1 /* $NetBSD: if_upgt.c,v 1.16 2016/05/26 05:04:46 ozaki-r Exp $ */ 2 /* $OpenBSD: if_upgt.c,v 1.49 2010/04/20 22:05:43 tedu Exp $ */ 3 4 /* 5 * Copyright (c) 2007 Marcus Glocker <mglocker@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_upgt.c,v 1.16 2016/05/26 05:04:46 ozaki-r Exp $"); 22 23 #include <sys/param.h> 24 #include <sys/callout.h> 25 #include <sys/device.h> 26 #include <sys/errno.h> 27 #include <sys/kernel.h> 28 #include <sys/kthread.h> 29 #include <sys/mbuf.h> 30 #include <sys/proc.h> 31 #include <sys/sockio.h> 32 #include <sys/systm.h> 33 #include <sys/vnode.h> 34 #include <sys/bus.h> 35 #include <sys/endian.h> 36 #include <sys/intr.h> 37 38 #include <net/bpf.h> 39 #include <net/if.h> 40 #include <net/if_arp.h> 41 #include <net/if_dl.h> 42 #include <net/if_ether.h> 43 #include <net/if_media.h> 44 #include <net/if_types.h> 45 46 #include <net80211/ieee80211_var.h> 47 #include <net80211/ieee80211_radiotap.h> 48 49 #include <dev/firmload.h> 50 51 #include <dev/usb/usb.h> 52 #include <dev/usb/usbdi.h> 53 #include <dev/usb/usbdi_util.h> 54 #include <dev/usb/usbdivar.h> 55 #include <dev/usb/usbdevs.h> 56 57 #include <dev/usb/if_upgtvar.h> 58 59 /* 60 * Driver for the USB PrismGT devices. 61 * 62 * For now just USB 2.0 devices with the GW3887 chipset are supported. 63 * The driver has been written based on the firmware version 2.13.1.0_LM87. 64 * 65 * TODO's: 66 * - Fix MONITOR mode (MAC filter). 67 * - Add HOSTAP mode. 68 * - Add IBSS mode. 69 * - Support the USB 1.0 devices (NET2280, ISL3880, ISL3886 chipsets). 70 * 71 * Parts of this driver has been influenced by reading the p54u driver 72 * written by Jean-Baptiste Note <jean-baptiste.note@m4x.org> and 73 * Sebastien Bourdeauducq <lekernel@prism54.org>. 74 */ 75 76 #ifdef UPGT_DEBUG 77 int upgt_debug = 2; 78 #define DPRINTF(l, x...) do { if ((l) <= upgt_debug) printf(x); } while (0) 79 #else 80 #define DPRINTF(l, x...) 81 #endif 82 83 /* 84 * Prototypes. 85 */ 86 static int upgt_match(device_t, cfdata_t, void *); 87 static void upgt_attach(device_t, device_t, void *); 88 static int upgt_detach(device_t, int); 89 static int upgt_activate(device_t, devact_t); 90 91 static void upgt_attach_hook(device_t); 92 static int upgt_device_type(struct upgt_softc *, uint16_t, uint16_t); 93 static int upgt_device_init(struct upgt_softc *); 94 static int upgt_mem_init(struct upgt_softc *); 95 static uint32_t upgt_mem_alloc(struct upgt_softc *); 96 static void upgt_mem_free(struct upgt_softc *, uint32_t); 97 static int upgt_fw_alloc(struct upgt_softc *); 98 static void upgt_fw_free(struct upgt_softc *); 99 static int upgt_fw_verify(struct upgt_softc *); 100 static int upgt_fw_load(struct upgt_softc *); 101 static int upgt_fw_copy(char *, char *, int); 102 static int upgt_eeprom_read(struct upgt_softc *); 103 static int upgt_eeprom_parse(struct upgt_softc *); 104 static void upgt_eeprom_parse_hwrx(struct upgt_softc *, uint8_t *); 105 static void upgt_eeprom_parse_freq3(struct upgt_softc *, uint8_t *, int); 106 static void upgt_eeprom_parse_freq4(struct upgt_softc *, uint8_t *, int); 107 static void upgt_eeprom_parse_freq6(struct upgt_softc *, uint8_t *, int); 108 109 static int upgt_ioctl(struct ifnet *, u_long, void *); 110 static int upgt_init(struct ifnet *); 111 static void upgt_stop(struct upgt_softc *); 112 static int upgt_media_change(struct ifnet *); 113 static void upgt_newassoc(struct ieee80211_node *, int); 114 static int upgt_newstate(struct ieee80211com *, enum ieee80211_state, 115 int); 116 static void upgt_newstate_task(void *); 117 static void upgt_next_scan(void *); 118 static void upgt_start(struct ifnet *); 119 static void upgt_watchdog(struct ifnet *); 120 static void upgt_tx_task(void *); 121 static void upgt_tx_done(struct upgt_softc *, uint8_t *); 122 static void upgt_rx_cb(struct usbd_xfer *, void *, usbd_status); 123 static void upgt_rx(struct upgt_softc *, uint8_t *, int); 124 static void upgt_setup_rates(struct upgt_softc *); 125 static uint8_t upgt_rx_rate(struct upgt_softc *, const int); 126 static int upgt_set_macfilter(struct upgt_softc *, uint8_t); 127 static int upgt_set_channel(struct upgt_softc *, unsigned); 128 static void upgt_set_led(struct upgt_softc *, int); 129 static void upgt_set_led_blink(void *); 130 static int upgt_get_stats(struct upgt_softc *); 131 132 static int upgt_alloc_tx(struct upgt_softc *); 133 static int upgt_alloc_rx(struct upgt_softc *); 134 static int upgt_alloc_cmd(struct upgt_softc *); 135 static void upgt_free_tx(struct upgt_softc *); 136 static void upgt_free_rx(struct upgt_softc *); 137 static void upgt_free_cmd(struct upgt_softc *); 138 static int upgt_bulk_xmit(struct upgt_softc *, struct upgt_data *, 139 struct usbd_pipe *, uint32_t *, int); 140 141 #if 0 142 static void upgt_hexdump(void *, int); 143 #endif 144 static uint32_t upgt_crc32_le(const void *, size_t); 145 static uint32_t upgt_chksum_le(const uint32_t *, size_t); 146 147 CFATTACH_DECL_NEW(upgt, sizeof(struct upgt_softc), 148 upgt_match, upgt_attach, upgt_detach, upgt_activate); 149 150 static const struct usb_devno upgt_devs_1[] = { 151 /* version 1 devices */ 152 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST120G }, 153 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG_V1 } 154 }; 155 156 static const struct usb_devno upgt_devs_2[] = { 157 /* version 2 devices */ 158 { USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_PRISM_GT }, 159 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST121G }, 160 { USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D7050 }, 161 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54AG }, 162 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54GV2 }, 163 { USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_PRISM_GT }, 164 { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_CGWLUSB2GTST }, 165 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_1 }, 166 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_2 }, 167 { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWLG122A2 }, 168 { USB_VENDOR_FSC, USB_PRODUCT_FSC_E5400 }, 169 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_1 }, 170 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_2 }, 171 { USB_VENDOR_INTERSIL, USB_PRODUCT_INTERSIL_PRISM_GT }, 172 { USB_VENDOR_PHEENET, USB_PRODUCT_PHEENET_GWU513 }, 173 { USB_VENDOR_PHILIPS, USB_PRODUCT_PHILIPS_CPWUA054 }, 174 { USB_VENDOR_SHARP, USB_PRODUCT_SHARP_RUITZ1016YCZZ }, 175 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG }, 176 { USB_VENDOR_USR, USB_PRODUCT_USR_USR5422 }, 177 { USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_UR045G }, 178 { USB_VENDOR_CONEXANT, USB_PRODUCT_CONEXANT_PRISM_GT_1 }, 179 { USB_VENDOR_CONEXANT, USB_PRODUCT_CONEXANT_PRISM_GT_2 }, 180 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_MD40900 }, 181 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_XG703A } 182 }; 183 184 static int 185 firmware_load(const char *dname, const char *iname, uint8_t **ucodep, 186 size_t *sizep) 187 { 188 firmware_handle_t fh; 189 int error; 190 191 if ((error = firmware_open(dname, iname, &fh)) != 0) 192 return error; 193 *sizep = firmware_get_size(fh); 194 if ((*ucodep = firmware_malloc(*sizep)) == NULL) { 195 firmware_close(fh); 196 return ENOMEM; 197 } 198 if ((error = firmware_read(fh, 0, *ucodep, *sizep)) != 0) 199 firmware_free(*ucodep, *sizep); 200 firmware_close(fh); 201 202 return error; 203 } 204 205 static int 206 upgt_match(device_t parent, cfdata_t match, void *aux) 207 { 208 struct usb_attach_arg *uaa = aux; 209 210 if (usb_lookup(upgt_devs_1, uaa->uaa_vendor, uaa->uaa_product) != NULL) 211 return UMATCH_VENDOR_PRODUCT; 212 213 if (usb_lookup(upgt_devs_2, uaa->uaa_vendor, uaa->uaa_product) != NULL) 214 return UMATCH_VENDOR_PRODUCT; 215 216 return UMATCH_NONE; 217 } 218 219 static void 220 upgt_attach(device_t parent, device_t self, void *aux) 221 { 222 struct upgt_softc *sc = device_private(self); 223 struct usb_attach_arg *uaa = aux; 224 usb_interface_descriptor_t *id; 225 usb_endpoint_descriptor_t *ed; 226 usbd_status error; 227 char *devinfop; 228 int i; 229 230 aprint_naive("\n"); 231 aprint_normal("\n"); 232 233 /* 234 * Attach USB device. 