1 /* $NetBSD: if_upgt.c,v 1.25 2019/03/06 08:08:25 msaitoh Exp $ */ 2 /* $OpenBSD: if_upgt.c,v 1.49 2010/04/20 22:05:43 tedu Exp $ */ 3 4 /* 5 * Copyright (c) 2007 Marcus Glocker <mglocker@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_upgt.c,v 1.25 2019/03/06 08:08:25 msaitoh Exp $"); 22 23 #ifdef _KERNEL_OPT 24 #include "opt_usb.h" 25 #endif 26 27 #include <sys/param.h> 28 #include <sys/callout.h> 29 #include <sys/device.h> 30 #include <sys/errno.h> 31 #include <sys/kernel.h> 32 #include <sys/kthread.h> 33 #include <sys/mbuf.h> 34 #include <sys/proc.h> 35 #include <sys/sockio.h> 36 #include <sys/systm.h> 37 #include <sys/vnode.h> 38 #include <sys/bus.h> 39 #include <sys/endian.h> 40 #include <sys/intr.h> 41 42 #include <net/bpf.h> 43 #include <net/if.h> 44 #include <net/if_arp.h> 45 #include <net/if_dl.h> 46 #include <net/if_ether.h> 47 #include <net/if_media.h> 48 #include <net/if_types.h> 49 50 #include <net80211/ieee80211_var.h> 51 #include <net80211/ieee80211_radiotap.h> 52 53 #include <dev/firmload.h> 54 55 #include <dev/usb/usb.h> 56 #include <dev/usb/usbdi.h> 57 #include <dev/usb/usbdi_util.h> 58 #include <dev/usb/usbdivar.h> 59 #include <dev/usb/usbdevs.h> 60 61 #include <dev/usb/if_upgtvar.h> 62 63 /* 64 * Driver for the USB PrismGT devices. 65 * 66 * For now just USB 2.0 devices with the GW3887 chipset are supported. 67 * The driver has been written based on the firmware version 2.13.1.0_LM87. 68 * 69 * TODO's: 70 * - Fix MONITOR mode (MAC filter). 71 * - Add HOSTAP mode. 72 * - Add IBSS mode. 73 * - Support the USB 1.0 devices (NET2280, ISL3880, ISL3886 chipsets). 74 * 75 * Parts of this driver has been influenced by reading the p54u driver 76 * written by Jean-Baptiste Note <jean-baptiste.note@m4x.org> and 77 * Sebastien Bourdeauducq <lekernel@prism54.org>. 78 */ 79 80 #ifdef UPGT_DEBUG 81 int upgt_debug = 2; 82 #define DPRINTF(l, x...) do { if ((l) <= upgt_debug) printf(x); } while (0) 83 #else 84 #define DPRINTF(l, x...) 85 #endif 86 87 /* 88 * Prototypes. 89 */ 90 static int upgt_match(device_t, cfdata_t, void *); 91 static void upgt_attach(device_t, device_t, void *); 92 static int upgt_detach(device_t, int); 93 static int upgt_activate(device_t, devact_t); 94 95 static void upgt_attach_hook(device_t); 96 static int upgt_device_type(struct upgt_softc *, uint16_t, uint16_t); 97 static int upgt_device_init(struct upgt_softc *); 98 static int upgt_mem_init(struct upgt_softc *); 99 static uint32_t upgt_mem_alloc(struct upgt_softc *); 100 static void upgt_mem_free(struct upgt_softc *, uint32_t); 101 static int upgt_fw_alloc(struct upgt_softc *); 102 static void upgt_fw_free(struct upgt_softc *); 103 static int upgt_fw_verify(struct upgt_softc *); 104 static int upgt_fw_load(struct upgt_softc *); 105 static int upgt_fw_copy(char *, char *, int); 106 static int upgt_eeprom_read(struct upgt_softc *); 107 static int upgt_eeprom_parse(struct upgt_softc *); 108 static void upgt_eeprom_parse_hwrx(struct upgt_softc *, uint8_t *); 109 static void upgt_eeprom_parse_freq3(struct upgt_softc *, uint8_t *, int); 110 static void upgt_eeprom_parse_freq4(struct upgt_softc *, uint8_t *, int); 111 static void upgt_eeprom_parse_freq6(struct upgt_softc *, uint8_t *, int); 112 113 static int upgt_ioctl(struct ifnet *, u_long, void *); 114 static int upgt_init(struct ifnet *); 115 static void upgt_stop(struct upgt_softc *); 116 static int upgt_media_change(struct ifnet *); 117 static void upgt_newassoc(struct ieee80211_node *, int); 118 static int upgt_newstate(struct ieee80211com *, enum ieee80211_state, 119 int); 120 static void upgt_newstate_task(void *); 121 static void upgt_next_scan(void *); 122 static void upgt_start(struct ifnet *); 123 static void upgt_watchdog(struct ifnet *); 124 static void upgt_tx_task(void *); 125 static void upgt_tx_done(struct upgt_softc *, uint8_t *); 126 static void upgt_rx_cb(struct usbd_xfer *, void *, usbd_status); 127 static void upgt_rx(struct upgt_softc *, uint8_t *, int); 128 static void upgt_setup_rates(struct upgt_softc *); 129 static uint8_t upgt_rx_rate(struct upgt_softc *, const int); 130 static int upgt_set_macfilter(struct upgt_softc *, uint8_t); 131 static int upgt_set_channel(struct upgt_softc *, unsigned); 132 static void upgt_set_led(struct upgt_softc *, int); 133 static void upgt_set_led_blink(void *); 134 static int upgt_get_stats(struct upgt_softc *); 135 136 static int upgt_alloc_tx(struct upgt_softc *); 137 static int upgt_alloc_rx(struct upgt_softc *); 138 static int upgt_alloc_cmd(struct upgt_softc *); 139 static void upgt_free_tx(struct upgt_softc *); 140 static void upgt_free_rx(struct upgt_softc *); 141 static void upgt_free_cmd(struct upgt_softc *); 142 static int upgt_bulk_xmit(struct upgt_softc *, struct upgt_data *, 143 struct usbd_pipe *, uint32_t *, int); 144 145 #if 0 146 static void upgt_hexdump(void *, int); 147 #endif 148 static uint32_t upgt_crc32_le(const void *, size_t); 149 static uint32_t upgt_chksum_le(const uint32_t *, size_t); 150 151 CFATTACH_DECL_NEW(upgt, sizeof(struct upgt_softc), 152 upgt_match, upgt_attach, upgt_detach, upgt_activate); 153 154 static const struct usb_devno upgt_devs_1[] = { 155 /* version 1 devices */ 156 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST120G }, 157 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG_V1 } 158 }; 159 160 static const struct usb_devno upgt_devs_2[] = { 161 /* version 2 devices */ 162 { USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_PRISM_GT }, 163 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST121G }, 164 { USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D7050 }, 165 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54AG }, 166 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54GV2 }, 167 { USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_PRISM_GT }, 168 { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_CGWLUSB2GTST }, 169 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_1 }, 170 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_2 }, 171 { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWLG122A2 }, 172 { USB_VENDOR_FSC, USB_PRODUCT_FSC_E5400 }, 173 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_1 }, 174 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_2 }, 175 { USB_VENDOR_INTERSIL, USB_PRODUCT_INTERSIL_PRISM_GT }, 176 { USB_VENDOR_PHEENET, USB_PRODUCT_PHEENET_GWU513 }, 177 { USB_VENDOR_PHILIPS, USB_PRODUCT_PHILIPS_CPWUA054 }, 178 { USB_VENDOR_SHARP, USB_PRODUCT_SHARP_RUITZ1016YCZZ }, 179 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG }, 180 { USB_VENDOR_USR, USB_PRODUCT_USR_USR5422 }, 181 { USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_UR045G }, 182 { USB_VENDOR_CONEXANT, USB_PRODUCT_CONEXANT_PRISM_GT_1 }, 183 { USB_VENDOR_CONEXANT, USB_PRODUCT_CONEXANT_PRISM_GT_2 }, 184 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_MD40900 }, 185 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_XG703A } 186 }; 187 188 static int 189 firmware_load(const char *dname, const char *iname, uint8_t **ucodep, 190 size_t *sizep) 191 { 192 firmware_handle_t fh; 193 int error; 194 195 if ((error = firmware_open(dname, iname, &fh)) != 0) 196 return error; 197 *sizep = firmware_get_size(fh); 198 if ((*ucodep = firmware_malloc(*sizep)) == NULL) { 199 firmware_close(fh); 200 return ENOMEM; 201 } 202 if ((error = firmware_read(fh, 0, *ucodep, *sizep)) != 0) 203 firmware_free(*ucodep, *sizep); 204 firmware_close(fh); 205 206 return error; 207 } 208 209 static int 210 upgt_match(device_t parent, cfdata_t match, void *aux) 211 { 212 struct usb_attach_arg *uaa = aux; 213 214 if (usb_lookup(upgt_devs_1, uaa->uaa_vendor, uaa->uaa_product) != NULL) 215 return UMATCH_VENDOR_PRODUCT; 216 217 if (usb_lookup(upgt_devs_2, uaa->uaa_vendor, uaa->uaa_product) != NULL) 218 return UMATCH_VENDOR_PRODUCT; 219 220 return UMATCH_NONE; 221 } 222 223 static void 224 upgt_attach(device_t parent, device_t self, void *aux) 225 { 226 struct upgt_softc *sc = device_private(self); 227 struct usb_attach_arg *uaa = aux; 228 usb_interface_descriptor_t *id; 229 usb_endpoint_descriptor_t *ed; 230 usbd_status error; 231 char *devinfop; 232 int i; 233 234 aprint_naive("\n"); 235 aprint_normal("\n"); 236 237 /* 238 * Attach USB device. 