On Fri, Jan 20, 2006 at 09:05:01PM +0000, Hauke Fath wrote:
> mac68k_bssr2(0,47db34,c3c,0,0) + 20

Hmm, so bus_space_set_region_2() is being called with a count argument
of 0? (the last argument). The bus_space(9) manpage mentions,
"Functions which take a count of bytes have undefined results if the
specified count is zero," and mac68k's implementation treats a count
of 0 as being 2^32.

It looks like the last section of ae_write_mbuf() tries to pad the
packet with 0s at the end if it's shorter than the shortest allowable
ethernet frame, but if it's exactly one byte shorted, (ETHER_MIN_LEN -
ETHER_CRC_LEN - totlen) == 1, and it'll call bus_space_set_region_2()
with a count of 0. So, perhaps try this diff to round up instead of
down if totlen is odd?

Index: if_ae.c
===================================================================
RCS file: /cvsroot/src/sys/arch/mac68k/dev/if_ae.c,v
retrieving revision 1.77
diff -u -r1.77 if_ae.c
--- if_ae.c     11 Dec 2005 12:18:02 -0000      1.77
+++ if_ae.c     20 Jan 2006 21:37:31 -0000
@@ -173,7 +173,7 @@
        }
        if (totlen < ETHER_MIN_LEN - ETHER_CRC_LEN) {
                bus_space_set_region_2(sc->sc_buft, sc->sc_bufh, buf, 0,
-                   (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen) >> 1);
+                   (ETHER_MIN_LEN - ETHER_CRC_LEN - totlen + 1) >> 1);
                totlen = ETHER_MIN_LEN - ETHER_CRC_LEN;
        }
        return (totlen);

-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym@azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 30 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++