search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branches 'master' and 'suser_to_priv'
[dragonfly.git] / sys / dev / netif / wi / if_wi.c
blob733a70ab2e755881b131af9b7ee7e81272318588
1 /* $NetBSD: wi.c,v 1.109 2003/01/09 08:52:19 dyoung Exp $ */
2
3 /*
4 * Copyright (c) 1997, 1998, 1999
5 * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Bill Paul.
18 * 4. Neither the name of the author nor the names of any co-contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR THE VOICES IN HIS HEAD
26 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 *
34 * $FreeBSD: src/sys/dev/wi/if_wi.c,v 1.180.2.7 2005/10/05 13:16:29 avatar Exp $
35 * $DragonFly: src/sys/dev/netif/wi/if_wi.c,v 1.41 2008/05/14 11:59:22 sephe Exp $
36 */
37
38 /*
39 * Lucent WaveLAN/IEEE 802.11 PCMCIA driver.
40 *
41 * Original FreeBSD driver written by Bill Paul <wpaul@ctr.columbia.edu>
42 * Electrical Engineering Department
43 * Columbia University, New York City
44 */
45
46 /*
47 * The WaveLAN/IEEE adapter is the second generation of the WaveLAN
48 * from Lucent. Unlike the older cards, the new ones are programmed
49 * entirely via a firmware-driven controller called the Hermes.
50 * Unfortunately, Lucent will not release the Hermes programming manual
51 * without an NDA (if at all). What they do release is an API library
52 * called the HCF (Hardware Control Functions) which is supposed to
53 * do the device-specific operations of a device driver for you. The
54 * publically available version of the HCF library (the 'HCF Light') is
55 * a) extremely gross, b) lacks certain features, particularly support
56 * for 802.11 frames, and c) is contaminated by the GNU Public License.
57 *
58 * This driver does not use the HCF or HCF Light at all. Instead, it
59 * programs the Hermes controller directly, using information gleaned
60 * from the HCF Light code and corresponding documentation.
61 *
62 * This driver supports the ISA, PCMCIA and PCI versions of the Lucent
63 * WaveLan cards (based on the Hermes chipset), as well as the newer
64 * Prism 2 chipsets with firmware from Intersil and Symbol.
65 */
66
67 #define WI_HERMES_AUTOINC_WAR /* Work around data write autoinc bug. */
68 #define WI_HERMES_STATS_WAR /* Work around stats counter bug. */
69
70 #include "opt_polling.h"
71
72 #include <sys/param.h>
73 #include <sys/endian.h>
74 #include <sys/systm.h>
75 #include <sys/sockio.h>
76 #include <sys/mbuf.h>
77 #include <sys/proc.h>
78 #include <sys/priv.h>
79 #include <sys/kernel.h>
80 #include <sys/socket.h>
81 #include <sys/module.h>
82 #include <sys/bus.h>
83 #include <sys/random.h>
84 #include <sys/syslog.h>
85 #include <sys/sysctl.h>
86 #include <sys/serialize.h>
87 #include <sys/rman.h>
88 #include <sys/thread2.h>
89 #include <sys/interrupt.h>
90
91 #include <machine/atomic.h>
92
93 #include <net/if.h>
94 #include <net/if_arp.h>
95 #include <net/ethernet.h>
96 #include <net/if_dl.h>
97 #include <net/if_media.h>
98 #include <net/if_types.h>
99 #include <net/ifq_var.h>
100
101 #include <netproto/802_11/ieee80211_var.h>
102 #include <netproto/802_11/ieee80211_ioctl.h>
103 #include <netproto/802_11/ieee80211_radiotap.h>
104 #include <netproto/802_11/if_wavelan_ieee.h>
105
106 #include <netinet/in.h>
107 #include <netinet/in_systm.h>
108 #include <netinet/in_var.h>
109 #include <netinet/ip.h>
110 #include <netinet/if_ether.h>
111
112 #include <net/bpf.h>
113
114 #include <dev/netif/wi/if_wireg.h>
115 #include <dev/netif/wi/if_wivar.h>
116
117 static void wi_start(struct ifnet *);
118 static int wi_reset(struct wi_softc *);
119 static void wi_watchdog(struct ifnet *);
120 static int wi_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
121 static int wi_media_change(struct ifnet *);
122 static void wi_media_status(struct ifnet *, struct ifmediareq *);
123
124 static void wi_rx_intr(struct wi_softc *);
125 static void wi_tx_intr(struct wi_softc *);
126 static void wi_tx_ex_intr(struct wi_softc *);
127 static void wi_info_intr(struct wi_softc *);
128
129 static int wi_get_cfg(struct ifnet *, u_long, caddr_t, struct ucred *);
130 static int wi_set_cfg(struct ifnet *, u_long, caddr_t);
131 static int wi_write_txrate(struct wi_softc *);
132 static int wi_write_wep(struct wi_softc *);
133 static int wi_write_multi(struct wi_softc *);
134 static int wi_alloc_fid(struct wi_softc *, int, int *);
135 static void wi_read_nicid(struct wi_softc *);
136 static int wi_write_ssid(struct wi_softc *, int, u_int8_t *, int);
137
138 static int wi_cmd(struct wi_softc *, int, int, int, int);
139 static int wi_seek_bap(struct wi_softc *, int, int);
140 static int wi_read_bap(struct wi_softc *, int, int, void *, int);
141 static int wi_write_bap(struct wi_softc *, int, int, void *, int);
142 static int wi_mwrite_bap(struct wi_softc *, int, int, struct mbuf *, int);
143 static int wi_read_rid(struct wi_softc *, int, void *, int *);
144 static int wi_write_rid(struct wi_softc *, int, void *, int);
145
146 static int wi_key_alloc(struct ieee80211com *, const struct ieee80211_key *,
147 ieee80211_keyix *, ieee80211_keyix *);
148 static int wi_newstate(struct ieee80211com *, enum ieee80211_state, int);
149
150 static int wi_scan_ap(struct wi_softc *, u_int16_t, u_int16_t);
151 static void wi_scan_result(struct wi_softc *, int, int);
152
153 static void wi_dump_pkt(struct wi_frame *, struct ieee80211_node *, int rssi);
154
155 static int wi_get_debug(struct wi_softc *, struct wi_req *);
156 static int wi_set_debug(struct wi_softc *, struct wi_req *);
157
158 /* support to download firmware for symbol CF card */
159 static int wi_symbol_write_firm(struct wi_softc *, const void *, int,
160 const void *, int);
161 static int wi_symbol_set_hcr(struct wi_softc *, int);
162 #ifdef DEVICE_POLLING
163 static void wi_poll(struct ifnet *ifp, enum poll_cmd cmd, int count);
164 #endif
165
166 static __inline int
167 wi_write_val(struct wi_softc *sc, int rid, u_int16_t val)
168 {
169
170 val = htole16(val);
171 return wi_write_rid(sc, rid, &val, sizeof(val));
172 }
173
174 SYSCTL_NODE(_hw, OID_AUTO, wi, CTLFLAG_RD, 0, "Wireless driver parameters");
175
176 static struct timeval lasttxerror; /* time of last tx error msg */
177 static int curtxeps; /* current tx error msgs/sec */
178 static int wi_txerate = 0; /* tx error rate: max msgs/sec */
179 SYSCTL_INT(_hw_wi, OID_AUTO, txerate, CTLFLAG_RW, &wi_txerate,
180 0, "max tx error msgs/sec; 0 to disable msgs");
181
182 #define WI_DEBUG
183 #ifdef WI_DEBUG
184 static int wi_debug = 0;
185 SYSCTL_INT(_hw_wi, OID_AUTO, debug, CTLFLAG_RW, &wi_debug,
186 0, "control debugging kprintfs");
187
188 #define DPRINTF(X) if (wi_debug) if_printf X
189 #define DPRINTF2(X) if (wi_debug > 1) if_printf X
190 #define IFF_DUMPPKTS(_ifp) \
191 (((_ifp)->if_flags & (IFF_DEBUG|IFF_LINK2)) == (IFF_DEBUG|IFF_LINK2))
192 #else
193 #define DPRINTF(X)
194 #define DPRINTF2(X)
195 #define IFF_DUMPPKTS(_ifp) 0
196 #endif
197
198 #define WI_INTRS (WI_EV_RX | WI_EV_ALLOC | WI_EV_INFO)
199
200 struct wi_card_ident wi_card_ident[] = {
201 /* CARD_ID CARD_NAME FIRM_TYPE */
202 { WI_NIC_LUCENT_ID, WI_NIC_LUCENT_STR, WI_LUCENT },
203 { WI_NIC_SONY_ID, WI_NIC_SONY_STR, WI_LUCENT },
204 { WI_NIC_LUCENT_EMB_ID, WI_NIC_LUCENT_EMB_STR, WI_LUCENT },
205 { WI_NIC_EVB2_ID, WI_NIC_EVB2_STR, WI_INTERSIL },
206 { WI_NIC_HWB3763_ID, WI_NIC_HWB3763_STR, WI_INTERSIL },
207 { WI_NIC_HWB3163_ID, WI_NIC_HWB3163_STR, WI_INTERSIL },
208 { WI_NIC_HWB3163B_ID, WI_NIC_HWB3163B_STR, WI_INTERSIL },
209 { WI_NIC_EVB3_ID, WI_NIC_EVB3_STR, WI_INTERSIL },
210 { WI_NIC_HWB1153_ID, WI_NIC_HWB1153_STR, WI_INTERSIL },
211 { WI_NIC_P2_SST_ID, WI_NIC_P2_SST_STR, WI_INTERSIL },
212 { WI_NIC_EVB2_SST_ID, WI_NIC_EVB2_SST_STR, WI_INTERSIL },
213 { WI_NIC_3842_EVA_ID, WI_NIC_3842_EVA_STR, WI_INTERSIL },
214 { WI_NIC_3842_PCMCIA_AMD_ID, WI_NIC_3842_PCMCIA_STR, WI_INTERSIL },
215 { WI_NIC_3842_PCMCIA_SST_ID, WI_NIC_3842_PCMCIA_STR, WI_INTERSIL },
216 { WI_NIC_3842_PCMCIA_ATL_ID, WI_NIC_3842_PCMCIA_STR, WI_INTERSIL },
217 { WI_NIC_3842_PCMCIA_ATS_ID, WI_NIC_3842_PCMCIA_STR, WI_INTERSIL },
218 { WI_NIC_3842_MINI_AMD_ID, WI_NIC_3842_MINI_STR, WI_INTERSIL },
219 { WI_NIC_3842_MINI_SST_ID, WI_NIC_3842_MINI_STR, WI_INTERSIL },
220 { WI_NIC_3842_MINI_ATL_ID, WI_NIC_3842_MINI_STR, WI_INTERSIL },
221 { WI_NIC_3842_MINI_ATS_ID, WI_NIC_3842_MINI_STR, WI_INTERSIL },
222 { WI_NIC_3842_PCI_AMD_ID, WI_NIC_3842_PCI_STR, WI_INTERSIL },
223 { WI_NIC_3842_PCI_SST_ID, WI_NIC_3842_PCI_STR, WI_INTERSIL },
224 { WI_NIC_3842_PCI_ATS_ID, WI_NIC_3842_PCI_STR, WI_INTERSIL },
225 { WI_NIC_3842_PCI_ATL_ID, WI_NIC_3842_PCI_STR, WI_INTERSIL },
226 { WI_NIC_P3_PCMCIA_AMD_ID, WI_NIC_P3_PCMCIA_STR, WI_INTERSIL },
227 { WI_NIC_P3_PCMCIA_SST_ID, WI_NIC_P3_PCMCIA_STR, WI_INTERSIL },
228 { WI_NIC_P3_PCMCIA_ATL_ID, WI_NIC_P3_PCMCIA_STR, WI_INTERSIL },
229 { WI_NIC_P3_PCMCIA_ATS_ID, WI_NIC_P3_PCMCIA_STR, WI_INTERSIL },
230 { WI_NIC_P3_MINI_AMD_ID, WI_NIC_P3_MINI_STR, WI_INTERSIL },
231 { WI_NIC_P3_MINI_SST_ID, WI_NIC_P3_MINI_STR, WI_INTERSIL },
232 { WI_NIC_P3_MINI_ATL_ID, WI_NIC_P3_MINI_STR, WI_INTERSIL },
233 { WI_NIC_P3_MINI_ATS_ID, WI_NIC_P3_MINI_STR, WI_INTERSIL },
234 { 0, NULL, 0 },
235 };
236
237 devclass_t wi_devclass;
238
239 int
240 wi_attach(device_t dev)
241 {
242 struct wi_softc *sc = device_get_softc(dev);
243 struct ieee80211com *ic = &sc->sc_ic;
244 struct ifnet *ifp = &ic->ic_if;
245 int i, nrates, buflen;
246 u_int16_t val;
247 u_int8_t ratebuf[2 + IEEE80211_RATE_SIZE];
248 struct ieee80211_rateset *rs;
249 static const u_int8_t empty_macaddr[IEEE80211_ADDR_LEN] = {
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
251 };
252 int error;
253
254 ifp->if_softc = sc;
255 if_initname(ifp, device_get_name(dev), device_get_unit(dev));
256
257 sc->sc_firmware_type = WI_NOTYPE;
258 sc->wi_cmd_count = 500;
259
260 /* Reset the NIC. */
261 error = wi_reset(sc);
262 if (error)
263 goto fail;
264
265 /*
266 * Read the station address.
267 * And do it twice. I've seen PRISM-based cards that return
268 * an error when trying to read it the first time, which causes
269 * the probe to fail.
270 */
271 buflen = IEEE80211_ADDR_LEN;
272 error = wi_read_rid(sc, WI_RID_MAC_NODE, ic->ic_myaddr, &buflen);
273 if (error != 0) {
274 buflen = IEEE80211_ADDR_LEN;
275 error = wi_read_rid(sc, WI_RID_MAC_NODE, ic->ic_myaddr, &buflen);
276 }
277 if (error) {
278 device_printf(dev, "mac read failed %d\n", error);
279 goto fail;
280 }
281 if (IEEE80211_ADDR_EQ(ic->ic_myaddr, empty_macaddr)) {
282 device_printf(dev, "mac read failed (all zeros)\n");
283 error = ENXIO;
284 goto fail;
285 }
286
287 /* Read NIC identification */
288 wi_read_nicid(sc);
289
290 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
291 ifp->if_ioctl = wi_ioctl;
292 ifp->if_start = wi_start;
293 ifp->if_watchdog = wi_watchdog;
294 ifp->if_init = wi_init;
295 ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
296 ifq_set_ready(&ifp->if_snd);
297 #ifdef DEVICE_POLLING
298 ifp->if_poll = wi_poll;
299 #endif
300 ifp->if_capenable = ifp->if_capabilities;
301
302 ic->ic_phytype = IEEE80211_T_DS;
303 ic->ic_opmode = IEEE80211_M_STA;
304 ic->ic_caps = IEEE80211_C_PMGT |
305 IEEE80211_C_IBSS |
306 IEEE80211_C_WEP;
307 ic->ic_state = IEEE80211_S_INIT;
308 ic->ic_max_aid = WI_MAX_AID;
309
310 /*
311 * Query the card for available channels and setup the
312 * channel table. We assume these are all 11b channels.
313 */
314 buflen = sizeof(val);
315 if (wi_read_rid(sc, WI_RID_CHANNEL_LIST, &val, &buflen) != 0)
316 val = htole16(0x1fff); /* assume 1-11 */
317 KASSERT(val != 0, ("wi_attach: no available channels listed!"));
318
319 val <<= 1; /* shift for base 1 indices */
320 for (i = 1; i < 16; i++) {
321 if (isset((u_int8_t*)&val, i)) {
322 ic->ic_channels[i].ic_freq =
323 ieee80211_ieee2mhz(i, IEEE80211_CHAN_B);
324 ic->ic_channels[i].ic_flags = IEEE80211_CHAN_B;
325 }
326 }
327
328 /*
329 * Read the default channel from the NIC. This may vary
330 * depending on the country where the NIC was purchased, so
331 * we can't hard-code a default and expect it to work for
332 * everyone.
333 *
334 * If no channel is specified, let the 802.11 code select.
335 */
336 buflen = sizeof(val);
337 if (wi_read_rid(sc, WI_RID_OWN_CHNL, &val, &buflen) == 0) {
338 val = le16toh(val);
339 KASSERT(val < IEEE80211_CHAN_MAX &&
340 ic->ic_channels[val].ic_flags != 0,
341 ("wi_attach: invalid own channel %u!", val));
342 ic->ic_ibss_chan = &ic->ic_channels[val];
343 } else {
344 device_printf(dev,
345 "WI_RID_OWN_CHNL failed, using first channel!\n");
346 ic->ic_ibss_chan = &ic->ic_channels[0];
347 }
348
349 /*
350 * Set flags based on firmware version.