239 */ 240 sc->sc_dev = self; 241 sc->sc_udev = uaa->uaa_device; 242 243 devinfop = usbd_devinfo_alloc(sc->sc_udev, 0); 244 aprint_normal_dev(sc->sc_dev, "%s\n", devinfop); 245 usbd_devinfo_free(devinfop); 246 247 /* check device type */ 248 if (upgt_device_type(sc, uaa->uaa_vendor, uaa->uaa_product) != 0) 249 return; 250 251 /* set configuration number */ 252 error = usbd_set_config_no(sc->sc_udev, UPGT_CONFIG_NO, 0); 253 if (error != 0) { 254 aprint_error_dev(sc->sc_dev, "failed to set configuration" 255 ", err=%s\n", usbd_errstr(error)); 256 return; 257 } 258 259 /* get the first interface handle */ 260 error = usbd_device2interface_handle(sc->sc_udev, UPGT_IFACE_INDEX, 261 &sc->sc_iface); 262 if (error != 0) { 263 aprint_error_dev(sc->sc_dev, 264 "could not get interface handle\n"); 265 return; 266 } 267 268 /* find endpoints */ 269 id = usbd_get_interface_descriptor(sc->sc_iface); 270 sc->sc_rx_no = sc->sc_tx_no = -1; 271 for (i = 0; i < id->bNumEndpoints; i++) { 272 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 273 if (ed == NULL) { 274 aprint_error_dev(sc->sc_dev, 275 "no endpoint descriptor for iface %d\n", i); 276 return; 277 } 278 279 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 280 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 281 sc->sc_tx_no = ed->bEndpointAddress; 282 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 283 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 284 sc->sc_rx_no = ed->bEndpointAddress; 285 286 /* 287 * 0x01 TX pipe 288 * 0x81 RX pipe 289 * 290 * Deprecated scheme (not used with fw version >2.5.6.x): 291 * 0x02 TX MGMT pipe 292 * 0x82 TX MGMT pipe 293 */ 294 if (sc->sc_tx_no != -1 && sc->sc_rx_no != -1) 295 break; 296 } 297 if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) { 298 aprint_error_dev(sc->sc_dev, "missing endpoint\n"); 299 return; 300 } 301 302 /* setup tasks and timeouts */ 303 usb_init_task(&sc->sc_task_newstate, upgt_newstate_task, sc, 0); 304 usb_init_task(&sc->sc_task_tx, upgt_tx_task, sc, 0); 305 callout_init(&sc->scan_to, 0); 306 callout_setfunc(&sc->scan_to, upgt_next_scan, sc); 307 callout_init(&sc->led_to, 0); 308 callout_setfunc(&sc->led_to, upgt_set_led_blink, sc); 309 310 /* 311 * Open TX and RX USB bulk pipes. 312 */ 313 error = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE, 314 &sc->sc_tx_pipeh); 315 if (error != 0) { 316 aprint_error_dev(sc->sc_dev, 317 "could not open TX pipe: %s\n", usbd_errstr(error)); 318 goto fail; 319 } 320 error = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE, 321 &sc->sc_rx_pipeh); 322 if (error != 0) { 323 aprint_error_dev(sc->sc_dev, "could not open RX pipe: %s\n", 324 usbd_errstr(error)); 325 goto fail; 326 } 327 328 /* 329 * Allocate TX, RX, and CMD xfers. 330 */ 331 if (upgt_alloc_tx(sc) != 0) 332 goto fail; 333 if (upgt_alloc_rx(sc) != 0) 334 goto fail; 335 if (upgt_alloc_cmd(sc) != 0) 336 goto fail; 337 338 /* 339 * We need the firmware loaded from file system to complete the attach. 340 */ 341 config_mountroot(self, upgt_attach_hook); 342 343 return; 344 fail: 345 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 346 } 347 348 static void 349 upgt_attach_hook(device_t arg) 350 { 351 struct upgt_softc *sc = device_private(arg); 352 struct ieee80211com *ic = &sc->sc_ic; 353 struct ifnet *ifp = &sc->sc_if; 354 usbd_status error; 355 int i; 356 357 /* 358 * Load firmware file into memory. 359 */ 360 if (upgt_fw_alloc(sc) != 0) 361 goto fail; 362 363 /* 364 * Initialize the device. 365 */ 366 if (upgt_device_init(sc) != 0) 367 goto fail; 368 369 /* 370 * Verify the firmware. 371 */ 372 if (upgt_fw_verify(sc) != 0) 373 goto fail; 374 375 /* 376 * Calculate device memory space. 377 */ 378 if (sc->sc_memaddr_frame_start == 0 || sc->sc_memaddr_frame_end == 0) { 379 aprint_error_dev(sc->sc_dev, 380 "could not find memory space addresses on FW\n"); 381 goto fail; 382 } 383 sc->sc_memaddr_frame_end -= UPGT_MEMSIZE_RX + 1; 384 sc->sc_memaddr_rx_start = sc->sc_memaddr_frame_end + 1; 385 386 DPRINTF(1, "%s: memory address frame start=0x%08x\n", 387 device_xname(sc->sc_dev), sc->sc_memaddr_frame_start); 388 DPRINTF(1, "%s: memory address frame end=0x%08x\n", 389 device_xname(sc->sc_dev), sc->sc_memaddr_frame_end); 390 DPRINTF(1, "%s: memory address rx start=0x%08x\n", 391 device_xname(sc->sc_dev), sc->sc_memaddr_rx_start); 392 393 upgt_mem_init(sc); 394 395 /* 396 * Load the firmware. 397 */ 398 if (upgt_fw_load(sc) != 0) 399 goto fail; 400 401 /* 402 * Startup the RX pipe. 403 */ 404 struct upgt_data *data_rx = &sc->rx_data; 405 406 usbd_setup_xfer(data_rx->xfer, data_rx, data_rx->buf, 407 MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 408 error = usbd_transfer(data_rx->xfer); 409 if (error != USBD_NORMAL_COMPLETION && error != USBD_IN_PROGRESS) { 410 aprint_error_dev(sc->sc_dev, 411 "could not queue RX transfer\n"); 412 goto fail; 413 } 414 usbd_delay_ms(sc->sc_udev, 100); 415 416 /* 417 * Read the whole EEPROM content and parse it. 418 */ 419 if (upgt_eeprom_read(sc) != 0) 420 goto fail; 421 if (upgt_eeprom_parse(sc) != 0) 422 goto fail; 423 424 /* 425 * Setup the 802.11 device. 426 */ 427 ic->ic_ifp = ifp; 428 ic->ic_phytype = IEEE80211_T_OFDM; 429 ic->ic_opmode = IEEE80211_M_STA; 430 ic->ic_state = IEEE80211_S_INIT; 431 ic->ic_caps = 432 IEEE80211_C_MONITOR | 433 IEEE80211_C_SHPREAMBLE | 434 IEEE80211_C_SHSLOT; 435 436 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 437 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 438 439 for (i = 1; i <= 14; i++) { 440 ic->ic_channels[i].ic_freq = 441 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 442 ic->ic_channels[i].ic_flags = 443 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 444 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 445 } 446 447 ifp->if_softc = sc; 448 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 449 ifp->if_init = upgt_init; 450 ifp->if_ioctl = upgt_ioctl; 451 ifp->if_start = upgt_start; 452 ifp->if_watchdog = upgt_watchdog; 453 IFQ_SET_READY(&ifp->if_snd); 454 memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ); 455 456 if_attach(ifp); 457 ieee80211_ifattach(ic); 458 ic->ic_newassoc = upgt_newassoc; 459 460 sc->sc_newstate = ic->ic_newstate; 461 ic->ic_newstate = upgt_newstate; 462 ieee80211_media_init(ic, upgt_media_change, ieee80211_media_status); 463 464 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 465 sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 466 &sc->sc_drvbpf); 467 468 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 469 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 470 sc->sc_rxtap.wr_ihdr.it_present = htole32(UPGT_RX_RADIOTAP_PRESENT); 471 472 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 473 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 474 sc->sc_txtap.wt_ihdr.it_present = htole32(UPGT_TX_RADIOTAP_PRESENT); 475 476 aprint_normal_dev(sc->sc_dev, "address %s\n", 477 ether_sprintf(ic->ic_myaddr)); 478 479 ieee80211_announce(ic); 480 481 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, sc->sc_dev); 482 483 /* device attached */ 484 sc->sc_flags |= UPGT_DEVICE_ATTACHED; 485 486 return; 487 fail: 488 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 489 } 490 491 static int 492 upgt_detach(device_t self, int flags) 493 { 494 struct upgt_softc *sc = device_private(self); 495 struct ifnet *ifp = &sc->sc_if; 496 struct ieee80211com *ic = &sc->sc_ic; 497 int s; 498 499 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 500 501 s = splnet(); 502 503 if (ifp->if_flags & IFF_RUNNING) 504 upgt_stop(sc); 505 506 /* remove tasks and timeouts */ 507 callout_halt(&sc->scan_to, NULL); 508 callout_halt(&sc->led_to, NULL); 509 usb_rem_task_wait(sc->sc_udev, &sc->sc_task_newstate, USB_TASKQ_DRIVER, 510 NULL); 511 usb_rem_task_wait(sc->sc_udev, &sc->sc_task_tx, USB_TASKQ_DRIVER, 512 NULL); 513 callout_destroy(&sc->scan_to); 514 callout_destroy(&sc->led_to); 515 516 /* abort and close TX / RX pipes */ 517 if (sc->sc_tx_pipeh != NULL) { 518 usbd_abort_pipe(sc->sc_tx_pipeh); 519 } 520 if (sc->sc_rx_pipeh != NULL) { 521 usbd_abort_pipe(sc->sc_rx_pipeh); 522 } 523 524 /* free xfers */ 525 upgt_free_tx(sc); 526 upgt_free_rx(sc); 527 upgt_free_cmd(sc); 528 529 /* Close TX / RX pipes */ 530 if (sc->sc_tx_pipeh != NULL) { 531 usbd_close_pipe(sc->sc_tx_pipeh); 532 } 533 if (sc->sc_rx_pipeh != NULL) { 534 usbd_close_pipe(sc->sc_rx_pipeh); 535 } 536 537 /* free firmware */ 538 upgt_fw_free(sc); 539 540 if (sc->sc_flags & UPGT_DEVICE_ATTACHED) { 541 /* detach interface */ 542 bpf_detach(ifp); 543 ieee80211_ifdetach(ic); 544 if_detach(ifp); 545 } 546 547 splx(s); 548 549 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, sc->sc_dev); 550 551 return 0; 552 } 553 554 static int 555 upgt_activate(device_t self, devact_t act) 556 { 557 struct upgt_softc *sc = device_private(self); 558 559 switch (act) { 560 case DVACT_DEACTIVATE: 561 