb = (struct ieee80211_cb *)skb->cb; +@@ -507,16 +508,14 @@ + u_int8_t *frm; + int tid; + +- ieee80211_ref_node(ni); + skb = ieee80211_getmgtframe(&frm, 2); + if (skb == NULL) { + /* XXX debug msg */ + vap->iv_stats.is_tx_nobuf++; +- ieee80211_free_node(ni); + return -ENOMEM; + } + cb = (struct ieee80211_cb *)skb->cb; +- cb->ni = ni; ++ cb->ni = ieee80211_ref_node(ni); + + skb->priority = ac; + qwh = (struct ieee80211_qosframe *)skb_push(skb, sizeof(struct ieee80211_qosframe)); +@@ -865,7 +864,7 @@ + nt = &ic->ic_sta; + ni_wds = ieee80211_find_wds_node(nt, eh.ether_shost); + if (ni_wds) +- ieee80211_free_node(ni_wds); /* Decr ref count */ ++ ieee80211_unref_node(&ni_wds); /* Decr ref count */ + else + ieee80211_add_wds_addr(nt, ni, eh.ether_shost, 0); + } +@@ -1719,7 +1718,6 @@ + __func__, __LINE__, + ni, ether_sprintf(ni->ni_macaddr), + ieee80211_node_refcnt(ni) + 1); +- ieee80211_ref_node(ni); + + /* + * prreq frame format +@@ -1735,7 +1733,6 @@ + vap->app_ie[IEEE80211_APPIE_FRAME_PROBE_REQ].length); + if (skb == NULL) { + vap->iv_stats.is_tx_nobuf++; +- ieee80211_free_node(ni); + return -ENOMEM; + } + +@@ -1758,7 +1755,7 @@ + skb_trim(skb, frm - skb->data); + + cb = (struct ieee80211_cb *)skb->cb; +- cb->ni = ni; ++ cb->ni = ieee80211_ref_node(ni); + + wh = (struct ieee80211_frame *) + skb_push(skb, sizeof(struct ieee80211_frame)); +@@ -2234,7 +2231,7 @@ + mod_timer(&vap->iv_mgtsend, jiffies + timer * HZ); + return 0; + bad: +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + return ret; + #undef senderr + } +diff -ur madwifi.old/net80211/ieee80211_power.c madwifi.dev/net80211/ieee80211_power.c +--- madwifi.old/net80211/ieee80211_power.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_power.c 2007-05-21 08:10:46.870753264 +0200 +@@ -109,13 +109,15 @@ + int + ieee80211_node_saveq_drain(struct ieee80211_node *ni) + { ++ struct ieee80211_cb *cb = NULL; + struct sk_buff *skb; + int qlen; + + IEEE80211_NODE_SAVEQ_LOCK(ni); + qlen = skb_queue_len(&ni->ni_savedq); + while ((skb = __skb_dequeue(&ni->ni_savedq)) != NULL) { +- ieee80211_free_node(ni); ++ cb = (struct ieee80211_cb *) skb->cb; ++ ieee80211_unref_node(&cb->ni); + dev_kfree_skb_any(skb); + } + IEEE80211_NODE_SAVEQ_UNLOCK(ni); +diff -ur madwifi.old/net80211/ieee80211_proto.c madwifi.dev/net80211/ieee80211_proto.c +--- madwifi.old/net80211/ieee80211_proto.c 2006-12-08 18:20:08.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_proto.c 2007-05-21 08:10:46.871753112 +0200 +@@ -1456,7 +1456,7 @@ + */ + if (vap->iv_opmode == IEEE80211_M_WDS) { + struct ieee80211_node *wds_ni; +- wds_ni = ieee80211_alloc_node(&ic->ic_sta, vap, vap->wds_mac); ++ wds_ni = ieee80211_alloc_node_table(vap, vap->wds_mac); + if (wds_ni != NULL) { + if (ieee80211_add_wds_addr(&ic->ic_sta, wds_ni, vap->wds_mac, 1) == 0) { + ieee80211_node_authorize(wds_ni); +diff -ur madwifi.old/net80211/ieee80211_var.h madwifi.dev/net80211/ieee80211_var.h +--- madwifi.old/net80211/ieee80211_var.h 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_var.h 2007-05-21 08:12:01.499407984 +0200 +@@ -44,6 +44,8 @@ + + #include + ++struct ieee80211vap; ++ + #include + #include + #include +@@ -115,7 +117,6 @@ + * the underlying device and the net80211 layer is exposed here; + * e.g. device-specific callbacks. + */ +-struct ieee80211vap; + + struct ieee80211com { + struct net_device *ic_dev; /* associated device */ +@@ -236,8 +237,7 @@ + /* new station association callback/notification */ + void (*ic_newassoc)(struct ieee80211_node *, int); + /* node state management */ +- struct ieee80211_node *(*ic_node_alloc)(struct ieee80211_node_table *, +- struct ieee80211vap *); ++ struct ieee80211_node *(*ic_node_alloc)(struct ieee80211vap *); + void (*ic_node_free)(struct ieee80211_node *); + void (*ic_node_cleanup)(struct ieee80211_node *); + u_int8_t (*ic_node_getrssi)(const struct ieee80211_node *); +diff -ur madwifi.old/net80211/ieee80211_wireless.c madwifi.dev/net80211/ieee80211_wireless.c +--- madwifi.old/net80211/ieee80211_wireless.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_wireless.c 2007-05-21 08:10:46.874752656 +0200 +@@ -3186,7 +3186,7 @@ + error = -ENXIO; + ieee80211_key_update_end(vap); + if (ni != NULL) +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + #ifdef ATH_SUPERG_XR + /* set the same params on the xr vap device if exists */ + if (vap->iv_xrvap && !(vap->iv_flags & IEEE80211_F_XR)) +@@ -3246,7 +3246,7 @@ + memset(ik.ik_keydata, 0, sizeof(ik.ik_keydata)); + } + if (ni != NULL) +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + return (copy_to_user(iwr->u.data.pointer, &ik, sizeof(ik)) ? -EFAULT : 0); + } + +@@ -3271,7 +3271,7 @@ + return -ENOENT; /* No such entity is a more appropriate error */ + /* XXX error return */ + ieee80211_crypto_delkey(vap, &ni->ni_ucastkey, ni); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } else { + if (kix >= IEEE80211_WEP_NKID) + return -EINVAL; +@@ -3382,7 +3382,7 @@ + return -EINVAL; + if (dev == ni->ni_vap->iv_dev) + domlme(mlme, ni); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + } else + ieee80211_iterate_dev_nodes(dev, &ic->ic_sta, domlme, mlme); + break; +@@ -3401,7 +3401,7 @@ + ieee80211_node_authorize(ni); + else + ieee80211_node_unauthorize(ni); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + break; + case IEEE80211_MLME_CLEAR_STATS: + if (vap->iv_opmode != IEEE80211_M_HOSTAP) +@@ -3412,7 +3412,7 @@ + + /* clear statistics */ + memset(&ni->ni_stats, 0, sizeof(struct ieee80211_nodestats)); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + break; + default: + return -EINVAL; +@@ -3785,7 +3785,7 @@ + ielen = sizeof(wpaie.rsn_ie); + memcpy(wpaie.rsn_ie, ni->ni_rsn_ie, ielen); + } +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + return (copy_to_user(iwr->u.data.pointer, &wpaie, sizeof(wpaie)) ? + -EFAULT : 0); + } +@@ -3813,7 +3813,7 @@ + /* NB: copy out only the statistics */ + error = copy_to_user(iwr->u.data.pointer + off, &ni->ni_stats, + iwr->u.data.length - off); +- ieee80211_free_node(ni); ++ ieee80211_unref_node(&ni); + return (error ? -EFAULT : 0); + } + diff --git a/package/madwifi/patches/101-fix_typo.patch b/package/madwifi/patches/101-fix_typo.patch deleted file mode 100644 index acad71ebe..000000000 --- a/package/madwifi/patches/101-fix_typo.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath_hal/ah_os.h madwifi-ng-refcount-r2313-20070505.dev/ath_hal/ah_os.h ---- madwifi-ng-refcount-r2313-20070505.old/ath_hal/ah_os.h 2007-05-04 02:10:06.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath_hal/ah_os.h 2007-05-13 18:17:55.040201656 +0200 -@@ -149,7 +149,7 @@ - (0x4000 <= (_reg) && (_reg) < 0x5000) ? \ - writel((_val), (_ah)->ah_sh + (_reg)) : \ - ({__raw_writel((_val), (_ah)->ah_sh + (_reg)); \ -- mb(); }); -+ mb(); }); \ - } while (0) - #define _OS_REG_READ(_ah, _reg) \ - ((0x4000 <= (_reg) && (_reg) < 0x5000) ? \ diff --git a/package/madwifi/patches/106-minstrel_crash.patch b/package/madwifi/patches/106-minstrel_crash.patch deleted file mode 100644 index b6dfae2b9..000000000 --- a/package/madwifi/patches/106-minstrel_crash.