351 */
352 switch (sc->sc_firmware_type) {
353 case WI_LUCENT:
354 sc->sc_ntxbuf = 1;
355 sc->sc_flags |= WI_FLAGS_HAS_SYSSCALE;
356 #ifdef WI_HERMES_AUTOINC_WAR
357 /* XXX: not confirmed, but never seen for recent firmware */
358 if (sc->sc_sta_firmware_ver < 40000) {
359 sc->sc_flags |= WI_FLAGS_BUG_AUTOINC;
360 }
361 #endif
362 if (sc->sc_sta_firmware_ver >= 60000)
363 sc->sc_flags |= WI_FLAGS_HAS_MOR;
364 if (sc->sc_sta_firmware_ver >= 60006) {
365 ic->ic_caps |= IEEE80211_C_IBSS;
366 ic->ic_caps |= IEEE80211_C_MONITOR;
367 }
368 sc->sc_ibss_port = htole16(1);
369
370 sc->sc_min_rssi = WI_LUCENT_MIN_RSSI;
371 sc->sc_max_rssi = WI_LUCENT_MAX_RSSI;
372 sc->sc_dbm_offset = WI_LUCENT_DBM_OFFSET;
373 break;
374
375 case WI_INTERSIL:
376 sc->sc_ntxbuf = WI_NTXBUF;
377 sc->sc_flags |= WI_FLAGS_HAS_FRAGTHR;
378 sc->sc_flags |= WI_FLAGS_HAS_ROAMING;
379 sc->sc_flags |= WI_FLAGS_HAS_SYSSCALE;
380 /*
381 * Old firmware are slow, so give peace a chance.
382 */
383 if (sc->sc_sta_firmware_ver < 10000)
384 sc->wi_cmd_count = 5000;
385 if (sc->sc_sta_firmware_ver > 10101)
386 sc->sc_flags |= WI_FLAGS_HAS_DBMADJUST;
387 if (sc->sc_sta_firmware_ver >= 800) {
388 ic->ic_caps |= IEEE80211_C_IBSS;
389 ic->ic_caps |= IEEE80211_C_MONITOR;
390 }
391 /*
392 * version 0.8.3 and newer are the only ones that are known
393 * to currently work. Earlier versions can be made to work,
394 * at least according to the Linux driver.
395 */
396 if (sc->sc_sta_firmware_ver >= 803)
397 ic->ic_caps |= IEEE80211_C_HOSTAP;
398 sc->sc_ibss_port = htole16(0);
399
400 sc->sc_min_rssi = WI_PRISM_MIN_RSSI;
401 sc->sc_max_rssi = WI_PRISM_MAX_RSSI;
402 sc->sc_dbm_offset = WI_PRISM_DBM_OFFSET;
403 break;
404
405 case WI_SYMBOL:
406 sc->sc_ntxbuf = 1;
407 sc->sc_flags |= WI_FLAGS_HAS_DIVERSITY;
408 if (sc->sc_sta_firmware_ver >= 25000)
409 ic->ic_caps |= IEEE80211_C_IBSS;
410 sc->sc_ibss_port = htole16(4);
411
412 sc->sc_min_rssi = WI_PRISM_MIN_RSSI;
413 sc->sc_max_rssi = WI_PRISM_MAX_RSSI;
414 sc->sc_dbm_offset = WI_PRISM_DBM_OFFSET;
415 break;
416 }
417
418 /*
419 * Find out if we support WEP on this card.
420 */
421 buflen = sizeof(val);
422 if (wi_read_rid(sc, WI_RID_WEP_AVAIL, &val, &buflen) == 0 &&
423 val != htole16(0))
424 ic->ic_caps |= IEEE80211_C_WEP;
425
426 /* Find supported rates. */
427 buflen = sizeof(ratebuf);
428 rs = &ic->ic_sup_rates[IEEE80211_MODE_11B];
429 if (wi_read_rid(sc, WI_RID_DATA_RATES, ratebuf, &buflen) == 0) {
430 nrates = le16toh(*(u_int16_t *)ratebuf);
431 if (nrates > IEEE80211_RATE_MAXSIZE)
432 nrates = IEEE80211_RATE_MAXSIZE;
433 rs->rs_nrates = 0;
434 for (i = 0; i < nrates; i++)
435 if (ratebuf[2+i])
436 rs->rs_rates[rs->rs_nrates++] = ratebuf[2+i];
437 } else {
438 /* XXX fallback on error? */
439 rs->rs_nrates = 0;
440 }
441
442 buflen = sizeof(val);
443 if ((sc->sc_flags & WI_FLAGS_HAS_DBMADJUST) &&
444 wi_read_rid(sc, WI_RID_DBM_ADJUST, &val, &buflen) == 0) {
445 sc->sc_dbm_offset = le16toh(val);
446 }
447
448 sc->sc_max_datalen = 2304;
449 sc->sc_system_scale = 1;
450 sc->sc_cnfauthmode = IEEE80211_AUTH_OPEN;
451 sc->sc_roaming_mode = 1;
452
453 sc->sc_portnum = WI_DEFAULT_PORT;
454 sc->sc_authtype = WI_DEFAULT_AUTHTYPE;
455
456 bzero(sc->sc_nodename, sizeof(sc->sc_nodename));
457 sc->sc_nodelen = sizeof(WI_DEFAULT_NODENAME) - 1;
458 bcopy(WI_DEFAULT_NODENAME, sc->sc_nodename, sc->sc_nodelen);
459
460 bzero(sc->sc_net_name, sizeof(sc->sc_net_name));
461 bcopy(WI_DEFAULT_NETNAME, sc->sc_net_name,
462 sizeof(WI_DEFAULT_NETNAME) - 1);
463
464 /*
465 * Call MI attach routine.
466 */
467 ieee80211_ifattach(ic);
468 /* override state transition method */
469 sc->sc_newstate = ic->ic_newstate;
470 sc->sc_key_alloc = ic->ic_crypto.cs_key_alloc;
471 ic->ic_crypto.cs_key_alloc = wi_key_alloc;
472 ic->ic_newstate = wi_newstate;
473 ieee80211_media_init(ic, wi_media_change, wi_media_status);
474
475 bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
476 sizeof(struct ieee80211_frame) + sizeof(sc->sc_tx_th),
477 &sc->sc_drvbpf);
478 /*
479 * Initialize constant fields.
480 * XXX make header lengths a multiple of 32-bits so subsequent
481 * headers are properly aligned; this is a kludge to keep
482 * certain applications happy.
483 *
484 * NB: the channel is setup each time we transition to the
485 * RUN state to avoid filling it in for each frame.
486 */
487 sc->sc_tx_th_len = roundup(sizeof(sc->sc_tx_th), sizeof(u_int32_t));
488 sc->sc_tx_th.wt_ihdr.it_len = htole16(sc->sc_tx_th_len);
489 sc->sc_tx_th.wt_ihdr.it_present = htole32(WI_TX_RADIOTAP_PRESENT);
490
491 sc->sc_rx_th_len = roundup(sizeof(sc->sc_rx_th), sizeof(u_int32_t));
492 sc->sc_rx_th.wr_ihdr.it_len = htole16(sc->sc_rx_th_len);
493 sc->sc_rx_th.wr_ihdr.it_present = htole32(WI_RX_RADIOTAP_PRESENT);
494
495 error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE,
496 wi_intr, sc, &sc->wi_intrhand,
497 ifp->if_serializer);
498 if (error) {
499 bpfdetach(ifp);
500 ieee80211_ifdetach(ic);
501 device_printf(dev, "bus_setup_intr() failed! (%d)\n", error);
502 goto fail;
503 }
504
505 ifp->if_cpuid = ithread_cpuid(rman_get_start(sc->irq));
506 KKASSERT(ifp->if_cpuid >= 0 && ifp->if_cpuid < ncpus);
507
508 if (bootverbose)
509 ieee80211_announce(ic);
510
511 return(0);
512
513 fail:
514 wi_free(dev);
515 return(error);
516 }
517
518 int
519 wi_detach(device_t dev)
520 {
521 struct wi_softc *sc = device_get_softc(dev);
522 struct ifnet *ifp = &sc->sc_ic.ic_if;
523
524 lwkt_serialize_enter(ifp->if_serializer);
525
526 /* check if device was removed */
527 sc->wi_gone |= !bus_child_present(dev);
528 wi_stop(ifp, 0);
529 bus_teardown_intr(dev, sc->irq, sc->wi_intrhand);
530
531 lwkt_serialize_exit(ifp->if_serializer);
532
533 bpfdetach(ifp);
534 ieee80211_ifdetach(&sc->sc_ic);
535 wi_free(dev);
536 return (0);
537 }
538
539 void
540 wi_shutdown(device_t dev)
541 {
542 struct wi_softc *sc = device_get_softc(dev);
543 struct ifnet *ifp = &sc->sc_if;
544
545 lwkt_serialize_enter(ifp->if_serializer);
546 wi_stop(ifp, 1);
547 lwkt_serialize_exit(ifp->if_serializer);
548 }
549
550 #ifdef DEVICE_POLLING
551
552 static void
553 wi_poll(struct ifnet *ifp, enum poll_cmd cmd, int count)
554 {
555 struct wi_softc *sc = ifp->if_softc;
556 uint16_t status;
557
558 switch(cmd) {
559 case POLL_REGISTER:
560 /* disable interruptds */
561 CSR_WRITE_2(sc, WI_INT_EN, 0);
562 break;
563 case POLL_DEREGISTER:
564 /* enable interrupts */
565 CSR_WRITE_2(sc, WI_INT_EN, WI_INTRS);
566 break;
567 default:
568 status = CSR_READ_2(sc, WI_EVENT_STAT);
569
570 if (status & WI_EV_RX)
571 wi_rx_intr(sc);
572 if (status & WI_EV_ALLOC)
573 wi_tx_intr(sc);
574 if (status & WI_EV_INFO)
575 wi_info_intr(sc);
576
577 if (cmd == POLL_AND_CHECK_STATUS) {
578 if (status & WI_EV_INFO)
579 wi_info_intr(sc);
580 }
581
582 if ((ifp->if_flags & IFF_OACTIVE) == 0 &&
583 (sc->sc_flags & WI_FLAGS_OUTRANGE) == 0)
584 ifp->if_start(ifp);
585 break;
586 }
587 }
588 #endif /* DEVICE_POLLING */
589
590 void
591 wi_intr(void *arg)
592 {
593 struct wi_softc *sc = arg;
594 struct ifnet *ifp = &sc->sc_ic.ic_if;
595 u_int16_t status;
596
597 if (sc->wi_gone || !sc->sc_enabled || (ifp->if_flags & IFF_UP) == 0) {
598 CSR_WRITE_2(sc, WI_INT_EN, 0);
599 CSR_WRITE_2(sc, WI_EVENT_ACK, 0xFFFF);
600 return;
601 }
602
603 /* Disable interrupts. */
604 CSR_WRITE_2(sc, WI_INT_EN, 0);
605
606 status = CSR_READ_2(sc, WI_EVENT_STAT);
607 if (status & WI_EV_RX)
608 wi_rx_intr(sc);
609 if (status & WI_EV_ALLOC)
610 wi_tx_intr(sc);
611 if (status & WI_EV_TX_EXC)
612 wi_tx_ex_intr(sc);
613 if (status & WI_EV_INFO)
614 wi_info_intr(sc);
615 if ((ifp->if_flags & IFF_OACTIVE) == 0 &&
616 (sc->sc_flags & WI_FLAGS_OUTRANGE) == 0)
617 ifp->if_start(ifp);
618
619 /* Re-enable interrupts. */
620 CSR_WRITE_2(sc, WI_INT_EN, WI_INTRS);
621 }
622
623 void
624 wi_init(void *arg)
625 {
626 struct wi_softc *sc = arg;
627 struct ifnet *ifp = &sc->sc_if;
628 struct ieee80211com *ic = &sc->sc_ic;
629 struct wi_joinreq join;
630 int i;
631 int error = 0, wasenabled;
632
633 if (sc->wi_gone)
634 return;
635
636 if ((wasenabled = sc->sc_enabled))
637 wi_stop(ifp, 1);
638 wi_reset(sc);
639
640 /* common 802.11 configuration */
641 ic->ic_flags &= ~IEEE80211_F_IBSSON;
642 sc->sc_flags &= ~WI_FLAGS_OUTRANGE;
643 switch (ic->ic_opmode) {
644 case IEEE80211_M_STA:
645 wi_write_val(sc, WI_RID_PORTTYPE, WI_PORTTYPE_BSS);
646 break;
647 case IEEE80211_M_IBSS:
648 wi_write_val(sc, WI_RID_PORTTYPE, sc->sc_ibss_port);
649 ic->ic_flags |= IEEE80211_F_IBSSON;
650 break;
651 case IEEE80211_M_AHDEMO:
652 wi_write_val(sc, WI_RID_PORTTYPE, WI_PORTTYPE_ADHOC);
653 break;
654 case IEEE80211_M_HOSTAP:
655 /*
656 * For PRISM cards, override the empty SSID, because in
657 * HostAP mode the controller will lock up otherwise.
658 */
659 if (sc->sc_firmware_type == WI_INTERSIL &&
660 ic->ic_des_esslen == 0) {
661 ic->ic_des_essid[0] = ' ';
662 ic->ic_des_esslen = 1;
663 }
664 wi_write_val(sc, WI_RID_PORTTYPE, WI_PORTTYPE_HOSTAP);
665 break;
666 case IEEE80211_M_MONITOR:
667 if (sc->sc_firmware_type == WI_LUCENT)
668 wi_write_val(sc, WI_RID_PORTTYPE, WI_PORTTYPE_ADHOC);
669 wi_cmd(sc, WI_CMD_DEBUG | (WI_TEST_MONITOR << 8), 0, 0, 0);
670 break;
671 }
672
673 /* Intersil interprets this RID as joining ESS even in IBSS mode */
674 if (sc->sc_firmware_type == WI_LUCENT &&
675 (ic->ic_flags & IEEE80211_F_IBSSON) && ic->ic_des_esslen > 0)
676 wi_write_val(sc, WI_RID_CREATE_IBSS, 1);
677 else
678 wi_write_val(sc, WI_RID_CREATE_IBSS, 0);
679 wi_write_val(sc, WI_RID_MAX_SLEEP, ic->ic_lintval);
680 wi_write_ssid(sc, WI_RID_DESIRED_SSID, ic->ic_des_essid,
681 ic->ic_des_esslen);
682 wi_write_val(sc, WI_RID_OWN_CHNL,
683 ieee80211_chan2ieee(ic, ic->ic_ibss_chan));
684 wi_write_ssid(sc, WI_RID_OWN_SSID, ic->ic_des_essid, ic->ic_des_esslen);
685
686 IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
687 wi_write_rid(sc, WI_RID_MAC_NODE, ic->ic_myaddr, IEEE80211_ADDR_LEN);
688
689 if (ic->ic_caps & IEEE80211_C_PMGT) {
690 wi_write_val(sc, WI_RID_PM_ENABLED,
691 (ic->ic_flags & IEEE80211_F_PMGTON) ? 1 : 0);
692 }
693
694 /* not yet common 802.11 configuration */
695 wi_write_val(sc, WI_RID_MAX_DATALEN, sc->sc_max_datalen);
696 wi_write_val(sc, WI_RID_RTS_THRESH, ic->ic_rtsthreshold);
697 if (sc->sc_flags & WI_FLAGS_HAS_FRAGTHR)
698 wi_write_val(sc, WI_RID_FRAG_THRESH, ic->ic_fragthreshold);
699
700 /* driver specific 802.11 configuration */
701 if (sc->sc_flags & WI_FLAGS_HAS_SYSSCALE)
702 wi_write_val(sc, WI_RID_SYSTEM_SCALE, sc->sc_system_scale);
703 if (sc->sc_flags & WI_FLAGS_HAS_ROAMING)
704 wi_write_val(sc, WI_RID_ROAMING_MODE, sc->sc_roaming_mode);
705 if (sc->sc_flags & WI_FLAGS_HAS_MOR)
706 wi_write_val(sc, WI_RID_MICROWAVE_OVEN, sc->sc_microwave_oven);
707 wi_write_txrate(sc);
708 wi_write_ssid(sc, WI_RID_NODENAME, sc->sc_nodename, sc->sc_nodelen);
709
710 if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
711 sc->sc_firmware_type == WI_INTERSIL) {
712 wi_write_val(sc, WI_RID_OWN_BEACON_INT, ic->ic_bintval);
713 wi_write_val(sc, WI_RID_BASIC_RATE, 0x03); /* 1, 2 */
714 wi_write_val(sc, WI_RID_SUPPORT_RATE, 0x0f); /* 1, 2, 5.5, 11 */
715 wi_write_val(sc, WI_RID_DTIM_PERIOD, ic->ic_dtim_period);
716 }
717
718 /*
719 * Initialize promisc mode.
720 * Being in the Host-AP mode causes a great
721 * deal of pain if primisc mode is set.
722 * Therefore we avoid confusing the firmware
723 * and always reset promisc mode in Host-AP
724 * mode. Host-AP sees all the packets anyway.