235 */ 236 sc->sc_dev = self; 237 sc->sc_udev = uaa->uaa_device; 238 239 devinfop = usbd_devinfo_alloc(sc->sc_udev, 0); 240 aprint_normal_dev(sc->sc_dev, "%s\n", devinfop); 241 usbd_devinfo_free(devinfop); 242 243 /* check device type */ 244 if (upgt_device_type(sc, uaa->uaa_vendor, uaa->uaa_product) != 0) 245 return; 246 247 /* set configuration number */ 248 error = usbd_set_config_no(sc->sc_udev, UPGT_CONFIG_NO, 0); 249 if (error != 0) { 250 aprint_error_dev(sc->sc_dev, "failed to set configuration" 251 ", err=%s\n", usbd_errstr(error)); 252 return; 253 } 254 255 /* get the first interface handle */ 256 error = usbd_device2interface_handle(sc->sc_udev, UPGT_IFACE_INDEX, 257 &sc->sc_iface); 258 if (error != 0) { 259 aprint_error_dev(sc->sc_dev, 260 "could not get interface handle\n"); 261 return; 262 } 263 264 /* find endpoints */ 265 id = usbd_get_interface_descriptor(sc->sc_iface); 266 sc->sc_rx_no = sc->sc_tx_no = -1; 267 for (i = 0; i < id->bNumEndpoints; i++) { 268 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 269 if (ed == NULL) { 270 aprint_error_dev(sc->sc_dev, 271 "no endpoint descriptor for iface %d\n", i); 272 return; 273 } 274 275 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 276 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 277 sc->sc_tx_no = ed->bEndpointAddress; 278 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 279 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 280 sc->sc_rx_no = ed->bEndpointAddress; 281 282 /* 283 * 0x01 TX pipe 284 * 0x81 RX pipe 285 * 286 * Deprecated scheme (not used with fw version >2.5.6.x): 287 * 0x02 TX MGMT pipe 288 * 0x82 TX MGMT pipe 289 */ 290 if (sc->sc_tx_no != -1 && sc->sc_rx_no != -1) 291 break; 292 } 293 if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) { 294 aprint_error_dev(sc->sc_dev, "missing endpoint\n"); 295 return; 296 } 297 298 /* setup tasks and timeouts */ 299 usb_init_task(&sc->sc_task_newstate, upgt_newstate_task, sc, 0); 300 usb_init_task(&sc->sc_task_tx, upgt_tx_task, sc, 0); 301 callout_init(&sc->scan_to, 0); 302 callout_setfunc(&sc->scan_to, upgt_next_scan, sc); 303 callout_init(&sc->led_to, 0); 304 callout_setfunc(&sc->led_to, upgt_set_led_blink, sc); 305 306 /* 307 * Open TX and RX USB bulk pipes. 308 */ 309 error = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE, 310 &sc->sc_tx_pipeh); 311 if (error != 0) { 312 aprint_error_dev(sc->sc_dev, 313 "could not open TX pipe: %s\n", usbd_errstr(error)); 314 goto fail; 315 } 316 error = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE, 317 &sc->sc_rx_pipeh); 318 if (error != 0) { 319 aprint_error_dev(sc->sc_dev, "could not open RX pipe: %s\n", 320 usbd_errstr(error)); 321 goto fail; 322 } 323 324 /* 325 * Allocate TX, RX, and CMD xfers. 326 */ 327 if (upgt_alloc_tx(sc) != 0) 328 goto fail; 329 if (upgt_alloc_rx(sc) != 0) 330 goto fail; 331 if (upgt_alloc_cmd(sc) != 0) 332 goto fail; 333 334 /* 335 * We need the firmware loaded from file system to complete the attach. 336 */ 337 config_mountroot(self, upgt_attach_hook); 338 339 return; 340 fail: 341 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 342 } 343 344 static void 345 upgt_attach_hook(device_t arg) 346 { 347 struct upgt_softc *sc = device_private(arg); 348 struct ieee80211com *ic = &sc->sc_ic; 349 struct ifnet *ifp = &sc->sc_if; 350 usbd_status error; 351 int i; 352 353 /* 354 * Load firmware file into memory. 355 */ 356 if (upgt_fw_alloc(sc) != 0) 357 goto fail; 358 359 /* 360 * Initialize the device. 361 */ 362 if (upgt_device_init(sc) != 0) 363 goto fail; 364 365 /* 366 * Verify the firmware. 367 */ 368 if (upgt_fw_verify(sc) != 0) 369 goto fail; 370 371 /* 372 * Calculate device memory space. 373 */ 374 if (sc->sc_memaddr_frame_start == 0 || sc->sc_memaddr_frame_end == 0) { 375 aprint_error_dev(sc->sc_dev, 376 "could not find memory space addresses on FW\n"); 377 goto fail; 378 } 379 sc->sc_memaddr_frame_end -= UPGT_MEMSIZE_RX + 1; 380 sc->sc_memaddr_rx_start = sc->sc_memaddr_frame_end + 1; 381 382 DPRINTF(1, "%s: memory address frame start=0x%08x\n", 383 device_xname(sc->sc_dev), sc->sc_memaddr_frame_start); 384 DPRINTF(1, "%s: memory address frame end=0x%08x\n", 385 device_xname(sc->sc_dev), sc->sc_memaddr_frame_end); 386 DPRINTF(1, "%s: memory address rx start=0x%08x\n", 387 device_xname(sc->sc_dev), sc->sc_memaddr_rx_start); 388 389 upgt_mem_init(sc); 390 391 /* 392 * Load the firmware. 393 */ 394 if (upgt_fw_load(sc) != 0) 395 goto fail; 396 397 /* 398 * Startup the RX pipe. 399 */ 400 struct upgt_data *data_rx = &sc->rx_data; 401 402 usbd_setup_xfer(data_rx->xfer, data_rx, data_rx->buf, 403 MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 404 error = usbd_transfer(data_rx->xfer); 405 if (error != USBD_NORMAL_COMPLETION && error != USBD_IN_PROGRESS) { 406 aprint_error_dev(sc->sc_dev, 407 "could not queue RX transfer\n"); 408 goto fail; 409 } 410 usbd_delay_ms(sc->sc_udev, 100); 411 412 /* 413 * Read the whole EEPROM content and parse it. 414 */ 415 if (upgt_eeprom_read(sc) != 0) 416 goto fail; 417 if (upgt_eeprom_parse(sc) != 0) 418 goto fail; 419 420 /* 421 * Setup the 802.11 device. 422 */ 423 ic->ic_ifp = ifp; 424 ic->ic_phytype = IEEE80211_T_OFDM; 425 ic->ic_opmode = IEEE80211_M_STA; 426 ic->ic_state = IEEE80211_S_INIT; 427 ic->ic_caps = 428 IEEE80211_C_MONITOR | 429 IEEE80211_C_SHPREAMBLE | 430 IEEE80211_C_SHSLOT; 431 432 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 433 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 434 435 for (i = 1; i <= 14; i++) { 436 ic->ic_channels[i].ic_freq = 437 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 438 ic->ic_channels[i].ic_flags = 439 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 440 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 441 } 442 443 ifp->if_softc = sc; 444 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 445 ifp->if_init = upgt_init; 446 ifp->if_ioctl = upgt_ioctl; 447 ifp->if_start = upgt_start; 448 ifp->if_watchdog = upgt_watchdog; 449 IFQ_SET_READY(&ifp->if_snd); 450 memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ); 451 452 if_attach(ifp); 453 ieee80211_ifattach(ic); 454 ic->ic_newassoc = upgt_newassoc; 455 456 sc->sc_newstate = ic->ic_newstate; 457 ic->ic_newstate = upgt_newstate; 458 ieee80211_media_init(ic, upgt_media_change, ieee80211_media_status); 459 460 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 461 sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 462 &sc->sc_drvbpf); 463 464 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 465 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 466 sc->sc_rxtap.wr_ihdr.it_present = htole32(UPGT_RX_RADIOTAP_PRESENT); 467 468 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 469 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 470 sc->sc_txtap.wt_ihdr.it_present = htole32(UPGT_TX_RADIOTAP_PRESENT); 471 472 aprint_normal_dev(sc->sc_dev, "address %s\n", 473 ether_sprintf(ic->ic_myaddr)); 474 475 ieee80211_announce(ic); 476 477 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, sc->sc_dev); 478 479 /* device attached */ 480 sc->sc_flags |= UPGT_DEVICE_ATTACHED; 481 482 return; 483 fail: 484 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 485 } 486 487 static int 488 upgt_detach(device_t self, int flags) 489 { 490 struct upgt_softc *sc = device_private(self); 491 struct ifnet *ifp = &sc->sc_if; 492 struct ieee80211com *ic = &sc->sc_ic; 493 int s; 494 495 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 496 497 s = splnet(); 498 499 if (ifp->if_flags & IFF_RUNNING) 500 upgt_stop(sc); 501 502 /* remove tasks and timeouts */ 503 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 504 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 505 callout_destroy(&sc->scan_to); 506 callout_destroy(&sc->led_to); 507 508 /* abort and close TX / RX pipes */ 509 if (sc->sc_tx_pipeh != NULL) { 510 usbd_abort_pipe(sc->sc_tx_pipeh); 511 } 512 if (sc->sc_rx_pipeh != NULL) { 513 usbd_abort_pipe(sc->sc_rx_pipeh); 514 } 515 516 /* free xfers */ 517 upgt_free_tx(sc); 518 upgt_free_rx(sc); 519 upgt_free_cmd(sc); 520 521 /* Close TX / RX pipes */ 522 if (sc->sc_tx_pipeh != NULL) { 523 usbd_close_pipe(sc->sc_tx_pipeh); 524 } 525 if (sc->sc_rx_pipeh != NULL) { 526 usbd_close_pipe(sc->sc_rx_pipeh); 527 } 528 529 /* free firmware */ 530 upgt_fw_free(sc); 531 532 if (sc->sc_flags & UPGT_DEVICE_ATTACHED) { 533 /* detach interface */ 534 bpf_detach(ifp); 535 ieee80211_ifdetach(ic); 536 if_detach(ifp); 537 } 538 539 splx(s); 540 541 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, sc->sc_dev); 542 543 return 0; 544 } 545 546 static int 547 upgt_activate(device_t self, devact_t act) 548 { 549 struct upgt_softc *sc = device_private(self); 550 551 switch (act) { 552 case DVACT_DEACTIVATE: 553 if_deactivate(&sc->sc_if); 554 return 0; 555 default: 556 return EOPNOTSUPP; 557 } 558 } 