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath_rate/minstrel/minstrel.c madwifi-ng-refcount-r2313-20070505.dev/ath_rate/minstrel/minstrel.c ---- madwifi-ng-refcount-r2313-20070505.old/ath_rate/minstrel/minstrel.c 2007-04-25 22:29:55.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath_rate/minstrel/minstrel.c 2007-05-13 18:17:55.533126720 +0200 -@@ -543,6 +543,9 @@ - unsigned int i, column_index; - int newIndex; - u_int8_t random_bytes[12]; -+ -+ if (num_sample_rates < 0) -+ return; - - for(column_index = 0; column_index < MINSTREL_COLUMNS; column_index++) { - for (i = 0; i <= IEEE80211_RATE_MAXSIZE; i++) diff --git a/package/madwifi/patches/111-wds_fix_PR_914.patch b/package/madwifi/patches/111-wds_fix_PR_914.patch deleted file mode 100644 index 282b38576..000000000 --- a/package/madwifi/patches/111-wds_fix_PR_914.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c 2007-05-04 23:09:29.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c 2007-05-13 18:17:55.697101792 +0200 -@@ -981,11 +981,11 @@ - ieee80211_del_wds_node(struct ieee80211_node_table *nt, struct ieee80211_node *ni) - { - int hash; -- struct ieee80211_wds_addr *wds; -+ struct ieee80211_wds_addr *wds, *next; - - IEEE80211_NODE_TABLE_LOCK_IRQ(nt); - for (hash = 0; hash < IEEE80211_NODE_HASHSIZE; hash++) { -- LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) { -+ LIST_FOREACH_SAFE(wds, &nt->nt_wds_hash[hash], wds_hash, next) { - if (wds->wds_ni == ni) { - LIST_REMOVE(wds, wds_hash); - ieee80211_unref_node(&wds->wds_ni); -@@ -1002,11 +1002,11 @@ - { - struct ieee80211_node_table *nt = (struct ieee80211_node_table *)data; - int hash; -- struct ieee80211_wds_addr *wds; -+ struct ieee80211_wds_addr *wds, *next; - - IEEE80211_NODE_TABLE_LOCK_IRQ(nt); - for (hash = 0; hash < IEEE80211_NODE_HASHSIZE; hash++) { -- LIST_FOREACH(wds, &nt->nt_wds_hash[hash], wds_hash) { -+ LIST_FOREACH_SAFE(wds, &nt->nt_wds_hash[hash], wds_hash, next) { - if (wds->wds_agingcount != WDS_AGING_STATIC) { - if (!wds->wds_agingcount) { - LIST_REMOVE(wds, wds_hash); diff --git a/package/madwifi/patches/112-keycache_PR_962.patch b/package/madwifi/patches/112-keycache_PR_962.patch index e8ca188ef..c923a3dba 100644 --- a/package/madwifi/patches/112-keycache_PR_962.patch +++ b/package/madwifi/patches/112-keycache_PR_962.patch @@ -1,20 +1,20 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c ---- madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c 2007-05-13 18:17:55.691102704 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c 2007-05-13 18:17:55.783088720 +0200 -@@ -5704,7 +5704,8 @@ +diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c +--- madwifi.old/ath/if_ath.c 2007-05-21 07:33:42.392925296 +0200 ++++ madwifi.dev/ath/if_ath.c 2007-05-21 07:35:51.933232176 +0200 +@@ -5660,7 +5660,8 @@ * frame; it'll be dropped where it's not wanted. */ - if (ds->ds_rxstat.rs_keyix != HAL_RXKEYIX_INVALID && -- (ni = sc->sc_keyixmap[ds->ds_rxstat.rs_keyix]) != NULL) { -+ (ni = sc->sc_keyixmap[ds->ds_rxstat.rs_keyix]) != NULL && -+ ieee80211_check_rxnode(ni, (const struct ieee80211_frame_min *) skb->data)) { + if (rs->rs_keyix != HAL_RXKEYIX_INVALID && +- (ni = sc->sc_keyixmap[rs->rs_keyix]) != NULL) { ++ ((ni = sc->sc_keyixmap[rs->rs_keyix]) != NULL) && ++ ieee80211_check_rxnode(ni, (const struct ieee80211_frame_min *) skb->data)) { struct ath_node *an; /* * Fast path: node is present in the key map; -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c 2007-05-13 18:17:55.773090240 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c 2007-05-13 18:17:55.784088568 +0200 -@@ -1268,8 +1268,6 @@ +diff -ur madwifi.old/net80211/ieee80211_node.c madwifi.dev/net80211/ieee80211_node.c +--- madwifi.old/net80211/ieee80211_node.c 2007-05-21 07:33:42.371928488 +0200 ++++ madwifi.dev/net80211/ieee80211_node.c 2007-05-21 07:34:13.689167544 +0200 +@@ -1272,8 +1272,6 @@ IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); return ni; @@ -23,7 +23,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwi } #ifdef IEEE80211_DEBUG_REFCNT EXPORT_SYMBOL(ieee80211_find_rxnode_debug); -@@ -1277,6 +1275,20 @@ +@@ -1281,6 +1279,20 @@ EXPORT_SYMBOL(ieee80211_find_rxnode); #endif @@ -44,10 +44,10 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwi /* * Return a reference to the appropriate node for sending * a data frame. This handles node discovery in adhoc networks. -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.h ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.h 2007-04-04 04:39:58.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.h 2007-05-13 18:17:55.784088568 +0200 -@@ -318,6 +318,8 @@ +diff -ur madwifi.old/net80211/ieee80211_node.h madwifi.dev/net80211/ieee80211_node.h +--- madwifi.old/net80211/ieee80211_node.h 2007-05-21 07:33:42.372928336 +0200 ++++ madwifi.dev/net80211/ieee80211_node.h 2007-05-21 07:34:13.689167544 +0200 +@@ -317,6 +317,8 @@ *pni = NULL; /* guard against use */ } diff --git a/package/madwifi/patches/114-fix_ff_corruption.patch b/package/madwifi/patches/114-fix_ff_corruption.patch deleted file mode 100644 index 9d47648d1..000000000 --- a/package/madwifi/patches/114-fix_ff_corruption.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_output.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_output.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_output.c 2007-04-25 22:29:55.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_output.c 2007-05-13 18:17:55.947063792 +0200 -@@ -942,7 +942,7 @@ - llc->llc_snap.org_code[0] = 0; - llc->llc_snap.org_code[1] = 0; - llc->llc_snap.org_code[2] = 0; -- llc->llc_snap.ether_type = eh.ether_type; -+ llc->llc_snap.ether_type = eh2.ether_type; - - eh_inter = (struct ether_header *) skb_push(skb2, sizeof(struct ether_header)); - if (eh_inter == NULL) { -@@ -952,7 +952,7 @@ - return NULL; - } - -- memcpy(eh_inter, &eh2, sizeof(struct ether_header) - sizeof eh.ether_type); -+ memcpy(eh_inter, &eh2, sizeof(struct ether_header) - sizeof eh2.ether_type); - eh_inter->ether_type = htons(payload); - - /* variable length pad */ diff --git a/package/madwifi/patches/115-PR_1270_fix.patch b/package/madwifi/patches/115-PR_1270_fix.patch deleted file mode 100644 index f175da899..000000000 --- a/package/madwifi/patches/115-PR_1270_fix.patch +++ /dev/null @@ -1,104 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_input.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c 2007-05-04 02:10:06.