From nobody@FreeBSD.org  Mon Aug  2 00:26:34 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 17E8B1065674
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Aug 2010 00:26:34 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id E12A58FC15
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  2 Aug 2010 00:26:33 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o720QXJG057040
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 2 Aug 2010 00:26:33 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o720QXRr057039;
	Mon, 2 Aug 2010 00:26:33 GMT
	(envelope-from nobody)
Message-Id: <201008020026.o720QXRr057039@www.freebsd.org>
Date: Mon, 2 Aug 2010 00:26:33 GMT
From: Alex Kozlov <spam@rm-rf.kiev.ua>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [rum] panic in rum(4) driver on 8.1-R
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         149185
>Category:       kern
>Synopsis:       [rum] [panic] panic in rum(4) driver on 8.1-R
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bschmidt
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 02 00:30:06 UTC 2010
>Closed-Date:    Sat Aug 28 07:33:19 UTC 2010
>Last-Modified:  Sat Aug 28 07:33:19 UTC 2010
>Originator:     Alex Kozlov
>Release:        8.1-RELEASE-i386
>Organization:
private
>Environment:
>Description:
The panic happens after random period of time.

Fatal trap 18: integer divide fault while in kernel mode
instruction pointer = 0x20:0xc087ce32
stack pointer           = 0x28:0xc4e2d948
frame pointer           = 0x28:0xc4e2d958
code segment        = base 0x0, limit 0xfffff, type 0x1b
            = DPL 0, pres 1, def32 1, gran 1
processor eflags    = interrupt enabled, resume, IOPL = 0
current process     = 14 (usbus4)
trap number     = 18
panic: integer divide fault
KDB: stack backtrace:
db_trace_self_wrapper(c0669547,c06cb000,c0660c6a,c4e2d83c,c4e2d83c,...) at 0xc0436706 = db_trace_self_wrapper+0x26
panic(c0660c6a,c0680c94,c4e2d908,1,1,...) at 0xc04b898d = panic+0xed
trap_fatal(c6a438ec,ae295ce6,5a1dc54c,adea5167,c50bf2a8,...) at 0xc06474bd = trap_fatal+0x23d
trap(c4e2d908) at 0xc0647efe = trap+0xee
calltrap() at 0xc062d4ac = calltrap+0x6
--- trap 0x12, eip = 0xc087ce32, esp = 0xc4e2d948, ebp = 0xc4e2d958 ---
rum_setup_tx_desc(0,44,0,509,ff000000,...) at 0xc087ce32 = rum_setup_tx_desc+0x72
rum_start(c531d800,8f82cefe,f5192700,6087b2a,c08babbb,...) at 0xc087ecec = rum_start+0x1d4
if_transmit(c531d800,caac7100,caac7100,a4,c53f80f4,...) at 0xc055f8f9 = if_transmit+0xc9
ieee80211_start(c53f8000,c4e2da2c,c04a5c7d,3,0,...) at 0xc08a2305 = ieee80211_start+0x316
if_transmit(c53f8000,caac7100,0) at 0xc055f8f9 = if_transmit+0xc9
ether_output_frame(c53f8000,caac7100,6,1,a000,...) at 0xc05645ac = ether_output_frame+0x2c
ether_output(c53f8000,caac7100,c4e2db20,0,0,...) at 0xc0564f7d = ether_output+0x51d
arpintr(caac7100,12,c08e67a3,c50be4c8,caac7100,...) at 0xc0570759 = arpintr+0x7a9
netisr_dispatch_src(7,0,caac7100,c4e2dbb0,c05644ea,...) at 0xc0567610 = netisr_dispatch_src+0x70
netisr_dispatch(7,caac7100,0) at 0xc05678d0 = netisr_dispatch+0x20
ether_demux(c53f8000,caac7100,3,0,3,...) at 0xc05644ea = ether_demux+0x19a
ether_input(c53f8000,caac7100,caac7100,c659301c,5ed,...) at 0xc0564838 = ether_input+0x148
adhoc_input(c6593000,caac7100,37,ffffffa1,0,...) at 0xc08b0736 = adhoc_input+0x436
rum_bulk_read_callback(c535e988,0,c085c6ba,a85,c535e030,...) at 0xc087f169 = rum_bulk_read_callback+0xf6
usbd_callback_wrapper(c535e030,c5176ca4,c535e000,c4e2dcc8,c085867a,...) at 0xc085a9a7 = usbd_callback_wrapper+0xae
usb_command_wrapper(c535e030,0,c085c6ba,7d2,c535e044,...) at 0xc0858383 = usb_command_wrapper+0x6e
usb_callback_proc(c535e044,0,c085c609,6c,c5176cb4,...) at 0xc085867a = usb_callback_proc+0x98
usb_process(c5176ca4,c4e2dd38,80000000,0,40,...) at 0xc085647a = usb_process+0xaa
fork_exit(c08563d0,c5176ca4,c4e2dd38) at 0xc048e868 = fork_exit+0x88
fork_trampoline() at 0xc062d524 = fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xc4e2dd70, ebp = 0 ---
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Aug 2 02:23:08 UTC 2010 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149185 

From: Juergen Lock <nox@jelal.kn-bremen.de>
To: bug-followup@FreeBSD.org
Cc: freebsd-net@FreeBSD.org
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Wed, 4 Aug 2010 22:02:35 +0200 (CEST)

 Hi!
 
  Regarding the 8.1 if_rum(4) panics...  I got a similar one, extracted
 a dump and tried to gather some info for someone who knows the code:
 
  The zero divide fault was because (apparently) rate was unitialized,
 as is
 
 	((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 
 i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.  [1]
 Simply setting rate to something non-zero (I first tried 0xff, then
 72 since that was used in station mode) without changing anything
 else stopped the panics but as probably to be expected, the wifi
 only partly worked, clients frequently disconnected.  (I'll put the
 patch at the end of the mail.  [2])
 