559 560 static int 561 upgt_device_type(struct upgt_softc *sc, uint16_t vendor, uint16_t product) 562 { 563 564 if (usb_lookup(upgt_devs_1, vendor, product) != NULL) { 565 sc->sc_device_type = 1; 566 /* XXX */ 567 aprint_error_dev(sc->sc_dev, 568 "version 1 devices not supported yet\n"); 569 return 1; 570 } else 571 sc->sc_device_type = 2; 572 573 return 0; 574 } 575 576 static int 577 upgt_device_init(struct upgt_softc *sc) 578 { 579 struct upgt_data *data_cmd = &sc->cmd_data; 580 const uint8_t init_cmd[] = { 0x7e, 0x7e, 0x7e, 0x7e }; 581 int len; 582 583 len = sizeof(init_cmd); 584 memcpy(data_cmd->buf, init_cmd, len); 585 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 586 aprint_error_dev(sc->sc_dev, 587 "could not send device init string\n"); 588 return EIO; 589 } 590 usbd_delay_ms(sc->sc_udev, 100); 591 592 DPRINTF(1, "%s: device initialized\n", device_xname(sc->sc_dev)); 593 594 return 0; 595 } 596 597 static int 598 upgt_mem_init(struct upgt_softc *sc) 599 { 600 int i; 601 602 for (i = 0; i < UPGT_MEMORY_MAX_PAGES; i++) { 603 sc->sc_memory.page[i].used = 0; 604 605 if (i == 0) { 606 /* 607 * The first memory page is always reserved for 608 * command data. 609 */ 610 sc->sc_memory.page[i].addr = 611 sc->sc_memaddr_frame_start + MCLBYTES; 612 } else { 613 sc->sc_memory.page[i].addr = 614 sc->sc_memory.page[i - 1].addr + MCLBYTES; 615 } 616 617 if (sc->sc_memory.page[i].addr + MCLBYTES >= 618 sc->sc_memaddr_frame_end) 619 break; 620 621 DPRINTF(2, "%s: memory address page %d=0x%08x\n", 622 device_xname(sc->sc_dev), i, sc->sc_memory.page[i].addr); 623 } 624 625 sc->sc_memory.pages = i; 626 627 DPRINTF(2, "%s: memory pages=%d\n", 628 device_xname(sc->sc_dev), sc->sc_memory.pages); 629 630 return 0; 631 } 632 633 static uint32_t 634 upgt_mem_alloc(struct upgt_softc *sc) 635 { 636 int i; 637 638 for (i = 0; i < sc->sc_memory.pages; i++) { 639 if (sc->sc_memory.page[i].used == 0) { 640 sc->sc_memory.page[i].used = 1; 641 return sc->sc_memory.page[i].addr; 642 } 643 } 644 645 return 0; 646 } 647 648 static void 649 upgt_mem_free(struct upgt_softc *sc, uint32_t addr) 650 { 651 int i; 652 653 for (i = 0; i < sc->sc_memory.pages; i++) { 654 if (sc->sc_memory.page[i].addr == addr) { 655 sc->sc_memory.page[i].used = 0; 656 return; 657 } 658 } 659 660 aprint_error_dev(sc->sc_dev, "could not free memory address 0x%08x\n", 661 addr); 662 } 663 664 665 static int 666 upgt_fw_alloc(struct upgt_softc *sc) 667 { 668 const char *name = "upgt-gw3887"; 669 int error; 670 671 if (sc->sc_fw == NULL) { 672 error = firmware_load("upgt", name, &sc->sc_fw, 673 &sc->sc_fw_size); 674 if (error != 0) { 675 if (error == ENOENT) { 676 /* 677 * The firmware file for upgt(4) is not in 678 * the default distribution due to its lisence 679 * so explicitly notify it if the firmware file 680 * is not found. 681 */ 682 aprint_error_dev(sc->sc_dev, 683 "firmware file %s is not installed\n", 684 name); 685 aprint_error_dev(sc->sc_dev, 686 "(it is not included in the default" 687 " distribution)\n"); 688 aprint_error_dev(sc->sc_dev, 689 "see upgt(4) man page for details about " 690 "firmware installation\n"); 691 } else { 692 aprint_error_dev(sc->sc_dev, 693 "could not read firmware %s\n", name); 694 } 695 return EIO; 696 } 697 } 698 699 DPRINTF(1, "%s: firmware %s allocated\n", device_xname(sc->sc_dev), 700 name); 701 702 return 0; 703 } 704 705 static void 706 upgt_fw_free(struct upgt_softc *sc) 707 { 708 709 if (sc->sc_fw != NULL) { 710 firmware_free(sc->sc_fw, sc->sc_fw_size); 711 sc->sc_fw = NULL; 712 DPRINTF(1, "%s: firmware freed\n", device_xname(sc->sc_dev)); 713 } 714 } 715 716 static int 717 upgt_fw_verify(struct upgt_softc *sc) 718 { 719 struct upgt_fw_bra_option *bra_option; 720 uint32_t bra_option_type, bra_option_len; 721 uint32_t *uc; 722 int offset, bra_end = 0; 723 724 /* 725 * Seek to beginning of Boot Record Area (BRA). 726 */ 727 for (offset = 0; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 728 uc = (uint32_t *)(sc->sc_fw + offset); 729 if (*uc == 0) 730 break; 731 } 732 for (; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 733 uc = (uint32_t *)(sc->sc_fw + offset); 734 if (*uc != 0) 735 break; 736 } 737 if (offset == sc->sc_fw_size) { 738 aprint_error_dev(sc->sc_dev, 739 "firmware Boot Record Area not found\n"); 740 return EIO; 741 } 742 DPRINTF(1, "%s: firmware Boot Record Area found at offset %d\n", 743 device_xname(sc->sc_dev), offset); 744 745 /* 746 * Parse Boot Record Area (BRA) options. 747 */ 748 while (offset < sc->sc_fw_size && bra_end == 0) { 749 /* get current BRA option */ 750 bra_option = (struct upgt_fw_bra_option *)(sc->sc_fw + offset); 751 bra_option_type = le32toh(bra_option->type); 752 bra_option_len = le32toh(bra_option->len) * sizeof(*uc); 753 754 switch (bra_option_type) { 755 case UPGT_BRA_TYPE_FW: 756 DPRINTF(1, "%s: UPGT_BRA_TYPE_FW len=%d\n", 757 device_xname(sc->sc_dev), bra_option_len); 758 759 if (bra_option_len != UPGT_BRA_FWTYPE_SIZE) { 760 aprint_error_dev(sc->sc_dev, 761 "wrong UPGT_BRA_TYPE_FW len\n"); 762 return EIO; 763 } 764 if (memcmp(UPGT_BRA_FWTYPE_LM86, bra_option->data, 765 bra_option_len) == 0) { 766 sc->sc_fw_type = UPGT_FWTYPE_LM86; 767 break; 768 } 769 if (memcmp(UPGT_BRA_FWTYPE_LM87, bra_option->data, 770 bra_option_len) == 0) { 771 sc->sc_fw_type = UPGT_FWTYPE_LM87; 772 break; 773 } 774 if (memcmp(UPGT_BRA_FWTYPE_FMAC, bra_option->data, 775 bra_option_len) == 0) { 776 sc->sc_fw_type = UPGT_FWTYPE_FMAC; 777 break; 778 } 779 aprint_error_dev(sc->sc_dev, 780 "unsupported firmware type\n"); 781 return EIO; 782 case UPGT_BRA_TYPE_VERSION: 783 DPRINTF(1, "%s: UPGT_BRA_TYPE_VERSION len=%d\n", 784 device_xname(sc->sc_dev), bra_option_len); 785 break; 786 case UPGT_BRA_TYPE_DEPIF: 787 DPRINTF(1, "%s: UPGT_BRA_TYPE_DEPIF len=%d\n", 788 device_xname(sc->sc_dev), bra_option_len); 789 break; 790 case UPGT_BRA_TYPE_EXPIF: 791 DPRINTF(1, "%s: UPGT_BRA_TYPE_EXPIF len=%d\n", 792 device_xname(sc->sc_dev), bra_option_len); 793 break; 794 case UPGT_BRA_TYPE_DESCR: 795 DPRINTF(1, "%s: UPGT_BRA_TYPE_DESCR len=%d\n", 796 device_xname(sc->sc_dev), bra_option_len); 797 798 struct upgt_fw_bra_descr *descr = 799 (struct upgt_fw_bra_descr *)bra_option->data; 800 801 sc->sc_memaddr_frame_start = 802 le32toh(descr->memaddr_space_start); 803 sc->sc_memaddr_frame_end = 804 le32toh(descr->memaddr_space_end); 805 806 DPRINTF(2, "%s: memory address space start=0x%08x\n", 807 device_xname(sc->sc_dev), 808 sc->sc_memaddr_frame_start); 809 DPRINTF(2, "%s: memory address space end=0x%08x\n", 810 device_xname(sc->sc_dev), 811 sc->sc_memaddr_frame_end); 812 break; 813 case UPGT_BRA_TYPE_END: 814 DPRINTF(1, "%s: UPGT_BRA_TYPE_END len=%d\n", 815 device_xname(sc->sc_dev), bra_option_len); 816 bra_end = 1; 817 break; 818 default: 819 DPRINTF(1, "%s: unknown BRA option len=%d\n", 820 device_xname(sc->sc_dev), bra_option_len); 821 return EIO; 822 } 823 824 /* jump to next BRA option */ 825 offset += sizeof(struct upgt_fw_bra_option) + bra_option_len; 826 } 827 828 DPRINTF(1, "%s: firmware verified\n", device_xname(sc->sc_dev)); 829 830 return 0; 831 } 832 833 static int 834 upgt_fw_load(struct upgt_softc *sc) 835 { 836 struct upgt_data *data_cmd = &sc->cmd_data; 837 struct upgt_data *data_rx = &sc->rx_data; 838 struct upgt_fw_x2_header *x2; 839 const uint8_t start_fwload_cmd[] = { 0x3c, 0x0d }; 840 int offset, bsize, n, i, len; 841 uint32_t crc; 842 843 /* send firmware start load command */ 844 len = sizeof(start_fwload_cmd); 845 memcpy(data_cmd->buf, start_fwload_cmd, len); 846 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 847 aprint_error_dev(sc->sc_dev, 848 "could not send start_firmware_load command\n"); 849 return EIO; 850 } 851 852 /* send X2 header */ 853 len = sizeof(struct upgt_fw_x2_header); 854 x2 = (struct upgt_fw_x2_header *)data_cmd->buf; 855 memcpy(x2->signature, UPGT_X2_SIGNATURE, UPGT_X2_SIGNATURE_SIZE); 856 x2->startaddr = htole32(UPGT_MEMADDR_FIRMWARE_START); 857 x2->len = htole32(sc->sc_fw_size); 858 x2->crc = upgt_crc32_le(data_cmd->buf + UPGT_X2_SIGNATURE_SIZE, 859 sizeof(struct upgt_fw_x2_header) - UPGT_X2_SIGNATURE_SIZE - 860 sizeof(uint32_t)); 861 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 862 aprint_error_dev(sc->sc_dev, 863 "could not send firmware X2 header\n"); 864 return EIO; 865 } 866 867 /* download firmware */ 868 for (offset = 0; offset < sc->sc_fw_size; offset += bsize) { 869 if (sc->sc_fw_size - offset > UPGT_FW_BLOCK_SIZE) 870 bsize = UPGT_FW_BLOCK_SIZE; 871 else 872 bsize = sc->sc_fw_size - offset; 873 874 