725 */
726 if (ic->ic_opmode != IEEE80211_M_HOSTAP &&
727 (ifp->if_flags & IFF_PROMISC) != 0) {
728 wi_write_val(sc, WI_RID_PROMISC, 1);
729 } else {
730 wi_write_val(sc, WI_RID_PROMISC, 0);
731 }
732
733 /* Configure WEP. */
734 if (ic->ic_caps & IEEE80211_C_WEP) {
735 sc->sc_cnfauthmode = ic->ic_bss->ni_authmode;
736 wi_write_wep(sc);
737 } else {
738 sc->sc_encryption = 0;
739 }
740
741 /* Set multicast filter. */
742 wi_write_multi(sc);
743
744 /* Allocate fids for the card */
745 if (sc->sc_firmware_type != WI_SYMBOL || !wasenabled) {
746 sc->sc_buflen = IEEE80211_MAX_LEN + sizeof(struct wi_frame);
747 if (sc->sc_firmware_type == WI_SYMBOL)
748 sc->sc_buflen = 1585; /* XXX */
749 for (i = 0; i < sc->sc_ntxbuf; i++) {
750 error = wi_alloc_fid(sc, sc->sc_buflen,
751 &sc->sc_txd[i].d_fid);
752 if (error) {
753 if_printf(ifp,
754 "tx buffer allocation failed (error %u)\n",
755 error);
756 goto out;
757 }
758 sc->sc_txd[i].d_len = 0;
759 }
760 }
761 sc->sc_txcur = sc->sc_txnext = 0;
762
763 /* Enable desired port */
764 wi_cmd(sc, WI_CMD_ENABLE | sc->sc_portnum, 0, 0, 0);
765
766 sc->sc_enabled = 1;
767 ifp->if_flags |= IFF_RUNNING;
768 ifp->if_flags &= ~IFF_OACTIVE;
769 if (ic->ic_opmode == IEEE80211_M_AHDEMO ||
770 ic->ic_opmode == IEEE80211_M_IBSS ||
771 ic->ic_opmode == IEEE80211_M_MONITOR ||
772 ic->ic_opmode == IEEE80211_M_HOSTAP)
773 ieee80211_create_ibss(ic, ic->ic_ibss_chan);
774
775 /* Enable interrupts if not polling */
776 #ifdef DEVICE_POLLING
777 if ((ifp->if_flags & IFF_POLLING) == 0)
778 #endif
779 CSR_WRITE_2(sc, WI_INT_EN, WI_INTRS);
780
781 if (!wasenabled &&
782 ic->ic_opmode == IEEE80211_M_HOSTAP &&
783 sc->sc_firmware_type == WI_INTERSIL) {
784 /* XXX: some card need to be re-enabled for hostap */
785 wi_cmd(sc, WI_CMD_DISABLE | WI_PORT0, 0, 0, 0);
786 wi_cmd(sc, WI_CMD_ENABLE | WI_PORT0, 0, 0, 0);
787 }
788
789 if (ic->ic_opmode == IEEE80211_M_STA &&
790 ((ic->ic_flags & IEEE80211_F_DESBSSID) ||
791 ic->ic_des_chan != IEEE80211_CHAN_ANYC)) {
792 memset(&join, 0, sizeof(join));
793 if (ic->ic_flags & IEEE80211_F_DESBSSID)
794 IEEE80211_ADDR_COPY(&join.wi_bssid, ic->ic_des_bssid);
795 if (ic->ic_des_chan != IEEE80211_CHAN_ANYC)
796 join.wi_chan = htole16(
797 ieee80211_chan2ieee(ic, ic->ic_des_chan));
798 /* Lucent firmware does not support the JOIN RID. */
799 if (sc->sc_firmware_type != WI_LUCENT)
800 wi_write_rid(sc, WI_RID_JOIN_REQ, &join, sizeof(join));
801 }
802 return;
803 out:
804 if (error) {
805 if_printf(ifp, "interface not running\n");
806 wi_stop(ifp, 1);
807 }
808
809 DPRINTF((ifp, "wi_init: return %d\n", error));
810 return;
811 }
812
813 void
814 wi_stop(struct ifnet *ifp, int disable)
815 {
816 struct ieee80211com *ic = (struct ieee80211com *) ifp;
817 struct wi_softc *sc = ifp->if_softc;
818
819 DELAY(100000);
820
821 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
822 if (sc->sc_enabled && !sc->wi_gone) {
823 CSR_WRITE_2(sc, WI_INT_EN, 0);
824 wi_cmd(sc, WI_CMD_DISABLE | sc->sc_portnum, 0, 0, 0);
825 if (disable) {
826 #ifdef __NetBSD__
827 if (sc->sc_disable)
828 (*sc->sc_disable)(sc);
829 #endif
830 sc->sc_enabled = 0;
831 }
832 } else if (sc->wi_gone && disable) /* gone --> not enabled */
833 sc->sc_enabled = 0;
834
835 sc->sc_tx_timer = 0;
836 sc->sc_scan_timer = 0;
837 sc->sc_false_syns = 0;
838 sc->sc_naps = 0;
839 ifp->if_flags &= ~(IFF_OACTIVE | IFF_RUNNING);
840 ifp->if_timer = 0;
841 }
842
843 static void
844 wi_start(struct ifnet *ifp)
845 {
846 struct wi_softc *sc = ifp->if_softc;
847 struct ieee80211com *ic = &sc->sc_ic;
848 struct ieee80211_node *ni;
849 struct ieee80211_frame *wh;
850 struct mbuf *m0;
851 struct wi_frame frmhdr;
852 int cur, fid, off, error;
853
854 if (sc->wi_gone || (sc->sc_flags & WI_FLAGS_OUTRANGE)) {
855 ieee80211_drain_mgtq(&ic->ic_mgtq);
856 ifq_purge(&ifp->if_snd);
857 return;
858 }
859
860 memset(&frmhdr, 0, sizeof(frmhdr));
861 cur = sc->sc_txnext;
862 for (;;) {
863 IF_POLL(&ic->ic_mgtq, m0);
864 if (m0 != NULL) {
865 if (sc->sc_txd[cur].d_len != 0) {
866 ifp->if_flags |= IFF_OACTIVE;
867 break;
868 }
869 IF_DEQUEUE(&ic->ic_mgtq, m0);
870 /*
871 * Hack! The referenced node pointer is in the
872 * rcvif field of the packet header. This is
873 * placed there by ieee80211_mgmt_output because
874 * we need to hold the reference with the frame
875 * and there's no other way (other than packet
876 * tags which we consider too expensive to use)
877 * to pass it along.
878 */
879 ni = (struct ieee80211_node *) m0->m_pkthdr.rcvif;
880 m0->m_pkthdr.rcvif = NULL;
881
882 m_copydata(m0, 4, ETHER_ADDR_LEN * 2,
883 (caddr_t)&frmhdr.wi_ehdr);
884 frmhdr.wi_ehdr.ether_type = 0;
885 wh = mtod(m0, struct ieee80211_frame *);
886 } else {
887 struct ether_header *eh;
888
889 if (ic->ic_state != IEEE80211_S_RUN) {
890 ifq_purge(&ifp->if_snd);
891 break;
892 }
893
894 if (sc->sc_txd[cur].d_len != 0) {
895 ifp->if_flags |= IFF_OACTIVE;
896 break;
897 }
898
899 m0 = ifq_dequeue(&ifp->if_snd, NULL);
900 if (m0 == NULL)
901 break;
902
903 if (m0->m_len < sizeof(struct ether_header)) {
904 m0 = m_pullup(m0, sizeof(struct ether_header));
905 if (m0 == NULL) {
906 ifp->if_oerrors++;
907 continue;
908 }
909 }
910
911 eh = mtod(m0, struct ether_header *);
912 ni = ieee80211_find_txnode(ic, eh->ether_dhost);
913 if (ni == NULL) {
914 m_freem(m0);
915 ifp->if_oerrors++;
916 continue;
917 }
918
919 ifp->if_opackets++;
920 m_copydata(m0, 0, ETHER_HDR_LEN,
921 (caddr_t)&frmhdr.wi_ehdr);
922 BPF_MTAP(ifp, m0);
923
924 m0 = ieee80211_encap(ic, m0, ni);
925 if (m0 == NULL) {
926 ieee80211_free_node(ni);
927 ifp->if_oerrors++;
928 continue;
929 }
930 wh = mtod(m0, struct ieee80211_frame *);
931 }
932
933 if (ic->ic_rawbpf != NULL)
934 bpf_mtap(ic->ic_rawbpf, m0);
935
936 frmhdr.wi_tx_ctl = htole16(WI_ENC_TX_802_11|WI_TXCNTL_TX_EX);
937 /* XXX check key for SWCRYPT instead of using operating mode */
938 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) &&
939 (sc->sc_encryption & HOST_ENCRYPT)) {
940 if (ieee80211_crypto_encap(ic, ni, m0) == NULL) {
941 ieee80211_free_node(ni);
942 m_freem(m0);
943 ifp->if_oerrors++;
944 continue;
945 }
946 frmhdr.wi_tx_ctl |= htole16(WI_TXCNTL_NOCRYPT);
947 }
948
949 if (sc->sc_drvbpf) {
950 sc->sc_tx_th.wt_rate =
951 ni->ni_rates.rs_rates[ni->ni_txrate];
952 bpf_ptap(sc->sc_drvbpf, m0, &sc->sc_tx_th,
953 sc->sc_tx_th_len);
954 }
955
956 m_copydata(m0, 0, sizeof(struct ieee80211_frame),
957 (caddr_t)&frmhdr.wi_whdr);
958 m_adj(m0, sizeof(struct ieee80211_frame));
959 frmhdr.wi_dat_len = htole16(m0->m_pkthdr.len);
960 if (IFF_DUMPPKTS(ifp))
961 wi_dump_pkt(&frmhdr, NULL, -1);
962 fid = sc->sc_txd[cur].d_fid;
963 off = sizeof(frmhdr);
964 error = wi_write_bap(sc, fid, 0, &frmhdr, sizeof(frmhdr)) != 0
965 || wi_mwrite_bap(sc, fid, off, m0, m0->m_pkthdr.len) != 0;
966 m_freem(m0);
967 ieee80211_free_node(ni);
968 if (error) {
969 ifp->if_oerrors++;
970 continue;
971 }
972 sc->sc_txd[cur].d_len = off;
973 if (sc->sc_txcur == cur) {
974 if (wi_cmd(sc, WI_CMD_TX | WI_RECLAIM, fid, 0, 0)) {
975 if_printf(ifp, "xmit failed\n");
976 sc->sc_txd[cur].d_len = 0;
977 continue;
978 }
979 sc->sc_tx_timer = 5;
980 ifp->if_timer = 1;
981 }
982 sc->sc_txnext = cur = (cur + 1) % sc->sc_ntxbuf;
983 }
984 }
985
986 static int
987 wi_reset(struct wi_softc *sc)
988 {
989 struct ieee80211com *ic = &sc->sc_ic;
990 struct ifnet *ifp = &ic->ic_if;
991 #define WI_INIT_TRIES 3
992 int i;
993 int error = 0;
994 int tries;
995
996 /* Symbol firmware cannot be initialized more than once */
997 if (sc->sc_firmware_type == WI_SYMBOL && sc->sc_reset)
998 return (0);
999 if (sc->sc_firmware_type == WI_SYMBOL)
1000 tries = 1;
1001 else
1002 tries = WI_INIT_TRIES;
1003
1004 for (i = 0; i < tries; i++) {
1005 if ((error = wi_cmd(sc, WI_CMD_INI, 0, 0, 0)) == 0)
1006 break;
1007 DELAY(WI_DELAY * 1000);
1008 }
1009 sc->sc_reset = 1;
1010
1011 if (i == tries) {
1012 if_printf(ifp, "init failed\n");
1013 return (error);
1014 }
1015
1016 CSR_WRITE_2(sc, WI_INT_EN, 0);
1017 CSR_WRITE_2(sc, WI_EVENT_ACK, 0xFFFF);
1018
1019 /* Calibrate timer. */
1020 wi_write_val(sc, WI_RID_TICK_TIME, 8);
1021
1022 return (0);
1023 #undef WI_INIT_TRIES
1024 }
1025
1026 static void
1027 wi_watchdog(struct ifnet *ifp)
1028 {
1029 struct wi_softc *sc = ifp->if_softc;
1030
1031 ifp->if_timer = 0;
1032 if (!sc->sc_enabled)
1033 return;
1034
1035 if (sc->sc_tx_timer) {
1036 if (--sc->sc_tx_timer == 0) {
1037 if_printf(ifp, "device timeout\n");
1038 ifp->if_oerrors++;
1039 wi_init(ifp->if_softc);
1040 return;
1041 }
1042 ifp->if_timer = 1;
1043 }
1044
1045 if (sc->sc_scan_timer) {
1046 if (--sc->sc_scan_timer <= WI_SCAN_WAIT - WI_SCAN_INQWAIT &&
1047 sc->sc_firmware_type == WI_INTERSIL) {
1048 DPRINTF((ifp, "wi_watchdog: inquire scan\n"));
1049 wi_cmd(sc, WI_CMD_INQUIRE, WI_INFO_SCAN_RESULTS, 0, 0);
1050 }
1051 if (sc->sc_scan_timer)
1052 ifp->if_timer = 1;
1053 }
1054
1055 /* TODO: rate control */
1056 ieee80211_watchdog(&sc->sc_ic);
1057 }
1058
1059 static int
1060 wi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1061 {
1062 struct wi_softc *sc = ifp->if_softc;
1063 struct ieee80211com *ic = &sc->sc_ic;
1064 struct ifreq *ifr = (struct ifreq *)data;
1065 struct ieee80211req *ireq;
1066 u_int8_t nodename[IEEE80211_NWID_LEN];
1067 int error = 0;
1068 struct wi_req wreq;
1069
1070 if (sc->wi_gone) {
1071 error = ENODEV;
1072 goto out;
1073 }
1074
1075 switch (cmd) {
1076 case SIOCSIFFLAGS:
1077 /*
1078 * Can't do promisc and hostap at the same time. If all that's
1079 * changing is the promisc flag, try to short-circuit a call to
1080 * wi_init() by just setting PROMISC in the hardware.
