Message ID | 20231102115311.4922-1-Allen.Ye@mediatek.com |
---|---|
State | Accepted |
Headers | show |
Series | Add handle number of tbtt when add Neighbor AP Information field | expand |
On Thu, Nov 02, 2023 at 07:53:11PM +0800, Allen Ye wrote: > If number of tbtt is greater than RNR_TBTT_INFO_COUNT_MAX, the new > Neighbor AP Information field would need to be added in the rnr ie. > However, the condition of adding Neighbor AP Information field don't > consider number of tbtt. > That would cause invalid Neighbor AP Information field (the while > loop will fill data by eid pointer) when setting rnr ie. Thanks, applied.
diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index 53256c01c..c49690832 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -7175,9 +7175,11 @@ hostapd_eid_rnr_iface_len(struct hostapd_data *hapd, while (start < hapd->iface->num_bss) { if (!len || - len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255) { + len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255 || + tbtt_count >= RNR_TBTT_INFO_COUNT_MAX) { len = RNR_HEADER_LEN; total_len += RNR_HEADER_LEN; + tbtt_count = 0; } len += RNR_TBTT_HEADER_LEN; @@ -7422,7 +7424,8 @@ static u8 * hostapd_eid_rnr_iface(struct hostapd_data *hapd, while (start < iface->num_bss) { if (!len || - len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255) { + len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255 || + tbtt_count >= RNR_TBTT_INFO_COUNT_MAX) { eid_start = eid; *eid++ = WLAN_EID_REDUCED_NEIGHBOR_REPORT; size_offset = eid++;