n = upgt_fw_copy(sc->sc_fw + offset, data_cmd->buf, bsize); 875 876 DPRINTF(1, "%s: FW offset=%d, read=%d, sent=%d\n", 877 device_xname(sc->sc_dev), offset, n, bsize); 878 879 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &bsize, 0) 880 != 0) { 881 aprint_error_dev(sc->sc_dev, 882 "error while downloading firmware block\n"); 883 return EIO; 884 } 885 886 bsize = n; 887 } 888 DPRINTF(1, "%s: firmware downloaded\n", device_xname(sc->sc_dev)); 889 890 /* load firmware */ 891 crc = upgt_crc32_le(sc->sc_fw, sc->sc_fw_size); 892 *((uint32_t *)(data_cmd->buf) ) = crc; 893 *((uint8_t *)(data_cmd->buf) + 4) = 'g'; 894 *((uint8_t *)(data_cmd->buf) + 5) = '\r'; 895 len = 6; 896 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 897 aprint_error_dev(sc->sc_dev, 898 "could not send load_firmware command\n"); 899 return EIO; 900 } 901 902 for (i = 0; i < UPGT_FIRMWARE_TIMEOUT; i++) { 903 len = UPGT_FW_BLOCK_SIZE; 904 memset(data_rx->buf, 0, 2); 905 if (upgt_bulk_xmit(sc, data_rx, sc->sc_rx_pipeh, &len, 906 USBD_SHORT_XFER_OK) != 0) { 907 aprint_error_dev(sc->sc_dev, 908 "could not read firmware response\n"); 909 return EIO; 910 } 911 912 if (memcmp(data_rx->buf, "OK", 2) == 0) 913 break; /* firmware load was successful */ 914 } 915 if (i == UPGT_FIRMWARE_TIMEOUT) { 916 aprint_error_dev(sc->sc_dev, "firmware load failed\n"); 917 return EIO; 918 } 919 DPRINTF(1, "%s: firmware loaded\n", device_xname(sc->sc_dev)); 920 921 return 0; 922 } 923 924 /* 925 * While copying the version 2 firmware, we need to replace two characters: 926 * 927 * 0x7e -> 0x7d 0x5e 928 * 0x7d -> 0x7d 0x5d 929 */ 930 static int 931 upgt_fw_copy(char *src, char *dst, int size) 932 { 933 int i, j; 934 935 for (i = 0, j = 0; i < size && j < size; i++) { 936 switch (src[i]) { 937 case 0x7e: 938 dst[j] = 0x7d; 939 j++; 940 dst[j] = 0x5e; 941 j++; 942 break; 943 case 0x7d: 944 dst[j] = 0x7d; 945 j++; 946 dst[j] = 0x5d; 947 j++; 948 break; 949 default: 950 dst[j] = src[i]; 951 j++; 952 break; 953 } 954 } 955 956 return i; 957 } 958 959 static int 960 upgt_eeprom_read(struct upgt_softc *sc) 961 { 962 struct upgt_data *data_cmd = &sc->cmd_data; 963 struct upgt_lmac_mem *mem; 964 struct upgt_lmac_eeprom *eeprom; 965 int offset, block, len; 966 967 offset = 0; 968 block = UPGT_EEPROM_BLOCK_SIZE; 969 while (offset < UPGT_EEPROM_SIZE) { 970 DPRINTF(1, "%s: request EEPROM block (offset=%d, len=%d)\n", 971 device_xname(sc->sc_dev), offset, block); 972 973 /* 974 * Transmit the URB containing the CMD data. 975 */ 976 len = sizeof(*mem) + sizeof(*eeprom) + block; 977 978 memset(data_cmd->buf, 0, len); 979 980 mem = (struct upgt_lmac_mem *)data_cmd->buf; 981 mem->addr = htole32(sc->sc_memaddr_frame_start + 982 UPGT_MEMSIZE_FRAME_HEAD); 983 984 eeprom = (struct upgt_lmac_eeprom *)(mem + 1); 985 eeprom->header1.flags = 0; 986 eeprom->header1.type = UPGT_H1_TYPE_CTRL; 987 eeprom->header1.len = htole16(( 988 sizeof(struct upgt_lmac_eeprom) - 989 sizeof(struct upgt_lmac_header)) + block); 990 991 eeprom->header2.reqid = htole32(sc->sc_memaddr_frame_start); 992 eeprom->header2.type = htole16(UPGT_H2_TYPE_EEPROM); 993 eeprom->header2.flags = 0; 994 995 eeprom->offset = htole16(offset); 996 eeprom->len = htole16(block); 997 998 mem->chksum = upgt_chksum_le((uint32_t *)eeprom, 999 len - sizeof(*mem)); 1000 1001 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 1002 USBD_FORCE_SHORT_XFER) != 0) { 1003 aprint_error_dev(sc->sc_dev, 1004 "could not transmit EEPROM data URB\n"); 1005 return EIO; 1006 } 1007 if (tsleep(sc, 0, "eeprom_request", UPGT_USB_TIMEOUT)) { 1008 aprint_error_dev(sc->sc_dev, 1009 "timeout while waiting for EEPROM data\n"); 1010 return EIO; 1011 } 1012 1013 offset += block; 1014 if (UPGT_EEPROM_SIZE - offset < block) 1015 block = UPGT_EEPROM_SIZE - offset; 1016 } 1017 1018 return 0; 1019 } 1020 1021 static int 1022 upgt_eeprom_parse(struct upgt_softc *sc) 1023 { 1024 struct ieee80211com *ic = &sc->sc_ic; 1025 struct upgt_eeprom_header *eeprom_header; 1026 struct upgt_eeprom_option *eeprom_option; 1027 uint16_t option_len; 1028 uint16_t option_type; 1029 uint16_t preamble_len; 1030 int option_end = 0; 1031 1032 /* calculate eeprom options start offset */ 1033 eeprom_header = (struct upgt_eeprom_header *)sc->sc_eeprom; 1034 preamble_len = le16toh(eeprom_header->preamble_len); 1035 eeprom_option = (struct upgt_eeprom_option *)(sc->sc_eeprom + 1036 (sizeof(struct upgt_eeprom_header) + preamble_len)); 1037 1038 while (!option_end) { 1039 /* the eeprom option length is stored in words */ 1040 option_len = 1041 (le16toh(eeprom_option->len) - 1) * sizeof(uint16_t); 1042 option_type = 1043 le16toh(eeprom_option->type); 1044 1045 switch (option_type) { 1046 case UPGT_EEPROM_TYPE_NAME: 1047 DPRINTF(1, "%s: EEPROM name len=%d\n", 1048 device_xname(sc->sc_dev), option_len); 1049 break; 1050 case UPGT_EEPROM_TYPE_SERIAL: 1051 DPRINTF(1, "%s: EEPROM serial len=%d\n", 1052 device_xname(sc->sc_dev), option_len); 1053 break; 1054 case UPGT_EEPROM_TYPE_MAC: 1055 DPRINTF(1, "%s: EEPROM mac len=%d\n", 1056 device_xname(sc->sc_dev), option_len); 1057 1058 IEEE80211_ADDR_COPY(ic->ic_myaddr, eeprom_option->data); 1059 break; 1060 case UPGT_EEPROM_TYPE_HWRX: 1061 DPRINTF(1, "%s: EEPROM hwrx len=%d\n", 1062 device_xname(sc->sc_dev), option_len); 1063 1064 upgt_eeprom_parse_hwrx(sc, eeprom_option->data); 1065 break; 1066 case UPGT_EEPROM_TYPE_CHIP: 1067 DPRINTF(1, "%s: EEPROM chip len=%d\n", 1068 device_xname(sc->sc_dev), option_len); 1069 break; 1070 case UPGT_EEPROM_TYPE_FREQ3: 1071 DPRINTF(1, "%s: EEPROM freq3 len=%d\n", 1072 device_xname(sc->sc_dev), option_len); 1073 1074 upgt_eeprom_parse_freq3(sc, eeprom_option->data, 1075 option_len); 1076 break; 1077 case UPGT_EEPROM_TYPE_FREQ4: 1078 DPRINTF(1, "%s: EEPROM freq4 len=%d\n", 1079 device_xname(sc->sc_dev), option_len); 1080 1081 upgt_eeprom_parse_freq4(sc, eeprom_option->data, 1082 option_len); 1083 break; 1084 case UPGT_EEPROM_TYPE_FREQ5: 1085 DPRINTF(1, "%s: EEPROM freq5 len=%d\n", 1086 device_xname(sc->sc_dev), option_len); 1087 break; 1088 case UPGT_EEPROM_TYPE_FREQ6: 1089 DPRINTF(1, "%s: EEPROM freq6 len=%d\n", 1090 device_xname(sc->sc_dev), option_len); 1091 1092 upgt_eeprom_parse_freq6(sc, eeprom_option->data, 1093 option_len); 1094 break; 1095 case UPGT_EEPROM_TYPE_END: 1096 DPRINTF(1, "%s: EEPROM end len=%d\n", 1097 device_xname(sc->sc_dev), option_len); 1098 option_end = 1; 1099 break; 1100 case UPGT_EEPROM_TYPE_OFF: 1101 DPRINTF(1, "%s: EEPROM off without end option\n", 1102 device_xname(sc->sc_dev)); 1103 return EIO; 1104 default: 1105 DPRINTF(1, "%s: EEPROM unknown type 0x%04x len=%d\n", 1106 device_xname(sc->sc_dev), option_type, option_len); 1107 break; 1108 } 1109 1110 /* jump to next EEPROM option */ 1111 eeprom_option = (struct upgt_eeprom_option *) 1112 (eeprom_option->data + option_len); 1113 } 1114 1115 return 0; 1116 } 1117 1118 static void 1119 upgt_eeprom_parse_hwrx(struct upgt_softc *sc, uint8_t *data) 1120 { 1121 struct upgt_eeprom_option_hwrx *option_hwrx; 1122 1123 option_hwrx = (struct upgt_eeprom_option_hwrx *)data; 1124 1125 sc->sc_eeprom_hwrx = option_hwrx->rxfilter - UPGT_EEPROM_RX_CONST; 1126 1127 DPRINTF(2, "%s: hwrx option value=0x%04x\n", 1128 device_xname(sc->sc_dev), sc->sc_eeprom_hwrx); 1129 } 1130 1131 static void 1132 upgt_eeprom_parse_freq3(struct upgt_softc *sc, uint8_t *data, int len) 1133 { 1134 struct upgt_eeprom_freq3_header *freq3_header; 1135 struct upgt_lmac_freq3 *freq3; 1136 int i, elements, flags; 1137 unsigned channel; 1138 1139 freq3_header = (struct upgt_eeprom_freq3_header *)data; 1140 freq3 = (struct upgt_lmac_freq3 *)(freq3_header + 1); 1141 1142 flags = freq3_header->flags; 1143 elements = freq3_header->elements; 1144 1145 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1146 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1147 __USE(flags); 1148 1149 for (i = 0; i < elements; i++) { 1150 channel = ieee80211_mhz2ieee(le16toh(freq3[i].freq), 0); 1151 1152 sc->sc_eeprom_freq3[channel] = freq3[i]; 1153 1154 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1155 device_xname(sc->sc_dev), 1156 le16toh(sc->sc_eeprom_freq3[channel].freq), channel); 1157 } 1158 } 1159 1160 static void 1161 upgt_eeprom_parse_freq4(struct upgt_softc *sc, uint8_t *data, int len) 1162 { 1163 struct upgt_eeprom_freq4_header *freq4_header; 1164 struct upgt_eeprom_freq4_1 *freq4_1; 1165 struct upgt_eeprom_freq4_2 *freq4_2; 1166 int i, j, elements, settings, flags; 1167 unsigned channel; 1168 1169 freq4_header = (struct upgt_eeprom_freq4_header *)data; 1170 freq4_1 = (struct upgt_eeprom_freq4_1 *)(freq4_header + 1); 1171 1172 flags = freq4_header->flags; 1173 elements = freq4_header->elements; 1174 settings = freq4_header->settings; 1175 1176 /* we need this value later */ 1177 sc->sc_eeprom_freq6_settings = freq4_header->settings; 1178 1179 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1180 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1181 DPRINTF(2, "%s: settings=%d\n", device_xname(sc->sc_dev), settings); 1182 __USE(flags); 1183 1184 for (i = 0; i < elements; i++) { 1185 channel = ieee80211_mhz2ieee(le16toh(freq4_1[i].freq), 0); 1186 1187 freq4_2 = (struct upgt_eeprom_freq4_2 *)freq4_1[i].data; 1188 1189 for (j = 0; j < settings; j++) { 1190 sc->sc_eeprom_freq4[channel][j].cmd = freq4_2[j]; 1191 sc->sc_eeprom_freq4[channel][j].pad = 0; 1192 } 1193 1194 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1195 device_xname(sc->sc_dev), 1196 le16toh(freq4_1[i].freq), channel); 1197 } 1198 } 1199 1200 static void 1201 upgt_eeprom_parse_freq6(struct upgt_softc *sc, uint8_t *data, int len) 1202 { 1203 struct upgt_lmac_freq6 *freq6; 1204 int i, elements; 1205 unsigned channel; 1206 1207 freq6 = (struct upgt_lmac_freq6 *)data; 1208 1209 elements = len / sizeof(struct upgt_lmac_freq6); 1210 1211 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1212 1213 for (i = 0; i < elements; i++) { 1214 channel = ieee80211_mhz2ieee(le16toh(freq6[i].freq), 0); 1215 1216 sc->sc_eeprom_freq6[channel] = freq6[i]; 1217 1218 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1219 device_xname(sc->sc_dev), 1220 le16toh(sc->sc_eeprom_freq6[channel].freq), channel); 1221 } 1222 } 1223 1224 static int 1225 upgt_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1226 { 1227 struct upgt_softc *sc = ifp->if_softc; 1228 struct ieee80211com *ic = &sc->sc_ic; 1229 int s, error = 0; 1230 1231 s = splnet(); 1232 1233 switch (cmd) { 1234 case SIOCSIFFLAGS: 1235 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1236 break; 1237 if (ifp->if_flags & IFF_UP) { 1238 if ((ifp->if_flags & IFF_RUNNING) == 0) 1239 upgt_init(ifp); 1240 } else { 1241 if (ifp->if_flags & IFF_RUNNING) 1242 upgt_stop(sc); 1243 } 1244 break; 1245 case SIOCADDMULTI: 1246 case SIOCDELMULTI: 1247 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 1248 /* setup multicast filter, etc */ 1249 error = 0; 1250 } 1251 break; 1252 default: 1253 error = ieee80211_ioctl(ic, cmd, data); 1254 break; 1255 } 1256 1257 if (error == ENETRESET) { 1258 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1259 (IFF_UP | IFF_RUNNING)) 1260 upgt_init(ifp); 1261 error = 0; 1262 } 1263 1264 splx(s); 1265 1266 return error; 1267 } 1268 1269 static int 1270 upgt_init(struct ifnet *ifp) 1271 { 1272 struct upgt_softc *sc = ifp->if_softc; 1273 struct ieee80211com *ic = &sc->sc_ic; 1274 1275 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1276 1277 if (ifp->if_flags & IFF_RUNNING) 1278 upgt_stop(sc); 1279 1280 ifp->if_flags |= IFF_RUNNING; 1281 ifp->if_flags &= ~IFF_OACTIVE; 1282 1283 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 1284 1285 /* setup device rates */ 1286 upgt_setup_rates(sc); 1287 1288 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1289 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1290 else 1291 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1292 1293 return 0; 1294 } 1295 1296 static void 1297 upgt_stop(struct upgt_softc *sc) 1298 { 1299 struct ieee80211com *ic = &sc->sc_ic; 1300 struct ifnet *ifp = &sc->sc_if; 1301 1302 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1303 1304 /* device down */ 1305 ifp->if_timer = 0; 1306 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1307 1308 /* change device back to initial state */ 1309 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1310 } 1311 1312 static int 1313 upgt_media_change(struct ifnet *ifp) 1314 { 1315 struct upgt_softc *sc = ifp->if_softc; 1316 int error; 1317 1318 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1319 1320 if ((error = ieee80211_media_change(ifp)) != ENETRESET) 1321 return error; 1322 1323 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1324 (IFF_UP | IFF_RUNNING)) { 1325 /* give pending USB transfers a chance to finish */ 1326 usbd_delay_ms(sc->sc_udev, 100); 1327 upgt_init(ifp); 1328 } 1329 1330 return 0; 1331 } 1332 1333 static void 1334 upgt_newassoc(struct ieee80211_node *ni, int isnew) 1335 { 1336 1337 ni->ni_txrate = 0; 1338 } 1339 1340 static int 1341 upgt_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1342 { 1343 struct upgt_softc *sc = ic->ic_ifp->if_softc; 1344 1345 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 1346 callout_stop(&sc->scan_to); 1347 1348 /* do it in a process context */ 1349 sc->sc_state = nstate; 1350 sc->sc_arg = arg; 1351 usb_add_task(sc->sc_udev, &sc->sc_task_newstate, USB_TASKQ_DRIVER); 1352 1353 return 0; 1354 } 1355 1356 static void 1357 upgt_newstate_task(void *arg) 1358 { 1359 struct upgt_softc *sc = arg; 1360 struct ieee80211com *ic = &sc->sc_ic; 1361 struct ieee80211_node *ni; 1362 unsigned channel; 1363 1364 mutex_enter(&sc->sc_mtx); 1365 1366 switch (sc->sc_state) { 1367 case IEEE80211_S_INIT: 1368 DPRINTF(1, "%s: newstate is IEEE80211_S_INIT\n", 1369 device_xname(sc->sc_dev)); 1370 1371 /* do not accept any frames if the device is down */ 1372 upgt_set_macfilter(sc, IEEE80211_S_INIT); 1373 upgt_set_led(sc, UPGT_LED_OFF); 1374 break; 1375 case IEEE80211_S_SCAN: 1376 DPRINTF(1, "%s: newstate is IEEE80211_S_SCAN\n", 1377 device_xname(sc->sc_dev)); 1378 1379 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1380 upgt_set_channel(sc, channel); 1381 upgt_set_macfilter(sc, IEEE80211_S_SCAN); 1382 callout_schedule(&sc->scan_to, hz / 5); 1383 break; 1384 case IEEE80211_S_AUTH: 1385 DPRINTF(1, "%s: newstate is IEEE80211_S_AUTH\n", 1386 device_xname(sc->sc_dev)); 1387 1388 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1389 upgt_set_channel(sc, channel); 1390 break; 1391 case IEEE80211_S_ASSOC: 1392 DPRINTF(1, "%s: newstate is IEEE80211_S_ASSOC\n", 1393 device_xname(sc->sc_dev)); 1394 1395 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1396 upgt_set_channel(sc, channel); 1397 break; 1398 case IEEE80211_S_RUN: 1399 DPRINTF(1, "%s: newstate is IEEE80211_S_RUN\n", 1400 device_xname(sc->sc_dev)); 1401 1402 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1403 upgt_set_channel(sc, channel); 1404 1405 ni = ic->ic_bss; 1406 1407 /* 1408 * TX rate control is done by the firmware. 1409 * Report the maximum rate which is available therefore. 1410 */ 1411 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 1412 1413 if (ic->ic_opmode != IEEE80211_M_MONITOR) 1414 upgt_set_macfilter(sc, IEEE80211_S_RUN); 1415 upgt_set_led(sc, UPGT_LED_ON); 1416 break; 1417 } 1418 1419 mutex_exit(&sc->sc_mtx); 1420 1421 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 1422 } 1423 1424 static void 1425 upgt_next_scan(void *arg) 1426 { 1427 struct upgt_softc *sc = arg; 1428 struct ieee80211com *ic = &sc->sc_ic; 1429 1430 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1431 1432 if (ic->ic_state == IEEE80211_S_SCAN) 1433 ieee80211_next_scan(ic); 1434 } 1435 1436 static void 1437 upgt_start(struct ifnet *ifp) 1438 { 1439 struct upgt_softc *sc = ifp->if_softc; 1440 struct ieee80211com *ic = &sc->sc_ic; 1441 struct ether_header *eh; 1442 struct ieee80211_node *ni; 1443 struct mbuf *m; 1444 int i; 1445 1446 /* don't transmit packets if interface is busy or down */ 1447 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1448 return; 1449 1450 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1451 1452 for (i = 0; i < UPGT_TX_COUNT; i++) { 1453 struct upgt_data *data_tx = &sc->tx_data[i]; 1454 1455 if (data_tx->m != NULL) 1456 continue; 1457 1458 IF_POLL(&ic->ic_mgtq, m); 1459 if (m != NULL) { 1460 /* management frame */ 1461 IF_DEQUEUE(&ic->ic_mgtq, m); 1462 1463 ni = M_GETCTX(m, struct ieee80211_node *); 1464 M_CLEARCTX(m); 1465 1466 bpf_mtap3(ic->ic_rawbpf, m); 1467 1468 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1469 aprint_error_dev(sc->sc_dev, 1470 "no free prism memory\n"); 1471 m_freem(m); 1472 ifp->if_oerrors++; 1473 break; 1474 } 1475 data_tx->ni = ni; 1476 data_tx->m = m; 1477 sc->tx_queued++; 1478 } else { 1479 /* data frame */ 1480 if (ic->ic_state != IEEE80211_S_RUN) 1481 break; 1482 1483 IFQ_POLL(&ifp->if_snd, m); 1484 if (m == NULL) 1485 break; 1486 1487 IFQ_DEQUEUE(&ifp->if_snd, m); 1488 if (m->m_len < sizeof(struct ether_header) && 1489 !