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_input.c 2007-05-13 18:17:56.027051632 +0200 -@@ -2854,7 +2854,7 @@ - IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); - memcpy(ni->ni_tstamp.data, scan.tstamp, - sizeof(ni->ni_tstamp)); -- ni->ni_intval = scan.bintval; -+ ni->ni_intval = IEEE80211_BINTVAL_SANITISE(scan.bintval); - ni->ni_capinfo = scan.capinfo; - ni->ni_chan = ic->ic_curchan; - ni->ni_fhdwell = scan.fhdwell; -@@ -3279,7 +3279,7 @@ - ni->ni_rssi = rssi; - ni->ni_rstamp = rstamp; - ni->ni_last_rx = jiffies; -- ni->ni_intval = bintval; -+ ni->ni_intval = IEEE80211_BINTVAL_SANITISE(bintval); - ni->ni_capinfo = capinfo; - ni->ni_chan = ic->ic_curchan; - ni->ni_fhdwell = vap->iv_bss->ni_fhdwell; -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c 2007-05-13 18:17:55.862076712 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c 2007-05-13 18:17:56.028051480 +0200 -@@ -658,7 +658,7 @@ - memcpy(ni->ni_essid, se->se_ssid + 2, ni->ni_esslen); - ni->ni_rstamp = se->se_rstamp; - ni->ni_tstamp.tsf = se->se_tstamp.tsf; -- ni->ni_intval = se->se_intval; -+ ni->ni_intval = IEEE80211_BINTVAL_SANITISE(se->se_intval); - ni->ni_capinfo = se->se_capinfo; - ni->ni_chan = se->se_chan; - ni->ni_timoff = se->se_timoff; -@@ -1191,7 +1191,7 @@ - memcpy(ni->ni_essid, sp->ssid + 2, sp->ssid[1]); - IEEE80211_ADDR_COPY(ni->ni_bssid, wh->i_addr3); - memcpy(ni->ni_tstamp.data, sp->tstamp, sizeof(ni->ni_tstamp)); -- ni->ni_intval = sp->bintval; -+ ni->ni_intval = IEEE80211_BINTVAL_SANITISE(sp->bintval); - ni->ni_capinfo = sp->capinfo; - ni->ni_chan = ic->ic_curchan; - ni->ni_fhdwell = sp->fhdwell; -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_scan.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_scan.h ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_scan.h 2007-04-04 04:39:58.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_scan.h 2007-05-13 18:17:56.029051328 +0200 -@@ -131,7 +131,7 @@ - u_int8_t bchan; - u_int8_t fhindex; - u_int8_t erp; -- u_int8_t bintval; -+ u_int16_t bintval; - u_int8_t timoff; - u_int8_t *tim; - u_int8_t *tstamp; -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_var.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_var.h ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_var.h 2007-04-25 22:29:55.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_var.h 2007-05-13 18:17:56.029051328 +0200 -@@ -61,6 +61,12 @@ - #define IEEE80211_BINTVAL_MAX 500 /* max beacon interval (TU's) */ - #define IEEE80211_BINTVAL_MIN 25 /* min beacon interval (TU's) */ - #define IEEE80211_BINTVAL_DEFAULT 100 /* default beacon interval (TU's) */ -+#define IEEE80211_BINTVAL_VALID(_bi) \ -+ ((IEEE80211_BINTVAL_MIN <= (_bi)) && \ -+ ((_bi) <= IEEE80211_BINTVAL_MAX)) -+#define IEEE80211_BINTVAL_SANITISE(_bi) \ -+ (IEEE80211_BINTVAL_VALID(_bi) ? \ -+ (_bi) : IEEE80211_BINTVAL_DEFAULT) - - #define IEEE80211_BGSCAN_INTVAL_MIN 15 /* min bg scan intvl (secs) */ - #define IEEE80211_BGSCAN_INTVAL_DEFAULT (5*60) /* default bg scan intvl */ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_wireless.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_wireless.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_wireless.c 2007-05-04 02:10:06.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_wireless.c 2007-05-13 18:17:56.031051024 +0200 -@@ -1271,12 +1271,16 @@ - case IW_POWER_UNICAST_R: - case IW_POWER_ALL_R: - case IW_POWER_ON: -- ic->ic_flags |= IEEE80211_F_PMGTON; -- -+ if (wrq->flags & IW_POWER_PERIOD) { -+ if (IEEE80211_BINTVAL_VALID(wrq->value)) -+ ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value); -+ else -+ return -EINVAL; -+ } - if (wrq->flags & IW_POWER_TIMEOUT) - ic->ic_holdover = IEEE80211_MS_TO_TU(wrq->value); -- if (wrq->flags & IW_POWER_PERIOD) -- ic->ic_lintval = IEEE80211_MS_TO_TU(wrq->value); -+ -+ ic->ic_flags |= IEEE80211_F_PMGTON; - break; - default: - return -EINVAL; -@@ -2364,8 +2368,7 @@ - if (vap->iv_opmode != IEEE80211_M_HOSTAP && - vap->iv_opmode != IEEE80211_M_IBSS) - return -EINVAL; -- if (IEEE80211_BINTVAL_MIN <= value && -- value <= IEEE80211_BINTVAL_MAX) { -+ if (IEEE80211_BINTVAL_VALID(value)) { - ic->ic_lintval = value; /* XXX multi-bss */ - retv = ENETRESET; /* requires restart */ - } else diff --git a/package/madwifi/patches/116-adhoc_beacon_PR_1033.patch b/package/madwifi/patches/116-adhoc_beacon_PR_1033.patch index 92a147c1b..76bd8de54 100644 --- a/package/madwifi/patches/116-adhoc_beacon_PR_1033.patch +++ b/package/madwifi/patches/116-adhoc_beacon_PR_1033.patch @@ -1,7 +1,7 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c ---- madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c 2007-05-13 18:17:55.862076712 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c 2007-05-13 18:17:56.119037648 +0200 -@@ -4411,16 +4411,31 @@ +diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c +--- madwifi.old/ath/if_ath.c 2007-05-21 07:33:42.392925296 +0200 ++++ madwifi.dev/ath/if_ath.c 2007-05-21 07:39:50.536958896 +0200 +@@ -4359,16 +4359,31 @@ struct ieee80211com *ic = &sc->sc_ic; struct ath_hal *ah = sc->sc_ah; struct ieee80211_node *ni; @@ -37,7 +37,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* XXX conditionalize multi-bss support? */ if (ic->ic_opmode == IEEE80211_M_HOSTAP) { /* -@@ -4434,20 +4449,61 @@ +@@ -4382,20 +4397,61 @@ if (sc->sc_stagbeacons) intval /= ATH_BCBUF; /* for staggered beacons */ if ((sc->sc_nostabeacons) && @@ -108,7 +108,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun int dtimperiod, dtimcount; int cfpperiod, cfpcount; -@@ -4463,13 +4519,13 @@ +@@ -4411,13 +4467,13 @@ dtimcount = 0; /* XXX? */ cfpperiod = 1; /* NB: no PCF support yet */ cfpcount = 0; @@ -125,7 +125,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun do { nexttbtt += intval; if (--dtimcount < 0) { -@@ -4477,7 +4533,7 @@ +@@ -4425,7 +4481,7 @@ if (--cfpcount < 0) cfpcount = cfpperiod - 1; } @@ -134,16 +134,16 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun #undef FUDGE memset(&bs, 0, sizeof(bs)); bs.bs_intval = intval; -@@ -4529,7 +4585,7 @@ +@@ -4477,7 +4533,7 @@ DPRINTF(sc, ATH_DEBUG_BEACON, "%s: tsf %llu tsf:tu %u intval %u nexttbtt %u dtim %u nextdtim %u bmiss %u sleep %u cfp:period %u maxdur %u next %u timoffset %u\n", __func__, -- (long long) tsf, tsftu, -+ (long long) hw_tsf, hw_tsftu, +- (unsigned long long) tsf, tsftu, ++ (unsigned long long) hw_tsf, hw_tsftu, bs.bs_intval, bs.bs_nexttbtt, bs.bs_dtimperiod, -@@ -4548,7 +4604,7 @@ +@@ -4496,7 +4552,7 @@ ath_hal_intrset(ah, sc->sc_imask); } else { ath_hal_intrset(ah, 0); @@ -152,7 +152,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun intval |= HAL_BEACON_RESET_TSF; if (ic->ic_opmode == IEEE80211_M_IBSS) { /* -@@ -4585,8 +4641,40 @@ +@@ -4533,8 +4589,40 @@ if (ic->ic_opmode == IEEE80211_M_IBSS && sc->sc_hasveol) ath_beacon_start_adhoc(sc, vap); } diff --git a/package/madwifi/patches/117-node_rates.patch b/package/madwifi/patches/117-node_rates.patch deleted file mode 100644 index 1f2bede8e..000000000 --- a/package/madwifi/patches/117-node_rates.