I found out that segmentation faults may occur in CSMAMacLayer.cc, if the time of a packet duration is shorter than a DIFS time.
- at least for the smallest packets the total time for transmission is shorter than a DIFS time
- multiple nodes are willing to send packets and thus nodes may need to wait multiple backoff times due to contention
1. backoffTimer expires, the node senses an idle channel and waits DIFS time (timer: minorMsg)
2. The node receives a packet which is not addressed to this node. It deletes the packet and calls scheduleBackoff() afterwards. (DIFS timer still running)
3. scheduleBackoff() sees that txAttempts exceeded maxTxAttempts and deletes the first packet in the macQueue. Then it sees that there are no packets left in the queue (macQueue.size()==0) and thus it does not schedule the backoffTimer. (DIFS timer still running)
4. The DIFS timer expires (minorMsg). The node senses an idle channel and switches the radio from RX mode to TX mode.
5. The MAC receives a RADIO_SWITCHING_OVER control message from PHY (handleLowerControl()). The MAC now tries to get the first message from the queue and send it. As the queue is empty, macQueue.front() returns an invalid pointer and encapsMsg produces a segfault.
Currenty, scheduleBackoff() will cancel the minorMsg (DIFS timer) if minorMsg is scheduled, but only if there are packets in the macQueue. I think that scheduleBackoff() should always cancel the minorMsg timer if it is scheduled.