(m = m_pullup(m, sizeof(struct ether_header)))) 1490 continue; 1491 1492 eh = mtod(m, struct ether_header *); 1493 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 1494 if (ni == NULL) { 1495 m_freem(m); 1496 continue; 1497 } 1498 1499 bpf_mtap(ifp, m); 1500 1501 m = ieee80211_encap(ic, m, ni); 1502 if (m == NULL) { 1503 ieee80211_free_node(ni); 1504 continue; 1505 } 1506 1507 bpf_mtap3(ic->ic_rawbpf, m); 1508 1509 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1510 aprint_error_dev(sc->sc_dev, 1511 "no free prism memory\n"); 1512 m_freem(m); 1513 ieee80211_free_node(ni); 1514 ifp->if_oerrors++; 1515 break; 1516 } 1517 data_tx->ni = ni; 1518 data_tx->m = m; 1519 sc->tx_queued++; 1520 } 1521 } 1522 1523 if (sc->tx_queued > 0) { 1524 DPRINTF(2, "%s: tx_queued=%d\n", 1525 device_xname(sc->sc_dev), sc->tx_queued); 1526 /* process the TX queue in process context */ 1527 ifp->if_timer = 5; 1528 ifp->if_flags |= IFF_OACTIVE; 1529 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 1530 usb_add_task(sc->sc_udev, &sc->sc_task_tx, USB_TASKQ_DRIVER); 1531 } 1532 } 1533 1534 static void 1535 upgt_watchdog(struct ifnet *ifp) 1536 { 1537 struct upgt_softc *sc = ifp->if_softc; 1538 struct ieee80211com *ic = &sc->sc_ic; 1539 1540 if (ic->ic_state == IEEE80211_S_INIT) 1541 return; 1542 1543 aprint_error_dev(sc->sc_dev, "watchdog timeout\n"); 1544 1545 /* TODO: what shall we do on TX timeout? */ 1546 1547 ieee80211_watchdog(ic); 1548 } 1549 1550 static void 1551 upgt_tx_task(void *arg) 1552 { 1553 struct upgt_softc *sc = arg; 1554 struct ieee80211com *ic = &sc->sc_ic; 1555 struct ieee80211_frame *wh; 1556 struct ieee80211_key *k; 1557 struct ifnet *ifp = &sc->sc_if; 1558 struct upgt_lmac_mem *mem; 1559 struct upgt_lmac_tx_desc *txdesc; 1560 struct mbuf *m; 1561 uint32_t addr; 1562 int i, len, pad, s; 1563 usbd_status error; 1564 1565 mutex_enter(&sc->sc_mtx); 1566 upgt_set_led(sc, UPGT_LED_BLINK); 1567 mutex_exit(&sc->sc_mtx); 1568 1569 s = splnet(); 1570 1571 for (i = 0; i < UPGT_TX_COUNT; i++) { 1572 struct upgt_data *data_tx = &sc->tx_data[i]; 1573 1574 if (data_tx->m == NULL) 1575 continue; 1576 1577 m = data_tx->m; 1578 addr = data_tx->addr + UPGT_MEMSIZE_FRAME_HEAD; 1579 1580 /* 1581 * Software crypto. 1582 */ 1583 wh = mtod(m, struct ieee80211_frame *); 1584 1585 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1586 k = ieee80211_crypto_encap(ic, data_tx->ni, m); 1587 if (k == NULL) { 1588 m_freem(m); 1589 data_tx->m = NULL; 1590 ieee80211_free_node(data_tx->ni); 1591 data_tx->ni = NULL; 1592 ifp->if_oerrors++; 1593 break; 1594 } 1595 1596 /* in case packet header moved, reset pointer */ 1597 wh = mtod(m, struct ieee80211_frame *); 1598 } 1599 1600 /* 1601 * Transmit the URB containing the TX data. 1602 */ 1603 memset(data_tx->buf, 0, sizeof(*mem) + sizeof(*txdesc)); 1604 1605 mem = (struct upgt_lmac_mem *)data_tx->buf; 1606 mem->addr = htole32(addr); 1607 1608 txdesc = (struct upgt_lmac_tx_desc *)(mem + 1); 1609 1610 /* XXX differ between data and mgmt frames? */ 1611 txdesc->header1.flags = UPGT_H1_FLAGS_TX_DATA; 1612 txdesc->header1.type = UPGT_H1_TYPE_TX_DATA; 1613 txdesc->header1.len = htole16(m->m_pkthdr.len); 1614 1615 txdesc->header2.reqid = htole32(data_tx->addr); 1616 txdesc->header2.type = htole16(UPGT_H2_TYPE_TX_ACK_YES); 1617 txdesc->header2.flags = htole16(UPGT_H2_FLAGS_TX_ACK_YES); 1618 1619 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1620 IEEE80211_FC0_TYPE_MGT) { 1621 /* always send mgmt frames at lowest rate (DS1) */ 1622 memset(txdesc->rates, 0x10, sizeof(txdesc->rates)); 1623 } else { 1624 memcpy(txdesc->rates, sc->sc_cur_rateset, 1625 sizeof(txdesc->rates)); 1626 } 1627 txdesc->type = htole32(UPGT_TX_DESC_TYPE_DATA); 1628 txdesc->pad3[0] = UPGT_TX_DESC_PAD3_SIZE; 1629 1630 if (sc->sc_drvbpf != NULL) { 1631 struct upgt_tx_radiotap_header *tap = &sc->sc_txtap; 1632 1633 tap->wt_flags = 0; 1634 tap->wt_rate = 0; /* TODO: where to get from? */ 1635 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 1636 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 1637 1638 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m); 1639 } 1640 1641 /* copy frame below our TX descriptor header */ 1642 m_copydata(m, 0, m->m_pkthdr.len, 1643 data_tx->buf + sizeof(*mem) + sizeof(*txdesc)); 1644 1645 /* calculate frame size */ 1646 len = sizeof(*mem) + sizeof(*txdesc) + m->m_pkthdr.len; 1647 1648 if (len & 3) { 1649 /* we need to align the frame to a 4 byte boundary */ 1650 pad = 4 - (len & 3); 1651 memset(data_tx->buf + len, 0, pad); 1652 len += pad; 1653 } 1654 1655 /* calculate frame checksum */ 1656 mem->chksum = upgt_chksum_le((uint32_t *)txdesc, 1657 len - sizeof(*mem)); 1658 1659 /* we do not need the mbuf anymore */ 1660 m_freem(m); 1661 data_tx->m = NULL; 1662 1663 ieee80211_free_node(data_tx->ni); 1664 data_tx->ni = NULL; 1665 1666 DPRINTF(2, "%s: TX start data sending\n", 1667 device_xname(sc->sc_dev)); 1668 1669 usbd_setup_xfer(data_tx->xfer, data_tx, data_tx->buf, len, 1670 USBD_FORCE_SHORT_XFER, UPGT_USB_TIMEOUT, NULL); 1671 error = usbd_transfer(data_tx->xfer); 1672 if (error != USBD_NORMAL_COMPLETION && 1673 error != USBD_IN_PROGRESS) { 1674 aprint_error_dev(sc->sc_dev, 1675 "could not transmit TX data URB\n"); 1676 ifp->if_oerrors++; 1677 break; 1678 } 1679 1680 DPRINTF(2, "%s: TX sent (%d bytes)\n", 1681 device_xname(sc->sc_dev), len); 1682 } 1683 1684 splx(s); 1685 1686 /* 1687 * If we don't regulary read the device statistics, the RX queue 1688 * will stall. It's strange, but it works, so we keep reading 1689 * the statistics here. *shrug* 1690 */ 1691 mutex_enter(&sc->sc_mtx); 1692 upgt_get_stats(sc); 1693 mutex_exit(&sc->sc_mtx); 1694 } 1695 1696 static void 1697 upgt_tx_done(struct upgt_softc *sc, uint8_t *data) 1698 { 1699 struct ifnet *ifp = &sc->sc_if; 1700 struct upgt_lmac_tx_done_desc *desc; 1701 int i, s; 1702 1703 s = splnet(); 1704 1705 desc = (struct upgt_lmac_tx_done_desc *)data; 1706 1707 for (i = 0; i < UPGT_TX_COUNT; i++) { 1708 struct upgt_data *data_tx = &sc->tx_data[i]; 1709 1710 if (data_tx->addr == le32toh(desc->header2.reqid)) { 1711 upgt_mem_free(sc, data_tx->addr); 1712 data_tx->addr = 0; 1713 1714 sc->tx_queued--; 1715 ifp->if_opackets++; 1716 1717 DPRINTF(2, "%s: TX done: ", device_xname(sc->sc_dev)); 1718 DPRINTF(2, "memaddr=0x%08x, status=0x%04x, rssi=%d, ", 1719 le32toh(desc->header2.reqid), 1720 le16toh(desc->status), 1721 le16toh(desc->rssi)); 1722 DPRINTF(2, "seq=%d\n", le16toh(desc->seq)); 1723 break; 1724 } 1725 } 1726 1727 if (sc->tx_queued == 0) { 1728 /* TX queued was processed, continue */ 1729 ifp->if_timer = 0; 1730 ifp->if_flags &= ~IFF_OACTIVE; 1731 upgt_start(ifp); 1732 } 1733 1734 splx(s); 1735 } 1736 1737 static void 1738 upgt_rx_cb(struct usbd_xfer *xfer, void * priv, usbd_status status) 1739 { 1740 struct upgt_data *data_rx = priv; 1741 struct upgt_softc *sc = data_rx->sc; 1742 int len; 1743 struct upgt_lmac_header *header; 1744 struct upgt_lmac_eeprom *eeprom; 1745 uint8_t h1_type; 1746 uint16_t h2_type; 1747 1748 DPRINTF(3, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1749 1750 if (status != USBD_NORMAL_COMPLETION) { 1751 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1752 return; 1753 if (status == USBD_STALLED) 1754 usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh); 1755 goto skip; 1756 } 1757 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1758 1759 /* 1760 * Check what type of frame came in. 1761 */ 1762 header = (struct upgt_lmac_header *)(data_rx->buf + 4); 1763 1764 h1_type = header->header1.type; 1765 h2_type = le16toh(header->header2.type); 1766 1767 if (h1_type == UPGT_H1_TYPE_CTRL && 1768 h2_type == UPGT_H2_TYPE_EEPROM) { 1769 eeprom = (struct upgt_lmac_eeprom *)(data_rx->buf + 4); 1770 uint16_t eeprom_offset = le16toh(eeprom->offset); 1771 uint16_t eeprom_len = le16toh(eeprom->len); 1772 1773 DPRINTF(2, "%s: received EEPROM block (offset=%d, len=%d)\n", 1774 device_xname(sc->sc_dev), eeprom_offset, eeprom_len); 1775 1776 memcpy(sc->sc_eeprom + eeprom_offset, 1777 data_rx->buf + sizeof(struct upgt_lmac_eeprom) + 4, 1778 eeprom_len); 1779 1780 /* EEPROM data has arrived in time, wakeup tsleep() */ 1781 wakeup(sc); 1782 } else 1783 if (h1_type == UPGT_H1_TYPE_CTRL && 1784 h2_type == UPGT_H2_TYPE_TX_DONE) { 1785 DPRINTF(2, "%s: received 802.11 TX done\n", 1786 device_xname(sc->sc_dev)); 1787 1788 upgt_tx_done(sc, data_rx->buf + 4); 1789 } else 1790 if (h1_type == UPGT_H1_TYPE_RX_DATA || 1791 h1_type == UPGT_H1_TYPE_RX_DATA_MGMT) { 1792 DPRINTF(3, "%s: received 802.11 