1 /* $OpenBSD: if_uath.c,v 1.89 2024/05/23 03:21:08 jsg Exp $ */
2
3 /*-
4 * Copyright (c) 2006
5 * Damien Bergamini <damien.bergamini@free.fr>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /*-
21 * Driver for Atheros AR5005UG/AR5005UX chipsets.
22 *
23 * IMPORTANT NOTICE:
24 * This driver was written without any documentation or support from Atheros
25 * Communications. It is based on a black-box analysis of the Windows binary
26 * driver. It handles both pre and post-firmware devices.
27 */
28
29 #include "bpfilter.h"
30
31 #include <sys/param.h>
32 #include <sys/sockio.h>
33 #include <sys/mbuf.h>
34 #include <sys/systm.h>
35 #include <sys/timeout.h>
36 #include <sys/device.h>
37 #include <sys/endian.h>
38
39 #include <machine/bus.h>
40 #include <machine/intr.h>
41
42 #if NBPFILTER > 0
43 #include <net/bpf.h>
44 #endif
45 #include <net/if.h>
46 #include <net/if_dl.h>
47 #include <net/if_media.h>
48
49 #include <netinet/in.h>
50 #include <netinet/if_ether.h>
51
52 #include <net80211/ieee80211_var.h>
53 #include <net80211/ieee80211_radiotap.h>
54
55 #include <dev/usb/usb.h>
56 #include <dev/usb/usbdi.h>
57 #include <dev/usb/usbdivar.h> /* needs_reattach() */
58 #include <dev/usb/usbdevs.h>
59
60 #include <dev/usb/if_uathreg.h>
61 #include <dev/usb/if_uathvar.h>
62
63 #ifdef UATH_DEBUG
64 #define DPRINTF(x) do { if (uath_debug) printf x; } while (0)
65 #define DPRINTFN(n, x) do { if (uath_debug >= (n)) printf x; } while (0)
66 int uath_debug = 1;
67 #else
68 #define DPRINTF(x)
69 #define DPRINTFN(n, x)
70 #endif
71
72 /*-
73 * Various supported device vendors/products.
74 * UB51: AR5005UG 802.11b/g, UB52: AR5005UX 802.11a/b/g
75 */
76 #define UATH_DEV(v, p, f) \
77 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p }, (f) }, \
78 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p##_NF }, \
79 (f) | UATH_FLAG_PRE_FIRMWARE }
80 #define UATH_DEV_UG(v, p) UATH_DEV(v, p, 0)
81 #define UATH_DEV_UX(v, p) UATH_DEV(v, p, UATH_FLAG_ABG)
82 static const struct uath_type {
83 struct usb_devno dev;
84 unsigned int flags;
85 #define UATH_FLAG_PRE_FIRMWARE (1 << 0)
86 #define UATH_FLAG_ABG (1 << 1)
87 } uath_devs[] = {
88 UATH_DEV_UG(ACCTON, SMCWUSBTG2),
89 UATH_DEV_UG(ATHEROS, AR5523),
90 UATH_DEV_UG(ATHEROS2, AR5523_1),
91 UATH_DEV_UG(ATHEROS2, AR5523_2),
92 UATH_DEV_UX(ATHEROS2, AR5523_3),
93 UATH_DEV_UG(CONCEPTRONIC, AR5523_1),
94 UATH_DEV_UX(CONCEPTRONIC, AR5523_2),
95 UATH_DEV_UX(DLINK, DWLAG122),
96 UATH_DEV_UX(DLINK, DWLAG132),
97 UATH_DEV_UG(DLINK, DWLG132),
98 UATH_DEV_UG(DLINK2, WUA2340),
99 UATH_DEV_UG(GIGASET, AR5523),
100 UATH_DEV_UG(GIGASET, SMCWUSBTG),
101 UATH_DEV_UG(GLOBALSUN, AR5523_1),
102 UATH_DEV_UX(GLOBALSUN, AR5523_2),
103 UATH_DEV_UG(IODATA, USBWNG54US),
104 UATH_DEV_UG(MELCO, WLIU2KAMG54),
105 UATH_DEV_UX(NETGEAR, WG111U),
106 UATH_DEV_UG(NETGEAR3, WG111T),
107 UATH_DEV_UG(NETGEAR3, WPN111),
108 UATH_DEV_UG(PHILIPS, SNU6500),
109 UATH_DEV_UX(UMEDIA, AR5523_2),
110 UATH_DEV_UG(UMEDIA, TEW444UBEU),
111 UATH_DEV_UG(WISTRONNEWEB, AR5523_1),
112 UATH_DEV_UX(WISTRONNEWEB, AR5523_2),
113 UATH_DEV_UG(ZCOM, AR5523),
114
115 /* Devices that share one of the IDs above. */
116 { { USB_VENDOR_NETGEAR3, USB_PRODUCT_NETGEAR3_WG111T_1 }, 0 } \
117 };
118 #define uath_lookup(v, p) \
119 ((const struct uath_type *)usb_lookup(uath_devs, v, p))
120
121 void uath_attachhook(struct device *);
122 int uath_open_pipes(struct uath_softc *);
123 void uath_close_pipes(struct uath_softc *);
124 int uath_alloc_tx_data_list(struct uath_softc *);
125 void uath_free_tx_data_list(struct uath_softc *);
126 int uath_alloc_rx_data_list(struct uath_softc *);
127 void uath_free_rx_data_list(struct uath_softc *);
128 int uath_alloc_tx_cmd_list(struct uath_softc *);
129 void uath_free_tx_cmd_list(struct uath_softc *);
130 int uath_alloc_rx_cmd_list(struct uath_softc *);
131 void uath_free_rx_cmd_list(struct uath_softc *);
132 int uath_media_change(struct ifnet *);
133 void uath_stat(void *);
134 void uath_next_scan(void *);
135 void uath_task(void *);
136 int uath_newstate(struct ieee80211com *, enum ieee80211_state, int);
137 #ifdef UATH_DEBUG
138 void uath_dump_cmd(const uint8_t *, int, char);
139 #endif
140 int uath_cmd(struct uath_softc *, uint32_t, const void *, int, void *,
141 int);
142 int uath_cmd_write(struct uath_softc *, uint32_t, const void *, int, int);
143 int uath_cmd_read(struct uath_softc *, uint32_t, const void *, int, void *,
144 int);
145 int uath_write_reg(struct uath_softc *, uint32_t, uint32_t);
146 int uath_write_multi(struct uath_softc *, uint32_t, const void *, int);
147 int uath_read_reg(struct uath_softc *, uint32_t, uint32_t *);
148 int uath_read_eeprom(struct uath_softc *, uint32_t, void *);
149 void uath_cmd_rxeof(struct usbd_xfer *, void *, usbd_status);
150 void uath_data_rxeof(struct usbd_xfer *, void *, usbd_status);
151 void uath_data_txeof(struct usbd_xfer *, void *, usbd_status);
152 int uath_tx_null(struct uath_softc *);
153 int uath_tx_data(struct uath_softc *, struct mbuf *,
154 struct ieee80211_node *);
155 void uath_start(struct ifnet *);
156 void uath_watchdog(struct ifnet *);
157 int uath_ioctl(struct ifnet *, u_long, caddr_t);
158 int uath_query_eeprom(struct uath_softc *);
159 int uath_reset(struct uath_softc *);
160 int uath_reset_tx_queues(struct uath_softc *);
161 int uath_wme_init(struct uath_softc *);
162 int uath_set_chan(struct uath_softc *, struct ieee80211_channel *);
163 int uath_set_key(struct uath_softc *, const struct ieee80211_key *, int);
164 int uath_set_keys(struct uath_softc *);
165 int uath_set_rates(struct uath_softc *, const struct ieee80211_rateset *);
166 int uath_set_rxfilter(struct uath_softc *, uint32_t, uint32_t);
167 int uath_set_led(struct uath_softc *, int, int);
168 int uath_switch_channel(struct uath_softc *, struct ieee80211_channel *);
169 int uath_init(struct ifnet *);
170 void uath_stop(struct ifnet *, int);
171 int uath_loadfirmware(struct uath_softc *, const u_char *, int);
172
173 int uath_match(struct device *, void *, void *);
174 void uath_attach(struct device *, struct device *, void *);
175 int uath_detach(struct device *, int);
176
177 struct cfdriver uath_cd = {
178 NULL, "uath", DV_IFNET
179 };
180
181 const struct cfattach uath_ca = {
182 sizeof(struct uath_softc), uath_match, uath_attach, uath_detach
183 };
184
185 int
uath_match(struct device * parent,void * match,void * aux)186 uath_match(struct device *parent, void *match, void *aux)
187 {
188 struct usb_attach_arg *uaa = aux;
189
190 if (uaa->iface == NULL || uaa->configno != UATH_CONFIG_NO)
191 return UMATCH_NONE;
192
193 return (uath_lookup(uaa->vendor, uaa->product) != NULL) ?
194 UMATCH_VENDOR_PRODUCT : UMATCH_NONE;
195 }
196
197 void
uath_attachhook(struct device * self)198 uath_attachhook(struct device *self)
199 {
200 struct uath_softc *sc = (struct uath_softc *)self;
201 u_char *fw;
202 size_t size;
203 int error;
204
205 if ((error = loadfirmware("uath-ar5523", &fw, &size)) != 0) {
206 printf("%s: error %d, could not read firmware %s\n",
207 sc->sc_dev.dv_xname, error, "uath-ar5523");
208 return;
209 }
210
211 error = uath_loadfirmware(sc, fw, size);
212 free(fw, M_DEVBUF, size);
213
214 if (error == 0) {
215 /*
216 * Hack alert: the device doesn't always gracefully detach
217 * from the bus after a firmware upload. We need to force
218 * a port reset and a re-exploration on the parent hub.
