Fix length specification for 2GHz band information element (IE) data in
the iwx(4) probe request template. The value that was being written
previously is too short so some IEs weren't included in the probe
request frame.
The active scanning code path is currently disabled in-tree, so this
fixes a bug in as of yet unused code.
Transmitted probe requests look alright with this fix and the other
fix I sent previously to avoid an unnecessary SSID copy.
ok?
diff 7559788cdf552c503c6d5124af11504b3bdf3e56
e12181434a6e36b2fcc7734fbbbf11a2bca93a27
blob - f4d61c5993c26ff5df5052cc26402c433d03a3ae
blob + ca67248839d23af02c87c34fae6ae18ffaf96209
--- sys/dev/pci/if_iwx.c
+++ sys/dev/pci/if_iwx.c
@@ -5028,7 +5028,6 @@ iwx_fill_probe_req(struct iwx_softc *sc, struct iwx_sc
frm = ieee80211_add_rates(frm, rs);
if (rs->rs_nrates > IEEE80211_RATE_SIZE)
frm = ieee80211_add_xrates(frm, rs);
- preq->band_data[0].len = htole16(frm - pos);
remain -= frm - pos;
if (isset(sc->sc_enabled_capa,
@@ -5040,6 +5039,7 @@ iwx_fill_probe_req(struct iwx_softc *sc, struct iwx_sc
*frm++ = 0;
remain -= 3;
}
+ preq->band_data[0].len = htole16(frm - pos);
if (sc->sc_nvm.sku_cap_band_52GHz_enable) {
/* Fill in 5GHz IEs. */