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c 2007-05-13 18:17:56.107039472 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c 2007-05-13 18:17:56.202025032 +0200 -@@ -919,6 +919,7 @@ - - ni->ni_vap = vap; - ni->ni_ic = ic; -+ ni->ni_rates = ic->ic_sup_rates[ieee80211_chan2mode(ic->ic_curchan)]; - } else { - /* XXX msg */ - vap->iv_stats.is_rx_nodealloc++; diff --git a/package/madwifi/patches/118-txstop_workaround.patch b/package/madwifi/patches/118-txstop_workaround.patch index 8cab1a439..8719a6d8b 100644 --- a/package/madwifi/patches/118-txstop_workaround.patch +++ b/package/madwifi/patches/118-txstop_workaround.patch @@ -1,7 +1,7 @@ diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c ---- madwifi.old/ath/if_ath.c 2007-05-21 05:40:18.320301560 +0200 -+++ madwifi.dev/ath/if_ath.c 2007-05-21 05:49:40.132893064 +0200 -@@ -2264,6 +2264,17 @@ +--- madwifi.old/ath/if_ath.c 2007-05-21 07:45:03.185429104 +0200 ++++ madwifi.dev/ath/if_ath.c 2007-05-21 07:45:55.867420224 +0200 +@@ -2206,6 +2206,17 @@ txq->axq_link = &lastds->ds_link; ath_hal_txstart(ah, txq->axq_qnum); sc->sc_dev->trans_start = jiffies; @@ -19,18 +19,18 @@ diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c } ATH_TXQ_UNLOCK(txq); -@@ -7299,6 +7310,7 @@ +@@ -7246,6 +7257,7 @@ + __func__, ds); #else ds = bf->bf_desc; /* NB: last descriptor */ - #endif + sc->sc_tx_start = 0; - status = ath_hal_txprocdesc(ah, ds); - #ifdef AR_DEBUG - if (sc->sc_debug & ATH_DEBUG_XMIT_DESC) + #endif + ts = &bf->bf_dsstatus.ds_txstat; + status = ath_hal_txprocdesc(ah, ds, ts); diff -ur madwifi.old/ath/if_athvar.h madwifi.dev/ath/if_athvar.h ---- madwifi.old/ath/if_athvar.h 2007-05-04 23:09:29.000000000 +0200 -+++ madwifi.dev/ath/if_athvar.h 2007-05-21 05:40:32.958076280 +0200 -@@ -689,6 +689,14 @@ +--- madwifi.old/ath/if_athvar.h 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/ath/if_athvar.h 2007-05-21 07:45:37.720179024 +0200 +@@ -684,6 +684,14 @@ #endif u_int sc_slottimeconf; /* manual override for slottime */ int16_t sc_channoise; /* Measured noise of current channel (dBm) */ diff --git a/package/madwifi/patches/200-no_debug.patch b/package/madwifi/patches/200-no_debug.patch index 9daeb90e9..d7b5ae417 100644 --- a/package/madwifi/patches/200-no_debug.patch +++ b/package/madwifi/patches/200-no_debug.patch @@ -34,12 +34,12 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath_rate/amrr/amrr.c madwifi-ng diff -urN madwifi-ng-refcount-r2313-20070505.old/ath_rate/minstrel/minstrel.c madwifi-ng-refcount-r2313-20070505.dev/ath_rate/minstrel/minstrel.c --- madwifi-ng-refcount-r2313-20070505.old/ath_rate/minstrel/minstrel.c 2007-05-13 18:17:55.605115776 +0200 +++ madwifi-ng-refcount-r2313-20070505.dev/ath_rate/minstrel/minstrel.c 2007-05-13 18:17:56.458985968 +0200 -@@ -117,7 +117,7 @@ +@@ -116,7 +116,7 @@ + #include "minstrel.h" - /* XXX: Use standard debug functions */ --#define MINSTREL_DEBUG 10 -+#undef MINSTREL_DEBUG +-#define MINSTREL_DEBUG ++#undef MINSTREL_DEBUG #ifdef MINSTREL_DEBUG enum { ATH_DEBUG_RATE = 0x00000010 /* rate control */ @@ -104,16 +104,14 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_proto.h madw diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_var.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_var.h --- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_var.h 2007-05-13 18:17:56.107039472 +0200 +++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_var.h 2007-05-13 18:17:56.461985512 +0200 -@@ -35,8 +35,8 @@ - #ifndef _NET80211_IEEE80211_VAR_H_ - #define _NET80211_IEEE80211_VAR_H_ - +@@ -37,7 +37,7 @@ + /* + * Definitions for IEEE 802.11 drivers. + */ -#define IEEE80211_DEBUG --#define IEEE80211_DEBUG_REFCNT /* Node reference count debugging */ +#undef IEEE80211_DEBUG -+#undef IEEE80211_DEBUG_REFCNT /* Node reference count debugging */ + #undef IEEE80211_DEBUG_REFCNT /* node refcnt stuff */ - /* Definitions for IEEE 802.11 drivers. */ #include diff -urN madwifi-ng-refcount-r2313-20070505.old/tools/do_multi.c madwifi-ng-refcount-r2313-20070505.dev/tools/do_multi.c --- madwifi-ng-refcount-r2313-20070505.old/tools/do_multi.c 2007-05-13 18:17:55.192178552 +0200 diff --git a/package/madwifi/patches/300-napi_polling.patch b/package/madwifi/patches/300-napi_polling.patch index 0f3efe833..5a547938b 100644 --- a/package/madwifi/patches/300-napi_polling.patch +++ b/package/madwifi/patches/300-napi_polling.patch @@ -1,7 +1,7 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c ---- madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c 2007-05-13 18:17:56.576968032 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c 2007-05-13 18:17:56.594965296 +0200 -@@ -170,7 +170,7 @@ +diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c +--- madwifi.old/ath/if_ath.c 2007-05-21 07:49:54.571131744 +0200 ++++ madwifi.dev/ath/if_ath.c 2007-05-21 07:51:40.208072488 +0200 +@@ -167,7 +167,7 @@ int, u_int32_t); static void ath_setdefantenna(struct ath_softc *, u_int); static struct ath_txq *ath_txq_setup(struct ath_softc *, int, int); @@ -10,7 +10,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun static int ath_hardstart(struct sk_buff *, struct net_device *); static int ath_mgtstart(struct ieee80211com *, struct sk_buff *); #ifdef ATH_SUPERG_COMP -@@ -420,7 +420,6 @@ +@@ -417,7 +417,6 @@ ATH_TXBUF_LOCK_INIT(sc); ATH_RXBUF_LOCK_INIT(sc); @@ -18,7 +18,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun ATH_INIT_TQUEUE(&sc->sc_txtq, ath_tx_tasklet, dev); ATH_INIT_TQUEUE(&sc->sc_bmisstq, ath_bmiss_tasklet, dev); ATH_INIT_TQUEUE(&sc->sc_bstucktq, ath_bstuck_tasklet, dev); -@@ -674,6 +673,8 @@ +@@ -665,6 +664,8 @@ dev->set_mac_address = ath_set_mac_address; dev->change_mtu = ath_change_mtu; dev->tx_queue_len = ATH_TXBUF - 1; /* 1 for mgmt frame */ @@ -27,7 +27,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun #ifdef USE_HEADERLEN_RESV dev->hard_header_len += sizeof(struct ieee80211_qosframe) + sizeof(struct llc) + -@@ -1645,6 +1646,7 @@ +@@ -1635,6 +1636,7 @@ */ ath_hal_getisr(ah, &status); /* NB: clears ISR too */ DPRINTF(sc, ATH_DEBUG_INTR, "%s: status 0x%x\n", __func__, status); @@ -35,7 +35,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun status &= sc->sc_imask; /* discard unasked for bits */ if (status & HAL_INT_FATAL) { sc->sc_stats.ast_hardware++; -@@ -1684,7 +1686,12 @@ +@@ -1674,7 +1676,12 @@ * might take too long to fire */ ath_hal_process_noisefloor(ah); sc->sc_channoise = ath_hal_get_channel_noise(ah, &(sc->sc_curchan)); @@ -49,7 +49,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun } if (status & HAL_INT_TX) { #ifdef ATH_SUPERG_DYNTURBO -@@ -1710,6 +1717,11 @@ +@@ -1700,6 +1707,11 @@ } } #endif @@ -59,9 +59,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun + sc->sc_imask &= ~HAL_INT_TX; + ATH_SCHEDULE_TQUEUE(&sc->sc_txtq, &needmark); - sc->sc_tx_start = 0; } -@@ -2221,12 +2233,13 @@ + if (status & HAL_INT_BMISS) { +@@ -2162,12 +2174,13 @@ * Insert the frame on the outbound list and * pass it on to the hardware. */ @@ -76,7 +76,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun ath_hal_intrset(ah, sc->sc_imask & ~HAL_INT_SWBA); ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); DPRINTF(sc, ATH_DEBUG_TX_PROC, "%s: txq depth = %d\n", __func__, txq->axq_depth); -@@ -2242,6 +2255,7 @@ +@@ -2183,6 +2196,7 @@ ito64(bf->bf_daddr), bf->bf_desc); } txq->axq_link = &lastds->ds_link; @@ -84,8 +84,8 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun ath_hal_intrset(ah, sc->sc_imask); } else { ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); -@@ -2275,7 +2289,7 @@ - sc->sc_tx_start = jiffies; +@@ -2218,7 +2232,7 @@ + } } } - ATH_TXQ_UNLOCK(txq); @@ -93,7 +93,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun sc->sc_devstats.tx_packets++; sc->sc_devstats.tx_bytes += framelen; -@@ -2426,8 +2440,14 @@ +@@ -2369,8 +2383,14 @@ unsigned int pktlen; int framecnt; @@ -109,7 +109,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun bf_ff = TAILQ_LAST(&txq->axq_stageq, axq_headtype); if ((!bf_ff) || ath_ff_flushdonetest(txq, bf_ff)) { -@@ -2441,7 +2461,7 @@ +@@ -2384,7 +2404,7 @@ ATH_NODE(ni)->an_tx_ffbuf[bf_ff->bf_skb->priority] = NULL; TAILQ_REMOVE(&txq->axq_stageq, bf_ff, bf_stagelist); @@ -118,7 +118,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* encap and xmit */ bf_ff->bf_skb = ieee80211_encap(ni, bf_ff->bf_skb, &framecnt); -@@ -2462,15 +2482,16 @@ +@@ -2405,15 +2425,16 @@ } bf_ff->bf_node = NULL; @@ -138,7 +138,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun bf = STAILQ_FIRST(&sc->sc_txbuf); \ if (bf != NULL) { \ STAILQ_REMOVE_HEAD(&sc->sc_txbuf, bf_list); \ -@@ -2485,10 +2506,21 @@ +@@ -2428,11 +2449,23 @@ sc->sc_devstopped = 1; \ ATH_SCHEDULE_TQUEUE(&sc->sc_txtq, NULL); \ } \ @@ -159,17 +159,11 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun "%s: discard, no xmit buf\n", __func__); \ + ATH_TXQ_UNLOCK_BH(txq); \ sc->sc_stats.ast_tx_nobuf++; \ - goto hardstart_fail; \ - } -@@ -2490,6 +2490,7 @@ - DPRINTF(sc,ATH_DEBUG_XMIT, \ - "%s: discard, no xmit buf\n", __func__); \ - sc->sc_stats.ast_tx_nobuf++; \ + goto hardstart_fail; \ } /* -@@ -2552,6 +2584,7 @@ +@@ -2494,6 +2527,7 @@ if (M_FLAG_GET(skb, M_UAPSD)) { /* bypass FF handling */ ATH_HARDSTART_GET_TX_BUF_WITH_LOCK; @@ -177,7 +171,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun if (bf == NULL) goto hardstart_fail; goto ff_bypass; -@@ -2573,7 +2606,7 @@ +@@ -2515,7 +2549,7 @@ /* NB: use this lock to protect an->an_ff_txbuf in athff_can_aggregate() * call too. */ @@ -186,7 +180,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun if (athff_can_aggregate(sc, eh, an, skb, vap->iv_fragthreshold, &ff_flush)) { if (an->an_tx_ffbuf[skb->priority]) { /* i.e., frame on the staging queue */ -@@ -2583,7 +2616,7 @@ +@@ -2525,7 +2559,7 @@ TAILQ_REMOVE(&txq->axq_stageq, bf, bf_stagelist); an->an_tx_ffbuf[skb->priority] = NULL; @@ -195,7 +189,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* * chain skbs and add FF magic -@@ -2610,6 +2643,7 @@ +@@ -2552,6 +2586,7 @@ * to give the buffer back. */ ATH_HARDSTART_GET_TX_BUF_WITH_LOCK; @@ -203,7 +197,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun if (bf == NULL) { ATH_TXQ_UNLOCK(txq); goto hardstart_fail; -@@ -2624,7 +2658,7 @@ +@@ -2566,7 +2601,7 @@ TAILQ_INSERT_HEAD(&txq->axq_stageq, bf, bf_stagelist); @@ -212,7 +206,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun return 0; } -@@ -2635,7 +2669,7 @@ +@@ -2577,7 +2612,7 @@ TAILQ_REMOVE(&txq->axq_stageq, bf_ff, bf_stagelist); an->an_tx_ffbuf[skb->priority] = NULL; @@ -221,7 +215,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* encap and xmit */ bf_ff->bf_skb = ieee80211_encap(ni, bf_ff->bf_skb, &framecnt); -@@ -2665,9 +2699,9 @@ +@@ -2607,9 +2642,9 @@ } bf_ff->bf_node = NULL; @@ -233,7 +227,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun goto ff_flushdone; } /* -@@ -2676,14 +2677,13 @@ +@@ -2619,14 +2654,13 @@ else if (an->an_tx_ffbuf[skb->priority]) { DPRINTF(sc, ATH_DEBUG_XMIT | ATH_DEBUG_FF, "%s: Out-Of-Order fast-frame\n", __func__); @@ -251,7 +245,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun } ff_bypass: -@@ -2691,6 +2725,7 @@ +@@ -2634,6 +2668,7 @@ #else /* ATH_SUPERG_FF */ ATH_HARDSTART_GET_TX_BUF_WITH_LOCK; @@ -259,7 +253,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun #endif /* ATH_SUPERG_FF */ -@@ -2712,7 +2747,7 @@ +@@ -2655,7 +2690,7 @@ * Allocate 1 ath_buf for each frame given 1 was * already alloc'd */ @@ -268,7 +262,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun for (bfcnt = 1; bfcnt < framecnt; ++bfcnt) { if ((tbf = STAILQ_FIRST(&sc->sc_txbuf)) != NULL) { STAILQ_REMOVE_HEAD(&sc->sc_txbuf, bf_list); -@@ -2733,11 +2768,11 @@ +@@ -2676,11 +2711,11 @@ STAILQ_INSERT_TAIL(&sc->sc_txbuf, tbf, bf_list); } } @@ -282,7 +276,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun while ((bf = STAILQ_FIRST(&bf_head)) != NULL && skb != NULL) { unsigned int nextfraglen = 0; -@@ -2773,7 +2808,7 @@ +@@ -2716,7 +2751,7 @@ hardstart_fail: if (!STAILQ_EMPTY(&bf_head)) { @@ -291,7 +285,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun STAILQ_FOREACH_SAFE(tbf, &bf_head, bf_list, tempbf) { tbf->bf_skb = NULL; tbf->bf_node = NULL; -@@ -2783,7 +2818,7 @@ +@@ -2726,7 +2761,7 @@ STAILQ_INSERT_TAIL(&sc->sc_txbuf, tbf, bf_list); } @@ -300,7 +294,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun } /* free sk_buffs */ -@@ -2826,7 +2861,7 @@ +@@ -2769,7 +2804,7 @@ /* * Grab a TX buffer and associated resources. */ @@ -309,7 +303,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun bf = STAILQ_FIRST(&sc->sc_txbuf); if (bf != NULL) STAILQ_REMOVE_HEAD(&sc->sc_txbuf, bf_list); -@@ -2837,7 +2872,7 @@ +@@ -2780,7 +2815,7 @@ sc->sc_devstopped=1; ATH_SCHEDULE_TQUEUE(&sc->sc_txtq, NULL); } @@ -318,7 +312,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun if (bf == NULL) { printk("ath_mgtstart: discard, no xmit buf\n"); sc->sc_stats.ast_tx_nobufmgt++; -@@ -2866,9 +2901,9 @@ +@@ -2809,9 +2844,9 @@ bf->bf_skb = NULL; bf->bf_node = NULL; @@ -330,7 +324,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun } dev_kfree_skb_any(skb); skb = NULL; -@@ -3336,10 +3371,10 @@ +@@ -3279,10 +3314,10 @@ * * XXX Using in_softirq is not right since we might * be called from other soft irq contexts than @@ -343,7 +337,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun netif_stop_queue(dev); } -@@ -3352,7 +3387,7 @@ +@@ -3295,7 +3330,7 @@ DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s:\n", __func__); netif_start_queue(dev); if (!in_softirq()) /* NB: see above */ @@ -352,7 +346,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun } /* -@@ -4912,9 +4947,9 @@ +@@ -4861,9 +4896,9 @@ bf->bf_node = NULL; bf->bf_desc->ds_link = 0; @@ -364,7 +358,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun an->an_uapsd_overflowqdepth--; } -@@ -5585,13 +5620,12 @@ +@@ -5542,13 +5577,12 @@ sc->sc_rxotherant = 0; } @@ -380,7 +374,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun struct ath_buf *bf; struct ath_softc *sc = dev->priv; struct ieee80211com *ic = &sc->sc_ic; -@@ -5602,11 +5636,15 @@ +@@ -5560,11 +5594,15 @@ unsigned int len; int type; u_int phyerr; @@ -396,7 +390,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun do { bf = STAILQ_FIRST(&sc->sc_rxbuf); if (bf == NULL) { /* XXX ??? can this happen */ -@@ -5630,6 +5668,13 @@ +@@ -5588,6 +5626,13 @@ /* NB: never process the self-linked entry at the end */ break; } @@ -410,15 +404,15 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun skb = bf->bf_skb; if (skb == NULL) { /* XXX ??? can this happen */ printk("%s: no skbuff (%s)\n", dev->name, __func__); -@@ -5668,6 +5668,7 @@ +@@ -5626,6 +5671,7 @@ sc->sc_stats.ast_rx_phyerr++; - phyerr = ds->ds_rxstat.rs_phyerr & 0x1f; + phyerr = rs->rs_phyerr & 0x1f; sc->sc_stats.ast_rx_phy[phyerr]++; + goto rx_next; } - if (ds->ds_rxstat.rs_status & HAL_RXERR_DECRYPT) { + if (rs->rs_status & HAL_RXERR_DECRYPT) { /* -@@ -5878,6 +5923,25 @@ +@@ -5829,9 +5875,29 @@ STAILQ_INSERT_TAIL(&sc->sc_rxbuf, bf, bf_list); ATH_RXBUF_UNLOCK_IRQ(sc); } while (ath_rxbuf_init(sc, bf) == 0); @@ -444,15 +438,11 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* rx signal state monitoring */ ath_hal_rxmonitor(ah, &sc->sc_halstats, &sc->sc_curchan); -@@ -5885,6 +5949,7 @@ - sc->sc_rtasksched = 1; - schedule_work(&sc->sc_radartask); - } + return early_stop; #undef PA2DESC } -@@ -6160,22 +6225,22 @@ +@@ -6107,22 +6173,22 @@ } } @@ -479,7 +469,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun bf->bf_skbaddr = bus_map_single(sc->sc_bdev, skb->data, skb->len, BUS_DMA_TODEVICE); -@@ -6641,9 +6706,9 @@ +@@ -6588,9 +6654,9 @@ dev_kfree_skb(lastbuf->bf_skb); lastbuf->bf_skb = NULL; ieee80211_unref_node(&lastbuf->bf_node); @@ -491,7 +481,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* * move oldest from overflow to delivery -@@ -7462,9 +7527,6 @@ +@@ -7411,9 +7477,6 @@ if (sc->sc_reapcount > ATH_TXBUF_FREE_THRESHOLD) { if (!sc->sc_dfswait) netif_start_queue(sc->sc_dev); @@ -501,7 +491,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun sc->sc_reapcount = 0; sc->sc_devstopped = 0; } else -@@ -7499,11 +7561,22 @@ +@@ -7448,11 +7511,22 @@ struct net_device *dev = (struct net_device *)data; struct ath_softc *sc = dev->priv; @@ -524,7 +514,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun netif_wake_queue(dev); if (sc->sc_softled) -@@ -7520,6 +7593,7 @@ +@@ -7469,6 +7543,7 @@ struct net_device *dev = (struct net_device *)data; struct ath_softc *sc = dev->priv; @@ -532,7 +522,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* * Process each active queue. */ -@@ -7540,6 +7614,16 @@ +@@ -7489,6 +7564,16 @@ if (sc->sc_uapsdq && txqactive(sc->sc_ah, sc->sc_uapsdq->axq_qnum)) ath_tx_processq(sc, sc->sc_uapsdq); @@ -549,7 +539,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun netif_wake_queue(dev); if (sc->sc_softled) -@@ -7557,6 +7641,7 @@ +@@ -7506,6 +7591,7 @@ unsigned int i; /* Process each active queue. */ @@ -557,7 +547,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun for (i = 0; i < HAL_NUM_TX_QUEUES; i++) if (ATH_TXQ_SETUP(sc, i) && txqactive(sc->sc_ah, i)) ath_tx_processq(sc, &sc->sc_txq[i]); -@@ -7565,6 +7650,16 @@ +@@ -7514,6 +7600,16 @@ ath_tx_processq(sc, sc->sc_xrtxq); #endif @@ -574,7 +564,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun netif_wake_queue(dev); if (sc->sc_softled) -@@ -7662,6 +7663,7 @@ +@@ -7612,6 +7708,7 @@ ath_draintxq(struct ath_softc *sc) { struct ath_hal *ah = sc->sc_ah; @@ -582,7 +572,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun unsigned int i; /* XXX return value */ -@@ -9221,9 +9316,9 @@ +@@ -9144,9 +9241,9 @@ dev->mtu = mtu; if ((dev->flags & IFF_RUNNING) && !sc->sc_invalid) { /* NB: the rx buffers may need to be reallocated */ @@ -594,10 +584,10 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun } ATH_UNLOCK(sc); -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refcount-r2313-20070505.dev/ath/if_athvar.h ---- madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h 2007-05-13 18:17:56.363000560 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath/if_athvar.h 2007-05-13 18:17:56.595965144 +0200 -@@ -47,6 +47,10 @@ +diff -ur madwifi.old/ath/if_athvar.h madwifi.dev/ath/if_athvar.h +--- madwifi.old/ath/if_athvar.h 2007-05-21 07:49:54.563132960 +0200 ++++ madwifi.dev/ath/if_athvar.h 2007-05-21 07:50:22.814838048 +0200 +@@ -48,6 +48,10 @@ #include "if_athioctl.h" #include "net80211/ieee80211.h" /* XXX for WME_NUM_AC */ @@ -608,7 +598,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc /* * Deduce if tasklets are available. If not then * fall back to using the immediate work queue. -@@ -477,8 +481,12 @@ +@@ -478,8 +482,12 @@ #define ATH_TXQ_LOCK_DESTROY(_tq) #define ATH_TXQ_LOCK(_tq) spin_lock(&(_tq)->axq_lock) #define ATH_TXQ_UNLOCK(_tq) spin_unlock(&(_tq)->axq_lock) @@ -623,7 +613,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc #define ATH_TXQ_LOCK_IRQ(_tq) do { \ unsigned long __axq_lockflags; \ spin_lock_irqsave(&(_tq)->axq_lock, __axq_lockflags); -@@ -627,7 +635,6 @@ +@@ -623,7 +631,6 @@ struct ath_buf *sc_rxbufcur; /* current rx buffer */ u_int32_t *sc_rxlink; /* link ptr in last RX desc */ spinlock_t sc_rxbuflock; @@ -631,7 +621,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc struct ATH_TQ_STRUCT sc_rxorntq; /* rxorn intr tasklet */ u_int8_t sc_defant; /* current default antenna */ u_int8_t sc_rxotherant; /* rx's on non-default antenna*/ -@@ -640,6 +647,7 @@ +@@ -636,6 +643,7 @@ u_int sc_txintrperiod; /* tx interrupt batching */ struct ath_txq sc_txq[HAL_NUM_TX_QUEUES]; struct ath_txq *sc_ac2q[WME_NUM_AC]; /* WME AC -> h/w qnum */ @@ -639,7 +629,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc struct ATH_TQ_STRUCT sc_txtq; /* tx intr tasklet */ u_int8_t sc_grppoll_str[GRPPOLL_RATE_STR_LEN]; struct ath_descdma sc_bdma; /* beacon descriptors */ -@@ -706,8 +714,12 @@ +@@ -701,8 +709,12 @@ #define ATH_TXBUF_LOCK_DESTROY(_sc) #define ATH_TXBUF_LOCK(_sc) spin_lock(&(_sc)->sc_txbuflock) #define ATH_TXBUF_UNLOCK(_sc) spin_unlock(&(_sc)->sc_txbuflock) @@ -654,7 +644,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc #define ATH_TXBUF_LOCK_IRQ(_sc) do { \ unsigned long __txbuflockflags; \ spin_lock_irqsave(&(_sc)->sc_txbuflock, __txbuflockflags); -@@ -725,8 +737,12 @@ +@@ -720,8 +732,12 @@ #define ATH_RXBUF_LOCK_DESTROY(_sc) #define ATH_RXBUF_LOCK(_sc) spin_lock(&(_sc)->sc_rxbuflock) #define ATH_RXBUF_UNLOCK(_sc) spin_unlock(&(_sc)->sc_rxbuflock) @@ -669,7 +659,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc #define ATH_RXBUF_LOCK_IRQ(_sc) do { \ unsigned long __rxbuflockflags; \ spin_lock_irqsave(&(_sc)->sc_rxbuflock, __rxbuflockflags); -@@ -736,6 +752,8 @@ +@@ -731,6 +747,8 @@ #define ATH_RXBUF_UNLOCK_IRQ_EARLY(_sc) \ spin_unlock_irqrestore(&(_sc)->sc_rxbuflock, __rxbuflockflags); @@ -678,9 +668,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_athvar.h madwifi-ng-refc /* Protects the device from concurrent accesses */ #define ATH_LOCK_INIT(_sc) init_MUTEX(&(_sc)->sc_lock) -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_beacon.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_beacon.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_beacon.c 2007-01-30 05:01:29.000000000 +0100 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_beacon.c 2007-05-13 18:17:56.596964992 +0200 +diff -ur madwifi.old/net80211/ieee80211_beacon.c madwifi.dev/net80211/ieee80211_beacon.c +--- madwifi.old/net80211/ieee80211_beacon.c 2007-01-31 11:41:05.000000000 +0100 ++++ madwifi.dev/net80211/ieee80211_beacon.c 2007-05-21 07:50:22.815837896 +0200 @@ -286,7 +286,7 @@ int len_changed = 0; u_int16_t capinfo; @@ -699,10 +689,10 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_beacon.c mad return len_changed; } -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_input.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c 2007-05-13 18:17:56.106039624 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_input.c 2007-05-13 18:17:56.597964840 +0200 -@@ -1148,8 +1148,9 @@ +diff -ur madwifi.old/net80211/ieee80211_input.c madwifi.dev/net80211/ieee80211_input.c +--- madwifi.old/net80211/ieee80211_input.c 2007-05-21 07:49:54.527138432 +0200 ++++ madwifi.dev/net80211/ieee80211_input.c 2007-05-21 07:50:22.816837744 +0200 +@@ -1155,8 +1155,9 @@ if (ni->ni_vlan != 0 && vap->iv_vlgrp != NULL) { /* attach vlan tag */ vlan_hwaccel_receive_skb(skb, vap->iv_vlgrp, ni->ni_vlan); @@ -714,7 +704,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madw dev->last_rx = jiffies; } } -@@ -3623,9 +3624,9 @@ +@@ -3657,9 +3658,9 @@ } /* Okay, take the first queued packet and put it out... */ @@ -726,9 +716,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madw if (skb == NULL) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_POWER, wh->i_addr2, "%s", "recv ps-poll, but queue empty"); -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_linux.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_linux.h ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_linux.h 2007-05-04 02:10:06.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_linux.h 2007-05-13 18:17:56.598964688 +0200 +diff -ur madwifi.old/net80211/ieee80211_linux.h madwifi.dev/net80211/ieee80211_linux.h +--- madwifi.old/net80211/ieee80211_linux.h 2007-05-21 07:49:54.528138280 +0200 ++++ madwifi.dev/net80211/ieee80211_linux.h 2007-05-21 07:50:22.817837592 +0200 @@ -31,6 +31,10 @@ #include @@ -829,10 +819,10 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_linux.h madw #if (defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK)) && defined(spin_is_locked) #define ACL_LOCK_ASSERT(_as) \ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c 2007-05-13 18:17:56.273014240 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_node.c 2007-05-13 18:17:56.599964536 +0200 -@@ -1567,7 +1567,7 @@ +diff -ur madwifi.old/net80211/ieee80211_node.c madwifi.dev/net80211/ieee80211_node.c +--- madwifi.old/net80211/ieee80211_node.c 2007-05-21 07:49:54.555134176 +0200 ++++ madwifi.dev/net80211/ieee80211_node.c 2007-05-21 07:50:22.818837440 +0200 +@@ -1570,7 +1570,7 @@ struct ieee80211_node *ni; u_int gen; @@ -841,7 +831,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwi gen = ++nt->nt_scangen; restart: -@@ -1587,7 +1587,7 @@ +@@ -1590,7 +1590,7 @@ } IEEE80211_NODE_TABLE_UNLOCK_IRQ(nt); @@ -850,9 +840,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_node.c madwi } EXPORT_SYMBOL(ieee80211_iterate_dev_nodes); -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_power.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_power.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_power.c 2007-04-25 22:29:55.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_power.c 2007-05-13 18:17:56.599964536 +0200 +diff -ur madwifi.old/net80211/ieee80211_power.c madwifi.dev/net80211/ieee80211_power.c +--- madwifi.old/net80211/ieee80211_power.c 2007-05-21 07:49:54.532137672 +0200 ++++ madwifi.dev/net80211/ieee80211_power.c 2007-05-21 07:50:22.818837440 +0200 @@ -147,7 +147,7 @@ #endif struct sk_buff *skb; @@ -901,7 +891,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_power.c madw if (skb == NULL) break; /* -@@ -363,9 +363,9 @@ +@@ -361,9 +361,9 @@ for (;;) { struct sk_buff *skb; @@ -913,9 +903,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_power.c madw if (skb == NULL) break; ieee80211_parent_queue_xmit(skb); -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_proto.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_proto.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_proto.c 2007-05-13 18:17:56.578967728 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_proto.c 2007-05-13 18:17:56.600964384 +0200 +diff -ur madwifi.old/net80211/ieee80211_proto.c madwifi.dev/net80211/ieee80211_proto.c +--- madwifi.old/net80211/ieee80211_proto.c 2007-05-21 07:49:54.574131288 +0200 ++++ madwifi.dev/net80211/ieee80211_proto.c 2007-05-21 07:50:22.819837288 +0200 @@ -635,9 +635,9 @@ { struct ieee80211com *ic = vap->iv_ic; @@ -940,9 +930,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_proto.c madw } } -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_scan_sta.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_scan_sta.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_scan_sta.c 2007-02-01 21:49:37.000000000 +0100 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_scan_sta.c 2007-05-13 18:17:56.601964232 +0200 +diff -ur madwifi.old/net80211/ieee80211_scan_sta.c madwifi.dev/net80211/ieee80211_scan_sta.c +--- madwifi.old/net80211/ieee80211_scan_sta.c 2006-09-20 10:45:13.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_scan_sta.c 2007-05-21 07:50:22.819837288 +0200 @@ -163,9 +163,11 @@ { struct sta_table *st = ss->ss_priv; diff --git a/package/madwifi/patches/308-mlme_fix.patch b/package/madwifi/patches/308-mlme_fix.patch deleted file mode 100644 index 57776bb59..000000000 --- a/package/madwifi/patches/308-mlme_fix.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_wireless.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_wireless.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_wireless.c 2007-05-13 18:17:56.109039168 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_wireless.c 2007-05-13 18:17:56.795934744 +0200 -@@ -3359,7 +3359,7 @@ - if (ieee80211_sta_join(vap, lookup.se)) - while (!vap->iv_nsdone) - IEEE80211_RESCHEDULE(); -- if (vap->iv_nsparams.result) -+ if (!vap->iv_nsparams.result) - return 0; - } - } diff --git a/package/madwifi/patches/309-micfail_detect.patch b/package/madwifi/patches/309-micfail_detect.patch index 2ab07bbed..6eed79384 100644 --- a/package/madwifi/patches/309-micfail_detect.patch +++ b/package/madwifi/patches/309-micfail_detect.patch @@ -1,7 +1,7 @@ -diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c ---- madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c 2007-05-13 18:17:56.785936264 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/ath/if_ath.c 2007-05-13 18:17:56.878922128 +0200 -@@ -5640,6 +5640,7 @@ +diff -ur madwifi.old/ath/if_ath.c madwifi.dev/ath/if_ath.c +--- madwifi.old/ath/if_ath.c 2007-05-21 07:53:37.247279824 +0200 ++++ madwifi.dev/ath/if_ath.c 2007-05-21 07:55:23.290158856 +0200 +@@ -5598,6 +5598,7 @@ u_int phyerr; int processed = 0, early_stop = 0; int rx_limit = dev->quota; @@ -9,16 +9,16 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* Let the 802.11 layer know about the new noise floor */ ic->ic_channoise = sc->sc_channoise; -@@ -5734,32 +5735,16 @@ +@@ -5692,31 +5693,16 @@ } - if (ds->ds_rxstat.rs_status & HAL_RXERR_MIC) { + if (rs->rs_status & HAL_RXERR_MIC) { sc->sc_stats.ast_rx_badmic++; - /* - * Do minimal work required to hand off - * the 802.11 header for notification. - */ - /* XXX frag's and QoS frames */ -- len = ds->ds_rxstat.rs_datalen; +- len = rs->rs_datalen; - if (len >= sizeof (struct ieee80211_frame)) { - bus_dma_sync_single(sc->sc_bdev, - bf->bf_skbaddr, len, @@ -28,8 +28,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun - ieee80211_notify_michael_failure(ic, - (struct ieee80211_frame *) skb->data, - sc->sc_splitmic ? -- ds->ds_rxstat.rs_keyix - 32 : -- ds->ds_rxstat.rs_keyix +- rs->rs_keyix - 32 : rs->rs_keyix - ); -#endif - } @@ -40,15 +39,15 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun * are operating in monitor mode. */ - if(sc->sc_nmonvaps == 0) goto rx_next; -+ if ((ds->ds_rxstat.rs_status & ~HAL_RXERR_MIC) && -+ ((ds->ds_rxstat.rs_status &~ HAL_RXERR_DECRYPT) || ++ if ((rs->rs_status & ~HAL_RXERR_MIC) && ++ ((rs->rs_status &~ HAL_RXERR_DECRYPT) || + (sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR))) + goto rx_next; } rx_accept: /* -@@ -5843,6 +5828,20 @@ - ds->ds_rxstat.rs_rssi); +@@ -5800,6 +5786,20 @@ + rs->rs_rssi); } + /* MIC failure. Drop the packet in any case */ @@ -68,9 +67,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/ath/if_ath.c madwifi-ng-refcoun /* * Locate the node for sender, track state, and then * pass the (referenced) node up to the 802.11 layer -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_ccmp.