if_deactivate(&sc->sc_if); 562 return 0; 563 default: 564 return EOPNOTSUPP; 565 } 566 } 567 568 static int 569 upgt_device_type(struct upgt_softc *sc, uint16_t vendor, uint16_t product) 570 { 571 572 if (usb_lookup(upgt_devs_1, vendor, product) != NULL) { 573 sc->sc_device_type = 1; 574 /* XXX */ 575 aprint_error_dev(sc->sc_dev, 576 "version 1 devices not supported yet\n"); 577 return 1; 578 } else 579 sc->sc_device_type = 2; 580 581 return 0; 582 } 583 584 static int 585 upgt_device_init(struct upgt_softc *sc) 586 { 587 struct upgt_data *data_cmd = &sc->cmd_data; 588 const uint8_t init_cmd[] = { 0x7e, 0x7e, 0x7e, 0x7e }; 589 int len; 590 591 len = sizeof(init_cmd); 592 memcpy(data_cmd->buf, init_cmd, len); 593 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 594 aprint_error_dev(sc->sc_dev, 595 "could not send device init string\n"); 596 return EIO; 597 } 598 usbd_delay_ms(sc->sc_udev, 100); 599 600 DPRINTF(1, "%s: device initialized\n", device_xname(sc->sc_dev)); 601 602 return 0; 603 } 604 605 static int 606 upgt_mem_init(struct upgt_softc *sc) 607 { 608 int i; 609 610 for (i = 0; i < UPGT_MEMORY_MAX_PAGES; i++) { 611 sc->sc_memory.page[i].used = 0; 612 613 if (i == 0) { 614 /* 615 * The first memory page is always reserved for 616 * command data. 617 */ 618 sc->sc_memory.page[i].addr = 619 sc->sc_memaddr_frame_start + MCLBYTES; 620 } else { 621 sc->sc_memory.page[i].addr = 622 sc->sc_memory.page[i - 1].addr + MCLBYTES; 623 } 624 625 if (sc->sc_memory.page[i].addr + MCLBYTES >= 626 sc->sc_memaddr_frame_end) 627 break; 628 629 DPRINTF(2, "%s: memory address page %d=0x%08x\n", 630 device_xname(sc->sc_dev), i, sc->sc_memory.page[i].addr); 631 } 632 633 sc->sc_memory.pages = i; 634 635 DPRINTF(2, "%s: memory pages=%d\n", 636 device_xname(sc->sc_dev), sc->sc_memory.pages); 637 638 return 0; 639 } 640 641 static uint32_t 642 upgt_mem_alloc(struct upgt_softc *sc) 643 { 644 int i; 645 646 for (i = 0; i < sc->sc_memory.pages; i++) { 647 if (sc->sc_memory.page[i].used == 0) { 648 sc->sc_memory.page[i].used = 1; 649 return sc->sc_memory.page[i].addr; 650 } 651 } 652 653 return 0; 654 } 655 656 static void 657 upgt_mem_free(struct upgt_softc *sc, uint32_t addr) 658 { 659 int i; 660 661 for (i = 0; i < sc->sc_memory.pages; i++) { 662 if (sc->sc_memory.page[i].addr == addr) { 663 sc->sc_memory.page[i].used = 0; 664 return; 665 } 666 } 667 668 aprint_error_dev(sc->sc_dev, "could not free memory address 0x%08x\n", 669 addr); 670 } 671 672 673 static int 674 upgt_fw_alloc(struct upgt_softc *sc) 675 { 676 const char *name = "upgt-gw3887"; 677 int error; 678 679 if (sc->sc_fw == NULL) { 680 error = firmware_load("upgt", name, &sc->sc_fw, 681 &sc->sc_fw_size); 682 if (error != 0) { 683 if (error == ENOENT) { 684 /* 685 * The firmware file for upgt(4) is not in 686 * the default distribution due to its lisence 687 * so explicitly notify it if the firmware file 688 * is not found. 689 */ 690 aprint_error_dev(sc->sc_dev, 691 "firmware file %s is not installed\n", 692 name); 693 aprint_error_dev(sc->sc_dev, 694 "(it is not included in the default" 695 " distribution)\n"); 696 aprint_error_dev(sc->sc_dev, 697 "see upgt(4) man page for details about " 698 "firmware installation\n"); 699 } else { 700 aprint_error_dev(sc->sc_dev, 701 "could not read firmware %s\n", name); 702 } 703 return EIO; 704 } 705 } 706 707 DPRINTF(1, "%s: firmware %s allocated\n", device_xname(sc->sc_dev), 708 name); 709 710 return 0; 711 } 712 713 static void 714 upgt_fw_free(struct upgt_softc *sc) 715 { 716 717 if (sc->sc_fw != NULL) { 718 firmware_free(sc->sc_fw, sc->sc_fw_size); 719 sc->sc_fw = NULL; 720 DPRINTF(1, "%s: firmware freed\n", device_xname(sc->sc_dev)); 721 } 722 } 723 724 static int 725 upgt_fw_verify(struct upgt_softc *sc) 726 { 727 struct upgt_fw_bra_option *bra_option; 728 uint32_t bra_option_type, bra_option_len; 729 uint32_t *uc; 730 int offset, bra_end = 0; 731 732 /* 733 * Seek to beginning of Boot Record Area (BRA). 734 */ 735 for (offset = 0; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 736 uc = (uint32_t *)(sc->sc_fw + offset); 737 if (*uc == 0) 738 break; 739 } 740 for (; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 741 uc = (uint32_t *)(sc->sc_fw + offset); 742 if (*uc != 0) 743 break; 744 } 745 if (offset == sc->sc_fw_size) { 746 aprint_error_dev(sc->sc_dev, 747 "firmware Boot Record Area not found\n"); 748 return EIO; 749 } 750 DPRINTF(1, "%s: firmware Boot Record Area found at offset %d\n", 751 device_xname(sc->sc_dev), offset); 752 753 /* 754 * Parse Boot Record Area (BRA) options. 755 */ 756 while (offset < sc->sc_fw_size && bra_end == 0) { 757 /* get current BRA option */ 758 bra_option = (struct upgt_fw_bra_option *)(sc->sc_fw + offset); 759 bra_option_type = le32toh(bra_option->type); 760 bra_option_len = le32toh(bra_option->len) * sizeof(*uc); 761 762 switch (bra_option_type) { 763 case UPGT_BRA_TYPE_FW: 764 DPRINTF(1, "%s: UPGT_BRA_TYPE_FW len=%d\n", 765 device_xname(sc->sc_dev), bra_option_len); 766 767 if (bra_option_len != UPGT_BRA_FWTYPE_SIZE) { 768 aprint_error_dev(sc->sc_dev, 769 "wrong UPGT_BRA_TYPE_FW len\n"); 770 return EIO; 771 } 772 if (memcmp(UPGT_BRA_FWTYPE_LM86, bra_option->data, 773 bra_option_len) == 0) { 774 sc->sc_fw_type = UPGT_FWTYPE_LM86; 775 break; 776 } 777 if (memcmp(UPGT_BRA_FWTYPE_LM87, bra_option->data, 778 bra_option_len) == 0) { 779 sc->sc_fw_type = UPGT_FWTYPE_LM87; 780 break; 781 } 782 if (memcmp(UPGT_BRA_FWTYPE_FMAC, bra_option->data, 783 bra_option_len) == 0) { 784 sc->sc_fw_type = UPGT_FWTYPE_FMAC; 785 break; 786 } 787 aprint_error_dev(sc->sc_dev, 788 "unsupported firmware type\n"); 789 return EIO; 790 case UPGT_BRA_TYPE_VERSION: 791 DPRINTF(1, "%s: UPGT_BRA_TYPE_VERSION len=%d\n", 792 device_xname(sc->sc_dev), bra_option_len); 793 break; 794 case UPGT_BRA_TYPE_DEPIF: 795 DPRINTF(1, "%s: UPGT_BRA_TYPE_DEPIF len=%d\n", 796 device_xname(sc->sc_dev), bra_option_len); 797 break; 798 case UPGT_BRA_TYPE_EXPIF: 799 DPRINTF(1, "%s: UPGT_BRA_TYPE_EXPIF len=%d\n", 800 device_xname(sc->sc_dev), bra_option_len); 801 break; 802 case UPGT_BRA_TYPE_DESCR: 803 DPRINTF(1, "%s: UPGT_BRA_TYPE_DESCR len=%d\n", 804 device_xname(sc->sc_dev), bra_option_len); 805 806 struct upgt_fw_bra_descr *descr = 807 (struct upgt_fw_bra_descr *)bra_option->data; 808 809 sc->sc_memaddr_frame_start = 810 le32toh(descr->memaddr_space_start); 811 sc->sc_memaddr_frame_end = 812 le32toh(descr->memaddr_space_end); 813 814 DPRINTF(2, "%s: memory address space start=0x%08x\n", 815 device_xname(sc->sc_dev), 816 sc->sc_memaddr_frame_start); 817 DPRINTF(2, "%s: memory address space end=0x%08x\n", 818 device_xname(sc->sc_dev), 819 sc->sc_memaddr_frame_end); 820 break; 821 case UPGT_BRA_TYPE_END: 822 DPRINTF(1, "%s: UPGT_BRA_TYPE_END len=%d\n", 823 device_xname(sc->sc_dev), bra_option_len); 824 bra_end = 1; 825 break; 826 default: 827 DPRINTF(1, "%s: unknown BRA option len=%d\n", 828 device_xname(sc->sc_dev), bra_option_len); 829 return EIO; 830 } 831 832 /* jump to next BRA option */ 833 offset += sizeof(struct upgt_fw_bra_option) + bra_option_len; 834 } 835 836 DPRINTF(1, "%s: firmware verified\n", device_xname(sc->sc_dev)); 837 838 return 0; 839 } 840 841 static int 842 upgt_fw_load(struct upgt_softc *sc) 843 { 844 struct upgt_data *data_cmd = &sc->cmd_data; 845 struct upgt_data *data_rx = &sc->rx_data; 846 struct upgt_fw_x2_header *x2; 847 const uint8_t start_fwload_cmd[] = { 0x3c, 0x0d }; 848 int offset, bsize, n, i, len; 849 uint32_t crc; 850 851 /* send firmware start load command */ 852 len = sizeof(start_fwload_cmd); 853 memcpy(data_cmd->buf, start_fwload_cmd, len); 854 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 855 aprint_error_dev(sc->sc_dev, 856 "could not send start_firmware_load command\n"); 857 return EIO; 858 } 859 860 /* send X2 header */ 861 len = sizeof(struct upgt_fw_x2_header); 862 x2 = (struct upgt_fw_x2_header *)data_cmd->buf; 863 memcpy(x2->signature, UPGT_X2_SIGNATURE, UPGT_X2_SIGNATURE_SIZE); 864 x2->startaddr = htole32(UPGT_MEMADDR_FIRMWARE_START); 865 x2->len = htole32(sc->sc_fw_size); 866 x2->crc = upgt_crc32_le(data_cmd->buf + UPGT_X2_SIGNATURE_SIZE, 867 sizeof(struct upgt_fw_x2_header) - UPGT_X2_SIGNATURE_SIZE - 868 sizeof(uint32_t)); 869 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 870 aprint_error_dev(sc->sc_dev, 871 "could not send firmware X2 header\n"); 872 return EIO; 873 } 874 875 /* download firmware */ 876 for (offset = 0; offset < sc->sc_fw_size; offset += bsize) { 877 if (sc->sc_fw_size - offset > UPGT_FW_BLOCK_SIZE) 878 bsize = UPGT_FW_BLOCK_SIZE; 879 else 880 bsize = sc->sc_fw_size - offset; 881 882 n = upgt_fw_copy(sc->sc_fw + offset, data_cmd->buf, bsize); 883 884 DPRINTF(1, "%s: FW offset=%d, read=%d, sent=%d\n", 885 device_xname(sc->sc_dev), offset, n, bsize); 886 887 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &bsize, 0) 888 != 0) { 889 aprint_error_dev(sc->sc_dev, 890 "error while downloading firmware block\n"); 891 return EIO; 892 } 893 894 bsize = n; 895 } 896 DPRINTF(1, "%s: firmware downloaded\n", device_xname(sc->sc_dev)); 897 898 /* load firmware */ 899 crc = upgt_crc32_le(sc->sc_fw, sc->sc_fw_size); 900 *((uint32_t *)(data_cmd->buf) ) = crc; 901 *((uint8_t *)(data_cmd->buf) + 4) = 'g'; 902 *((uint8_t *)(data_cmd->buf) + 5) = '\r'; 903 len = 6; 904 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 905 aprint_error_dev(sc->sc_dev, 906 "could not send load_firmware command\n"); 907 return EIO; 908 } 909 910 for (i = 0; i < UPGT_FIRMWARE_TIMEOUT; i++) { 911 len = UPGT_FW_BLOCK_SIZE; 912 memset(data_rx->buf, 0, 2); 913 if (upgt_bulk_xmit(sc, data_rx, sc->sc_rx_pipeh, &len, 914 USBD_SHORT_XFER_OK) != 0) { 915 aprint_error_dev(sc->sc_dev, 916 "could not read firmware response\n"); 917 return EIO; 918 } 919 920 if (memcmp(data_rx->buf, "OK", 2) == 0) 921 break; /* firmware load was successful */ 922 } 923 if (i == UPGT_FIRMWARE_TIMEOUT) { 924 aprint_error_dev(sc->sc_dev, "firmware load failed\n"); 925 return EIO; 926 } 927 DPRINTF(1, "%s: firmware loaded\n", device_xname(sc->sc_dev)); 928 929 return 0; 930 } 931 932 /* 933 * While copying the version 2 firmware, we need to replace two characters: 934 * 935 * 0x7e -> 0x7d 0x5e 936 * 0x7d -> 0x7d 0x5d 937 */ 938 static int 939 upgt_fw_copy(char *src, char *dst, int size) 940 { 941 int i, j; 942 943 for (i = 0, j = 0; i < size && j < size; i++) { 944 switch (src[i]) { 945 case 0x7e: 946 dst[j] = 0x7d; 947 j++; 948 dst[j] = 0x5e; 949 j++; 950 break; 951 case 0x7d: 952 dst[j] = 0x7d; 953 j++; 954 dst[j] = 0x5d; 955 j++; 956 break; 957 default: 958 dst[j] = src[i]; 959 j++; 960 break; 961 } 962 } 963 964 return i; 965 } 966 967 static int 968 upgt_eeprom_read(struct upgt_softc *sc) 969 { 970 struct upgt_data *data_cmd = &sc->cmd_data; 971 struct upgt_lmac_mem *mem; 972 struct upgt_lmac_eeprom *eeprom; 973 int offset, block, len; 974 975 offset = 0; 976 block = UPGT_EEPROM_BLOCK_SIZE; 977 while (offset < UPGT_EEPROM_SIZE) { 978 DPRINTF(1, "%s: request EEPROM block (offset=%d, len=%d)\n", 979 device_xname(sc->sc_dev), offset, block); 980 981 /* 982 * Transmit the URB containing the CMD data. 983 */ 984 len = sizeof(*mem) + sizeof(*eeprom) + block; 985 986 memset(data_cmd->buf, 0, len); 987 988 mem = (struct upgt_lmac_mem *)data_cmd->buf; 989 mem->addr = htole32(sc->sc_memaddr_frame_start + 990 UPGT_MEMSIZE_FRAME_HEAD); 991 992 eeprom = (struct upgt_lmac_eeprom *)(mem + 1); 993 eeprom->header1.flags = 0; 994 eeprom->header1.type = UPGT_H1_TYPE_CTRL; 995 eeprom->header1.len = htole16(( 996 sizeof(struct upgt_lmac_eeprom) - 997 sizeof(struct upgt_lmac_header)) + block); 998 999 eeprom->header2.reqid = htole32(sc->sc_memaddr_frame_start); 1000 eeprom->header2.type = htole16(UPGT_H2_TYPE_EEPROM); 1001 eeprom->header2.flags = 0; 1002 1003 eeprom->offset = htole16(offset); 1004 eeprom->len = htole16(block); 1005 1006 mem->chksum = upgt_chksum_le((uint32_t *)eeprom, 1007 len - sizeof(*mem)); 1008 1009 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 1010 USBD_FORCE_SHORT_XFER) != 0) { 1011 aprint_error_dev(sc->sc_dev, 1012 "could not transmit EEPROM data URB\n"); 1013 return EIO; 1014 } 1015 if (tsleep(sc, 0, "eeprom_request", UPGT_USB_TIMEOUT)) { 1016 aprint_error_dev(sc->sc_dev, 1017 "timeout while waiting for EEPROM data\n"); 1018 return EIO; 1019 } 1020 1021 offset += block; 1022 if (UPGT_EEPROM_SIZE - offset < block) 1023 block = UPGT_EEPROM_SIZE - offset; 1024 } 1025 1026 return 0; 1027 } 1028 1029 static int 1030 upgt_eeprom_parse(struct upgt_softc *sc) 1031 { 1032 struct ieee80211com *ic = &sc->sc_ic; 1033 struct upgt_eeprom_header *eeprom_header; 1034 struct upgt_eeprom_option *eeprom_option; 1035 uint16_t option_len; 1036 uint16_t option_type; 1037 uint16_t preamble_len; 1038 int option_end = 0; 1039 1040 /* calculate eeprom options start offset */ 1041 eeprom_header = (struct upgt_eeprom_header *)sc->sc_eeprom; 1042 preamble_len = le16toh(eeprom_header->preamble_len); 1043 eeprom_option = (struct upgt_eeprom_option *)(sc->sc_eeprom + 1044 (sizeof(struct upgt_eeprom_header) + preamble_len)); 1045 1046 while (!option_end) { 1047 /* the eeprom option length is stored in words */ 1048 option_len = 1049 (le16toh(eeprom_option->len) - 1) * sizeof(uint16_t); 1050 option_type = 1051 le16toh(eeprom_option->type); 1052 1053 switch (option_type) { 1054 case UPGT_EEPROM_TYPE_NAME: 1055 DPRINTF(1, "%s: EEPROM name len=%d\n", 1056 device_xname(sc->sc_dev), option_len); 1057 break; 1058 case UPGT_EEPROM_TYPE_SERIAL: 1059 DPRINTF(1, "%s: EEPROM serial len=%d\n", 1060 device_xname(sc->sc_dev), option_len); 1061 break; 1062 case UPGT_EEPROM_TYPE_MAC: 1063 DPRINTF(1, "%s: EEPROM mac len=%d\n", 1064 device_xname(sc->sc_dev), option_len); 1065 1066 IEEE80211_ADDR_COPY(ic->ic_myaddr, eeprom_option->data); 1067 break; 1068 case UPGT_EEPROM_TYPE_HWRX: 1069 DPRINTF(1, "%s: EEPROM hwrx len=%d\n", 1070 device_xname(sc->sc_dev), option_len); 1071 1072 upgt_eeprom_parse_hwrx(sc, eeprom_option->data); 1073 break; 1074 case UPGT_EEPROM_TYPE_CHIP: 1075 DPRINTF(1, "%s: EEPROM chip len=%d\n", 1076 device_xname(sc->sc_dev), option_len); 1077 break; 1078 case UPGT_EEPROM_TYPE_FREQ3: 1079 DPRINTF(1, "%s: EEPROM freq3 len=%d\n", 1080 device_xname(sc->sc_dev), option_len); 1081 1082 upgt_eeprom_parse_freq3(sc, eeprom_option->data, 1083 option_len); 1084 break; 1085 case UPGT_EEPROM_TYPE_FREQ4: 1086 DPRINTF(1, "%s: EEPROM freq4 len=%d\n", 1087 device_xname(sc->sc_dev), option_len); 1088 1089 upgt_eeprom_parse_freq4(sc, eeprom_option->data, 1090 option_len); 1091 break; 1092 case UPGT_EEPROM_TYPE_FREQ5: 1093 DPRINTF(1, "%s: EEPROM freq5 len=%d\n", 1094 device_xname(sc->sc_dev), option_len); 1095 break; 1096 case UPGT_EEPROM_TYPE_FREQ6: 1097 DPRINTF(1, "%s: EEPROM freq6 len=%d\n", 1098 device_xname(sc->sc_dev), option_len); 1099 1100 upgt_eeprom_parse_freq6(sc, eeprom_option->data, 1101 option_len); 1102 break; 1103 case UPGT_EEPROM_TYPE_END: 1104 DPRINTF(1, "%s: EEPROM end len=%d\n", 1105 device_xname(sc->sc_dev), option_len); 1106 option_end = 1; 1107 break; 1108 case UPGT_EEPROM_TYPE_OFF: 1109 DPRINTF(1, "%s: EEPROM off without end option\n", 1110 device_xname(sc->sc_dev)); 1111 return EIO; 1112 default: 1113 DPRINTF(1, "%s: EEPROM unknown type 0x%04x len=%d\n", 1114 device_xname(sc->sc_dev), option_type, option_len); 1115 break; 1116 } 1117 1118 /* jump to next EEPROM option */ 1119 eeprom_option = (struct upgt_eeprom_option *) 1120 (eeprom_option->data + option_len); 1121 } 1122 1123 return 0; 1124 } 1125 1126 static void 1127 upgt_eeprom_parse_hwrx(struct upgt_softc *sc, uint8_t *data) 1128 { 1129 struct upgt_eeprom_option_hwrx *option_hwrx; 1130 1131 option_hwrx = (struct upgt_eeprom_option_hwrx *)data; 1132 1133 sc->sc_eeprom_hwrx = option_hwrx->rxfilter - UPGT_EEPROM_RX_CONST; 1134 1135 DPRINTF(2, "%s: hwrx option value=0x%04x\n", 1136 device_xname(sc->sc_dev), sc->sc_eeprom_hwrx); 1137 } 1138 1139 static void 1140 upgt_eeprom_parse_freq3(struct upgt_softc *sc, uint8_t *data, int len) 1141 { 1142 struct upgt_eeprom_freq3_header *freq3_header; 1143 struct upgt_lmac_freq3 *freq3; 1144 int i, elements, flags; 1145 unsigned channel; 1146 1147 freq3_header = (struct upgt_eeprom_freq3_header *)data; 1148 freq3 = (struct upgt_lmac_freq3 *)(freq3_header + 1); 1149 1150 flags = freq3_header->flags; 1151 elements = freq3_header->elements; 1152 1153 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1154 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1155 __USE(flags); 1156 1157 for (i = 0; i < elements; i++) { 1158 channel = ieee80211_mhz2ieee(le16toh(freq3[i].freq), 0); 1159 1160 sc->sc_eeprom_freq3[channel] = freq3[i]; 1161 1162 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1163 device_xname(sc->sc_dev), 1164 le16toh(sc->sc_eeprom_freq3[channel].freq), channel); 1165 } 1166 } 1167 1168 static void 1169 upgt_eeprom_parse_freq4(struct upgt_softc *sc, uint8_t *data, int len) 1170 { 1171 struct upgt_eeprom_freq4_header *freq4_header; 1172 struct upgt_eeprom_freq4_1 *freq4_1; 1173 struct upgt_eeprom_freq4_2 *freq4_2; 1174 int i, j, elements, settings, flags; 1175 unsigned channel; 1176 1177 freq4_header = (struct upgt_eeprom_freq4_header *)data; 