 # ifconfig wlan0 create wlandev rum0 wlanmode ap ssid XXX
 # /etc/rc.d/hostapd onestart
 Starting hostapd.
 Configuration file: /etc/hostapd.conf
 Using interface wlan0 with hwaddr 00:22:75:fe:9d:4e and ssid 'XXX'
 bind(PF_UNIX): Address already in use
 Failed to setup control interface
 /etc/rc.d/hostapd: WARNING: failed to start hostapd
 # /etc/rc.d/hostapd onestart
 Starting hostapd.
 Configuration file: /etc/hostapd.conf
 Using interface wlan0 with hwaddr 00:22:75:fe:9d:4e and ssid 'XXX'
 # 
 [...]
 Fatal trap 18: integer divide fault while in kernel mode
 cpuid = 0; apic id = 00
 instruction pointer	= 0x20:0xffffffff80534a28
 stack pointer	        = 0x28:0xffffff80ec0727a0
 frame pointer	        = 0x28:0xffffff80ec0727b0
 code segment		= base 0x0, limit 0xfffff, type 0x1b
 			= DPL 0, pres 1, long 1, def32 0, gran 1
 processor eflags	= interrupt enabled, resume, IOPL = 0
 current process		= 607 (hostapd)
 trap number		= 18
 panic: integer divide fault
 cpuid = 0
 KDB: stack backtrace:
 db_trace_self_wrapper() at db_trace_self_wrapper+0x2a
 panic() at panic+0x182
 trap_fatal() at trap_fatal+0x2ad
 trap() at trap+0x102
 calltrap() at calltrap+0x8
 --- trap 0x12, rip = 0xffffffff80534a28, rsp = 0xffffff80ec0727a0, rbp = 0xffffff80ec0727b0 ---
 rum_setup_tx_desc() at rum_setup_tx_desc+0x68
 rum_start() at rum_start+0x1af
 if_transmit() at if_transmit+0xea
 ieee80211_start() at ieee80211_start+0x542
 if_transmit() at if_transmit+0xea
 ether_output_frame() at ether_output_frame+0x33
 ether_output() at ether_output+0x4ba
 bpfwrite() at bpfwrite+0x3a5
 devfs_write_f() at devfs_write_f+0x8b
 dofilewrite() at dofilewrite+0x85
 kern_writev() at kern_writev+0x60
 write() at write+0x55
 syscall() at syscall+0x1e7
 Xfast_syscall() at Xfast_syscall+0xe1
 --- syscall (4, FreeBSD ELF64, write), rip = 0x8008a33cc, rsp = 0x7fffffffcd98, rbp = 0x800a29800 ---
 Uptime: 3m12s
 [...]
 #0  doadump () at pcpu.h:223
 223	pcpu.h: No such file or directory.
 	in pcpu.h
 (kgdb) bt
 #0  doadump () at pcpu.h:223
 #1  0xffffffff805f06c9 in boot (howto=260)
     at /data2v/home/nox/src-r81/src/sys/kern/kern_shutdown.c:416
 #2  0xffffffff805f0b1c in panic (fmt=Variable "fmt" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/kern/kern_shutdown.c:590
 #3  0xffffffff808e4d6d in trap_fatal (frame=0x12, eva=Variable "eva" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/amd64/amd64/trap.c:777
 #4  0xffffffff808e5782 in trap (frame=0xffffff80ec0726f0)
     at /data2v/home/nox/src-r81/src/sys/amd64/amd64/trap.c:588
 #5  0xffffffff808ca8b3 in calltrap ()
     at /data2v/home/nox/src-r81/src/sys/amd64/amd64/exception.S:223
 #6  0xffffffff80534a28 in rum_setup_tx_desc (sc=Variable "sc" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1016
 #7  0xffffffff80535e8f in rum_start (ifp=0xffffff0005e84000)
     at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1265
 #8  0xffffffff806a025a in if_transmit (ifp=0xffffff0005e84000, m=Variable "m" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/net/if.c:3357
 #9  0xffffffff806e0cf2 in ieee80211_start (ifp=0xffffff00071eb000)
     at /data2v/home/nox/src-r81/src/sys/net80211/ieee80211_output.c:362
 #10 0xffffffff806a025a in if_transmit (ifp=0xffffff00071eb000, m=Variable "m" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/net/if.c:3357
 #11 0xffffffff806a4c43 in ether_output_frame (ifp=0xffffff00071eb000, 
     m=0xffffff0007594800)
 ---Type <return> to continue, or q <return> to quit---
     at /data2v/home/nox/src-r81/src/sys/net/if_ethersubr.c:452
 #12 0xffffffff806a558a in ether_output (ifp=0xffffff00071eb000, 
     m=0xffffff0007594800, dst=0xffffff0005e3e860, ro=Variable "ro" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/net/if_ethersubr.c:423
 #13 0xffffffff80697865 in bpfwrite (dev=Variable "dev" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/net/bpf.c:939
 #14 0xffffffff8057691b in devfs_write_f (fp=0xffffff0005f8f370, 
     uio=0xffffff80ec072b10, cred=Variable "cred" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/fs/devfs/devfs_vnops.c:1509
 #15 0xffffffff80633025 in dofilewrite (td=0xffffff0005f82ba0, fd=4, 
     fp=0xffffff0005f8f370, auio=0xffffff80ec072b10, offset=Variable "offset" is not available.
 ) at file.h:239
 #16 0xffffffff80633330 in kern_writev (td=0xffffff0005f82ba0, fd=4, 
     auio=0xffffff80ec072b10)
     at /data2v/home/nox/src-r81/src/sys/kern/sys_generic.c:446
 #17 0xffffffff806333b5 in write (td=Variable "td" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/kern/sys_generic.c:362
 #18 0xffffffff808e5367 in syscall (frame=0xffffff80ec072c80)
     at /data2v/home/nox/src-r81/src/sys/amd64/amd64/trap.c:945
 #19 0xffffffff808cab91 in Xfast_syscall ()
     at /data2v/home/nox/src-r81/src/sys/amd64/amd64/exception.S:374
 #20 0x00000008008a33cc in ?? ()
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) fr 6
 #6  0xffffffff80534a28 in rum_setup_tx_desc (sc=Variable "sc" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1016
 1016			plcp_length = (16 * len + rate - 1) / rate;
 (kgdb) p rate
 $1 = 0
 (kgdb) l
 1011	
 1012			plcp_length = len & 0xfff;
 1013			desc->plcp_length_hi = plcp_length >> 6;
 1014			desc->plcp_length_lo = plcp_length & 0x3f;
 1015		} else {
 1016			plcp_length = (16 * len + rate - 1) / rate;
 1017			if (rate == 22) {
 1018				remainder = (16 * len) % 22;
 1019				if (remainder != 0 && remainder < 7)
 1020					desc->plcp_service |= RT2573_PLCP_LENGEXT;
 (kgdb) up
 #7  0xffffffff80535e8f in rum_start (ifp=0xffffff0005e84000)
     at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1265
 1265		rum_setup_tx_desc(sc, &data->desc, flags, 0, m0->m_pkthdr.len, rate);
 (kgdb) l
 1260			dur = ieee80211_ack_duration(ic->ic_rt, rate, 
 1261			    ic->ic_flags & IEEE80211_F_SHPREAMBLE);
 1262			*(uint16_t *)wh->i_dur = htole16(dur);
 1263		}
 1264	
 1265		rum_setup_tx_desc(sc, &data->desc, flags, 0, m0->m_pkthdr.len, rate);
 1266	
 1267		DPRINTFN(10, "sending frame len=%d rate=%d\n",
 1268		    m0->m_pkthdr.len + (int)RT2573_TX_DESC_SIZE, rate);
 1269	
 (kgdb) p wh
 No symbol "wh" in current context.
 (kgdb) p m0
 Variable "m0" is not available.
 (kgdb) p tp->ucastrate
 No symbol "tp" in current context.
 (kgdb) p ni->nx_tx_rate
 Variable "ni" is not available.
 (kgdb) p wh
 No symbol "wh" in current context.
 (kgdb) p rate
 No symbol "rate" in current context.
 (kgdb) p ni
 Variable "ni" is not available.
 (kgdb) up
 #8  0xffffffff806a025a in if_transmit (ifp=0xffffff0005e84000, m=Variable "m" is not available.
 )
     at /data2v/home/nox/src-r81/src/sys/net/if.c:3357
 3357		IFQ_HANDOFF(ifp, m, error);
 (kgdb) l
 3352	static int
 3353	if_transmit(struct ifnet *ifp, struct mbuf *m)
 3354	{
 3355		int error;
 3356	
 3357		IFQ_HANDOFF(ifp, m, error);
 3358		return (error);
 3359	}
 3360	
 3361	int
 (kgdb) down
 #7  0xffffffff80535e8f in rum_start (ifp=0xffffff0005e84000)
     at /data2v/home/nox/src-r81/src/sys/dev/usb/wlan/if_rum.c:1265
 1265		rum_setup_tx_desc(sc, &data->desc, flags, 0, m0->m_pkthdr.len, rate);
 (kgdb) p m
 $2 = (struct mbuf *) 0xffffff0007584400
 (kgdb) p *m
 $3 = {
   m_hdr = {
     mh_next = 0xffffff0007594800, 
     mh_nextpkt = 0x0, 
     mh_data = 0xffffff0007584466 "\b\002", 
     mh_len = 32, 
     mh_flags = 82, 
     mh_type = 1, 
     pad = "\000\000\000\000\000"
   }, 
   M_dat = {
     MH = {
       MH_pkthdr = {
         rcvif = 0xffffff80007e3000, 
         header = 0x0, 
         len = 131, 
         flowid = 0, 
         csum_flags = 0, 
         csum_data = 0, 
         tso_segsz = 2, 
         PH_vt = {
           vt_vtag = 3, 
           vt_nrecs = 3
 ---Type <return> to continue, or q <return> to quit---
         }, 
         tags = {
           slh_first = 0x0
         }
       }, 
       MH_dat = {
         MH_ext = {
           ext_buf = 0x0, 
           ext_free = 0x208000000000000, 
           ext_arg1 = 0x111202bf1c000000, 
           ext_arg2 = 0x22004e9dfe752200, 
           ext_size = 1318977141, 
           ref_cnt = 0x408e8800000003, 
           ext_type = 1998915136
         }, 
         MH_databuf = '\0' <repeats 14 times>, "\b\002\000\000\000\034\002\022\021\000\"u\235N\000\"u\235N \000\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006\214\000\026\226x\027UH\200\020 b\0243\000\000\001\001\b\n\000\0025\202\f", '\0' <repeats 75 times>
       }
     }, 
     M_databuf = "\0000~\000\200\000\000\000\000\000\000\000\000\203", '\0' <repeats 15 times>, "\002\000\003", '\0' <repeats 27 times>, "\b\002\000\000\000\0---Type <return> to continue, or q <return> to quit---
 34\002\022\021\000\"u\235N\000\"u\235N \000\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006\214\000\026\226x\027UH\200\020 b\0243\000\000\001\001\b\n\000\0025\202\f", '\0' <repeats 75 times>
   }
 }
 (kgdb) p m->M_dat
 $4 = {
   MH = {
     MH_pkthdr = {
       rcvif = 0xffffff80007e3000, 
       header = 0x0, 
       len = 131, 
       flowid = 0, 
       csum_flags = 0, 
       csum_data = 0, 
       tso_segsz = 2, 
       PH_vt = {
         vt_vtag = 3, 
         vt_nrecs = 3
       }, 
       tags = {
         slh_first = 0x0
       }
     }, 
     MH_dat = {
       MH_ext = {
         ext_buf = 0x0, 
         ext_free = 0x208000000000000, 
         ext_arg1 = 0x111202bf1c000000, 
 ---Type <return> to continue, or q <return> to quit---
         ext_arg2 = 0x22004e9dfe752200, 
         ext_size = 1318977141, 
         ref_cnt = 0x408e8800000003, 
         ext_type = 1998915136
       }, 
       MH_databuf = '\0' <repeats 14 times>, "\b\002\000\000\000\034\002\022\021\000\"u\235N\000\"u\235N \000\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006\214\000\026\226x\027UH\200\020 b\0243\000\000\001\001\b\n\000\0025\202\f", '\0' <repeats 75 times>
     }
   }, 
   M_databuf = "\0000~\000\200\000\000\000\000\000\000\000\000\203", '\0' <repeats 15 times>, "\002\000\003", '\0' <repeats 27 times>, "\b\002\000\000\000\034\002\022\021\000\"u\235N\000\"u\235N \000\003\000\000\000\210\216@\000@\006%w\n\000\000\a\n\000\000\006\214\000\026\226x\027UH\200\020 b\0243\000\000\001\001\b\n\000\0025\202\f", '\0' <repeats 75 times>
 }
 (kgdb) p m->M_dat.MH.MH_pkthdr
 $5 = {
   rcvif = 0xffffff80007e3000, 
   header = 0x0, 
   len = 131, 
   flowid = 0, 
   csum_flags = 0, 
   csum_data = 0, 
   tso_segsz = 2, 
   PH_vt = {
     vt_vtag = 3, 
     vt_nrecs = 3
   }, 
   tags = {
     slh_first = 0x0
   }
 }
 (kgdb) p m->M_dat.MH.MH_pkthdr.rcvif
 $6 = (struct ifnet *) 0xffffff80007e3000
 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_txrate
 $7 = 0
 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_chan
 $8 = (struct ieee80211_channel *) 0xffffff80007df300
 (kgdb) p *((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_chan
 $9 = {
   ic_flags = 1152, 
   ic_freq = 2437, 
   ic_ieee = 6 '\006', 
   ic_maxregpower = 0 '\0', 
   ic_maxpower = 0 '\0', 
   ic_minpower = 0 '\0', 
   ic_state = 0 '\0', 
   ic_extieee = 0 '\0', 
   ic_maxantgain = 0 '\0', 
   ic_pad = 0 '\0', 
   ic_devdata = 0
 }
 (kgdb) p vap
 No symbol "vap" in current context.
 (kgdb) p *((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap
 $10 = {
   iv_media = {
     ifm_mask = 0, 
     ifm_media = 0, 
     ifm_cur = 0xffffff0005ef48e0, 
     ifm_list = {
       lh_first = 0xffffff0005ef4520
     }, 
     ifm_change = 0xffffffff806b7980 <ieee80211_media_change>, 
     ifm_status = 0xffffffff806b7f70 <ieee80211_media_status>
   }, 
   iv_ifp = 0xffffff00071eb000, 
   iv_rawbpf = 0xffffff0005f20680, 
   iv_sysctl = 0xffffff0005e3e850, 
   iv_oid = 0xffffff0005f20200, 
   iv_next = {
     tqe_next = 0x0, 
     tqe_prev = 0xffffff80007df038
   }, 
   iv_ic = 0xffffff80007df000, 
   iv_debug = 0, 
   iv_stats = {
     is_rx_badversion = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_rx_tooshort = 0, 
     is_rx_wrongbss = 0, 
     is_rx_dup = 0, 
     is_rx_wrongdir = 0, 
     is_rx_mcastecho = 0, 
     is_rx_notassoc = 0, 
     is_rx_noprivacy = 0, 
     is_rx_unencrypted = 0, 