219 */
220 usbd_reset_port(sc->sc_uhub, sc->sc_port);
221 usb_needs_reattach(sc->sc_udev);
222 } else {
223 printf("%s: could not load firmware (error=%s)\n",
224 sc->sc_dev.dv_xname, usbd_errstr(error));
225 }
226 }
227
228 void
uath_attach(struct device * parent,struct device * self,void * aux)229 uath_attach(struct device *parent, struct device *self, void *aux)
230 {
231 struct uath_softc *sc = (struct uath_softc *)self;
232 struct usb_attach_arg *uaa = aux;
233 struct ieee80211com *ic = &sc->sc_ic;
234 struct ifnet *ifp = &ic->ic_if;
235 usbd_status error;
236 int i;
237
238 sc->sc_udev = uaa->device;
239 sc->sc_uhub = uaa->device->myhub;
240 sc->sc_port = uaa->port;
241
242 sc->sc_flags = uath_lookup(uaa->vendor, uaa->product)->flags;
243
244 /* get the first interface handle */
245 error = usbd_device2interface_handle(sc->sc_udev, UATH_IFACE_INDEX,
246 &sc->sc_iface);
247 if (error != 0) {
248 printf("%s: could not get interface handle\n",
249 sc->sc_dev.dv_xname);
250 return;
251 }
252
253 /*
254 * We must open the pipes early because they're used to upload the
255 * firmware (pre-firmware devices) or to send firmware commands.
256 */
257 if (uath_open_pipes(sc) != 0) {
258 printf("%s: could not open pipes\n", sc->sc_dev.dv_xname);
259 return;
260 }
261
262 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) {
263 config_mountroot(self, uath_attachhook);
264 return;
265 }
266
267 /*
268 * Only post-firmware devices here.
269 */
270 usb_init_task(&sc->sc_task, uath_task, sc, USB_TASK_TYPE_GENERIC);
271 timeout_set(&sc->scan_to, uath_next_scan, sc);
272 timeout_set(&sc->stat_to, uath_stat, sc);
273
274 /*
275 * Allocate xfers for firmware commands.
276 */
277 if (uath_alloc_tx_cmd_list(sc) != 0) {
278 printf("%s: could not allocate Tx command list\n",
279 sc->sc_dev.dv_xname);
280 goto fail;
281 }
282 if (uath_alloc_rx_cmd_list(sc) != 0) {
283 printf("%s: could not allocate Rx command list\n",
284 sc->sc_dev.dv_xname);
285 goto fail;
286 }
287
288 /*
289 * Queue Rx command xfers.
290 */
291 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) {
292 struct uath_rx_cmd *cmd = &sc->rx_cmd[i];
293
294 usbd_setup_xfer(cmd->xfer, sc->cmd_rx_pipe, cmd, cmd->buf,
295 UATH_MAX_RXCMDSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY,
296 USBD_NO_TIMEOUT, uath_cmd_rxeof);
297 error = usbd_transfer(cmd->xfer);
298 if (error != USBD_IN_PROGRESS && error != 0) {
299 printf("%s: could not queue Rx command xfer\n",
300 sc->sc_dev.dv_xname);
301 goto fail;
302 }
303 }
304
305 /*
306 * We're now ready to send/receive firmware commands.
307 */
308 if (uath_reset(sc) != 0) {
309 printf("%s: could not initialize adapter\n",
310 sc->sc_dev.dv_xname);
311 goto fail;
312 }
313 if (uath_query_eeprom(sc) != 0) {
314 printf("%s: could not read EEPROM\n", sc->sc_dev.dv_xname);
315 goto fail;
316 }
317
318 printf("%s: MAC/BBP AR5523, RF AR%c112, address %s\n",
319 sc->sc_dev.dv_xname, (sc->sc_flags & UATH_FLAG_ABG) ? '5': '2',
320 ether_sprintf(ic->ic_myaddr));
321
322 /*
323 * Allocate xfers for Tx/Rx data pipes.
324 */
325 if (uath_alloc_tx_data_list(sc) != 0) {
326 printf("%s: could not allocate Tx data list\n",
327 sc->sc_dev.dv_xname);
328 goto fail;
329 }
330 if (uath_alloc_rx_data_list(sc) != 0) {
331 printf("%s: could not allocate Rx data list\n",
332 sc->sc_dev.dv_xname);
333 goto fail;
334 }
335
336 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
337 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
338 ic->ic_state = IEEE80211_S_INIT;
339
340 /* set device capabilities */
341 ic->ic_caps =
342 IEEE80211_C_MONITOR | /* monitor mode supported */
343 IEEE80211_C_TXPMGT | /* tx power management */
344 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
345 IEEE80211_C_SHSLOT | /* short slot time supported */
346 IEEE80211_C_WEP; /* h/w WEP */
347
348 /* set supported .11b and .11g rates */
349 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b;
350 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g;
351
352 /* set supported .11b and .11g channels (1 through 14) */
353 for (i = 1; i <= 14; i++) {
354 ic->ic_channels[i].ic_freq =
355 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
356 ic->ic_channels[i].ic_flags =
357 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
358 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
359 }
360
361 ifp->if_softc = sc;
362 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
363 ifp->if_ioctl = uath_ioctl;
364 ifp->if_start = uath_start;
365 ifp->if_watchdog = uath_watchdog;
366 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ);
367
368 if_attach(ifp);
369 ieee80211_ifattach(ifp);
370
371 /* override state transition machine */
372 sc->sc_newstate = ic->ic_newstate;
373 ic->ic_newstate = uath_newstate;
374 ieee80211_media_init(ifp, uath_media_change, ieee80211_media_status);
375
376 #if NBPFILTER > 0
377 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO,
378 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN);
379
380 sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
381 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
382 sc->sc_rxtap.wr_ihdr.it_present = htole32(UATH_RX_RADIOTAP_PRESENT);
383
384 sc->sc_txtap_len = sizeof sc->sc_txtapu;
385 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
386 sc->sc_txtap.wt_ihdr.it_present = htole32(UATH_TX_RADIOTAP_PRESENT);
387 #endif
388
389 return;
390
391 fail: uath_close_pipes(sc);
392 uath_free_tx_data_list(sc);
393 uath_free_rx_cmd_list(sc);
394 uath_free_tx_cmd_list(sc);
395 usbd_deactivate(sc->sc_udev);
396 }
397
398 int
uath_detach(struct device * self,int flags)399 uath_detach(struct device *self, int flags)
400 {
401 struct uath_softc *sc = (struct uath_softc *)self;
402 struct ifnet *ifp = &sc->sc_ic.ic_if;
403 int s;
404
405 s = splnet();
406
407 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) {
408 uath_close_pipes(sc);
409 splx(s);
410 return 0;
411 }
412
413 /* post-firmware device */
414
415 usb_rem_task(sc->sc_udev, &sc->sc_task);
416 if (timeout_initialized(&sc->scan_to))
417 timeout_del(&sc->scan_to);
418 if (timeout_initialized(&sc->stat_to))
419 timeout_del(&sc->stat_to);
420
421 /* close Tx/Rx pipes */
422 uath_close_pipes(sc);
423
424 /* free xfers */
425 uath_free_tx_data_list(sc);
426 uath_free_rx_data_list(sc);
427 uath_free_tx_cmd_list(sc);
428 uath_free_rx_cmd_list(sc);
429
430 if (ifp->if_softc != NULL) {
431 ieee80211_ifdetach(ifp); /* free all nodes */
432 if_detach(ifp);
433 }
434
435 splx(s);
436
437 return 0;
438 }
439
440 int
uath_open_pipes(struct uath_softc * sc)441 uath_open_pipes(struct uath_softc *sc)
442 {
443 int error;
444
445 /*
446 * XXX pipes numbers are hardcoded because we don't have any way
447 * to distinguish the data pipes from the firmware command pipes
448 * (both are bulk pipes) using the endpoints descriptors.