1178 freq4_1 = (struct upgt_eeprom_freq4_1 *)(freq4_header + 1); 1179 1180 flags = freq4_header->flags; 1181 elements = freq4_header->elements; 1182 settings = freq4_header->settings; 1183 1184 /* we need this value later */ 1185 sc->sc_eeprom_freq6_settings = freq4_header->settings; 1186 1187 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1188 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1189 DPRINTF(2, "%s: settings=%d\n", device_xname(sc->sc_dev), settings); 1190 __USE(flags); 1191 1192 for (i = 0; i < elements; i++) { 1193 channel = ieee80211_mhz2ieee(le16toh(freq4_1[i].freq), 0); 1194 1195 freq4_2 = (struct upgt_eeprom_freq4_2 *)freq4_1[i].data; 1196 1197 for (j = 0; j < settings; j++) { 1198 sc->sc_eeprom_freq4[channel][j].cmd = freq4_2[j]; 1199 sc->sc_eeprom_freq4[channel][j].pad = 0; 1200 } 1201 1202 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1203 device_xname(sc->sc_dev), 1204 le16toh(freq4_1[i].freq), channel); 1205 } 1206 } 1207 1208 static void 1209 upgt_eeprom_parse_freq6(struct upgt_softc *sc, uint8_t *data, int len) 1210 { 1211 struct upgt_lmac_freq6 *freq6; 1212 int i, elements; 1213 unsigned channel; 1214 1215 freq6 = (struct upgt_lmac_freq6 *)data; 1216 1217 elements = len / sizeof(struct upgt_lmac_freq6); 1218 1219 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1220 1221 for (i = 0; i < elements; i++) { 1222 channel = ieee80211_mhz2ieee(le16toh(freq6[i].freq), 0); 1223 1224 sc->sc_eeprom_freq6[channel] = freq6[i]; 1225 1226 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1227 device_xname(sc->sc_dev), 1228 le16toh(sc->sc_eeprom_freq6[channel].freq), channel); 1229 } 1230 } 1231 1232 static int 1233 upgt_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1234 { 1235 struct upgt_softc *sc = ifp->if_softc; 1236 struct ieee80211com *ic = &sc->sc_ic; 1237 int s, error = 0; 1238 1239 s = splnet(); 1240 1241 switch (cmd) { 1242 case SIOCSIFFLAGS: 1243 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1244 break; 1245 if (ifp->if_flags & IFF_UP) { 1246 if ((ifp->if_flags & IFF_RUNNING) == 0) 1247 upgt_init(ifp); 1248 } else { 1249 if (ifp->if_flags & IFF_RUNNING) 1250 upgt_stop(sc); 1251 } 1252 break; 1253 case SIOCADDMULTI: 1254 case SIOCDELMULTI: 1255 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 1256 /* setup multicast filter, etc */ 1257 error = 0; 1258 } 1259 break; 1260 default: 1261 error = ieee80211_ioctl(ic, cmd, data); 1262 break; 1263 } 1264 1265 if (error == ENETRESET) { 1266 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1267 (IFF_UP | IFF_RUNNING)) 1268 upgt_init(ifp); 1269 error = 0; 1270 } 1271 1272 splx(s); 1273 1274 return error; 1275 } 1276 1277 static int 1278 upgt_init(struct ifnet *ifp) 1279 { 1280 struct upgt_softc *sc = ifp->if_softc; 1281 struct ieee80211com *ic = &sc->sc_ic; 1282 1283 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1284 1285 if (ifp->if_flags & IFF_RUNNING) 1286 upgt_stop(sc); 1287 1288 ifp->if_flags |= IFF_RUNNING; 1289 ifp->if_flags &= ~IFF_OACTIVE; 1290 1291 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 1292 1293 /* setup device rates */ 1294 upgt_setup_rates(sc); 1295 1296 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1297 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1298 else 1299 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1300 1301 return 0; 1302 } 1303 1304 static void 1305 upgt_stop(struct upgt_softc *sc) 1306 { 1307 struct ieee80211com *ic = &sc->sc_ic; 1308 struct ifnet *ifp = &sc->sc_if; 1309 1310 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1311 1312 /* device down */ 1313 ifp->if_timer = 0; 1314 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1315 1316 /* change device back to initial state */ 1317 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1318 } 1319 1320 static int 1321 upgt_media_change(struct ifnet *ifp) 1322 { 1323 struct upgt_softc *sc = ifp->if_softc; 1324 int error; 1325 1326 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1327 1328 if ((error = ieee80211_media_change(ifp)) != ENETRESET) 1329 return error; 1330 1331 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1332 (IFF_UP | IFF_RUNNING)) { 1333 /* give pending USB transfers a chance to finish */ 1334 usbd_delay_ms(sc->sc_udev, 100); 1335 upgt_init(ifp); 1336 } 1337 1338 return 0; 1339 } 1340 1341 static void 1342 upgt_newassoc(struct ieee80211_node *ni, int isnew) 1343 { 1344 1345 ni->ni_txrate = 0; 1346 } 1347 1348 static int 1349 upgt_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1350 { 1351 struct upgt_softc *sc = ic->ic_ifp->if_softc; 1352 1353 /* 1354 * XXXSMP: This does not wait for the task, if it is in flight, 1355 * to complete. If this code works at all, it must rely on the 1356 * kernel lock to serialize with the USB task thread. 1357 */ 1358 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 1359 callout_stop(&sc->scan_to); 1360 1361 /* do it in a process context */ 1362 sc->sc_state = nstate; 1363 sc->sc_arg = arg; 1364 usb_add_task(sc->sc_udev, &sc->sc_task_newstate, USB_TASKQ_DRIVER); 1365 1366 return 0; 1367 } 1368 1369 static void 1370 upgt_newstate_task(void *arg) 1371 { 1372 struct upgt_softc *sc = arg; 1373 struct ieee80211com *ic = &sc->sc_ic; 1374 struct ieee80211_node *ni; 1375 unsigned channel; 1376 1377 mutex_enter(&sc->sc_mtx); 1378 1379 switch (sc->sc_state) { 1380 case IEEE80211_S_INIT: 1381 DPRINTF(1, "%s: newstate is IEEE80211_S_INIT\n", 1382 device_xname(sc->sc_dev)); 1383 1384 /* do not accept any frames if the device is down */ 1385 upgt_set_macfilter(sc, IEEE80211_S_INIT); 1386 upgt_set_led(sc, UPGT_LED_OFF); 1387 break; 1388 case IEEE80211_S_SCAN: 1389 DPRINTF(1, "%s: newstate is IEEE80211_S_SCAN\n", 1390 device_xname(sc->sc_dev)); 1391 1392 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1393 upgt_set_channel(sc, channel); 1394 upgt_set_macfilter(sc, IEEE80211_S_SCAN); 1395 callout_schedule(&sc->scan_to, hz / 5); 1396 break; 1397 case IEEE80211_S_AUTH: 1398 DPRINTF(1, "%s: newstate is IEEE80211_S_AUTH\n", 1399 device_xname(sc->sc_dev)); 1400 1401 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1402 upgt_set_channel(sc, channel); 1403 break; 1404 case IEEE80211_S_ASSOC: 1405 DPRINTF(1, "%s: newstate is IEEE80211_S_ASSOC\n", 1406 device_xname(sc->sc_dev)); 1407 1408 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1409 upgt_set_channel(sc, channel); 1410 break; 1411 case IEEE80211_S_RUN: 1412 DPRINTF(1, "%s: newstate is IEEE80211_S_RUN\n", 1413 device_xname(sc->sc_dev)); 1414 1415 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1416 upgt_set_channel(sc, channel); 1417 1418 ni = ic->ic_bss; 1419 1420 /* 1421 * TX rate control is done by the firmware. 1422 * Report the maximum rate which is available therefore. 1423 */ 1424 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 1425 1426 if (ic->ic_opmode != IEEE80211_M_MONITOR) 1427 upgt_set_macfilter(sc, IEEE80211_S_RUN); 1428 upgt_set_led(sc, UPGT_LED_ON); 1429 break; 1430 } 1431 1432 mutex_exit(&sc->sc_mtx); 1433 1434 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 1435 } 1436 1437 static void 1438 upgt_next_scan(void *arg) 1439 { 1440 struct upgt_softc *sc = arg; 1441 struct ieee80211com *ic = &sc->sc_ic; 1442 1443 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1444 1445 if (ic->ic_state == IEEE80211_S_SCAN) 1446 ieee80211_next_scan(ic); 1447 } 1448 1449 static void 1450 upgt_start(struct ifnet *ifp) 1451 { 1452 struct upgt_softc *sc = ifp->if_softc; 1453 struct ieee80211com *ic = &sc->sc_ic; 1454 struct ether_header *eh; 1455 struct ieee80211_node *ni; 1456 struct mbuf *m; 1457 int i; 1458 1459 /* don't transmit packets if interface is busy or down */ 1460 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1461 return; 1462 1463 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1464 1465 for (i = 0; i < UPGT_TX_COUNT; i++) { 1466 struct upgt_data *data_tx = &sc->tx_data[i]; 1467 1468 if (data_tx->m != NULL) 1469 continue; 1470 1471 IF_POLL(&ic->ic_mgtq, m); 1472 if (m != NULL) { 1473 /* management frame */ 1474 IF_DEQUEUE(&ic->ic_mgtq, m); 1475 1476 ni = M_GETCTX(m, struct ieee80211_node *); 1477 M_CLEARCTX(m); 1478 1479 bpf_mtap3(ic->ic_rawbpf, m, BPF_D_OUT); 1480 1481 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1482 aprint_error_dev(sc->sc_dev, 1483 "no free prism memory\n"); 1484 m_freem(m); 1485 ifp->if_oerrors++; 1486 break; 1487 } 1488 data_tx->ni = ni; 1489 data_tx->m = m; 1490 sc->tx_queued++; 1491 } else { 1492 /* data frame */ 1493 if (ic->ic_state != IEEE80211_S_RUN) 1494 break; 1495 1496 IFQ_POLL(&ifp->if_snd, m); 1497 if (m == NULL) 1498 break; 1499 1500 IFQ_DEQUEUE(&ifp->if_snd, m); 1501 if (m->m_len < sizeof(struct ether_header) && 1502 !