     is_rx_wepfail = 0, 
     is_rx_decap = 0, 
     is_rx_mgtdiscard = 0, 
     is_rx_ctl = 0, 
     is_rx_beacon = 3, 
     is_rx_rstoobig = 0, 
     is_rx_elem_missing = 0, 
     is_rx_elem_toobig = 0, 
     is_rx_elem_toosmall = 0, 
     is_rx_elem_unknown = 0, 
     is_rx_badchan = 0, 
     is_rx_chanmismatch = 1, 
     is_rx_nodealloc = 0, 
     is_rx_ssidmismatch = 0, 
     is_rx_auth_unsupported = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_rx_auth_fail = 0, 
     is_rx_auth_countermeasures = 0, 
     is_rx_assoc_bss = 0, 
     is_rx_assoc_notauth = 0, 
     is_rx_assoc_capmismatch = 0, 
     is_rx_assoc_norate = 0, 
     is_rx_assoc_badwpaie = 0, 
     is_rx_deauth = 0, 
     is_rx_disassoc = 0, 
     is_rx_badsubtype = 0, 
     is_rx_nobuf = 0, 
     is_rx_decryptcrc = 0, 
     is_rx_ahdemo_mgt = 0, 
     is_rx_bad_auth = 0, 
     is_rx_unauth = 0, 
     is_rx_badkeyid = 0, 
     is_rx_ccmpreplay = 0, 
     is_rx_ccmpformat = 0, 
     is_rx_ccmpmic = 0, 
     is_rx_tkipreplay = 0, 
     is_rx_tkipformat = 0, 
     is_rx_tkipmic = 0, 
     is_rx_tkipicv = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_rx_badcipher = 0, 
     is_rx_nocipherctx = 0, 
     is_rx_acl = 0, 
     is_tx_nobuf = 0, 
     is_tx_nonode = 0, 
     is_tx_unknownmgt = 0, 
     is_tx_badcipher = 0, 
     is_tx_nodefkey = 0, 
     is_tx_noheadroom = 0, 
     is_tx_fragframes = 0, 
     is_tx_frags = 0, 
     is_scan_active = 1, 
     is_scan_passive = 0, 
     is_node_timeout = 0, 
     is_crypto_nomem = 0, 
     is_crypto_tkip = 3, 
     is_crypto_tkipenmic = 3, 
     is_crypto_tkipdemic = 0, 
     is_crypto_tkipcm = 0, 
     is_crypto_ccmp = 0, 
     is_crypto_wep = 0, 
     is_crypto_setkey_cipher = 0, 
     is_crypto_setkey_nokey = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_crypto_delkey = 0, 
     is_crypto_badcipher = 0, 
     is_crypto_nocipher = 0, 
     is_crypto_attachfail = 0, 
     is_crypto_swfallback = 0, 
     is_crypto_keyfail = 0, 
     is_crypto_enmicfail = 0, 
     is_ibss_capmismatch = 0, 
     is_ibss_norate = 0, 
     is_ps_unassoc = 0, 
     is_ps_badaid = 0, 
     is_ps_qempty = 0, 
     is_ff_badhdr = 0, 
     is_ff_tooshort = 0, 
     is_ff_split = 0, 
     is_ff_decap = 0, 
     is_ff_encap = 0, 
     is_rx_badbintval = 0, 
     is_rx_demicfail = 0, 
     is_rx_defrag = 0, 
     is_rx_mgmt = 7, 
     is_rx_action = 0, 
     is_amsdu_tooshort = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_amsdu_split = 0, 
     is_amsdu_decap = 0, 
     is_amsdu_encap = 0, 
     is_ampdu_bar_bad = 0, 
     is_ampdu_bar_oow = 0, 
     is_ampdu_bar_move = 0, 
     is_ampdu_bar_rx = 0, 
     is_ampdu_rx_flush = 0, 
     is_ampdu_rx_oor = 0, 
     is_ampdu_rx_copy = 0, 
     is_ampdu_rx_drop = 0, 
     is_tx_badstate = 0, 
     is_tx_notassoc = 0, 
     is_tx_classify = 0, 
     is_dwds_mcast = 0, 
     is_dwds_qdrop = 0, 
     is_ht_assoc_nohtcap = 0, 
     is_ht_assoc_downgrade = 0, 
     is_ht_assoc_norate = 0, 
     is_ampdu_rx_age = 0, 
     is_ampdu_rx_move = 0, 
     is_addba_reject = 0, 
     is_addba_norequest = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_addba_badtoken = 0, 
     is_addba_badpolicy = 0, 
     is_ampdu_stop = 0, 
     is_ampdu_stop_failed = 0, 
     is_ampdu_rx_reorder = 0, 
     is_scan_bg = 0, 
     is_rx_deauth_code = 0 '\0', 
     is_rx_disassoc_code = 0 '\0', 
     is_rx_authfail_code = 0 '\0', 
     is_beacon_miss = 0, 
     is_rx_badstate = 0, 
     is_ff_flush = 0, 
     is_tx_ctl = 0, 
     is_ampdu_rexmt = 0, 
     is_ampdu_rexmt_fail = 0, 
     is_mesh_wrongmesh = 0, 
     is_mesh_nolink = 0, 
     is_mesh_fwd_ttl = 0, 
     is_mesh_fwd_nobuf = 0, 
     is_mesh_fwd_tooshort = 0, 
     is_mesh_fwd_disabled = 0, 
     is_mesh_fwd_nopath = 0, 
     is_hwmp_wrongseq = 0, 
 ---Type <return> to continue, or q <return> to quit---
     is_hwmp_rootreqs = 0, 
     is_hwmp_rootrann = 0, 
     is_mesh_badae = 0, 
     is_mesh_rtaddfailed = 0, 
     is_mesh_notproxy = 0, 
     is_rx_badalign = 0, 
     is_hwmp_proxy = 0, 
     is_spare = {0 <repeats 11 times>}
   }, 
   iv_myaddr = "\000\"u\235N", 
   iv_flags = 1090781200, 
   iv_flags_ext = 1026, 
   iv_flags_ht = 0, 
   iv_flags_ven = 0, 
   iv_caps = 562095104, 
   iv_htcaps = 0, 
   iv_opmode = IEEE80211_M_HOSTAP, 
   iv_state = IEEE80211_S_RUN, 
   iv_nstate = IEEE80211_S_RUN, 
   iv_nstate_arg = -1, 
   iv_nstate_task = {
     ta_link = {
       stqe_next = 0x0
 ---Type <return> to continue, or q <return> to quit---
     }, 
     ta_pending = 0, 
     ta_priority = 0, 
     ta_func = 0xffffffff806e66d0 <ieee80211_newstate_cb>, 
     ta_context = 0xffffff0005dfe000
   }, 
   iv_swbmiss_task = {
     ta_link = {
       stqe_next = 0x0
     }, 
     ta_pending = 0, 
     ta_priority = 0, 
     ta_func = 0xffffffff806e49f0 <beacon_swmiss>, 
     ta_context = 0xffffff0005dfe000
   }, 
   iv_mgtsend = {
     c_links = {
       sle = {
         sle_next = 0x0
       }, 
       tqe = {
         tqe_next = 0x0, 
         tqe_prev = 0x0
 ---Type <return> to continue, or q <return> to quit---
       }
     }, 
     c_time = 0, 
     c_arg = 0x0, 
     c_func = 0, 
     c_lock = 0x0, 
     c_flags = 16, 
     c_cpu = 0
   }, 
   iv_inact_init = 2, 
   iv_inact_auth = 12, 
   iv_inact_run = 20, 
   iv_inact_probe = 2, 
   iv_des_nssid = 1, 
   iv_des_ssid = {{
       len = 8, 
       ssid = "XXX", '\0' <repeats 23 times>
     }}, 
   iv_des_bssid = "\000\000\000\000\000", 
   iv_des_chan = 0xffff, 
   iv_des_mode = 0, 
   iv_nicknamelen = 0, 
   iv_nickname = '\0' <repeats 31 times>, 
 ---Type <return> to continue, or q <return> to quit---
   iv_bgscanidle = 250, 
   iv_bgscanintvl = 300000, 
   iv_scanvalid = 60000, 
   iv_scanreq_duration = 0, 
   iv_scanreq_mindwell = 0, 
   iv_scanreq_maxdwell = 0, 
   iv_scanreq_flags = 0, 
   iv_scanreq_nssid = 0 '\0', 
   iv_scanreq_ssid = {{
       len = 0, 
       ssid = '\0' <repeats 31 times>
     }}, 
   iv_roaming = IEEE80211_ROAMING_AUTO, 
   iv_roamparms = {{
       rssi = 0 '\0', 
       rate = 0 '\0', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 24 '\030', 
       pad = 0
     }, {
       rssi = 14 '\016', 
 ---Type <return> to continue, or q <return> to quit---
       rate = 2 '\002', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 10 '\n', 
       pad = 0
     }, {
       rssi = 0 '\0', 
       rate = 0 '\0', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 24 '\030', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 24 '\030', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 24 '\030', 
       pad = 0
     }, {
 ---Type <return> to continue, or q <return> to quit---
       rssi = 14 '\016', 
       rate = 129 '\201', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 129 '\201', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 12 '\f', 
       pad = 0
     }, {
       rssi = 14 '\016', 
       rate = 6 '\006', 
       pad = 0
     }}, 
   iv_bmissthreshold = 7 '\a', 
   iv_bmiss_count = 0 '\0', 
   iv_bmiss_max = 2, 
   iv_swbmiss_count = 0, 
   iv_swbmiss_period = 0, 
   iv_swbmiss = {
     c_links = {
 ---Type <return> to continue, or q <return> to quit---
       sle = {
         sle_next = 0x0
       }, 
       tqe = {
         tqe_next = 0x0, 
         tqe_prev = 0x0
       }
     }, 
     c_time = 0, 
     c_arg = 0x0, 
     c_func = 0, 
     c_lock = 0x0, 
     c_flags = 16, 
     c_cpu = 0
   }, 
   iv_ampdu_rxmax = 0, 
   iv_ampdu_density = 0, 
   iv_ampdu_limit = 0, 
   iv_amsdu_limit = 0, 
   iv_ampdu_mintraffic = {64, 128, 32, 32}, 
   iv_aid_bitmap = 0xffffff0005e3e750, 
   iv_max_aid = 128, 
   iv_sta_assoc = 1, 
 ---Type <return> to continue, or q <return> to quit---
   iv_ps_sta = 0, 
   iv_ps_pending = 0, 
   iv_txseq = 0, 
   iv_tim_len = 16, 
   iv_tim_bitmap = 0xffffff0005e3e740 "", 
   iv_dtim_period = 1 '\001', 
   iv_dtim_count = 0 '\0', 
   iv_csa_count = 0, 
   iv_bss = 0xffffff80007f6000, 
   iv_txparms = {{
       ucastrate = 0 '\0', 
       mgmtrate = 0 '\0', 
       mcastrate = 0 '\0', 
       maxretry = 0 '\0'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 12 '\f', 
       mcastrate = 12 '\f', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 2 '\002', 
       mcastrate = 2 '\002', 
 ---Type <return> to continue, or q <return> to quit---
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 2 '\002', 
       mcastrate = 2 '\002', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 0 '\0', 
       mcastrate = 0 '\0', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 12 '\f', 
       mcastrate = 12 '\f', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 2 '\002', 
       mcastrate = 2 '\002', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
 ---Type <return> to continue, or q <return> to quit---
       mgmtrate = 12 '\f', 
       mcastrate = 12 '\f', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 128 '\200', 
       mcastrate = 128 '\200', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 128 '\200', 
       mcastrate = 128 '\200', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 6 '\006', 
       mcastrate = 6 '\006', 
       maxretry = 6 '\006'
     }, {
       ucastrate = 255 '', 
       mgmtrate = 3 '\003', 
       mcastrate = 3 '\003', 
       maxretry = 6 '\006'
 ---Type <return> to continue, or q <return> to quit---
     }}, 
   iv_rtsthreshold = 2346, 
   iv_fragthreshold = 2346, 
   iv_inact_timer = 0, 
   iv_appie_beacon = 0x0, 
   iv_appie_probereq = 0x0, 
   iv_appie_proberesp = 0x0, 
   iv_appie_assocreq = 0x0, 
   iv_appie_assocresp = 0x0, 
   iv_appie_wpa = 0xffffff0005ef43a0, 
   iv_wpa_ie = 0x0, 
   iv_rsn_ie = 0xffffff0005ef43a2 "0\030\001", 
   iv_max_keyix = 4, 
   iv_def_txkey = 1, 
   iv_nw_keys = {{
       wk_keylen = 0 '\0', 
       wk_pad = 0 '\0', 
       wk_flags = 3, 
       wk_keyix = 65535, 
       wk_rxkeyix = 65535, 
       wk_key = '\0' <repeats 31 times>, 
       wk_keyrsc = {0 <repeats 17 times>}, 
       wk_keytsc = 0, 
 ---Type <return> to continue, or q <return> to quit---
       wk_cipher = 0xffffffff809fb0c0, 
       wk_private = 0xffffff0005dfe000, 
       wk_macaddr = "\000\000\000\000\000"
     }, {
       wk_keylen = 16 '\020', 
       wk_pad = 0 '\0', 
       wk_flags = 501, 
       wk_keyix = 1, 
       wk_rxkeyix = 65535, 
       wk_key = "XXX", 
       wk_keyrsc = {0 <repeats 17 times>}, 
       wk_keytsc = 4, 
       wk_cipher = 0xffffffff809fb180, 
       wk_private = 0xffffff0005f22e00, 
       wk_macaddr = ""
     }, {
       wk_keylen = 0 '\0', 
       wk_pad = 0 '\0', 
       wk_flags = 3, 
       wk_keyix = 65535, 
       wk_rxkeyix = 65535, 
       wk_key = '\0' <repeats 31 times>, 
       wk_keyrsc = {0 <repeats 17 times>}, 
 ---Type <return> to continue, or q <return> to quit---
       wk_keytsc = 0, 
       wk_cipher = 0xffffffff809fb0c0, 
       wk_private = 0xffffff0005dfe000, 
       wk_macaddr = "\000\000\000\000\000"
     }, {
       wk_keylen = 0 '\0', 
       wk_pad = 0 '\0', 
       wk_flags = 3, 
       wk_keyix = 65535, 
       wk_rxkeyix = 65535, 
       wk_key = '\0' <repeats 31 times>, 
       wk_keyrsc = {0 <repeats 17 times>}, 
       wk_keytsc = 0, 
       wk_cipher = 0xffffffff809fb0c0, 
       wk_private = 0xffffff0005dfe000, 
       wk_macaddr = "\000\000\000\000\000"
     }}, 
   iv_key_alloc = 0xffffffff806bc2c0 <null_key_alloc>, 
   iv_key_delete = 0xffffffff806bc310 <null_key_delete>, 
   iv_key_set = 0xffffffff806bc320 <null_key_set>, 
   iv_key_update_begin = 0xffffffff806bc330 <null_key_update>, 
   iv_key_update_end = 0xffffffff806bc330 <null_key_update>, 
   iv_auth = 0xffffffff8103a0e0, 
 ---Type <return> to continue, or q <return> to quit---
   iv_ec = 0x0, 
   iv_acl = 0x0, 
   iv_as = 0x0, 
   iv_rate = 0xffffffff809fa9e0, 
   iv_rs = 0xffffff0005e3e780, 
   iv_tdma = 0x0, 
   iv_mesh = 0x0, 
   iv_hwmp = 0x0, 
   iv_opdetach = 0xffffffff806c5130 <hostap_vdetach>, 
   iv_input = 0xffffffff806c7e70 <hostap_input>, 
