The ADDBA frames use a timeout value in units of TU (802.11 time unit).
ba->ba_timeout_val is in usec and has already been multiplied by TU
(e.h. in ieee80211_recv_addba_req()).
We need to divide by TU when copying out to the frame.
ok?
Index: ieee80211_output.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_output.c,v
retrieving revision 1.107
diff -u -p -r1.107 ieee80211_output.c
--- ieee80211_output.c 12 Jan 2016 09:28:09 -0000 1.107
+++ ieee80211_output.c 21 Jan 2016 17:49:40 -0000
@@ -1430,7 +1430,7 @@ ieee80211_get_addba_req(struct ieee80211
if ((ic->ic_htcaps & IEEE80211_HTCAP_DELAYEDBA) == 0)
params |= IEEE80211_ADDBA_BA_POLICY; /* use immediate BA */
LE_WRITE_2(frm, params); frm += 2;
- LE_WRITE_2(frm, ba->ba_timeout_val); frm += 2;
+ LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU); frm += 2;
LE_WRITE_2(frm, ba->ba_winstart); frm += 2;
m->m_pkthdr.len = m->m_len = frm - mtod(m, u_int8_t *);
@@ -1470,7 +1470,7 @@ ieee80211_get_addba_resp(struct ieee8021
params |= ba->ba_winsize << 6;
LE_WRITE_2(frm, params); frm += 2;
if (status == 0)
- LE_WRITE_2(frm, ba->ba_timeout_val);
+ LE_WRITE_2(frm, ba->ba_timeout_val / IEEE80211_DUR_TU);
else
LE_WRITE_2(frm, 0);
frm += 2;
