1 /* $OpenBSD: acx.c,v 1.97 2010/08/27 17:08:00 jsg Exp $ */ 2 3 /* 4 * Copyright (c) 2006 Jonathan Gray <jsg@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * Copyright (c) 2006 The DragonFly Project. All rights reserved. 21 * 22 * This code is derived from software contributed to The DragonFly Project 23 * by Sepherosa Ziehau <sepherosa@gmail.com> 24 * 25 * Redistribution and use in source and binary forms, with or without 26 * modification, are permitted provided that the following conditions 27 * are met: 28 * 29 * 1. Redistributions of source code must retain the above copyright 30 * notice, this list of conditions and the following disclaimer. 31 * 2. Redistributions in binary form must reproduce the above copyright 32 * notice, this list of conditions and the following disclaimer in 33 * the documentation and/or other materials provided with the 34 * distribution. 35 * 3. Neither the name of The DragonFly Project nor the names of its 36 * contributors may be used to endorse or promote products derived 37 * from this software without specific, prior written permission. 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 40 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 41 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 42 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 43 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 44 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 45 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 47 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 48 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 49 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 */ 52 53 /* 54 * Copyright (c) 2003-2004 wlan.kewl.org Project 55 * All rights reserved. 56 * 57 * Redistribution and use in source and binary forms, with or without 58 * modification, are permitted provided that the following conditions 59 * are met: 60 * 61 * 1. Redistributions of source code must retain the above copyright 62 * notice, this list of conditions and the following disclaimer. 63 * 64 * 2. Redistributions in binary form must reproduce the above copyright 65 * notice, this list of conditions and the following disclaimer in the 66 * documentation and/or other materials provided with the distribution. 67 * 68 * 3. All advertising materials mentioning features or use of this software 69 * must display the following acknowledgement: 70 * 71 * This product includes software developed by the wlan.kewl.org Project. 72 * 73 * 4. Neither the name of the wlan.kewl.org Project nor the names of its 74 * contributors may be used to endorse or promote products derived from 75 * this software without specific prior written permission. 76 * 77 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, 78 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY 79 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 80 * THE wlan.kewl.org Project BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 81 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 82 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 83 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 84 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 85 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 86 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 87 */ 88 89 #include <sys/cdefs.h> 90 #include "bpfilter.h" 91 92 #include <sys/param.h> 93 #include <sys/systm.h> 94 #include <sys/kernel.h> 95 #include <sys/malloc.h> 96 #include <sys/mbuf.h> 97 #include <sys/proc.h> 98 #include <sys/socket.h> 99 #include <sys/sockio.h> 100 #include <sys/ioctl.h> 101 #include <sys/types.h> 102 103 #include <machine/bus.h> 104 #include <machine/endian.h> 105 #include <machine/intr.h> 106 107 #include <net/if.h> 108 #include <net/if_arp.h> 109 #include <net/if_dl.h> 110 #include <net/if_media.h> 111 #include <net/if_types.h> 112 113 #if NBPFILTER > 0 114 #include <net/bpf.h> 115 #endif 116 117 #ifdef INET 118 #include <netinet/in.h> 119 #include <netinet/in_systm.h> 120 #include <netinet/in_var.h> 121 #include <netinet/if_ether.h> 122 #include <netinet/ip.h> 123 #endif 124 125 #include <net80211/ieee80211_var.h> 126 #include <net80211/ieee80211_amrr.h> 127 #include <net80211/ieee80211_radiotap.h> 128 129 #include <dev/pci/pcireg.h> 130 #include <dev/pci/pcivar.h> 131 #include <dev/pci/pcidevs.h> 132 133 #include <dev/ic/acxvar.h> 134 #include <dev/ic/acxreg.h> 135 136 #ifdef ACX_DEBUG 137 int acxdebug = 0; 138 #endif 139 140 int acx_attach(struct acx_softc *); 141 int acx_detach(void *); 142 143 int acx_init(struct ifnet *); 144 int acx_stop(struct acx_softc *); 145 void acx_init_info_reg(struct acx_softc *); 146 int acx_config(struct acx_softc *); 147 int acx_read_config(struct acx_softc *, struct acx_config *); 148 int acx_write_config(struct acx_softc *, struct acx_config *); 149 int acx_rx_config(struct acx_softc *); 150 int acx_set_crypt_keys(struct acx_softc *); 151 void acx_next_scan(void *); 152 153 void acx_start(struct ifnet *); 154 void acx_watchdog(struct ifnet *); 155 156 int acx_ioctl(struct ifnet *, u_long, caddr_t); 157 158 int acx_intr(void *); 159 void acx_disable_intr(struct acx_softc *); 160 void acx_enable_intr(struct acx_softc *); 161 void acx_txeof(struct acx_softc *); 162 void acx_txerr(struct acx_softc *, uint8_t); 163 void acx_rxeof(struct acx_softc *); 164 165 int acx_dma_alloc(struct acx_softc *); 166 void acx_dma_free(struct acx_softc *); 167 void acx_init_tx_ring(struct acx_softc *); 168 int acx_init_rx_ring(struct acx_softc *); 169 int acx_newbuf(struct acx_softc *, struct acx_rxbuf *, int); 170 int acx_encap(struct acx_softc *, struct acx_txbuf *, 171 struct mbuf *, struct ieee80211_node *, int); 172 173 int acx_reset(struct acx_softc *); 174 175 int acx_set_null_tmplt(struct acx_softc *); 176 int acx_set_probe_req_tmplt(struct acx_softc *, const char *, int); 177 #ifndef IEEE80211_STA_ONLY 178 int acx_set_probe_resp_tmplt(struct acx_softc *, struct ieee80211_node *); 179 int acx_beacon_locate(struct mbuf *, u_int8_t); 180 int acx_set_beacon_tmplt(struct acx_softc *, struct ieee80211_node *); 181 #endif 182 183 int acx_read_eeprom(struct acx_softc *, uint32_t, uint8_t *); 184 int acx_read_phyreg(struct acx_softc *, uint32_t, uint8_t *); 185 const char * acx_get_rf(int); 186 int acx_get_maxrssi(int); 187 188 int acx_load_firmware(struct acx_softc *, uint32_t, 189 const uint8_t *, int); 190 int acx_load_radio_firmware(struct acx_softc *, const char *); 191 int acx_load_base_firmware(struct acx_softc *, const char *); 192 193 struct ieee80211_node 194 *acx_node_alloc(struct ieee80211com *); 195 int acx_newstate(struct ieee80211com *, enum ieee80211_state, int); 196 197 void acx_init_cmd_reg(struct acx_softc *); 198 int acx_join_bss(struct acx_softc *, uint8_t, struct ieee80211_node *); 199 int acx_set_channel(struct acx_softc *, uint8_t); 200 int acx_init_radio(struct acx_softc *, uint32_t, uint32_t); 201 202 void acx_iter_func(void *, struct ieee80211_node *); 203 void acx_amrr_timeout(void *); 204 void acx_newassoc(struct ieee80211com *, struct ieee80211_node *, int); 205 206 int acx_beacon_intvl = 100; /* 100 TU */ 207 208 /* 209 * Possible values for the second parameter of acx_join_bss() 210 */ 211 #define ACX_MODE_ADHOC 0 212 #define ACX_MODE_UNUSED 1 213 #define ACX_MODE_STA 2 214 #define ACX_MODE_AP 3 215 216 struct cfdriver acx_cd = { 217 NULL, "acx", DV_IFNET 218 }; 219 220 int 221 acx_attach(struct acx_softc *sc) 222 { 223 struct ieee80211com *ic = &sc->sc_ic; 224 struct ifnet *ifp = &sc->sc_ic.ic_if; 225 int i, error; 226 227 /* Initialize channel scanning timer */ 228 timeout_set(&sc->sc_chanscan_timer, acx_next_scan, sc); 229 230 /* Allocate busdma stuffs */ 231 error = acx_dma_alloc(sc); 232 if (error) { 233 printf("%s: attach failed, could not allocate DMA!\n", 234 sc->sc_dev.dv_xname); 235 return (error); 236 } 237 238 /* Reset Hardware */ 239 error = acx_reset(sc); 240 if (error) { 241 printf("%s: attach failed, could not reset device!\n", 242 sc->sc_dev.dv_xname); 243 return (error); 244 } 245 246 /* Disable interrupts before firmware is loaded */ 247 acx_disable_intr(sc); 248 249 /* Get radio type and form factor */ 250 #define EEINFO_RETRY_MAX 50 251 for (i = 0; i < EEINFO_RETRY_MAX; ++i) { 252 uint16_t ee_info; 253 254 ee_info = CSR_READ_2(sc, ACXREG_EEPROM_INFO); 255 if (ACX_EEINFO_HAS_RADIO_TYPE(ee_info)) { 256 sc->sc_form_factor = ACX_EEINFO_FORM_FACTOR(ee_info); 257 sc->sc_radio_type = ACX_EEINFO_RADIO_TYPE(ee_info); 258 break; 259 } 260 DELAY(10000); 261 } 262 if (i == EEINFO_RETRY_MAX) { 263 printf("%s: attach failed, could not get radio type!\n", 264 sc->sc_dev.dv_xname); 265 return (ENXIO); 266 } 267 #undef EEINFO_RETRY_MAX 268 269 #ifdef DUMP_EEPROM 270 for (i = 0; i < 0x40; ++i) { 271 uint8_t val; 272 273 error = acx_read_eeprom(sc, i, &val); 274 if (error) 275 return (error); 276 if (i % 10 == 0) 277 printf("\n"); 278 printf("%02x ", val); 279 } 280 printf("\n"); 281 #endif /* DUMP_EEPROM */ 282 283 /* Get EEPROM version */ 284 error = acx_read_eeprom(sc, ACX_EE_VERSION_OFS, &sc->sc_eeprom_ver); 285 if (error) { 286 printf("%s: attach failed, could not get EEPROM version!