1081 */
1082 if (ifp->if_flags & IFF_UP) {
1083 if (ic->ic_opmode != IEEE80211_M_HOSTAP &&
1084 ifp->if_flags & IFF_RUNNING) {
1085 if (ifp->if_flags & IFF_PROMISC &&
1086 !(sc->sc_if_flags & IFF_PROMISC)) {
1087 wi_write_val(sc, WI_RID_PROMISC, 1);
1088 } else if (!(ifp->if_flags & IFF_PROMISC) &&
1089 sc->sc_if_flags & IFF_PROMISC) {
1090 wi_write_val(sc, WI_RID_PROMISC, 0);
1091 } else {
1092 wi_init(sc);
1093 }
1094 } else {
1095 wi_init(sc);
1096 }
1097 } else {
1098 if (ifp->if_flags & IFF_RUNNING) {
1099 wi_stop(ifp, 1);
1100 }
1101 sc->wi_gone = 0;
1102 }
1103 sc->sc_if_flags = ifp->if_flags;
1104 error = 0;
1105 break;
1106 case SIOCADDMULTI:
1107 case SIOCDELMULTI:
1108 error = wi_write_multi(sc);
1109 break;
1110 case SIOCGIFGENERIC:
1111 error = wi_get_cfg(ifp, cmd, data, cr);
1112 break;
1113 case SIOCSIFGENERIC:
1114 error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
1115 if (error)
1116 break;
1117 error = wi_set_cfg(ifp, cmd, data);
1118 break;
1119 case SIOCGPRISM2DEBUG:
1120 error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
1121 if (error)
1122 break;
1123 if (!(ifp->if_flags & IFF_RUNNING) ||
1124 sc->sc_firmware_type == WI_LUCENT) {
1125 error = EIO;
1126 break;
1127 }
1128 error = wi_get_debug(sc, &wreq);
1129 if (error == 0)
1130 error = copyout(&wreq, ifr->ifr_data, sizeof(wreq));
1131 break;
1132 case SIOCSPRISM2DEBUG:
1133 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)))
1134 goto out;
1135 error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
1136 if (error)
1137 break;
1138 error = wi_set_debug(sc, &wreq);
1139 break;
1140 case SIOCG80211:
1141 ireq = (struct ieee80211req *) data;
1142 switch (ireq->i_type) {
1143 case IEEE80211_IOC_STATIONNAME:
1144 ireq->i_len = sc->sc_nodelen + 1;
1145 error = copyout(sc->sc_nodename, ireq->i_data,
1146 ireq->i_len);
1147 break;
1148 default:
1149 error = ieee80211_ioctl(ic, cmd, data, cr);
1150 break;
1151 }
1152 break;
1153 case SIOCS80211:
1154 error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
1155 if (error)
1156 break;
1157 ireq = (struct ieee80211req *) data;
1158 switch (ireq->i_type) {
1159 case IEEE80211_IOC_STATIONNAME:
1160 if (ireq->i_val != 0 ||
1161 ireq->i_len > IEEE80211_NWID_LEN) {
1162 error = EINVAL;
1163 break;
1164 }
1165 memset(nodename, 0, IEEE80211_NWID_LEN);
1166 error = copyin(ireq->i_data, nodename, ireq->i_len);
1167 if (error)
1168 break;
1169 if (sc->sc_enabled) {
1170 error = wi_write_ssid(sc, WI_RID_NODENAME,
1171 nodename, ireq->i_len);
1172 if (error)
1173 break;
1174 }
1175 memcpy(sc->sc_nodename, nodename, IEEE80211_NWID_LEN);
1176 sc->sc_nodelen = ireq->i_len;
1177 break;
1178 default:
1179 error = ieee80211_ioctl(ic, cmd, data, cr);
1180 break;
1181 }
1182 break;
1183 case SIOCSIFCAP:
1184 if (ifp->if_flags & IFF_RUNNING)
1185 wi_init(sc);
1186 break;
1187 default:
1188 error = ieee80211_ioctl(ic, cmd, data, cr);
1189 break;
1190 }
1191 if (error == ENETRESET) {
1192 if (sc->sc_enabled)
1193 wi_init(sc); /* XXX no error return */
1194 error = 0;
1195 }
1196 out:
1197 return error;
1198 }
1199
1200 static int
1201 wi_media_change(struct ifnet *ifp)
1202 {
1203 struct wi_softc *sc = ifp->if_softc;
1204 int error;
1205
1206 error = ieee80211_media_change(ifp);
1207 if (error == ENETRESET) {
1208 if (sc->sc_enabled)
1209 wi_init(sc); /* XXX no error return */
1210 error = 0;
1211 }
1212 return error;
1213 }
1214
1215 static void
1216 wi_media_status(struct ifnet *ifp, struct ifmediareq *imr)
1217 {
1218 struct wi_softc *sc = ifp->if_softc;
1219 struct ieee80211com *ic = &sc->sc_ic;
1220 u_int16_t val;
1221 int rate, len;
1222
1223 if (sc->wi_gone) { /* hardware gone (e.g. ejected) */
1224 imr->ifm_active = IFM_IEEE80211 | IFM_NONE;
1225 imr->ifm_status = 0;
1226 return;
1227 }
1228
1229 imr->ifm_status = IFM_AVALID;
1230 imr->ifm_active = IFM_IEEE80211;
1231 if (!sc->sc_enabled) { /* port !enabled, have no status */
1232 imr->ifm_active |= IFM_NONE;
1233 return;
1234 }
1235 if (ic->ic_state == IEEE80211_S_RUN &&
1236 (sc->sc_flags & WI_FLAGS_OUTRANGE) == 0)
1237 imr->ifm_status |= IFM_ACTIVE;
1238 len = sizeof(val);
1239 if (wi_read_rid(sc, WI_RID_CUR_TX_RATE, &val, &len) == 0 &&
1240 len == sizeof(val)) {
1241 /* convert to 802.11 rate */
1242 val = le16toh(val);
1243 rate = val * 2;
1244 if (sc->sc_firmware_type == WI_LUCENT) {
1245 if (rate == 10)
1246 rate = 11; /* 5.5Mbps */
1247 } else {
1248 if (rate == 4*2)
1249 rate = 11; /* 5.5Mbps */
1250 else if (rate == 8*2)
1251 rate = 22; /* 11Mbps */
1252 }
1253 } else {
1254 rate = 0;
1255 }
1256 imr->ifm_active |= ieee80211_rate2media(ic, rate, IEEE80211_MODE_11B);
1257 switch (ic->ic_opmode) {
1258 case IEEE80211_M_STA:
1259 break;
1260 case IEEE80211_M_IBSS:
1261 imr->ifm_active |= IFM_IEEE80211_ADHOC;
1262 break;
1263 case IEEE80211_M_AHDEMO:
1264 imr->ifm_active |= IFM_IEEE80211_ADHOC | IFM_FLAG0;
1265 break;
1266 case IEEE80211_M_HOSTAP:
1267 imr->ifm_active |= IFM_IEEE80211_HOSTAP;
1268 break;
1269 case IEEE80211_M_MONITOR:
1270 imr->ifm_active |= IFM_IEEE80211_MONITOR;
1271 break;
1272 }
1273 }
1274
1275 static void
1276 wi_sync_bssid(struct wi_softc *sc, u_int8_t new_bssid[IEEE80211_ADDR_LEN])
1277 {
1278 struct ieee80211com *ic = &sc->sc_ic;
1279 struct ieee80211_node *ni = ic->ic_bss;
1280 struct ifnet *ifp = &ic->ic_if;
1281
1282 if (IEEE80211_ADDR_EQ(new_bssid, ni->ni_bssid))
1283 return;
1284
1285 DPRINTF((ifp, "wi_sync_bssid: bssid %6D -> %6D ?\n", ni->ni_bssid, ":",
1286 new_bssid, ":"));
1287
1288 /* In promiscuous mode, the BSSID field is not a reliable
1289 * indicator of the firmware's BSSID. Damp spurious
1290 * change-of-BSSID indications.
1291 */
1292 if ((ifp->if_flags & IFF_PROMISC) != 0 &&
1293 !ppsratecheck(&sc->sc_last_syn, &sc->sc_false_syns,
1294 WI_MAX_FALSE_SYNS))
1295 return;
1296
1297 sc->sc_false_syns = MAX(0, sc->sc_false_syns - 1);
1298 /*
1299 * XXX hack; we should create a new node with the new bssid
1300 * and replace the existing ic_bss with it but since we don't
1301 * process management frames to collect state we cheat by
1302 * reusing the existing node as we know wi_newstate will be
1303 * called and it will overwrite the node state.
1304 */
1305 ieee80211_sta_join(ic, ieee80211_ref_node(ni));
1306 }
1307
1308 static void
1309 wi_rx_monitor(struct wi_softc *sc, int fid)
1310 {
1311 struct ieee80211com *ic = &sc->sc_ic;
1312 struct ifnet *ifp = &ic->ic_if;
1313 struct wi_frame *rx_frame;
1314 struct mbuf *m;
1315 int datlen, hdrlen;
1316
1317 /* first allocate mbuf for packet storage */
1318 m = m_getcl(MB_DONTWAIT, MT_DATA, 0);
1319 if (m == NULL) {
1320 ifp->if_ierrors++;
1321 return;
1322 }
1323
1324 m->m_pkthdr.rcvif = ifp;
1325
1326 /* now read wi_frame first so we know how much data to read */
1327 if (wi_read_bap(sc, fid, 0, mtod(m, caddr_t), sizeof(*rx_frame))) {
1328 ifp->if_ierrors++;
1329 goto done;
1330 }
1331
1332 rx_frame = mtod(m, struct wi_frame *);
1333
1334 switch ((rx_frame->wi_status & WI_STAT_MAC_PORT) >> 8) {
1335 case 7:
1336 switch (rx_frame->wi_whdr.i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
1337 case IEEE80211_FC0_TYPE_DATA:
1338 hdrlen = WI_DATA_HDRLEN;
1339 datlen = rx_frame->wi_dat_len + WI_FCS_LEN;
1340 break;
1341 case IEEE80211_FC0_TYPE_MGT:
1342 hdrlen = WI_MGMT_HDRLEN;
1343 datlen = rx_frame->wi_dat_len + WI_FCS_LEN;
1344 break;
1345 case IEEE80211_FC0_TYPE_CTL:
1346 /*
1347 * prism2 cards don't pass control packets
1348 * down properly or consistently, so we'll only
1349 * pass down the header.
1350 */
1351 hdrlen = WI_CTL_HDRLEN;
1352 datlen = 0;
1353 break;
1354 default:
1355 if_printf(ifp, "received packet of unknown type "
1356 "on port 7\n");
1357 ifp->if_ierrors++;
1358 goto done;
1359 }
1360 break;
1361 case 0:
1362 hdrlen = WI_DATA_HDRLEN;
1363 datlen = rx_frame->wi_dat_len + WI_FCS_LEN;
1364 break;
1365 default:
1366 if_printf(ifp, "received packet on invalid "
1367 "port (wi_status=0x%x)\n", rx_frame->wi_status);
1368 ifp->if_ierrors++;
1369 goto done;
1370 }
1371
1372 if (hdrlen + datlen + 2 > MCLBYTES) {
1373 if_printf(ifp, "oversized packet received "
1374 "(wi_dat_len=%d, wi_status=0x%x)\n",
1375 datlen, rx_frame->wi_status);
1376 ifp->if_ierrors++;
1377 goto done;
1378 }
1379
1380 if (wi_read_bap(sc, fid, hdrlen, mtod(m, caddr_t) + hdrlen,
1381 datlen + 2) == 0) {
1382 m->m_pkthdr.len = m->m_len = hdrlen + datlen;
1383 ifp->if_ipackets++;
1384 BPF_MTAP(ifp, m); /* Handle BPF listeners. */
1385 } else
1386 ifp->if_ierrors++;
1387 done:
1388 m_freem(m);
1389 }
1390
1391 static void
1392 wi_rx_intr(struct wi_softc *sc)
1393 {
1394 struct ieee80211com *ic = &sc->sc_ic;
1395 struct ifnet *ifp = &ic->ic_if;
1396 struct wi_frame frmhdr;
1397 struct mbuf *m;
1398 struct ieee80211_frame *wh;
1399 struct ieee80211_node *ni;
1400 int fid, len, off, rssi;
1401 u_int8_t dir;
1402 u_int16_t status;
1403 u_int32_t rstamp;
1404
1405 fid = CSR_READ_2(sc, WI_RX_FID);
1406
1407 if (sc->wi_debug.wi_monitor) {
1408 /*
1409 * If we are in monitor mode just
1410 * read the data from the device.
1411 */
1412 wi_rx_monitor(sc, fid);
1413 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_RX);
1414 return;
1415 }
1416
1417 /* First read in the frame header */
1418 if (wi_read_bap(sc, fid, 0, &frmhdr, sizeof(frmhdr))) {
1419 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_RX);
1420 ifp->if_ierrors++;
1421 DPRINTF((ifp, "wi_rx_intr: read fid %x failed\n", fid));
1422 return;
1423 }
1424
1425 if (IFF_DUMPPKTS(ifp))
1426 wi_dump_pkt(&frmhdr, NULL, frmhdr.wi_rx_signal);
1427
1428 /*
1429 * Drop undecryptable or packets with receive errors here
1430 */
1431 status = le16toh(frmhdr.wi_status);
1432 if (status & WI_STAT_ERRSTAT) {
1433 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_RX);
1434 ifp->if_ierrors++;
1435 DPRINTF((ifp, "wi_rx_intr: fid %x error status %x\n",
1436 fid, status));
1437 return;
1438 }
1439 rssi = frmhdr.wi_rx_signal;
1440 rstamp = (le16toh(frmhdr.wi_rx_tstamp0) << 16) |
1441 le16toh(frmhdr.wi_rx_tstamp1);
1442
1443 len = le16toh(frmhdr.wi_dat_len);
1444 off = ALIGN(sizeof(struct ieee80211_frame));
1445
1446 /*
1447 * Sometimes the PRISM2.x returns bogusly large frames. Except
1448 * in monitor mode, just throw them away.
1449 */
1450 if (off + len > MCLBYTES) {
1451 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1452 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_RX);
1453 ifp->if_ierrors++;
1454 DPRINTF((ifp, "wi_rx_intr: oversized packet\n"));
1455 return;
1456 } else
1457 len = 0;
1458 }
1459
1460 m = m_getl(off + len, MB_DONTWAIT, MT_DATA, M_PKTHDR, NULL);
1461 if (m == NULL) {
1462 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_RX);
1463 ifp->if_ierrors++;
1464 DPRINTF((ifp, "wi_rx_intr: m_getl failed\n"));
1465 return;
1466 }
1467
1468 m->m_data += off - sizeof(struct ieee80211_frame);
1469 memcpy(m->m_data, &frmhdr.wi_whdr, sizeof(struct ieee80211_frame));
1470 wi_read_bap(sc, fid, sizeof(frmhdr),
1471 m->m_data + sizeof(struct ieee80211_frame), len);
1472 m->m_pkthdr.len = m->m_len = sizeof(struct ieee80211_frame) + len;
1473 m->m_pkthdr.rcvif = ifp;
1474
1475 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_RX);
1476
1477 wh = mtod(m, struct ieee80211_frame *);
1478 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1479 /*
1480 * WEP is decrypted by hardware and the IV
1481 * is stripped. Clear WEP bit so we don't
1482 * try to process it in ieee80211_input.
1483 * XXX fix for TKIP, et. al.
1484 */
1485 wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
1486 }
1487
1488 if (sc->sc_drvbpf) {
1489 /* XXX replace divide by table */
1490 sc->sc_rx_th.wr_rate = frmhdr.wi_rx_rate / 5;
1491 sc->sc_rx_th.wr_antsignal = frmhdr.wi_rx_signal;
1492 sc->sc_rx_th.wr_antnoise = frmhdr.wi_rx_silence;
1493 sc->sc_rx_th.wr_flags = 0;
1494 if (frmhdr.wi_status & WI_STAT_PCF)
1495 sc->sc_rx_th.wr_flags |= IEEE80211_RADIOTAP_F_CFP;
1496 bpf_ptap(sc->sc_drvbpf, m, &sc->sc_rx_th, sc->sc_rx_th_len);
1497 }
1498
1499 /* synchronize driver's BSSID with firmware's BSSID */
1500 dir = wh->i_fc[1] & IEEE80211_FC1_DIR_MASK;
1501 if (ic->ic_opmode == IEEE80211_M_IBSS && dir == IEEE80211_FC1_DIR_NODS)
1502 wi_sync_bssid(sc, wh->i_addr3);
1503
1504 /*
1505 * Locate the node for sender, track state, and
1506 * then pass this node (referenced) up to the 802.11
1507 * layer for its use.
1508 */
1509 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *) wh);
1510 /*
1511 * Send frame up for processing.
1512 */
1513 ieee80211_input(ic, m, ni, rssi, rstamp);
1514 /*
1515 * The frame may have caused the node to be marked for
1516 * reclamation (e.g. in response to a DEAUTH message)
1517 * so use free_node here instead of unref_node.
1518 */
1519 ieee80211_free_node(ni);
1520 }
1521
1522 static void
1523 wi_tx_ex_intr(struct wi_softc *sc)
1524 {
1525 struct ieee80211com *ic = &sc->sc_ic;
1526 struct ifnet *ifp = &ic->ic_if;
1527 struct wi_frame frmhdr;
1528 int fid;
1529
1530 fid = CSR_READ_2(sc, WI_TX_CMP_FID);
1531 /* Read in the frame header */
1532 if (wi_read_bap(sc, fid, 0, &frmhdr, sizeof(frmhdr)) == 0) {
1533 u_int16_t status = le16toh(frmhdr.wi_status);
1534
1535 /*
1536 * Spontaneous station disconnects appear as xmit
1537 * errors. Don't announce them and/or count them
1538 * as an output error.