   iv_recv_mgmt = 0xffffffff806c5d30 <hostap_recv_mgmt>, 
   iv_recv_ctl = 0xffffffff806c54c0 <hostap_recv_ctl>, 
   iv_deliver_data = 0xffffffff806c52b0 <hostap_deliver_data>, 
   iv_bmiss = 0, 
   iv_reset = 0xffffffff806b76c0 <default_reset>, 
   iv_update_beacon = 0xffffffff806e4640 <null_update_beacon>, 
   iv_update_ps = 0xffffffff806e3860 <ieee80211_update_ps>, 
   iv_set_tim = 0xffffffff806e41d0 <ieee80211_set_tim>, 
   iv_newstate = 0xffffffff805382a0 <rum_newstate>, 
   iv_output = 0xffffffff806a50d0 <ether_output>, 
   iv_spare = {0, 0, 0, 0, 0, 0}
 }
 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap)
 $11 = (struct ieee80211vap *) 0xffffff0005dfe000
 (kgdb) p ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms  [1]
 $12 = {{
     ucastrate = 0 '\0', 
     mgmtrate = 0 '\0', 
     mcastrate = 0 '\0', 
     maxretry = 0 '\0'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 12 '\f', 
     mcastrate = 12 '\f', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 2 '\002', 
     mcastrate = 2 '\002', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 2 '\002', 
     mcastrate = 2 '\002', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 0 '\0', 
 ---Type <return> to continue, or q <return> to quit---
     mcastrate = 0 '\0', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 12 '\f', 
     mcastrate = 12 '\f', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 2 '\002', 
     mcastrate = 2 '\002', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 12 '\f', 
     mcastrate = 12 '\f', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 128 '\200', 
     mcastrate = 128 '\200', 
     maxretry = 6 '\006'
   }, {
 ---Type <return> to continue, or q <return> to quit---
     ucastrate = 255 '', 
     mgmtrate = 128 '\200', 
     mcastrate = 128 '\200', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 6 '\006', 
     mcastrate = 6 '\006', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 3 '\003', 
     mcastrate = 3 '\003', 
     maxretry = 6 '\006'
   }}
 (kgdb) p (((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap)->iv_txxparms
 $13 = {{
     ucastrate = 0 '\0', 
     mgmtrate = 0 '\0', 
     mcastrate = 0 '\0', 
     maxretry = 0 '\0'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 12 '\f', 
     mcastrate = 12 '\f', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 2 '\002', 
     mcastrate = 2 '\002', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 2 '\002', 
     mcastrate = 2 '\002', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 0 '\0', 
 ---Type <return> to continue, or q <return> to quit---
     mcastrate = 0 '\0', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 12 '\f', 
     mcastrate = 12 '\f', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 2 '\002', 
     mcastrate = 2 '\002', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 12 '\f', 
     mcastrate = 12 '\f', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 128 '\200', 
     mcastrate = 128 '\200', 
     maxretry = 6 '\006'
   }, {
 ---Type <return> to continue, or q <return> to quit---
     ucastrate = 255 '', 
     mgmtrate = 128 '\200', 
     mcastrate = 128 '\200', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 6 '\006', 
     mcastrate = 6 '\006', 
     maxretry = 6 '\006'
   }, {
     ucastrate = 255 '', 
     mgmtrate = 3 '\003', 
     mcastrate = 3 '\003', 
     maxretry = 6 '\006'
   }}
 (kgdb) p *((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)
 $14 = {
   ni_vap = 0xffffff0005dfe000, 
   ni_ic = 0xffffff80007df000, 
   ni_table = 0xffffff80007e07b0, 
   ni_list = {
     tqe_next = 0x0, 
     tqe_prev = 0xffffff80007f6018
   }, 
   ni_hash = {
     le_next = 0x0, 
     le_prev = 0xffffff80007e0880
   }, 
   ni_refcnt = 2, 
   ni_scangen = 0, 
   ni_flags = 131108, 
   ni_associd = 49153, 
   ni_vlan = 0, 
   ni_txpower = 100, 
   ni_authmode = 3 '\003', 
   ni_ath_flags = 0 '\0', 
   ni_ath_defkeyix = 32767, 
   ni_txparms = 0xffffff0005dfe4fc, 
   ni_jointime = 192, 
 ---Type <return> to continue, or q <return> to quit---
   ni_challenge = 0x0, 
   ni_ies = {
     wpa_ie = 0x0, 
     rsn_ie = 0xffffff0005f2a49a "0\024\001", 
     wme_ie = 0x0, 
     ath_ie = 0x0, 
     htcap_ie = 0x0, 
     htinfo_ie = 0x0, 
     tdma_ie = 0x0, 
     meshid_ie = 0x0, 
     spare = {0x0, 0x0, 0x0, 0x0}, 
     data = 0xffffff0005f2a480 "", 
     len = 48
   }, 
   ni_txseqs = {0 <repeats 16 times>, 3}, 
   ni_rxseqs = {0 <repeats 16 times>, 16}, 
   ni_rxfragstamp = 0, 
   ni_rxfrag = {0x0, 0x0, 0x0}, 
   ni_ucastkey = {
     wk_keylen = 0 '\0', 
     wk_pad = 0 '\0', 
     wk_flags = 3, 
     wk_keyix = 65535, 
 ---Type <return> to continue, or q <return> to quit---
     wk_rxkeyix = 65535, 
     wk_key = '\0' <repeats 31 times>, 
     wk_keyrsc = {0 <repeats 17 times>}, 
     wk_keytsc = 0, 
     wk_cipher = 0xffffffff809fb0c0, 
     wk_private = 0xffffff0005dfe000, 
     wk_macaddr = "\000\000\000\000\000"
   }, 
   ni_avgrssi = 2176, 
   ni_noise = -95 '', 
   ni_macaddr = "\000\034\002\022\021", 
   ni_bssid = "\000\"u\235N", 
   ni_tstamp = {
     data = "\000\000\000\000\000\000\000", 
     tsf = 0
   }, 
   ni_intval = 1, 
   ni_capinfo = 1073, 
   ni_esslen = 0 '\0', 
   ni_essid = '\0' <repeats 31 times>, 
   ni_rates = {
     rs_nrates = 12 '\f', 
     rs_rates = "\202\204\213\f\022\226\030$0H`l\000\000"
 ---Type <return> to continue, or q <return> to quit---
   }, 
   ni_chan = 0xffffff80007df300, 
   ni_fhdwell = 0, 
   ni_fhindex = 0 '\0', 
   ni_erp = 0, 
   ni_timoff = 0, 
   ni_dtim_period = 0 '\0', 
   ni_dtim_count = 0 '\0', 
   ni_meshidlen = 0 '\0', 
   ni_meshid = '\0' <repeats 31 times>, 
   ni_mlstate = IEEE80211_NODE_MESH_IDLE, 
   ni_mllid = 0, 
   ni_mlpid = 0, 
   ni_mltimer = {
     c_links = {
       sle = {
         sle_next = 0x0
       }, 
       tqe = {
         tqe_next = 0x0, 
         tqe_prev = 0x0
       }
     }, 
 ---Type <return> to continue, or q <return> to quit---
     c_time = 0, 
     c_arg = 0x0, 
     c_func = 0, 
     c_lock = 0x0, 
     c_flags = 0, 
     c_cpu = 0
   }, 
   ni_mlrcnt = 0 '\0', 
   ni_mltval = 0 '\0', 
   ni_htcap = 0, 
   ni_htparam = 0 '\0', 
   ni_htctlchan = 0 '\0', 
   ni_ht2ndchan = 0 '\0', 
   ni_htopmode = 0 '\0', 
   ni_htstbc = 0 '\0', 
   ni_chw = 0 '\0', 
   ni_htrates = {
     rs_nrates = 0 '\0', 
     rs_rates = '\0' <repeats 126 times>
   }, 
   ni_tx_ampdu = {{
       txa_ni = 0x0, 
       txa_flags = 0, 
 ---Type <return> to continue, or q <return> to quit---
       txa_ac = 0 '\0', 
       txa_token = 0 '\0', 
       txa_lastsample = 0, 
       txa_pkts = 0, 
       txa_avgpps = 0, 
       txa_qbytes = 0, 
       txa_qframes = 0, 
       txa_start = 0, 
       txa_seqpending = 0, 
       txa_wnd = 0, 
       txa_attempts = 0 '\0', 
       txa_nextrequest = 0, 
       txa_timer = {
         c_links = {
           sle = {
             sle_next = 0x0
           }, 
           tqe = {
             tqe_next = 0x0, 
             tqe_prev = 0x0
           }
         }, 
         c_time = 0, 
 ---Type <return> to continue, or q <return> to quit---
         c_arg = 0x0, 
         c_func = 0, 
         c_lock = 0x0, 
         c_flags = 0, 
         c_cpu = 0
       }, 
       txa_private = 0x0, 
       txa_pad = {0, 0, 0, 0}
     }, {
       txa_ni = 0x0, 
       txa_flags = 0, 
       txa_ac = 0 '\0', 
       txa_token = 0 '\0', 
       txa_lastsample = 0, 
       txa_pkts = 0, 
       txa_avgpps = 0, 
       txa_qbytes = 0, 
       txa_qframes = 0, 
       txa_start = 0, 
       txa_seqpending = 0, 
       txa_wnd = 0, 
       txa_attempts = 0 '\0', 
       txa_nextrequest = 0, 
 ---Type <return> to continue, or q <return> to quit---
       txa_timer = {
         c_links = {
           sle = {
             sle_next = 0x0
           }, 
           tqe = {
             tqe_next = 0x0, 
             tqe_prev = 0x0
           }
         }, 
         c_time = 0, 
         c_arg = 0x0, 
         c_func = 0, 
         c_lock = 0x0, 
         c_flags = 0, 
         c_cpu = 0
       }, 
       txa_private = 0x0, 
       txa_pad = {0, 0, 0, 0}
     }, {
       txa_ni = 0x0, 
       txa_flags = 0, 
       txa_ac = 0 '\0', 
 ---Type <return> to continue, or q <return> to quit---
       txa_token = 0 '\0', 
       txa_lastsample = 0, 
       txa_pkts = 0, 
       txa_avgpps = 0, 
       txa_qbytes = 0, 
       txa_qframes = 0, 
       txa_start = 0, 
       txa_seqpending = 0, 
       txa_wnd = 0, 
       txa_attempts = 0 '\0', 
       txa_nextrequest = 0, 
       txa_timer = {
         c_links = {
           sle = {
             sle_next = 0x0
           }, 
           tqe = {
             tqe_next = 0x0, 
             tqe_prev = 0x0
           }
         }, 
         c_time = 0, 
         c_arg = 0x0, 
 ---Type <return> to continue, or q <return> to quit---
         c_func = 0, 
         c_lock = 0x0, 
         c_flags = 0, 
         c_cpu = 0
       }, 
       txa_private = 0x0, 
       txa_pad = {0, 0, 0, 0}
     }, {
       txa_ni = 0x0, 
       txa_flags = 0, 
       txa_ac = 0 '\0', 
       txa_token = 0 '\0', 
       txa_lastsample = 0, 
       txa_pkts = 0, 
       txa_avgpps = 0, 
       txa_qbytes = 0, 
       txa_qframes = 0, 
       txa_start = 0, 
       txa_seqpending = 0, 
       txa_wnd = 0, 
       txa_attempts = 0 '\0', 
       txa_nextrequest = 0, 
       txa_timer = {
 ---Type <return> to continue, or q <return> to quit---
         c_links = {
           sle = {
             sle_next = 0x0
           }, 
           tqe = {
             tqe_next = 0x0, 
             tqe_prev = 0x0
           }
         }, 
         c_time = 0, 
         c_arg = 0x0, 
         c_func = 0, 
         c_lock = 0x0, 
         c_flags = 0, 
         c_cpu = 0
       }, 
       txa_private = 0x0, 
       txa_pad = {0, 0, 0, 0}
     }}, 
   ni_rx_ampdu = {{
       rxa_flags = 0, 
       rxa_qbytes = 0, 
       rxa_qframes = 0, 
 ---Type <return> to continue, or q <return> to quit---
       rxa_seqstart = 0, 
       rxa_start = 0, 
       rxa_wnd = 0, 
       rxa_age = 0, 
       rxa_nframes = 0, 
       rxa_m = {0x0 <repeats 64 times>}, 
       rxa_pad = {0, 0, 0, 0}
     } <repeats 16 times>}, 
   ni_inact = 2, 
   ni_inact_reload = 12, 
   ni_txrate = 0, 
   ni_psq = {
     psq_lock = {
       lock_object = {
         lo_name = 0xffffffff809653c5 "unknown", 
         lo_flags = 16973824, 
         lo_data = 0, 
         lo_witness = 0x0
       }, 
       mtx_lock = 4
     }, 
     psq_len = 0, 
     psq_maxlen = 50, 
 ---Type <return> to continue, or q <return> to quit---
     psq_drops = 0, 
     psq_head = {{
         head = 0x0, 
         tail = 0x0, 
         len = 0
       }, {
         head = 0x0, 
         tail = 0x0, 
         len = 0
       }}
   }, 
   ni_stats = {
     ns_rx_data = 1, 
     ns_rx_mgmt = 1, 
     ns_rx_ctrl = 0, 
     ns_rx_ucast = 0, 
     ns_rx_mcast = 1, 
     ns_rx_bytes = 20, 
     ns_rx_beacons = 0, 
     ns_rx_proberesp = 0, 
     ns_rx_dup = 0, 
     ns_rx_noprivacy = 0, 
     ns_rx_wepfail = 0, 
 ---Type <return> to continue, or q <return> to quit---
     ns_rx_demicfail = 0, 
     ns_rx_decap = 0, 
     ns_rx_defrag = 0, 
     ns_rx_disassoc = 0, 
     ns_rx_deauth = 0, 
     ns_rx_action = 0, 
     ns_rx_decryptcrc = 0, 
     ns_rx_unauth = 0, 
     ns_rx_unencrypted = 0, 
     ns_rx_drop = 0, 
     ns_tx_data = 1, 
     ns_tx_mgmt = 2, 
     ns_tx_ctrl = 0, 
     ns_tx_ucast = 1, 
     ns_tx_mcast = 0, 
     ns_tx_bytes = 107, 
     ns_tx_probereq = 0, 
     ns_tx_novlantag = 0, 
     ns_tx_vlanmismatch = 0, 
     ns_ps_discard = 0, 
     ns_tx_assoc = 1, 
     ns_tx_assoc_fail = 0, 
     ns_tx_auth = 1, 
 ---Type <return> to continue, or q <return> to quit---
     ns_tx_auth_fail = 0, 
     ns_tx_deauth = 0, 
     ns_tx_deauth_code = 0, 
     ns_tx_disassoc = 0, 
     ns_tx_disassoc_code = 0, 
     ns_spare = {0, 0, 0, 0, 0, 0, 0, 0}
   }, 
   ni_wdsvap = 0x0, 
   ni_rctls = 0x0, 
   ni_spare = {0, 0, 0}
 }
 (kgdb) q
 
