Fix length specification for 2GHz band information element (IE) data in the iwx(4) probe request template. The value that was being written previously is too short so some IEs weren't included in the probe request frame.
The active scanning code path is currently disabled in-tree, so this fixes a bug in as of yet unused code. Transmitted probe requests look alright with this fix and the other fix I sent previously to avoid an unnecessary SSID copy. ok? diff 7559788cdf552c503c6d5124af11504b3bdf3e56 e12181434a6e36b2fcc7734fbbbf11a2bca93a27 blob - f4d61c5993c26ff5df5052cc26402c433d03a3ae blob + ca67248839d23af02c87c34fae6ae18ffaf96209 --- sys/dev/pci/if_iwx.c +++ sys/dev/pci/if_iwx.c @@ -5028,7 +5028,6 @@ iwx_fill_probe_req(struct iwx_softc *sc, struct iwx_sc frm = ieee80211_add_rates(frm, rs); if (rs->rs_nrates > IEEE80211_RATE_SIZE) frm = ieee80211_add_xrates(frm, rs); - preq->band_data[0].len = htole16(frm - pos); remain -= frm - pos; if (isset(sc->sc_enabled_capa, @@ -5040,6 +5039,7 @@ iwx_fill_probe_req(struct iwx_softc *sc, struct iwx_sc *frm++ = 0; remain -= 3; } + preq->band_data[0].len = htole16(frm - pos); if (sc->sc_nvm.sku_cap_band_52GHz_enable) { /* Fill in 5GHz IEs. */