1539 */
1540 if ((status & WI_TXSTAT_DISCONNECT) == 0) {
1541 if (ppsratecheck(&lasttxerror, &curtxeps, wi_txerate)) {
1542 if_printf(ifp, "tx failed");
1543 if (status & WI_TXSTAT_RET_ERR)
1544 kprintf(", retry limit exceeded");
1545 if (status & WI_TXSTAT_AGED_ERR)
1546 kprintf(", max transmit lifetime exceeded");
1547 if (status & WI_TXSTAT_DISCONNECT)
1548 kprintf(", port disconnected");
1549 if (status & WI_TXSTAT_FORM_ERR)
1550 kprintf(", invalid format (data len %u src %6D)",
1551 le16toh(frmhdr.wi_dat_len),
1552 frmhdr.wi_ehdr.ether_shost, ":");
1553 if (status & ~0xf)
1554 kprintf(", status=0x%x", status);
1555 kprintf("\n");
1556 }
1557 ifp->if_oerrors++;
1558 } else {
1559 DPRINTF((ifp, "port disconnected\n"));
1560 ifp->if_collisions++; /* XXX */
1561 }
1562 } else
1563 DPRINTF((ifp, "wi_tx_ex_intr: read fid %x failed\n", fid));
1564 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_TX_EXC);
1565 }
1566
1567 static void
1568 wi_tx_intr(struct wi_softc *sc)
1569 {
1570 struct ieee80211com *ic = &sc->sc_ic;
1571 struct ifnet *ifp = &ic->ic_if;
1572 int fid, cur;
1573
1574 if (sc->wi_gone)
1575 return;
1576
1577 fid = CSR_READ_2(sc, WI_ALLOC_FID);
1578 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_ALLOC);
1579
1580 cur = sc->sc_txcur;
1581 if (sc->sc_txd[cur].d_fid != fid) {
1582 if_printf(ifp, "bad alloc %x != %x, cur %d nxt %d\n",
1583 fid, sc->sc_txd[cur].d_fid, cur, sc->sc_txnext);
1584 return;
1585 }
1586 sc->sc_tx_timer = 0;
1587 sc->sc_txd[cur].d_len = 0;
1588 sc->sc_txcur = cur = (cur + 1) % sc->sc_ntxbuf;
1589 if (sc->sc_txd[cur].d_len == 0)
1590 ifp->if_flags &= ~IFF_OACTIVE;
1591 else {
1592 if (wi_cmd(sc, WI_CMD_TX | WI_RECLAIM, sc->sc_txd[cur].d_fid,
1593 0, 0)) {
1594 if_printf(ifp, "xmit failed\n");
1595 sc->sc_txd[cur].d_len = 0;
1596 } else {
1597 sc->sc_tx_timer = 5;
1598 ifp->if_timer = 1;
1599 }
1600 }
1601 }
1602
1603 static void
1604 wi_info_intr(struct wi_softc *sc)
1605 {
1606 struct ieee80211com *ic = &sc->sc_ic;
1607 struct ifnet *ifp = &ic->ic_if;
1608 int i, fid, len, off;
1609 u_int16_t ltbuf[2];
1610 u_int16_t stat;
1611 u_int32_t *ptr;
1612
1613 fid = CSR_READ_2(sc, WI_INFO_FID);
1614 wi_read_bap(sc, fid, 0, ltbuf, sizeof(ltbuf));
1615
1616 switch (le16toh(ltbuf[1])) {
1617
1618 case WI_INFO_LINK_STAT:
1619 wi_read_bap(sc, fid, sizeof(ltbuf), &stat, sizeof(stat));
1620 DPRINTF((ifp, "wi_info_intr: LINK_STAT 0x%x\n", le16toh(stat)));
1621 switch (le16toh(stat)) {
1622 case WI_INFO_LINK_STAT_CONNECTED:
1623 sc->sc_flags &= ~WI_FLAGS_OUTRANGE;
1624 if (ic->ic_state == IEEE80211_S_RUN &&
1625 ic->ic_opmode != IEEE80211_M_IBSS)
1626 break;
1627 /* FALLTHROUGH */
1628 case WI_INFO_LINK_STAT_AP_CHG:
1629 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1630 break;
1631 case WI_INFO_LINK_STAT_AP_INR:
1632 sc->sc_flags &= ~WI_FLAGS_OUTRANGE;
1633 break;
1634 case WI_INFO_LINK_STAT_AP_OOR:
1635 if (sc->sc_firmware_type == WI_SYMBOL &&
1636 sc->sc_scan_timer > 0) {
1637 if (wi_cmd(sc, WI_CMD_INQUIRE,
1638 WI_INFO_HOST_SCAN_RESULTS, 0, 0) != 0)
1639 sc->sc_scan_timer = 0;
1640 break;
1641 }
1642 if (ic->ic_opmode == IEEE80211_M_STA)
1643 sc->sc_flags |= WI_FLAGS_OUTRANGE;
1644 break;
1645 case WI_INFO_LINK_STAT_DISCONNECTED:
1646 case WI_INFO_LINK_STAT_ASSOC_FAILED:
1647 if (ic->ic_opmode == IEEE80211_M_STA)
1648 ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
1649 break;
1650 }
1651 break;
1652
1653 case WI_INFO_COUNTERS:
1654 /* some card versions have a larger stats structure */
1655 len = min(le16toh(ltbuf[0]) - 1, sizeof(sc->sc_stats) / 4);
1656 ptr = (u_int32_t *)&sc->sc_stats;
1657 off = sizeof(ltbuf);
1658 for (i = 0; i < len; i++, off += 2, ptr++) {
1659 wi_read_bap(sc, fid, off, &stat, sizeof(stat));
1660 #ifdef WI_HERMES_STATS_WAR
1661 if (stat & 0xf000)
1662 stat = ~stat;
1663 #endif
1664 *ptr += stat;
1665 }
1666 ifp->if_collisions = sc->sc_stats.wi_tx_single_retries +
1667 sc->sc_stats.wi_tx_multi_retries +
1668 sc->sc_stats.wi_tx_retry_limit;
1669 break;
1670
1671 case WI_INFO_SCAN_RESULTS:
1672 case WI_INFO_HOST_SCAN_RESULTS:
1673 wi_scan_result(sc, fid, le16toh(ltbuf[0]));
1674 break;
1675
1676 default:
1677 DPRINTF((ifp, "wi_info_intr: got fid %x type %x len %d\n", fid,
1678 le16toh(ltbuf[1]), le16toh(ltbuf[0])));
1679 break;
1680 }
1681 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_INFO);
1682 }
1683
1684 static int
1685 wi_write_multi(struct wi_softc *sc)
1686 {
1687 struct ifnet *ifp = &sc->sc_ic.ic_if;
1688 int n;
1689 struct ifmultiaddr *ifma;
1690 struct wi_mcast mlist;
1691
1692 if (ifp->if_flags & IFF_ALLMULTI || ifp->if_flags & IFF_PROMISC) {
1693 allmulti:
1694 memset(&mlist, 0, sizeof(mlist));
1695 return wi_write_rid(sc, WI_RID_MCAST_LIST, &mlist,
1696 sizeof(mlist));
1697 }
1698
1699 n = 0;
1700 LIST_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
1701 if (ifma->ifma_addr->sa_family != AF_LINK)
1702 continue;
1703 if (n >= 16)
1704 goto allmulti;
1705 IEEE80211_ADDR_COPY(&mlist.wi_mcast[n],
1706 (LLADDR((struct sockaddr_dl *)ifma->ifma_addr)));
1707 n++;
1708 }
1709 return wi_write_rid(sc, WI_RID_MCAST_LIST, &mlist,
1710 IEEE80211_ADDR_LEN * n);
1711 }
1712
1713 static void
1714 wi_read_nicid(struct wi_softc *sc)
1715 {
1716 struct wi_card_ident *id;
1717 char *p;
1718 int len;
1719 u_int16_t ver[4];
1720
1721 /* getting chip identity */
1722 memset(ver, 0, sizeof(ver));
1723 len = sizeof(ver);
1724 wi_read_rid(sc, WI_RID_CARD_ID, ver, &len);
1725 if_printf(&sc->sc_ic.ic_if, "using ");
1726
1727 sc->sc_firmware_type = WI_NOTYPE;
1728 for (id = wi_card_ident; id->card_name != NULL; id++) {
1729 if (le16toh(ver[0]) == id->card_id) {
1730 kprintf("%s", id->card_name);
1731 sc->sc_firmware_type = id->firm_type;
1732 break;
1733 }
1734 }
1735 if (sc->sc_firmware_type == WI_NOTYPE) {
1736 if (le16toh(ver[0]) & 0x8000) {
1737 kprintf("Unknown PRISM2 chip");
1738 sc->sc_firmware_type = WI_INTERSIL;
1739 } else {
1740 kprintf("Unknown Lucent chip");
1741 sc->sc_firmware_type = WI_LUCENT;
1742 }
1743 }
1744
1745 /* get primary firmware version (Only Prism chips) */
1746 if (sc->sc_firmware_type != WI_LUCENT) {
1747 memset(ver, 0, sizeof(ver));
1748 len = sizeof(ver);
1749 wi_read_rid(sc, WI_RID_PRI_IDENTITY, ver, &len);
1750 sc->sc_pri_firmware_ver = le16toh(ver[2]) * 10000 +
1751 le16toh(ver[3]) * 100 + le16toh(ver[1]);
1752 }
1753
1754 /* get station firmware version */
1755 memset(ver, 0, sizeof(ver));
1756 len = sizeof(ver);
1757 wi_read_rid(sc, WI_RID_STA_IDENTITY, ver, &len);
1758 sc->sc_sta_firmware_ver = le16toh(ver[2]) * 10000 +
1759 le16toh(ver[3]) * 100 + le16toh(ver[1]);
1760 if (sc->sc_firmware_type == WI_INTERSIL &&
1761 (sc->sc_sta_firmware_ver == 10102 ||
1762 sc->sc_sta_firmware_ver == 20102)) {
1763 char ident[12];
1764 memset(ident, 0, sizeof(ident));
1765 len = sizeof(ident);
1766 /* value should be the format like "V2.00-11" */
1767 if (wi_read_rid(sc, WI_RID_SYMBOL_IDENTITY, ident, &len) == 0 &&
1768 *(p = (char *)ident) >= 'A' &&
1769 p[2] == '.' && p[5] == '-' && p[8] == '\0') {
1770 sc->sc_firmware_type = WI_SYMBOL;
1771 sc->sc_sta_firmware_ver = (p[1] - '0') * 10000 +
1772 (p[3] - '0') * 1000 + (p[4] - '0') * 100 +
1773 (p[6] - '0') * 10 + (p[7] - '0');
1774 }
1775 }
1776 kprintf("\n");
1777 if_printf(&sc->sc_ic.ic_if, "%s Firmware: ",
1778 sc->sc_firmware_type == WI_LUCENT ? "Lucent" :
1779 (sc->sc_firmware_type == WI_SYMBOL ? "Symbol" : "Intersil"));
1780 if (sc->sc_firmware_type != WI_LUCENT) /* XXX */
1781 kprintf("Primary (%u.%u.%u), ",
1782 sc->sc_pri_firmware_ver / 10000,
1783 (sc->sc_pri_firmware_ver % 10000) / 100,
1784 sc->sc_pri_firmware_ver % 100);
1785 kprintf("Station (%u.%u.%u)\n",
1786 sc->sc_sta_firmware_ver / 10000,
1787 (sc->sc_sta_firmware_ver % 10000) / 100,
1788 sc->sc_sta_firmware_ver % 100);
1789 }
1790
1791 static int
1792 wi_write_ssid(struct wi_softc *sc, int rid, u_int8_t *buf, int buflen)
1793 {
1794 struct wi_ssid ssid;
1795
1796 if (buflen > IEEE80211_NWID_LEN)
1797 return ENOBUFS;
1798 memset(&ssid, 0, sizeof(ssid));
1799 ssid.wi_len = htole16(buflen);
1800 memcpy(ssid.wi_ssid, buf, buflen);
1801 return wi_write_rid(sc, rid, &ssid, sizeof(ssid));
1802 }
1803
1804 static int
1805 wi_get_cfg(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1806 {
1807 struct wi_softc *sc = ifp->if_softc;
1808 struct ieee80211com *ic = &sc->sc_ic;
1809 struct ifreq *ifr = (struct ifreq *)data;
1810 struct wi_req wreq;
1811 struct wi_scan_res *res;
1812 size_t reslen;
1813 int len, n, error, mif, val, off, i;
1814
1815 error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
1816 if (error)
1817 return error;
1818 len = (wreq.wi_len - 1) * 2;
1819 if (len < sizeof(u_int16_t))
1820 return ENOSPC;
1821 if (len > sizeof(wreq.wi_val))
1822 len = sizeof(wreq.wi_val);
1823
1824 switch (wreq.wi_type) {
1825
1826 case WI_RID_IFACE_STATS:
1827 memcpy(wreq.wi_val, &sc->sc_stats, sizeof(sc->sc_stats));
1828 if (len < sizeof(sc->sc_stats))
1829 error = ENOSPC;
1830 else
1831 len = sizeof(sc->sc_stats);
1832 break;
1833
1834 case WI_RID_ENCRYPTION:
1835 case WI_RID_TX_CRYPT_KEY:
1836 case WI_RID_DEFLT_CRYPT_KEYS:
1837 case WI_RID_TX_RATE:
1838 return ieee80211_cfgget(ic, cmd, data, cr);
1839
1840 case WI_RID_MICROWAVE_OVEN:
1841 if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_MOR)) {
1842 error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val,
1843 &len);
1844 break;
1845 }
1846 wreq.wi_val[0] = htole16(sc->sc_microwave_oven);
1847 len = sizeof(u_int16_t);
1848 break;
1849
1850 case WI_RID_DBM_ADJUST:
1851 if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_DBMADJUST)) {
1852 error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val,
1853 &len);
1854 break;
1855 }
1856 wreq.wi_val[0] = htole16(sc->sc_dbm_offset);
1857 len = sizeof(u_int16_t);
1858 break;
1859
1860 case WI_RID_ROAMING_MODE:
1861 if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_ROAMING)) {
1862 error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val,
1863 &len);
1864 break;
1865 }
1866 wreq.wi_val[0] = htole16(sc->sc_roaming_mode);
1867 len = sizeof(u_int16_t);
1868 break;
1869
1870 case WI_RID_SYSTEM_SCALE:
1871 if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_SYSSCALE)) {
1872 error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val,
1873 &len);
1874 break;
1875 }
1876 wreq.wi_val[0] = htole16(sc->sc_system_scale);
1877 len = sizeof(u_int16_t);
1878 break;
1879
1880 case WI_RID_FRAG_THRESH:
1881 if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_FRAGTHR)) {
1882 error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val,
1883 &len);
1884 break;
1885 }
1886 wreq.wi_val[0] = htole16(ic->ic_fragthreshold);
1887 len = sizeof(u_int16_t);
1888 break;
1889
1890 case WI_RID_READ_APS:
1891 if (ic->ic_opmode == IEEE80211_M_HOSTAP)
1892 return ieee80211_cfgget(ic, cmd, data, cr);
1893 if (sc->sc_scan_timer > 0) {
1894 error = EINPROGRESS;
1895 break;
1896 }
1897 n = sc->sc_naps;
1898 if (len < sizeof(n)) {
1899 error = ENOSPC;
1900 break;
1901 }
1902 if (len < sizeof(n) + sizeof(struct wi_apinfo) * n)
1903 n = (len - sizeof(n)) / sizeof(struct wi_apinfo);
1904 len = sizeof(n) + sizeof(struct wi_apinfo) * n;
1905 memcpy(wreq.wi_val, &n, sizeof(n));
1906 memcpy((caddr_t)wreq.wi_val + sizeof(n), sc->sc_aps,
1907 sizeof(struct wi_apinfo) * n);
1908 break;
1909
1910 case WI_RID_PRISM2:
1911 wreq.wi_val[0] = sc->sc_firmware_type != WI_LUCENT;
1912 len = sizeof(u_int16_t);
1913 break;
1914
1915 case WI_RID_MIF:
1916 mif = wreq.wi_val[0];
1917 error = wi_cmd(sc, WI_CMD_READMIF, mif, 0, 0);
1918 val = CSR_READ_2(sc, WI_RESP0);
1919 wreq.wi_val[0] = val;
1920 len = sizeof(u_int16_t);
1921 break;
1922
1923 case WI_RID_ZERO_CACHE:
1924 case WI_RID_PROCFRAME: /* ignore for compatibility */
1925 /* XXX ??? */
1926 break;
1927
1928 case WI_RID_READ_CACHE:
1929 return ieee80211_cfgget(ic, cmd, data, cr);
1930
1931 case WI_RID_SCAN_RES: /* compatibility interface */
1932 if (ic->ic_opmode == IEEE80211_M_HOSTAP)
1933 return ieee80211_cfgget(ic, cmd, data, cr);
1934 if (sc->sc_scan_timer > 0) {
1935 error = EINPROGRESS;
1936 break;
1937 }
1938 n = sc->sc_naps;
1939 if (sc->sc_firmware_type == WI_LUCENT) {
1940 off = 0;
1941 reslen = WI_WAVELAN_RES_SIZE;
1942 } else {
1943 off = sizeof(struct wi_scan_p2_hdr);
1944 reslen = WI_PRISM2_RES_SIZE;
1945 }
1946 if (len < off + reslen * n)
1947 n = (len - off) / reslen;
1948 len = off + reslen * n;
1949 if (off != 0) {
1950 struct wi_scan_p2_hdr *p2;
1951 /*
1952 * Prepend Prism-specific header.
1953 */
1954 if (len < sizeof(struct wi_scan_p2_hdr)) {
1955 error = ENOSPC;
1956 break;
1957 }
1958 p2 = (struct wi_scan_p2_hdr *)wreq.wi_val;
1959 p2->wi_rsvd = 0;
1960 p2->wi_reason = n; /* XXX */
1961 }
1962 for (i = 0; i < n; i++, off += reslen) {
1963 const struct wi_apinfo *ap = &sc->sc_aps[i];
1964
1965 res = (struct wi_scan_res *)((char *)wreq.wi_val + off);
1966 res->wi_chan = ap->channel;
1967 res->wi_noise = ap->noise;
1968 res->wi_signal = ap->signal;
1969 IEEE80211_ADDR_COPY(res->wi_bssid, ap->bssid);
1970 res->wi_interval = ap->interval;
1971 res->wi_capinfo = ap->capinfo;
1972 res->wi_ssid_len = ap->namelen;
1973 memcpy(res->wi_ssid, ap->name,
1974 IEEE80211_NWID_LEN);
1975 if (sc->sc_firmware_type != WI_LUCENT) {
1976 /* XXX not saved from Prism cards */
1977 memset(res->wi_srates, 0,
1978 sizeof(res->wi_srates));
1979 res->wi_rate = ap->rate;
1980 res->wi_rsvd = 0;
1981 }
1982 }
1983 break;
1984
1985 default:
1986 if (sc->sc_enabled) {
1987 error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val,
1988 &len);
1989 break;
1990 }
1991 switch (wreq.wi_type) {
1992 case WI_RID_MAX_DATALEN:
1993 wreq.wi_val[0] = htole16(sc->sc_max_datalen);
1994 len = sizeof(u_int16_t);
1995 break;
1996 case WI_RID_RTS_THRESH:
1997 wreq.wi_val[0] = htole16(ic->ic_rtsthreshold);
1998 len = sizeof(u_int16_t);
1999 break;
2000 case WI_RID_CNFAUTHMODE:
2001 wreq.wi_val[0] = htole16(sc->sc_cnfauthmode);
2002 len = sizeof(u_int16_t);
2003 break;
2004 case WI_RID_NODENAME:
2005 if (len < sc->sc_nodelen + sizeof(u_int16_t)) {
2006 error = ENOSPC;
2007 break;
2008 }
2009 len = sc->sc_nodelen + sizeof(u_int16_t);
2010 wreq.wi_val[0] = htole16((sc->sc_nodelen + 1) / 2);
2011 memcpy(&wreq.wi_val[1], sc->sc_nodename,
2012 sc->sc_nodelen);
2013 break;
2014 default:
2015 return ieee80211_cfgget(ic, cmd, data, cr);
2016 }
2017 break;
2018 }
2019 if (error)
2020 return error;
2021 wreq.wi_len = (len + 1) / 2 + 1;
2022 return copyout(&wreq, ifr->ifr_data, (wreq.wi_len + 1) * 2);
2023 }
2024
2025 static int
2026 wi_set_cfg(struct ifnet *ifp, u_long cmd, caddr_t data)
2027 {
2028 struct wi_softc *sc = ifp->if_softc;
2029 struct ieee80211com *ic = &sc->sc_ic;
2030 struct ifreq *ifr = (struct ifreq *)data;
2031 struct wi_req wreq;
2032 struct mbuf *m;
2033 int i, len, error, mif, val;
2034 struct ieee80211_rateset *rs;
2035
2036 error = copyin(ifr->ifr_data, &wreq, sizeof(wreq));
2037 if (error)
2038 return error;
2039 len = wreq.wi_len ? (wreq.wi_len - 1) * 2 : 0;
2040 switch (wreq.wi_type) {
2041 case WI_RID_DBM_ADJUST:
2042 return ENODEV;
2043
2044 case WI_RID_NODENAME:
2045 if (le16toh(wreq.wi_val[0]) * 2 > len ||
2046 le16toh(wreq.wi_val[0]) > sizeof(sc->sc_nodename)) {
2047 error = ENOSPC;
2048 break;
2049 }
2050 if (sc->sc_enabled) {
2051 error = wi_write_rid(sc, wreq.wi_type, wreq.wi_val,
2052 len);
2053 if (error)
2054 break;
2055 }
2056 sc->sc_nodelen = le16toh(wreq.wi_val[0]) * 2;
2057 memcpy(sc->sc_nodename, &wreq.wi_val[1], sc->sc_nodelen);
2058 break;
2059
2060 case WI_RID_MICROWAVE_OVEN:
2061 case WI_RID_ROAMING_MODE:
2062 case WI_RID_SYSTEM_SCALE:
2063 case WI_RID_FRAG_THRESH:
2064 if (wreq.wi_type == WI_RID_MICROWAVE_OVEN &&
2065 (sc->sc_flags & WI_FLAGS_HAS_MOR) == 0)
2066 break;
2067 if (wreq.wi_type == WI_RID_ROAMING_MODE &&
2068 (sc->sc_flags & WI_FLAGS_HAS_ROAMING) == 0)
2069 break;
2070 if (wreq.wi_type == WI_RID_SYSTEM_SCALE &&
2071 (sc->sc_flags & WI_FLAGS_HAS_SYSSCALE) == 0)
2072 break;
2073 if (wreq.wi_type == WI_RID_FRAG_THRESH &&
2074 (sc->sc_flags & WI_FLAGS_HAS_FRAGTHR) == 0)
2075 break;
2076 /* FALLTHROUGH */
2077 case WI_RID_RTS_THRESH:
2078 case WI_RID_CNFAUTHMODE:
2079 case WI_RID_MAX_DATALEN:
2080 if (sc->sc_enabled) {
2081 error = wi_write_rid(sc, wreq.wi_type, wreq.wi_val,
2082 sizeof(u_int16_t));
2083 if (error)
2084 break;
2085 }
2086 switch (wreq.wi_type) {
2087 case WI_RID_FRAG_THRESH:
2088 ic->ic_fragthreshold = le16toh(wreq.wi_val[0]);
2089 break;
2090 case WI_RID_RTS_THRESH:
2091 ic->ic_rtsthreshold = le16toh(wreq.wi_val[0]);
2092 break;
2093 case WI_RID_MICROWAVE_OVEN:
2094 sc->sc_microwave_oven = le16toh(wreq.wi_val[0]);
2095 break;
2096 case WI_RID_ROAMING_MODE:
2097 sc->sc_roaming_mode = le16toh(wreq.wi_val[0]);
2098 break;
2099 case WI_RID_SYSTEM_SCALE:
2100 sc->sc_system_scale = le16toh(wreq.wi_val[0]);
2101 break;
2102 case WI_RID_CNFAUTHMODE:
2103 sc->sc_cnfauthmode = le16toh(wreq.wi_val[0]);
2104 break;
2105 case WI_RID_MAX_DATALEN:
2106 sc->sc_max_datalen = le16toh(wreq.wi_val[0]);
2107 break;
2108 }
2109 break;
2110
2111 case WI_RID_TX_RATE:
2112 switch (le16toh(wreq.wi_val[0])) {
2113 case 3:
2114 ic->ic_fixed_rate = IEEE80211_FIXED_RATE_NONE;
2115 break;
2116 default:
2117 rs = &ic->ic_sup_rates[IEEE80211_MODE_11B];
2118 for (i = 0; i < rs->rs_nrates; i++) {
2119 if ((rs->rs_rates[i] & IEEE80211_RATE_VAL)
2120 / 2 == le16toh(wreq.wi_val[0]))
2121 break;
2122 }
2123 if (i == rs->rs_nrates)
2124 return EINVAL;
2125 ic->ic_fixed_rate = i;
2126 }
2127 if (sc->sc_enabled)
2128 error = wi_write_txrate(sc);
2129 break;
2130
2131 case WI_RID_SCAN_APS:
2132 if (sc->sc_enabled && ic->ic_opmode != IEEE80211_M_HOSTAP)
2133 error = wi_scan_ap(sc, 0x3fff, 0x000f);
2134 break;
2135
2136 case WI_RID_SCAN_REQ: /* compatibility interface */
2137 if (sc->sc_enabled && ic->ic_opmode != IEEE80211_M_HOSTAP)
2138 error = wi_scan_ap(sc, wreq.wi_val[0], wreq.wi_val[1]);
2139 break;
2140
2141 case WI_RID_MGMT_XMIT:
2142 if (!sc->sc_enabled) {
2143 error = ENETDOWN;
2144 break;
2145 }
2146 if (ic->ic_mgtq.ifq_len > 5) {
2147 error = EAGAIN;
2148 break;
2149 }
2150 /* XXX wi_len looks in u_int8_t, not in u_int16_t */
2151 m = m_devget((char *)&wreq.wi_val, wreq.wi_len, 0, ifp, NULL);
2152 if (m == NULL) {
2153 error = ENOMEM;
2154 break;
2155 }
2156 IF_ENQUEUE(&ic->ic_mgtq, m);
2157 break;
2158
2159 case WI_RID_MIF:
2160 mif = wreq.wi_val[0];
2161 val = wreq.wi_val[1];
2162 error = wi_cmd(sc, WI_CMD_WRITEMIF, mif, val, 0);
2163 break;
2164
2165 case WI_RID_PROCFRAME: /* ignore for compatibility */
2166 break;
2167
2168 case WI_RID_OWN_SSID:
2169 if (le16toh(wreq.wi_val[0]) * 2 > len ||
2170 le16toh(wreq.wi_val[0]) > IEEE80211_NWID_LEN) {
2171 error = ENOSPC;
2172 break;
2173 }
2174 memset(ic->ic_des_essid, 0, IEEE80211_NWID_LEN);
2175 ic->ic_des_esslen = le16toh(wreq.wi_val[0]) * 2;
2176 memcpy(ic->ic_des_essid, &wreq.wi_val[1], ic->ic_des_esslen);
2177 error = ENETRESET;
2178 break;
2179
2180 default:
2181 if (sc->sc_enabled) {
2182 error = wi_write_rid(sc, wreq.wi_type, wreq.wi_val,
2183 len);
2184 if (error)
2185 break;
2186 }
2187 error = ieee80211_cfgset(ic, cmd, data);
2188 break;
2189 }
2190 return error;
2191 }
2192
2193 static int
2194 wi_write_txrate(struct wi_softc *sc)
2195 {
2196 struct ieee80211com *ic = &sc->sc_ic;
2197 int i;
2198 u_int16_t rate;
2199
2200 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE)
2201 rate = 0; /* auto */
2202 else
2203 rate = (ic->ic_sup_rates[IEEE80211_MODE_11B].rs_rates[ic->ic_fixed_rate] &
2204 IEEE80211_RATE_VAL) / 2;
2205
2206 /* rate: 0, 1, 2, 5, 11 */
2207
2208 switch (sc->sc_firmware_type) {
2209 case WI_LUCENT:
2210 switch (rate) {
2211 case 0: /* auto == 11mbps auto */
2212 rate = 3;
2213 break;
2214 /* case 1, 2 map to 1, 2*/
2215 case 5: /* 5.5Mbps -> 4 */
2216 rate = 4;
2217 break;
2218 case 11: /* 11mbps -> 5 */
2219 rate = 5;
2220 break;
2221 default:
2222 break;
2223 }
2224 break;
2225 default:
2226 /* Choose a bit according to this table.
2227 *
2228 * bit | data rate
2229 * ----+-------------------
2230 * 0 | 1Mbps
2231 * 1 | 2Mbps
2232 * 2 | 5.5Mbps
2233 * 3 | 11Mbps
2234 */
2235 for (i = 8; i > 0; i >>= 1) {
2236 if (rate >= i)
2237 break;
2238 }
2239 if (i == 0)
2240 rate = 0xf; /* auto */
2241 else
2242 rate = i;
2243 break;
2244 }
2245 return wi_write_val(sc, WI_RID_TX_RATE, rate);
2246 }
2247
2248 static int
2249 wi_key_alloc(struct ieee80211com *ic, const struct ieee80211_key *k,
2250 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
2251 {
2252 struct wi_softc *sc = ic->ic_ifp->if_softc;
2253
2254 /*
2255 * When doing host encryption of outbound frames fail requests
2256 * for keys that are not marked w/ the SWCRYPT flag so the
2257 * net80211 layer falls back to s/w crypto. Note that we also
2258 * fixup existing keys below to handle mode changes.
2259 */
2260 if ((sc->sc_encryption & HOST_ENCRYPT) &&
2261 (k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0)
2262 return 0;
2263 return sc->sc_key_alloc(ic, k, keyix, rxkeyix);
2264 }
2265
2266 static int
2267 wi_write_wep(struct wi_softc *sc)
2268 {
2269 struct ieee80211com *ic = &sc->sc_ic;
2270 int error = 0;
2271 int i, keylen;
2272 u_int16_t val;
2273 struct wi_key wkey[IEEE80211_WEP_NKID];
2274
2275 switch (sc->sc_firmware_type) {
2276 case WI_LUCENT:
2277 val = (ic->ic_flags & IEEE80211_F_PRIVACY) ? 1 : 0;
2278 error = wi_write_val(sc, WI_RID_ENCRYPTION, val);
2279 if (error)
2280 break;
2281 if (!(ic->ic_flags & IEEE80211_F_PRIVACY))
2282 break;
2283 error = wi_write_val(sc, WI_RID_TX_CRYPT_KEY, ic->ic_def_txkey);
2284 if (error)
2285 break;
2286 memset(wkey, 0, sizeof(wkey));
2287 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2288 keylen = ic->ic_nw_keys[i].wk_keylen;
2289 wkey[i].wi_keylen = htole16(keylen);
2290 memcpy(wkey[i].wi_keydat, ic->ic_nw_keys[i].wk_key,
2291 keylen);
2292 }
2293 error = wi_write_rid(sc, WI_RID_DEFLT_CRYPT_KEYS,
2294 wkey, sizeof(wkey));
2295 sc->sc_encryption = 0;
2296 break;
2297
2298 case WI_INTERSIL:
2299 case WI_SYMBOL:
2300 if (ic->ic_flags & IEEE80211_F_PRIVACY) {
2301 /*
2302 * ONLY HWB3163 EVAL-CARD Firmware version
2303 * less than 0.8 variant2
2304 *
2305 * If promiscuous mode disable, Prism2 chip
2306 * does not work with WEP .
2307 * It is under investigation for details.
2308 * (ichiro@netbsd.org)
2309 */
2310 if (sc->sc_firmware_type == WI_INTERSIL &&
2311 sc->sc_sta_firmware_ver < 802 ) {
2312 /* firm ver < 0.8 variant 2 */
2313 wi_write_val(sc, WI_RID_PROMISC, 1);
2314 }
2315 wi_write_val(sc, WI_RID_CNFAUTHMODE,
2316 sc->sc_cnfauthmode);
2317 /* XXX should honor IEEE80211_F_DROPUNENC */
2318 val = PRIVACY_INVOKED | EXCLUDE_UNENCRYPTED;
2319 /*
2320 * Encryption firmware has a bug for HostAP mode.
2321 */
2322 if (sc->sc_firmware_type == WI_INTERSIL &&
2323 ic->ic_opmode == IEEE80211_M_HOSTAP)
2324 val |= HOST_ENCRYPT;
2325 } else {
2326 wi_write_val(sc, WI_RID_CNFAUTHMODE,
2327 IEEE80211_AUTH_OPEN);
2328 val = HOST_ENCRYPT | HOST_DECRYPT;
2329 }
2330 error = wi_write_val(sc, WI_RID_P2_ENCRYPTION, val);
2331 if (error)
2332 break;
2333 sc->sc_encryption = val;
2334 if ((val & PRIVACY_INVOKED) == 0)
2335 break;
2336 error = wi_write_val(sc, WI_RID_P2_TX_CRYPT_KEY,
2337 ic->ic_def_txkey);
2338 if (error)
2339 break;
2340 if (val & HOST_DECRYPT)
2341 break;
2342 /*
2343 * It seems that the firmware accept 104bit key only if
2344 * all the keys have 104bit length. We get the length of
2345 * the transmit key and use it for all other keys.
2346 * Perhaps we should use software WEP for such situation.
2347 */
2348 if (ic->ic_def_txkey != IEEE80211_KEYIX_NONE)
2349 keylen = ic->ic_nw_keys[ic->ic_def_txkey].wk_keylen;
2350 else /* XXX should not hapen */
2351 keylen = IEEE80211_WEP_KEYLEN;
2352 if (keylen > IEEE80211_WEP_KEYLEN)
2353 keylen = 13; /* 104bit keys */
2354 else
2355 keylen = IEEE80211_WEP_KEYLEN;
2356 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2357 error = wi_write_rid(sc, WI_RID_P2_CRYPT_KEY0 + i,
2358 ic->ic_nw_keys[i].wk_key, keylen);
2359 if (error)
2360 break;
2361 }
2362 break;
2363 }
2364 /*
2365 * XXX horrible hack; insure pre-existing keys are
2366 * setup properly to do s/w crypto.
2367 */
2368 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2369 struct ieee80211_key *k = &ic->ic_nw_keys[i];
2370 if (k->wk_flags & IEEE80211_KEY_XMIT) {
2371 if (sc->sc_encryption & HOST_ENCRYPT)
2372 k->wk_flags |= IEEE80211_KEY_SWCRYPT;
2373 else
2374 k->wk_flags &= ~IEEE80211_KEY_SWCRYPT;
2375 }
2376 }
2377 return error;
2378 }
2379
2380 static int
2381 wi_cmd(struct wi_softc *sc, int cmd, int val0, int val1, int val2)
2382 {
2383 int i, s = 0;
2384
2385 if (sc->wi_gone)
2386 return (ENODEV);
2387
2388 /* wait for the busy bit to clear */
2389 for (i = sc->wi_cmd_count; i > 0; i--) { /* 500ms */
2390 if (!(CSR_READ_2(sc, WI_COMMAND) & WI_CMD_BUSY))
2391 break;
2392 DELAY(1*1000); /* 1ms */
2393 }
2394 if (i == 0) {
2395 if_printf(&sc->sc_ic.ic_if, "wi_cmd: busy bit won't clear.\n" );
2396 sc->wi_gone = 1;
2397 return(ETIMEDOUT);
2398 }
2399
2400 CSR_WRITE_2(sc, WI_PARAM0, val0);
2401 CSR_WRITE_2(sc, WI_PARAM1, val1);
2402 CSR_WRITE_2(sc, WI_PARAM2, val2);
2403 CSR_WRITE_2(sc, WI_COMMAND, cmd);
2404
2405 if (cmd == WI_CMD_INI) {
2406 /* XXX: should sleep here. */
2407 DELAY(100*1000); /* 100ms delay for init */
2408 }
2409 for (i = 0; i < WI_TIMEOUT; i++) {
2410 /*
2411 * Wait for 'command complete' bit to be
2412 * set in the event status register.
2413 */
2414 s = CSR_READ_2(sc, WI_EVENT_STAT);
2415 if (s & WI_EV_CMD) {
2416 /* Ack the event and read result code. */
2417 s = CSR_READ_2(sc, WI_STATUS);
2418 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_CMD);
2419 if (s & WI_STAT_CMD_RESULT) {
2420 return(EIO);
2421 }
2422 break;
2423 }
2424 DELAY(WI_DELAY);
2425 }
2426
2427 if (i == WI_TIMEOUT) {
2428 if_printf(&sc->sc_ic.ic_if,
2429 "timeout in wi_cmd 0x%04x; event status 0x%04x\n", cmd, s);
2430 if (s == 0xffff)
2431 sc->wi_gone = 1;
2432 return(ETIMEDOUT);
2433 }
2434 return (0);
2435 }
2436
2437 static int
2438 wi_seek_bap(struct wi_softc *sc, int id, int off)
2439 {
2440 int i, status;
2441
2442 CSR_WRITE_2(sc, WI_SEL0, id);
2443 CSR_WRITE_2(sc, WI_OFF0, off);
2444
2445 for (i = 0; ; i++) {
2446 status = CSR_READ_2(sc, WI_OFF0);
2447 if ((status & WI_OFF_BUSY) == 0)
2448 break;
2449 if (i == WI_TIMEOUT) {
2450 if_printf(&sc->sc_ic.ic_if,
2451 "timeout in wi_seek to %x/%x\n", id, off);
2452 sc->sc_bap_off = WI_OFF_ERR; /* invalidate */
2453 if (status == 0xffff)
2454 sc->wi_gone = 1;
2455 return ETIMEDOUT;
2456 }
2457 DELAY(1);
2458 }
2459 if (status & WI_OFF_ERR) {
2460 if_printf(&sc->sc_ic.ic_if, "failed in wi_seek to %x/%x\n",
2461 id, off);
2462 sc->sc_bap_off = WI_OFF_ERR; /* invalidate */
2463 return EIO;
2464 }
2465 sc->sc_bap_id = id;
2466 sc->sc_bap_off = off;
2467 return 0;
2468 }
2469
2470 static int
2471 wi_read_bap(struct wi_softc *sc, int id, int off, void *buf, int buflen)
2472 {
2473 u_int16_t *ptr;
2474 int i, error, cnt;
2475
2476 if (buflen == 0)
2477 return 0;
2478 if (id != sc->sc_bap_id || off != sc->sc_bap_off) {
2479 if ((error = wi_seek_bap(sc, id, off)) != 0)
2480 return error;
2481 }
2482 cnt = (buflen + 1) / 2;
2483 ptr = (u_int16_t *)buf;
2484 for (i = 0; i < cnt; i++)
2485 *ptr++ = CSR_READ_2(sc, WI_DATA0);
2486 sc->sc_bap_off += cnt * 2;
2487 return 0;
2488 }
2489
2490 static int
2491 wi_write_bap(struct wi_softc *sc, int id, int off, void *buf, int buflen)
2492 {
2493 u_int16_t *ptr;
2494 int i, error, cnt;
2495
2496 if (buflen == 0)
2497 return 0;
2498
2499 #ifdef WI_HERMES_AUTOINC_WAR
2500 again:
2501 #endif
2502 if (id != sc->sc_bap_id || off != sc->sc_bap_off) {
2503 if ((error = wi_seek_bap(sc, id, off)) != 0)
2504 return error;
2505 }
2506 cnt = (buflen + 1) / 2;
2507 ptr = (u_int16_t *)buf;
2508 for (i = 0; i < cnt; i++)
2509 CSR_WRITE_2(sc, WI_DATA0, ptr[i]);
2510 sc->sc_bap_off += cnt * 2;
2511
2512 #ifdef WI_HERMES_AUTOINC_WAR
2513 /*
2514 * According to the comments in the HCF Light code, there is a bug
2515 * in the Hermes (or possibly in certain Hermes firmware revisions)
2516 * where the chip's internal autoincrement counter gets thrown off
2517 * during data writes: the autoincrement is missed, causing one
2518 * data word to be overwritten and subsequent words to be written to
2519 * the wrong memory locations. The end result is that we could end
2520 * up transmitting bogus frames without realizing it. The workaround
2521 * for this is to write a couple of extra guard words after the end
2522 * of the transfer, then attempt to read then back. If we fail to
2523 * locate the guard words where we expect them, we preform the
2524 * transfer over again.
2525 */
2526 if ((sc->sc_flags & WI_FLAGS_BUG_AUTOINC) && (id & 0xf000) == 0) {
2527 CSR_WRITE_2(sc, WI_DATA0, 0x1234);
2528 CSR_WRITE_2(sc, WI_DATA0, 0x5678);
2529 wi_seek_bap(sc, id, sc->sc_bap_off);
2530 sc->sc_bap_off = WI_OFF_ERR; /* invalidate */
2531 if (CSR_READ_2(sc, WI_DATA0) != 0x1234 ||
2532 CSR_READ_2(sc, WI_DATA0) != 0x5678) {
2533 if_printf(&sc->sc_ic.ic_if,
2534 "detect auto increment bug, try again\n");
2535 goto again;
2536 }
2537 }
2538 #endif
2539 return 0;
2540 }
2541
2542 static int
2543 wi_mwrite_bap(struct wi_softc *sc, int id, int off, struct mbuf *m0, int totlen)
2544 {
2545 int error, len;
2546 struct mbuf *m;
2547
2548 for (m = m0; m != NULL && totlen > 0; m = m->m_next) {
2549 if (m->m_len == 0)
2550 continue;
2551
2552 len = min(m->m_len, totlen);
2553
2554 if (((u_long)m->m_data) % 2 != 0 || len % 2 != 0) {
2555 m_copydata(m, 0, totlen, (caddr_t)&sc->sc_txbuf);
2556 return wi_write_bap(sc, id, off, (caddr_t)&sc->sc_txbuf,
2557 totlen);
2558 }
2559
2560 if ((error = wi_write_bap(sc, id, off, m->m_data, len)) != 0)
2561 return error;
2562
2563 off += m->m_len;
2564 totlen -= len;
2565 }
2566 return 0;
2567 }
2568
2569 static int
2570 wi_alloc_fid(struct wi_softc *sc, int len, int *idp)
2571 {
2572 int i;
2573
2574 if (wi_cmd(sc, WI_CMD_ALLOC_MEM, len, 0, 0)) {
2575 if_printf(&sc->sc_ic.ic_if,
2576 "failed to allocate %d bytes on NIC\n", len);
2577 return ENOMEM;
2578 }
2579
2580 for (i = 0; i < WI_TIMEOUT; i++) {
2581 if (CSR_READ_2(sc, WI_EVENT_STAT) & WI_EV_ALLOC)
2582 break;
2583 DELAY(1);
2584 }
2585 if (i == WI_TIMEOUT) {
2586 if_printf(&sc->sc_ic.ic_if, "timeout in alloc\n");
2587 return ETIMEDOUT;
2588 }
2589 *idp = CSR_READ_2(sc, WI_ALLOC_FID);
2590 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_ALLOC);
2591 return 0;
2592 }
2593
2594 static int
2595 wi_read_rid(struct wi_softc *sc, int rid, void *buf, int *buflenp)
2596 {
2597 int error, len;
2598 u_int16_t ltbuf[2];
2599
2600 /* Tell the NIC to enter record read mode. */
2601 error = wi_cmd(sc, WI_CMD_ACCESS | WI_ACCESS_READ, rid, 0, 0);
2602 if (error)
2603 return error;
2604
2605 error = wi_read_bap(sc, rid, 0, ltbuf, sizeof(ltbuf));
2606 if (error)
2607 return error;
2608
2609 if (le16toh(ltbuf[1]) != rid) {
2610 if_printf(&sc->sc_ic.ic_if,
2611 "record read mismatch, rid=%x, got=%x\n",
2612 rid, le16toh(ltbuf[1]));
2613 return EIO;
2614 }
2615 len = (le16toh(ltbuf[0]) - 1) * 2; /* already got rid */
2616 if (*buflenp < len) {
2617 if_printf(&sc->sc_ic.ic_if, "record buffer is too small, "
2618 "rid=%x, size=%d, len=%d\n", rid, *buflenp, len);
2619 return ENOSPC;
2620 }
2621 *buflenp = len;
2622 return wi_read_bap(sc, rid, sizeof(ltbuf), buf, len);
2623 }
2624
2625 static int
2626 wi_write_rid(struct wi_softc *sc, int rid, void *buf, int buflen)
2627 {
2628 int error;
2629 u_int16_t ltbuf[2];
2630
2631 ltbuf[0] = htole16((buflen + 1) / 2 + 1); /* includes rid */
2632 ltbuf[1] = htole16(rid);
2633
2634 error = wi_write_bap(sc, rid, 0, ltbuf, sizeof(ltbuf));
2635 if (error)
2636 return error;
2637 error = wi_write_bap(sc, rid, sizeof(ltbuf), buf, buflen);
2638 if (error)
2639 return error;
2640
2641 return wi_cmd(sc, WI_CMD_ACCESS | WI_ACCESS_WRITE, rid, 0, 0);
2642 }
2643
2644 static int
2645 wi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
2646 {
2647 struct ifnet *ifp = &ic->ic_if;
2648 struct wi_softc *sc = ifp->if_softc;
2649 struct ieee80211_node *ni = ic->ic_bss;
2650 int buflen;
2651 u_int16_t val;
2652 struct wi_ssid ssid;
2653 u_int8_t old_bssid[IEEE80211_ADDR_LEN];
2654
2655 DPRINTF((ifp, "%s: %s -> %s\n", __func__,
2656 ieee80211_state_name[ic->ic_state],
2657 ieee80211_state_name[nstate]));
2658
2659 /*
2660 * Internal to the driver the INIT and RUN states are used
2661 * so bypass the net80211 state machine for other states.
2662 * Beware however that this requires use to net80211 state
2663 * management that otherwise would be handled for us.
2664 */
2665 switch (nstate) {
2666 case IEEE80211_S_INIT:
2667 sc->sc_flags &= ~WI_FLAGS_OUTRANGE;
2668 return sc->sc_newstate(ic, nstate, arg);
2669
2670 case IEEE80211_S_RUN:
2671 sc->sc_flags &= ~WI_FLAGS_OUTRANGE;
2672 buflen = IEEE80211_ADDR_LEN;
2673 IEEE80211_ADDR_COPY(old_bssid, ni->ni_bssid);
2674 wi_read_rid(sc, WI_RID_CURRENT_BSSID, ni->ni_bssid, &buflen);
2675 IEEE80211_ADDR_COPY(ni->ni_macaddr, ni->ni_bssid);
2676 buflen = sizeof(val);
2677 wi_read_rid(sc, WI_RID_CURRENT_CHAN, &val, &buflen);
2678 /* XXX validate channel */
2679 ni->ni_chan = &ic->ic_channels[le16toh(val)];
2680 ic->ic_curchan = ni->ni_chan;
2681 ic->ic_ibss_chan = ni->ni_chan;
2682
2683 sc->sc_tx_th.wt_chan_freq = sc->sc_rx_th.wr_chan_freq =
2684 htole16(ni->ni_chan->ic_freq);
2685 sc->sc_tx_th.wt_chan_flags = sc->sc_rx_th.wr_chan_flags =
2686 htole16(ni->ni_chan->ic_flags);
2687
2688 /*
2689 * XXX hack; unceremoniously clear
2690 * IEEE80211_F_DROPUNENC when operating with
2691 * wep enabled so we don't drop unencoded frames
2692 * at the 802.11 layer. This is necessary because
2693 * we must strip the WEP bit from the 802.11 header
2694 * before passing frames to ieee80211_input because
2695 * the card has already stripped the WEP crypto
2696 * header from the packet.
2697 */
2698 if (ic->ic_flags & IEEE80211_F_PRIVACY)
2699 ic->ic_flags &= ~IEEE80211_F_DROPUNENC;
2700 if (ic->ic_opmode != IEEE80211_M_HOSTAP) {
2701 /* XXX check return value */
2702 buflen = sizeof(ssid);
2703 wi_read_rid(sc, WI_RID_CURRENT_SSID, &ssid, &buflen);
2704 ni->ni_esslen = le16toh(ssid.wi_len);
2705 if (ni->ni_esslen > IEEE80211_NWID_LEN)
2706 ni->ni_esslen = IEEE80211_NWID_LEN; /*XXX*/
2707 memcpy(ni->ni_essid, ssid.wi_ssid, ni->ni_esslen);
2708 }
2709 return sc->sc_newstate(ic, nstate, arg);
2710
2711 case IEEE80211_S_SCAN:
2712 case IEEE80211_S_AUTH:
2713 case IEEE80211_S_ASSOC:
2714 break;
2715 }
2716
2717 ic->ic_state = nstate; /* NB: skip normal ieee80211 handling */
2718 return 0;
2719 }
2720
2721 static int
2722 wi_scan_ap(struct wi_softc *sc, u_int16_t chanmask, u_int16_t txrate)
2723 {
2724 int error = 0;
2725 u_int16_t val[2];
2726
2727 if (!sc->sc_enabled)
2728 return ENXIO;
2729 switch (sc->sc_firmware_type) {
2730 case WI_LUCENT:
2731 wi_cmd(sc, WI_CMD_INQUIRE, WI_INFO_SCAN_RESULTS, 0, 0);
2732 break;
2733 case WI_INTERSIL:
2734 val[0] = htole16(chanmask); /* channel */
2735 val[1] = htole16(txrate); /* tx rate */
2736 error = wi_write_rid(sc, WI_RID_SCAN_REQ, val, sizeof(val));
2737 break;
2738 case WI_SYMBOL:
2739 /*
2740 * XXX only supported on 3.x ?