  And here comes the patch:  (the first hunk is an unrelated stable/8
 commit since I'm on the 8.1 release branch atm.)  [2]
 
 Index: src/sys/dev/usb/wlan/if_rum.c
 ===================================================================
 RCS file: /home/scvs/src/sys/dev/usb/wlan/if_rum.c,v
 retrieving revision 1.20.2.7.2.1
 diff -u -p -r1.20.2.7.2.1 if_rum.c
 --- src/sys/dev/usb/wlan/if_rum.c	14 Jun 2010 02:09:06 -0000	1.20.2.7.2.1
 +++ src/sys/dev/usb/wlan/if_rum.c	1 Aug 2010 14:31:27 -0000
 @@ -1049,7 +1049,7 @@ rum_sendprot(struct rum_softc *sc,
  	ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
  
  	isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
 -	dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort);
 +	dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort)
  	    + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
  	flags = RT2573_TX_MORE_FRAG;
  	if (prot == IEEE80211_PROT_RTSCTS) {
 @@ -1216,6 +1216,17 @@ rum_tx_data(struct rum_softc *sc, struct
  		rate = tp->ucastrate;
  	else
  		rate = ni->ni_txrate;
 +#if 1
 +	static int lastrate = 0;
 +	if (rate == 0) {
 +		/* XXX */
 +		rate = 72;
 +		printf("wlan: rate = 0!  using %d\n", rate);
 +	} else if (rate != lastrate) {
 +		printf("wlan: rate = %d\n", rate);
 +		lastrate = rate;
 +	}
 +#endif
  
  	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
  		k = ieee80211_crypto_encap(ni, m0);
 
  Using that patch I get:
 
 Aug  2 20:15:06 triton8 kernel: wlan: rate = 0!  using 72
 Aug  2 20:15:22 triton8 last message repeated 11 times
 Aug  2 20:15:22 triton8 kernel: 
 Aug  2 20:15:24 triton8 kernel: wlan: rate = 0!  using 72
 Aug  2 20:15:26 triton8 last message repeated 16 times
 Aug  2 20:21:03 triton8 last message repeated 2 times
 Aug  2 20:22:46 triton8 last message repeated 19 times
 
  HTH,
 	Juergen

From: Alex Kozlov <spam@rm-rf.kiev.ua>
To: nox@freebsd.org, rpaulo@freebsd.org, freebsd-net@FreeBSD.org,
	bug-followup@FreeBSD.org, spam@rm-rf.kiev.ua
Cc:  
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 09:52:16 +0300

 --Q68bSM7Ycu6FN28Q
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 >  Regarding the 8.1 if_rum(4) panics...  I got a similar one, extracted
 > a dump and tried to gather some info for someone who knows the code:
 > 
 >  The zero divide fault was because (apparently) rate was unitialized,
 > as is
 > 
 > 	((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 > 
 > i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 This can be mitigated by patch [1] or by setting ucastrate option in
 ifconfig. Still real issue need to be solved.
 
 
 --
 Adios
 
 --Q68bSM7Ycu6FN28Q
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename="patch.txt"
 
 Index: sys/dev/usb/wlan/if_rum.c
 @@ -1153,9 +1153,11 @@
  
  	rate = params->ibp_rate0;
  	if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
 +		device_printf(sc->sc_dev, "invalid rate=%d\n", rate);
  		m_freem(m0);
  		return EINVAL;
  	}
 +
  	flags = 0;
  	if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
  		flags |= RT2573_TX_NEED_ACK;
 @@ -1217,6 +1219,13 @@
  	else
  		rate = ni->ni_txrate;
  
 +	/* XXX ieee80211_ratectl sometimes set ni->ni_txrate to 0 */
 +	if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
 +		device_printf(sc->sc_dev, "invalid rate=%d\n", rate);
 +		m_freem(m0);
 +		return EINVAL;
 +	}
 +
  	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
  		k = ieee80211_crypto_encap(ni, m0);
  		if (k == NULL) {
 
 --Q68bSM7Ycu6FN28Q--

From: Bernhard Schmidt <bschmidt@techwires.net>
To: Alex Kozlov <spam@rm-rf.kiev.ua>, bug-followup@freebsd.org
Cc: nox@freebsd.org, rpaulo@freebsd.org
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 10:05:39 +0200

 On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 >> =A0Regarding the 8.1 if_rum(4) panics... =A0I got a similar one, extract=
 ed
 >> a dump and tried to gather some info for someone who knows the code:
 >>
 >> =A0The zero divide fault was because (apparently) rate was unitialized,
 >> as is
 >>
 >> =A0 =A0 =A0 ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_=
 vap->iv_txparms[0]
 >>
 >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 > This can be mitigated by patch [1] or by setting ucastrate option in
 > ifconfig. Still real issue need to be solved.
 
 The real issue is that prior to an association (RUN state)
 ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 configured in any way.
 
 I'll look into that if no one beats me.
 
 --=20
 Bernhard

From: Alex Kozlov <spam@rm-rf.kiev.ua>
To: Bernhard Schmidt <bschmidt@techwires.net>, bug-followup@freebsd.org,
	nox@freebsd.org, rpaulo@freebsd.org, spam@rm-rf.kiev.ua
Cc:  
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 12:11:05 +0300

 On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 > On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 > >> Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted
 > >> a dump and tried to gather some info for someone who knows the code:
 > >>
 > >> The zero divide fault was because (apparently) rate was unitialized,
 > >> as is
 > >>
 > >>    ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 > >>
 > >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 > > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 > > This can be mitigated by patch [1] or by setting ucastrate option in
 > > ifconfig. Still real issue need to be solved.
 > 
 > The real issue is that prior to an association (RUN state)
 > ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 > configured in any way.
 ieee80211_ratectl_node_init() called from iv_newstate when switching to
 IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 Some call it from iv_newassoc, but this marked /* XXX move */
  
 > I'll look into that if no one beats me.
 Thanks.
 
 
 --
 Adios

From: Bernhard Schmidt <bschmidt@techwires.net>
To: Alex Kozlov <spam@rm-rf.kiev.ua>, bug-followup@freebsd.org
Cc: nox@freebsd.org, rpaulo@freebsd.org
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 11:34:35 +0200

 On Thu, Aug 5, 2010 at 11:11, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 >> On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 >> > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 >> >> =A0Regarding the 8.1 if_rum(4) panics... =A0I got a similar one, extr=
 acted
 >> >> a dump and tried to gather some info for someone who knows the code:
 >> >>
 >> >> =A0The zero divide fault was because (apparently) rate was unitialize=
 d,
 >> >> as is
 >> >>
 >> >> =A0 =A0 =A0 ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->=
 ni_vap->iv_txparms[0]
 >> >>
 >> >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 >> > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 >> > This can be mitigated by patch [1] or by setting ucastrate option in
 >> > ifconfig. Still real issue need to be solved.
 >>
 >> The real issue is that prior to an association (RUN state)
 >> ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 >> configured in any way.
 > ieee80211_ratectl_node_init() called from iv_newstate when switching to
 > IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 > Some call it from iv_newassoc, but this marked /* XXX move */
 
 It is not wrong, but to late. Before RUN state and the iv_newassoc()
 call, you have to send frames for scanning and authentication, those
 need a valid rate too. I wonder if we can call node_init() in
 ieee80211_vap_setup() or something similar, that would definitely be
 early enough.
 