\n", 287 sc->sc_dev.dv_xname); 288 return (error); 289 } 290 291 ifp->if_softc = sc; 292 ifp->if_ioctl = acx_ioctl; 293 ifp->if_start = acx_start; 294 ifp->if_watchdog = acx_watchdog; 295 ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST; 296 strlcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 297 IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN); 298 IFQ_SET_READY(&ifp->if_snd); 299 300 /* Set channels */ 301 for (i = 1; i <= 14; ++i) { 302 ic->ic_channels[i].ic_freq = 303 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 304 ic->ic_channels[i].ic_flags = sc->chip_chan_flags; 305 } 306 307 ic->ic_opmode = IEEE80211_M_STA; 308 ic->ic_state = IEEE80211_S_INIT; 309 310 /* 311 * NOTE: Don't overwrite ic_caps set by chip specific code 312 */ 313 ic->ic_caps = 314 IEEE80211_C_WEP | /* WEP */ 315 IEEE80211_C_MONITOR | /* Monitor mode */ 316 #ifndef IEEE80211_STA_ONLY 317 IEEE80211_C_IBSS | /* IBSS mode */ 318 IEEE80211_C_HOSTAP | /* Access Point */ 319 #endif 320 IEEE80211_C_SHPREAMBLE; /* Short preamble */ 321 322 /* Get station id */ 323 for (i = 0; i < IEEE80211_ADDR_LEN; ++i) { 324 error = acx_read_eeprom(sc, sc->chip_ee_eaddr_ofs - i, 325 &ic->ic_myaddr[i]); 326 if (error) { 327 printf("%s: attach failed, could not get station id\n", 328 sc->sc_dev.dv_xname); 329 return error; 330 } 331 } 332 333 printf("%s: %s, radio %s (0x%02x), EEPROM ver %u, address %s\n", 334 sc->sc_dev.dv_xname, 335 (sc->sc_flags & ACX_FLAG_ACX111) ? "ACX111" : "ACX100", 336 acx_get_rf(sc->sc_radio_type), sc->sc_radio_type, 337 sc->sc_eeprom_ver, ether_sprintf(ic->ic_myaddr)); 338 339 if_attach(ifp); 340 ieee80211_ifattach(ifp); 341 342 /* Override node alloc */ 343 ic->ic_node_alloc = acx_node_alloc; 344 ic->ic_newassoc = acx_newassoc; 345 346 /* Override newstate */ 347 sc->sc_newstate = ic->ic_newstate; 348 ic->ic_newstate = acx_newstate; 349 350 /* Set maximal rssi */ 351 ic->ic_max_rssi = acx_get_maxrssi(sc->sc_radio_type); 352 353 ieee80211_media_init(ifp, ieee80211_media_change, 354 ieee80211_media_status); 355 356 /* AMRR rate control */ 357 sc->amrr.amrr_min_success_threshold = 1; 358 sc->amrr.amrr_max_success_threshold = 15; 359 timeout_set(&sc->amrr_ch, acx_amrr_timeout, sc); 360 361 sc->sc_long_retry_limit = 4; 362 sc->sc_short_retry_limit = 7; 363 sc->sc_msdu_lifetime = 4096; 364 365 #if NBPFILTER > 0 366 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 367 sizeof(struct ieee80211_frame) + 64); 368 369 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 370 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 371 sc->sc_rxtap.wr_ihdr.it_present = htole32(ACX_RX_RADIOTAP_PRESENT); 372 373 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 374 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 375 sc->sc_txtap.wt_ihdr.it_present = htole32(ACX_TX_RADIOTAP_PRESENT); 376 #endif 377 378 return (0); 379 } 380 381 int 382 acx_detach(void *xsc) 383 { 384 struct acx_softc *sc = xsc; 385 struct ieee80211com *ic = &sc->sc_ic; 386 struct ifnet *ifp = &ic->ic_if; 387 388 acx_stop(sc); 389 ieee80211_ifdetach(ifp); 390 if_detach(ifp); 391 392 acx_dma_free(sc); 393 394 return (0); 395 } 396 397 int 398 acx_init(struct ifnet *ifp) 399 { 400 struct acx_softc *sc = ifp->if_softc; 401 struct ieee80211com *ic = &sc->sc_ic; 402 char fname[] = "tiacx111c16"; 403 int error, combined = 0; 404 405 error = acx_stop(sc); 406 if (error) 407 return (EIO); 408 409 /* enable card if possible */ 410 if (sc->sc_enable != NULL) { 411 error = (*sc->sc_enable)(sc); 412 if (error) 413 return (EIO); 414 } 415 416 acx_init_tx_ring(sc); 417 418 error = acx_init_rx_ring(sc); 419 if (error) { 420 printf("%s: can't initialize RX ring\n", 421 sc->sc_dev.dv_xname); 422 goto back; 423 } 424 425 if (sc->sc_flags & ACX_FLAG_ACX111) { 426 snprintf(fname, sizeof(fname), "tiacx111c%02X", 427 sc->sc_radio_type); 428 error = acx_load_base_firmware(sc, fname); 429 430 if (!error) 431 combined = 1; 432 } 433 434 if (!combined) { 435 snprintf(fname, sizeof(fname), "tiacx%s", 436 (sc->sc_flags & ACX_FLAG_ACX111) ? "111" : "100"); 437 error = acx_load_base_firmware(sc, fname); 438 } 439 440 if (error) 441 goto back; 442 443 /* 444 * Initialize command and information registers 445 * NOTE: This should be done after base firmware is loaded 446 */ 447 acx_init_cmd_reg(sc); 448 acx_init_info_reg(sc); 449 450 sc->sc_flags |= ACX_FLAG_FW_LOADED; 451 452 if (!combined) { 453 snprintf(fname, sizeof(fname), "tiacx%sr%02X", 454 (sc->sc_flags & ACX_FLAG_ACX111) ? "111" : "100", 455 sc->sc_radio_type); 456 error = acx_load_radio_firmware(sc, fname); 457 458 if (error) 459 goto back; 460 } 461 462 error = sc->chip_init(sc); 463 if (error) 464 goto back; 465 466 /* Get and set device various configuration */ 467 error = acx_config(sc); 468 if (error) 469 goto back; 470 471 /* Setup crypto stuffs */ 472 if (sc->sc_ic.ic_flags & IEEE80211_F_WEPON) { 473 error = acx_set_crypt_keys(sc); 474 if (error) 475 goto back; 476 } 477 478 /* Turn on power led */ 479 CSR_CLRB_2(sc, ACXREG_GPIO_OUT, sc->chip_gpio_pled); 480 481 acx_enable_intr(sc); 482 483 ifp->if_flags |= IFF_RUNNING; 484 ifp->if_flags &= ~IFF_OACTIVE; 485 486 if (ic->ic_opmode != IEEE80211_M_MONITOR) 487 /* start background scanning */ 488 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 489 else 490 /* in monitor mode change directly into run state */ 491 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 492 493 return (0); 494 back: 495 acx_stop(sc); 496 return (error); 497 } 498 499 void 500 acx_init_info_reg(struct acx_softc *sc) 501 { 502 sc->sc_info = CSR_READ_4(sc, ACXREG_INFO_REG_OFFSET); 503 sc->sc_info_param = sc->sc_info + ACX_INFO_REG_SIZE; 504 } 505 506 int 507 acx_set_crypt_keys(struct acx_softc *sc) 508 { 509 struct ieee80211com *ic = &sc->sc_ic; 510 struct acx_conf_wep_txkey wep_txkey; 511 int i, error, got_wk = 0; 512 513 for (i = 0; i < IEEE80211_WEP_NKID; ++i) { 514 struct ieee80211_key *k = &ic->ic_nw_keys[i]; 515 516 if (k->k_len == 0) 517 continue; 518 519 if (sc->chip_hw_crypt) { 520 error = sc->chip_set_wepkey(sc, k, i); 521 if (error) 522 return (error); 523 got_wk = 1; 524 } 525 } 526 527 if (!got_wk) 528 return (0); 529 530 /* Set current WEP key index */ 531 wep_txkey.wep_txkey = ic->ic_wep_txkey; 532 if (acx_set_conf(sc, ACX_CONF_WEP_TXKEY, &wep_txkey, 533 sizeof(wep_txkey)) != 0) { 534 printf("%s: set WEP txkey failed\n", sc->sc_dev.dv_xname); 535 return (ENXIO); 536 } 537 538 return (0); 539 } 540 541 void 542 acx_next_scan(void *arg) 543 { 544 struct acx_softc *sc = arg; 545 struct ieee80211com *ic = &sc->sc_ic; 546 struct ifnet *ifp = &ic->ic_if; 547 548 if (ic->ic_state == IEEE80211_S_SCAN) 549 ieee80211_next_scan(ifp); 550 } 551 552 int 553 acx_stop(struct acx_softc *sc) 554 { 555 struct ieee80211com *ic = &sc->sc_ic; 556 struct ifnet *ifp = &ic->ic_if; 557 struct acx_buf_data *bd = &sc->sc_buf_data; 558 struct acx_ring_data *rd = &sc->sc_ring_data; 559 int i, error; 560 561 sc->sc_firmware_ver = 0; 562 sc->sc_hardware_id = 0; 563 564 /* Reset hardware */ 565 error = acx_reset(sc); 566 if (error) 567 return (error); 568 569 /* Firmware no longer functions after hardware reset */ 570 sc->sc_flags &= ~ACX_FLAG_FW_LOADED; 571 572 acx_disable_intr(sc); 573 574 /* Stop backgroud scanning */ 575 timeout_del(&sc->sc_chanscan_timer); 576 577 /* Turn off power led */ 578 CSR_SETB_2(sc, ACXREG_GPIO_OUT, sc->chip_gpio_pled); 579 580 /* Free TX mbuf */ 581 for (i = 0; i < ACX_TX_DESC_CNT; ++i) { 582 struct acx_txbuf *buf; 583 struct ieee80211_node *ni; 584 585 buf = &bd->tx_buf[i]; 586 587 if (buf->tb_mbuf != NULL) { 588 bus_dmamap_unload(sc->sc_dmat, buf->tb_mbuf_dmamap); 589 m_freem(buf->tb_mbuf); 590 buf->tb_mbuf = NULL; 591 } 592 593 ni = (struct ieee80211_node *)buf->tb_node; 594 if (ni != NULL) 595 ieee80211_release_node(ic, ni); 596 buf->tb_node = NULL; 597 } 598 599 /* Clear TX host descriptors */ 600 bzero(rd->tx_ring, ACX_TX_RING_SIZE); 601 602 /* Free RX mbuf */ 603 for (i = 0; i < ACX_RX_DESC_CNT; ++i) { 604 if (bd->rx_buf[i].rb_mbuf != NULL) { 605 bus_dmamap_unload(sc->sc_dmat, 606 bd->rx_buf[i].rb_mbuf_dmamap); 607 m_freem(bd->rx_buf[i].rb_mbuf); 608 bd->rx_buf[i].rb_mbuf = NULL; 609 } 610 } 611 612 /* Clear RX host descriptors */ 613 bzero(rd->rx_ring, ACX_RX_RING_SIZE); 614 615 sc->sc_txtimer = 0; 616 ifp->if_timer = 0; 617 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 618 ieee80211_new_state(&sc->sc_ic, IEEE80211_S_INIT, -1); 619 620 /* disable card if possible */ 621 if (sc->sc_disable != NULL) 622 (*sc->sc_disable)(sc); 623 624 return (0); 625 } 626 627 int 628 acx_config(struct acx_softc *sc) 629 { 630 struct acx_config conf; 631 int error; 632 633 error = acx_read_config(sc, &conf); 634 if (error) 635 return (error); 636 637 error = acx_write_config(sc, &conf); 638 if (error) 639 return (error); 640 641 error = acx_rx_config(sc); 642 if (error) 643 return (error); 644 645 if (acx_set_probe_req_tmplt(sc, "", 0) != 0) { 646 printf("%s: can't set probe req template " 647 "(empty ssid)\n", sc->sc_dev.dv_xname); 648 return (ENXIO); 649 } 650 651 /* XXX for PM?? */ 652 if (acx_set_null_tmplt(sc) != 0) { 653 printf("%s: can't set null data template\n", 654 sc->sc_dev.dv_xname); 655 return (ENXIO); 656 } 657 658 return (0); 659 } 660 661 int 662 acx_read_config(struct acx_softc *sc, struct acx_config *conf) 663 { 664 struct acx_conf_regdom reg_dom; 665 struct acx_conf_antenna ant; 666 struct acx_conf_fwrev fw_rev; 667 uint32_t fw_rev_no; 668 uint8_t sen; 669 int error; 670 671 /* Get region domain */ 672 if (acx_get_conf(sc, ACX_CONF_REGDOM, ®_dom, sizeof(reg_dom)) != 0) { 673 printf("%s: can't get region domain\n", sc->sc_dev.dv_xname); 674 return (ENXIO); 675 } 676 conf->regdom = reg_dom.regdom; 677 DPRINTF(("%s: regdom %02x\n", sc->sc_dev.dv_xname, reg_dom.regdom)); 678 679 /* Get antenna */ 680 if (acx_get_conf(sc, ACX_CONF_ANTENNA, &ant, sizeof(ant)) != 0) { 681 printf("%s: can't get antenna\n", sc->sc_dev.dv_xname); 682 return (ENXIO); 683 } 684 conf->antenna = ant.antenna; 685 DPRINTF(("%s: antenna %02x\n", sc->sc_dev.dv_xname, ant.antenna)); 686 687 /* Get sensitivity XXX not used */ 688 if (sc->sc_radio_type == ACX_RADIO_TYPE_MAXIM || 689 sc->sc_radio_type == ACX_RADIO_TYPE_RFMD || 690 sc->sc_radio_type == ACX_RADIO_TYPE_RALINK) { 691 error = acx_read_phyreg(sc, ACXRV_PHYREG_SENSITIVITY, &sen); 692 if (error) { 693 printf("%s: can't get sensitivity\n", 694 sc->sc_dev.dv_xname); 695 return (error); 696 } 697 } else 698 sen = 0; 699 DPRINTF(("%s: sensitivity %02x\n", sc->sc_dev.dv_xname, sen)); 700 701 /* Get firmware revision */ 702 if (acx_get_conf(sc, ACX_CONF_FWREV, &fw_rev, sizeof(fw_rev)) != 0) { 703 printf("%s: can't get firmware revision\n", 704 sc->sc_dev.dv_xname); 705 return (ENXIO); 706 } 707 708 if (strncmp(fw_rev.fw_rev, "Rev ", 4) != 0) { 709 printf("%s: strange revision string -- %s\n", 710 sc->sc_dev.dv_xname, fw_rev.fw_rev); 711 fw_rev_no = 0x01090407; 712 } else { 713 /* 714 * 01234 715 * "Rev xx.xx.xx.xx" 716 * ^ Start from here 717 */ 718 fw_rev_no = fw_rev.fw_rev[0] << 24; 719 fw_rev_no |= fw_rev.fw_rev[1] << 16; 720 fw_rev_no |= fw_rev.fw_rev[2] << 8; 721 fw_rev_no |= fw_rev.fw_rev[3]; 722 } 723 sc->sc_firmware_ver = fw_rev_no; 724 sc->sc_hardware_id = letoh32(fw_rev.hw_id); 725 DPRINTF(("%s: fw rev %08x, hw id %08x\n", 726 sc->sc_dev.dv_xname, sc->sc_firmware_ver, sc->sc_hardware_id)); 727 728 if (sc->chip_read_config != NULL) { 729 error = sc->chip_read_config(sc, conf); 730 if (error) 731 return (error); 732 } 733 734 return (0); 735 } 736 737 int 738 acx_write_config(struct acx_softc *sc, struct acx_config *conf) 739 { 740 struct acx_conf_nretry_short sretry; 741 struct acx_conf_nretry_long lretry; 742 struct acx_conf_msdu_lifetime msdu_lifetime; 743 struct acx_conf_rate_fallback rate_fb; 744 struct acx_conf_antenna ant; 745 struct acx_conf_regdom reg_dom; 746 struct ifnet *ifp = &sc->sc_ic.ic_if; 747 int error; 748 749 /* Set number of long/short retry */ 750 sretry.nretry = sc->sc_short_retry_limit; 751 if (acx_set_conf(sc, ACX_CONF_NRETRY_SHORT, &sretry, 752 sizeof(sretry)) != 0) { 753 printf("%s: can't set short retry limit\n", ifp->if_xname); 754 return (ENXIO); 755 } 756 757 lretry.nretry = sc->sc_long_retry_limit; 758 if (acx_set_conf(sc, ACX_CONF_NRETRY_LONG, &lretry, 759 sizeof(lretry)) != 0) { 760 printf("%s: can't set long retry limit\n", ifp->if_xname); 761 return (ENXIO); 762 } 763 764 /* Set MSDU lifetime */ 765 msdu_lifetime.lifetime = htole32(sc->sc_msdu_lifetime); 766 if (acx_set_conf(sc, ACX_CONF_MSDU_LIFETIME, &msdu_lifetime, 767 sizeof(msdu_lifetime)) != 0) { 768 printf("%s: can't set MSDU lifetime\n", ifp->if_xname); 769 return (ENXIO); 770 } 771 772 /* Enable rate fallback */ 773 rate_fb.ratefb_enable = 1; 774 if (acx_set_conf(sc, ACX_CONF_RATE_FALLBACK, &rate_fb, 775 sizeof(rate_fb)) != 0) { 776 printf("%s: can't enable rate fallback\n", ifp->if_xname); 777 return (ENXIO); 778 } 779 780 /* Set antenna */ 781 ant.antenna = conf->antenna; 782 if (acx_set_conf(sc, ACX_CONF_ANTENNA, &ant, sizeof(ant)) != 0) { 783 printf("%s: can't set antenna\n", ifp->if_xname); 784 return (ENXIO); 785 } 786 787 /* Set region domain */ 788 reg_dom.regdom = conf->regdom; 789 if (acx_set_conf(sc, ACX_CONF_REGDOM, ®_dom, sizeof(reg_dom)) != 0) { 790 printf("%s: can't set region domain\n", ifp->if_xname); 791 return (ENXIO); 792 } 793 794 if (sc->chip_write_config != NULL) { 795 error = sc->chip_write_config(sc, conf); 796 if (error) 797 return (error); 798 } 799 800 return (0); 801 } 802 803 int 804 acx_rx_config(struct acx_softc *sc) 805 { 806 struct ieee80211com *ic = &sc->sc_ic; 807 struct acx_conf_rxopt rx_opt; 808 809 /* tell the RX receiver what frames we want to have */ 810 rx_opt.opt1 = htole16(RXOPT1_INCL_RXBUF_HDR); 811 rx_opt.opt2 = htole16( 812 RXOPT2_RECV_ASSOC_REQ | 813 RXOPT2_RECV_AUTH | 814 RXOPT2_RECV_BEACON | 815 RXOPT2_RECV_CF | 816 RXOPT2_RECV_CTRL | 817 RXOPT2_RECV_DATA | 818 RXOPT2_RECV_MGMT | 819 RXOPT2_RECV_PROBE_REQ | 820 RXOPT2_RECV_PROBE_RESP | 821 RXOPT2_RECV_OTHER); 822 823 /* in monitor mode go promiscuous */ 824 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 825 rx_opt.opt1 |= RXOPT1_PROMISC; 826 rx_opt.opt2 |= RXOPT2_RECV_BROKEN | RXOPT2_RECV_ACK; 827 } else 828 rx_opt.opt1 |= RXOPT1_FILT_FDEST; 829 830 /* finally set the RX options */ 831 if (acx_set_conf(sc, ACX_CONF_RXOPT, &rx_opt, sizeof(rx_opt)) != 0) { 832 printf("%s: can not set RX options!\n", sc->sc_dev.dv_xname); 833 return (ENXIO); 834 } 835 836 return (0); 837 } 838 839 int 840 acx_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 841 { 842 struct acx_softc *sc = ifp->if_softc; 843 struct ieee80211com *ic = &sc->sc_ic; 844 struct ifaddr *ifa; 845 struct ifreq *ifr; 846 int s, error = 0; 847 uint8_t chan; 848 849 s = splnet(); 850 851 switch (cmd) { 852 case SIOCSIFADDR: 853 ifa = (struct ifaddr *)data; 854 ifp->if_flags |= IFF_UP; 855 #ifdef INET 856 if (ifa->ifa_addr->sa_family == AF_INET) 857 arp_ifinit(&ic->ic_ac, ifa); 858 #endif 859 /* FALLTHROUGH */ 860 case SIOCSIFFLAGS: 861 if (ifp->if_flags & IFF_UP) { 862 if ((ifp->if_flags & IFF_RUNNING) == 0) 863 error = acx_init(ifp); 864 } else { 865 if (ifp->if_flags & IFF_RUNNING) 866 error = acx_stop(sc); 867 } 868 break; 869 case SIOCADDMULTI: 870 case SIOCDELMULTI: 871 ifr = (struct ifreq *)data; 872 error = (cmd == SIOCADDMULTI) ? 873 ether_addmulti(ifr, &ic->ic_ac) : 874 ether_delmulti(ifr, &ic->ic_ac); 875 876 if (error == ENETRESET) 877 error = 0; 878 break; 879 case SIOCS80211CHANNEL: 880 /* allow fast channel switching in monitor mode */ 881 error = ieee80211_ioctl(ifp, cmd, data); 882 if (error == ENETRESET && 883 ic->ic_opmode == IEEE80211_M_MONITOR) { 884 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 885 (IFF_UP | IFF_RUNNING)) { 886 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 887 chan = ieee80211_chan2ieee(ic, 888 ic->ic_bss->ni_chan); 889 (void)acx_set_channel(sc, chan); 890 } 891 error = 0; 892 } 893 break; 894 default: 895 error = ieee80211_ioctl(ifp, cmd, data); 896 break; 897 } 898 899 if (error == ENETRESET) { 900 if ((ifp->if_flags & (IFF_RUNNING | IFF_UP)) == 901 (IFF_RUNNING | IFF_UP)) 902 error = acx_init(ifp); 903 else 904 error = 0; 905 } 906 907 splx(s); 908 909 return (error); 910 } 911 912 void 913 acx_start(struct ifnet *ifp) 914 { 915 struct acx_softc *sc = ifp->if_softc; 916 struct ieee80211com *ic = &sc->sc_ic; 917 struct acx_buf_data *bd = &sc->sc_buf_data; 918 struct acx_txbuf *buf; 919 int trans, idx; 920 921 if ((sc->sc_flags & ACX_FLAG_FW_LOADED) == 0 || 922 (ifp->if_flags & IFF_RUNNING) == 0 || 923 (ifp->if_flags & IFF_OACTIVE)) 924 return; 925 926 /* 927 * NOTE: 928 * We can't start from a random position that TX descriptor 929 * is free, since hardware will be confused by that. 930 * We have to follow the order of the TX ring. 931 */ 932 idx = bd->tx_free_start; 933 trans = 0; 934 for (buf = &bd->tx_buf[idx]; buf->tb_mbuf == NULL; 935 buf = &bd->tx_buf[idx]) { 936 struct ieee80211_frame *wh; 937 struct ieee80211_node *ni = NULL; 938 struct mbuf *m; 939 int rate; 940 941 IF_DEQUEUE(&ic->ic_mgtq, m); 942 if (m != NULL) { 943 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 944 m->m_pkthdr.rcvif = NULL; 945 946 /* 947 * probe response mgmt frames are handled by the 948 * firmware already. So, don't send them twice. 949 */ 950 wh = mtod(m, struct ieee80211_frame *); 951 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) == 952 IEEE80211_FC0_SUBTYPE_PROBE_RESP) { 953 if (ni != NULL) 954 ieee80211_release_node(ic, ni); 955 m_freem(m); 956 continue; 957 } 958 959 /* 960 * mgmt frames are sent at the lowest available 961 * bit-rate. 962 */ 963 rate = ni->ni_rates.rs_rates[0]; 964 rate &= IEEE80211_RATE_VAL; 965 } else if (!IFQ_IS_EMPTY(&ifp->if_snd)) { 966 struct ether_header *eh; 967 968 IFQ_DEQUEUE(&ifp->if_snd, m); 969 if (m == NULL) 970 break; 971 972 if (ic->ic_state != IEEE80211_S_RUN) { 973 DPRINTF(("%s: data packet dropped due to " 974 "not RUN. Current state %d\n", 975 ifp->if_xname, ic->ic_state)); 976 m_freem(m); 977 break; 978 } 979 980 if (m->m_len < sizeof(struct ether_header)) { 981 m = m_pullup(m, sizeof(struct ether_header)); 982 if (m == NULL) { 983 ifp->if_oerrors++; 984 continue; 985 } 986 } 987 eh = mtod(m, struct ether_header *); 988 989 /* TODO power save */ 990 991 #if NBPFILTER > 0 992 if (ifp->if_bpf != NULL) 993 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 994 #endif 995 996 if ((m = ieee80211_encap(ifp, m, &ni)) == NULL) { 997 ifp->if_oerrors++; 998 continue; 999 } 1000 1001 #if NBPFILTER > 0 1002 if (ic->ic_rawbpf != NULL) 1003 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1004 #endif 1005 1006 if (ic->ic_fixed_rate != -1) { 1007 rate = ic->ic_sup_rates[ic->ic_curmode]. 