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_ccmp.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_ccmp.c 2007-04-13 07:53:25.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_ccmp.c 2007-05-13 18:17:56.879921976 +0200 +diff -ur madwifi.old/net80211/ieee80211_crypto_ccmp.c madwifi.dev/net80211/ieee80211_crypto_ccmp.c +--- madwifi.old/net80211/ieee80211_crypto_ccmp.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_crypto_ccmp.c 2007-05-21 07:54:24.892036720 +0200 @@ -78,7 +78,7 @@ static int ccmp_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int ccmp_decap(struct ieee80211_key *, struct sk_buff *, int); @@ -89,9 +88,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_ccmp. { return 1; } -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto.h ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto.h 2007-04-25 22:29:55.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto.h 2007-05-13 18:17:56.880921824 +0200 +diff -ur madwifi.old/net80211/ieee80211_crypto.h madwifi.dev/net80211/ieee80211_crypto.h +--- madwifi.old/net80211/ieee80211_crypto.h 2007-05-04 15:45:58.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_crypto.h 2007-05-21 07:54:24.893036568 +0200 @@ -145,7 +145,7 @@ int (*ic_encap)(struct ieee80211_key *, struct sk_buff *, u_int8_t); int (*ic_decap)(struct ieee80211_key *, struct sk_buff *, int); @@ -114,9 +113,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto.h mad } /* -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_none.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_none.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_none.c 2006-09-20 10:45:13.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_none.c 2007-05-13 18:17:56.880921824 +0200 +diff -ur madwifi.old/net80211/ieee80211_crypto_none.c madwifi.dev/net80211/ieee80211_crypto_none.c +--- madwifi.old/net80211/ieee80211_crypto_none.c 2006-09-20 10:45:13.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_crypto_none.c 2007-05-21 07:54:24.893036568 +0200 @@ -52,7 +52,7 @@ static int none_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int none_decap(struct ieee80211_key *, struct sk_buff *, int); @@ -135,9 +134,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_none. { struct ieee80211vap *vap = k->wk_private; -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_tkip.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_tkip.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_tkip.c 2007-01-30 04:51:52.000000000 +0100 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_tkip.c 2007-05-13 18:17:56.880921824 +0200 +diff -ur madwifi.old/net80211/ieee80211_crypto_tkip.c madwifi.dev/net80211/ieee80211_crypto_tkip.c +--- madwifi.old/net80211/ieee80211_crypto_tkip.c 2007-05-18 13:19:16.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_crypto_tkip.c 2007-05-21 07:54:24.893036568 +0200 @@ -57,7 +57,7 @@ static int tkip_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int tkip_enmic(struct ieee80211_key *, struct sk_buff *, int); @@ -165,9 +164,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_tkip. struct ieee80211vap *vap = ctx->tc_vap; u8 mic[IEEE80211_WEP_MICLEN]; u8 mic0[IEEE80211_WEP_MICLEN]; -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_wep.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_wep.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_wep.c 2006-09-20 10:45:13.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_crypto_wep.c 2007-05-13 18:17:56.881921672 +0200 +diff -ur madwifi.old/net80211/ieee80211_crypto_wep.c madwifi.dev/net80211/ieee80211_crypto_wep.c +--- madwifi.old/net80211/ieee80211_crypto_wep.c 2006-09-20 10:45:13.000000000 +0200 ++++ madwifi.dev/net80211/ieee80211_crypto_wep.c 2007-05-21 07:54:24.894036416 +0200 @@ -54,7 +54,7 @@ static int wep_encap(struct ieee80211_key *, struct sk_buff *, u_int8_t); static int wep_decap(struct ieee80211_key *, struct sk_buff *, int); @@ -186,9 +185,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_crypto_wep.c { return 1; } -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_input.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c 2007-05-13 18:17:56.786936112 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_input.c 2007-05-13 18:17:56.883921368 +0200 +diff -ur madwifi.old/net80211/ieee80211_input.c madwifi.dev/net80211/ieee80211_input.c +--- madwifi.old/net80211/ieee80211_input.c 2007-05-21 07:53:37.249279520 +0200 ++++ madwifi.dev/net80211/ieee80211_input.c 2007-05-21 07:54:24.895036264 +0200 @@ -654,7 +654,7 @@ * Next strip any MSDU crypto bits. */ @@ -198,7 +197,7 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madw IEEE80211_DISCARD_MAC(vap, IEEE80211_MSG_INPUT, ni->ni_macaddr, "data", "%s", "demic error"); IEEE80211_NODE_STAT(ni, rx_demicfail); -@@ -3734,6 +3734,47 @@ +@@ -3778,6 +3778,47 @@ } #endif @@ -246,10 +245,10 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_input.c madw #ifdef IEEE80211_DEBUG /* * Debugging support. -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_linux.c madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_linux.c ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_linux.c 2007-04-25 22:29:55.000000000 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_linux.c 2007-05-13 18:17:56.883921368 +0200 -@@ -309,8 +309,8 @@ +diff -ur madwifi.old/net80211/ieee80211_linux.c madwifi.dev/net80211/ieee80211_linux.c +--- madwifi.old/net80211/ieee80211_linux.c 2007-05-21 07:49:54.528138280 +0200 ++++ madwifi.dev/net80211/ieee80211_linux.c 2007-05-21 07:54:24.896036112 +0200 +@@ -311,8 +311,8 @@ /* TODO: needed parameters: count, keyid, key type, src address, TSC */ snprintf(buf, sizeof(buf), "%s(keyid=%d %scast addr=%s)", tag, @@ -260,9 +259,9 @@ diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_linux.c madw memset(&wrqu, 0, sizeof(wrqu)); wrqu.data.length = strlen(buf); wireless_send_event(dev, IWEVCUSTOM, &wrqu, buf); -diff -urN madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_proto.h madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_proto.h ---- madwifi-ng-refcount-r2313-20070505.old/net80211/ieee80211_proto.h 2007-05-13 18:17:56.579967576 +0200 -+++ madwifi-ng-refcount-r2313-20070505.dev/net80211/ieee80211_proto.h 2007-05-13 18:17:56.884921216 +0200 +diff -ur madwifi.old/net80211/ieee80211_proto.h madwifi.dev/net80211/ieee80211_proto.h +--- madwifi.old/net80211/ieee80211_proto.h 2007-05-21 07:49:54.574131288 +0200 ++++ madwifi.dev/net80211/ieee80211_proto.h 2007-05-21 07:54:24.896036112 +0200 @@ -91,6 +91,7 @@ void ieee80211_set11gbasicrates(struct ieee80211_rateset *, enum ieee80211_phymode); enum ieee80211_phymode ieee80211_get11gbasicrates(struct ieee80211_rateset *); -- 2.20.1