RX data\n", 1793 device_xname(sc->sc_dev)); 1794 1795 upgt_rx(sc, data_rx->buf + 4, le16toh(header->header1.len)); 1796 } else 1797 if (h1_type == UPGT_H1_TYPE_CTRL && 1798 h2_type == UPGT_H2_TYPE_STATS) { 1799 DPRINTF(2, "%s: received statistic data\n", 1800 device_xname(sc->sc_dev)); 1801 1802 /* TODO: what could we do with the statistic data? */ 1803 } else { 1804 /* ignore unknown frame types */ 1805 DPRINTF(1, "%s: received unknown frame type 0x%02x\n", 1806 device_xname(sc->sc_dev), header->header1.type); 1807 } 1808 1809 skip: /* setup new transfer */ 1810 usbd_setup_xfer(xfer, data_rx, data_rx->buf, MCLBYTES, 1811 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 1812 (void)usbd_transfer(xfer); 1813 } 1814 1815 static void 1816 upgt_rx(struct upgt_softc *sc, uint8_t *data, int pkglen) 1817 { 1818 struct ieee80211com *ic = &sc->sc_ic; 1819 struct ifnet *ifp = &sc->sc_if; 1820 struct upgt_lmac_rx_desc *rxdesc; 1821 struct ieee80211_frame *wh; 1822 struct ieee80211_node *ni; 1823 struct mbuf *m; 1824 int s; 1825 1826 /* access RX packet descriptor */ 1827 rxdesc = (struct upgt_lmac_rx_desc *)data; 1828 1829 /* create mbuf which is suitable for strict alignment archs */ 1830 #define ETHER_ALIGN 0 1831 m = m_devget(rxdesc->data, pkglen, ETHER_ALIGN, ifp, NULL); 1832 if (m == NULL) { 1833 DPRINTF(1, "%s: could not create RX mbuf\n", 1834 device_xname(sc->sc_dev)); 1835 ifp->if_ierrors++; 1836 return; 1837 } 1838 1839 s = splnet(); 1840 1841 if (sc->sc_drvbpf != NULL) { 1842 struct upgt_rx_radiotap_header *tap = &sc->sc_rxtap; 1843 1844 tap->wr_flags = IEEE80211_RADIOTAP_F_FCS; 1845 tap->wr_rate = upgt_rx_rate(sc, rxdesc->rate); 1846 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 1847 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 1848 tap->wr_antsignal = rxdesc->rssi; 1849 1850 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1851 } 1852 1853 /* trim FCS */ 1854 m_adj(m, -IEEE80211_CRC_LEN); 1855 1856 wh = mtod(m, struct ieee80211_frame *); 1857 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1858 1859 /* push the frame up to the 802.11 stack */ 1860 ieee80211_input(ic, m, ni, rxdesc->rssi, 0); 1861 1862 /* node is no longer needed */ 1863 ieee80211_free_node(ni); 1864 1865 splx(s); 1866 1867 DPRINTF(3, "%s: RX done\n", device_xname(sc->sc_dev)); 1868 } 1869 1870 static void 1871 upgt_setup_rates(struct upgt_softc *sc) 1872 { 1873 struct ieee80211com *ic = &sc->sc_ic; 1874 1875 /* 1876 * 0x01 = OFMD6 0x10 = DS1 1877 * 0x04 = OFDM9 0x11 = DS2 1878 * 0x06 = OFDM12 0x12 = DS5 1879 * 0x07 = OFDM18 0x13 = DS11 1880 * 0x08 = OFDM24 1881 * 0x09 = OFDM36 1882 * 0x0a = OFDM48 1883 * 0x0b = OFDM54 1884 */ 1885 const uint8_t rateset_auto_11b[] = 1886 { 0x13, 0x13, 0x12, 0x11, 0x11, 0x10, 0x10, 0x10 }; 1887 const uint8_t rateset_auto_11g[] = 1888 { 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x04, 0x01 }; 1889 const uint8_t rateset_fix_11bg[] = 1890 { 0x10, 0x11, 0x12, 0x13, 0x01, 0x04, 0x06, 0x07, 1891 0x08, 0x09, 0x0a, 0x0b }; 1892 1893 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1894 /* 1895 * Automatic rate control is done by the device. 1896 * We just pass the rateset from which the device 1897 * will pickup a rate. 1898 */ 1899 if (ic->ic_curmode == IEEE80211_MODE_11B) 1900 memcpy(sc->sc_cur_rateset, rateset_auto_11b, 1901 sizeof(sc->sc_cur_rateset)); 1902 if (ic->ic_curmode == IEEE80211_MODE_11G || 1903 ic->ic_curmode == IEEE80211_MODE_AUTO) 1904 memcpy(sc->sc_cur_rateset, rateset_auto_11g, 1905 sizeof(sc->sc_cur_rateset)); 1906 } else { 1907 /* set a fixed rate */ 1908 memset(sc->sc_cur_rateset, rateset_fix_11bg[ic->ic_fixed_rate], 1909 sizeof(sc->sc_cur_rateset)); 1910 } 1911 } 1912 1913 static uint8_t 1914 upgt_rx_rate(struct upgt_softc *sc, const int rate) 1915 { 1916 struct ieee80211com *ic = &sc->sc_ic; 1917 1918 if (ic->ic_curmode == IEEE80211_MODE_11B) { 1919 if (rate < 0 || rate > 3) 1920 /* invalid rate */ 1921 return 0; 1922 1923 switch (rate) { 1924 case 0: 1925 return 2; 1926 case 1: 1927 return 4; 1928 case 2: 1929 return 11; 1930 case 3: 1931 return 22; 1932 default: 1933 return 0; 1934 } 1935 } 1936 1937 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1938 if (rate < 0 || rate > 11) 1939 /* invalid rate */ 1940 return 0; 1941 1942 switch (rate) { 1943 case 0: 1944 return 2; 1945 case 1: 1946 return 4; 1947 case 2: 1948 return 11; 1949 case 3: 1950 return 22; 1951 case 4: 1952 return 12; 1953 case 5: 1954 return 18; 1955 case 6: 1956 return 24; 1957 case 7: 1958 return 36; 1959 case 8: 1960 return 48; 1961 case 9: 1962 return 72; 1963 case 10: 1964 return 96; 1965 case 11: 1966 return 108; 1967 default: 1968 return 0; 1969 } 1970 } 1971 1972 return 0; 1973 } 1974 1975 static int 1976 upgt_set_macfilter(struct upgt_softc *sc, uint8_t state) 1977 { 1978 struct ieee80211com *ic = &sc->sc_ic; 1979 struct ieee80211_node *ni = ic->ic_bss; 1980 struct upgt_data *data_cmd = &sc->cmd_data; 1981 struct upgt_lmac_mem *mem; 1982 struct upgt_lmac_filter *filter; 1983 int len; 1984 const uint8_t broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1985 1986 /* 1987 * Transmit the URB containing the CMD data. 1988 */ 1989 len = sizeof(*mem) + sizeof(*filter); 1990 1991 memset(data_cmd->buf, 0, len); 1992 1993 mem = (struct upgt_lmac_mem *)data_cmd->buf; 1994 mem->addr = htole32(sc->sc_memaddr_frame_start + 1995 UPGT_MEMSIZE_FRAME_HEAD); 1996 1997 filter = (struct upgt_lmac_filter *)(mem + 1); 1998 1999 filter->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2000 filter->header1.type = UPGT_H1_TYPE_CTRL; 2001 filter->header1.len = htole16( 2002 sizeof(struct upgt_lmac_filter) - 2003 sizeof(struct upgt_lmac_header)); 2004 2005 filter->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2006 filter->header2.type = htole16(UPGT_H2_TYPE_MACFILTER); 2007 filter->header2.flags = 0; 2008 2009 switch (state) { 2010 case IEEE80211_S_INIT: 2011 DPRINTF(1, "%s: set MAC filter to INIT\n", 2012 device_xname(sc->sc_dev)); 2013 2014 filter->type = htole16(UPGT_FILTER_TYPE_RESET); 2015 break; 2016 case IEEE80211_S_SCAN: 2017 DPRINTF(1, "%s: set MAC filter to SCAN (bssid %s)\n", 2018 device_xname(sc->sc_dev), ether_sprintf(broadcast)); 2019 2020 filter->type = htole16(UPGT_FILTER_TYPE_NONE); 2021 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2022 IEEE80211_ADDR_COPY(filter->src, broadcast); 2023 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2024 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2025 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2026 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2027 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2028 break; 2029 case IEEE80211_S_RUN: 2030 DPRINTF(1, "%s: set MAC filter to RUN (bssid %s)\n", 2031 device_xname(sc->sc_dev), ether_sprintf(ni->ni_bssid)); 2032 2033 filter->type = htole16(UPGT_FILTER_TYPE_STA); 2034 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2035 IEEE80211_ADDR_COPY(filter->src, ni->ni_bssid); 2036 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2037 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2038 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2039 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2040 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2041 break; 2042 default: 2043 aprint_error_dev(sc->sc_dev, 2044 "MAC filter does not know that state\n"); 2045 break; 2046 } 2047 2048 mem->chksum = upgt_chksum_le((uint32_t *)filter, sizeof(*filter)); 2049 2050 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2051 aprint_error_dev(sc->sc_dev, 2052 "could not transmit macfilter CMD data URB\n"); 2053 return EIO; 2054 } 2055 2056 return 0; 2057 } 2058 2059 static int 2060 upgt_set_channel(struct upgt_softc *sc, unsigned channel) 2061 { 2062 struct upgt_data *data_cmd = &sc->cmd_data; 2063 struct upgt_lmac_mem *mem; 2064 struct upgt_lmac_channel *chan; 2065 int len; 2066 2067 DPRINTF(1, "%s: %s: %d\n", device_xname(sc->sc_dev), __func__, 2068 channel); 2069 2070 /* 2071 * Transmit the URB containing the CMD data. 2072 */ 2073 len = sizeof(*mem) + sizeof(*chan); 2074 2075 memset(data_cmd->buf, 0, len); 2076 2077 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2078 mem->addr = htole32(sc->sc_memaddr_frame_start + 2079 UPGT_MEMSIZE_FRAME_HEAD); 2080 2081 chan = (struct upgt_lmac_channel *)(mem + 1); 2082 2083 chan->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2084 chan->header1.type = UPGT_H1_TYPE_CTRL; 2085 chan->header1.len = htole16( 2086 sizeof(struct upgt_lmac_channel) - 2087 