1008 rs_rates[ic->ic_fixed_rate]; 1009 } else 1010 rate = ni->ni_rates.rs_rates[ni->ni_txrate]; 1011 rate &= IEEE80211_RATE_VAL; 1012 } else 1013 break; 1014 1015 wh = mtod(m, struct ieee80211_frame *); 1016 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) && !sc->chip_hw_crypt) { 1017 struct ieee80211_key *k; 1018 1019 k = ieee80211_get_txkey(ic, wh, ni); 1020 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) { 1021 ieee80211_release_node(ic, ni); 1022 ifp->if_oerrors++; 1023 continue; 1024 } 1025 } 1026 1027 #if NBPFILTER > 0 1028 if (sc->sc_drvbpf != NULL) { 1029 struct mbuf mb; 1030 struct acx_tx_radiotap_hdr *tap = &sc->sc_txtap; 1031 1032 tap->wt_flags = 0; 1033 tap->wt_rate = rate; 1034 tap->wt_chan_freq = 1035 htole16(ic->ic_bss->ni_chan->ic_freq); 1036 tap->wt_chan_flags = 1037 htole16(ic->ic_bss->ni_chan->ic_flags); 1038 1039 mb.m_data = (caddr_t)tap; 1040 mb.m_len = sc->sc_txtap_len; 1041 mb.m_next = m; 1042 mb.m_nextpkt = NULL; 1043 mb.m_type = 0; 1044 mb.m_flags = 0; 1045 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1046 } 1047 #endif 1048 1049 if (acx_encap(sc, buf, m, ni, rate) != 0) { 1050 /* 1051 * NOTE: `m' will be freed in acx_encap() 1052 * if we reach here. 1053 */ 1054 if (ni != NULL) 1055 ieee80211_release_node(ic, ni); 1056 ifp->if_oerrors++; 1057 continue; 1058 } 1059 1060 /* 1061 * NOTE: 1062 * 1) `m' should not be touched after acx_encap() 1063 * 2) `node' will be used to do TX rate control during 1064 * acx_txeof(), so it is not freed here. acx_txeof() 1065 * will free it for us 1066 */ 1067 trans = 1; 1068 bd->tx_used_count++; 1069 idx = (idx + 1) % ACX_TX_DESC_CNT; 1070 } 1071 bd->tx_free_start = idx; 1072 1073 if (bd->tx_used_count == ACX_TX_DESC_CNT) 1074 ifp->if_flags |= IFF_OACTIVE; 1075 1076 if (trans && sc->sc_txtimer == 0) 1077 sc->sc_txtimer = 5; 1078 ifp->if_timer = 1; 1079 } 1080 1081 void 1082 acx_watchdog(struct ifnet *ifp) 1083 { 1084 struct acx_softc *sc = ifp->if_softc; 1085 1086 ifp->if_timer = 0; 1087 1088 if ((ifp->if_flags & IFF_RUNNING) == 0) 1089 return; 1090 1091 if (sc->sc_txtimer) { 1092 if (--sc->sc_txtimer == 0) { 1093 printf("%s: watchdog timeout\n", ifp->if_xname); 1094 acx_init(ifp); 1095 ifp->if_oerrors++; 1096 return; 1097 } else 1098 ifp->if_timer = 1; 1099 } 1100 1101 ieee80211_watchdog(ifp); 1102 } 1103 1104 int 1105 acx_intr(void *arg) 1106 { 1107 struct acx_softc *sc = arg; 1108 uint16_t intr_status; 1109 1110 if ((sc->sc_flags & ACX_FLAG_FW_LOADED) == 0) 1111 return (0); 1112 1113 intr_status = CSR_READ_2(sc, ACXREG_INTR_STATUS_CLR); 1114 if (intr_status == ACXRV_INTR_ALL) { 1115 /* not our interrupt */ 1116 return (0); 1117 } 1118 1119 intr_status &= sc->chip_intr_enable; 1120 if (intr_status == 0) { 1121 /* not interrupts we care about */ 1122 return (1); 1123 } 1124 1125 /* Acknowledge all interrupts */ 1126 CSR_WRITE_2(sc, ACXREG_INTR_ACK, ACXRV_INTR_ALL); 1127 1128 if (intr_status & ACXRV_INTR_TX_FINI) 1129 acx_txeof(sc); 1130 1131 if (intr_status & ACXRV_INTR_RX_FINI) 1132 acx_rxeof(sc); 1133 1134 return (1); 1135 } 1136 1137 void 1138 acx_disable_intr(struct acx_softc *sc) 1139 { 1140 CSR_WRITE_2(sc, ACXREG_INTR_MASK, sc->chip_intr_disable); 1141 CSR_WRITE_2(sc, ACXREG_EVENT_MASK, 0); 1142 } 1143 1144 void 1145 acx_enable_intr(struct acx_softc *sc) 1146 { 1147 /* Mask out interrupts that are not in the enable set */ 1148 CSR_WRITE_2(sc, ACXREG_INTR_MASK, ~sc->chip_intr_enable); 1149 CSR_WRITE_2(sc, ACXREG_EVENT_MASK, ACXRV_EVENT_DISABLE); 1150 } 1151 1152 void 1153 acx_txeof(struct acx_softc *sc) 1154 { 1155 struct acx_buf_data *bd; 1156 struct acx_txbuf *buf; 1157 struct ifnet *ifp; 1158 int idx; 1159 1160 ifp = &sc->sc_ic.ic_if; 1161 1162 bd = &sc->sc_buf_data; 1163 idx = bd->tx_used_start; 1164 for (buf = &bd->tx_buf[idx]; buf->tb_mbuf != NULL; 1165 buf = &bd->tx_buf[idx]) { 1166 uint8_t ctrl, error; 1167 1168 ctrl = FW_TXDESC_GETFIELD_1(sc, buf, f_tx_ctrl); 1169 if ((ctrl & (DESC_CTRL_HOSTOWN | DESC_CTRL_ACXDONE)) != 1170 (DESC_CTRL_HOSTOWN | DESC_CTRL_ACXDONE)) 1171 break; 1172 1173 bus_dmamap_unload(sc->sc_dmat, buf->tb_mbuf_dmamap); 1174 m_freem(buf->tb_mbuf); 1175 buf->tb_mbuf = NULL; 1176 1177 error = FW_TXDESC_GETFIELD_1(sc, buf, f_tx_error); 1178 if (error) { 1179 acx_txerr(sc, error); 1180 ifp->if_oerrors++; 1181 } else 1182 ifp->if_opackets++; 1183 1184 /* Update rate control statistics for the node */ 1185 if (buf->tb_node != NULL) { 1186 struct ieee80211com *ic; 1187 struct ieee80211_node *ni; 1188 struct acx_node *wn; 1189 int ntries; 1190 1191 ic = &sc->sc_ic; 1192 ni = (struct ieee80211_node *)buf->tb_node; 1193 wn = (struct acx_node *)ni; 1194 ntries = FW_TXDESC_GETFIELD_1(sc, buf, f_tx_rts_fail) + 1195 FW_TXDESC_GETFIELD_1(sc, buf, f_tx_ack_fail); 1196 1197 wn->amn.amn_txcnt++; 1198 if (ntries > 0) { 1199 DPRINTFN(2, ("%s: tx intr ntries %d\n", 1200 sc->sc_dev.dv_xname, ntries)); 1201 wn->amn.amn_retrycnt++; 1202 } 1203 1204 ieee80211_release_node(ic, ni); 1205 buf->tb_node = NULL; 1206 } 1207 1208 FW_TXDESC_SETFIELD_1(sc, buf, f_tx_ctrl, DESC_CTRL_HOSTOWN); 1209 1210 bd->tx_used_count--; 1211 1212 idx = (idx + 1) % ACX_TX_DESC_CNT; 1213 } 1214 bd->tx_used_start = idx; 1215 1216 sc->sc_txtimer = bd->tx_used_count == 0 ? 0 : 5; 1217 1218 if (bd->tx_used_count != ACX_TX_DESC_CNT) { 1219 ifp->if_flags &= ~IFF_OACTIVE; 1220 acx_start(ifp); 1221 } 1222 } 1223 1224 void 1225 acx_txerr(struct acx_softc *sc, uint8_t err) 1226 { 1227 struct ifnet *ifp = &sc->sc_ic.ic_if; 1228 struct acx_stats *stats = &sc->sc_stats; 1229 1230 if (err == DESC_ERR_EXCESSIVE_RETRY) { 1231 /* 1232 * This a common error (see comment below), 1233 * so print it using DPRINTF(). 1234 */ 1235 DPRINTF(("%s: TX failed -- excessive retry\n", 1236 sc->sc_dev.dv_xname)); 1237 } else 1238 printf("%s: TX failed -- ", ifp->if_xname); 1239 1240 /* 1241 * Although `err' looks like bitmask, it never 1242 * has multiple bits set. 1243 */ 1244 switch (err) { 1245 #if 0 1246 case DESC_ERR_OTHER_FRAG: 1247 /* XXX what's this */ 1248 printf("error in other fragment\n"); 1249 stats->err_oth_frag++; 1250 break; 1251 #endif 1252 case DESC_ERR_ABORT: 1253 printf("aborted\n"); 1254 stats->err_abort++; 1255 break; 1256 case DESC_ERR_PARAM: 1257 printf("wrong parameters in descriptor\n"); 1258 stats->err_param++; 1259 break; 1260 case DESC_ERR_NO_WEPKEY: 1261 printf("WEP key missing\n"); 1262 stats->err_no_wepkey++; 1263 break; 1264 case DESC_ERR_MSDU_TIMEOUT: 1265 printf("MSDU life timeout\n"); 1266 stats->err_msdu_timeout++; 1267 break; 1268 case DESC_ERR_EXCESSIVE_RETRY: 1269 /* 1270 * Possible causes: 1271 * 1) Distance is too long 1272 * 2) Transmit failed (e.g. no MAC level ACK) 1273 * 3) Chip overheated (this should be rare) 1274 */ 1275 stats->err_ex_retry++; 1276 break; 1277 case DESC_ERR_BUF_OVERFLOW: 1278 printf("buffer overflow\n"); 1279 stats->err_buf_oflow++; 1280 break; 1281 case DESC_ERR_DMA: 1282 printf("DMA error\n"); 1283 stats->err_dma++; 1284 break; 1285 default: 1286 printf("unknown error %d\n", err); 1287 stats->err_unkn++; 1288 break; 1289 } 1290 } 1291 1292 void 1293 acx_rxeof(struct acx_softc *sc) 1294 { 1295 struct ieee80211com *ic = &sc->sc_ic; 1296 struct acx_ring_data *rd = &sc->sc_ring_data; 1297 struct acx_buf_data *bd = &sc->sc_buf_data; 1298 struct ifnet *ifp = &ic->ic_if; 1299 int idx, ready; 1300 1301 bus_dmamap_sync(sc->sc_dmat, rd->rx_ring_dmamap, 0, 1302 rd->rx_ring_dmamap->dm_mapsize, BUS_DMASYNC_POSTREAD); 1303 1304 /* 1305 * Locate first "ready" rx buffer, 1306 * start from last stopped position. 1307 */ 1308 idx = bd->rx_scan_start; 1309 ready = 0; 1310 do { 1311 struct acx_rxbuf *buf; 1312 1313 buf = &bd->rx_buf[idx]; 1314 if ((buf->rb_desc->h_ctrl & htole16(DESC_CTRL_HOSTOWN)) && 1315 (buf->rb_desc->h_status & htole32(DESC_STATUS_FULL))) { 1316 ready = 1; 1317 break; 1318 } 1319 idx = (idx + 1) % ACX_RX_DESC_CNT; 1320 } while (idx != bd->rx_scan_start); 1321 1322 if (!ready) 1323 return; 1324 1325 /* 1326 * NOTE: don't mess up `idx' here, it will 1327 * be used in the following code. 1328 */ 1329 do { 1330 struct acx_rxbuf_hdr *head; 1331 struct acx_rxbuf *buf; 1332 struct mbuf *m; 1333 struct ieee80211_rxinfo rxi; 1334 uint32_t desc_status; 1335 uint16_t desc_ctrl; 1336 int len, error; 1337 1338 buf = &bd->rx_buf[idx]; 1339 1340 desc_ctrl = letoh16(buf->rb_desc->h_ctrl); 1341 desc_status = letoh32(buf->rb_desc->h_status); 1342 if (!(desc_ctrl & DESC_CTRL_HOSTOWN) || 1343 !