From nobody@FreeBSD.org  Tue Feb 14 18:36:17 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7C789106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 14 Feb 2012 18:36:17 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 513F28FC1A
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 14 Feb 2012 18:36:17 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q1EIaHwB018232
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 14 Feb 2012 18:36:17 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q1EIaHDL018231;
	Tue, 14 Feb 2012 18:36:17 GMT
	(envelope-from nobody)
Message-Id: <201202141836.q1EIaHDL018231@red.freebsd.org>
Date: Tue, 14 Feb 2012 18:36:17 GMT
From: Monthadar <monthadar@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Net802.11 Fragment number is assigned 1 (should be 0) when fragmenting a frame
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         165146
>Category:       kern
>Synopsis:       [net80211] Net802.11 Fragment number is assigned 1 (should be 0) when fragmenting a frame
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-wireless
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 14 18:40:10 UTC 2012
>Closed-Date:    
>Last-Modified:  Wed Feb 15 06:13:27 UTC 2012
>Originator:     Monthadar
>Release:        Current
>Organization:
>Environment:
effects all enviroments
>Description:
I found that in FreeBSD current the first fragment will have a
fragment number = 1 in function ieee80211_fragment.

But according to 802.11-2007, 9.4 Fragmentation page 279:
"...The fragments shall be sent in order of lowest fragment number to
highest fragment
number, where the fragment number value starts at zero, ..."

This also holds on the 802.11-2011 draft 12:
"The fragment number is set to 0 in the first or only fragment of an
MSDU or MMPDU and is
incremented by one for each successive fragment of that MSDU or MMPDU."

I checked Linux 3.3-rc3 code and there I see them having a check on rx side
if (frag == 0) { /* This is the first fragment of a new frame. */
and on tx side they put:
fragnum = 0;

On Madwifi 0.9.4 in function ieee80211_encap:
fragnum = 0;

>How-To-Repeat:
N/A
>Fix:


Patch attached with submission follows:

From 32927dd6a2271488b52dd05b3d89ca193961ffa1 Mon Sep 17 00:00:00 2001
From: Monthadar Al Jaberi <monthadar@gmail.com>
Date: Tue, 14 Feb 2012 19:28:32 +0100
Subject: [PATCH] Fragment number for the first fragment should be zero as
 specified in the 802.11-2007 standard.

---
 sys/net80211/ieee80211_output.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c
index f6f90b6..6cb1f94 100644
--- a/sys/net80211/ieee80211_output.c
+++ b/sys/net80211/ieee80211_output.c
@@ -1377,7 +1377,7 @@ ieee80211_fragment(struct ieee80211vap *vap, struct mbuf *m0,
 	/* NB: mark the first frag; it will be propagated below */
 	wh->i_fc[1] |= IEEE80211_FC1_MORE_FRAG;
 	totalhdrsize = hdrsize + ciphdrsize;
-	fragno = 1;
+	fragno = 0;
 	off = mtu - ciphdrsize;
 	remainder = m0->m_pkthdr.len - off;
 	prev = m0;
-- 
1.7.8



>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-wireless 
Responsible-Changed-By: adrian 
Responsible-Changed-When: Wed Feb 15 06:13:12 UTC 2012 
Responsible-Changed-Why:  
Punt 


http://www.freebsd.org/cgi/query-pr.cgi?pr=165146 
>Unformatted:
