2 * QEMU NE2000 emulation
4 * Copyright (c) 2003-2004 Fabrice Bellard
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 /* debug NE2000 card */
31 //#define DEBUG_NE2000
33 #define MAX_ETH_FRAME_SIZE 1514
35 #define E8390_CMD 0x00 /* The command register (for all pages) */
36 /* Page 0 register offsets. */
37 #define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
38 #define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
39 #define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
40 #define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
41 #define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
42 #define EN0_TSR 0x04 /* Transmit status reg RD */
43 #define EN0_TPSR 0x04 /* Transmit starting page WR */
44 #define EN0_NCR 0x05 /* Number of collision reg RD */
45 #define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
46 #define EN0_FIFO 0x06 /* FIFO RD */
47 #define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
48 #define EN0_ISR 0x07 /* Interrupt status reg RD WR */
49 #define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
50 #define EN0_RSARLO 0x08 /* Remote start address reg 0 */
51 #define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
52 #define EN0_RSARHI 0x09 /* Remote start address reg 1 */
53 #define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
54 #define EN0_RTL8029ID0 0x0a /* Realtek ID byte #1 RD */
55 #define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
56 #define EN0_RTL8029ID1 0x0b /* Realtek ID byte #2 RD */
57 #define EN0_RSR 0x0c /* rx status reg RD */
58 #define EN0_RXCR 0x0c /* RX configuration reg WR */
59 #define EN0_TXCR 0x0d /* TX configuration reg WR */
60 #define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
61 #define EN0_DCFG 0x0e /* Data configuration reg WR */
62 #define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
63 #define EN0_IMR 0x0f /* Interrupt mask reg WR */
64 #define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
67 #define EN1_CURPAG 0x17
70 #define EN2_STARTPG 0x21 /* Starting page of ring bfr RD */
71 #define EN2_STOPPG 0x22 /* Ending page +1 of ring bfr RD */
73 #define EN3_CONFIG0 0x33
74 #define EN3_CONFIG1 0x34
75 #define EN3_CONFIG2 0x35
76 #define EN3_CONFIG3 0x36
78 /* Register accessed at EN_CMD, the 8390 base addr. */
79 #define E8390_STOP 0x01 /* Stop and reset the chip */
80 #define E8390_START 0x02 /* Start the chip, clear reset */
81 #define E8390_TRANS 0x04 /* Transmit a frame */
82 #define E8390_RREAD 0x08 /* Remote read */
83 #define E8390_RWRITE 0x10 /* Remote write */
84 #define E8390_NODMA 0x20 /* Remote DMA */
85 #define E8390_PAGE0 0x00 /* Select page chip registers */
86 #define E8390_PAGE1 0x40 /* using the two high-order bits */
87 #define E8390_PAGE2 0x80 /* Page 3 is invalid. */
89 /* Bits in EN0_ISR - Interrupt status register */
90 #define ENISR_RX 0x01 /* Receiver, no error */
91 #define ENISR_TX 0x02 /* Transmitter, no error */
92 #define ENISR_RX_ERR 0x04 /* Receiver, with error */
93 #define ENISR_TX_ERR 0x08 /* Transmitter, with error */
94 #define ENISR_OVER 0x10 /* Receiver overwrote the ring */
95 #define ENISR_COUNTERS 0x20 /* Counters need emptying */
96 #define ENISR_RDC 0x40 /* remote dma complete */
97 #define ENISR_RESET 0x80 /* Reset completed */
98 #define ENISR_ALL 0x3f /* Interrupts we will enable */
100 /* Bits in received packet status byte and EN0_RSR*/
101 #define ENRSR_RXOK 0x01 /* Received a good packet */
102 #define ENRSR_CRC 0x02 /* CRC error */
103 #define ENRSR_FAE 0x04 /* frame alignment error */
104 #define ENRSR_FO 0x08 /* FIFO overrun */
105 #define ENRSR_MPA 0x10 /* missed pkt */
106 #define ENRSR_PHY 0x20 /* physical/multicast address */
107 #define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
108 #define ENRSR_DEF 0x80 /* deferring */
110 /* Transmitted packet status, EN0_TSR. */
111 #define ENTSR_PTX 0x01 /* Packet transmitted without error */
112 #define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
113 #define ENTSR_COL 0x04 /* The transmit collided at least once. */
114 #define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
115 #define ENTSR_CRS 0x10 /* The carrier sense was lost. */
116 #define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
117 #define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
118 #define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
120 typedef struct PCINE2000State
{
125 void ne2000_reset(NE2000State
*s
)
129 s
->isr
= ENISR_RESET
;
130 memcpy(s
->mem
, &s
->c
.macaddr
, 6);
134 /* duplicate prom data */
135 for(i
= 15;i
>= 0; i
--) {
136 s
->mem
[2 * i
] = s
->mem
[i
];
137 s
->mem
[2 * i
+ 1] = s
->mem
[i
];
141 static void ne2000_update_irq(NE2000State
*s
)
144 isr
= (s
->isr
& s
->imr
) & 0x7f;
145 #if defined(DEBUG_NE2000)
146 printf("NE2000: Set IRQ to %d (%02x %02x)\n",
147 isr
? 1 : 0, s
->isr
, s
->imr
);
149 qemu_set_irq(s
->irq
, (isr
!= 0));
152 #define POLYNOMIAL 0x04c11db6
156 static int compute_mcast_idx(const uint8_t *ep
)
163 for (i
= 0; i
< 6; i
++) {
165 for (j
= 0; j
< 8; j
++) {
166 carry
= ((crc
& 0x80000000L
) ? 1 : 0) ^ (b
& 0x01);
170 crc
= ((crc
^ POLYNOMIAL
) | carry
);
176 static int ne2000_buffer_full(NE2000State
*s
)
178 int avail
, index
, boundary
;
180 index
= s
->curpag
<< 8;
181 boundary
= s
->boundary
<< 8;
182 if (index
< boundary
)
183 avail
= boundary
- index
;
185 avail
= (s
->stop
- s
->start
) - (index
- boundary
);
186 if (avail
< (MAX_ETH_FRAME_SIZE
+ 4))
191 int ne2000_can_receive(VLANClientState
*vc
)
193 NE2000State
*s
= vc
->opaque
;
195 if (s
->cmd
& E8390_STOP
)
197 return !ne2000_buffer_full(s
);
200 #define MIN_BUF_SIZE 60
202 ssize_t
ne2000_receive(VLANClientState
*vc
, const uint8_t *buf
, size_t size_
)
204 NE2000State
*s
= vc
->opaque
;
207 unsigned int total_len
, next
, avail
, len
, index
, mcast_idx
;
209 static const uint8_t broadcast_macaddr
[6] =
210 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
212 #if defined(DEBUG_NE2000)
213 printf("NE2000: received len=%d\n", size
);
216 if (s
->cmd
& E8390_STOP
|| ne2000_buffer_full(s
))
219 /* XXX: check this */
220 if (s
->rxcr
& 0x10) {
221 /* promiscuous: receive all */
223 if (!memcmp(buf
, broadcast_macaddr
, 6)) {
224 /* broadcast address */
225 if (!(s
->rxcr
& 0x04))
227 } else if (buf
[0] & 0x01) {
229 if (!(s
->rxcr
& 0x08))
231 mcast_idx
= compute_mcast_idx(buf
);
232 if (!(s
->mult
[mcast_idx
>> 3] & (1 << (mcast_idx
& 7))))
234 } else if (s
->mem
[0] == buf
[0] &&
235 s
->mem
[2] == buf
[1] &&
236 s
->mem
[4] == buf
[2] &&
237 s
->mem
[6] == buf
[3] &&
238 s
->mem
[8] == buf
[4] &&
239 s
->mem
[10] == buf
[5]) {
247 /* if too small buffer, then expand it */
248 if (size
< MIN_BUF_SIZE
) {
249 memcpy(buf1
, buf
, size
);
250 memset(buf1
+ size
, 0, MIN_BUF_SIZE
- size
);
255 index
= s
->curpag
<< 8;
256 /* 4 bytes for header */
257 total_len
= size
+ 4;
258 /* address for next packet (4 bytes for CRC) */
259 next
= index
+ ((total_len
+ 4 + 255) & ~0xff);
261 next
-= (s
->stop
- s
->start
);
262 /* prepare packet header */
264 s
->rsr
= ENRSR_RXOK
; /* receive status */
265 /* XXX: check this */
271 p
[3] = total_len
>> 8;
274 /* write packet data */
276 if (index
<= s
->stop
)
277 avail
= s
->stop
- index
;
283 memcpy(s
->mem
+ index
, buf
, len
);
286 if (index
== s
->stop
)
290 s
->curpag
= next
>> 8;
292 /* now we can signal we have received something */
294 ne2000_update_irq(s
);
299 void ne2000_ioport_write(void *opaque
, uint32_t addr
, uint32_t val
)
301 NE2000State
*s
= opaque
;
302 int offset
, page
, index
;
306 printf("NE2000: write addr=0x%x val=0x%02x\n", addr
, val
);
308 if (addr
== E8390_CMD
) {
309 /* control register */
311 if (!(val
& E8390_STOP
)) { /* START bit makes no sense on RTL8029... */
312 s
->isr
&= ~ENISR_RESET
;
313 /* test specific case: zero length transfer */
314 if ((val
& (E8390_RREAD
| E8390_RWRITE
)) &&
317 ne2000_update_irq(s
);
319 if (val
& E8390_TRANS
) {
320 index
= (s
->tpsr
<< 8);
321 /* XXX: next 2 lines are a hack to make netware 3.11 work */
322 if (index
>= NE2000_PMEM_END
)
323 index
-= NE2000_PMEM_SIZE
;
324 /* fail safe: check range on the transmitted length */
325 if (index
+ s
->tcnt
<= NE2000_PMEM_END
) {
326 qemu_send_packet(s
->vc
, s
->mem
+ index
, s
->tcnt
);
328 /* signal end of transfer */
331 s
->cmd
&= ~E8390_TRANS
;
332 ne2000_update_irq(s
);
337 offset
= addr
| (page
<< 4);
350 ne2000_update_irq(s
);
356 s
->tcnt
= (s
->tcnt
& 0xff00) | val
;
359 s
->tcnt
= (s
->tcnt
& 0x00ff) | (val
<< 8);
362 s
->rsar
= (s
->rsar
& 0xff00) | val
;
365 s
->rsar
= (s
->rsar
& 0x00ff) | (val
<< 8);
368 s
->rcnt
= (s
->rcnt
& 0xff00) | val
;
371 s
->rcnt
= (s
->rcnt
& 0x00ff) | (val
<< 8);
380 s
->isr
&= ~(val
& 0x7f);
381 ne2000_update_irq(s
);
383 case EN1_PHYS
... EN1_PHYS
+ 5:
384 s
->phys
[offset
- EN1_PHYS
] = val
;
389 case EN1_MULT
... EN1_MULT
+ 7:
390 s
->mult
[offset
- EN1_MULT
] = val
;
396 uint32_t ne2000_ioport_read(void *opaque
, uint32_t addr
)
398 NE2000State
*s
= opaque
;
399 int offset
, page
, ret
;
402 if (addr
== E8390_CMD
) {
406 offset
= addr
| (page
<< 4);
418 ret
= s
->rsar
& 0x00ff;
423 case EN1_PHYS
... EN1_PHYS
+ 5:
424 ret
= s
->phys
[offset
- EN1_PHYS
];
429 case EN1_MULT
... EN1_MULT
+ 7:
430 ret
= s
->mult
[offset
- EN1_MULT
];
448 ret
= 0; /* 10baseT media */
451 ret
= 0x40; /* 10baseT active */
454 ret
= 0x40; /* Full duplex */
462 printf("NE2000: read addr=0x%x val=%02x\n", addr
, ret
);
467 static inline void ne2000_mem_writeb(NE2000State
*s
, uint32_t addr
,
471 (addr
>= NE2000_PMEM_START
&& addr
< NE2000_MEM_SIZE
)) {
476 static inline void ne2000_mem_writew(NE2000State
*s
, uint32_t addr
,
479 addr
&= ~1; /* XXX: check exact behaviour if not even */
481 (addr
>= NE2000_PMEM_START
&& addr
< NE2000_MEM_SIZE
)) {
482 *(uint16_t *)(s
->mem
+ addr
) = cpu_to_le16(val
);
486 static inline void ne2000_mem_writel(NE2000State
*s
, uint32_t addr
,
489 addr
&= ~1; /* XXX: check exact behaviour if not even */
491 (addr
>= NE2000_PMEM_START
&& addr
< NE2000_MEM_SIZE
)) {
492 cpu_to_le32wu((uint32_t *)(s
->mem
+ addr
), val
);
496 static inline uint32_t ne2000_mem_readb(NE2000State
*s
, uint32_t addr
)
499 (addr
>= NE2000_PMEM_START
&& addr
< NE2000_MEM_SIZE
)) {
506 static inline uint32_t ne2000_mem_readw(NE2000State
*s
, uint32_t addr
)
508 addr
&= ~1; /* XXX: check exact behaviour if not even */
510 (addr
>= NE2000_PMEM_START
&& addr
< NE2000_MEM_SIZE
)) {
511 return le16_to_cpu(*(uint16_t *)(s
->mem
+ addr
));
517 static inline uint32_t ne2000_mem_readl(NE2000State
*s
, uint32_t addr
)
519 addr
&= ~1; /* XXX: check exact behaviour if not even */
521 (addr
>= NE2000_PMEM_START
&& addr
< NE2000_MEM_SIZE
)) {
522 return le32_to_cpupu((uint32_t *)(s
->mem
+ addr
));
528 static inline void ne2000_dma_update(NE2000State
*s
, int len
)
532 /* XXX: check what to do if rsar > stop */
533 if (s
->rsar
== s
->stop
)
536 if (s
->rcnt
<= len
) {
538 /* signal end of transfer */
540 ne2000_update_irq(s
);
546 void ne2000_asic_ioport_write(void *opaque
, uint32_t addr
, uint32_t val
)
548 NE2000State
*s
= opaque
;
551 printf("NE2000: asic write val=0x%04x\n", val
);
555 if (s
->dcfg
& 0x01) {
557 ne2000_mem_writew(s
, s
->rsar
, val
);
558 ne2000_dma_update(s
, 2);
561 ne2000_mem_writeb(s
, s
->rsar
, val
);
562 ne2000_dma_update(s
, 1);
566 uint32_t ne2000_asic_ioport_read(void *opaque
, uint32_t addr
)
568 NE2000State
*s
= opaque
;
571 if (s
->dcfg
& 0x01) {
573 ret
= ne2000_mem_readw(s
, s
->rsar
);
574 ne2000_dma_update(s
, 2);
577 ret
= ne2000_mem_readb(s
, s
->rsar
);
578 ne2000_dma_update(s
, 1);
581 printf("NE2000: asic read val=0x%04x\n", ret
);
586 static void ne2000_asic_ioport_writel(void *opaque
, uint32_t addr
, uint32_t val
)
588 NE2000State
*s
= opaque
;
591 printf("NE2000: asic writel val=0x%04x\n", val
);
596 ne2000_mem_writel(s
, s
->rsar
, val
);
597 ne2000_dma_update(s
, 4);
600 static uint32_t ne2000_asic_ioport_readl(void *opaque
, uint32_t addr
)
602 NE2000State
*s
= opaque
;
606 ret
= ne2000_mem_readl(s
, s
->rsar
);
607 ne2000_dma_update(s
, 4);
609 printf("NE2000: asic readl val=0x%04x\n", ret
);
614 void ne2000_reset_ioport_write(void *opaque
, uint32_t addr
, uint32_t val
)
616 /* nothing to do (end of reset pulse) */
619 uint32_t ne2000_reset_ioport_read(void *opaque
, uint32_t addr
)
621 NE2000State
*s
= opaque
;
626 static int ne2000_post_load(void* opaque
, int version_id
)
628 NE2000State
* s
= opaque
;
630 if (version_id
< 2) {
636 const VMStateDescription vmstate_ne2000
= {
639 .minimum_version_id
= 0,
640 .minimum_version_id_old
= 0,
641 .post_load
= ne2000_post_load
,
642 .fields
= (VMStateField
[]) {
643 VMSTATE_UINT8_V(rxcr
, NE2000State
, 2),
644 VMSTATE_UINT8(cmd
, NE2000State
),
645 VMSTATE_UINT32(start
, NE2000State
),
646 VMSTATE_UINT32(stop
, NE2000State
),
647 VMSTATE_UINT8(boundary
, NE2000State
),
648 VMSTATE_UINT8(tsr
, NE2000State
),
649 VMSTATE_UINT8(tpsr
, NE2000State
),
650 VMSTATE_UINT16(tcnt
, NE2000State
),
651 VMSTATE_UINT16(rcnt
, NE2000State
),
652 VMSTATE_UINT32(rsar
, NE2000State
),
653 VMSTATE_UINT8(rsr
, NE2000State
),
654 VMSTATE_UINT8(isr
, NE2000State
),
655 VMSTATE_UINT8(dcfg
, NE2000State
),
656 VMSTATE_UINT8(imr
, NE2000State
),
657 VMSTATE_BUFFER(phys
, NE2000State
),
658 VMSTATE_UINT8(curpag
, NE2000State
),
659 VMSTATE_BUFFER(mult
, NE2000State
),
660 VMSTATE_UNUSED(4), /* was irq */
661 VMSTATE_BUFFER(mem
, NE2000State
),
662 VMSTATE_END_OF_LIST()
666 const VMStateDescription vmstate_pci_ne2000
= {
669 .minimum_version_id
= 3,
670 .minimum_version_id_old
= 3,
671 .fields
= (VMStateField
[]) {
672 VMSTATE_PCI_DEVICE(dev
, PCINE2000State
),
673 VMSTATE_STRUCT(ne2000
, PCINE2000State
, 0, vmstate_ne2000
, NE2000State
),
674 VMSTATE_END_OF_LIST()
678 /***********************************************************/
679 /* PCI NE2000 definitions */
681 static void ne2000_map(PCIDevice
*pci_dev
, int region_num
,
682 uint32_t addr
, uint32_t size
, int type
)
684 PCINE2000State
*d
= DO_UPCAST(PCINE2000State
, dev
, pci_dev
);
685 NE2000State
*s
= &d
->ne2000
;
687 register_ioport_write(addr
, 16, 1, ne2000_ioport_write
, s
);
688 register_ioport_read(addr
, 16, 1, ne2000_ioport_read
, s
);
690 register_ioport_write(addr
+ 0x10, 1, 1, ne2000_asic_ioport_write
, s
);
691 register_ioport_read(addr
+ 0x10, 1, 1, ne2000_asic_ioport_read
, s
);
692 register_ioport_write(addr
+ 0x10, 2, 2, ne2000_asic_ioport_write
, s
);
693 register_ioport_read(addr
+ 0x10, 2, 2, ne2000_asic_ioport_read
, s
);
694 register_ioport_write(addr
+ 0x10, 4, 4, ne2000_asic_ioport_writel
, s
);
695 register_ioport_read(addr
+ 0x10, 4, 4, ne2000_asic_ioport_readl
, s
);
697 register_ioport_write(addr
+ 0x1f, 1, 1, ne2000_reset_ioport_write
, s
);
698 register_ioport_read(addr
+ 0x1f, 1, 1, ne2000_reset_ioport_read
, s
);
701 static void ne2000_cleanup(VLANClientState
*vc
)
703 NE2000State
*s
= vc
->opaque
;
708 static int pci_ne2000_init(PCIDevice
*pci_dev
)
710 PCINE2000State
*d
= DO_UPCAST(PCINE2000State
, dev
, pci_dev
);
714 pci_conf
= d
->dev
.config
;
715 pci_config_set_vendor_id(pci_conf
, PCI_VENDOR_ID_REALTEK
);
716 pci_config_set_device_id(pci_conf
, PCI_DEVICE_ID_REALTEK_8029
);
717 pci_config_set_class(pci_conf
, PCI_CLASS_NETWORK_ETHERNET
);
718 pci_conf
[PCI_HEADER_TYPE
] = PCI_HEADER_TYPE_NORMAL
; // header_type
719 pci_conf
[0x3d] = 1; // interrupt pin 0
721 pci_register_bar(&d
->dev
, 0, 0x100,
722 PCI_ADDRESS_SPACE_IO
, ne2000_map
);
724 s
->irq
= d
->dev
.irq
[0];
726 qemu_macaddr_default_if_unset(&s
->c
.macaddr
);
728 s
->vc
= qemu_new_vlan_client(NET_CLIENT_TYPE_NIC
, s
->c
.vlan
, s
->c
.peer
,
729 pci_dev
->qdev
.info
->name
, pci_dev
->qdev
.id
,
730 ne2000_can_receive
, ne2000_receive
, NULL
,
731 NULL
, ne2000_cleanup
, s
);
732 qemu_format_nic_info_str(s
->vc
, s
->c
.macaddr
.a
);
734 if (!pci_dev
->qdev
.hotplugged
) {
735 static int loaded
= 0;
737 rom_add_option("pxe-ne2k_pci.bin");
742 vmstate_register(-1, &vmstate_pci_ne2000
, d
);
746 static int pci_ne2000_exit(PCIDevice
*pci_dev
)
748 PCINE2000State
*d
= DO_UPCAST(PCINE2000State
, dev
, pci_dev
);
749 NE2000State
*s
= &d
->ne2000
;
751 vmstate_unregister(&vmstate_pci_ne2000
, s
);
752 qemu_del_vlan_client(s
->vc
);
756 static PCIDeviceInfo ne2000_info
= {
757 .qdev
.name
= "ne2k_pci",
758 .qdev
.size
= sizeof(PCINE2000State
),
759 .init
= pci_ne2000_init
,
760 .exit
= pci_ne2000_exit
,
761 .qdev
.props
= (Property
[]) {
762 DEFINE_NIC_PROPERTIES(PCINE2000State
, ne2000
.c
),
763 DEFINE_PROP_END_OF_LIST(),
767 static void ne2000_register_devices(void)
769 pci_qdev_register(&ne2000_info
);
772 device_init(ne2000_register_devices
)