(desc_status & DESC_STATUS_FULL)) 1344 break; 1345 1346 bus_dmamap_sync(sc->sc_dmat, buf->rb_mbuf_dmamap, 0, 1347 buf->rb_mbuf_dmamap->dm_mapsize, BUS_DMASYNC_POSTREAD); 1348 1349 m = buf->rb_mbuf; 1350 1351 error = acx_newbuf(sc, buf, 0); 1352 if (error) { 1353 ifp->if_ierrors++; 1354 goto next; 1355 } 1356 1357 head = mtod(m, struct acx_rxbuf_hdr *); 1358 1359 len = letoh16(head->rbh_len) & ACX_RXBUF_LEN_MASK; 1360 if (len >= sizeof(struct ieee80211_frame_min) && 1361 len < MCLBYTES) { 1362 struct ieee80211_frame *wh; 1363 struct ieee80211_node *ni; 1364 1365 m_adj(m, sizeof(struct acx_rxbuf_hdr) + 1366 sc->chip_rxbuf_exhdr); 1367 wh = mtod(m, struct ieee80211_frame *); 1368 1369 rxi.rxi_flags = 0; 1370 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) && 1371 sc->chip_hw_crypt) { 1372 /* Short circuit software WEP */ 1373 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 1374 1375 /* Do chip specific RX buffer processing */ 1376 if (sc->chip_proc_wep_rxbuf != NULL) { 1377 sc->chip_proc_wep_rxbuf(sc, m, &len); 1378 wh = mtod(m, struct ieee80211_frame *); 1379 } 1380 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1381 } 1382 1383 m->m_len = m->m_pkthdr.len = len; 1384 m->m_pkthdr.rcvif = &ic->ic_if; 1385 1386 #if NBPFILTER > 0 1387 if (sc->sc_drvbpf != NULL) { 1388 struct mbuf mb; 1389 struct acx_rx_radiotap_hdr *tap = &sc->sc_rxtap; 1390 1391 tap->wr_flags = 0; 1392 tap->wr_chan_freq = 1393 htole16(ic->ic_bss->ni_chan->ic_freq); 1394 tap->wr_chan_flags = 1395 htole16(ic->ic_bss->ni_chan->ic_flags); 1396 tap->wr_rssi = head->rbh_level; 1397 tap->wr_max_rssi = ic->ic_max_rssi; 1398 1399 mb.m_data = (caddr_t)tap; 1400 mb.m_len = sc->sc_rxtap_len; 1401 mb.m_next = m; 1402 mb.m_nextpkt = NULL; 1403 mb.m_type = 0; 1404 mb.m_flags = 0; 1405 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1406 } 1407 #endif 1408 1409 ni = ieee80211_find_rxnode(ic, wh); 1410 1411 rxi.rxi_rssi = head->rbh_level; 1412 rxi.rxi_tstamp = letoh32(head->rbh_time); 1413 ieee80211_input(ifp, m, ni, &rxi); 1414 1415 ieee80211_release_node(ic, ni); 1416 } else { 1417 m_freem(m); 1418 ifp->if_ierrors++; 1419 } 1420 1421 next: 1422 buf->rb_desc->h_ctrl = htole16(desc_ctrl & ~DESC_CTRL_HOSTOWN); 1423 buf->rb_desc->h_status = 0; 1424 bus_dmamap_sync(sc->sc_dmat, rd->rx_ring_dmamap, 0, 1425 rd->rx_ring_dmamap->dm_mapsize, BUS_DMASYNC_PREWRITE); 1426 1427 idx = (idx + 1) % ACX_RX_DESC_CNT; 1428 } while (idx != bd->rx_scan_start); 1429 1430 /* 1431 * Record the position so that next 1432 * time we can start from it. 1433 */ 1434 bd->rx_scan_start = idx; 1435 } 1436 1437 int 1438 acx_reset(struct acx_softc *sc) 1439 { 1440 uint16_t reg; 1441 1442 /* Halt ECPU */ 1443 CSR_SETB_2(sc, ACXREG_ECPU_CTRL, ACXRV_ECPU_HALT); 1444 1445 /* Software reset */ 1446 reg = CSR_READ_2(sc, ACXREG_SOFT_RESET); 1447 CSR_WRITE_2(sc, ACXREG_SOFT_RESET, reg | ACXRV_SOFT_RESET); 1448 DELAY(100); 1449 CSR_WRITE_2(sc, ACXREG_SOFT_RESET, reg); 1450 1451 /* Initialize EEPROM */ 1452 CSR_SETB_2(sc, ACXREG_EEPROM_INIT, ACXRV_EEPROM_INIT); 1453 DELAY(50000); 1454 1455 /* Test whether ECPU is stopped */ 1456 reg = CSR_READ_2(sc, ACXREG_ECPU_CTRL); 1457 if (!(reg & ACXRV_ECPU_HALT)) { 1458 printf("%s: can't halt ECPU\n", sc->sc_dev.dv_xname); 1459 return (ENXIO); 1460 } 1461 1462 return (0); 1463 } 1464 1465 int 1466 acx_read_eeprom(struct acx_softc *sc, uint32_t offset, uint8_t *val) 1467 { 1468 int i; 1469 1470 CSR_WRITE_4(sc, ACXREG_EEPROM_CONF, 0); 1471 CSR_WRITE_4(sc, ACXREG_EEPROM_ADDR, offset); 1472 CSR_WRITE_4(sc, ACXREG_EEPROM_CTRL, ACXRV_EEPROM_READ); 1473 1474 #define EE_READ_RETRY_MAX 100 1475 for (i = 0; i < EE_READ_RETRY_MAX; ++i) { 1476 if (CSR_READ_2(sc, ACXREG_EEPROM_CTRL) == 0) 1477 break; 1478 DELAY(10000); 1479 } 1480 if (i == EE_READ_RETRY_MAX) { 1481 printf("%s: can't read EEPROM offset %x (timeout)\n", 1482 sc->sc_dev.dv_xname, offset); 1483 return (ETIMEDOUT); 1484 } 1485 #undef EE_READ_RETRY_MAX 1486 1487 *val = CSR_READ_1(sc, ACXREG_EEPROM_DATA); 1488 1489 return (0); 1490 } 1491 1492 int 1493 acx_read_phyreg(struct acx_softc *sc, uint32_t reg, uint8_t *val) 1494 { 1495 struct ifnet *ifp = &sc->sc_ic.ic_if; 1496 int i; 1497 1498 CSR_WRITE_4(sc, ACXREG_PHY_ADDR, reg); 1499 CSR_WRITE_4(sc, ACXREG_PHY_CTRL, ACXRV_PHY_READ); 1500 1501 #define PHY_READ_RETRY_MAX 100 1502 for (i = 0; i < PHY_READ_RETRY_MAX; ++i) { 1503 if (CSR_READ_4(sc, ACXREG_PHY_CTRL) == 0) 1504 break; 1505 DELAY(10000); 1506 } 1507 if (i == PHY_READ_RETRY_MAX) { 1508 printf("%s: can't read phy reg %x (timeout)\n", 1509 ifp->if_xname, reg); 1510 return (ETIMEDOUT); 1511 } 1512 #undef PHY_READ_RETRY_MAX 1513 1514 *val = CSR_READ_1(sc, ACXREG_PHY_DATA); 1515 1516 return (0); 1517 } 1518 1519 void 1520 acx_write_phyreg(struct acx_softc *sc, uint32_t reg, uint8_t val) 1521 { 1522 CSR_WRITE_4(sc, ACXREG_PHY_DATA, val); 1523 CSR_WRITE_4(sc, ACXREG_PHY_ADDR, reg); 1524 CSR_WRITE_4(sc, ACXREG_PHY_CTRL, ACXRV_PHY_WRITE); 1525 } 1526 1527 int 1528 acx_load_base_firmware(struct acx_softc *sc, const char *name) 1529 { 1530 struct ifnet *ifp = &sc->sc_ic.ic_if; 1531 int i, error; 1532 uint8_t *ucode; 1533 size_t size; 1534 1535 error = loadfirmware(name, &ucode, &size); 1536 1537 if (error != 0) { 1538 printf("%s: error %d, could not read firmware %s\n", 1539 ifp->if_xname, error, name); 1540 return (EIO); 1541 } 1542 1543 /* Load base firmware */ 1544 error = acx_load_firmware(sc, 0, ucode, size); 1545 1546 free(ucode, M_DEVBUF); 1547 1548 if (error) { 1549 printf("%s: can't load base firmware\n", ifp->if_xname); 1550 return error; 1551 } 1552 DPRINTF(("%s: base firmware loaded\n", sc->sc_dev.dv_xname)); 1553 1554 /* Start ECPU */ 1555 CSR_WRITE_2(sc, ACXREG_ECPU_CTRL, ACXRV_ECPU_START); 1556 1557 /* Wait for ECPU to be up */ 1558 for (i = 0; i < 500; ++i) { 1559 uint16_t reg; 1560 1561 reg = CSR_READ_2(sc, ACXREG_INTR_STATUS); 1562 if (reg & ACXRV_INTR_FCS_THRESH) { 1563 CSR_WRITE_2(sc, ACXREG_INTR_ACK, ACXRV_INTR_FCS_THRESH); 1564 return (0); 1565 } 1566 DELAY(10000); 1567 } 1568 1569 printf("%s: can't initialize ECPU (timeout)\n", ifp->if_xname); 1570 1571 return (ENXIO); 1572 } 1573 1574 int 1575 acx_load_radio_firmware(struct acx_softc *sc, const char *name) 1576 { 1577 struct ifnet *ifp = &sc->sc_ic.ic_if; 1578 struct acx_conf_mmap mem_map; 1579 uint32_t radio_fw_ofs; 1580 int error; 1581 uint8_t *ucode; 1582 size_t size; 1583 1584 error = loadfirmware(name, &ucode, &size); 1585 1586 if (error != 0) { 1587 printf("%s: error %d, could not read firmware %s\n", 1588 ifp->if_xname, error, name); 1589 return (EIO); 1590 } 1591 1592 /* 1593 * Get the position, where base firmware is loaded, so that 1594 * radio firmware can be loaded after it. 1595 */ 1596 if (acx_get_conf(sc, ACX_CONF_MMAP, &mem_map, sizeof(mem_map)) != 0) { 1597 free(ucode, M_DEVBUF); 1598 return (ENXIO); 1599 } 1600 radio_fw_ofs = letoh32(mem_map.code_end); 1601 1602 /* Put ECPU into sleeping state, before loading radio firmware */ 1603 if (acx_exec_command(sc, ACXCMD_SLEEP, NULL, 0, NULL, 0) != 0) { 1604 free(ucode, M_DEVBUF); 1605 return (ENXIO); 1606 } 1607 1608 /* Load radio firmware */ 1609 error = acx_load_firmware(sc, radio_fw_ofs, ucode, size); 1610 1611 free(ucode, M_DEVBUF); 1612 1613 if (error) { 1614 printf("%s: can't load radio firmware\n", ifp->if_xname); 1615 return (ENXIO); 1616 } 1617 DPRINTF(("%s: radio firmware loaded\n", sc->sc_dev.dv_xname)); 1618 1619 /* Wake up sleeping ECPU, after radio firmware is loaded */ 1620 if (acx_exec_command(sc, ACXCMD_WAKEUP, NULL, 0, NULL, 0) != 0) 1621 return (ENXIO); 1622 1623 /* Initialize radio */ 1624 if (acx_init_radio(sc, radio_fw_ofs, size) != 0) 1625 return (ENXIO); 1626 1627 /* Verify radio firmware's loading position */ 1628 if (acx_get_conf(sc, ACX_CONF_MMAP, &mem_map, sizeof(mem_map)) != 0) 1629 return (ENXIO); 1630 1631 if (letoh32(mem_map.code_end) != radio_fw_ofs + size) { 1632 printf("%s: loaded radio firmware position mismatch\n", 1633 ifp->if_xname); 1634 return (ENXIO); 1635 } 1636 1637 DPRINTF(("%s: radio firmware initialized\n", sc->sc_dev.dv_xname)); 1638 1639 return (0); 1640 } 1641 1642 int 1643 acx_load_firmware(struct acx_softc *sc, uint32_t offset, const uint8_t *data, 1644 int data_len) 1645 { 1646 struct ifnet *ifp = &sc->sc_ic.ic_if; 1647 const uint32_t *fw; 1648 u_int32_t csum = 0; 1649 int i, fw_len; 1650 1651 for (i = 4; i < data_len; i++) 1652 csum += data[i]; 1653 1654 fw = (const uint32_t *)data; 1655 1656 if (*fw != htole32(csum)) { 1657 printf("%s: firmware checksum 0x%x does not match 0x%x!\n", 1658 ifp->if_xname, *fw, htole32(csum)); 1659 return (ENXIO); 1660 } 1661 1662 /* skip csum + length */ 1663 data += 8; 1664 data_len -= 8; 1665 1666 fw = (const uint32_t *)data; 1667 fw_len = data_len / sizeof(uint32_t); 1668 1669 /* 1670 * LOADFW_AUTO_INC only works with some older firmware: 1671 * 1) acx100's firmware 1672 * 2) acx111's firmware whose rev is 0x00010011 1673 */ 1674 1675 /* Load firmware */ 1676 CSR_WRITE_4(sc, ACXREG_FWMEM_START, ACXRV_FWMEM_START_OP); 1677 #ifndef LOADFW_AUTO_INC 1678 CSR_WRITE_4(sc, ACXREG_FWMEM_CTRL, 0); 1679 #else 1680 CSR_WRITE_4(sc, ACXREG_FWMEM_CTRL, ACXRV_FWMEM_ADDR_AUTOINC); 1681 CSR_WRITE_4(sc, ACXREG_FWMEM_ADDR, offset); 1682 #endif 1683 1684 for (i = 0; i < fw_len; ++i) { 1685 #ifndef LOADFW_AUTO_INC 1686 CSR_WRITE_4(sc, ACXREG_FWMEM_ADDR, offset + (i * 4)); 1687 #endif 1688 CSR_WRITE_4(sc, ACXREG_FWMEM_DATA, betoh32(fw[i])); 1689 } 1690 1691 /* Verify firmware */ 1692 CSR_WRITE_4(sc, ACXREG_FWMEM_START, ACXRV_FWMEM_START_OP); 1693 #ifndef LOADFW_AUTO_INC 1694 CSR_WRITE_4(sc, ACXREG_FWMEM_CTRL, 0); 1695 #else 1696 CSR_WRITE_4(sc, ACXREG_FWMEM_CTRL, ACXRV_FWMEM_ADDR_AUTOINC); 1697 CSR_WRITE_4(sc, ACXREG_FWMEM_ADDR, offset); 1698 #endif 1699 1700 for (i = 0; i < fw_len; ++i) { 1701 uint32_t val; 1702 1703 #ifndef LOADFW_AUTO_INC 1704 CSR_WRITE_4(sc, ACXREG_FWMEM_ADDR, offset + (i * 4)); 1705 #endif 1706 val = CSR_READ_4(sc, ACXREG_FWMEM_DATA); 1707 if (betoh32(fw[i]) != val) { 1708 printf("%s: firmware mismatch fw %08x loaded %08x\n", 1709 ifp->if_xname, fw[i], val); 1710 return (ENXIO); 1711 } 1712 } 1713 1714 return (0); 1715 } 1716 1717 struct ieee80211_node * 1718 acx_node_alloc(struct ieee80211com *ic) 1719 { 1720 struct acx_node *wn; 1721 1722 wn = malloc(sizeof(*wn), M_DEVBUF, M_NOWAIT | M_ZERO); 1723 if (wn == NULL) 1724 return (NULL); 1725 1726 return ((struct ieee80211_node *)wn); 1727 } 1728 1729 int 1730 acx_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1731 { 1732 struct acx_softc *sc = ic->ic_if.if_softc; 1733 struct ifnet *ifp = &ic->ic_if; 1734 int error = 0; 1735 1736 timeout_del(&sc->amrr_ch); 1737 1738 switch (nstate) { 1739 case IEEE80211_S_INIT: 1740 break; 1741 case IEEE80211_S_SCAN: { 1742 uint8_t chan; 1743 1744 chan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1745 if (acx_set_channel(sc, chan) != 0) { 1746 error = 1; 1747 goto back; 1748 } 1749 1750 /* 200ms => 5 channels per second */ 1751 timeout_add_msec(&sc->sc_chanscan_timer, 200); 1752 } 1753 break; 1754 case IEEE80211_S_AUTH: 1755 if (ic->ic_opmode == IEEE80211_M_STA) { 1756 struct ieee80211_node *ni; 1757 #ifdef ACX_DEBUG 1758 int i; 1759 #endif 1760 1761 ni = ic->ic_bss; 1762 1763 if (acx_join_bss(sc, ACX_MODE_STA, ni) != 0) { 1764 printf("%s: join BSS failed\n", ifp->if_xname); 1765 error = 1; 1766 goto back; 1767 } 1768 1769 DPRINTF(("%s: join BSS\n", sc->sc_dev.dv_xname)); 1770 if (ic->ic_state == IEEE80211_S_ASSOC) { 1771 DPRINTF(("%s: change from assoc to run\n", 1772 sc->sc_dev.dv_xname)); 1773 ic->ic_state = IEEE80211_S_RUN; 1774 } 1775 1776 #ifdef ACX_DEBUG 1777 printf("%s: AP rates: ", sc->sc_dev.dv_xname); 1778 for (i = 0; i < ni->ni_rates.rs_nrates; ++i) 1779 printf("%d ", ni->ni_rates.rs_rates[i]); 1780 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen); 1781 printf(" %s\n", ether_sprintf(ni->ni_bssid)); 1782 #endif 1783 } 1784 break; 1785 case IEEE80211_S_RUN: 1786 #ifndef IEEE80211_STA_ONLY 1787 if (ic->ic_opmode == IEEE80211_M_IBSS || 1788 ic->ic_opmode == IEEE80211_M_HOSTAP) { 1789 struct ieee80211_node *ni; 1790 uint8_t chan; 1791 1792 ni = ic->ic_bss; 1793 chan = ieee80211_chan2ieee(ic, ni->ni_chan); 1794 1795 error = 1; 1796 1797 if (acx_set_channel(sc, chan) != 0) 1798 goto back; 1799 1800 if (acx_set_beacon_tmplt(sc, ni) != 0) { 1801 printf("%s: set beacon template failed\n", 1802 ifp->if_xname); 1803 goto back; 1804 } 1805 1806 if (acx_set_probe_resp_tmplt(sc, ni) != 0) { 1807 printf("%s: set probe response template " 1808 "failed\n", ifp->if_xname); 1809 goto back; 1810 } 1811 1812 if (ic->ic_opmode == IEEE80211_M_IBSS) { 1813 if (acx_join_bss(sc, ACX_MODE_ADHOC, ni) != 0) { 1814 printf("%s: join IBSS failed\n", 1815 ifp->if_xname); 1816 goto back; 1817 } 1818 } else { 1819 if (acx_join_bss(sc, ACX_MODE_AP, ni) != 0) { 1820 printf("%s: join HOSTAP failed\n", 1821 ifp->if_xname); 1822 goto back; 1823 } 1824 } 1825 1826 DPRINTF(("%s: join IBSS\n", sc->sc_dev.dv_xname)); 1827 error = 0; 1828 } 1829 #endif 1830 /* fake a join to init the tx rate */ 1831 if (ic->ic_opmode == IEEE80211_M_STA) 1832 acx_newassoc(ic, ic->ic_bss, 1); 1833 1834 /* start automatic rate control timer */ 1835 if (ic->ic_fixed_rate == -1) 1836 timeout_add_msec(&sc->amrr_ch, 500); 1837 break; 1838 default: 1839 break; 1840 } 1841 1842 back: 1843 if (error) { 1844 /* XXX */ 1845 nstate = IEEE80211_S_INIT; 1846 arg = -1; 1847 } 1848 1849 return (sc->sc_newstate(ic, nstate, arg)); 1850 } 1851 1852 int 1853 acx_init_tmplt_ordered(struct acx_softc *sc) 1854 { 1855 union { 1856 struct acx_tmplt_beacon beacon; 1857 struct acx_tmplt_null_data null; 1858 struct acx_tmplt_probe_req preq; 1859 struct acx_tmplt_probe_resp presp; 1860 struct acx_tmplt_tim tim; 1861 } data; 1862 1863 bzero(&data, sizeof(data)); 1864 /* 1865 * NOTE: 1866 * Order of templates initialization: 1867 * 1) Probe request 1868 * 2) NULL data 1869 * 3) Beacon 1870 * 4) TIM 1871 * 5) Probe response 1872 * Above order is critical to get a correct memory map. 1873 */ 1874 if (acx_set_tmplt(sc, ACXCMD_TMPLT_PROBE_REQ, &data.preq, 1875 sizeof(data.preq)) != 0) 1876 return (1); 1877 1878 if (acx_set_tmplt(sc, ACXCMD_TMPLT_NULL_DATA, &data.null, 1879 sizeof(data.null)) != 0) 1880 return (1); 1881 1882 if (acx_set_tmplt(sc, ACXCMD_TMPLT_BEACON, &data.beacon, 1883 sizeof(data.beacon)) != 0) 1884 return (1); 1885 1886 if (acx_set_tmplt(sc, ACXCMD_TMPLT_TIM, &data.tim, 1887 sizeof(data.tim)) != 0) 1888 return (1); 1889 1890 if (acx_set_tmplt(sc, ACXCMD_TMPLT_PROBE_RESP, &data.presp, 1891 sizeof(data.presp)) != 0) 1892 return (1); 1893 1894 return (0); 1895 } 1896 1897 int 1898 acx_dma_alloc(struct acx_softc *sc) 1899 { 1900 struct acx_ring_data *rd = &sc->sc_ring_data; 1901 struct acx_buf_data *bd = &sc->sc_buf_data; 1902 int i, error, nsegs; 1903 1904 /* Allocate DMA stuffs for RX descriptors */ 1905 error = bus_dmamap_create(sc->sc_dmat, ACX_RX_RING_SIZE, 1, 1906 ACX_RX_RING_SIZE, 0, BUS_DMA_NOWAIT, &rd->rx_ring_dmamap); 1907 1908 if (error) { 1909 printf("%s: can't create rx ring dma tag\n", 1910 sc->sc_dev.dv_xname); 1911 return (error); 1912 } 1913 1914 error = bus_dmamem_alloc(sc->sc_dmat, ACX_RX_RING_SIZE, PAGE_SIZE, 1915 0, &rd->rx_ring_seg, 1, &nsegs, BUS_DMA_NOWAIT); 1916 1917 if (error != 0) { 1918 printf("%s: can't allocate rx ring dma memory\n", 1919 sc->sc_dev.dv_xname); 1920 return (error); 1921 } 1922 1923 error = bus_dmamem_map(sc->sc_dmat, &rd->rx_ring_seg, nsegs, 1924 ACX_RX_RING_SIZE, (caddr_t *)&rd->rx_ring, 1925 BUS_DMA_NOWAIT); 1926 1927 if (error != 0) { 1928 printf("%s: can't map rx desc DMA memory\n", 1929 sc->sc_dev.dv_xname); 1930 return (error); 1931 } 1932 1933 error = bus_dmamap_load(sc->sc_dmat, rd->rx_ring_dmamap, 1934 rd->rx_ring, ACX_RX_RING_SIZE, NULL, BUS_DMA_WAITOK); 1935 1936 if (error) { 1937 printf("%s: can't get rx ring dma address\n", 1938 sc->sc_dev.dv_xname); 1939 bus_dmamem_free(sc->sc_dmat, &rd->rx_ring_seg, 1); 1940 return (error); 1941 } 1942 1943 rd->rx_ring_paddr = rd->rx_ring_dmamap->dm_segs[0].ds_addr; 1944 1945 /* Allocate DMA stuffs for TX descriptors */ 1946 error = bus_dmamap_create(sc->sc_dmat, ACX_TX_RING_SIZE, 1, 1947 ACX_TX_RING_SIZE, 0, BUS_DMA_NOWAIT, &rd->tx_ring_dmamap); 1948 1949 if (error) { 1950 printf("%s: can't create tx ring dma tag\n", 1951 sc->sc_dev.dv_xname); 1952 return (error); 1953 } 1954 1955 error = bus_dmamem_alloc(sc->sc_dmat, ACX_TX_RING_SIZE, PAGE_SIZE, 1956 0, &rd->tx_ring_seg, 1, &nsegs, BUS_DMA_NOWAIT); 1957 1958 if (error) { 1959 printf("%s: can't allocate tx ring dma memory\n", 1960 sc->sc_dev.dv_xname); 1961 return (error); 1962 } 1963 1964 error = bus_dmamem_map(sc->sc_dmat, &rd->tx_ring_seg, nsegs, 1965 ACX_TX_RING_SIZE, (caddr_t *)&rd->tx_ring, BUS_DMA_NOWAIT); 1966 1967 if (error != 0) { 1968 printf("%s: can't map tx desc DMA memory\n", 1969 sc->sc_dev.dv_xname); 1970 return (error); 1971 } 1972 1973 error = bus_dmamap_load(sc->sc_dmat, rd->tx_ring_dmamap, 1974 rd->tx_ring, ACX_TX_RING_SIZE, NULL, BUS_DMA_WAITOK); 1975 1976 if (error) { 1977 printf("%s: can't get tx ring dma address\n", 1978 sc->sc_dev.dv_xname); 1979 bus_dmamem_free(sc->sc_dmat, &rd->tx_ring_seg, 1); 1980 return (error); 1981 } 1982 1983 rd->tx_ring_paddr = rd->tx_ring_dmamap->dm_segs[0].ds_addr; 1984 1985 /* Create a spare RX DMA map */ 1986 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, MCLBYTES, 1987 0, 0, &bd->mbuf_tmp_dmamap); 1988 1989 if (error) { 1990 printf("%s: can't create tmp mbuf dma map\n", 1991 sc->sc_dev.dv_xname); 1992 return (error); 1993 } 1994 1995 /* Create DMA map for RX mbufs */ 1996 for (i = 0; i < ACX_RX_DESC_CNT; ++i) { 1997 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, 1998 MCLBYTES, 0, 0, &bd->rx_buf[i].rb_mbuf_dmamap); 1999 if (error) { 2000 printf("%s: can't create rx mbuf dma map (%d)\n", 2001 sc->sc_dev.dv_xname, i); 2002 return (error); 2003 } 2004 bd->rx_buf[i].rb_desc = &rd->rx_ring[i]; 2005 } 2006 2007 /* Create DMA map for TX mbufs */ 2008 for (i = 0; i < ACX_TX_DESC_CNT; ++i) { 2009 error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, 2010 MCLBYTES, 0, 0, &bd->tx_buf[i].tb_mbuf_dmamap); 2011 if (error) { 2012 printf("%s: can't create tx mbuf dma map (%d)\n", 2013 sc->sc_dev.dv_xname, i); 2014 return (error); 2015 } 2016 bd->tx_buf[i].tb_desc1 = &rd->tx_ring[i * 2]; 2017 bd->tx_buf[i].tb_desc2 = &rd->tx_ring[(i * 2) + 1]; 2018 } 2019 2020 return (0); 2021 } 2022 2023 void 2024 acx_dma_free(struct acx_softc *sc) 2025 { 2026 struct acx_ring_data *rd = &sc->sc_ring_data; 2027 struct acx_buf_data *bd = &sc->sc_buf_data; 2028 int i; 2029 2030 if (rd->rx_ring != NULL) { 2031 bus_dmamap_unload(sc->sc_dmat, rd->rx_ring_dmamap); 2032 bus_dmamem_free(sc->sc_dmat, &rd->rx_ring_seg, 1); 2033 } 2034 2035 if (rd->tx_ring != NULL) { 2036 bus_dmamap_unload(sc->sc_dmat, rd->tx_ring_dmamap); 2037 bus_dmamem_free(sc->sc_dmat, &rd->tx_ring_seg, 1); 2038 } 2039 2040 for (i = 0; i < ACX_RX_DESC_CNT; ++i) { 2041 if (bd->rx_buf[i].rb_desc != NULL) { 2042 if (bd->rx_buf[i].rb_mbuf != NULL) { 2043 bus_dmamap_unload(sc->sc_dmat, 2044 bd->rx_buf[i].rb_mbuf_dmamap); 2045 m_freem(bd->rx_buf[i].rb_mbuf); 2046 } 2047 bus_dmamap_destroy(sc->sc_dmat, 2048 bd->rx_buf[i].rb_mbuf_dmamap); 2049 } 2050 } 2051 2052 for (i = 0; i < ACX_TX_DESC_CNT; ++i) { 2053 if (bd->tx_buf[i].tb_desc1 != NULL) { 2054 if (bd->tx_buf[i].tb_mbuf != NULL) { 2055 bus_dmamap_unload(sc->sc_dmat, 2056 bd->tx_buf[i].tb_mbuf_dmamap); 2057 m_freem(bd->tx_buf[i].tb_mbuf); 2058 } 2059 bus_dmamap_destroy(sc->sc_dmat, 2060 bd->tx_buf[i].tb_mbuf_dmamap); 2061 } 2062 } 2063 2064 if (bd->mbuf_tmp_dmamap != NULL) 2065 bus_dmamap_destroy(sc->sc_dmat, bd->mbuf_tmp_dmamap); 2066 } 2067 2068 void 2069 acx_init_tx_ring(struct acx_softc *sc) 2070 { 2071 struct acx_ring_data *rd; 2072 struct acx_buf_data *bd; 2073 uint32_t paddr; 2074 int i; 2075 2076 rd = &sc->sc_ring_data; 2077 paddr = rd->tx_ring_paddr; 2078 for (i = 0; i < (ACX_TX_DESC_CNT * 2) - 1; ++i) { 2079 paddr += sizeof(struct acx_host_desc); 2080 2081 bzero(&rd->tx_ring[i], sizeof(struct acx_host_desc)); 2082 rd->tx_ring[i].h_ctrl = htole16(DESC_CTRL_HOSTOWN); 2083 2084 if (i == (ACX_TX_DESC_CNT * 2) - 1) 2085 rd->tx_ring[i].h_next_desc = htole32(rd->tx_ring_paddr); 2086 else 2087 rd->tx_ring[i].h_next_desc = htole32(paddr); 2088 } 2089 2090 bus_dmamap_sync(sc->sc_dmat, rd->tx_ring_dmamap, 0, 2091 rd->tx_ring_dmamap->dm_mapsize, BUS_DMASYNC_PREWRITE); 2092 2093 bd = &sc->sc_buf_data; 2094 bd->tx_free_start = 0; 2095 bd->tx_used_start = 0; 2096 bd->tx_used_count = 0; 2097 } 2098 2099 int 2100 acx_init_rx_ring(struct acx_softc *sc) 2101 { 2102 struct acx_ring_data *rd; 2103 struct acx_buf_data *bd; 2104 uint32_t paddr; 2105 int i; 2106 2107 bd = &sc->sc_buf_data; 2108 rd = &sc->sc_ring_data; 2109 paddr = rd->rx_ring_paddr; 2110 2111 for (i = 0; i < ACX_RX_DESC_CNT; ++i) { 2112 int error; 2113 2114 paddr += sizeof(struct acx_host_desc); 2115 bzero(&rd->rx_ring[i], sizeof(struct acx_host_desc)); 2116 2117 error = acx_newbuf(sc, &bd->rx_buf[i], 1); 2118 if (error) 2119 return (error); 2120 2121 if (i == ACX_RX_DESC_CNT - 1) 2122 rd->rx_ring[i].h_next_desc = htole32(rd->rx_ring_paddr); 2123 else 2124 rd->rx_ring[i].h_next_desc = htole32(paddr); 2125 } 2126 2127 bus_dmamap_sync(sc->sc_dmat, rd->rx_ring_dmamap, 0, 2128 rd->rx_ring_dmamap->dm_mapsize, BUS_DMASYNC_PREWRITE); 2129 2130 bd->rx_scan_start = 0; 2131 2132 return (0); 2133 } 2134 2135 int 2136 acx_newbuf(struct acx_softc *sc, struct acx_rxbuf *rb, int wait) 2137 { 2138 struct acx_buf_data *bd; 2139 struct mbuf *m; 2140 bus_dmamap_t map; 2141 uint32_t paddr; 2142 int error; 2143 2144 bd = &sc->sc_buf_data; 2145 2146 MGETHDR(m, wait ? M_WAITOK : M_DONTWAIT, MT_DATA); 2147 if (m == NULL) 2148 return (ENOBUFS); 2149 2150 MCLGET(m, wait ? M_WAITOK : M_DONTWAIT); 2151 if (!(m->m_flags & M_EXT)) { 2152 m_freem(m); 2153 return (ENOBUFS); 2154 } 2155 2156 m->m_len = m->m_pkthdr.len = MCLBYTES; 2157 2158 error = bus_dmamap_load_mbuf(sc->sc_dmat, bd->mbuf_tmp_dmamap, m, 2159 wait ? BUS_DMA_WAITOK : BUS_DMA_NOWAIT); 2160 if (error) { 2161 m_freem(m); 2162 printf("%s: can't map rx mbuf %d\n", 2163 sc->sc_dev.dv_xname, error); 2164 return (error); 2165 } 2166 2167 /* Unload originally mapped mbuf */ 2168 if (rb->rb_mbuf != NULL) 2169 bus_dmamap_unload(sc->sc_dmat, rb->rb_mbuf_dmamap); 2170 2171 /* Swap this dmamap with tmp dmamap */ 2172 map = rb->rb_mbuf_dmamap; 2173 rb->rb_mbuf_dmamap = bd->mbuf_tmp_dmamap; 2174 bd->mbuf_tmp_dmamap = map; 2175 paddr = rb->rb_mbuf_dmamap->dm_segs[0].ds_addr; 2176 2177 rb->rb_mbuf = m; 2178 rb->rb_desc->h_data_paddr = htole32(paddr); 2179 rb->rb_desc->h_data_len = htole16(m->m_len); 2180 2181 bus_dmamap_sync(sc->sc_dmat, rb->rb_mbuf_dmamap, 0, 2182 rb->rb_mbuf_dmamap->dm_mapsize, BUS_DMASYNC_PREREAD); 2183 2184 return (0); 2185 } 2186 2187 int 2188 acx_encap(struct acx_softc *sc, struct acx_txbuf *txbuf, struct mbuf *m, 2189 struct ieee80211_node *ni, int rate) 2190 { 2191 struct acx_ring_data *rd = &sc->sc_ring_data; 2192 struct acx_node *node = (struct acx_node *)ni; 2193 struct ifnet *ifp = &sc->sc_ic.ic_if; 2194 uint32_t paddr; 2195 uint8_t ctrl; 2196 int error; 2197 2198 if (txbuf->tb_mbuf != NULL) 2199 panic("free TX buf has mbuf installed"); 2200 2201 error = 0; 2202 2203 if (m->m_pkthdr.len > MCLBYTES) { 2204 printf("%s: mbuf too big\n", ifp->if_xname); 2205 error = E2BIG; 2206 goto back; 2207 } else if (m->m_pkthdr.len < ACX_FRAME_HDRLEN) { 2208 printf("%s: mbuf too small\n", ifp->if_xname); 2209 error = EINVAL; 2210 goto back; 2211 } 2212 2213 error = bus_dmamap_load_mbuf(sc->sc_dmat, txbuf->tb_mbuf_dmamap, m, 2214 BUS_DMA_NOWAIT); 2215 2216 if (error && error != EFBIG) { 2217 printf("%s: can't map tx mbuf1 %d\n", 2218 sc->sc_dev.dv_xname, error); 2219 goto back; 2220 } 2221 2222 if (error) { /* error == EFBIG */ 2223 /* too many fragments, linearize */ 2224 if (m_defrag(m, M_DONTWAIT)) { 2225 printf("%s: can't defrag tx mbuf\n", ifp->if_xname); 2226 goto back; 2227 } 2228 error = bus_dmamap_load_mbuf(sc->sc_dmat, 2229 txbuf->tb_mbuf_dmamap, m, BUS_DMA_NOWAIT); 2230 if (error) { 2231 printf("%s: can't map tx mbuf2 %d\n", 2232 sc->sc_dev.dv_xname, error); 2233 goto back; 2234 } 2235 } 2236 2237 error = 0; 2238 2239 bus_dmamap_sync(sc->sc_dmat, txbuf->tb_mbuf_dmamap, 0, 2240 txbuf->tb_mbuf_dmamap->dm_mapsize, BUS_DMASYNC_PREWRITE); 2241 2242 txbuf->tb_mbuf = m; 2243 txbuf->tb_node = node; 2244 txbuf->tb_rate = rate; 2245 2246 /* 2247 * TX buffers are accessed in following way: 2248 * acx_fw_txdesc -> acx_host_desc -> buffer 2249 * 2250 * It is quite strange that acx also queries acx_host_desc next to 2251 * the one we have assigned to acx_fw_txdesc even if first one's 2252 * acx_host_desc.h_data_len == acx_fw_txdesc.f_tx_len 2253 * 2254 * So we allocate two acx_host_desc for one acx_fw_txdesc and 2255 * assign the first acx_host_desc to acx_fw_txdesc 2256 * 2257 * For acx111 2258 * host_desc1.h_data_len = buffer_len 2259 * host_desc2.h_data_len = buffer_len - mac_header_len 2260 * 2261 * For acx100 2262 * host_desc1.h_data_len = mac_header_len 2263 * host_desc2.h_data_len = buffer_len - mac_header_len 2264 */ 2265 paddr = txbuf->tb_mbuf_dmamap->dm_segs[0].ds_addr; 2266 txbuf->tb_desc1->h_data_paddr = htole32(paddr); 2267 txbuf->tb_desc2->h_data_paddr = htole32(paddr + ACX_FRAME_HDRLEN); 2268 2269 txbuf->tb_desc1->h_data_len = 2270 htole16(sc->chip_txdesc1_len ? sc->chip_txdesc1_len 2271 : m->m_pkthdr.len); 2272 txbuf->tb_desc2->h_data_len = 2273 htole16(m->m_pkthdr.len - ACX_FRAME_HDRLEN); 2274 2275 /* 2276 * NOTE: 2277 * We can't simply assign f_tx_ctrl, we will first read it back 2278 * and change it bit by bit 2279 */ 2280 ctrl = FW_TXDESC_GETFIELD_1(sc, txbuf, f_tx_ctrl); 2281 ctrl |= sc->chip_fw_txdesc_ctrl; /* extra chip specific flags */ 2282 ctrl &= ~(DESC_CTRL_HOSTOWN | DESC_CTRL_ACXDONE); 2283 2284 FW_TXDESC_SETFIELD_2(sc, txbuf, f_tx_len, m->m_pkthdr.len); 2285 FW_TXDESC_SETFIELD_1(sc, txbuf, f_tx_error, 0); 2286 FW_TXDESC_SETFIELD_1(sc, txbuf, f_tx_ack_fail, 0); 2287 FW_TXDESC_SETFIELD_1(sc, txbuf, f_tx_rts_fail, 0); 2288 FW_TXDESC_SETFIELD_1(sc, txbuf, f_tx_rts_ok, 0); 2289 sc->chip_set_fw_txdesc_rate(sc, txbuf, rate); 2290 2291 txbuf->tb_desc1->h_ctrl = 0; 2292 txbuf->tb_desc2->h_ctrl = 0; 2293 bus_dmamap_sync(sc->sc_dmat, rd->tx_ring_dmamap, 0, 2294 rd->tx_ring_dmamap->dm_mapsize, BUS_DMASYNC_PREWRITE); 2295 2296 FW_TXDESC_SETFIELD_1(sc, txbuf, f_tx_ctrl2, 0); 2297 FW_TXDESC_SETFIELD_1(sc, txbuf, f_tx_ctrl, ctrl); 2298 2299 /* Tell chip to inform us about TX completion */ 2300 CSR_WRITE_2(sc, ACXREG_INTR_TRIG, ACXRV_TRIG_TX_FINI); 2301 back: 2302 if (error) 2303 m_freem(m); 2304 2305 return (error); 2306 } 2307 2308 int 2309 acx_set_null_tmplt(struct acx_softc *sc) 2310 { 2311 struct ieee80211com *ic = &sc->sc_ic; 2312 struct acx_tmplt_null_data n; 2313 struct ieee80211_frame *wh; 2314 2315 bzero(&n, sizeof(n)); 2316 2317 wh = &n.data; 2318 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_DATA | 2319 IEEE80211_FC0_SUBTYPE_NODATA; 2320 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2321 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2322 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2323 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2324 2325 return (acx_set_tmplt(sc, ACXCMD_TMPLT_NULL_DATA, &n, sizeof(n))); 2326 } 2327 2328 int 2329 acx_set_probe_req_tmplt(struct acx_softc *sc, const char *ssid, int ssid_len) 2330 { 2331 struct ieee80211com *ic = &sc->sc_ic; 2332 struct acx_tmplt_probe_req req; 2333 struct ieee80211_frame *wh; 2334 struct ieee80211_rateset *rs; 2335 uint8_t *frm; 2336 int len; 2337 2338 bzero(&req, sizeof(req)); 2339 2340 wh = &req.data.u_data.f; 2341 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2342 IEEE80211_FC0_SUBTYPE_PROBE_REQ; 2343 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2344 IEEE80211_ADDR_COPY(wh->i_addr1, etherbroadcastaddr); 2345 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2346 IEEE80211_ADDR_COPY(wh->i_addr3, etherbroadcastaddr); 2347 2348 frm = req.data.u_data.var; 2349 frm = ieee80211_add_ssid(frm, ssid, ssid_len); 2350 rs = &ic->ic_sup_rates[sc->chip_phymode]; 2351 frm = ieee80211_add_rates(frm, rs); 2352 if (rs->rs_nrates > IEEE80211_RATE_SIZE) 2353 frm = ieee80211_add_xrates(frm, rs); 2354 len = frm - req.data.u_data.var; 2355 2356 return (acx_set_tmplt(sc, ACXCMD_TMPLT_PROBE_REQ, &req, 2357 ACX_TMPLT_PROBE_REQ_SIZ(len))); 2358 } 2359 2360 #ifndef IEEE80211_STA_ONLY 2361 struct mbuf *ieee80211_get_probe_resp(struct ieee80211com *, 2362 struct ieee80211_node *); 2363 2364 int 2365 acx_set_probe_resp_tmplt(struct acx_softc *sc, struct ieee80211_node *ni) 2366 { 2367 struct ieee80211com *ic = &sc->sc_ic; 2368 struct acx_tmplt_probe_resp resp; 2369 struct ieee80211_frame *wh; 2370 struct mbuf *m; 2371 int len; 2372 2373 bzero(&resp, sizeof(resp)); 2374 2375 m = ieee80211_get_probe_resp(ic, ni); 2376 if (m == NULL) 2377 return (1); 2378 M_PREPEND(m, sizeof(struct ieee80211_frame), M_DONTWAIT); 2379 if (m == NULL) 2380 return (1); 2381 wh = mtod(m, struct ieee80211_frame *); 2382 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 2383 IEEE80211_FC0_SUBTYPE_PROBE_RESP; 2384 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 2385 *(u_int16_t *)&wh->i_dur[0] = 0; 2386 IEEE80211_ADDR_COPY(wh->i_addr1, ni->ni_macaddr); 2387 IEEE80211_ADDR_COPY(wh->i_addr2, ic->ic_myaddr); 2388 IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid); 2389 *(u_int16_t *)wh->i_seq = 0; 2390 2391 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)&resp.data); 2392 len = m->m_pkthdr.len + sizeof(resp.size); 2393 m_freem(m); 2394 2395 return (acx_set_tmplt(sc, ACXCMD_TMPLT_PROBE_RESP, &resp, len)); 2396 } 2397 2398 int 2399 acx_beacon_locate(struct mbuf *m, u_int8_t type) 2400 { 2401 int off; 2402 u_int8_t *frm; 2403 /* 2404 * beacon frame format 2405 * [8] time stamp 2406 * [2] beacon interval 2407 * [2] cabability information 2408 * from here on [tlv] values 2409 */ 2410 2411 if (m->m_len != m->m_pkthdr.len) 2412 panic("beacon not in contiguous mbuf"); 2413 2414 off = sizeof(struct ieee80211_frame) + 8 + 2 + 2; 2415 frm = mtod(m, u_int8_t *); 2416 for (; off + 1 < m->m_len; off += frm[off + 1] + 2) { 2417 if (frm[off] == type) 2418 return (off); 2419 } 2420 return (-1); 2421 } 2422 2423 int 2424 acx_set_beacon_tmplt(struct acx_softc *sc, struct ieee80211_node *ni) 2425 { 2426 struct ieee80211com *ic = &sc->sc_ic; 2427 struct acx_tmplt_beacon beacon; 2428 struct acx_tmplt_tim tim; 2429 struct mbuf *m; 2430 int len, off; 2431 2432 bzero(&beacon, sizeof(beacon)); 2433 bzero(&tim, sizeof(tim)); 2434 2435 m = ieee80211_beacon_alloc(ic, ni); 2436 if (m == NULL) 2437 return (1); 2438 2439 off = acx_beacon_locate(m, IEEE80211_ELEMID_TIM); 2440 if (off < 0) { 2441 m_free(m); 2442 return (1); 2443 } 2444 2445 m_copydata(m, 0, off, (caddr_t)&beacon.data); 2446 len = off + sizeof(beacon.size); 2447 2448 if (acx_set_tmplt(sc, ACXCMD_TMPLT_BEACON, &beacon, len) != 0) { 2449 m_freem(m); 2450 return (1); 2451 } 2452 2453 len = m->m_pkthdr.len - off; 2454 if (len == 0) { 2455 /* no TIM field */ 2456 m_freem(m); 2457 return (0); 2458 } 2459 2460 m_copydata(m, off, len, (caddr_t)&tim.data); 2461 len += sizeof(beacon.size); 2462 m_freem(m); 2463 2464 return (acx_set_tmplt(sc, ACXCMD_TMPLT_TIM, &tim, len)); 2465 } 2466 #endif /* IEEE80211_STA_ONLY */ 2467 2468 void 2469 acx_init_cmd_reg(struct acx_softc *sc) 2470 { 2471 sc->sc_cmd = CSR_READ_4(sc, ACXREG_CMD_REG_OFFSET); 2472 sc->sc_cmd_param = sc->sc_cmd + ACX_CMD_REG_SIZE; 2473 2474 /* Clear command & status */ 2475 CMD_WRITE_4(sc, 0); 2476 } 2477 2478 int 2479 acx_join_bss(struct acx_softc *sc, uint8_t mode, struct ieee80211_node *node) 2480 { 2481 uint8_t bj_buf[BSS_JOIN_BUFLEN]; 2482 struct bss_join_hdr *bj; 2483 int i, dtim_intvl; 2484 2485 bzero(bj_buf, sizeof(bj_buf)); 2486 bj = (struct bss_join_hdr *)bj_buf; 2487 2488 for (i = 0; i < IEEE80211_ADDR_LEN; ++i) 2489 bj->bssid[i] = node->ni_bssid[IEEE80211_ADDR_LEN - i - 1]; 2490 2491 bj->beacon_intvl = htole16(acx_beacon_intvl); 2492 2493 /* TODO tunable */ 2494 #ifndef IEEE80211_STA_ONLY 2495 if (sc->sc_ic.ic_opmode == IEEE80211_M_IBSS) 2496 dtim_intvl = 1; 2497 else 2498 #endif 2499 dtim_intvl = 10; 2500 sc->chip_set_bss_join_param(sc, bj->chip_spec, dtim_intvl); 2501 2502 bj->ndata_txrate = ACX_NDATA_TXRATE_1; 2503 bj->ndata_txopt = 0; 2504 bj->mode = mode; 2505 bj->channel = ieee80211_chan2ieee(&sc->sc_ic, node->ni_chan); 2506 bj->esslen = node->ni_esslen; 2507 bcopy(node->ni_essid, bj->essid, node->ni_esslen); 2508 2509 DPRINTF(("%s: join BSS/IBSS on channel %d\n", sc->sc_dev.dv_xname, 2510 bj->channel)); 2511 return (acx_exec_command(sc, ACXCMD_JOIN_BSS, 2512 bj, BSS_JOIN_PARAM_SIZE(bj), NULL, 0)); 2513 } 2514 2515 int 2516 acx_set_channel(struct acx_softc *sc, uint8_t chan) 2517 { 2518 if (acx_exec_command(sc, ACXCMD_ENABLE_TXCHAN, &chan, sizeof(chan), 2519 NULL, 0) != 0) { 2520 DPRINTF(("%s: setting TX channel %d failed\n", 2521 sc->sc_dev.dv_xname, chan)); 2522 return (ENXIO); 2523 } 2524 2525 if (acx_exec_command(sc, ACXCMD_ENABLE_RXCHAN, &chan, sizeof(chan), 2526 NULL, 0) != 0) { 2527 DPRINTF(("%s: setting RX channel %d failed\n", 2528 sc->sc_dev.dv_xname, chan)); 2529 return (ENXIO); 2530 } 2531 2532 return (0); 2533 } 2534 2535 int 2536 acx_get_conf(struct acx_softc *sc, uint16_t conf_id, void *conf, 2537 uint16_t conf_len) 2538 { 2539 struct acx_conf *confcom; 2540 2541 if (conf_len < sizeof(*confcom)) { 2542 printf("%s: %s configure data is too short\n", 2543 sc->sc_dev.dv_xname, __func__); 2544 return (1); 2545 } 2546 2547 confcom = conf; 2548 confcom->conf_id = htole16(conf_id); 2549 confcom->conf_data_len = htole16(conf_len - sizeof(*confcom)); 2550 2551 return (acx_exec_command(sc, ACXCMD_GET_CONF, confcom, sizeof(*confcom), 2552 conf, conf_len)); 2553 } 2554 2555 int 2556 acx_set_conf(struct acx_softc *sc, uint16_t conf_id, void *conf, 2557 uint16_t conf_len) 2558 { 2559 struct acx_conf *confcom; 2560 2561 if (conf_len < sizeof(*confcom)) { 2562 printf("%s: %s configure data is too short\n", 2563 sc->sc_dev.dv_xname, __func__); 2564 return (1); 2565 } 2566 2567 confcom = conf; 2568 confcom->conf_id = htole16(conf_id); 2569 confcom->conf_data_len = htole16(conf_len - sizeof(*confcom)); 2570 2571 return (acx_exec_command(sc, ACXCMD_SET_CONF, conf, conf_len, NULL, 0)); 2572 } 2573 2574 int 2575 acx_set_tmplt(struct acx_softc *sc, uint16_t cmd, void *tmplt, 2576 uint16_t tmplt_len) 2577 { 2578 uint16_t *size; 2579 2580 if (tmplt_len < sizeof(*size)) { 2581 printf("%s: %s template is too short\n", 2582 sc->sc_dev.dv_xname, __func__); 2583 return (1); 2584 } 2585 2586 size = tmplt; 2587 *size = htole16(tmplt_len - sizeof(*size)); 2588 2589 return (acx_exec_command(sc, cmd, tmplt, tmplt_len, NULL, 0)); 2590 } 2591 2592 int 2593 acx_init_radio(struct acx_softc *sc, uint32_t radio_ofs, uint32_t radio_len) 2594 { 2595 struct radio_init r; 2596 2597 r.radio_ofs = htole32(radio_ofs); 2598 r.radio_len = htole32(radio_len); 2599 2600 return (acx_exec_command(sc, ACXCMD_INIT_RADIO, &r, sizeof(r), NULL, 2601 0)); 2602 } 2603 2604 int 2605 acx_exec_command(struct acx_softc *sc, uint16_t cmd, void *param, 2606 uint16_t param_len, void *result, uint16_t result_len) 2607 { 2608 uint16_t status; 2609 int i, ret; 2610 2611 if ((sc->sc_flags & ACX_FLAG_FW_LOADED) == 0) { 2612 printf("%s: cmd 0x%04x failed (base firmware not loaded)\n", 2613 sc->sc_dev.dv_xname, cmd); 2614 return (1); 2615 } 2616 2617 ret = 0; 2618 2619 if (param != NULL && param_len != 0) { 2620 /* Set command param */ 2621 CMDPRM_WRITE_REGION_1(sc, param, param_len); 2622 } 2623 2624 /* Set command */ 2625 CMD_WRITE_4(sc, cmd); 2626 2627 /* Exec command */ 2628 CSR_WRITE_2(sc, ACXREG_INTR_TRIG, ACXRV_TRIG_CMD_FINI); 2629 DELAY(50); 2630 2631 /* Wait for command to complete */ 2632 if (cmd == ACXCMD_INIT_RADIO) { 2633 /* radio initialization is extremely long */ 2634 tsleep(&cmd, 0, "rdinit", (300 * hz) / 1000); /* 300ms */ 2635 } 2636 2637 #define CMDWAIT_RETRY_MAX 1000 2638 for (i = 0; i < CMDWAIT_RETRY_MAX; ++i) { 2639 uint16_t reg; 2640 2641 reg = CSR_READ_2(sc, ACXREG_INTR_STATUS); 2642 if (reg & ACXRV_INTR_CMD_FINI) { 2643 CSR_WRITE_2(sc, ACXREG_INTR_ACK, ACXRV_INTR_CMD_FINI); 2644 break; 2645 } 2646 DELAY(50); 2647 } 2648 if (i == CMDWAIT_RETRY_MAX) { 2649 printf("%s: cmd %04x failed (timeout)\n", 2650 sc->sc_dev.dv_xname, cmd); 2651 ret = 1; 2652 goto back; 2653 } 2654 #undef CMDWAIT_RETRY_MAX 2655 2656 /* Get command exec status */ 2657 status = (CMD_READ_4(sc) >> ACX_CMD_STATUS_SHIFT); 2658 if (status != ACX_CMD_STATUS_OK) { 2659 DPRINTF(("%s: cmd %04x failed\n", sc->sc_dev.dv_xname, cmd)); 2660 ret = 1; 2661 goto back; 2662 } 2663 2664 if (result != NULL && result_len != 0) { 2665 /* Get command result */ 2666 CMDPRM_READ_REGION_1(sc, result, result_len); 2667 } 2668 2669 back: 2670 CMD_WRITE_4(sc, 0); 2671 2672 return (ret); 2673 } 2674 2675 const char * 2676 acx_get_rf(int rev) 2677 { 2678 switch (rev) { 2679 case ACX_RADIO_TYPE_MAXIM: return "MAX2820"; 2680 case ACX_RADIO_TYPE_RFMD: return "RFMD"; 2681 case ACX_RADIO_TYPE_RALINK: return "Ralink"; 2682 case ACX_RADIO_TYPE_RADIA: return "Radia"; 2683 default: return "unknown"; 2684 } 2685 } 2686 2687 int 2688 acx_get_maxrssi(int radio) 2689 { 2690 switch (radio) { 2691 case ACX_RADIO_TYPE_MAXIM: return ACX_RADIO_RSSI_MAXIM; 2692 case ACX_RADIO_TYPE_RFMD: return ACX_RADIO_RSSI_RFMD; 2693 case ACX_RADIO_TYPE_RALINK: return ACX_RADIO_RSSI_RALINK; 2694 case ACX_RADIO_TYPE_RADIA: return ACX_RADIO_RSSI_RADIA; 2695 default: return ACX_RADIO_RSSI_UNKN; 2696 } 2697 } 2698 2699 void 2700 acx_iter_func(void *arg, struct ieee80211_node *ni) 2701 { 2702 struct acx_softc *sc = arg; 2703 struct acx_node *wn = (struct acx_node *)ni; 2704 2705 ieee80211_amrr_choose(&sc->amrr, ni, &wn->amn); 2706 } 2707 2708 void 2709 acx_amrr_timeout(void *arg) 2710 { 2711 struct acx_softc *sc = arg; 2712 struct ieee80211com *ic = &sc->sc_ic; 2713 2714 if (ic->ic_opmode == IEEE80211_M_STA) 2715 acx_iter_func(sc, ic->ic_bss); 2716 else 2717 ieee80211_iterate_nodes(ic, acx_iter_func, sc); 2718 2719 timeout_add_msec(&sc->amrr_ch, 500); 2720 } 2721 2722 void 2723 acx_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 2724 { 2725 struct acx_softc *sc = ic->ic_if.if_softc; 2726 int i; 2727 2728 ieee80211_amrr_node_init(&sc->amrr, &((struct acx_node *)ni)->amn); 2729 2730 /* set rate to some reasonable initial value */ 2731 for (i = ni->ni_rates.rs_nrates - 1; 2732 i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72; 2733 i--); 2734 ni->ni_txrate = i; 2735 } 2736