449 */
450 error = usbd_open_pipe(sc->sc_iface, 0x01, USBD_EXCLUSIVE_USE,
451 &sc->cmd_tx_pipe);
452 if (error != 0) {
453 printf("%s: could not open Tx command pipe: %s\n",
454 sc->sc_dev.dv_xname, usbd_errstr(error));
455 goto fail;
456 }
457
458 error = usbd_open_pipe(sc->sc_iface, 0x02, USBD_EXCLUSIVE_USE,
459 &sc->data_tx_pipe);
460 if (error != 0) {
461 printf("%s: could not open Tx data pipe: %s\n",
462 sc->sc_dev.dv_xname, usbd_errstr(error));
463 goto fail;
464 }
465
466 error = usbd_open_pipe(sc->sc_iface, 0x81, USBD_EXCLUSIVE_USE,
467 &sc->cmd_rx_pipe);
468 if (error != 0) {
469 printf("%s: could not open Rx command pipe: %s\n",
470 sc->sc_dev.dv_xname, usbd_errstr(error));
471 goto fail;
472 }
473
474 error = usbd_open_pipe(sc->sc_iface, 0x82, USBD_EXCLUSIVE_USE,
475 &sc->data_rx_pipe);
476 if (error != 0) {
477 printf("%s: could not open Rx data pipe: %s\n",
478 sc->sc_dev.dv_xname, usbd_errstr(error));
479 goto fail;
480 }
481
482 return 0;
483
484 fail: uath_close_pipes(sc);
485 return error;
486 }
487
488 void
uath_close_pipes(struct uath_softc * sc)489 uath_close_pipes(struct uath_softc *sc)
490 {
491 if (sc->data_tx_pipe != NULL) {
492 usbd_close_pipe(sc->data_tx_pipe);
493 sc->data_tx_pipe = NULL;
494 }
495
496 if (sc->data_rx_pipe != NULL) {
497 usbd_close_pipe(sc->data_rx_pipe);
498 sc->data_rx_pipe = NULL;
499 }
500
501 if (sc->cmd_tx_pipe != NULL) {
502 usbd_close_pipe(sc->cmd_tx_pipe);
503 sc->cmd_tx_pipe = NULL;
504 }
505
506 if (sc->cmd_rx_pipe != NULL) {
507 usbd_close_pipe(sc->cmd_rx_pipe);
508 sc->cmd_rx_pipe = NULL;
509 }
510 }
511
512 int
uath_alloc_tx_data_list(struct uath_softc * sc)513 uath_alloc_tx_data_list(struct uath_softc *sc)
514 {
515 int i, error;
516
517 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) {
518 struct uath_tx_data *data = &sc->tx_data[i];
519
520 data->sc = sc; /* backpointer for callbacks */
521
522 data->xfer = usbd_alloc_xfer(sc->sc_udev);
523 if (data->xfer == NULL) {
524 printf("%s: could not allocate xfer\n",
525 sc->sc_dev.dv_xname);
526 error = ENOMEM;
527 goto fail;
528 }
529 data->buf = usbd_alloc_buffer(data->xfer, UATH_MAX_TXBUFSZ);
530 if (data->buf == NULL) {
531 printf("%s: could not allocate xfer buffer\n",
532 sc->sc_dev.dv_xname);
533 error = ENOMEM;
534 goto fail;
535 }
536 }
537 return 0;
538
539 fail: uath_free_tx_data_list(sc);
540 return error;
541 }
542
543 void
uath_free_tx_data_list(struct uath_softc * sc)544 uath_free_tx_data_list(struct uath_softc *sc)
545 {
546 int i;
547
548 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++)
549 if (sc->tx_data[i].xfer != NULL) {
550 usbd_free_xfer(sc->tx_data[i].xfer);
551 sc->tx_data[i].xfer = NULL;
552 }
553 }
554
555 int
uath_alloc_rx_data_list(struct uath_softc * sc)556 uath_alloc_rx_data_list(struct uath_softc *sc)
557 {
558 int i, error;
559
560 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) {
561 struct uath_rx_data *data = &sc->rx_data[i];
562
563 data->sc = sc; /* backpointer for callbacks */
564
565 data->xfer = usbd_alloc_xfer(sc->sc_udev);
566 if (data->xfer == NULL) {
567 printf("%s: could not allocate xfer\n",
568 sc->sc_dev.dv_xname);
569 error = ENOMEM;
570 goto fail;
571 }
572 if (usbd_alloc_buffer(data->xfer, sc->rxbufsz) == NULL) {
573 printf("%s: could not allocate xfer buffer\n",
574 sc->sc_dev.dv_xname);
575 error = ENOMEM;
576 goto fail;
577 }
578
579 MGETHDR(data->m, M_DONTWAIT, MT_DATA);
580 if (data->m == NULL) {
581 printf("%s: could not allocate rx mbuf\n",
582 sc->sc_dev.dv_xname);
583 error = ENOMEM;
584 goto fail;
585 }
586 MCLGETL(data->m, M_DONTWAIT, sc->rxbufsz);
587 if (!(data->m->m_flags & M_EXT)) {
588 printf("%s: could not allocate rx mbuf cluster\n",
589 sc->sc_dev.dv_xname);
590 error = ENOMEM;
591 goto fail;
592 }
593
594 data->buf = mtod(data->m, uint8_t *);
595 }
596 return 0;
597
598 fail: uath_free_rx_data_list(sc);
599 return error;
600 }
601
602 void
uath_free_rx_data_list(struct uath_softc * sc)603 uath_free_rx_data_list(struct uath_softc *sc)
604 {
605 int i;
606
607 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) {
608 struct uath_rx_data *data = &sc->rx_data[i];
609
610 if (data->xfer != NULL) {
611 usbd_free_xfer(data->xfer);
612 data->xfer = NULL;
613 }
614
615 if (data->m != NULL) {
616 m_freem(data->m);
617 data->m = NULL;
618 }
619 }
620 }
621
622 int
uath_alloc_tx_cmd_list(struct uath_softc * sc)623 uath_alloc_tx_cmd_list(struct uath_softc *sc)
624 {
625 int i, error;
626
627 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) {
628 struct uath_tx_cmd *cmd = &sc->tx_cmd[i];
629
630 cmd->sc = sc; /* backpointer for callbacks */
631
632 cmd->xfer = usbd_alloc_xfer(sc->sc_udev);
633 if (cmd->xfer == NULL) {
634 printf("%s: could not allocate xfer\n",
635 sc->sc_dev.dv_xname);
636 error = ENOMEM;
637 goto fail;
638 }
639 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_TXCMDSZ);
640 if (cmd->buf == NULL) {
641 printf("%s: could not allocate xfer buffer\n",
642 sc->sc_dev.dv_xname);
643 error = ENOMEM;
644 goto fail;
645 }
646 }
647 return 0;
648
649 fail: uath_free_tx_cmd_list(sc);
650 return error;
651 }
652
653 void
uath_free_tx_cmd_list(struct uath_softc * sc)654 uath_free_tx_cmd_list(struct uath_softc *sc)
655 {
656 int i;
657
658 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++)
659 if (sc->tx_cmd[i].xfer != NULL) {
660 usbd_free_xfer(sc->tx_cmd[i].xfer);
661 sc->tx_cmd[i].xfer = NULL;
662 }
663 }
664
665 int
uath_alloc_rx_cmd_list(struct uath_softc * sc)666 uath_alloc_rx_cmd_list(struct uath_softc *sc)
667 {
668 int i, error;
669
670 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) {
671 struct uath_rx_cmd *cmd = &sc->rx_cmd[i];
672
673 cmd->sc = sc; /* backpointer for callbacks */
674
675 cmd->xfer = usbd_alloc_xfer(sc->sc_udev);
676 if (cmd->xfer == NULL) {
677 printf("%s: could not allocate xfer\n",
678 sc->sc_dev.dv_xname);
679 error = ENOMEM;
680 goto fail;
681 }
682 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_RXCMDSZ);
683 if (cmd->buf == NULL) {
684 printf("%s: could not allocate xfer buffer\n",
685 sc->sc_dev.dv_xname);
686 error = ENOMEM;
687 goto fail;
688 }
689 }
690 return 0;
691
692 fail: uath_free_rx_cmd_list(sc);
693 return error;
694 }
695
696 void
uath_free_rx_cmd_list(struct uath_softc * sc)697 uath_free_rx_cmd_list(struct uath_softc *sc)
698 {
699 int i;
700
701 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++)
702 if (sc->rx_cmd[i].xfer != NULL) {
703 usbd_free_xfer(sc->rx_cmd[i].xfer);
704 sc->rx_cmd[i].xfer = NULL;
705 }
706 }
707
708 int
uath_media_change(struct ifnet * ifp)709 uath_media_change(struct ifnet *ifp)
710 {
711 int error;
712
713 error = ieee80211_media_change(ifp);
714 if (error != ENETRESET)
715 return error;
716
717 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
718 error = uath_init(ifp);
719
720 return error;
721 }
722
723 /*
724 * This function is called periodically (every second) when associated to
725 * query device statistics.
726 */
727 void
uath_stat(void * arg)728 uath_stat(void *arg)
729 {
730 struct uath_softc *sc = arg;
731 int error;
732
733 /*
734 * Send request for statistics asynchronously. The timer will be
735 * restarted when we'll get the stats notification.
736 */
737 error = uath_cmd_write(sc, UATH_CMD_STATS, NULL, 0,
738 UATH_CMD_FLAG_ASYNC);
739 if (error != 0) {
740 printf("%s: could not query statistics (error=%d)\n",
741 sc->sc_dev.dv_xname, error);
742 }
743 }
744
745 /*
746 * This function is called periodically (every 250ms) during scanning to
747 * switch from one channel to another.
748 */
749 void
uath_next_scan(void * arg)750 uath_next_scan(void *arg)
751 {
752 struct uath_softc *sc = arg;
753 struct ieee80211com *ic = &sc->sc_ic;
754 struct ifnet *ifp = &ic->ic_if;
755
756 if (ic->ic_state == IEEE80211_S_SCAN)
757 ieee80211_next_scan(ifp);
758 }
759
760 void
uath_task(void * arg)761 uath_task(void *arg)
762 {
763 struct uath_softc *sc = arg;
764 struct ieee80211com *ic = &sc->sc_ic;
765 enum ieee80211_state ostate;
766
767 ostate = ic->ic_state;
768
769 switch (sc->sc_state) {
770 case IEEE80211_S_INIT:
771 if (ostate == IEEE80211_S_RUN) {
772 /* turn link and activity LEDs off */
773 (void)uath_set_led(sc, UATH_LED_LINK, 0);
774 (void)uath_set_led(sc, UATH_LED_ACTIVITY, 0);
775 }
776 break;
777
778 case IEEE80211_S_SCAN:
779 if (uath_switch_channel(sc, ic->ic_bss->ni_chan) != 0) {
780 printf("%s: could not switch channel\n",
781 sc->sc_dev.dv_xname);
782 break;
783 }
784 timeout_add_msec(&sc->scan_to, 250);
785 break;
786
787 case IEEE80211_S_AUTH:
788 {
789 struct ieee80211_node *ni = ic->ic_bss;
790 struct uath_cmd_bssid bssid;
791 struct uath_cmd_0b cmd0b;
792 struct uath_cmd_0c cmd0c;
793
794 if (uath_switch_channel(sc, ni->ni_chan) != 0) {
795 printf("%s: could not switch channel\n",
796 sc->sc_dev.dv_xname);
797 break;
798 }
799
800 (void)uath_cmd_write(sc, UATH_CMD_24, NULL, 0, 0);
801
802 bzero(&bssid, sizeof bssid);
803 bssid.len = htobe32(IEEE80211_ADDR_LEN);
804 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid);
805 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid,
806 sizeof bssid, 0);
807
808 bzero(&cmd0b, sizeof cmd0b);
809 cmd0b.code = htobe32(2);
810 cmd0b.size = htobe32(sizeof (cmd0b.data));
811 (void)uath_cmd_write(sc, UATH_CMD_0B, &cmd0b, sizeof cmd0b, 0);
812
813 bzero(&cmd0c, sizeof cmd0c);
814 cmd0c.magic1 = htobe32(2);
815 cmd0c.magic2 = htobe32(7);
816 cmd0c.magic3 = htobe32(1);
817 (void)uath_cmd_write(sc, UATH_CMD_0C, &cmd0c, sizeof cmd0c, 0);
818
819 if (uath_set_rates(sc, &ni->ni_rates) != 0) {
820 printf("%s: could not set negotiated rate set\n",
821 sc->sc_dev.dv_xname);
822 break;
823 }
824 break;
825 }
826
827 case IEEE80211_S_ASSOC:
828 break;
829
830 case IEEE80211_S_RUN:
831 {
832 struct ieee80211_node *ni = ic->ic_bss;
833 struct uath_cmd_bssid bssid;
834 struct uath_cmd_xled xled;
835 uint32_t val;
836
837 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
838 /* make both LEDs blink while monitoring */
839 bzero(&xled, sizeof xled);
840 xled.which = htobe32(0);
841 xled.rate = htobe32(1);
842 xled.mode = htobe32(2);
843 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled,
844 sizeof xled, 0);
845 break;
846 }
847
848 /*
849 * Tx rate is controlled by firmware, report the maximum
850 * negotiated rate in ifconfig output.
851 */
852 ni->ni_txrate = ni->ni_rates.rs_nrates - 1;
853
854 val = htobe32(1);
855 (void)uath_cmd_write(sc, UATH_CMD_2E, &val, sizeof val, 0);
856
857 bzero(&bssid, sizeof bssid);
858 bssid.flags1 = htobe32(0xc004);
859 bssid.flags2 = htobe32(0x003b);
860 bssid.len = htobe32(IEEE80211_ADDR_LEN);
861 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid);
862 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid,
863 sizeof bssid, 0);
864
865 /* turn link LED on */
866 (void)uath_set_led(sc, UATH_LED_LINK, 1);
867
868 /* make activity LED blink */
869 bzero(&xled, sizeof xled);
870 xled.which = htobe32(1);
871 xled.rate = htobe32(1);
872 xled.mode = htobe32(2);
873 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, sizeof xled,
874 0);
875
876 /* set state to associated */
877 val = htobe32(1);
878 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val,
879 0);
880
881 /* start statistics timer */
882 timeout_add_sec(&sc->stat_to, 1);
883 break;
884 }
885 }
886 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg);
887 }
888
889 int
uath_newstate(struct ieee80211com * ic,enum ieee80211_state nstate,int arg)890 uath_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
891 {
892 struct uath_softc *sc = ic->ic_softc;
893
894 usb_rem_task(sc->sc_udev, &sc->sc_task);
895 timeout_del(&sc->scan_to);
896 timeout_del(&sc->stat_to);
897
898 /* do it in a process context */
899 sc->sc_state = nstate;
900 sc->sc_arg = arg;
901 usb_add_task(sc->sc_udev, &sc->sc_task);
902 return 0;
903 }
904
905 #ifdef UATH_DEBUG
906 void
uath_dump_cmd(const uint8_t * buf,int len,char prefix)907 uath_dump_cmd(const uint8_t *buf, int len, char prefix)
908 {
909 int i;
910
911 for (i = 0; i < len; i++) {
912 if ((i % 16) == 0)
913 printf("\n%c ", prefix);
914 else if ((i % 4) == 0)
915 printf(" ");
916 printf("%02x", buf[i]);
917 }
918 printf("\n");
919 }
920 #endif
921
922 /*
923 * Low-level function to send read or write commands to the firmware.
924 */
925 int
uath_cmd(struct uath_softc * sc,uint32_t code,const void * idata,int ilen,void * odata,int flags)926 uath_cmd(struct uath_softc *sc, uint32_t code, const void *idata, int ilen,
927 void *odata, int flags)
928 {
929 struct uath_cmd_hdr *hdr;
930 struct uath_tx_cmd *cmd;
931 uint16_t xferflags;
932 int s, xferlen, error;
933
934 /* grab a xfer */
935 cmd = &sc->tx_cmd[sc->cmd_idx];
936
937 /* always bulk-out a multiple of 4 bytes */
938 xferlen = (sizeof (struct uath_cmd_hdr) + ilen + 3) & ~3;
939
940 hdr = (struct uath_cmd_hdr *)cmd->buf;
941 bzero(hdr, sizeof (struct uath_cmd_hdr));
942 hdr->len = htobe32(xferlen);
943 hdr->code = htobe32(code);
944 hdr->priv = sc->cmd_idx; /* don't care about endianness */
945 hdr->magic = htobe32((flags & UATH_CMD_FLAG_MAGIC) ? 1 << 24 : 0);
946 bcopy(idata, (uint8_t *)(hdr + 1), ilen);
947
948 #ifdef UATH_DEBUG
949 if (uath_debug >= 5) {
950 printf("sending command code=0x%02x flags=0x%x index=%u",
951 code, flags, sc->cmd_idx);
952 uath_dump_cmd(cmd->buf, xferlen, '+');
953 }
954 #endif
955 xferflags = USBD_FORCE_SHORT_XFER | USBD_NO_COPY;
956 if (!(flags & UATH_CMD_FLAG_READ)) {
957 if (!(flags & UATH_CMD_FLAG_ASYNC))
958 xferflags |= USBD_SYNCHRONOUS;
959 } else
960 s = splusb();
961
962 cmd->odata = odata;
963
964 usbd_setup_xfer(cmd->xfer, sc->cmd_tx_pipe, cmd, cmd->buf, xferlen,
965 xferflags, UATH_CMD_TIMEOUT, NULL);
966 error = usbd_transfer(cmd->xfer);
967 if (error != USBD_IN_PROGRESS && error != 0) {
968 if (flags & UATH_CMD_FLAG_READ)
969 splx(s);
970 printf("%s: could not send command 0x%x (error=%s)\n",
971 sc->sc_dev.dv_xname, code, usbd_errstr(error));
972 return error;
973 }
974 sc->cmd_idx = (sc->cmd_idx + 1) % UATH_TX_CMD_LIST_COUNT;
975
976 if (!(flags & UATH_CMD_FLAG_READ))
977 return 0; /* write: don't wait for reply */
978
979 /* wait at most two seconds for command reply */
980 error = tsleep_nsec(cmd, PCATCH, "uathcmd", SEC_TO_NSEC(2));
981 cmd->odata = NULL; /* in case answer is received too late */
982 splx(s);
983 if (error != 0) {
984 printf("%s: timeout waiting for command reply\n",
985 sc->sc_dev.dv_xname);
986 }
987 return error;
988 }
989
990 int
uath_cmd_write(struct uath_softc * sc,uint32_t code,const void * data,int len,int flags)991 uath_cmd_write(struct uath_softc *sc, uint32_t code, const void *data, int len,
992 int flags)
993 {
994 flags &= ~UATH_CMD_FLAG_READ;
995 return uath_cmd(sc, code, data, len, NULL, flags);
996 }
997
998 int
uath_cmd_read(struct uath_softc * sc,uint32_t code,const void * idata,int ilen,void * odata,int flags)999 uath_cmd_read(struct uath_softc *sc, uint32_t code, const void *idata,
1000 int ilen, void *odata, int flags)
1001 {
1002 flags |= UATH_CMD_FLAG_READ;
1003 return uath_cmd(sc, code, idata, ilen, odata, flags);
1004 }
1005
1006 int
uath_write_reg(struct uath_softc * sc,uint32_t reg,uint32_t val)1007 uath_write_reg(struct uath_softc *sc, uint32_t reg, uint32_t val)
1008 {
1009 struct uath_write_mac write;
1010 int error;
1011
1012 write.reg = htobe32(reg);
1013 write.len = htobe32(0); /* 0 = single write */
1014 *(uint32_t *)write.data = htobe32(val);
1015
1016 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write,
1017 3 * sizeof (uint32_t), 0);
1018 if (error != 0) {
1019 printf("%s: could not write register 0x%02x\n",
1020 sc->sc_dev.dv_xname, reg);
1021 }
1022 return error;
1023 }
1024
1025 int
uath_write_multi(struct uath_softc * sc,uint32_t reg,const void * data,int len)1026 uath_write_multi(struct uath_softc *sc, uint32_t reg, const void *data,
1027 int len)
1028 {
1029 struct uath_write_mac write;
1030 int error;
1031
1032 write.reg = htobe32(reg);
1033 write.len = htobe32(len);
1034 bcopy(data, write.data, len);
1035
1036 /* properly handle the case where len is zero (reset) */
1037 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write,
1038 (len == 0) ? sizeof (uint32_t) : 2 * sizeof (uint32_t) + len, 0);
1039 if (error != 0) {
1040 printf("%s: could not write %d bytes to register 0x%02x\n",
1041 sc->sc_dev.dv_xname, len, reg);
1042 }
1043 return error;
1044 }
1045
1046 int
uath_read_reg(struct uath_softc * sc,uint32_t reg,uint32_t * val)1047 uath_read_reg(struct uath_softc *sc, uint32_t reg, uint32_t *val)
1048 {
1049 struct uath_read_mac read;
1050 int error;
1051
1052 reg = htobe32(reg);
1053 error = uath_cmd_read(sc, UATH_CMD_READ_MAC, ®, sizeof reg, &read,
1054 0);
1055 if (error != 0) {
1056 printf("%s: could not read register 0x%02x\n",
1057 sc->sc_dev.dv_xname, betoh32(reg));
1058 return error;
1059 }
1060 *val = betoh32(*(uint32_t *)read.data);
1061 return error;
1062 }
1063
1064 int
uath_read_eeprom(struct uath_softc * sc,uint32_t reg,void * odata)1065 uath_read_eeprom(struct uath_softc *sc, uint32_t reg, void *odata)
1066 {
1067 struct uath_read_mac read;
1068 int len, error;
1069
1070 reg = htobe32(reg);
1071 error = uath_cmd_read(sc, UATH_CMD_READ_EEPROM, ®, sizeof reg,
1072 &read, 0);
1073 if (error != 0) {
1074 printf("%s: could not read EEPROM offset 0x%02x\n",
1075 sc->sc_dev.dv_xname, betoh32(reg));
1076 return error;
1077 }
1078 len = betoh32(read.len);
1079 bcopy(read.data, odata, (len == 0) ? sizeof (uint32_t) : len);
1080 return error;
1081 }
1082
1083 void
uath_cmd_rxeof(struct usbd_xfer * xfer,void * priv,usbd_status status)1084 uath_cmd_rxeof(struct usbd_xfer *xfer, void *priv,
1085 usbd_status status)
1086 {
1087 struct uath_rx_cmd *cmd = priv;
1088 struct uath_softc *sc = cmd->sc;
1089 struct uath_cmd_hdr *hdr;
1090
1091 if (status != USBD_NORMAL_COMPLETION) {
1092 if (status == USBD_STALLED)
1093 usbd_clear_endpoint_stall_async(sc->cmd_rx_pipe);
1094 return;
1095 }
1096
1097 hdr = (struct uath_cmd_hdr *)cmd->buf;
1098
1099 #ifdef UATH_DEBUG
1100 if (uath_debug >= 5) {
1101 printf("received command code=0x%x index=%u len=%u",
1102 betoh32(hdr->code), hdr->priv, betoh32(hdr->len));
1103 uath_dump_cmd(cmd->buf, betoh32(hdr->len), '-');
1104 }
1105 #endif
1106
1107 switch (betoh32(hdr->code) & 0xff) {
1108 /* reply to a read command */
1109 default:
1110 {
1111 struct uath_tx_cmd *txcmd = &sc->tx_cmd[hdr->priv];
1112
1113 if (txcmd->odata != NULL) {
1114 /* copy answer into caller's supplied buffer */
1115 bcopy((uint8_t *)(hdr + 1), txcmd->odata,
1116 betoh32(hdr->len) - sizeof (struct uath_cmd_hdr));
1117 }
1118 wakeup(txcmd); /* wake up caller */
1119 break;
1120 }
1121 /* spontaneous firmware notifications */
1122 case UATH_NOTIF_READY:
1123 DPRINTF(("received device ready notification\n"));
1124 wakeup(UATH_COND_INIT(sc));
1125 break;
1126
1127 case UATH_NOTIF_TX:
1128 /* this notification is sent when UATH_TX_NOTIFY is set */
1129 DPRINTF(("received Tx notification\n"));
1130 break;
1131
1132 case UATH_NOTIF_STATS:
1133 DPRINTFN(2, ("received device statistics\n"));
1134 timeout_add_sec(&sc->stat_to, 1);
1135 break;
1136 }
1137
1138 /* setup a new transfer */
1139 usbd_setup_xfer(xfer, sc->cmd_rx_pipe, cmd, cmd->buf, UATH_MAX_RXCMDSZ,
1140 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT,
1141 uath_cmd_rxeof);
1142 (void)usbd_transfer(xfer);
1143 }
1144
1145 void
uath_data_rxeof(struct usbd_xfer * xfer,void * priv,usbd_status status)1146 uath_data_rxeof(struct usbd_xfer *xfer, void *priv,
1147 usbd_status status)
1148 {
1149 struct uath_rx_data *data = priv;
1150 struct uath_softc *sc = data->sc;
1151 struct ieee80211com *ic = &sc->sc_ic;
1152 struct ifnet *ifp = &ic->ic_if;
1153 struct ieee80211_frame *wh;
1154 struct ieee80211_rxinfo rxi;
1155 struct ieee80211_node *ni;
1156 struct uath_rx_desc *desc;
1157 struct mbuf *mnew, *m;
1158 uint32_t hdr;
1159 int s, len;
1160
1161 if (status != USBD_NORMAL_COMPLETION) {
1162 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED)
1163 return;
1164
1165 if (status == USBD_STALLED)
1166 usbd_clear_endpoint_stall_async(sc->data_rx_pipe);
1167
1168 ifp->if_ierrors++;
1169 return;
1170 }
1171 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL);
1172
1173 if (len < UATH_MIN_RXBUFSZ) {
1174 DPRINTF(("wrong xfer size (len=%d)\n", len));
1175 ifp->if_ierrors++;
1176 goto skip;
1177 }
1178
1179 hdr = betoh32(*(uint32_t *)data->buf);
1180
1181 /* Rx descriptor is located at the end, 32-bit aligned */
1182 desc = (struct uath_rx_desc *)
1183 (data->buf + len - sizeof (struct uath_rx_desc));
1184
1185 if (betoh32(desc->len) > sc->rxbufsz) {
1186 DPRINTF(("bad descriptor (len=%d)\n", betoh32(desc->len)));
1187 ifp->if_ierrors++;
1188 goto skip;
1189 }
1190
1191 /* there's probably a "bad CRC" flag somewhere in the descriptor.. */
1192
1193 MGETHDR(mnew, M_DONTWAIT, MT_DATA);
1194 if (mnew == NULL) {
1195 printf("%s: could not allocate rx mbuf\n",
1196 sc->sc_dev.dv_xname);
1197 ifp->if_ierrors++;
1198 goto skip;
1199 }
1200 MCLGETL(mnew, M_DONTWAIT, sc->rxbufsz);
1201 if (!(mnew->m_flags & M_EXT)) {
1202 printf("%s: could not allocate rx mbuf cluster\n",
1203 sc->sc_dev.dv_xname);
1204 m_freem(mnew);
1205 ifp->if_ierrors++;
1206 goto skip;
1207 }
1208
1209 m = data->m;
1210 data->m = mnew;
1211
1212 /* finalize mbuf */
1213 m->m_data = data->buf + sizeof (uint32_t);
1214 m->m_pkthdr.len = m->m_len = betoh32(desc->len) -
1215 sizeof (struct uath_rx_desc) - IEEE80211_CRC_LEN;
1216
1217 data->buf = mtod(data->m, uint8_t *);
1218
1219 wh = mtod(m, struct ieee80211_frame *);
1220 memset(&rxi, 0, sizeof(rxi));
1221 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) &&
1222 ic->ic_opmode != IEEE80211_M_MONITOR) {
1223 /*
1224 * Hardware decrypts the frame itself but leaves the WEP bit
1225 * set in the 802.11 header and doesn't remove the IV and CRC
1226 * fields.
1227 */
1228 wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
1229 memmove((caddr_t)wh + IEEE80211_WEP_IVLEN +
1230 IEEE80211_WEP_KIDLEN, wh, sizeof (struct ieee80211_frame));
1231 m_adj(m, IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN);
1232 m_adj(m, -IEEE80211_WEP_CRCLEN);
1233 wh = mtod(m, struct ieee80211_frame *);
1234
1235 rxi.rxi_flags |= IEEE80211_RXI_HWDEC;
1236 }
1237
1238 #if NBPFILTER > 0
1239 /* there are a lot more fields in the Rx descriptor */
1240 if (sc->sc_drvbpf != NULL) {
1241 struct mbuf mb;
1242 struct uath_rx_radiotap_header *tap = &sc->sc_rxtap;
1243
1244 tap->wr_flags = 0;
1245 tap->wr_chan_freq = htole16(betoh32(desc->freq));
1246 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags);
1247 tap->wr_dbm_antsignal = (int8_t)betoh32(desc->rssi);
1248
1249 mb.m_data = (caddr_t)tap;
1250 mb.m_len = sc->sc_rxtap_len;
1251 mb.m_next = m;
1252 mb.m_nextpkt = NULL;
1253 mb.m_type = 0;
1254 mb.m_flags = 0;
1255 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN);
1256 }
1257 #endif
1258
1259 s = splnet();
1260 ni = ieee80211_find_rxnode(ic, wh);
1261 rxi.rxi_rssi = (int)betoh32(desc->rssi);
1262 ieee80211_input(ifp, m, ni, &rxi);
1263
1264 /* node is no longer needed */
1265 ieee80211_release_node(ic, ni);
1266 splx(s);
1267
1268 skip: /* setup a new transfer */
1269 usbd_setup_xfer(xfer, sc->data_rx_pipe, data, data->buf, sc->rxbufsz,
1270 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, uath_data_rxeof);
1271 (void)usbd_transfer(data->xfer);
1272 }
1273
1274 int
uath_tx_null(struct uath_softc * sc)1275 uath_tx_null(struct uath_softc *sc)
1276 {
1277 struct uath_tx_data *data;
1278 struct uath_tx_desc *desc;
1279
1280 data = &sc->tx_data[sc->data_idx];
1281
1282 data->ni = NULL;
1283
1284 *(uint32_t *)data->buf = UATH_MAKECTL(1, sizeof (struct uath_tx_desc));
1285 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t));
1286
1287 bzero(desc, sizeof (struct uath_tx_desc));
1288 desc->len = htobe32(sizeof (struct uath_tx_desc));
1289 desc->type = htobe32(UATH_TX_NULL);
1290
1291 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf,
1292 sizeof (uint32_t) + sizeof (struct uath_tx_desc), USBD_NO_COPY |
1293 USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, UATH_DATA_TIMEOUT, NULL);
1294 if (usbd_transfer(data->xfer) != 0)
1295 return EIO;
1296
1297 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT;
1298
1299 return uath_cmd_write(sc, UATH_CMD_0F, NULL, 0, UATH_CMD_FLAG_ASYNC);
1300 }
1301
1302 void
uath_data_txeof(struct usbd_xfer * xfer,void * priv,usbd_status status)1303 uath_data_txeof(struct usbd_xfer *xfer, void *priv,
1304 usbd_status status)
1305 {
1306 struct uath_tx_data *data = priv;
1307 struct uath_softc *sc = data->sc;
1308 struct ieee80211com *ic = &sc->sc_ic;
1309 struct ifnet *ifp = &ic->ic_if;
1310 int s;
1311
1312 if (status != USBD_NORMAL_COMPLETION) {
1313 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED)
1314 return;
1315
1316 printf("%s: could not transmit buffer: %s\n",
1317 sc->sc_dev.dv_xname, usbd_errstr(status));
1318
1319 if (status == USBD_STALLED)
1320 usbd_clear_endpoint_stall_async(sc->data_tx_pipe);
1321
1322 ifp->if_oerrors++;
1323 return;
1324 }
1325
1326 s = splnet();
1327
1328 ieee80211_release_node(ic, data->ni);
1329 data->ni = NULL;
1330
1331 sc->tx_queued--;
1332
1333 sc->sc_tx_timer = 0;
1334 ifq_clr_oactive(&ifp->if_snd);
1335 uath_start(ifp);
1336
1337 splx(s);
1338 }
1339
1340 int
uath_tx_data(struct uath_softc * sc,struct mbuf * m0,struct ieee80211_node * ni)1341 uath_tx_data(struct uath_softc *sc, struct mbuf *m0, struct ieee80211_node *ni)
1342 {
1343 struct ieee80211com *ic = &sc->sc_ic;
1344 struct uath_tx_data *data;
1345 struct uath_tx_desc *desc;
1346 const struct ieee80211_frame *wh;
1347 int paylen, totlen, xferlen, error;
1348
1349 data = &sc->tx_data[sc->data_idx];
1350 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t));
1351
1352 data->ni = ni;
1353
1354 #if NBPFILTER > 0
1355 if (sc->sc_drvbpf != NULL) {
1356 struct mbuf mb;
1357 struct uath_tx_radiotap_header *tap = &sc->sc_txtap;
1358
1359 tap->wt_flags = 0;
1360 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq);
1361 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags);
1362
1363 mb.m_data = (caddr_t)tap;
1364 mb.m_len = sc->sc_txtap_len;
1365 mb.m_next = m0;
1366 mb.m_nextpkt = NULL;
1367 mb.m_type = 0;
1368 mb.m_flags = 0;
1369 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT);
1370 }
1371 #endif
1372
1373 paylen = m0->m_pkthdr.len;
1374 xferlen = sizeof (uint32_t) + sizeof (struct uath_tx_desc) + paylen;
1375
1376 wh = mtod(m0, struct ieee80211_frame *);
1377 if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1378 uint8_t *frm = (uint8_t *)(desc + 1);
1379 uint32_t iv;
1380
1381 /* h/w WEP: it's up to the host to fill the IV field */
1382 bcopy(wh, frm, sizeof (struct ieee80211_frame));
1383 frm += sizeof (struct ieee80211_frame);
1384
1385 /* insert IV: code copied from net80211 */
1386 iv = (ic->ic_iv != 0) ? ic->ic_iv : arc4random();
1387 if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00)
1388 iv += 0x000100;
1389 ic->ic_iv = iv + 1;
1390
1391 *frm++ = iv & 0xff;
1392 *frm++ = (iv >> 8) & 0xff;
1393 *frm++ = (iv >> 16) & 0xff;
1394 *frm++ = ic->ic_wep_txkey << 6;
1395
1396 m_copydata(m0, sizeof(struct ieee80211_frame),
1397 m0->m_pkthdr.len - sizeof(struct ieee80211_frame), frm);
1398
1399 paylen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
1400 xferlen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN;
1401 totlen = xferlen + IEEE80211_WEP_CRCLEN;
1402 } else {
1403 m_copydata(m0, 0, m0->m_pkthdr.len, desc + 1);
1404 totlen = xferlen;
1405 }
1406
1407 /* fill Tx descriptor */
1408 *(uint32_t *)data->buf = UATH_MAKECTL(1, xferlen - sizeof (uint32_t));
1409
1410 desc->len = htobe32(totlen);
1411 desc->priv = sc->data_idx; /* don't care about endianness */
1412 desc->paylen = htobe32(paylen);
1413 desc->type = htobe32(UATH_TX_DATA);
1414 desc->flags = htobe32(0);
1415 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1416 desc->dest = htobe32(UATH_ID_BROADCAST);
1417 desc->magic = htobe32(3);
1418 } else {
1419 desc->dest = htobe32(UATH_ID_BSS);
1420 desc->magic = htobe32(1);
1421 }
1422
1423 m_freem(m0); /* mbuf is no longer needed */
1424
1425 #ifdef UATH_DEBUG
1426 if (uath_debug >= 6) {
1427 printf("sending frame index=%u len=%d xferlen=%d",
1428 sc->data_idx, paylen, xferlen);
1429 uath_dump_cmd(data->buf, xferlen, '+');
1430 }
1431 #endif
1432 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, xferlen,
1433 USBD_FORCE_SHORT_XFER | USBD_NO_COPY, UATH_DATA_TIMEOUT,
1434 uath_data_txeof);
1435 error = usbd_transfer(data->xfer);
1436 if (error != USBD_IN_PROGRESS && error != 0) {
1437 ic->ic_if.if_oerrors++;
1438 return error;
1439 }
1440 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT;
1441 sc->tx_queued++;
1442
1443 return 0;
1444 }
1445
1446 void
uath_start(struct ifnet * ifp)1447 uath_start(struct ifnet *ifp)
1448 {
1449 struct uath_softc *sc = ifp->if_softc;
1450 struct ieee80211com *ic = &sc->sc_ic;
1451 struct ieee80211_node *ni;
1452 struct mbuf *m0;
1453
1454 /*
1455 * net80211 may still try to send management frames even if the
1456 * IFF_RUNNING flag is not set...
1457 */
1458 if (!(ifp->if_flags & IFF_RUNNING) && ifq_is_oactive(&ifp->if_snd))
1459 return;
1460
1461 for (;;) {
1462 if (sc->tx_queued >= UATH_TX_DATA_LIST_COUNT) {
1463 ifq_set_oactive(&ifp->if_snd);
1464 break;
1465 }
1466
1467 m0 = mq_dequeue(&ic->ic_mgtq);
1468 if (m0 != NULL) {
1469 ni = m0->m_pkthdr.ph_cookie;
1470 #if NBPFILTER > 0
1471 if (ic->ic_rawbpf != NULL)
1472 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT);
1473 #endif
1474 if (uath_tx_data(sc, m0, ni) != 0)
1475 break;
1476 } else {
1477 if (ic->ic_state != IEEE80211_S_RUN)
1478 break;
1479
1480 m0 = ifq_dequeue(&ifp->if_snd);
1481 if (m0 == NULL)
1482 break;
1483 #if NBPFILTER > 0
1484 if (ifp->if_bpf != NULL)
1485 bpf_mtap(ifp->if_bpf, m0, BPF_DIRECTION_OUT);
1486 #endif
1487 m0 = ieee80211_encap(ifp, m0, &ni);
1488 if (m0 == NULL)
1489 continue;
1490 #if NBPFILTER > 0
1491 if (ic->ic_rawbpf != NULL)
1492 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT);
1493 #endif
1494 if (uath_tx_data(sc, m0, ni) != 0) {
1495 if (ni != NULL)
1496 ieee80211_release_node(ic, ni);
1497 ifp->if_oerrors++;
1498 break;
1499 }
1500 }
1501
1502 sc->sc_tx_timer = 5;
1503 ifp->if_timer = 1;
1504 }
1505 }
1506
1507 void
uath_watchdog(struct ifnet * ifp)1508 uath_watchdog(struct ifnet *ifp)
1509 {
1510 struct uath_softc *sc = ifp->if_softc;
1511
1512 ifp->if_timer = 0;
1513
1514 if (sc->sc_tx_timer > 0) {
1515 if (--sc->sc_tx_timer == 0) {
1516 printf("%s: device timeout\n", sc->sc_dev.dv_xname);
1517 /*uath_init(ifp); XXX needs a process context! */
1518 ifp->if_oerrors++;
1519 return;
1520 }
1521 ifp->if_timer = 1;
1522 }
1523
1524 ieee80211_watchdog(ifp);
1525 }
1526
1527 int
uath_ioctl(struct ifnet * ifp,u_long cmd,caddr_t data)1528 uath_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
1529 {
1530 int s, error = 0;
1531
1532 s = splnet();
1533
1534 switch (cmd) {
1535 case SIOCSIFADDR:
1536 ifp->if_flags |= IFF_UP;
1537 /* FALLTHROUGH */
1538 case SIOCSIFFLAGS:
1539 if (ifp->if_flags & IFF_UP) {
1540 if (!(ifp->if_flags & IFF_RUNNING))
1541 uath_init(ifp);
1542 } else {
1543 if (ifp->if_flags & IFF_RUNNING)
1544 uath_stop(ifp, 1);
1545 }
1546 break;
1547
1548 default:
1549 error = ieee80211_ioctl(ifp, cmd, data);
1550 }
1551
1552 if (error == ENETRESET) {
1553 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1554 (IFF_UP | IFF_RUNNING))
1555 uath_init(ifp);
1556 error = 0;
1557 }
1558
1559 splx(s);
1560
1561 return error;
1562 }
1563
1564 int
uath_query_eeprom(struct uath_softc * sc)1565 uath_query_eeprom(struct uath_softc *sc)
1566 {
1567 uint32_t tmp;
1568 int error;
1569
1570 /* retrieve MAC address */
1571 error = uath_read_eeprom(sc, UATH_EEPROM_MACADDR, sc->sc_ic.ic_myaddr);
1572 if (error != 0) {
1573 printf("%s: could not read MAC address\n",
1574 sc->sc_dev.dv_xname);
1575 return error;
1576 }
1577
1578 /* retrieve the maximum frame size that the hardware can receive */
1579 error = uath_read_eeprom(sc, UATH_EEPROM_RXBUFSZ, &tmp);
1580 if (error != 0) {
1581 printf("%s: could not read maximum Rx buffer size\n",
1582 sc->sc_dev.dv_xname);
1583 return error;
1584 }
1585 sc->rxbufsz = betoh32(tmp) & 0xfff;
1586 DPRINTF(("maximum Rx buffer size %d\n", sc->rxbufsz));
1587 return 0;
1588 }
1589
1590 int
uath_reset(struct uath_softc * sc)1591 uath_reset(struct uath_softc *sc)
1592 {
1593 struct uath_cmd_setup setup;
1594 uint32_t reg, val;
1595 int s, error;
1596
1597 /* init device with some voodoo incantations.. */
1598 setup.magic1 = htobe32(1);
1599 setup.magic2 = htobe32(5);
1600 setup.magic3 = htobe32(200);
1601 setup.magic4 = htobe32(27);
1602 s = splusb();
1603 error = uath_cmd_write(sc, UATH_CMD_SETUP, &setup, sizeof setup,
1604 UATH_CMD_FLAG_ASYNC);
1605 /* ..and wait until firmware notifies us that it is ready */
1606 if (error == 0)
1607 error = tsleep_nsec(UATH_COND_INIT(sc), PCATCH, "uathinit",
1608 SEC_TO_NSEC(5));
1609 splx(s);
1610 if (error != 0)
1611 return error;
1612
1613 /* read PHY registers */
1614 for (reg = 0x09; reg <= 0x24; reg++) {
1615 if (reg == 0x0b || reg == 0x0c)
1616 continue;
1617 DELAY(100);
1618 if ((error = uath_read_reg(sc, reg, &val)) != 0)
1619 return error;
1620 DPRINTFN(2, ("reg 0x%02x=0x%08x\n", reg, val));
1621 }
1622 return error;
1623 }
1624
1625 int
uath_reset_tx_queues(struct uath_softc * sc)1626 uath_reset_tx_queues(struct uath_softc *sc)
1627 {
1628 int ac, error;
1629
1630 for (ac = 0; ac < 4; ac++) {
1631 const uint32_t qid = htobe32(UATH_AC_TO_QID(ac));
1632
1633 DPRINTF(("resetting Tx queue %d\n", UATH_AC_TO_QID(ac)));
1634 error = uath_cmd_write(sc, UATH_CMD_RESET_QUEUE, &qid,
1635 sizeof qid, 0);
1636 if (error != 0)
1637 break;
1638 }
1639 return error;
1640 }
1641
1642 int
uath_wme_init(struct uath_softc * sc)1643 uath_wme_init(struct uath_softc *sc)
1644 {
1645 struct uath_qinfo qinfo;
1646 int ac, error;
1647 static const struct uath_wme_settings uath_wme_11g[4] = {
1648 { 7, 4, 10, 0, 0 }, /* Background */
1649 { 3, 4, 10, 0, 0 }, /* Best-Effort */
1650 { 3, 3, 4, 26, 0 }, /* Video */
1651 { 2, 2, 3, 47, 0 } /* Voice */
1652 };
1653
1654 bzero(&qinfo, sizeof qinfo);
1655 qinfo.size = htobe32(32);
1656 qinfo.magic1 = htobe32(1); /* XXX ack policy? */
1657 qinfo.magic2 = htobe32(1);
1658 for (ac = 0; ac < 4; ac++) {
1659 qinfo.qid = htobe32(UATH_AC_TO_QID(ac));
1660 qinfo.ac = htobe32(ac);
1661 qinfo.aifsn = htobe32(uath_wme_11g[ac].aifsn);
1662 qinfo.logcwmin = htobe32(uath_wme_11g[ac].logcwmin);
1663 qinfo.logcwmax = htobe32(uath_wme_11g[ac].logcwmax);
1664 qinfo.txop = htobe32(UATH_TXOP_TO_US(
1665 uath_wme_11g[ac].txop));
1666 qinfo.acm = htobe32(uath_wme_11g[ac].acm);
1667
1668 DPRINTF(("setting up Tx queue %d\n", UATH_AC_TO_QID(ac)));
1669 error = uath_cmd_write(sc, UATH_CMD_SET_QUEUE, &qinfo,
1670 sizeof qinfo, 0);
1671 if (error != 0)
1672 break;
1673 }
1674 return error;
1675 }
1676
1677 int
uath_set_chan(struct uath_softc * sc,struct ieee80211_channel * c)1678 uath_set_chan(struct uath_softc *sc, struct ieee80211_channel *c)
1679 {
1680 struct uath_set_chan chan;
1681
1682 bzero(&chan, sizeof chan);
1683 chan.flags = htobe32(0x1400);
1684 chan.freq = htobe32(c->ic_freq);
1685 chan.magic1 = htobe32(20);
1686 chan.magic2 = htobe32(50);
1687 chan.magic3 = htobe32(1);
1688
1689 DPRINTF(("switching to channel %d\n",
1690 ieee80211_chan2ieee(&sc->sc_ic, c)));
1691 return uath_cmd_write(sc, UATH_CMD_SET_CHAN, &chan, sizeof chan, 0);
1692 }
1693
1694 int
uath_set_key(struct uath_softc * sc,const struct ieee80211_key * k,int index)1695 uath_set_key(struct uath_softc *sc, const struct ieee80211_key *k, int index)
1696 {
1697 struct uath_cmd_crypto crypto;
1698 int i;
1699
1700 bzero(&crypto, sizeof crypto);
1701 crypto.keyidx = htobe32(index);
1702 crypto.magic1 = htobe32(1);
1703 crypto.size = htobe32(368);
1704 crypto.mask = htobe32(0xffff);
1705 crypto.flags = htobe32(0x80000068);
1706 if (index != UATH_DEFAULT_KEY)
1707 crypto.flags |= htobe32(index << 16);
1708 memset(crypto.magic2, 0xff, sizeof crypto.magic2);
1709
1710 /*
1711 * Each byte of the key must be XOR'ed with 10101010 before being
1712 * transmitted to the firmware.
1713 */
1714 for (i = 0; i < k->k_len; i++)
1715 crypto.key[i] = k->k_key[i] ^ 0xaa;
1716
1717 DPRINTF(("setting crypto key index=%d len=%d\n", index, k->k_len));
1718 return uath_cmd_write(sc, UATH_CMD_CRYPTO, &crypto, sizeof crypto, 0);
1719 }
1720
1721 int
uath_set_keys(struct uath_softc * sc)1722 uath_set_keys(struct uath_softc *sc)
1723 {
1724 const struct ieee80211com *ic = &sc->sc_ic;
1725 int i, error;
1726
1727 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
1728 const struct ieee80211_key *k = &ic->ic_nw_keys[i];
1729
1730 if (k->k_len > 0 && (error = uath_set_key(sc, k, i)) != 0)
1731 return error;
1732 }
1733 return uath_set_key(sc, &ic->ic_nw_keys[ic->ic_wep_txkey],
1734 UATH_DEFAULT_KEY);
1735 }
1736
1737 int
uath_set_rates(struct uath_softc * sc,const struct ieee80211_rateset * rs)1738 uath_set_rates(struct uath_softc *sc, const struct ieee80211_rateset *rs)
1739 {
1740 struct uath_cmd_rates rates;
1741
1742 bzero(&rates, sizeof rates);
1743 rates.magic1 = htobe32(0x02);
1744 rates.size = htobe32(1 + sizeof rates.rates);
1745 rates.nrates = rs->rs_nrates;
1746 bcopy(rs->rs_rates, rates.rates, rs->rs_nrates);
1747
1748 DPRINTF(("setting supported rates nrates=%d\n", rs->rs_nrates));
1749 return uath_cmd_write(sc, UATH_CMD_SET_RATES, &rates, sizeof rates, 0);
1750 }
1751
1752 int
uath_set_rxfilter(struct uath_softc * sc,uint32_t filter,uint32_t flags)1753 uath_set_rxfilter(struct uath_softc *sc, uint32_t filter, uint32_t flags)
1754 {
1755 struct uath_cmd_filter rxfilter;
1756
1757 rxfilter.filter = htobe32(filter);
1758 rxfilter.flags = htobe32(flags);
1759
1760 DPRINTF(("setting Rx filter=0x%x flags=0x%x\n", filter, flags));
1761 return uath_cmd_write(sc, UATH_CMD_SET_FILTER, &rxfilter,
1762 sizeof rxfilter, 0);
1763 }
1764
1765 int
uath_set_led(struct uath_softc * sc,int which,int on)1766 uath_set_led(struct uath_softc *sc, int which, int on)
1767 {
1768 struct uath_cmd_led led;
1769
1770 led.which = htobe32(which);
1771 led.state = htobe32(on ? UATH_LED_ON : UATH_LED_OFF);
1772
1773 DPRINTFN(2, ("switching %s led %s\n",
1774 (which == UATH_LED_LINK) ? "link" : "activity",
1775 on ? "on" : "off"));
1776 return uath_cmd_write(sc, UATH_CMD_SET_LED, &led, sizeof led, 0);
1777 }
1778
1779 int
uath_switch_channel(struct uath_softc * sc,struct ieee80211_channel * c)1780 uath_switch_channel(struct uath_softc *sc, struct ieee80211_channel *c)
1781 {
1782 uint32_t val;
1783 int error;
1784
1785 /* set radio frequency */
1786 if ((error = uath_set_chan(sc, c)) != 0) {
1787 printf("%s: could not set channel\n", sc->sc_dev.dv_xname);
1788 return error;
1789 }
1790
1791 /* reset Tx rings */
1792 if ((error = uath_reset_tx_queues(sc)) != 0) {
1793 printf("%s: could not reset Tx queues\n",
1794 sc->sc_dev.dv_xname);
1795 return error;
1796 }
1797
1798 /* set Tx rings WME properties */
1799 if ((error = uath_wme_init(sc)) != 0) {
1800 printf("%s: could not init Tx queues\n",
1801 sc->sc_dev.dv_xname);
1802 return error;
1803 }
1804
1805 val = htobe32(0);
1806 error = uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0);
1807 if (error != 0) {
1808 printf("%s: could not set state\n", sc->sc_dev.dv_xname);
1809 return error;
1810 }
1811
1812 return uath_tx_null(sc);
1813 }
1814
1815 int
uath_init(struct ifnet * ifp)1816 uath_init(struct ifnet *ifp)
1817 {
1818 struct uath_softc *sc = ifp->if_softc;
1819 struct ieee80211com *ic = &sc->sc_ic;
1820 struct uath_cmd_31 cmd31;
1821 uint32_t val;
1822 int i, error;
1823
1824 /* reset data and command rings */
1825 sc->tx_queued = sc->data_idx = sc->cmd_idx = 0;
1826
1827 val = htobe32(0);
1828 (void)uath_cmd_write(sc, UATH_CMD_02, &val, sizeof val, 0);
1829
1830 /* set MAC address */
1831 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl));
1832 (void)uath_write_multi(sc, 0x13, ic->ic_myaddr, IEEE80211_ADDR_LEN);
1833
1834 (void)uath_write_reg(sc, 0x02, 0x00000001);
1835 (void)uath_write_reg(sc, 0x0e, 0x0000003f);
1836 (void)uath_write_reg(sc, 0x10, 0x00000001);
1837 (void)uath_write_reg(sc, 0x06, 0x0000001e);
1838
1839 /*
1840 * Queue Rx data xfers.
1841 */
1842 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) {
1843 struct uath_rx_data *data = &sc->rx_data[i];
1844
1845 usbd_setup_xfer(data->xfer, sc->data_rx_pipe, data, data->buf,
1846 sc->rxbufsz, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT,
1847 uath_data_rxeof);
1848 error = usbd_transfer(data->xfer);
1849 if (error != USBD_IN_PROGRESS && error != 0) {
1850 printf("%s: could not queue Rx transfer\n",
1851 sc->sc_dev.dv_xname);
1852 goto fail;
1853 }
1854 }
1855
1856 error = uath_cmd_read(sc, UATH_CMD_07, NULL, 0, &val,
1857 UATH_CMD_FLAG_MAGIC);
1858 if (error != 0) {
1859 printf("%s: could not send read command 07h\n",
1860 sc->sc_dev.dv_xname);
1861 goto fail;
1862 }
1863 DPRINTF(("command 07h return code: %x\n", betoh32(val)));
1864
1865 /* set default channel */
1866 ic->ic_bss->ni_chan = ic->ic_ibss_chan;
1867 if ((error = uath_set_chan(sc, ic->ic_bss->ni_chan)) != 0) {
1868 printf("%s: could not set channel\n", sc->sc_dev.dv_xname);
1869 goto fail;
1870 }
1871
1872 if ((error = uath_wme_init(sc)) != 0) {
1873 printf("%s: could not setup WME parameters\n",
1874 sc->sc_dev.dv_xname);
1875 goto fail;
1876 }
1877
1878 /* init MAC registers */
1879 (void)uath_write_reg(sc, 0x19, 0x00000000);
1880 (void)uath_write_reg(sc, 0x1a, 0x0000003c);
1881 (void)uath_write_reg(sc, 0x1b, 0x0000003c);
1882 (void)uath_write_reg(sc, 0x1c, 0x00000000);
1883 (void)uath_write_reg(sc, 0x1e, 0x00000000);
1884 (void)uath_write_reg(sc, 0x1f, 0x00000003);
1885 (void)uath_write_reg(sc, 0x0c, 0x00000000);
1886 (void)uath_write_reg(sc, 0x0f, 0x00000002);
1887 (void)uath_write_reg(sc, 0x0a, 0x00000007); /* XXX retry? */
1888 (void)uath_write_reg(sc, 0x09, ic->ic_rtsthreshold);
1889
1890 val = htobe32(4);
1891 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0);
1892 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0);
1893 (void)uath_cmd_write(sc, UATH_CMD_1B, NULL, 0, 0);
1894
1895 if ((error = uath_set_keys(sc)) != 0) {
1896 printf("%s: could not set crypto keys\n",
1897 sc->sc_dev.dv_xname);
1898 goto fail;
1899 }
1900
1901 /* enable Rx */
1902 (void)uath_set_rxfilter(sc, 0x0000, 4);
1903 (void)uath_set_rxfilter(sc, 0x0817, 1);
1904
1905 cmd31.magic1 = htobe32(0xffffffff);
1906 cmd31.magic2 = htobe32(0xffffffff);
1907 (void)uath_cmd_write(sc, UATH_CMD_31, &cmd31, sizeof cmd31, 0);
1908
1909 ifp->if_flags |= IFF_RUNNING;
1910 ifq_clr_oactive(&ifp->if_snd);
1911
1912 if (ic->ic_opmode == IEEE80211_M_MONITOR)
1913 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1914 else
1915 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
1916
1917 return 0;
1918
1919 fail: uath_stop(ifp, 1);
1920 return error;
1921 }
1922
1923 void
uath_stop(struct ifnet * ifp,int disable)1924 uath_stop(struct ifnet *ifp, int disable)
1925 {
1926 struct uath_softc *sc = ifp->if_softc;
1927 struct ieee80211com *ic = &sc->sc_ic;
1928 uint32_t val;
1929 int s;
1930
1931 s = splusb();
1932
1933 sc->sc_tx_timer = 0;
1934 ifp->if_timer = 0;
1935 ifp->if_flags &= ~IFF_RUNNING;
1936 ifq_clr_oactive(&ifp->if_snd);
1937
1938 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); /* free all nodes */
1939
1940 val = htobe32(0);
1941 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0);
1942 (void)uath_cmd_write(sc, UATH_CMD_RESET, NULL, 0, 0);
1943
1944 val = htobe32(0);
1945 (void)uath_cmd_write(sc, UATH_CMD_15, &val, sizeof val, 0);
1946
1947 #if 0
1948 (void)uath_cmd_read(sc, UATH_CMD_SHUTDOWN, NULL, 0, NULL,
1949 UATH_CMD_FLAG_MAGIC);
1950 #endif
1951
1952 /* abort any pending transfers */
1953 usbd_abort_pipe(sc->data_tx_pipe);
1954 usbd_abort_pipe(sc->data_rx_pipe);
1955 usbd_abort_pipe(sc->cmd_tx_pipe);
1956
1957 splx(s);
1958 }
1959
1960 /*
1961 * Load the MIPS R4000 microcode into the device. Once the image is loaded,
1962 * the device will detach itself from the bus and reattach later with a new
1963 * product Id (a la ezusb). XXX this could also be implemented in userland
1964 * through /dev/ugen.
1965 */
1966 int
uath_loadfirmware(struct uath_softc * sc,const u_char * fw,int len)1967 uath_loadfirmware(struct uath_softc *sc, const u_char *fw, int len)
1968 {
1969 struct usbd_xfer *ctlxfer, *txxfer, *rxxfer;
1970 struct uath_fwblock *txblock, *rxblock;
1971 uint8_t *txdata;
1972 int error = 0;
1973
1974 if ((ctlxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) {
1975 printf("%s: could not allocate Tx control xfer\n",
1976 sc->sc_dev.dv_xname);
1977 error = USBD_NOMEM;
1978 goto fail1;
1979 }
1980 txblock = usbd_alloc_buffer(ctlxfer, sizeof (struct uath_fwblock));
1981 if (txblock == NULL) {
1982 printf("%s: could not allocate Tx control block\n",
1983 sc->sc_dev.dv_xname);
1984 error = USBD_NOMEM;
1985 goto fail2;
1986 }
1987
1988 if ((txxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) {
1989 printf("%s: could not allocate Tx xfer\n",
1990 sc->sc_dev.dv_xname);
1991 error = USBD_NOMEM;
1992 goto fail2;
1993 }
1994 txdata = usbd_alloc_buffer(txxfer, UATH_MAX_FWBLOCK_SIZE);
1995 if (txdata == NULL) {
1996 printf("%s: could not allocate Tx buffer\n",
1997 sc->sc_dev.dv_xname);
1998 error = USBD_NOMEM;
1999 goto fail3;
2000 }
2001
2002 if ((rxxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) {
2003 printf("%s: could not allocate Rx control xfer\n",
2004 sc->sc_dev.dv_xname);
2005 error = USBD_NOMEM;
2006 goto fail3;
2007 }
2008 rxblock = usbd_alloc_buffer(rxxfer, sizeof (struct uath_fwblock));
2009 if (rxblock == NULL) {
2010 printf("%s: could not allocate Rx control block\n",
2011 sc->sc_dev.dv_xname);
2012 error = USBD_NOMEM;
2013 goto fail4;
2014 }
2015
2016 bzero(txblock, sizeof (struct uath_fwblock));
2017 txblock->flags = htobe32(UATH_WRITE_BLOCK);
2018 txblock->total = htobe32(len);
2019
2020 while (len > 0) {
2021 int mlen = min(len, UATH_MAX_FWBLOCK_SIZE);
2022
2023 txblock->remain = htobe32(len - mlen);
2024 txblock->len = htobe32(mlen);
2025
2026 DPRINTF(("sending firmware block: %d bytes remaining\n",
2027 len - mlen));
2028
2029 /* send firmware block meta-data */
2030 usbd_setup_xfer(ctlxfer, sc->cmd_tx_pipe, sc, txblock,
2031 sizeof (struct uath_fwblock),
2032 USBD_NO_COPY | USBD_SYNCHRONOUS,
2033 UATH_CMD_TIMEOUT, NULL);
2034 if ((error = usbd_transfer(ctlxfer)) != 0) {
2035 printf("%s: could not send firmware block info\n",
2036 sc->sc_dev.dv_xname);
2037 break;
2038 }
2039
2040 /* send firmware block data */
2041 bcopy(fw, txdata, mlen);
2042 usbd_setup_xfer(txxfer, sc->data_tx_pipe, sc, txdata, mlen,
2043 USBD_NO_COPY | USBD_SYNCHRONOUS, UATH_DATA_TIMEOUT, NULL);
2044 if ((error = usbd_transfer(txxfer)) != 0) {
2045 printf("%s: could not send firmware block data\n",
2046 sc->sc_dev.dv_xname);
2047 break;
2048 }
2049
2050 /* wait for ack from firmware */
2051 usbd_setup_xfer(rxxfer, sc->cmd_rx_pipe, sc, rxblock,
2052 sizeof (struct uath_fwblock), USBD_SHORT_XFER_OK |
2053 USBD_NO_COPY | USBD_SYNCHRONOUS, UATH_CMD_TIMEOUT, NULL);
2054 if ((error = usbd_transfer(rxxfer)) != 0) {
2055 printf("%s: could not read firmware answer\n",
2056 sc->sc_dev.dv_xname);
2057 break;
2058 }
2059
2060 DPRINTFN(2, ("rxblock flags=0x%x total=%d\n",
2061 betoh32(rxblock->flags), betoh32(rxblock->rxtotal)));
2062 fw += mlen;
2063 len -= mlen;
2064 }
2065
2066 fail4: usbd_free_xfer(rxxfer);
2067 fail3: usbd_free_xfer(txxfer);
2068 fail2: usbd_free_xfer(ctlxfer);
2069 fail1: return error;
2070 }
2071