IEEE 802.11 sequence numbers wrap around at 0xfff, not 0xffff. ok?
diff 567a54141cb7379326a3670b319b26530610e1e8 /usr/src blob - a44e88e5d0e94101a1966fc95d2daceba78c7246 file + sys/net80211/ieee80211_input.c --- sys/net80211/ieee80211_input.c +++ sys/net80211/ieee80211_input.c @@ -2056,7 +2056,7 @@ ieee80211_recv_auth(struct ieee80211com *ic, struct mb /* XXX hack to workaround calling convention */ IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_AUTH, - IEEE80211_STATUS_ALG << 16 | ((seq + 1) & 0xffff)); + IEEE80211_STATUS_ALG << 16 | ((seq + 1) & 0xfff)); } #endif return;