sizeof(struct upgt_lmac_header)); 2088 2089 chan->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2090 chan->header2.type = htole16(UPGT_H2_TYPE_CHANNEL); 2091 chan->header2.flags = 0; 2092 2093 chan->unknown1 = htole16(UPGT_CHANNEL_UNKNOWN1); 2094 chan->unknown2 = htole16(UPGT_CHANNEL_UNKNOWN2); 2095 chan->freq6 = sc->sc_eeprom_freq6[channel]; 2096 chan->settings = sc->sc_eeprom_freq6_settings; 2097 chan->unknown3 = UPGT_CHANNEL_UNKNOWN3; 2098 2099 memcpy(chan->freq3_1, &sc->sc_eeprom_freq3[channel].data, 2100 sizeof(chan->freq3_1)); 2101 2102 memcpy(chan->freq4, &sc->sc_eeprom_freq4[channel], 2103 sizeof(sc->sc_eeprom_freq4[channel])); 2104 2105 memcpy(chan->freq3_2, &sc->sc_eeprom_freq3[channel].data, 2106 sizeof(chan->freq3_2)); 2107 2108 mem->chksum = upgt_chksum_le((uint32_t *)chan, sizeof(*chan)); 2109 2110 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2111 aprint_error_dev(sc->sc_dev, 2112 "could not transmit channel CMD data URB\n"); 2113 return EIO; 2114 } 2115 2116 return 0; 2117 } 2118 2119 static void 2120 upgt_set_led(struct upgt_softc *sc, int action) 2121 { 2122 struct ieee80211com *ic = &sc->sc_ic; 2123 struct upgt_data *data_cmd = &sc->cmd_data; 2124 struct upgt_lmac_mem *mem; 2125 struct upgt_lmac_led *led; 2126 struct timeval t; 2127 int len; 2128 2129 /* 2130 * Transmit the URB containing the CMD data. 2131 */ 2132 len = sizeof(*mem) + sizeof(*led); 2133 2134 memset(data_cmd->buf, 0, len); 2135 2136 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2137 mem->addr = htole32(sc->sc_memaddr_frame_start + 2138 UPGT_MEMSIZE_FRAME_HEAD); 2139 2140 led = (struct upgt_lmac_led *)(mem + 1); 2141 2142 led->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2143 led->header1.type = UPGT_H1_TYPE_CTRL; 2144 led->header1.len = htole16( 2145 sizeof(struct upgt_lmac_led) - 2146 sizeof(struct upgt_lmac_header)); 2147 2148 led->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2149 led->header2.type = htole16(UPGT_H2_TYPE_LED); 2150 led->header2.flags = 0; 2151 2152 switch (action) { 2153 case UPGT_LED_OFF: 2154 led->mode = htole16(UPGT_LED_MODE_SET); 2155 led->action_fix = 0; 2156 led->action_tmp = htole16(UPGT_LED_ACTION_OFF); 2157 led->action_tmp_dur = 0; 2158 break; 2159 case UPGT_LED_ON: 2160 led->mode = htole16(UPGT_LED_MODE_SET); 2161 led->action_fix = 0; 2162 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2163 led->action_tmp_dur = 0; 2164 break; 2165 case UPGT_LED_BLINK: 2166 if (ic->ic_state != IEEE80211_S_RUN) 2167 return; 2168 if (sc->sc_led_blink) 2169 /* previous blink was not finished */ 2170 return; 2171 led->mode = htole16(UPGT_LED_MODE_SET); 2172 led->action_fix = htole16(UPGT_LED_ACTION_OFF); 2173 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2174 led->action_tmp_dur = htole16(UPGT_LED_ACTION_TMP_DUR); 2175 /* lock blink */ 2176 sc->sc_led_blink = 1; 2177 t.tv_sec = 0; 2178 t.tv_usec = UPGT_LED_ACTION_TMP_DUR * 1000L; 2179 callout_schedule(&sc->led_to, tvtohz(&t)); 2180 break; 2181 default: 2182 return; 2183 } 2184 2185 mem->chksum = upgt_chksum_le((uint32_t *)led, sizeof(*led)); 2186 2187 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2188 aprint_error_dev(sc->sc_dev, 2189 "could not transmit led CMD URB\n"); 2190 } 2191 } 2192 2193 static void 2194 upgt_set_led_blink(void *arg) 2195 { 2196 struct upgt_softc *sc = arg; 2197 2198 /* blink finished, we are ready for a next one */ 2199 sc->sc_led_blink = 0; 2200 callout_stop(&sc->led_to); 2201 } 2202 2203 static int 2204 upgt_get_stats(struct upgt_softc *sc) 2205 { 2206 struct upgt_data *data_cmd = &sc->cmd_data; 2207 struct upgt_lmac_mem *mem; 2208 struct upgt_lmac_stats *stats; 2209 int len; 2210 2211 /* 2212 * Transmit the URB containing the CMD data. 2213 */ 2214 len = sizeof(*mem) + sizeof(*stats); 2215 2216 memset(data_cmd->buf, 0, len); 2217 2218 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2219 mem->addr = htole32(sc->sc_memaddr_frame_start + 2220 UPGT_MEMSIZE_FRAME_HEAD); 2221 2222 stats = (struct upgt_lmac_stats *)(mem + 1); 2223 2224 stats->header1.flags = 0; 2225 stats->header1.type = UPGT_H1_TYPE_CTRL; 2226 stats->header1.len = htole16( 2227 sizeof(struct upgt_lmac_stats) - 2228 sizeof(struct upgt_lmac_header)); 2229 2230 stats->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2231 stats->header2.type = htole16(UPGT_H2_TYPE_STATS); 2232 stats->header2.flags = 0; 2233 2234 mem->chksum = upgt_chksum_le((uint32_t *)stats, sizeof(*stats)); 2235 2236 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2237 aprint_error_dev(sc->sc_dev, 2238 "could not transmit statistics CMD data URB\n"); 2239 return EIO; 2240 } 2241 2242 return 0; 2243 2244 } 2245 2246 static int 2247 upgt_alloc_tx(struct upgt_softc *sc) 2248 { 2249 int i; 2250 2251 sc->tx_queued = 0; 2252 2253 for (i = 0; i < UPGT_TX_COUNT; i++) { 2254 struct upgt_data *data_tx = &sc->tx_data[i]; 2255 2256 data_tx->sc = sc; 2257 2258 int err = usbd_create_xfer(sc->sc_tx_pipeh, MCLBYTES, 0, 0, 2259 &data_tx->xfer); 2260 if (err) { 2261 aprint_error_dev(sc->sc_dev, 2262 "could not allocate TX xfer\n"); 2263 return err; 2264 } 2265 2266 data_tx->buf = usbd_get_buffer(data_tx->xfer); 2267 } 2268 2269 return 0; 2270 } 2271 2272 static int 2273 upgt_alloc_rx(struct upgt_softc *sc) 2274 { 2275 struct upgt_data *data_rx = &sc->rx_data; 2276 2277 data_rx->sc = sc; 2278 2279 int err = usbd_create_xfer(sc->sc_rx_pipeh, MCLBYTES, 2280 USBD_SHORT_XFER_OK, 0, &data_rx->xfer); 2281 if (err) { 2282 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2283 return err; 2284 } 2285 2286 data_rx->buf = usbd_get_buffer(data_rx->xfer); 2287 2288 return 0; 2289 } 2290 2291 static int 2292 upgt_alloc_cmd(struct upgt_softc *sc) 2293 { 2294 struct upgt_data *data_cmd = &sc->cmd_data; 2295 2296 data_cmd->sc = sc; 2297 2298 int err = usbd_create_xfer(sc->sc_tx_pipeh, MCLBYTES, 2299 USBD_FORCE_SHORT_XFER, 0, &data_cmd->xfer); 2300 if (err) { 2301 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2302 return err; 2303 } 2304 2305 data_cmd->buf = usbd_get_buffer(data_cmd->xfer); 2306 2307 mutex_init(&sc->sc_mtx, MUTEX_DEFAULT, IPL_NONE); 2308 2309 return 0; 2310 } 2311 2312 static void 2313 upgt_free_tx(struct upgt_softc *sc) 2314 { 2315 int i; 2316 2317 for (i = 0; i < UPGT_TX_COUNT; i++) { 2318 struct upgt_data *data_tx = &sc->tx_data[i]; 2319 2320 if (data_tx->xfer != NULL) { 2321 usbd_destroy_xfer(data_tx->xfer); 2322 data_tx->xfer = NULL; 2323 } 2324 2325 data_tx->ni = NULL; 2326 } 2327 } 2328 2329 static void 2330 upgt_free_rx(struct upgt_softc *sc) 2331 { 2332 struct upgt_data *data_rx = &sc->rx_data; 2333 2334 if (data_rx->xfer != NULL) { 2335 usbd_destroy_xfer(data_rx->xfer); 2336 data_rx->xfer = NULL; 2337 } 2338 2339 data_rx->ni = NULL; 2340 } 2341 2342 static void 2343 upgt_free_cmd(struct upgt_softc *sc) 2344 { 2345 struct upgt_data *data_cmd = &sc->cmd_data; 2346 2347 if (data_cmd->xfer != NULL) { 2348 usbd_destroy_xfer(data_cmd->xfer); 2349 data_cmd->xfer = NULL; 2350 } 2351 2352 mutex_destroy(&sc->sc_mtx); 2353 } 2354 2355 static int 2356 upgt_bulk_xmit(struct upgt_softc *sc, struct upgt_data *data, 2357 struct usbd_pipe *pipeh, uint32_t *size, int flags) 2358 { 2359 usbd_status status; 2360 2361 status = usbd_bulk_transfer(data->xfer, pipeh, flags, UPGT_USB_TIMEOUT, 2362 data->buf, size); 2363 if (status != USBD_NORMAL_COMPLETION) { 2364 aprint_error_dev(sc->sc_dev, "%s: error %s\n", __func__, 2365 usbd_errstr(status)); 2366 return EIO; 2367 } 2368 2369 return 0; 2370 } 2371 2372 #if 0 2373 static void 2374 upgt_hexdump(void *buf, int len) 2375 { 2376 int i; 2377 2378 for (i = 0; i < len; i++) { 2379 if (i % 16 == 0) 2380 printf("%s%5i:", i ? "\n" : "", i); 2381 if (i % 4 == 0) 2382 printf(" "); 2383 printf("%02x", (int)*((uint8_t *)buf + i)); 2384 } 2385 printf("\n"); 2386 } 2387 #endif 2388 2389 static uint32_t 2390 upgt_crc32_le(const void *buf, size_t size) 2391 { 2392 uint32_t crc; 2393 2394 crc = ether_crc32_le(buf, size); 2395 2396 /* apply final XOR value as common for CRC-32 */ 2397 crc = htole32(crc ^ 0xffffffffU); 2398 2399 return crc; 2400 } 2401 2402 /* 2403 * The firmware awaits a checksum for each frame we send to it. 2404 * The algorithm used therefor is uncommon but somehow similar to CRC32. 2405 */ 2406 static uint32_t 2407 upgt_chksum_le(const uint32_t *buf, size_t size) 2408 { 2409 int i; 2410 uint32_t crc = 0; 2411 2412 for (i = 0; i < size; i += sizeof(uint32_t)) { 2413 crc = htole32(crc ^ *buf++); 2414 crc = htole32((crc >> 5) ^ (crc << 3)); 2415 } 2416 2417 return crc; 2418 } 2419