2741 */
2742 val[0] = BSCAN_BCAST | BSCAN_ONETIME;
2743 error = wi_write_rid(sc, WI_RID_BCAST_SCAN_REQ,
2744 val, sizeof(val[0]));
2745 break;
2746 }
2747 if (error == 0) {
2748 sc->sc_scan_timer = WI_SCAN_WAIT;
2749 sc->sc_ic.ic_if.if_timer = 1;
2750 DPRINTF((&sc->sc_ic.ic_if, "wi_scan_ap: start scanning, "
2751 "chamask 0x%x txrate 0x%x\n", chanmask, txrate));
2752 }
2753 return error;
2754 }
2755
2756 static void
2757 wi_scan_result(struct wi_softc *sc, int fid, int cnt)
2758 {
2759 #define N(a) (sizeof (a) / sizeof (a[0]))
2760 int i, naps, off, szbuf;
2761 struct wi_scan_header ws_hdr; /* Prism2 header */
2762 struct wi_scan_data_p2 ws_dat; /* Prism2 scantable*/
2763 struct wi_apinfo *ap;
2764
2765 off = sizeof(u_int16_t) * 2;
2766 memset(&ws_hdr, 0, sizeof(ws_hdr));
2767 switch (sc->sc_firmware_type) {
2768 case WI_INTERSIL:
2769 wi_read_bap(sc, fid, off, &ws_hdr, sizeof(ws_hdr));
2770 off += sizeof(ws_hdr);
2771 szbuf = sizeof(struct wi_scan_data_p2);
2772 break;
2773 case WI_SYMBOL:
2774 szbuf = sizeof(struct wi_scan_data_p2) + 6;
2775 break;
2776 case WI_LUCENT:
2777 szbuf = sizeof(struct wi_scan_data);
2778 break;
2779 default:
2780 if_printf(&sc->sc_ic.ic_if,
2781 "wi_scan_result: unknown firmware type %u\n",
2782 sc->sc_firmware_type);
2783 naps = 0;
2784 goto done;
2785 }
2786 naps = (cnt * 2 + 2 - off) / szbuf;
2787 if (naps > N(sc->sc_aps))
2788 naps = N(sc->sc_aps);
2789 sc->sc_naps = naps;
2790 /* Read Data */
2791 ap = sc->sc_aps;
2792 memset(&ws_dat, 0, sizeof(ws_dat));
2793 for (i = 0; i < naps; i++, ap++) {
2794 wi_read_bap(sc, fid, off, &ws_dat,
2795 (sizeof(ws_dat) < szbuf ? sizeof(ws_dat) : szbuf));
2796 DPRINTF2((&sc->sc_ic.ic_if,
2797 "wi_scan_result: #%d: off %d bssid %6D\n",
2798 i, off, ws_dat.wi_bssid, ":"));
2799 off += szbuf;
2800 ap->scanreason = le16toh(ws_hdr.wi_reason);
2801 memcpy(ap->bssid, ws_dat.wi_bssid, sizeof(ap->bssid));
2802 ap->channel = le16toh(ws_dat.wi_chid);
2803 ap->signal = le16toh(ws_dat.wi_signal);
2804 ap->noise = le16toh(ws_dat.wi_noise);
2805 ap->quality = ap->signal - ap->noise;
2806 ap->capinfo = le16toh(ws_dat.wi_capinfo);
2807 ap->interval = le16toh(ws_dat.wi_interval);
2808 ap->rate = le16toh(ws_dat.wi_rate);
2809 ap->namelen = le16toh(ws_dat.wi_namelen);
2810 if (ap->namelen > sizeof(ap->name))
2811 ap->namelen = sizeof(ap->name);
2812 memcpy(ap->name, ws_dat.wi_name, ap->namelen);
2813 }
2814 done:
2815 /* Done scanning */
2816 sc->sc_scan_timer = 0;
2817 DPRINTF((&sc->sc_ic.ic_if, "wi_scan_result: scan complete: ap %d\n",
2818 naps));
2819 #undef N
2820 }
2821
2822 static void
2823 wi_dump_pkt(struct wi_frame *wh, struct ieee80211_node *ni, int rssi)
2824 {
2825 ieee80211_dump_pkt((u_int8_t *) &wh->wi_whdr, sizeof(wh->wi_whdr),
2826 ni ? ni->ni_rates.rs_rates[ni->ni_txrate] & IEEE80211_RATE_VAL : -1, rssi);
2827 kprintf(" status 0x%x rx_tstamp1 %u rx_tstamp0 0x%u rx_silence %u\n",
2828 le16toh(wh->wi_status), le16toh(wh->wi_rx_tstamp1),
2829 le16toh(wh->wi_rx_tstamp0), wh->wi_rx_silence);
2830 kprintf(" rx_signal %u rx_rate %u rx_flow %u\n",
2831 wh->wi_rx_signal, wh->wi_rx_rate, wh->wi_rx_flow);
2832 kprintf(" tx_rtry %u tx_rate %u tx_ctl 0x%x dat_len %u\n",
2833 wh->wi_tx_rtry, wh->wi_tx_rate,
2834 le16toh(wh->wi_tx_ctl), le16toh(wh->wi_dat_len));
2835 kprintf(" ehdr dst %6D src %6D type 0x%x\n",
2836 wh->wi_ehdr.ether_dhost, ":", wh->wi_ehdr.ether_shost, ":",
2837 wh->wi_ehdr.ether_type);
2838 }
2839
2840 int
2841 wi_alloc(device_t dev, int rid)
2842 {
2843 struct wi_softc *sc = device_get_softc(dev);
2844
2845 if (sc->wi_bus_type != WI_BUS_PCI_NATIVE) {
2846 sc->iobase_rid = rid;
2847 sc->iobase = bus_alloc_resource(dev, SYS_RES_IOPORT,
2848 &sc->iobase_rid, 0, ~0, (1 << 6),
2849 rman_make_alignment_flags(1 << 6) | RF_ACTIVE);
2850 if (!sc->iobase) {
2851 device_printf(dev, "No I/O space?!\n");
2852 return (ENXIO);
2853 }
2854
2855 sc->wi_io_addr = rman_get_start(sc->iobase);
2856 sc->wi_btag = rman_get_bustag(sc->iobase);
2857 sc->wi_bhandle = rman_get_bushandle(sc->iobase);
2858 } else {
2859 sc->mem_rid = rid;
2860 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY,
2861 &sc->mem_rid, RF_ACTIVE);
2862
2863 if (!sc->mem) {
2864 device_printf(dev, "No Mem space on prism2.5?\n");
2865 return (ENXIO);
2866 }
2867
2868 sc->wi_btag = rman_get_bustag(sc->mem);
2869 sc->wi_bhandle = rman_get_bushandle(sc->mem);
2870 }
2871
2872
2873 sc->irq_rid = 0;
2874 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
2875 RF_ACTIVE |
2876 ((sc->wi_bus_type == WI_BUS_PCCARD) ? 0 : RF_SHAREABLE));
2877
2878 if (!sc->irq) {
2879 wi_free(dev);
2880 device_printf(dev, "No irq?!\n");
2881 return (ENXIO);
2882 }
2883
2884 return (0);
2885 }
2886
2887 void
2888 wi_free(device_t dev)
2889 {
2890 struct wi_softc *sc = device_get_softc(dev);
2891
2892 if (sc->iobase != NULL) {
2893 bus_release_resource(dev, SYS_RES_IOPORT, sc->iobase_rid, sc->iobase);
2894 sc->iobase = NULL;
2895 }
2896 if (sc->irq != NULL) {
2897 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
2898 sc->irq = NULL;
2899 }
2900 if (sc->mem != NULL) {
2901 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
2902 sc->mem = NULL;
2903 }
2904 }
2905
2906 static int
2907 wi_get_debug(struct wi_softc *sc, struct wi_req *wreq)
2908 {
2909 int error = 0;
2910
2911 wreq->wi_len = 1;
2912
2913 switch (wreq->wi_type) {
2914 case WI_DEBUG_SLEEP:
2915 wreq->wi_len++;
2916 wreq->wi_val[0] = sc->wi_debug.wi_sleep;
2917 break;
2918 case WI_DEBUG_DELAYSUPP:
2919 wreq->wi_len++;
2920 wreq->wi_val[0] = sc->wi_debug.wi_delaysupp;
2921 break;
2922 case WI_DEBUG_TXSUPP:
2923 wreq->wi_len++;
2924 wreq->wi_val[0] = sc->wi_debug.wi_txsupp;
2925 break;
2926 case WI_DEBUG_MONITOR:
2927 wreq->wi_len++;
2928 wreq->wi_val[0] = sc->wi_debug.wi_monitor;
2929 break;
2930 case WI_DEBUG_LEDTEST:
2931 wreq->wi_len += 3;
2932 wreq->wi_val[0] = sc->wi_debug.wi_ledtest;
2933 wreq->wi_val[1] = sc->wi_debug.wi_ledtest_param0;
2934 wreq->wi_val[2] = sc->wi_debug.wi_ledtest_param1;
2935 break;
2936 case WI_DEBUG_CONTTX:
2937 wreq->wi_len += 2;
2938 wreq->wi_val[0] = sc->wi_debug.wi_conttx;
2939 wreq->wi_val[1] = sc->wi_debug.wi_conttx_param0;
2940 break;
2941 case WI_DEBUG_CONTRX:
2942 wreq->wi_len++;
2943 wreq->wi_val[0] = sc->wi_debug.wi_contrx;
2944 break;
2945 case WI_DEBUG_SIGSTATE:
2946 wreq->wi_len += 2;
2947 wreq->wi_val[0] = sc->wi_debug.wi_sigstate;
2948 wreq->wi_val[1] = sc->wi_debug.wi_sigstate_param0;
2949 break;
2950 case WI_DEBUG_CONFBITS:
2951 wreq->wi_len += 2;
2952 wreq->wi_val[0] = sc->wi_debug.wi_confbits;
2953 wreq->wi_val[1] = sc->wi_debug.wi_confbits_param0;
2954 break;
2955 default:
2956 error = EIO;
2957 break;
2958 }
2959
2960 return (error);
2961 }
2962
2963 static int
2964 wi_set_debug(struct wi_softc *sc, struct wi_req *wreq)
2965 {
2966 int error = 0;
2967 u_int16_t cmd, param0 = 0, param1 = 0;
2968
2969 switch (wreq->wi_type) {
2970 case WI_DEBUG_RESET:
2971 case WI_DEBUG_INIT:
2972 case WI_DEBUG_CALENABLE:
2973 break;
2974 case WI_DEBUG_SLEEP:
2975 sc->wi_debug.wi_sleep = 1;
2976 break;
2977 case WI_DEBUG_WAKE:
2978 sc->wi_debug.wi_sleep = 0;
2979 break;
2980 case WI_DEBUG_CHAN:
2981 param0 = wreq->wi_val[0];
2982 break;
2983 case WI_DEBUG_DELAYSUPP:
2984 sc->wi_debug.wi_delaysupp = 1;
2985 break;
2986 case WI_DEBUG_TXSUPP:
2987 sc->wi_debug.wi_txsupp = 1;
2988 break;
2989 case WI_DEBUG_MONITOR:
2990 sc->wi_debug.wi_monitor = 1;
2991 break;
2992 case WI_DEBUG_LEDTEST:
2993 param0 = wreq->wi_val[0];
2994 param1 = wreq->wi_val[1];
2995 sc->wi_debug.wi_ledtest = 1;
2996 sc->wi_debug.wi_ledtest_param0 = param0;
2997 sc->wi_debug.wi_ledtest_param1 = param1;
2998 break;
2999 case WI_DEBUG_CONTTX:
3000 param0 = wreq->wi_val[0];
3001 sc->wi_debug.wi_conttx = 1;
3002 sc->wi_debug.wi_conttx_param0 = param0;
3003 break;
3004 case WI_DEBUG_STOPTEST:
3005 sc->wi_debug.wi_delaysupp = 0;
3006 sc->wi_debug.wi_txsupp = 0;
3007 sc->wi_debug.wi_monitor = 0;
3008 sc->wi_debug.wi_ledtest = 0;
3009 sc->wi_debug.wi_ledtest_param0 = 0;
3010 sc->wi_debug.wi_ledtest_param1 = 0;
3011 sc->wi_debug.wi_conttx = 0;
3012 sc->wi_debug.wi_conttx_param0 = 0;
3013 sc->wi_debug.wi_contrx = 0;
3014 sc->wi_debug.wi_sigstate = 0;
3015 sc->wi_debug.wi_sigstate_param0 = 0;
3016 break;
3017 case WI_DEBUG_CONTRX:
3018 sc->wi_debug.wi_contrx = 1;
3019 break;
3020 case WI_DEBUG_SIGSTATE:
3021 param0 = wreq->wi_val[0];
3022 sc->wi_debug.wi_sigstate = 1;
3023 sc->wi_debug.wi_sigstate_param0 = param0;
3024 break;
3025 case WI_DEBUG_CONFBITS:
3026 param0 = wreq->wi_val[0];
3027 param1 = wreq->wi_val[1];
3028 sc->wi_debug.wi_confbits = param0;
3029 sc->wi_debug.wi_confbits_param0 = param1;
3030 break;
3031 default:
3032 error = EIO;
3033 break;
3034 }
3035
3036 if (error)
3037 return (error);
3038
3039 cmd = WI_CMD_DEBUG | (wreq->wi_type << 8);
3040 error = wi_cmd(sc, cmd, param0, param1, 0);
3041
3042 return (error);
3043 }
3044
3045 /*
3046 * Special routines to download firmware for Symbol CF card.
3047 * XXX: This should be modified generic into any PRISM-2 based card.
3048 */
3049
3050 #define WI_SBCF_PDIADDR 0x3100
3051
3052 /* unaligned load little endian */
3053 #define GETLE32(p) ((p)[0] | ((p)[1]<<8) | ((p)[2]<<16) | ((p)[3]<<24))
3054 #define GETLE16(p) ((p)[0] | ((p)[1]<<8))
3055
3056 int
3057 wi_symbol_load_firm(struct wi_softc *sc, const void *primsym, int primlen,
3058 const void *secsym, int seclen)
3059 {
3060 uint8_t ebuf[256];
3061 int i;
3062
3063 /* load primary code and run it */
3064 wi_symbol_set_hcr(sc, WI_HCR_EEHOLD);
3065 if (wi_symbol_write_firm(sc, primsym, primlen, NULL, 0))
3066 return EIO;
3067 wi_symbol_set_hcr(sc, WI_HCR_RUN);
3068 for (i = 0; ; i++) {
3069 if (i == 10)
3070 return ETIMEDOUT;
3071 tsleep(sc, 0, "wiinit", 1);
3072 if (CSR_READ_2(sc, WI_CNTL) == WI_CNTL_AUX_ENA_STAT)
3073 break;
3074 /* write the magic key value to unlock aux port */
3075 CSR_WRITE_2(sc, WI_PARAM0, WI_AUX_KEY0);
3076 CSR_WRITE_2(sc, WI_PARAM1, WI_AUX_KEY1);
3077 CSR_WRITE_2(sc, WI_PARAM2, WI_AUX_KEY2);
3078 CSR_WRITE_2(sc, WI_CNTL, WI_CNTL_AUX_ENA_CNTL);
3079 }
3080
3081 /* issue read EEPROM command: XXX copied from wi_cmd() */
3082 CSR_WRITE_2(sc, WI_PARAM0, 0);
3083 CSR_WRITE_2(sc, WI_PARAM1, 0);
3084 CSR_WRITE_2(sc, WI_PARAM2, 0);
3085 CSR_WRITE_2(sc, WI_COMMAND, WI_CMD_READEE);
3086 for (i = 0; i < WI_TIMEOUT; i++) {
3087 if (CSR_READ_2(sc, WI_EVENT_STAT) & WI_EV_CMD)
3088 break;
3089 DELAY(1);
3090 }
3091 CSR_WRITE_2(sc, WI_EVENT_ACK, WI_EV_CMD);
3092
3093 CSR_WRITE_2(sc, WI_AUX_PAGE, WI_SBCF_PDIADDR / WI_AUX_PGSZ);
3094 CSR_WRITE_2(sc, WI_AUX_OFFSET, WI_SBCF_PDIADDR % WI_AUX_PGSZ);
3095 CSR_READ_MULTI_STREAM_2(sc, WI_AUX_DATA,
3096 (uint16_t *)ebuf, sizeof(ebuf) / 2);
3097 if (GETLE16(ebuf) > sizeof(ebuf))
3098 return EIO;
3099 if (wi_symbol_write_firm(sc, secsym, seclen, ebuf + 4, GETLE16(ebuf)))
3100 return EIO;
3101 return 0;
3102 }
3103
3104 static int
3105 wi_symbol_write_firm(struct wi_softc *sc, const void *buf, int buflen,
3106 const void *ebuf, int ebuflen)
3107 {
3108 const uint8_t *p, *ep, *q, *eq;
3109 char *tp;
3110 uint32_t addr, id, eid;
3111 int i, len, elen, nblk, pdrlen;
3112
3113 /*
3114 * Parse the header of the firmware image.
3115 */
3116 p = buf;
3117 ep = p + buflen;
3118 while (p < ep && *p++ != ' '); /* FILE: */
3119 while (p < ep && *p++ != ' '); /* filename */
3120 while (p < ep && *p++ != ' '); /* type of the firmware */
3121 nblk = strtoul(p, &tp, 10);
3122 p = tp;
3123 pdrlen = strtoul(p + 1, &tp, 10);
3124 p = tp;
3125 while (p < ep && *p++ != 0x1a); /* skip rest of header */
3126
3127 /*
3128 * Block records: address[4], length[2], data[length];
3129 */
3130 for (i = 0; i < nblk; i++) {
3131 addr = GETLE32(p); p += 4;
3132 len = GETLE16(p); p += 2;
3133 CSR_WRITE_2(sc, WI_AUX_PAGE, addr / WI_AUX_PGSZ);
3134 CSR_WRITE_2(sc, WI_AUX_OFFSET, addr % WI_AUX_PGSZ);
3135 CSR_WRITE_MULTI_STREAM_2(sc, WI_AUX_DATA,
3136 (const uint16_t *)p, len / 2);
3137 p += len;
3138 }
3139
3140 /*
3141 * PDR: id[4], address[4], length[4];
3142 */
3143 for (i = 0; i < pdrlen; ) {
3144 id = GETLE32(p); p += 4; i += 4;
3145 addr = GETLE32(p); p += 4; i += 4;
3146 len = GETLE32(p); p += 4; i += 4;
3147 /* replace PDR entry with the values from EEPROM, if any */
3148 for (q = ebuf, eq = q + ebuflen; q < eq; q += elen * 2) {
3149 elen = GETLE16(q); q += 2;
3150 eid = GETLE16(q); q += 2;
3151 elen--; /* elen includes eid */
3152 if (eid == 0)
3153 break;
3154 if (eid != id)
3155 continue;
3156 CSR_WRITE_2(sc, WI_AUX_PAGE, addr / WI_AUX_PGSZ);
3157 CSR_WRITE_2(sc, WI_AUX_OFFSET, addr % WI_AUX_PGSZ);
3158 CSR_WRITE_MULTI_STREAM_2(sc, WI_AUX_DATA,
3159 (const uint16_t *)q, len / 2);
3160 break;
3161 }
3162 }
3163 return 0;
3164 }
3165
3166 static int
3167 wi_symbol_set_hcr(struct wi_softc *sc, int mode)
3168 {
3169 uint16_t hcr;
3170
3171 CSR_WRITE_2(sc, WI_COR, WI_COR_RESET);
3172 tsleep(sc, 0, "wiinit", 1);
3173 hcr = CSR_READ_2(sc, WI_HCR);
3174 hcr = (hcr & WI_HCR_4WIRE) | (mode & ~WI_HCR_4WIRE);
3175 CSR_WRITE_2(sc, WI_HCR, hcr);
3176 tsleep(sc, 0, "wiinit", 1);
3177 CSR_WRITE_2(sc, WI_COR, WI_COR_IOMODE);
3178 tsleep(sc, 0, "wiinit", 1);
3179 return 0;
3180 }
DragonFly BSD