 >> I'll look into that if no one beats me.
 > Thanks.
 
 
 --=20
 Bernhard

From: Rui Paulo <rpaulo@freebsd.org>
To: Bernhard Schmidt <bschmidt@techwires.net>
Cc: Alex Kozlov <spam@rm-rf.kiev.ua>,
 bug-followup@freebsd.org,
 nox@freebsd.org
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 10:38:44 +0100

 On 5 Aug 2010, at 10:34, Bernhard Schmidt wrote:
 
 > On Thu, Aug 5, 2010 at 11:11, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 >> On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 >>> On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> =
 wrote:
 >>>> On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 >>>>>  Regarding the 8.1 if_rum(4) panics...  I got a similar one, =
 extracted
 >>>>> a dump and tried to gather some info for someone who knows the =
 code:
 >>>>>=20
 >>>>>  The zero divide fault was because (apparently) rate was =
 unitialized,
 >>>>> as is
 >>>>>=20
 >>>>>       ((struct ieee80211_node *) =
 m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 >>>>>=20
 >>>>> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it =
 matters.
 >>>> Yes, its seems that ratectl framework sometimes set ni->ni_txrate =
 to 0
 >>>> This can be mitigated by patch [1] or by setting ucastrate option =
 in
 >>>> ifconfig. Still real issue need to be solved.
 >>>=20
 >>> The real issue is that prior to an association (RUN state)
 >>> ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 >>> configured in any way.
 >> ieee80211_ratectl_node_init() called from iv_newstate when switching =
 to
 >> IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 >> Some call it from iv_newassoc, but this marked /* XXX move */
 >=20
 > It is not wrong, but to late. Before RUN state and the iv_newassoc()
 > call, you have to send frames for scanning and authentication, those
 > need a valid rate too. I wonder if we can call node_init() in
 > ieee80211_vap_setup() or something similar, that would definitely be
 > early enough.
 
 vap_setup() runs once and we need need to call node_init for each node =
 connected to an AP or for the AP node when the vap is a STA.
 
 Regards,
 --
 Rui Paulo
 
 

From: Bernhard Schmidt <bschmidt@techwires.net>
To: Alex Kozlov <spam@rm-rf.kiev.ua>
Cc: bug-followup@freebsd.org, Juergen Lock <nox@jelal.kn-bremen.de>, rpaulo@freebsd.org
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 18:25:32 +0200

 --00c09f89939bd0b2e9048d15ff5b
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 On Thu, Aug 5, 2010 at 11:11, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 >> On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 >> > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 >> >> =A0Regarding the 8.1 if_rum(4) panics... =A0I got a similar one, extr=
 acted
 >> >> a dump and tried to gather some info for someone who knows the code:
 >> >>
 >> >> =A0The zero divide fault was because (apparently) rate was unitialize=
 d,
 >> >> as is
 >> >>
 >> >> =A0 =A0 =A0 ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->=
 ni_vap->iv_txparms[0]
 >> >>
 >> >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 >> > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 >> > This can be mitigated by patch [1] or by setting ucastrate option in
 >> > ifconfig. Still real issue need to be solved.
 >>
 >> The real issue is that prior to an association (RUN state)
 >> ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 >> configured in any way.
 > ieee80211_ratectl_node_init() called from iv_newstate when switching to
 > IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 > Some call it from iv_newassoc, but this marked /* XXX move */
 >
 >> I'll look into that if no one beats me.
 > Thanks.
 
 
 Please give attached patch a try, it should fix the issue for rum and
 all other drivers relying on the new ratectl stuff.
 
 Thanks
 
 --=20
 Bernhard
 
 --00c09f89939bd0b2e9048d15ff5b
 Content-Type: application/octet-stream; 
 	name="net80211_ratectl_node_init.diff"
 Content-Disposition: attachment; filename="net80211_ratectl_node_init.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_gchtkki90
 
 SW5kZXg6IHN5cy9uZXQ4MDIxMS9pZWVlODAyMTFfbm9kZS5jCj09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9u
 ZXQ4MDIxMS9pZWVlODAyMTFfbm9kZS5jCShyZXZpc2lvbiAyMTA4NjIpCisrKyBzeXMvbmV0ODAy
 MTEvaWVlZTgwMjExX25vZGUuYwkod29ya2luZyBjb3B5KQpAQCAtODE3LDYgKzgxNyw3IEBAIGll
 ZWU4MDIxMV9zdGFfam9pbihzdHJ1Y3QgaWVlZTgwMjExdmFwICp2YXAsIHN0cnVjCiAJaWYgKGll
 ZWU4MDIxMV9pc2VycF9yYXRlc2V0KCZuaS0+bmlfcmF0ZXMpKQogCQluaS0+bmlfZmxhZ3MgfD0g
 SUVFRTgwMjExX05PREVfRVJQOwogCWllZWU4MDIxMV9ub2RlX3NldHVwdHhwYXJtcyhuaSk7CisJ
 aWVlZTgwMjExX3JhdGVjdGxfbm9kZV9pbml0KG5pKTsKIAogCXJldHVybiBpZWVlODAyMTFfc3Rh
 X2pvaW4xKGllZWU4MDIxMV9yZWZfbm9kZShuaSkpOwogfQpAQCAtMTQwMSw2ICsxNDAyLDcgQEAg
 aWVlZTgwMjExX2Zha2V1cF9hZGhvY19ub2RlKHN0cnVjdCBpZWVlODAyMTF2YXAgKnYKICNlbmRp
 ZgogCQl9CiAJCWllZWU4MDIxMV9ub2RlX3NldHVwdHhwYXJtcyhuaSk7CisJCWllZWU4MDIxMV9y
 YXRlY3RsX25vZGVfaW5pdChuaSk7CiAJCWlmIChpYy0+aWNfbmV3YXNzb2MgIT0gTlVMTCkKIAkJ
 CWljLT5pY19uZXdhc3NvYyhuaSwgMSk7CiAJCS8qIFhYWCBub3QgcmlnaHQgZm9yIDgwMi4xeC9X
 UEEgKi8KQEAgLTE0NzAsNiArMTQ3Miw3IEBAIGllZWU4MDIxMV9hZGRfbmVpZ2hib3Ioc3RydWN0
 IGllZWU4MDIxMXZhcCAqdmFwLAogCQlpZiAoaWVlZTgwMjExX2lzZXJwX3JhdGVzZXQoJm5pLT5u
 aV9yYXRlcykpCiAJCQluaS0+bmlfZmxhZ3MgfD0gSUVFRTgwMjExX05PREVfRVJQOwogCQlpZWVl
 ODAyMTFfbm9kZV9zZXR1cHR4cGFybXMobmkpOworCQlpZWVlODAyMTFfcmF0ZWN0bF9ub2RlX2lu
 aXQobmkpOwogCQlpZiAoaWMtPmljX25ld2Fzc29jICE9IE5VTEwpCiAJCQlpYy0+aWNfbmV3YXNz
 b2MobmksIDEpOwogCQkvKiBYWFggbm90IHJpZ2h0IGZvciA4MDIuMXgvV1BBICovCkBAIC0yMzM4
 LDYgKzIzNDEsNyBAQCBpZWVlODAyMTFfbm9kZV9qb2luKHN0cnVjdCBpZWVlODAyMTFfbm9kZSAq
 bmksIGludAogCSk7CiAKIAlpZWVlODAyMTFfbm9kZV9zZXR1cHR4cGFybXMobmkpOworCWllZWU4
 MDIxMV9yYXRlY3RsX25vZGVfaW5pdChuaSk7CiAJLyogZ2l2ZSBkcml2ZXIgYSBjaGFuY2UgdG8g
 c2V0dXAgc3RhdGUgbGlrZSBuaV90eHJhdGUgKi8KIAlpZiAoaWMtPmljX25ld2Fzc29jICE9IE5V
 TEwpCiAJCWljLT5pY19uZXdhc3NvYyhuaSwgbmV3YXNzb2MpOwpJbmRleDogc3lzL25ldDgwMjEx
 L2llZWU4MDIxMV9zdGEuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBzeXMvbmV0ODAyMTEvaWVlZTgwMjExX3N0
 YS5jCShyZXZpc2lvbiAyMTA4NjIpCisrKyBzeXMvbmV0ODAyMTEvaWVlZTgwMjExX3N0YS5jCSh3
 b3JraW5nIGNvcHkpCkBAIC02MCw2ICs2MCw3IEBAIF9fRkJTRElEKCIkRnJlZUJTRCQiKTsKICNp
 ZmRlZiBJRUVFODAyMTFfU1VQUE9SVF9TVVBFUkcKICNpbmNsdWRlIDxuZXQ4MDIxMS9pZWVlODAy
 MTFfc3VwZXJnLmg+CiAjZW5kaWYKKyNpbmNsdWRlIDxuZXQ4MDIxMS9pZWVlODAyMTFfcmF0ZWN0
 bC5oPgogCiAjZGVmaW5lCUlFRUU4MDIxMV9SQVRFMk1CUyhyKQkoKChyKSAmIElFRUU4MDIxMV9S
 QVRFX1ZBTCkgLyAyKQogCkBAIC0xNTk2LDYgKzE1OTcsNyBAQCBzdGFfcmVjdl9tZ210KHN0cnVj
 dCBpZWVlODAyMTFfbm9kZSAqbmksIHN0cnVjdCBtYgogCQkJICAgICBJRUVFODAyMTFfRl9KT0lO
 IHwgSUVFRTgwMjExX0ZfRE9CUlMpOwogCQkJaWVlZTgwMjExX3NldHVwX2Jhc2ljX2h0cmF0ZXMo
 bmksIGh0aW5mbyk7CiAJCQlpZWVlODAyMTFfbm9kZV9zZXR1cHR4cGFybXMobmkpOworCQkJaWVl
 ZTgwMjExX3JhdGVjdGxfbm9kZV9pbml0KG5pKTsKIAkJfSBlbHNlIHsKICNpZmRlZiBJRUVFODAy
 MTFfU1VQUE9SVF9TVVBFUkcKIAkJCWlmIChJRUVFODAyMTFfQVRIX0NBUCh2YXAsIG5pLCBJRUVF
 ODAyMTFfTk9ERV9BVEgpKQo=
 --00c09f89939bd0b2e9048d15ff5b--

From: Alex Kozlov <spam@rm-rf.kiev.ua>
To: Bernhard Schmidt <bschmidt@techwires.net>, bug-followup@freebsd.org,
	spam@rm-rf.kiev.ua
Cc:  
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Thu, 5 Aug 2010 21:14:41 +0300

 On Thu, Aug 05, 2010 at 06:25:32PM +0200, Bernhard Schmidt wrote:
 > On Thu, Aug 5, 2010 at 11:11, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > > On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 > >> On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > >> > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 > >> >> Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted
 > >> >> a dump and tried to gather some info for someone who knows the code:
 > >> >>
 > >> >> The zero divide fault was because (apparently) rate was unitialized,
 > >> >> as is
 > >> >>
 > >> >>    ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 > >> >>
 > >> >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 > >> > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 > >> > This can be mitigated by patch [1] or by setting ucastrate option in
 > >> > ifconfig. Still real issue need to be solved.
 > >>
 > >> The real issue is that prior to an association (RUN state)
 > >> ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 > >> configured in any way.
 > > ieee80211_ratectl_node_init() called from iv_newstate when switching to
 > > IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 > > Some call it from iv_newassoc, but this marked /* XXX move */
 > >> I'll look into that if no one beats me.
 > > Thanks.
 > Please give attached patch a try, it should fix the issue for rum and
 > all other drivers relying on the new ratectl stuff.
 Testing. Thanks again.
 