(m = m_pullup(m, sizeof(struct ether_header)))) 1503 continue; 1504 1505 eh = mtod(m, struct ether_header *); 1506 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 1507 if (ni == NULL) { 1508 m_freem(m); 1509 continue; 1510 } 1511 1512 bpf_mtap(ifp, m, BPF_D_OUT); 1513 1514 m = ieee80211_encap(ic, m, ni); 1515 if (m == NULL) { 1516 ieee80211_free_node(ni); 1517 continue; 1518 } 1519 1520 bpf_mtap3(ic->ic_rawbpf, m, BPF_D_OUT); 1521 1522 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1523 aprint_error_dev(sc->sc_dev, 1524 "no free prism memory\n"); 1525 m_freem(m); 1526 ieee80211_free_node(ni); 1527 ifp->if_oerrors++; 1528 break; 1529 } 1530 data_tx->ni = ni; 1531 data_tx->m = m; 1532 sc->tx_queued++; 1533 } 1534 } 1535 1536 if (sc->tx_queued > 0) { 1537 DPRINTF(2, "%s: tx_queued=%d\n", 1538 device_xname(sc->sc_dev), sc->tx_queued); 1539 /* process the TX queue in process context */ 1540 ifp->if_timer = 5; 1541 ifp->if_flags |= IFF_OACTIVE; 1542 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 1543 usb_add_task(sc->sc_udev, &sc->sc_task_tx, USB_TASKQ_DRIVER); 1544 } 1545 } 1546 1547 static void 1548 upgt_watchdog(struct ifnet *ifp) 1549 { 1550 struct upgt_softc *sc = ifp->if_softc; 1551 struct ieee80211com *ic = &sc->sc_ic; 1552 1553 if (ic->ic_state == IEEE80211_S_INIT) 1554 return; 1555 1556 aprint_error_dev(sc->sc_dev, "watchdog timeout\n"); 1557 1558 /* TODO: what shall we do on TX timeout? */ 1559 1560 ieee80211_watchdog(ic); 1561 } 1562 1563 static void 1564 upgt_tx_task(void *arg) 1565 { 1566 struct upgt_softc *sc = arg; 1567 struct ieee80211com *ic = &sc->sc_ic; 1568 struct ieee80211_frame *wh; 1569 struct ieee80211_key *k; 1570 struct ifnet *ifp = &sc->sc_if; 1571 struct upgt_lmac_mem *mem; 1572 struct upgt_lmac_tx_desc *txdesc; 1573 struct mbuf *m; 1574 uint32_t addr; 1575 int i, len, pad, s; 1576 usbd_status error; 1577 1578 mutex_enter(&sc->sc_mtx); 1579 upgt_set_led(sc, UPGT_LED_BLINK); 1580 mutex_exit(&sc->sc_mtx); 1581 1582 s = splnet(); 1583 1584 for (i = 0; i < UPGT_TX_COUNT; i++) { 1585 struct upgt_data *data_tx = &sc->tx_data[i]; 1586 1587 if (data_tx->m == NULL) 1588 continue; 1589 1590 m = data_tx->m; 1591 addr = data_tx->addr + UPGT_MEMSIZE_FRAME_HEAD; 1592 1593 /* 1594 * Software crypto. 1595 */ 1596 wh = mtod(m, struct ieee80211_frame *); 1597 1598 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1599 k = ieee80211_crypto_encap(ic, data_tx->ni, m); 1600 if (k == NULL) { 1601 m_freem(m); 1602 data_tx->m = NULL; 1603 ieee80211_free_node(data_tx->ni); 1604 data_tx->ni = NULL; 1605 ifp->if_oerrors++; 1606 break; 1607 } 1608 1609 /* in case packet header moved, reset pointer */ 1610 wh = mtod(m, struct ieee80211_frame *); 1611 } 1612 1613 /* 1614 * Transmit the URB containing the TX data. 1615 */ 1616 memset(data_tx->buf, 0, sizeof(*mem) + sizeof(*txdesc)); 1617 1618 mem = (struct upgt_lmac_mem *)data_tx->buf; 1619 mem->addr = htole32(addr); 1620 1621 txdesc = (struct upgt_lmac_tx_desc *)(mem + 1); 1622 1623 /* XXX differ between data and mgmt frames? */ 1624 txdesc->header1.flags = UPGT_H1_FLAGS_TX_DATA; 1625 txdesc->header1.type = UPGT_H1_TYPE_TX_DATA; 1626 txdesc->header1.len = htole16(m->m_pkthdr.len); 1627 1628 txdesc->header2.reqid = htole32(data_tx->addr); 1629 txdesc->header2.type = htole16(UPGT_H2_TYPE_TX_ACK_YES); 1630 txdesc->header2.flags = htole16(UPGT_H2_FLAGS_TX_ACK_YES); 1631 1632 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1633 IEEE80211_FC0_TYPE_MGT) { 1634 /* always send mgmt frames at lowest rate (DS1) */ 1635 memset(txdesc->rates, 0x10, sizeof(txdesc->rates)); 1636 } else { 1637 memcpy(txdesc->rates, sc->sc_cur_rateset, 1638 sizeof(txdesc->rates)); 1639 } 1640 txdesc->type = htole32(UPGT_TX_DESC_TYPE_DATA); 1641 txdesc->pad3[0] = UPGT_TX_DESC_PAD3_SIZE; 1642 1643 if (sc->sc_drvbpf != NULL) { 1644 struct upgt_tx_radiotap_header *tap = &sc->sc_txtap; 1645 1646 tap->wt_flags = 0; 1647 tap->wt_rate = 0; /* TODO: where to get from? */ 1648 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 1649 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 1650 1651 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m, 1652 BPF_D_OUT); 1653 } 1654 1655 /* copy frame below our TX descriptor header */ 1656 m_copydata(m, 0, m->m_pkthdr.len, 1657 data_tx->buf + sizeof(*mem) + sizeof(*txdesc)); 1658 1659 /* calculate frame size */ 1660 len = sizeof(*mem) + sizeof(*txdesc) + m->m_pkthdr.len; 1661 1662 if (len & 3) { 1663 /* we need to align the frame to a 4 byte boundary */ 1664 pad = 4 - (len & 3); 1665 memset(data_tx->buf + len, 0, pad); 1666 len += pad; 1667 } 1668 1669 /* calculate frame checksum */ 1670 mem->chksum = upgt_chksum_le((uint32_t *)txdesc, 1671 len - sizeof(*mem)); 1672 1673 /* we do not need the mbuf anymore */ 1674 m_freem(m); 1675 data_tx->m = NULL; 1676 1677 ieee80211_free_node(data_tx->ni); 1678 data_tx->ni = NULL; 1679 1680 DPRINTF(2, "%s: TX start data sending\n", 1681 device_xname(sc->sc_dev)); 1682 1683 usbd_setup_xfer(data_tx->xfer, data_tx, data_tx->buf, len, 1684 USBD_FORCE_SHORT_XFER, UPGT_USB_TIMEOUT, NULL); 1685 error = usbd_transfer(data_tx->xfer); 1686 if (error != USBD_NORMAL_COMPLETION && 1687 error != USBD_IN_PROGRESS) { 1688 aprint_error_dev(sc->sc_dev, 1689 "could not transmit TX data URB\n"); 1690 ifp->if_oerrors++; 1691 break; 1692 } 1693 1694 DPRINTF(2, "%s: TX sent (%d bytes)\n", 1695 device_xname(sc->sc_dev), len); 1696 } 1697 1698 splx(s); 1699 1700 /* 1701 * If we don't regulary read the device statistics, the RX queue 1702 * will stall. It's strange, but it works, so we keep reading 1703 * the statistics here. *shrug* 1704 */ 1705 mutex_enter(&sc->sc_mtx); 1706 upgt_get_stats(sc); 1707 mutex_exit(&sc->sc_mtx); 1708 } 1709 1710 static void 1711 upgt_tx_done(struct upgt_softc *sc, uint8_t *data) 1712 { 1713 struct ifnet *ifp = &sc->sc_if; 1714 struct upgt_lmac_tx_done_desc *desc; 1715 int i, s; 1716 1717 s = splnet(); 1718 1719 desc = (struct upgt_lmac_tx_done_desc *)data; 1720 1721 for (i = 0; i < UPGT_TX_COUNT; i++) { 1722 struct upgt_data *data_tx = &sc->tx_data[i]; 1723 1724 if (data_tx->addr == le32toh(desc->header2.reqid)) { 1725 upgt_mem_free(sc, data_tx->addr); 1726 data_tx->addr = 0; 1727 1728 sc->tx_queued--; 1729 ifp->if_opackets++; 1730 1731 DPRINTF(2, "%s: TX done: ", device_xname(sc->sc_dev)); 1732 DPRINTF(2, "memaddr=0x%08x, status=0x%04x, rssi=%d, ", 1733 le32toh(desc->header2.reqid), 1734 le16toh(desc->status), 1735 le16toh(desc->rssi)); 1736 DPRINTF(2, "seq=%d\n", le16toh(desc->seq)); 1737 break; 1738 } 1739 } 1740 1741 if (sc->tx_queued == 0) { 1742 /* TX queued was processed, continue */ 1743 ifp->if_timer = 0; 1744 ifp->if_flags &= ~IFF_OACTIVE; 1745 upgt_start(ifp); 1746 } 1747 1748 splx(s); 1749 } 1750 1751 static void 1752 upgt_rx_cb(struct usbd_xfer *xfer, void * priv, usbd_status status) 1753 { 1754 struct upgt_data *data_rx = priv; 1755 struct upgt_softc *sc = data_rx->sc; 1756 int len; 1757 struct upgt_lmac_header *header; 1758 struct upgt_lmac_eeprom *eeprom; 1759 uint8_t h1_type; 1760 uint16_t h2_type; 1761 1762 DPRINTF(3, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1763 1764 if (status != USBD_NORMAL_COMPLETION) { 1765 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1766 return; 1767 if (status == USBD_STALLED) 1768 usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh); 1769 goto skip; 1770 } 1771 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1772 1773 /* 1774 * Check what type of frame came in. 1775 */ 1776 header = (struct upgt_lmac_header *)(data_rx->buf + 4); 1777 1778 h1_type = header->header1.type; 1779 h2_type = le16toh(header->header2.type); 1780 1781 if (h1_type == UPGT_H1_TYPE_CTRL && 1782 h2_type == UPGT_H2_TYPE_EEPROM) { 1783 eeprom = (struct upgt_lmac_eeprom *)(data_rx->buf + 4); 1784 uint16_t eeprom_offset = le16toh(eeprom->offset); 1785 uint16_t eeprom_len = le16toh(eeprom->len); 1786 1787 DPRINTF(2, "%s: received EEPROM block (offset=%d, len=%d)\n", 1788 device_xname(sc->sc_dev), eeprom_offset, eeprom_len); 1789 1790 memcpy(sc->sc_eeprom + eeprom_offset, 1791 data_rx->buf + sizeof(struct upgt_lmac_eeprom) + 4, 1792 eeprom_len); 1793 1794 /* EEPROM data has arrived in time, wakeup tsleep() */ 1795 wakeup(sc); 1796 } else 1797 if (h1_type == UPGT_H1_TYPE_CTRL && 1798 h2_type == UPGT_H2_TYPE_TX_DONE) { 1799 DPRINTF(2, "%s: received 802.11 TX done\n", 1800 device_xname(sc->sc_dev)); 1801 1802 upgt_tx_done(sc, data_rx->buf + 4); 1803 } else 1804 if (h1_type == UPGT_H1_TYPE_RX_DATA || 1805 h1_type == UPGT_H1_TYPE_RX_DATA_MGMT) { 1806 DPRINTF(3, "%s: received 802.11 RX data\n", 1807 device_xname(sc->sc_dev)); 1808 1809 upgt_rx(sc, data_rx->buf + 4, le16toh(header->header1.len)); 1810 } else 1811 if (h1_type == UPGT_H1_TYPE_CTRL && 1812 h2_type == UPGT_H2_TYPE_STATS) { 1813 DPRINTF(2, "%s: received statistic data\n", 1814 device_xname(sc->sc_dev)); 1815 1816 /* TODO: what could we do with the statistic data? */ 1817 } else { 1818 /* ignore unknown frame types */ 1819 DPRINTF(1, "%s: received unknown frame type 0x%02x\n", 1820 device_xname(sc->sc_dev), header->header1.type); 1821 } 1822 1823 skip: /* setup new transfer */ 1824 usbd_setup_xfer(xfer, data_rx, data_rx->buf, MCLBYTES, 1825 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 1826 (void)usbd_transfer(xfer); 1827 } 1828 1829 static void 1830 upgt_rx(struct upgt_softc *sc, uint8_t *data, int pkglen) 1831 { 1832 struct ieee80211com *ic = &sc->sc_ic; 1833 struct ifnet *ifp = &sc->sc_if; 1834 struct upgt_lmac_rx_desc *rxdesc; 1835 struct ieee80211_frame *wh; 1836 struct ieee80211_node *ni; 1837 struct mbuf *m; 1838 int s; 1839 1840 /* access RX packet descriptor */ 1841 rxdesc = (struct upgt_lmac_rx_desc *)data; 1842 1843 /* create mbuf which is suitable for strict alignment archs */ 1844 m = m_devget(rxdesc->data, pkglen, 0, ifp); 1845 if (m == NULL) { 1846 DPRINTF(1, "%s: could not create RX mbuf\n", 1847 device_xname(sc->sc_dev)); 1848 ifp->if_ierrors++; 1849 return; 1850 } 1851 1852 s = splnet(); 1853 1854 if (sc->sc_drvbpf != NULL) { 1855 struct upgt_rx_radiotap_header *tap = &sc->sc_rxtap; 1856 1857 tap->wr_flags = IEEE80211_RADIOTAP_F_FCS; 1858 tap->wr_rate = upgt_rx_rate(sc, rxdesc->rate); 1859 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 1860 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 1861 tap->wr_antsignal = rxdesc->rssi; 1862 1863 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m, BPF_D_IN); 1864 } 1865 1866 /* trim FCS */ 1867 m_adj(m, -IEEE80211_CRC_LEN); 1868 1869 wh = mtod(m, struct ieee80211_frame *); 1870 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1871 1872 /* push the frame up to the 802.11 stack */ 1873 ieee80211_input(ic, m, ni, rxdesc->rssi, 0); 1874 1875 /* node is no longer needed */ 1876 ieee80211_free_node(ni); 1877 1878 splx(s); 1879 1880 DPRINTF(3, "%s: RX done\n", device_xname(sc->sc_dev)); 1881 } 1882 1883 static void 1884 upgt_setup_rates(struct upgt_softc *sc) 1885 { 1886 struct ieee80211com *ic = &sc->sc_ic; 1887 1888 /* 1889 * 0x01 = OFMD6 0x10 = DS1 1890 * 0x04 = OFDM9 0x11 = DS2 1891 * 0x06 = OFDM12 0x12 = DS5 1892 * 0x07 = OFDM18 0x13 = DS11 1893 * 0x08 = OFDM24 1894 * 0x09 = OFDM36 1895 * 0x0a = OFDM48 1896 * 0x0b = OFDM54 1897 */ 1898 const uint8_t rateset_auto_11b[] = 1899 { 0x13, 0x13, 0x12, 0x11, 0x11, 0x10, 0x10, 0x10 }; 1900 const uint8_t rateset_auto_11g[] = 1901 { 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x04, 0x01 }; 1902 const uint8_t rateset_fix_11bg[] = 1903 { 0x10, 0x11, 0x12, 0x13, 0x01, 0x04, 0x06, 0x07, 1904 0x08, 0x09, 0x0a, 0x0b }; 1905 1906 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1907 /* 1908 * Automatic rate control is done by the device. 1909 * We just pass the rateset from which the device 1910 * will pickup a rate. 1911 */ 1912 if (ic->ic_curmode == IEEE80211_MODE_11B) 1913 memcpy(sc->sc_cur_rateset, rateset_auto_11b, 1914 sizeof(sc->sc_cur_rateset)); 1915 if (ic->ic_curmode == IEEE80211_MODE_11G || 1916 ic->ic_curmode == IEEE80211_MODE_AUTO) 1917 memcpy(sc->sc_cur_rateset, rateset_auto_11g, 1918 sizeof(sc->sc_cur_rateset)); 1919 } else { 1920 /* set a fixed rate */ 1921 memset(sc->sc_cur_rateset, rateset_fix_11bg[ic->ic_fixed_rate], 1922 sizeof(sc->sc_cur_rateset)); 1923 } 1924 } 1925 1926 static uint8_t 1927 upgt_rx_rate(struct upgt_softc *sc, const int rate) 1928 { 1929 struct ieee80211com *ic = &sc->sc_ic; 1930 1931 if (ic->ic_curmode == IEEE80211_MODE_11B) { 1932 if (rate < 0 || rate > 3) 1933 /* invalid rate */ 1934 return 0; 1935 1936 switch (rate) { 1937 case 0: 1938 return 2; 1939 case 1: 1940 return 4; 1941 case 2: 1942 return 11; 1943 case 3: 1944 return 22; 1945 default: 1946 return 0; 1947 } 1948 } 1949 1950 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1951 if (rate < 0 || rate > 11) 1952 /* invalid rate */ 1953 return 0; 1954 1955 switch (rate) { 1956 case 0: 1957 return 2; 1958 case 1: 1959 return 4; 1960 case 2: 1961 return 11; 1962 case 3: 1963 return 22; 1964 case 4: 1965 return 12; 1966 case 5: 1967 return 18; 1968 case 6: 1969 return 24; 1970 case 7: 1971 return 36; 1972 case 8: 1973 return 48; 1974 case 9: 1975 return 72; 1976 case 10: 1977 return 96; 1978 case 11: 1979 return 108; 1980 default: 1981 return 0; 1982 } 1983 } 1984 1985 return 0; 1986 } 1987 1988 static int 1989 upgt_set_macfilter(struct upgt_softc *sc, uint8_t state) 1990 { 1991 struct ieee80211com *ic = &sc->sc_ic; 1992 struct ieee80211_node *ni = ic->ic_bss; 1993 struct upgt_data *data_cmd = &sc->cmd_data; 1994 struct upgt_lmac_mem *mem; 1995 struct upgt_lmac_filter *filter; 1996 int len; 1997 const uint8_t broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1998 1999 /* 2000 * Transmit the URB containing the CMD data. 2001 */ 2002 len = sizeof(*mem) + sizeof(*filter); 2003 2004 memset(data_cmd->buf, 0, len); 2005 2006 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2007 mem->addr = htole32(sc->sc_memaddr_frame_start + 2008 UPGT_MEMSIZE_FRAME_HEAD); 2009 2010 filter = (struct upgt_lmac_filter *)(mem + 1); 2011 2012 filter->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2013 filter->header1.type = UPGT_H1_TYPE_CTRL; 2014 filter->header1.len = htole16( 2015 sizeof(struct upgt_lmac_filter) - 2016 sizeof(struct upgt_lmac_header)); 2017 2018 filter->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2019 filter->header2.type = htole16(UPGT_H2_TYPE_MACFILTER); 2020 filter->header2.flags = 0; 2021 2022 switch (state) { 2023 case IEEE80211_S_INIT: 2024 DPRINTF(1, "%s: set MAC filter to INIT\n", 2025 device_xname(sc->sc_dev)); 2026 2027 filter->type = htole16(UPGT_FILTER_TYPE_RESET); 2028 break; 2029 case IEEE80211_S_SCAN: 2030 DPRINTF(1, "%s: set MAC filter to SCAN (bssid %s)\n", 2031 device_xname(sc->sc_dev), ether_sprintf(broadcast)); 2032 2033 filter->type = htole16(UPGT_FILTER_TYPE_NONE); 2034 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2035 IEEE80211_ADDR_COPY(filter->src, broadcast); 2036 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2037 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2038 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2039 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2040 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2041 break; 2042 case IEEE80211_S_RUN: 2043 DPRINTF(1, "%s: set MAC filter to RUN (bssid %s)\n", 2044 device_xname(sc->sc_dev), ether_sprintf(ni->ni_bssid)); 2045 2046 filter->type = htole16(UPGT_FILTER_TYPE_STA); 2047 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2048 IEEE80211_ADDR_COPY(filter->src, ni->ni_bssid); 2049 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2050 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2051 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2052 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2053 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2054 break; 2055 default: 2056 aprint_error_dev(sc->sc_dev, 2057 "MAC filter does not know that state\n"); 2058 break; 2059 } 2060 2061 mem->chksum = upgt_chksum_le((uint32_t *)filter, sizeof(*filter)); 2062 2063 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2064 aprint_error_dev(sc->sc_dev, 2065 "could not transmit macfilter CMD data URB\n"); 2066 return EIO; 2067 } 2068 2069 return 0; 2070 } 2071 2072 static int 2073 upgt_set_channel(struct upgt_softc *sc, unsigned channel) 2074 { 2075 struct upgt_data *data_cmd = &sc->cmd_data; 2076 struct upgt_lmac_mem *mem; 2077 struct upgt_lmac_channel *chan; 2078 int len; 2079 2080 DPRINTF(1, "%s: %s: %d\n", device_xname(sc->sc_dev), __func__, 2081 channel); 2082 2083 /* 2084 * Transmit the URB containing the CMD data. 2085 */ 2086 len = sizeof(*mem) + sizeof(*chan); 2087 2088 memset(data_cmd->buf, 0, len); 2089 2090 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2091 mem->addr = htole32(sc->sc_memaddr_frame_start + 2092 UPGT_MEMSIZE_FRAME_HEAD); 2093 2094 chan = (struct upgt_lmac_channel *)(mem + 1); 2095 2096 chan->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2097 chan->header1.type = UPGT_H1_TYPE_CTRL; 2098 chan->header1.len = htole16( 2099 sizeof(struct upgt_lmac_channel) - 2100 sizeof(struct upgt_lmac_header)); 2101 2102 chan->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2103 chan->header2.type = htole16(UPGT_H2_TYPE_CHANNEL); 2104 chan->header2.flags = 0; 2105 2106 chan->unknown1 = htole16(UPGT_CHANNEL_UNKNOWN1); 2107 chan->unknown2 = htole16(UPGT_CHANNEL_UNKNOWN2); 2108 chan->freq6 = sc->sc_eeprom_freq6[channel]; 2109 chan->settings = sc->sc_eeprom_freq6_settings; 2110 chan->unknown3 = UPGT_CHANNEL_UNKNOWN3; 2111 2112 memcpy(chan->freq3_1, &sc->sc_eeprom_freq3[channel].data, 2113 sizeof(chan->freq3_1)); 2114 2115 memcpy(chan->freq4, &sc->sc_eeprom_freq4[channel], 2116 sizeof(sc->sc_eeprom_freq4[channel])); 2117 2118 memcpy(chan->freq3_2, &sc->sc_eeprom_freq3[channel].data, 2119 sizeof(chan->freq3_2)); 2120 2121 mem->chksum = upgt_chksum_le((uint32_t *)chan, sizeof(*chan)); 2122 2123 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2124 aprint_error_dev(sc->sc_dev, 2125 "could not transmit channel CMD data URB\n"); 2126 return EIO; 2127 } 2128 2129 return 0; 2130 } 2131 2132 static void 2133 upgt_set_led(struct upgt_softc *sc, int action) 2134 { 2135 struct ieee80211com *ic = &sc->sc_ic; 2136 struct upgt_data *data_cmd = &sc->cmd_data; 2137 struct upgt_lmac_mem *mem; 2138 struct upgt_lmac_led *led; 2139 struct timeval t; 2140 int len; 2141 2142 /* 2143 * Transmit the URB containing the CMD data. 2144 */ 2145 len = sizeof(*mem) + sizeof(*led); 2146 2147 memset(data_cmd->buf, 0, len); 2148 2149 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2150 mem->addr = htole32(sc->sc_memaddr_frame_start + 2151 UPGT_MEMSIZE_FRAME_HEAD); 2152 2153 led = (struct upgt_lmac_led *)(mem + 1); 2154 2155 led->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2156 led->header1.type = UPGT_H1_TYPE_CTRL; 2157 led->header1.len = htole16( 2158 sizeof(struct upgt_lmac_led) - 2159 sizeof(struct upgt_lmac_header)); 2160 2161 led->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2162 led->header2.type = htole16(UPGT_H2_TYPE_LED); 2163 led->header2.flags = 0; 2164 2165 switch (action) { 2166 case UPGT_LED_OFF: 2167 led->mode = htole16(UPGT_LED_MODE_SET); 2168 led->action_fix = 0; 2169 led->action_tmp = htole16(UPGT_LED_ACTION_OFF); 2170 led->action_tmp_dur = 0; 2171 break; 2172 case UPGT_LED_ON: 2173 led->mode = htole16(UPGT_LED_MODE_SET); 2174 led->action_fix = 0; 2175 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2176 led->action_tmp_dur = 0; 2177 break; 2178 case UPGT_LED_BLINK: 2179 if (ic->ic_state != IEEE80211_S_RUN) 2180 return; 2181 if (sc->sc_led_blink) 2182 /* previous blink was not finished */ 2183 return; 2184 led->mode = htole16(UPGT_LED_MODE_SET); 2185 led->action_fix = htole16(UPGT_LED_ACTION_OFF); 2186 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2187 led->action_tmp_dur = htole16(UPGT_LED_ACTION_TMP_DUR); 2188 /* lock blink */ 2189 sc->sc_led_blink = 1; 2190 t.tv_sec = 0; 2191 t.tv_usec = UPGT_LED_ACTION_TMP_DUR * 1000L; 2192 callout_schedule(&sc->led_to, tvtohz(&t)); 2193 break; 2194 default: 2195 return; 2196 } 2197 2198 mem->chksum = upgt_chksum_le((uint32_t *)led, sizeof(*led)); 2199 2200 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2201 aprint_error_dev(sc->sc_dev, 2202 "could not transmit led CMD URB\n"); 2203 } 2204 } 2205 2206 static void 2207 upgt_set_led_blink(void *arg) 2208 { 2209 struct upgt_softc *sc = arg; 2210 2211 /* blink finished, we are ready for a next one */ 2212 sc->sc_led_blink = 0; 2213 callout_stop(&sc->led_to); 2214 } 2215 2216 static int 2217 upgt_get_stats(struct upgt_softc *sc) 2218 { 2219 struct upgt_data *data_cmd = &sc->cmd_data; 2220 struct upgt_lmac_mem *mem; 2221 struct upgt_lmac_stats *stats; 2222 int len; 2223 2224 /* 2225 * Transmit the URB containing the CMD data. 2226 */ 2227 len = sizeof(*mem) + sizeof(*stats); 2228 2229 memset(data_cmd->buf, 0, len); 2230 2231 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2232 mem->addr = htole32(sc->sc_memaddr_frame_start + 2233 UPGT_MEMSIZE_FRAME_HEAD); 2234 2235 stats = (struct upgt_lmac_stats *)(mem + 1); 2236 2237 stats->header1.flags = 0; 2238 stats->header1.type = UPGT_H1_TYPE_CTRL; 2239 stats->header1.len = htole16( 2240 sizeof(struct upgt_lmac_stats) - 2241 sizeof(struct upgt_lmac_header)); 2242 2243 stats->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2244 stats->header2.type = htole16(UPGT_H2_TYPE_STATS); 2245 stats->header2.flags = 0; 2246 2247 mem->chksum = upgt_chksum_le((uint32_t *)stats, sizeof(*stats)); 2248 2249 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2250 aprint_error_dev(sc->sc_dev, 2251 "could not transmit statistics CMD data URB\n"); 2252 return EIO; 2253 } 2254 2255 return 0; 2256 2257 } 2258 2259 static int 2260 upgt_alloc_tx(struct upgt_softc *sc) 2261 { 2262 int i; 2263 2264 sc->tx_queued = 0; 2265 2266 for (i = 0; i < UPGT_TX_COUNT; i++) { 2267 struct upgt_data *data_tx = &sc->tx_data[i]; 2268 2269 data_tx->sc = sc; 2270 2271 int err = usbd_create_xfer(sc->sc_tx_pipeh, MCLBYTES, 2272 USBD_FORCE_SHORT_XFER, 0, &data_tx->xfer); 2273 if (err) { 2274 aprint_error_dev(sc->sc_dev, 2275 "could not allocate TX xfer\n"); 2276 return err; 2277 } 2278 2279 data_tx->buf = usbd_get_buffer(data_tx->xfer); 2280 } 2281 2282 return 0; 2283 } 2284 2285 static int 2286 upgt_alloc_rx(struct upgt_softc *sc) 2287 { 2288 struct upgt_data *data_rx = &sc->rx_data; 2289 2290 data_rx->sc = sc; 2291 2292 int err = usbd_create_xfer(sc->sc_rx_pipeh, MCLBYTES, 2293 0, 0, &data_rx->xfer); 2294 if (err) { 2295 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2296 return err; 2297 } 2298 2299 data_rx->buf = usbd_get_buffer(data_rx->xfer); 2300 2301 return 0; 2302 } 2303 2304 static int 2305 upgt_alloc_cmd(struct upgt_softc *sc) 2306 { 2307 struct upgt_data *data_cmd = &sc->cmd_data; 2308 2309 data_cmd->sc = sc; 2310 2311 int err = usbd_create_xfer(sc->sc_tx_pipeh, MCLBYTES, 2312 USBD_FORCE_SHORT_XFER, 0, &data_cmd->xfer); 2313 if (err) { 2314 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2315 return err; 2316 } 2317 2318 data_cmd->buf = usbd_get_buffer(data_cmd->xfer); 2319 2320 mutex_init(&sc->sc_mtx, MUTEX_DEFAULT, IPL_NONE); 2321 2322 return 0; 2323 } 2324 2325 static void 2326 upgt_free_tx(struct upgt_softc *sc) 2327 { 2328 int i; 2329 2330 for (i = 0; i < UPGT_TX_COUNT; i++) { 2331 struct upgt_data *data_tx = &sc->tx_data[i]; 2332 2333 if (data_tx->xfer != NULL) { 2334 usbd_destroy_xfer(data_tx->xfer); 2335 data_tx->xfer = NULL; 2336 } 2337 2338 data_tx->ni = NULL; 2339 } 2340 } 2341 2342 static void 2343 upgt_free_rx(struct upgt_softc *sc) 2344 { 2345 struct upgt_data *data_rx = &sc->rx_data; 2346 2347 if (data_rx->xfer != NULL) { 2348 usbd_destroy_xfer(data_rx->xfer); 2349 data_rx->xfer = NULL; 2350 } 2351 2352 data_rx->ni = NULL; 2353 } 2354 2355 static void 2356 upgt_free_cmd(struct upgt_softc *sc) 2357 { 2358 struct upgt_data *data_cmd = &sc->cmd_data; 2359 2360 if (data_cmd->xfer != NULL) { 2361 usbd_destroy_xfer(data_cmd->xfer); 2362 data_cmd->xfer = NULL; 2363 } 2364 2365 mutex_destroy(&sc->sc_mtx); 2366 } 2367 2368 static int 2369 upgt_bulk_xmit(struct upgt_softc *sc, struct upgt_data *data, 2370 struct usbd_pipe *pipeh, uint32_t *size, int flags) 2371 { 2372 usbd_status status; 2373 2374 status = usbd_bulk_transfer(data->xfer, pipeh, flags, UPGT_USB_TIMEOUT, 2375 data->buf, size); 2376 if (status != USBD_NORMAL_COMPLETION) { 2377 aprint_error_dev(sc->sc_dev, "%s: error %s\n", __func__, 2378 usbd_errstr(status)); 2379 return EIO; 2380 } 2381 2382 return 0; 2383 } 2384 2385 #if 0 2386 static void 2387 upgt_hexdump(void *buf, int len) 2388 { 2389 int i; 2390 2391 for (i = 0; i < len; i++) { 2392 if (i % 16 == 0) 2393 printf("%s%5i:", i ? "\n" : "", i); 2394 if (i % 4 == 0) 2395 printf(" "); 2396 printf("%02x", (int)*((uint8_t *)buf + i)); 2397 } 2398 printf("\n"); 2399 } 2400 #endif 2401 2402 static uint32_t 2403 upgt_crc32_le(const void *buf, size_t size) 2404 { 2405 uint32_t crc; 2406 2407 crc = ether_crc32_le(buf, size); 2408 2409 /* apply final XOR value as common for CRC-32 */ 2410 crc = htole32(crc ^ 0xffffffffU); 2411 2412 return crc; 2413 } 2414 2415 /* 2416 * The firmware awaits a checksum for each frame we send to it. 2417 * The algorithm used is uncommon but somehow similar to CRC32. 2418 */ 2419 static uint32_t 2420 upgt_chksum_le(const uint32_t *buf, size_t size) 2421 { 2422 int i; 2423 uint32_t crc = 0; 2424 2425 for (i = 0; i < size; i += sizeof(uint32_t)) { 2426 crc = htole32(crc ^ *buf++); 2427 crc = htole32((crc >> 5) ^ (crc << 3)); 2428 } 2429 2430 return crc; 2431 } 2432