 
 --
 Adios

From: Juergen Lock <nox@jelal.kn-bremen.de>
To: Bernhard Schmidt <bschmidt@techwires.net>
Cc: Alex Kozlov <spam@rm-rf.kiev.ua>, bug-followup@freebsd.org,
        Juergen Lock <nox@jelal.kn-bremen.de>, rpaulo@freebsd.org,
        Kevin Lo <kevlo@freebsd.org>
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Sun, 8 Aug 2010 17:14:46 +0200

 On Thu, Aug 05, 2010 at 06:25:32PM +0200, Bernhard Schmidt wrote:
 > On Thu, Aug 5, 2010 at 11:11, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > > On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 > >> On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > >> > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 > >> >> Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted
 > >> >> a dump and tried to gather some info for someone who knows the code:
 > >> >>
 > >> >> The zero divide fault was because (apparently) rate was unitialized,
 > >> >> as is
 > >> >>
 > >> >>    ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 > >> >>
 > >> >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 > >> > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 > >> > This can be mitigated by patch [1] or by setting ucastrate option in
 > >> > ifconfig. Still real issue need to be solved.
 > >>
 > >> The real issue is that prior to an association (RUN state)
 > >> ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 > >> configured in any way.
 > > ieee80211_ratectl_node_init() called from iv_newstate when switching to
 > > IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 > > Some call it from iv_newassoc, but this marked /* XXX move */
 > >
 > >> I'll look into that if no one beats me.
 > > Thanks.
 > 
 > 
 > Please give attached patch a try, it should fix the issue for rum and
 > all other drivers relying on the new ratectl stuff.
 
 That seems to stop the panics, but the wifi still only works partially
 (at least with hostapd), like with my original hack of a patch.  One
 reason might be that instead of beacon frames (Frame control 0x0080,
 wireshark calls this field wlan.fc), the device sends frames with
 Frame control 0x221e, which wireshark says is 802.11 Unrecognized,
 Type/Subtype Unknown 0x31...
 
  But that might not mean the patch is wrong, the driver might just
 have other problems too. :)
 
  Thanx,
 	Juergen

From: Alex Kozlov <spam@rm-rf.kiev.ua>
To: Juergen Lock <nox@jelal.kn-bremen.de>,
	Bernhard Schmidt <bschmidt@techwires.net>, rpaulo@freebsd.org,
	Kevin Lo <kevlo@freebsd.org>, bug-followup@freebsd.org,
	spam@rm-rf.kiev.ua
Cc:  
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Mon, 9 Aug 2010 12:23:26 +0300

 On Sun, Aug 08, 2010 at 05:14:46PM +0200, Juergen Lock wrote:
 > On Thu, Aug 05, 2010 at 06:25:32PM +0200, Bernhard Schmidt wrote:
 > > On Thu, Aug 5, 2010 at 11:11, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > > > On Thu, Aug 05, 2010 at 10:05:39AM +0200, Bernhard Schmidt wrote:
 > > >> On Thu, Aug 5, 2010 at 08:52, Alex Kozlov <spam@rm-rf.kiev.ua> wrote:
 > > >> > On Wed, Aug 04, 2010 at 10:02:35PM +0200, Juergen Lock wrote:
 > > >> >> Regarding the 8.1 if_rum(4) panics... I got a similar one, extracted
 > > >> >> a dump and tried to gather some info for someone who knows the code:
 > > >> >>
 > > >> >> The zero divide fault was because (apparently) rate was unitialized,
 > > >> >> as is
 > > >> >>
 > > >> >>    ((struct ieee80211_node *) m->M_dat.MH.MH_pkthdr.rcvif)->ni_vap->iv_txparms[0]
 > > >> >>
 > > >> >> i.e. struct ieee80211_txparam &vap->iv_txparms[0] in case it matters.
 > > >> > Yes, its seems that ratectl framework sometimes set ni->ni_txrate to 0
 > > >> > This can be mitigated by patch [1] or by setting ucastrate option in
 > > >> > ifconfig. Still real issue need to be solved.
 > > >>
 > > >> The real issue is that prior to an association (RUN state)
 > > >> ieee80211_ratectl_node_init() is not called, therefore iv_bss is not
 > > >> configured in any way.
 > > > ieee80211_ratectl_node_init() called from iv_newstate when switching to
 > > > IEEE80211_S_RUN state. Most drivers do the same. Is it wrong?
 > > > Some call it from iv_newassoc, but this marked /* XXX move */
 > > >
 > > >> I'll look into that if no one beats me.
 > > > Thanks.
 > > 
 > > 
 > > Please give attached patch a try, it should fix the issue for rum and
 > > all other drivers relying on the new ratectl stuff.
 > That seems to stop the panics, but the wifi still only works partially
 > (at least with hostapd), like with my original hack of a patch.  One
 That why I use ad-hoc. Yes, seems that this panic eliminated.
 
 
 --
 Adios
Responsible-Changed-From-To: freebsd-net->bschmidt 
Responsible-Changed-By: bschmidt 
Responsible-Changed-When: Wed Aug 11 09:53:34 UTC 2010 
Responsible-Changed-Why:  
Over to me. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149185 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/149185: commit references a PR
Date: Sat, 14 Aug 2010 09:29:57 +0000 (UTC)

 Author: bschmidt
 Date: Sat Aug 14 09:29:42 2010
 New Revision: 211295
 URL: http://svn.freebsd.org/changeset/base/211295
 
 Log:
   Initialize ni_txrate after txparams have been setup. Some drivers
   calculate various things prior to association based on ni_txrate and
   rely on it being nonzero.
   
   PR:		kern/149185
   MFC after:	2 weeks
 
 Modified:
   head/sys/net80211/ieee80211_node.c
   head/sys/net80211/ieee80211_sta.c
 
 Modified: head/sys/net80211/ieee80211_node.c
 ==============================================================================
 --- head/sys/net80211/ieee80211_node.c	Sat Aug 14 00:50:26 2010	(r211294)
 +++ head/sys/net80211/ieee80211_node.c	Sat Aug 14 09:29:42 2010	(r211295)
 @@ -817,6 +817,7 @@ ieee80211_sta_join(struct ieee80211vap *
  	if (ieee80211_iserp_rateset(&ni->ni_rates))
  		ni->ni_flags |= IEEE80211_NODE_ERP;
  	ieee80211_node_setuptxparms(ni);
 +	ieee80211_ratectl_node_init(ni);
  
  	return ieee80211_sta_join1(ieee80211_ref_node(ni));
  }
 @@ -1401,6 +1402,7 @@ ieee80211_fakeup_adhoc_node(struct ieee8
  #endif
  		}
  		ieee80211_node_setuptxparms(ni);
 +		ieee80211_ratectl_node_init(ni);
  		if (ic->ic_newassoc != NULL)
  			ic->ic_newassoc(ni, 1);
  		/* XXX not right for 802.1x/WPA */
 @@ -1470,6 +1472,7 @@ ieee80211_add_neighbor(struct ieee80211v
  		if (ieee80211_iserp_rateset(&ni->ni_rates))
  			ni->ni_flags |= IEEE80211_NODE_ERP;
  		ieee80211_node_setuptxparms(ni);
 +		ieee80211_ratectl_node_init(ni);
  		if (ic->ic_newassoc != NULL)
  			ic->ic_newassoc(ni, 1);
  		/* XXX not right for 802.1x/WPA */
 @@ -2338,6 +2341,7 @@ ieee80211_node_join(struct ieee80211_nod
  	);
  
  	ieee80211_node_setuptxparms(ni);
 +	ieee80211_ratectl_node_init(ni);
  	/* give driver a chance to setup state like ni_txrate */
  	if (ic->ic_newassoc != NULL)
  		ic->ic_newassoc(ni, newassoc);
 
 Modified: head/sys/net80211/ieee80211_sta.c
 ==============================================================================
 --- head/sys/net80211/ieee80211_sta.c	Sat Aug 14 00:50:26 2010	(r211294)
 +++ head/sys/net80211/ieee80211_sta.c	Sat Aug 14 09:29:42 2010	(r211295)
 @@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
  #ifdef IEEE80211_SUPPORT_SUPERG
  #include <net80211/ieee80211_superg.h>
  #endif
 +#include <net80211/ieee80211_ratectl.h>
  
  #define	IEEE80211_RATE2MBS(r)	(((r) & IEEE80211_RATE_VAL) / 2)
  
 @@ -1596,6 +1597,7 @@ sta_recv_mgmt(struct ieee80211_node *ni,
  			     IEEE80211_F_JOIN | IEEE80211_F_DOBRS);
  			ieee80211_setup_basic_htrates(ni, htinfo);
  			ieee80211_node_setuptxparms(ni);
 +			ieee80211_ratectl_node_init(ni);
  		} else {
  #ifdef IEEE80211_SUPPORT_SUPERG
  			if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_ATH))
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 

From: Bernhard Schmidt <bschmidt@techwires.net>
To: Juergen Lock <nox@jelal.kn-bremen.de>
Cc: Alex Kozlov <spam@rm-rf.kiev.ua>, bug-followup@freebsd.org
Subject: Re: kern/149185: [rum] [panic] panic in rum(4) driver on 8.1-R
Date: Sat, 14 Aug 2010 11:33:10 +0200

 On Sun, Aug 8, 2010 at 17:14, Juergen Lock <nox@jelal.kn-bremen.de> wrote:
 > On Thu, Aug 05, 2010 at 06:25:32PM +0200, Bernhard Schmidt wrote:
 >> Please give attached patch a try, it should fix the issue for rum and
 >> all other drivers relying on the new ratectl stuff.
 >
 > That seems to stop the panics, but the wifi still only works partially
 > (at least with hostapd), like with my original hack of a patch. =A0One
 > reason might be that instead of beacon frames (Frame control 0x0080,
 > wireshark calls this field wlan.fc), the device sends frames with
 > Frame control 0x221e, which wireshark says is 802.11 Unrecognized,
 > Type/Subtype Unknown 0x31...
 >
 > =A0But that might not mean the patch is wrong, the driver might just
 > have other problems too. :)
 
 Please create another PR for that. I currently do not have any device
 to play around with, maybe someone else can jump in here.
 
 Thanks for testing to both of you.
 
 --
 Bernhard

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/149185: commit references a PR
Date: Sat, 28 Aug 2010 07:21:26 +0000 (UTC)

 Author: bschmidt
 Date: Sat Aug 28 07:21:15 2010
 New Revision: 211921
 URL: http://svn.freebsd.org/changeset/base/211921
 
 Log:
   MFC r211295,211314,211546:
   Introduce IEEE80211_C_RATECTL, drivers which use the ratectl framework
   should set this capability. Initialize ni_txrate after txparams have
   been setup. Some drivers calculate various things prior to association
   based on ni_txrate and rely on it being nonzero.
   
   PR:		kern/149185
 
 Modified:
   stable/8/sys/dev/bwi/if_bwi.c
   stable/8/sys/dev/bwn/if_bwn.c
   stable/8/sys/dev/iwn/if_iwn.c
   stable/8/sys/dev/ral/rt2560.c
   stable/8/sys/dev/ral/rt2661.c
   stable/8/sys/dev/usb/wlan/if_rum.c
   stable/8/sys/dev/usb/wlan/if_run.c
   stable/8/sys/dev/usb/wlan/if_ural.c
   stable/8/sys/dev/usb/wlan/if_zyd.c
   stable/8/sys/dev/wpi/if_wpi.c
   stable/8/sys/net80211/ieee80211.c
   stable/8/sys/net80211/ieee80211_node.c
   stable/8/sys/net80211/ieee80211_sta.c
   stable/8/sys/net80211/ieee80211_var.h
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
   stable/8/sys/dev/xen/xenpci/   (props changed)
 
 Modified: stable/8/sys/dev/bwi/if_bwi.c
 ==============================================================================
 --- stable/8/sys/dev/bwi/if_bwi.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/bwi/if_bwi.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -511,7 +511,8 @@ bwi_attach(struct bwi_softc *sc)
  		      IEEE80211_C_SHPREAMBLE |
  		      IEEE80211_C_WPA |
  		      IEEE80211_C_BGSCAN |
 -		      IEEE80211_C_MONITOR;
 +		      IEEE80211_C_MONITOR |
 +		      IEEE80211_C_RATECTL;
  	ic->ic_opmode = IEEE80211_M_STA;
  	ieee80211_ifattach(ic, macaddr);
  
 
 Modified: stable/8/sys/dev/bwn/if_bwn.c
 ==============================================================================
 --- stable/8/sys/dev/bwn/if_bwn.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/bwn/if_bwn.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -1070,6 +1070,7 @@ bwn_attach_post(struct bwn_softc *sc)
  		| IEEE80211_C_WPA		/* capable of WPA1+WPA2 */
  		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
  		| IEEE80211_C_TXPMGT		/* capable of txpow mgt */
 +		| IEEE80211_C_RATECTL		/* use ratectl */
  		;
  
  	ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;	/* s/w bmiss */
 
 Modified: stable/8/sys/dev/iwn/if_iwn.c
 ==============================================================================
 --- stable/8/sys/dev/iwn/if_iwn.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/iwn/if_iwn.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -580,6 +580,7 @@ iwn_attach(device_t dev)
  		| IEEE80211_C_IBSS		/* ibss/adhoc mode */
  #endif
  		| IEEE80211_C_WME		/* WME */
 +		| IEEE80211_C_RATECTL		/* use ratectl */
  		;
  #if 0	/* HT */
  	/* XXX disable until HT channel setup works */
 
 Modified: stable/8/sys/dev/ral/rt2560.c
 ==============================================================================
 --- stable/8/sys/dev/ral/rt2560.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/ral/rt2560.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -291,6 +291,7 @@ rt2560_attach(device_t dev, int id)
  #ifdef notyet
  		| IEEE80211_C_TXFRAG		/* handle tx frags */
  #endif
 +		| IEEE80211_C_RATECTL		/* use ratectl */
  		;
  
  	bands = 0;
 
 Modified: stable/8/sys/dev/ral/rt2661.c
 ==============================================================================
 --- stable/8/sys/dev/ral/rt2661.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/ral/rt2661.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -294,6 +294,7 @@ rt2661_attach(device_t dev, int id)
  		| IEEE80211_C_TXFRAG		/* handle tx frags */
  		| IEEE80211_C_WME		/* 802.11e */
  #endif
 +		| IEEE80211_C_RATECTL		/* use ratectl */
  		;
  
  	bands = 0;
 
 Modified: stable/8/sys/dev/usb/wlan/if_rum.c
 ==============================================================================
 --- stable/8/sys/dev/usb/wlan/if_rum.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/usb/wlan/if_rum.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -496,6 +496,7 @@ rum_attach(device_t self)
  	    | IEEE80211_C_SHSLOT	/* short slot time supported */
  	    | IEEE80211_C_BGSCAN	/* bg scanning supported */
  	    | IEEE80211_C_WPA		/* 802.11i */
 +	    | IEEE80211_C_RATECTL	/* use ratectl */
  	    ;
  
  	bands = 0;
 
 Modified: stable/8/sys/dev/usb/wlan/if_run.c
 ==============================================================================
 --- stable/8/sys/dev/usb/wlan/if_run.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/usb/wlan/if_run.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -634,7 +634,8 @@ run_attach(device_t self)
  	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
  	    IEEE80211_C_SHSLOT |	/* short slot time supported */
  	    IEEE80211_C_WME |		/* WME */
 -	    IEEE80211_C_WPA;		/* WPA1|WPA2(RSN) */
 +	    IEEE80211_C_WPA |		/* WPA1|WPA2(RSN) */
 +	    IEEE80211_C_RATECTL;	/* use ratectl */
  
  	ic->ic_cryptocaps =
  	    IEEE80211_CRYPTO_WEP |
 
 Modified: stable/8/sys/dev/usb/wlan/if_ural.c
 ==============================================================================
 --- stable/8/sys/dev/usb/wlan/if_ural.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/usb/wlan/if_ural.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -485,6 +485,7 @@ ural_attach(device_t self)
  	    | IEEE80211_C_SHSLOT	/* short slot time supported */
  	    | IEEE80211_C_BGSCAN	/* bg scanning supported */
  	    | IEEE80211_C_WPA		/* 802.11i */
 +	    | IEEE80211_C_RATECTL	/* use ratectl */
  	    ;
  
  	bands = 0;
 
 Modified: stable/8/sys/dev/usb/wlan/if_zyd.c
 ==============================================================================
 --- stable/8/sys/dev/usb/wlan/if_zyd.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/usb/wlan/if_zyd.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -397,6 +397,7 @@ zyd_attach(device_t dev)
  	        | IEEE80211_C_SHSLOT		/* short slot time supported */
  		| IEEE80211_C_BGSCAN		/* capable of bg scanning */
  	        | IEEE80211_C_WPA		/* 802.11i */
 +		| IEEE80211_C_RATECTL		/* use ratectl */
  		;
  
  	bands = 0;
 
 Modified: stable/8/sys/dev/wpi/if_wpi.c
 ==============================================================================
 --- stable/8/sys/dev/wpi/if_wpi.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/dev/wpi/if_wpi.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -634,6 +634,7 @@ wpi_attach(device_t dev)
  		| IEEE80211_C_WME		/* 802.11e */
  		| IEEE80211_C_HOSTAP		/* Host access point mode */
  #endif
 +		| IEEE80211_C_RATECTL		/* use ratectl */
  		;
  
  	/*
 
 Modified: stable/8/sys/net80211/ieee80211.c
 ==============================================================================
 --- stable/8/sys/net80211/ieee80211.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/net80211/ieee80211.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -486,7 +486,8 @@ ieee80211_vap_setup(struct ieee80211com 
  	ieee80211_regdomain_vattach(vap);
  	ieee80211_radiotap_vattach(vap);
  
 -	ieee80211_ratectl_set(vap, IEEE80211_RATECTL_AMRR);
 +	if (vap->iv_caps & IEEE80211_C_RATECTL)
 +		ieee80211_ratectl_set(vap, IEEE80211_RATECTL_AMRR);
  
  	return 0;
  }
 
 Modified: stable/8/sys/net80211/ieee80211_node.c
 ==============================================================================
 --- stable/8/sys/net80211/ieee80211_node.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/net80211/ieee80211_node.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -817,6 +817,8 @@ ieee80211_sta_join(struct ieee80211vap *
  	if (ieee80211_iserp_rateset(&ni->ni_rates))
  		ni->ni_flags |= IEEE80211_NODE_ERP;
  	ieee80211_node_setuptxparms(ni);
 +	if (vap->iv_caps & IEEE80211_C_RATECTL)
 +		ieee80211_ratectl_node_init(ni);
  
  	return ieee80211_sta_join1(ieee80211_ref_node(ni));
  }
 @@ -1036,7 +1038,8 @@ node_free(struct ieee80211_node *ni)
  {
  	struct ieee80211com *ic = ni->ni_ic;
  
 -	ieee80211_ratectl_node_deinit(ni);
 +	if (ni->ni_vap->iv_caps & IEEE80211_C_RATECTL)
 +		ieee80211_ratectl_node_deinit(ni);
  	ic->ic_node_cleanup(ni);
  	ieee80211_ies_cleanup(&ni->ni_ies);
  	ieee80211_psq_cleanup(&ni->ni_psq);
 @@ -1401,6 +1404,8 @@ ieee80211_fakeup_adhoc_node(struct ieee8
  #endif
  		}
  		ieee80211_node_setuptxparms(ni);
 +		if (vap->iv_caps & IEEE80211_C_RATECTL)
 +			ieee80211_ratectl_node_init(ni);
  		if (ic->ic_newassoc != NULL)
  			ic->ic_newassoc(ni, 1);
  		/* XXX not right for 802.1x/WPA */
 @@ -1470,6 +1475,8 @@ ieee80211_add_neighbor(struct ieee80211v
  		if (ieee80211_iserp_rateset(&ni->ni_rates))
  			ni->ni_flags |= IEEE80211_NODE_ERP;
  		ieee80211_node_setuptxparms(ni);
 +		if (vap->iv_caps & IEEE80211_C_RATECTL)
 +			ieee80211_ratectl_node_init(ni);
  		if (ic->ic_newassoc != NULL)
  			ic->ic_newassoc(ni, 1);
  		/* XXX not right for 802.1x/WPA */
 @@ -2338,6 +2345,8 @@ ieee80211_node_join(struct ieee80211_nod
  	);
  
  	ieee80211_node_setuptxparms(ni);
 +	if (vap->iv_caps & IEEE80211_C_RATECTL)
 +		ieee80211_ratectl_node_init(ni);
  	/* give driver a chance to setup state like ni_txrate */
  	if (ic->ic_newassoc != NULL)
  		ic->ic_newassoc(ni, newassoc);
 
 Modified: stable/8/sys/net80211/ieee80211_sta.c
 ==============================================================================
 --- stable/8/sys/net80211/ieee80211_sta.c	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/net80211/ieee80211_sta.c	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
  #ifdef IEEE80211_SUPPORT_SUPERG
  #include <net80211/ieee80211_superg.h>
  #endif
 +#include <net80211/ieee80211_ratectl.h>
  
  #define	IEEE80211_RATE2MBS(r)	(((r) & IEEE80211_RATE_VAL) / 2)
  
 @@ -1597,6 +1598,8 @@ sta_recv_mgmt(struct ieee80211_node *ni,
  			     IEEE80211_F_JOIN | IEEE80211_F_DOBRS);
  			ieee80211_setup_basic_htrates(ni, htinfo);
  			ieee80211_node_setuptxparms(ni);
 +			if (vap->iv_caps & IEEE80211_C_RATECTL)
 +				ieee80211_ratectl_node_init(ni);
  		} else {
  #ifdef IEEE80211_SUPPORT_SUPERG
  			if (IEEE80211_ATH_CAP(vap, ni, IEEE80211_NODE_ATH))
 
 Modified: stable/8/sys/net80211/ieee80211_var.h
 ==============================================================================
 --- stable/8/sys/net80211/ieee80211_var.h	Sat Aug 28 07:10:51 2010	(r211920)
 +++ stable/8/sys/net80211/ieee80211_var.h	Sat Aug 28 07:21:15 2010	(r211921)
 @@ -597,7 +597,8 @@ MALLOC_DECLARE(M_80211_VAP);
  #define	IEEE80211_C_MONITOR	0x00010000	/* CAPABILITY: monitor mode */
  #define	IEEE80211_C_DFS		0x00020000	/* CAPABILITY: DFS/radar avail*/
  #define	IEEE80211_C_MBSS	0x00040000	/* CAPABILITY: MBSS available */
 -/* 0x7c0000 available */
 +#define	IEEE80211_C_RATECTL	0x00080000	/* CAPABILITY: use ratectl */
 +/* 0x700000 available */
  #define	IEEE80211_C_WPA1	0x00800000	/* CAPABILITY: WPA1 avail */
  #define	IEEE80211_C_WPA2	0x01000000	/* CAPABILITY: WPA2 avail */
  #define	IEEE80211_C_WPA		0x01800000	/* CAPABILITY: WPA1+WPA2 avail*/
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: bschmidt 
State-Changed-When: Sat Aug 28 07:31:04 UTC 2010 
State-Changed-Why:  
patched and MFCed. The other issues mentioned are tracked here: kern/149643. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=149185 
>Unformatted:
