1 /* $OpenBSD: if_uath.c,v 1.77 2016/04/13 11:03:37 mpi Exp $ */ 2 3 /*- 4 * Copyright (c) 2006 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /*- 21 * Driver for Atheros AR5005UG/AR5005UX chipsets. 22 * 23 * IMPORTANT NOTICE: 24 * This driver was written without any documentation or support from Atheros 25 * Communications. It is based on a black-box analysis of the Windows binary 26 * driver. It handles both pre and post-firmware devices. 27 */ 28 29 #include "bpfilter.h" 30 31 #include <sys/param.h> 32 #include <sys/sockio.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/timeout.h> 38 #include <sys/conf.h> 39 #include <sys/device.h> 40 #include <sys/endian.h> 41 42 #include <machine/bus.h> 43 #include <machine/intr.h> 44 45 #if NBPFILTER > 0 46 #include <net/bpf.h> 47 #endif 48 #include <net/if.h> 49 #include <net/if_dl.h> 50 #include <net/if_media.h> 51 52 #include <netinet/in.h> 53 #include <netinet/if_ether.h> 54 55 #include <net80211/ieee80211_var.h> 56 #include <net80211/ieee80211_radiotap.h> 57 58 #include <dev/usb/usb.h> 59 #include <dev/usb/usbdi.h> 60 #include <dev/usb/usbdivar.h> /* needs_reattach() */ 61 #include <dev/usb/usbdi_util.h> 62 #include <dev/usb/usbdevs.h> 63 64 #include <dev/usb/if_uathreg.h> 65 #include <dev/usb/if_uathvar.h> 66 67 #ifdef UATH_DEBUG 68 #define DPRINTF(x) do { if (uath_debug) printf x; } while (0) 69 #define DPRINTFN(n, x) do { if (uath_debug >= (n)) printf x; } while (0) 70 int uath_debug = 1; 71 #else 72 #define DPRINTF(x) 73 #define DPRINTFN(n, x) 74 #endif 75 76 /*- 77 * Various supported device vendors/products. 78 * UB51: AR5005UG 802.11b/g, UB52: AR5005UX 802.11a/b/g 79 */ 80 #define UATH_DEV(v, p, f) \ 81 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p }, (f) }, \ 82 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p##_NF }, \ 83 (f) | UATH_FLAG_PRE_FIRMWARE } 84 #define UATH_DEV_UG(v, p) UATH_DEV(v, p, 0) 85 #define UATH_DEV_UX(v, p) UATH_DEV(v, p, UATH_FLAG_ABG) 86 static const struct uath_type { 87 struct usb_devno dev; 88 unsigned int flags; 89 #define UATH_FLAG_PRE_FIRMWARE (1 << 0) 90 #define UATH_FLAG_ABG (1 << 1) 91 } uath_devs[] = { 92 UATH_DEV_UG(ACCTON, SMCWUSBTG2), 93 UATH_DEV_UG(ATHEROS, AR5523), 94 UATH_DEV_UG(ATHEROS2, AR5523_1), 95 UATH_DEV_UG(ATHEROS2, AR5523_2), 96 UATH_DEV_UX(ATHEROS2, AR5523_3), 97 UATH_DEV_UG(CONCEPTRONIC, AR5523_1), 98 UATH_DEV_UX(CONCEPTRONIC, AR5523_2), 99 UATH_DEV_UX(DLINK, DWLAG122), 100 UATH_DEV_UX(DLINK, DWLAG132), 101 UATH_DEV_UG(DLINK, DWLG132), 102 UATH_DEV_UG(DLINK2, WUA2340), 103 UATH_DEV_UG(GIGASET, AR5523), 104 UATH_DEV_UG(GIGASET, SMCWUSBTG), 105 UATH_DEV_UG(GLOBALSUN, AR5523_1), 106 UATH_DEV_UX(GLOBALSUN, AR5523_2), 107 UATH_DEV_UG(IODATA, USBWNG54US), 108 UATH_DEV_UG(MELCO, WLIU2KAMG54), 109 UATH_DEV_UX(NETGEAR, WG111U), 110 UATH_DEV_UG(NETGEAR3, WG111T), 111 UATH_DEV_UG(NETGEAR3, WPN111), 112 UATH_DEV_UG(PHILIPS, SNU6500), 113 UATH_DEV_UX(UMEDIA, AR5523_2), 114 UATH_DEV_UG(UMEDIA, TEW444UBEU), 115 UATH_DEV_UG(WISTRONNEWEB, AR5523_1), 116 UATH_DEV_UX(WISTRONNEWEB, AR5523_2), 117 UATH_DEV_UG(ZCOM, AR5523), 118 119 /* Devices that share one of the IDs above. */ 120 { { USB_VENDOR_NETGEAR3, USB_PRODUCT_NETGEAR3_WG111T_1 }, 0 } \ 121 }; 122 #define uath_lookup(v, p) \ 123 ((const struct uath_type *)usb_lookup(uath_devs, v, p)) 124 125 void uath_attachhook(struct device *); 126 int uath_open_pipes(struct uath_softc *); 127 void uath_close_pipes(struct uath_softc *); 128 int uath_alloc_tx_data_list(struct uath_softc *); 129 void uath_free_tx_data_list(struct uath_softc *); 130 int uath_alloc_rx_data_list(struct uath_softc *); 131 void uath_free_rx_data_list(struct uath_softc *); 132 int uath_alloc_tx_cmd_list(struct uath_softc *); 133 void uath_free_tx_cmd_list(struct uath_softc *); 134 int uath_alloc_rx_cmd_list(struct uath_softc *); 135 void uath_free_rx_cmd_list(struct uath_softc *); 136 int uath_media_change(struct ifnet *); 137 void uath_stat(void *); 138 void uath_next_scan(void *); 139 void uath_task(void *); 140 int uath_newstate(struct ieee80211com *, enum ieee80211_state, int); 141 #ifdef UATH_DEBUG 142 void uath_dump_cmd(const uint8_t *, int, char); 143 #endif 144 int uath_cmd(struct uath_softc *, uint32_t, const void *, int, void *, 145 int); 146 int uath_cmd_write(struct uath_softc *, uint32_t, const void *, int, int); 147 int uath_cmd_read(struct uath_softc *, uint32_t, const void *, int, void *, 148 int); 149 int uath_write_reg(struct uath_softc *, uint32_t, uint32_t); 150 int uath_write_multi(struct uath_softc *, uint32_t, const void *, int); 151 int uath_read_reg(struct uath_softc *, uint32_t, uint32_t *); 152 int uath_read_eeprom(struct uath_softc *, uint32_t, void *); 153 void uath_cmd_rxeof(struct usbd_xfer *, void *, usbd_status); 154 void uath_data_rxeof(struct usbd_xfer *, void *, usbd_status); 155 void uath_data_txeof(struct usbd_xfer *, void *, usbd_status); 156 int uath_tx_null(struct uath_softc *); 157 int uath_tx_data(struct uath_softc *, struct mbuf *, 158 struct ieee80211_node *); 159 void uath_start(struct ifnet *); 160 void uath_watchdog(struct ifnet *); 161 int uath_ioctl(struct ifnet *, u_long, caddr_t); 162 int uath_query_eeprom(struct uath_softc *); 163 int uath_reset(struct uath_softc *); 164 int uath_reset_tx_queues(struct uath_softc *); 165 int uath_wme_init(struct uath_softc *); 166 int uath_set_chan(struct uath_softc *, struct ieee80211_channel *); 167 int uath_set_key(struct uath_softc *, const struct ieee80211_key *, int); 168 int uath_set_keys(struct uath_softc *); 169 int uath_set_rates(struct uath_softc *, const struct ieee80211_rateset *); 170 int uath_set_rxfilter(struct uath_softc *, uint32_t, uint32_t); 171 int uath_set_led(struct uath_softc *, int, int); 172 int uath_switch_channel(struct uath_softc *, struct ieee80211_channel *); 173 int uath_init(struct ifnet *); 174 void uath_stop(struct ifnet *, int); 175 int uath_loadfirmware(struct uath_softc *, const u_char *, int); 176 177 int uath_match(struct device *, void *, void *); 178 void uath_attach(struct device *, struct device *, void *); 179 int uath_detach(struct device *, int); 180 181 struct cfdriver uath_cd = { 182 NULL, "uath", DV_IFNET 183 }; 184 185 const struct cfattach uath_ca = { 186 sizeof(struct uath_softc), uath_match, uath_attach, uath_detach 187 }; 188 189 int 190 uath_match(struct device *parent, void *match, void *aux) 191 { 192 struct usb_attach_arg *uaa = aux; 193 194 if (uaa->iface != NULL) 195 return UMATCH_NONE; 196 197 return (uath_lookup(uaa->vendor, uaa->product) != NULL) ? 198 UMATCH_VENDOR_PRODUCT : UMATCH_NONE; 199 } 200 201 void 202 uath_attachhook(struct device *self) 203 { 204 struct uath_softc *sc = (struct uath_softc *)self; 205 u_char *fw; 206 size_t size; 207 int error; 208 209 if ((error = loadfirmware("uath-ar5523", &fw, &size)) != 0) { 210 printf("%s: error %d, could not read firmware %s\n", 211 sc->sc_dev.dv_xname, error, "uath-ar5523"); 212 return; 213 } 214 215 error = uath_loadfirmware(sc, fw, size); 216 free(fw, M_DEVBUF, 0); 217 218 if (error == 0) { 219 /* 220 * Hack alert: the device doesn't always gracefully detach 221 * from the bus after a firmware upload. We need to force 222 * a port reset and a re-exploration on the parent hub. 223 */ 224 usbd_reset_port(sc->sc_uhub, sc->sc_port); 225 usb_needs_reattach(sc->sc_udev); 226 } else { 227 printf("%s: could not load firmware (error=%s)\n", 228 sc->sc_dev.dv_xname, usbd_errstr(error)); 229 } 230 } 231 232 void 233 uath_attach(struct device *parent, struct device *self, void *aux) 234 { 235 struct uath_softc *sc = (struct uath_softc *)self; 236 struct usb_attach_arg *uaa = aux; 237 struct ieee80211com *ic = &sc->sc_ic; 238 struct ifnet *ifp = &ic->ic_if; 239 usbd_status error; 240 int i; 241 242 sc->sc_udev = uaa->device; 243 sc->sc_uhub = uaa->device->myhub; 244 sc->sc_port = uaa->port; 245 246 sc->sc_flags = uath_lookup(uaa->vendor, uaa->product)->flags; 247 248 if (usbd_set_config_no(sc->sc_udev, UATH_CONFIG_NO, 0) != 0) { 249 printf("%s: could not set configuration no\n", 250 sc->sc_dev.dv_xname); 251 return; 252 } 253 254 /* get the first interface handle */ 255 error = usbd_device2interface_handle(sc->sc_udev, UATH_IFACE_INDEX, 256 &sc->sc_iface); 257 if (error != 0) { 258 printf("%s: could not get interface handle\n", 259 sc->sc_dev.dv_xname); 260 return; 261 } 262 263 /* 264 * We must open the pipes early because they're used to upload the 265 * firmware (pre-firmware devices) or to send firmware commands. 266 */ 267 if (uath_open_pipes(sc) != 0) { 268 printf("%s: could not open pipes\n", sc->sc_dev.dv_xname); 269 return; 270 } 271 272 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) { 273 config_mountroot(self, uath_attachhook); 274 return; 275 } 276 277 /* 278 * Only post-firmware devices here. 279 */ 280 usb_init_task(&sc->sc_task, uath_task, sc, USB_TASK_TYPE_GENERIC); 281 timeout_set(&sc->scan_to, uath_next_scan, sc); 282 timeout_set(&sc->stat_to, uath_stat, sc); 283 284 /* 285 * Allocate xfers for firmware commands. 286 */ 287 if (uath_alloc_tx_cmd_list(sc) != 0) { 288 printf("%s: could not allocate Tx command list\n", 289 sc->sc_dev.dv_xname); 290 goto fail; 291 } 292 if (uath_alloc_rx_cmd_list(sc) != 0) { 293 printf("%s: could not allocate Rx command list\n", 294 sc->sc_dev.dv_xname); 295 goto fail; 296 } 297 298 /* 299 * Queue Rx command xfers. 300 */ 301 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) { 302 struct uath_rx_cmd *cmd = &sc->rx_cmd[i]; 303 304 usbd_setup_xfer(cmd->xfer, sc->cmd_rx_pipe, cmd, cmd->buf, 305 UATH_MAX_RXCMDSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 306 USBD_NO_TIMEOUT, uath_cmd_rxeof); 307 error = usbd_transfer(cmd->xfer); 308 if (error != USBD_IN_PROGRESS && error != 0) { 309 printf("%s: could not queue Rx command xfer\n", 310 sc->sc_dev.dv_xname); 311 goto fail; 312 } 313 } 314 315 /* 316 * We're now ready to send/receive firmware commands. 317 */ 318 if (uath_reset(sc) != 0) { 319 printf("%s: could not initialize adapter\n", 320 sc->sc_dev.dv_xname); 321 goto fail; 322 } 323 if (uath_query_eeprom(sc) != 0) { 324 printf("%s: could not read EEPROM\n", sc->sc_dev.dv_xname); 325 goto fail; 326 } 327 328 printf("%s: MAC/BBP AR5523, RF AR%c112, address %s\n", 329 sc->sc_dev.dv_xname, (sc->sc_flags & UATH_FLAG_ABG) ? '5': '2', 330 ether_sprintf(ic->ic_myaddr)); 331 332 /* 333 * Allocate xfers for Tx/Rx data pipes. 334 */ 335 if (uath_alloc_tx_data_list(sc) != 0) { 336 printf("%s: could not allocate Tx data list\n", 337 sc->sc_dev.dv_xname); 338 goto fail; 339 } 340 if (uath_alloc_rx_data_list(sc) != 0) { 341 printf("%s: could not allocate Rx data list\n", 342 sc->sc_dev.dv_xname); 343 goto fail; 344 } 345 346 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 347 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 348 ic->ic_state = IEEE80211_S_INIT; 349 350 /* set device capabilities */ 351 ic->ic_caps = 352 IEEE80211_C_MONITOR | /* monitor mode supported */ 353 IEEE80211_C_TXPMGT | /* tx power management */ 354 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 355 IEEE80211_C_SHSLOT | /* short slot time supported */ 356 IEEE80211_C_WEP; /* h/w WEP */ 357 358 /* set supported .11b and .11g rates */ 359 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 360 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 361 362 /* set supported .11b and .11g channels (1 through 14) */ 363 for (i = 1; i <= 14; i++) { 364 ic->ic_channels[i].ic_freq = 365 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 366 ic->ic_channels[i].ic_flags = 367 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 368 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 369 } 370 371 ifp->if_softc = sc; 372 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 373 ifp->if_ioctl = uath_ioctl; 374 ifp->if_start = uath_start; 375 ifp->if_watchdog = uath_watchdog; 376 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 377 378 if_attach(ifp); 379 ieee80211_ifattach(ifp); 380 381 /* override state transition machine */ 382 sc->sc_newstate = ic->ic_newstate; 383 ic->ic_newstate = uath_newstate; 384 ieee80211_media_init(ifp, uath_media_change, ieee80211_media_status); 385 386 #if NBPFILTER > 0 387 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 388 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 389 390 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 391 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 392 sc->sc_rxtap.wr_ihdr.it_present = htole32(UATH_RX_RADIOTAP_PRESENT); 393 394 sc->sc_txtap_len = sizeof sc->sc_txtapu; 395 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 396 sc->sc_txtap.wt_ihdr.it_present = htole32(UATH_TX_RADIOTAP_PRESENT); 397 #endif 398 399 return; 400 401 fail: uath_close_pipes(sc); 402 uath_free_tx_data_list(sc); 403 uath_free_rx_cmd_list(sc); 404 uath_free_tx_cmd_list(sc); 405 usbd_deactivate(sc->sc_udev); 406 } 407 408 int 409 uath_detach(struct device *self, int flags) 410 { 411 struct uath_softc *sc = (struct uath_softc *)self; 412 struct ifnet *ifp = &sc->sc_ic.ic_if; 413 int s; 414 415 s = splnet(); 416 417 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) { 418 uath_close_pipes(sc); 419 splx(s); 420 return 0; 421 } 422 423 /* post-firmware device */ 424 425 usb_rem_task(sc->sc_udev, &sc->sc_task); 426 if (timeout_initialized(&sc->scan_to)) 427 timeout_del(&sc->scan_to); 428 if (timeout_initialized(&sc->stat_to)) 429 timeout_del(&sc->stat_to); 430 431 /* close Tx/Rx pipes */ 432 uath_close_pipes(sc); 433 434 /* free xfers */ 435 uath_free_tx_data_list(sc); 436 uath_free_rx_data_list(sc); 437 uath_free_tx_cmd_list(sc); 438 uath_free_rx_cmd_list(sc); 439 440 if (ifp->if_softc != NULL) { 441 ieee80211_ifdetach(ifp); /* free all nodes */ 442 if_detach(ifp); 443 } 444 445 splx(s); 446 447 return 0; 448 } 449 450 int 451 uath_open_pipes(struct uath_softc *sc) 452 { 453 int error; 454 455 /* 456 * XXX pipes numbers are hardcoded because we don't have any way 457 * to distinguish the data pipes from the firmware command pipes 458 * (both are bulk pipes) using the endpoints descriptors. 459 */ 460 error = usbd_open_pipe(sc->sc_iface, 0x01, USBD_EXCLUSIVE_USE, 461 &sc->cmd_tx_pipe); 462 if (error != 0) { 463 printf("%s: could not open Tx command pipe: %s\n", 464 sc->sc_dev.dv_xname, usbd_errstr(error)); 465 goto fail; 466 } 467 468 error = usbd_open_pipe(sc->sc_iface, 0x02, USBD_EXCLUSIVE_USE, 469 &sc->data_tx_pipe); 470 if (error != 0) { 471 printf("%s: could not open Tx data pipe: %s\n", 472 sc->sc_dev.dv_xname, usbd_errstr(error)); 473 goto fail; 474 } 475 476 error = usbd_open_pipe(sc->sc_iface, 0x81, USBD_EXCLUSIVE_USE, 477 &sc->cmd_rx_pipe); 478 if (error != 0) { 479 printf("%s: could not open Rx command pipe: %s\n", 480 sc->sc_dev.dv_xname, usbd_errstr(error)); 481 goto fail; 482 } 483 484 error = usbd_open_pipe(sc->sc_iface, 0x82, USBD_EXCLUSIVE_USE, 485 &sc->data_rx_pipe); 486 if (error != 0) { 487 printf("%s: could not open Rx data pipe: %s\n", 488 sc->sc_dev.dv_xname, usbd_errstr(error)); 489 goto fail; 490 } 491 492 return 0; 493 494 fail: uath_close_pipes(sc); 495 return error; 496 } 497 498 void 499 uath_close_pipes(struct uath_softc *sc) 500 { 501 if (sc->data_tx_pipe != NULL) { 502 usbd_close_pipe(sc->data_tx_pipe); 503 sc->data_tx_pipe = NULL; 504 } 505 506 if (sc->data_rx_pipe != NULL) { 507 usbd_close_pipe(sc->data_rx_pipe); 508 sc->data_rx_pipe = NULL; 509 } 510 511 if (sc->cmd_tx_pipe != NULL) { 512 usbd_close_pipe(sc->cmd_tx_pipe); 513 sc->cmd_tx_pipe = NULL; 514 } 515 516 if (sc->cmd_rx_pipe != NULL) { 517 usbd_close_pipe(sc->cmd_rx_pipe); 518 sc->cmd_rx_pipe = NULL; 519 } 520 } 521 522 int 523 uath_alloc_tx_data_list(struct uath_softc *sc) 524 { 525 int i, error; 526 527 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) { 528 struct uath_tx_data *data = &sc->tx_data[i]; 529 530 data->sc = sc; /* backpointer for callbacks */ 531 532 data->xfer = usbd_alloc_xfer(sc->sc_udev); 533 if (data->xfer == NULL) { 534 printf("%s: could not allocate xfer\n", 535 sc->sc_dev.dv_xname); 536 error = ENOMEM; 537 goto fail; 538 } 539 data->buf = usbd_alloc_buffer(data->xfer, UATH_MAX_TXBUFSZ); 540 if (data->buf == NULL) { 541 printf("%s: could not allocate xfer buffer\n", 542 sc->sc_dev.dv_xname); 543 error = ENOMEM; 544 goto fail; 545 } 546 } 547 return 0; 548 549 fail: uath_free_tx_data_list(sc); 550 return error; 551 } 552 553 void 554 uath_free_tx_data_list(struct uath_softc *sc) 555 { 556 int i; 557 558 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) 559 if (sc->tx_data[i].xfer != NULL) { 560 usbd_free_xfer(sc->tx_data[i].xfer); 561 sc->tx_data[i].xfer = NULL; 562 } 563 } 564 565 int 566 uath_alloc_rx_data_list(struct uath_softc *sc) 567 { 568 int i, error; 569 570 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 571 struct uath_rx_data *data = &sc->rx_data[i]; 572 573 data->sc = sc; /* backpointer for callbacks */ 574 575 data->xfer = usbd_alloc_xfer(sc->sc_udev); 576 if (data->xfer == NULL) { 577 printf("%s: could not allocate xfer\n", 578 sc->sc_dev.dv_xname); 579 error = ENOMEM; 580 goto fail; 581 } 582 if (usbd_alloc_buffer(data->xfer, sc->rxbufsz) == NULL) { 583 printf("%s: could not allocate xfer buffer\n", 584 sc->sc_dev.dv_xname); 585 error = ENOMEM; 586 goto fail; 587 } 588 589 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 590 if (data->m == NULL) { 591 printf("%s: could not allocate rx mbuf\n", 592 sc->sc_dev.dv_xname); 593 error = ENOMEM; 594 goto fail; 595 } 596 MCLGET(data->m, M_DONTWAIT); 597 if (!(data->m->m_flags & M_EXT)) { 598 printf("%s: could not allocate rx mbuf cluster\n", 599 sc->sc_dev.dv_xname); 600 error = ENOMEM; 601 goto fail; 602 } 603 604 data->buf = mtod(data->m, uint8_t *); 605 } 606 return 0; 607 608 fail: uath_free_rx_data_list(sc); 609 return error; 610 } 611 612 void 613 uath_free_rx_data_list(struct uath_softc *sc) 614 { 615 int i; 616 617 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 618 struct uath_rx_data *data = &sc->rx_data[i]; 619 620 if (data->xfer != NULL) { 621 usbd_free_xfer(data->xfer); 622 data->xfer = NULL; 623 } 624 625 if (data->m != NULL) { 626 m_freem(data->m); 627 data->m = NULL; 628 } 629 } 630 } 631 632 int 633 uath_alloc_tx_cmd_list(struct uath_softc *sc) 634 { 635 int i, error; 636 637 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) { 638 struct uath_tx_cmd *cmd = &sc->tx_cmd[i]; 639 640 cmd->sc = sc; /* backpointer for callbacks */ 641 642 cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 643 if (cmd->xfer == NULL) { 644 printf("%s: could not allocate xfer\n", 645 sc->sc_dev.dv_xname); 646 error = ENOMEM; 647 goto fail; 648 } 649 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_TXCMDSZ); 650 if (cmd->buf == NULL) { 651 printf("%s: could not allocate xfer buffer\n", 652 sc->sc_dev.dv_xname); 653 error = ENOMEM; 654 goto fail; 655 } 656 } 657 return 0; 658 659 fail: uath_free_tx_cmd_list(sc); 660 return error; 661 } 662 663 void 664 uath_free_tx_cmd_list(struct uath_softc *sc) 665 { 666 int i; 667 668 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) 669 if (sc->tx_cmd[i].xfer != NULL) { 670 usbd_free_xfer(sc->tx_cmd[i].xfer); 671 sc->tx_cmd[i].xfer = NULL; 672 } 673 } 674 675 int 676 uath_alloc_rx_cmd_list(struct uath_softc *sc) 677 { 678 int i, error; 679 680 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) { 681 struct uath_rx_cmd *cmd = &sc->rx_cmd[i]; 682 683 cmd->sc = sc; /* backpointer for callbacks */ 684 685 cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 686 if (cmd->xfer == NULL) { 687 printf("%s: could not allocate xfer\n", 688 sc->sc_dev.dv_xname); 689 error = ENOMEM; 690 goto fail; 691 } 692 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_RXCMDSZ); 693 if (cmd->buf == NULL) { 694 printf("%s: could not allocate xfer buffer\n", 695 sc->sc_dev.dv_xname); 696 error = ENOMEM; 697 goto fail; 698 } 699 } 700 return 0; 701 702 fail: uath_free_rx_cmd_list(sc); 703 return error; 704 } 705 706 void 707 uath_free_rx_cmd_list(struct uath_softc *sc) 708 { 709 int i; 710 711 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) 712 if (sc->rx_cmd[i].xfer != NULL) { 713 usbd_free_xfer(sc->rx_cmd[i].xfer); 714 sc->rx_cmd[i].xfer = NULL; 715 } 716 } 717 718 int 719 uath_media_change(struct ifnet *ifp) 720 { 721 int error; 722 723 error = ieee80211_media_change(ifp); 724 if (error != ENETRESET) 725 return error; 726 727 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 728 uath_init(ifp); 729 730 return 0; 731 } 732 733 /* 734 * This function is called periodically (every second) when associated to 735 * query device statistics. 736 */ 737 void 738 uath_stat(void *arg) 739 { 740 struct uath_softc *sc = arg; 741 int error; 742 743 /* 744 * Send request for statistics asynchronously. The timer will be 745 * restarted when we'll get the stats notification. 746 */ 747 error = uath_cmd_write(sc, UATH_CMD_STATS, NULL, 0, 748 UATH_CMD_FLAG_ASYNC); 749 if (error != 0) { 750 printf("%s: could not query statistics (error=%d)\n", 751 sc->sc_dev.dv_xname, error); 752 } 753 } 754 755 /* 756 * This function is called periodically (every 250ms) during scanning to 757 * switch from one channel to another. 758 */ 759 void 760 uath_next_scan(void *arg) 761 { 762 struct uath_softc *sc = arg; 763 struct ieee80211com *ic = &sc->sc_ic; 764 struct ifnet *ifp = &ic->ic_if; 765 766 if (ic->ic_state == IEEE80211_S_SCAN) 767 ieee80211_next_scan(ifp); 768 } 769 770 void 771 uath_task(void *arg) 772 { 773 struct uath_softc *sc = arg; 774 struct ieee80211com *ic = &sc->sc_ic; 775 enum ieee80211_state ostate; 776 777 ostate = ic->ic_state; 778 779 switch (sc->sc_state) { 780 case IEEE80211_S_INIT: 781 if (ostate == IEEE80211_S_RUN) { 782 /* turn link and activity LEDs off */ 783 (void)uath_set_led(sc, UATH_LED_LINK, 0); 784 (void)uath_set_led(sc, UATH_LED_ACTIVITY, 0); 785 } 786 break; 787 788 case IEEE80211_S_SCAN: 789 if (uath_switch_channel(sc, ic->ic_bss->ni_chan) != 0) { 790 printf("%s: could not switch channel\n", 791 sc->sc_dev.dv_xname); 792 break; 793 } 794 timeout_add_msec(&sc->scan_to, 250); 795 break; 796 797 case IEEE80211_S_AUTH: 798 { 799 struct ieee80211_node *ni = ic->ic_bss; 800 struct uath_cmd_bssid bssid; 801 struct uath_cmd_0b cmd0b; 802 struct uath_cmd_0c cmd0c; 803 804 if (uath_switch_channel(sc, ni->ni_chan) != 0) { 805 printf("%s: could not switch channel\n", 806 sc->sc_dev.dv_xname); 807 break; 808 } 809 810 (void)uath_cmd_write(sc, UATH_CMD_24, NULL, 0, 0); 811 812 bzero(&bssid, sizeof bssid); 813 bssid.len = htobe32(IEEE80211_ADDR_LEN); 814 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid); 815 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid, 816 sizeof bssid, 0); 817 818 bzero(&cmd0b, sizeof cmd0b); 819 cmd0b.code = htobe32(2); 820 cmd0b.size = htobe32(sizeof (cmd0b.data)); 821 (void)uath_cmd_write(sc, UATH_CMD_0B, &cmd0b, sizeof cmd0b, 0); 822 823 bzero(&cmd0c, sizeof cmd0c); 824 cmd0c.magic1 = htobe32(2); 825 cmd0c.magic2 = htobe32(7); 826 cmd0c.magic3 = htobe32(1); 827 (void)uath_cmd_write(sc, UATH_CMD_0C, &cmd0c, sizeof cmd0c, 0); 828 829 if (uath_set_rates(sc, &ni->ni_rates) != 0) { 830 printf("%s: could not set negotiated rate set\n", 831 sc->sc_dev.dv_xname); 832 break; 833 } 834 break; 835 } 836 837 case IEEE80211_S_ASSOC: 838 break; 839 840 case IEEE80211_S_RUN: 841 { 842 struct ieee80211_node *ni = ic->ic_bss; 843 struct uath_cmd_bssid bssid; 844 struct uath_cmd_xled xled; 845 uint32_t val; 846 847 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 848 /* make both LEDs blink while monitoring */ 849 bzero(&xled, sizeof xled); 850 xled.which = htobe32(0); 851 xled.rate = htobe32(1); 852 xled.mode = htobe32(2); 853 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, 854 sizeof xled, 0); 855 break; 856 } 857 858 /* 859 * Tx rate is controlled by firmware, report the maximum 860 * negotiated rate in ifconfig output. 861 */ 862 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 863 864 val = htobe32(1); 865 (void)uath_cmd_write(sc, UATH_CMD_2E, &val, sizeof val, 0); 866 867 bzero(&bssid, sizeof bssid); 868 bssid.flags1 = htobe32(0xc004); 869 bssid.flags2 = htobe32(0x003b); 870 bssid.len = htobe32(IEEE80211_ADDR_LEN); 871 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid); 872 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid, 873 sizeof bssid, 0); 874 875 /* turn link LED on */ 876 (void)uath_set_led(sc, UATH_LED_LINK, 1); 877 878 /* make activity LED blink */ 879 bzero(&xled, sizeof xled); 880 xled.which = htobe32(1); 881 xled.rate = htobe32(1); 882 xled.mode = htobe32(2); 883 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, sizeof xled, 884 0); 885 886 /* set state to associated */ 887 val = htobe32(1); 888 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 889 0); 890 891 /* start statistics timer */ 892 timeout_add_sec(&sc->stat_to, 1); 893 break; 894 } 895 } 896 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 897 } 898 899 int 900 uath_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 901 { 902 struct uath_softc *sc = ic->ic_softc; 903 904 usb_rem_task(sc->sc_udev, &sc->sc_task); 905 timeout_del(&sc->scan_to); 906 timeout_del(&sc->stat_to); 907 908 /* do it in a process context */ 909 sc->sc_state = nstate; 910 sc->sc_arg = arg; 911 usb_add_task(sc->sc_udev, &sc->sc_task); 912 return 0; 913 } 914 915 #ifdef UATH_DEBUG 916 void 917 uath_dump_cmd(const uint8_t *buf, int len, char prefix) 918 { 919 int i; 920 921 for (i = 0; i < len; i++) { 922 if ((i % 16) == 0) 923 printf("\n%c ", prefix); 924 else if ((i % 4) == 0) 925 printf(" "); 926 printf("%02x", buf[i]); 927 } 928 printf("\n"); 929 } 930 #endif 931 932 /* 933 * Low-level function to send read or write commands to the firmware. 934 */ 935 int 936 uath_cmd(struct uath_softc *sc, uint32_t code, const void *idata, int ilen, 937 void *odata, int flags) 938 { 939 struct uath_cmd_hdr *hdr; 940 struct uath_tx_cmd *cmd; 941 uint16_t xferflags; 942 int s, xferlen, error; 943 944 /* grab a xfer */ 945 cmd = &sc->tx_cmd[sc->cmd_idx]; 946 947 /* always bulk-out a multiple of 4 bytes */ 948 xferlen = (sizeof (struct uath_cmd_hdr) + ilen + 3) & ~3; 949 950 hdr = (struct uath_cmd_hdr *)cmd->buf; 951 bzero(hdr, sizeof (struct uath_cmd_hdr)); 952 hdr->len = htobe32(xferlen); 953 hdr->code = htobe32(code); 954 hdr->priv = sc->cmd_idx; /* don't care about endianness */ 955 hdr->magic = htobe32((flags & UATH_CMD_FLAG_MAGIC) ? 1 << 24 : 0); 956 bcopy(idata, (uint8_t *)(hdr + 1), ilen); 957 958 #ifdef UATH_DEBUG 959 if (uath_debug >= 5) { 960 printf("sending command code=0x%02x flags=0x%x index=%u", 961 code, flags, sc->cmd_idx); 962 uath_dump_cmd(cmd->buf, xferlen, '+'); 963 } 964 #endif 965 xferflags = USBD_FORCE_SHORT_XFER | USBD_NO_COPY; 966 if (!(flags & UATH_CMD_FLAG_READ)) { 967 if (!(flags & UATH_CMD_FLAG_ASYNC)) 968 xferflags |= USBD_SYNCHRONOUS; 969 } else 970 s = splusb(); 971 972 cmd->odata = odata; 973 974 usbd_setup_xfer(cmd->xfer, sc->cmd_tx_pipe, cmd, cmd->buf, xferlen, 975 xferflags, UATH_CMD_TIMEOUT, NULL); 976 error = usbd_transfer(cmd->xfer); 977 if (error != USBD_IN_PROGRESS && error != 0) { 978 if (flags & UATH_CMD_FLAG_READ) 979 splx(s); 980 printf("%s: could not send command 0x%x (error=%s)\n", 981 sc->sc_dev.dv_xname, code, usbd_errstr(error)); 982 return error; 983 } 984 sc->cmd_idx = (sc->cmd_idx + 1) % UATH_TX_CMD_LIST_COUNT; 985 986 if (!(flags & UATH_CMD_FLAG_READ)) 987 return 0; /* write: don't wait for reply */ 988 989 /* wait at most two seconds for command reply */ 990 error = tsleep(cmd, PCATCH, "uathcmd", 2 * hz); 991 cmd->odata = NULL; /* in case answer is received too late */ 992 splx(s); 993 if (error != 0) { 994 printf("%s: timeout waiting for command reply\n", 995 sc->sc_dev.dv_xname); 996 } 997 return error; 998 } 999 1000 int 1001 uath_cmd_write(struct uath_softc *sc, uint32_t code, const void *data, int len, 1002 int flags) 1003 { 1004 flags &= ~UATH_CMD_FLAG_READ; 1005 return uath_cmd(sc, code, data, len, NULL, flags); 1006 } 1007 1008 int 1009 uath_cmd_read(struct uath_softc *sc, uint32_t code, const void *idata, 1010 int ilen, void *odata, int flags) 1011 { 1012 flags |= UATH_CMD_FLAG_READ; 1013 return uath_cmd(sc, code, idata, ilen, odata, flags); 1014 } 1015 1016 int 1017 uath_write_reg(struct uath_softc *sc, uint32_t reg, uint32_t val) 1018 { 1019 struct uath_write_mac write; 1020 int error; 1021 1022 write.reg = htobe32(reg); 1023 write.len = htobe32(0); /* 0 = single write */ 1024 *(uint32_t *)write.data = htobe32(val); 1025 1026 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write, 1027 3 * sizeof (uint32_t), 0); 1028 if (error != 0) { 1029 printf("%s: could not write register 0x%02x\n", 1030 sc->sc_dev.dv_xname, reg); 1031 } 1032 return error; 1033 } 1034 1035 int 1036 uath_write_multi(struct uath_softc *sc, uint32_t reg, const void *data, 1037 int len) 1038 { 1039 struct uath_write_mac write; 1040 int error; 1041 1042 write.reg = htobe32(reg); 1043 write.len = htobe32(len); 1044 bcopy(data, write.data, len); 1045 1046 /* properly handle the case where len is zero (reset) */ 1047 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write, 1048 (len == 0) ? sizeof (uint32_t) : 2 * sizeof (uint32_t) + len, 0); 1049 if (error != 0) { 1050 printf("%s: could not write %d bytes to register 0x%02x\n", 1051 sc->sc_dev.dv_xname, len, reg); 1052 } 1053 return error; 1054 } 1055 1056 int 1057 uath_read_reg(struct uath_softc *sc, uint32_t reg, uint32_t *val) 1058 { 1059 struct uath_read_mac read; 1060 int error; 1061 1062 reg = htobe32(reg); 1063 error = uath_cmd_read(sc, UATH_CMD_READ_MAC, ®, sizeof reg, &read, 1064 0); 1065 if (error != 0) { 1066 printf("%s: could not read register 0x%02x\n", 1067 sc->sc_dev.dv_xname, betoh32(reg)); 1068 return error; 1069 } 1070 *val = betoh32(*(uint32_t *)read.data); 1071 return error; 1072 } 1073 1074 int 1075 uath_read_eeprom(struct uath_softc *sc, uint32_t reg, void *odata) 1076 { 1077 struct uath_read_mac read; 1078 int len, error; 1079 1080 reg = htobe32(reg); 1081 error = uath_cmd_read(sc, UATH_CMD_READ_EEPROM, ®, sizeof reg, 1082 &read, 0); 1083 if (error != 0) { 1084 printf("%s: could not read EEPROM offset 0x%02x\n", 1085 sc->sc_dev.dv_xname, betoh32(reg)); 1086 return error; 1087 } 1088 len = betoh32(read.len); 1089 bcopy(read.data, odata, (len == 0) ? sizeof (uint32_t) : len); 1090 return error; 1091 } 1092 1093 void 1094 uath_cmd_rxeof(struct usbd_xfer *xfer, void *priv, 1095 usbd_status status) 1096 { 1097 struct uath_rx_cmd *cmd = priv; 1098 struct uath_softc *sc = cmd->sc; 1099 struct uath_cmd_hdr *hdr; 1100 1101 if (status != USBD_NORMAL_COMPLETION) { 1102 if (status == USBD_STALLED) 1103 usbd_clear_endpoint_stall_async(sc->cmd_rx_pipe); 1104 return; 1105 } 1106 1107 hdr = (struct uath_cmd_hdr *)cmd->buf; 1108 1109 #ifdef UATH_DEBUG 1110 if (uath_debug >= 5) { 1111 printf("received command code=0x%x index=%u len=%u", 1112 betoh32(hdr->code), hdr->priv, betoh32(hdr->len)); 1113 uath_dump_cmd(cmd->buf, betoh32(hdr->len), '-'); 1114 } 1115 #endif 1116 1117 switch (betoh32(hdr->code) & 0xff) { 1118 /* reply to a read command */ 1119 default: 1120 { 1121 struct uath_tx_cmd *txcmd = &sc->tx_cmd[hdr->priv]; 1122 1123 if (txcmd->odata != NULL) { 1124 /* copy answer into caller's supplied buffer */ 1125 bcopy((uint8_t *)(hdr + 1), txcmd->odata, 1126 betoh32(hdr->len) - sizeof (struct uath_cmd_hdr)); 1127 } 1128 wakeup(txcmd); /* wake up caller */ 1129 break; 1130 } 1131 /* spontaneous firmware notifications */ 1132 case UATH_NOTIF_READY: 1133 DPRINTF(("received device ready notification\n")); 1134 wakeup(UATH_COND_INIT(sc)); 1135 break; 1136 1137 case UATH_NOTIF_TX: 1138 /* this notification is sent when UATH_TX_NOTIFY is set */ 1139 DPRINTF(("received Tx notification\n")); 1140 break; 1141 1142 case UATH_NOTIF_STATS: 1143 DPRINTFN(2, ("received device statistics\n")); 1144 timeout_add_sec(&sc->stat_to, 1); 1145 break; 1146 } 1147 1148 /* setup a new transfer */ 1149 usbd_setup_xfer(xfer, sc->cmd_rx_pipe, cmd, cmd->buf, UATH_MAX_RXCMDSZ, 1150 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, 1151 uath_cmd_rxeof); 1152 (void)usbd_transfer(xfer); 1153 } 1154 1155 void 1156 uath_data_rxeof(struct usbd_xfer *xfer, void *priv, 1157 usbd_status status) 1158 { 1159 struct uath_rx_data *data = priv; 1160 struct uath_softc *sc = data->sc; 1161 struct ieee80211com *ic = &sc->sc_ic; 1162 struct ifnet *ifp = &ic->ic_if; 1163 struct ieee80211_frame *wh; 1164 struct ieee80211_rxinfo rxi; 1165 struct ieee80211_node *ni; 1166 struct uath_rx_desc *desc; 1167 struct mbuf *mnew, *m; 1168 uint32_t hdr; 1169 int s, len; 1170 1171 if (status != USBD_NORMAL_COMPLETION) { 1172 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1173 return; 1174 1175 if (status == USBD_STALLED) 1176 usbd_clear_endpoint_stall_async(sc->data_rx_pipe); 1177 1178 ifp->if_ierrors++; 1179 return; 1180 } 1181 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1182 1183 if (len < UATH_MIN_RXBUFSZ) { 1184 DPRINTF(("wrong xfer size (len=%d)\n", len)); 1185 ifp->if_ierrors++; 1186 goto skip; 1187 } 1188 1189 hdr = betoh32(*(uint32_t *)data->buf); 1190 1191 /* Rx descriptor is located at the end, 32-bit aligned */ 1192 desc = (struct uath_rx_desc *) 1193 (data->buf + len - sizeof (struct uath_rx_desc)); 1194 1195 if (betoh32(desc->len) > sc->rxbufsz) { 1196 DPRINTF(("bad descriptor (len=%d)\n", betoh32(desc->len))); 1197 ifp->if_ierrors++; 1198 goto skip; 1199 } 1200 1201 /* there's probably a "bad CRC" flag somewhere in the descriptor.. */ 1202 1203 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1204 if (mnew == NULL) { 1205 printf("%s: could not allocate rx mbuf\n", 1206 sc->sc_dev.dv_xname); 1207 ifp->if_ierrors++; 1208 goto skip; 1209 } 1210 MCLGET(mnew, M_DONTWAIT); 1211 if (!(mnew->m_flags & M_EXT)) { 1212 printf("%s: could not allocate rx mbuf cluster\n", 1213 sc->sc_dev.dv_xname); 1214 m_freem(mnew); 1215 ifp->if_ierrors++; 1216 goto skip; 1217 } 1218 1219 m = data->m; 1220 data->m = mnew; 1221 1222 /* finalize mbuf */ 1223 m->m_data = data->buf + sizeof (uint32_t); 1224 m->m_pkthdr.len = m->m_len = betoh32(desc->len) - 1225 sizeof (struct uath_rx_desc) - IEEE80211_CRC_LEN; 1226 1227 data->buf = mtod(data->m, uint8_t *); 1228 1229 wh = mtod(m, struct ieee80211_frame *); 1230 rxi.rxi_flags = 0; 1231 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) && 1232 ic->ic_opmode != IEEE80211_M_MONITOR) { 1233 /* 1234 * Hardware decrypts the frame itself but leaves the WEP bit 1235 * set in the 802.11 header and doesn't remove the IV and CRC 1236 * fields. 1237 */ 1238 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 1239 memmove((caddr_t)wh + IEEE80211_WEP_IVLEN + 1240 IEEE80211_WEP_KIDLEN, wh, sizeof (struct ieee80211_frame)); 1241 m_adj(m, IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN); 1242 m_adj(m, -IEEE80211_WEP_CRCLEN); 1243 wh = mtod(m, struct ieee80211_frame *); 1244 1245 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1246 } 1247 1248 #if NBPFILTER > 0 1249 /* there are a lot more fields in the Rx descriptor */ 1250 if (sc->sc_drvbpf != NULL) { 1251 struct mbuf mb; 1252 struct uath_rx_radiotap_header *tap = &sc->sc_rxtap; 1253 1254 tap->wr_flags = 0; 1255 tap->wr_chan_freq = htole16(betoh32(desc->freq)); 1256 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1257 tap->wr_dbm_antsignal = (int8_t)betoh32(desc->rssi); 1258 1259 mb.m_data = (caddr_t)tap; 1260 mb.m_len = sc->sc_rxtap_len; 1261 mb.m_next = m; 1262 mb.m_nextpkt = NULL; 1263 mb.m_type = 0; 1264 mb.m_flags = 0; 1265 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1266 } 1267 #endif 1268 1269 s = splnet(); 1270 ni = ieee80211_find_rxnode(ic, wh); 1271 rxi.rxi_rssi = (int)betoh32(desc->rssi); 1272 rxi.rxi_tstamp = 0; /* unused */ 1273 ieee80211_input(ifp, m, ni, &rxi); 1274 1275 /* node is no longer needed */ 1276 ieee80211_release_node(ic, ni); 1277 splx(s); 1278 1279 skip: /* setup a new transfer */ 1280 usbd_setup_xfer(xfer, sc->data_rx_pipe, data, data->buf, sc->rxbufsz, 1281 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, uath_data_rxeof); 1282 (void)usbd_transfer(data->xfer); 1283 } 1284 1285 int 1286 uath_tx_null(struct uath_softc *sc) 1287 { 1288 struct uath_tx_data *data; 1289 struct uath_tx_desc *desc; 1290 1291 data = &sc->tx_data[sc->data_idx]; 1292 1293 data->ni = NULL; 1294 1295 *(uint32_t *)data->buf = UATH_MAKECTL(1, sizeof (struct uath_tx_desc)); 1296 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t)); 1297 1298 bzero(desc, sizeof (struct uath_tx_desc)); 1299 desc->len = htobe32(sizeof (struct uath_tx_desc)); 1300 desc->type = htobe32(UATH_TX_NULL); 1301 1302 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, 1303 sizeof (uint32_t) + sizeof (struct uath_tx_desc), USBD_NO_COPY | 1304 USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, UATH_DATA_TIMEOUT, NULL); 1305 if (usbd_transfer(data->xfer) != 0) 1306 return EIO; 1307 1308 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT; 1309 1310 return uath_cmd_write(sc, UATH_CMD_0F, NULL, 0, UATH_CMD_FLAG_ASYNC); 1311 } 1312 1313 void 1314 uath_data_txeof(struct usbd_xfer *xfer, void *priv, 1315 usbd_status status) 1316 { 1317 struct uath_tx_data *data = priv; 1318 struct uath_softc *sc = data->sc; 1319 struct ieee80211com *ic = &sc->sc_ic; 1320 struct ifnet *ifp = &ic->ic_if; 1321 int s; 1322 1323 if (status != USBD_NORMAL_COMPLETION) { 1324 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1325 return; 1326 1327 printf("%s: could not transmit buffer: %s\n", 1328 sc->sc_dev.dv_xname, usbd_errstr(status)); 1329 1330 if (status == USBD_STALLED) 1331 usbd_clear_endpoint_stall_async(sc->data_tx_pipe); 1332 1333 ifp->if_oerrors++; 1334 return; 1335 } 1336 1337 s = splnet(); 1338 1339 ieee80211_release_node(ic, data->ni); 1340 data->ni = NULL; 1341 1342 sc->tx_queued--; 1343 ifp->if_opackets++; 1344 1345 sc->sc_tx_timer = 0; 1346 ifq_clr_oactive(&ifp->if_snd); 1347 uath_start(ifp); 1348 1349 splx(s); 1350 } 1351 1352 int 1353 uath_tx_data(struct uath_softc *sc, struct mbuf *m0, struct ieee80211_node *ni) 1354 { 1355 struct ieee80211com *ic = &sc->sc_ic; 1356 struct uath_tx_data *data; 1357 struct uath_tx_desc *desc; 1358 const struct ieee80211_frame *wh; 1359 int paylen, totlen, xferlen, error; 1360 1361 data = &sc->tx_data[sc->data_idx]; 1362 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t)); 1363 1364 data->ni = ni; 1365 1366 #if NBPFILTER > 0 1367 if (sc->sc_drvbpf != NULL) { 1368 struct mbuf mb; 1369 struct uath_tx_radiotap_header *tap = &sc->sc_txtap; 1370 1371 tap->wt_flags = 0; 1372 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1373 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1374 1375 mb.m_data = (caddr_t)tap; 1376 mb.m_len = sc->sc_txtap_len; 1377 mb.m_next = m0; 1378 mb.m_nextpkt = NULL; 1379 mb.m_type = 0; 1380 mb.m_flags = 0; 1381 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1382 } 1383 #endif 1384 1385 paylen = m0->m_pkthdr.len; 1386 xferlen = sizeof (uint32_t) + sizeof (struct uath_tx_desc) + paylen; 1387 1388 wh = mtod(m0, struct ieee80211_frame *); 1389 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1390 uint8_t *frm = (uint8_t *)(desc + 1); 1391 uint32_t iv; 1392 1393 /* h/w WEP: it's up to the host to fill the IV field */ 1394 bcopy(wh, frm, sizeof (struct ieee80211_frame)); 1395 frm += sizeof (struct ieee80211_frame); 1396 1397 /* insert IV: code copied from net80211 */ 1398 iv = (ic->ic_iv != 0) ? ic->ic_iv : arc4random(); 1399 if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00) 1400 iv += 0x000100; 1401 ic->ic_iv = iv + 1; 1402 1403 *frm++ = iv & 0xff; 1404 *frm++ = (iv >> 8) & 0xff; 1405 *frm++ = (iv >> 16) & 0xff; 1406 *frm++ = ic->ic_wep_txkey << 6; 1407 1408 m_copydata(m0, sizeof (struct ieee80211_frame), 1409 m0->m_pkthdr.len - sizeof (struct ieee80211_frame), frm); 1410 1411 paylen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; 1412 xferlen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; 1413 totlen = xferlen + IEEE80211_WEP_CRCLEN; 1414 } else { 1415 m_copydata(m0, 0, m0->m_pkthdr.len, (uint8_t *)(desc + 1)); 1416 totlen = xferlen; 1417 } 1418 1419 /* fill Tx descriptor */ 1420 *(uint32_t *)data->buf = UATH_MAKECTL(1, xferlen - sizeof (uint32_t)); 1421 1422 desc->len = htobe32(totlen); 1423 desc->priv = sc->data_idx; /* don't care about endianness */ 1424 desc->paylen = htobe32(paylen); 1425 desc->type = htobe32(UATH_TX_DATA); 1426 desc->flags = htobe32(0); 1427 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1428 desc->dest = htobe32(UATH_ID_BROADCAST); 1429 desc->magic = htobe32(3); 1430 } else { 1431 desc->dest = htobe32(UATH_ID_BSS); 1432 desc->magic = htobe32(1); 1433 } 1434 1435 m_freem(m0); /* mbuf is no longer needed */ 1436 1437 #ifdef UATH_DEBUG 1438 if (uath_debug >= 6) { 1439 printf("sending frame index=%u len=%d xferlen=%d", 1440 sc->data_idx, paylen, xferlen); 1441 uath_dump_cmd(data->buf, xferlen, '+'); 1442 } 1443 #endif 1444 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, xferlen, 1445 USBD_FORCE_SHORT_XFER | USBD_NO_COPY, UATH_DATA_TIMEOUT, 1446 uath_data_txeof); 1447 error = usbd_transfer(data->xfer); 1448 if (error != USBD_IN_PROGRESS && error != 0) { 1449 ic->ic_if.if_oerrors++; 1450 return error; 1451 } 1452 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT; 1453 sc->tx_queued++; 1454 1455 return 0; 1456 } 1457 1458 void 1459 uath_start(struct ifnet *ifp) 1460 { 1461 struct uath_softc *sc = ifp->if_softc; 1462 struct ieee80211com *ic = &sc->sc_ic; 1463 struct ieee80211_node *ni; 1464 struct mbuf *m0; 1465 1466 /* 1467 * net80211 may still try to send management frames even if the 1468 * IFF_RUNNING flag is not set... 1469 */ 1470 if (!(ifp->if_flags & IFF_RUNNING) && ifq_is_oactive(&ifp->if_snd)) 1471 return; 1472 1473 for (;;) { 1474 if (sc->tx_queued >= UATH_TX_DATA_LIST_COUNT) { 1475 ifq_set_oactive(&ifp->if_snd); 1476 break; 1477 } 1478 1479 m0 = mq_dequeue(&ic->ic_mgtq); 1480 if (m0 != NULL) { 1481 ni = m0->m_pkthdr.ph_cookie; 1482 #if NBPFILTER > 0 1483 if (ic->ic_rawbpf != NULL) 1484 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1485 #endif 1486 if (uath_tx_data(sc, m0, ni) != 0) 1487 break; 1488 } else { 1489 if (ic->ic_state != IEEE80211_S_RUN) 1490 break; 1491 1492 IFQ_DEQUEUE(&ifp->if_snd, m0); 1493 if (m0 == NULL) 1494 break; 1495 #if NBPFILTER > 0 1496 if (ifp->if_bpf != NULL) 1497 bpf_mtap(ifp->if_bpf, m0, BPF_DIRECTION_OUT); 1498 #endif 1499 m0 = ieee80211_encap(ifp, m0, &ni); 1500 if (m0 == NULL) 1501 continue; 1502 #if NBPFILTER > 0 1503 if (ic->ic_rawbpf != NULL) 1504 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1505 #endif 1506 if (uath_tx_data(sc, m0, ni) != 0) { 1507 if (ni != NULL) 1508 ieee80211_release_node(ic, ni); 1509 ifp->if_oerrors++; 1510 break; 1511 } 1512 } 1513 1514 sc->sc_tx_timer = 5; 1515 ifp->if_timer = 1; 1516 } 1517 } 1518 1519 void 1520 uath_watchdog(struct ifnet *ifp) 1521 { 1522 struct uath_softc *sc = ifp->if_softc; 1523 1524 ifp->if_timer = 0; 1525 1526 if (sc->sc_tx_timer > 0) { 1527 if (--sc->sc_tx_timer == 0) { 1528 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1529 /*uath_init(ifp); XXX needs a process context! */ 1530 ifp->if_oerrors++; 1531 return; 1532 } 1533 ifp->if_timer = 1; 1534 } 1535 1536 ieee80211_watchdog(ifp); 1537 } 1538 1539 int 1540 uath_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1541 { 1542 struct uath_softc *sc = ifp->if_softc; 1543 struct ieee80211com *ic = &sc->sc_ic; 1544 struct ifreq *ifr; 1545 int s, error = 0; 1546 1547 s = splnet(); 1548 1549 switch (cmd) { 1550 case SIOCSIFADDR: 1551 ifp->if_flags |= IFF_UP; 1552 /* FALLTHROUGH */ 1553 case SIOCSIFFLAGS: 1554 if (ifp->if_flags & IFF_UP) { 1555 if (!(ifp->if_flags & IFF_RUNNING)) 1556 uath_init(ifp); 1557 } else { 1558 if (ifp->if_flags & IFF_RUNNING) 1559 uath_stop(ifp, 1); 1560 } 1561 break; 1562 1563 case SIOCADDMULTI: 1564 case SIOCDELMULTI: 1565 ifr = (struct ifreq *)data; 1566 error = (cmd == SIOCADDMULTI) ? 1567 ether_addmulti(ifr, &ic->ic_ac) : 1568 ether_delmulti(ifr, &ic->ic_ac); 1569 if (error == ENETRESET) 1570 error = 0; 1571 break; 1572 1573 default: 1574 error = ieee80211_ioctl(ifp, cmd, data); 1575 } 1576 1577 if (error == ENETRESET) { 1578 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1579 (IFF_UP | IFF_RUNNING)) 1580 uath_init(ifp); 1581 error = 0; 1582 } 1583 1584 splx(s); 1585 1586 return error; 1587 } 1588 1589 int 1590 uath_query_eeprom(struct uath_softc *sc) 1591 { 1592 uint32_t tmp; 1593 int error; 1594 1595 /* retrieve MAC address */ 1596 error = uath_read_eeprom(sc, UATH_EEPROM_MACADDR, sc->sc_ic.ic_myaddr); 1597 if (error != 0) { 1598 printf("%s: could not read MAC address\n", 1599 sc->sc_dev.dv_xname); 1600 return error; 1601 } 1602 1603 /* retrieve the maximum frame size that the hardware can receive */ 1604 error = uath_read_eeprom(sc, UATH_EEPROM_RXBUFSZ, &tmp); 1605 if (error != 0) { 1606 printf("%s: could not read maximum Rx buffer size\n", 1607 sc->sc_dev.dv_xname); 1608 return error; 1609 } 1610 sc->rxbufsz = betoh32(tmp) & 0xfff; 1611 DPRINTF(("maximum Rx buffer size %d\n", sc->rxbufsz)); 1612 return 0; 1613 } 1614 1615 int 1616 uath_reset(struct uath_softc *sc) 1617 { 1618 struct uath_cmd_setup setup; 1619 uint32_t reg, val; 1620 int s, error; 1621 1622 /* init device with some voodoo incantations.. */ 1623 setup.magic1 = htobe32(1); 1624 setup.magic2 = htobe32(5); 1625 setup.magic3 = htobe32(200); 1626 setup.magic4 = htobe32(27); 1627 s = splusb(); 1628 error = uath_cmd_write(sc, UATH_CMD_SETUP, &setup, sizeof setup, 1629 UATH_CMD_FLAG_ASYNC); 1630 /* ..and wait until firmware notifies us that it is ready */ 1631 if (error == 0) 1632 error = tsleep(UATH_COND_INIT(sc), PCATCH, "uathinit", 5 * hz); 1633 splx(s); 1634 if (error != 0) 1635 return error; 1636 1637 /* read PHY registers */ 1638 for (reg = 0x09; reg <= 0x24; reg++) { 1639 if (reg == 0x0b || reg == 0x0c) 1640 continue; 1641 DELAY(100); 1642 if ((error = uath_read_reg(sc, reg, &val)) != 0) 1643 return error; 1644 DPRINTFN(2, ("reg 0x%02x=0x%08x\n", reg, val)); 1645 } 1646 return error; 1647 } 1648 1649 int 1650 uath_reset_tx_queues(struct uath_softc *sc) 1651 { 1652 int ac, error; 1653 1654 for (ac = 0; ac < 4; ac++) { 1655 const uint32_t qid = htobe32(UATH_AC_TO_QID(ac)); 1656 1657 DPRINTF(("resetting Tx queue %d\n", UATH_AC_TO_QID(ac))); 1658 error = uath_cmd_write(sc, UATH_CMD_RESET_QUEUE, &qid, 1659 sizeof qid, 0); 1660 if (error != 0) 1661 break; 1662 } 1663 return error; 1664 } 1665 1666 int 1667 uath_wme_init(struct uath_softc *sc) 1668 { 1669 struct uath_qinfo qinfo; 1670 int ac, error; 1671 static const struct uath_wme_settings uath_wme_11g[4] = { 1672 { 7, 4, 10, 0, 0 }, /* Background */ 1673 { 3, 4, 10, 0, 0 }, /* Best-Effort */ 1674 { 3, 3, 4, 26, 0 }, /* Video */ 1675 { 2, 2, 3, 47, 0 } /* Voice */ 1676 }; 1677 1678 bzero(&qinfo, sizeof qinfo); 1679 qinfo.size = htobe32(32); 1680 qinfo.magic1 = htobe32(1); /* XXX ack policy? */ 1681 qinfo.magic2 = htobe32(1); 1682 for (ac = 0; ac < 4; ac++) { 1683 qinfo.qid = htobe32(UATH_AC_TO_QID(ac)); 1684 qinfo.ac = htobe32(ac); 1685 qinfo.aifsn = htobe32(uath_wme_11g[ac].aifsn); 1686 qinfo.logcwmin = htobe32(uath_wme_11g[ac].logcwmin); 1687 qinfo.logcwmax = htobe32(uath_wme_11g[ac].logcwmax); 1688 qinfo.txop = htobe32(UATH_TXOP_TO_US( 1689 uath_wme_11g[ac].txop)); 1690 qinfo.acm = htobe32(uath_wme_11g[ac].acm); 1691 1692 DPRINTF(("setting up Tx queue %d\n", UATH_AC_TO_QID(ac))); 1693 error = uath_cmd_write(sc, UATH_CMD_SET_QUEUE, &qinfo, 1694 sizeof qinfo, 0); 1695 if (error != 0) 1696 break; 1697 } 1698 return error; 1699 } 1700 1701 int 1702 uath_set_chan(struct uath_softc *sc, struct ieee80211_channel *c) 1703 { 1704 struct uath_set_chan chan; 1705 1706 bzero(&chan, sizeof chan); 1707 chan.flags = htobe32(0x1400); 1708 chan.freq = htobe32(c->ic_freq); 1709 chan.magic1 = htobe32(20); 1710 chan.magic2 = htobe32(50); 1711 chan.magic3 = htobe32(1); 1712 1713 DPRINTF(("switching to channel %d\n", 1714 ieee80211_chan2ieee(&sc->sc_ic, c))); 1715 return uath_cmd_write(sc, UATH_CMD_SET_CHAN, &chan, sizeof chan, 0); 1716 } 1717 1718 int 1719 uath_set_key(struct uath_softc *sc, const struct ieee80211_key *k, int index) 1720 { 1721 struct uath_cmd_crypto crypto; 1722 int i; 1723 1724 bzero(&crypto, sizeof crypto); 1725 crypto.keyidx = htobe32(index); 1726 crypto.magic1 = htobe32(1); 1727 crypto.size = htobe32(368); 1728 crypto.mask = htobe32(0xffff); 1729 crypto.flags = htobe32(0x80000068); 1730 if (index != UATH_DEFAULT_KEY) 1731 crypto.flags |= htobe32(index << 16); 1732 memset(crypto.magic2, 0xff, sizeof crypto.magic2); 1733 1734 /* 1735 * Each byte of the key must be XOR'ed with 10101010 before being 1736 * transmitted to the firmware. 1737 */ 1738 for (i = 0; i < k->k_len; i++) 1739 crypto.key[i] = k->k_key[i] ^ 0xaa; 1740 1741 DPRINTF(("setting crypto key index=%d len=%d\n", index, k->k_len)); 1742 return uath_cmd_write(sc, UATH_CMD_CRYPTO, &crypto, sizeof crypto, 0); 1743 } 1744 1745 int 1746 uath_set_keys(struct uath_softc *sc) 1747 { 1748 const struct ieee80211com *ic = &sc->sc_ic; 1749 int i, error; 1750 1751 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 1752 const struct ieee80211_key *k = &ic->ic_nw_keys[i]; 1753 1754 if (k->k_len > 0 && (error = uath_set_key(sc, k, i)) != 0) 1755 return error; 1756 } 1757 return uath_set_key(sc, &ic->ic_nw_keys[ic->ic_wep_txkey], 1758 UATH_DEFAULT_KEY); 1759 } 1760 1761 int 1762 uath_set_rates(struct uath_softc *sc, const struct ieee80211_rateset *rs) 1763 { 1764 struct uath_cmd_rates rates; 1765 1766 bzero(&rates, sizeof rates); 1767 rates.magic1 = htobe32(0x02); 1768 rates.size = htobe32(1 + sizeof rates.rates); 1769 rates.nrates = rs->rs_nrates; 1770 bcopy(rs->rs_rates, rates.rates, rs->rs_nrates); 1771 1772 DPRINTF(("setting supported rates nrates=%d\n", rs->rs_nrates)); 1773 return uath_cmd_write(sc, UATH_CMD_SET_RATES, &rates, sizeof rates, 0); 1774 } 1775 1776 int 1777 uath_set_rxfilter(struct uath_softc *sc, uint32_t filter, uint32_t flags) 1778 { 1779 struct uath_cmd_filter rxfilter; 1780 1781 rxfilter.filter = htobe32(filter); 1782 rxfilter.flags = htobe32(flags); 1783 1784 DPRINTF(("setting Rx filter=0x%x flags=0x%x\n", filter, flags)); 1785 return uath_cmd_write(sc, UATH_CMD_SET_FILTER, &rxfilter, 1786 sizeof rxfilter, 0); 1787 } 1788 1789 int 1790 uath_set_led(struct uath_softc *sc, int which, int on) 1791 { 1792 struct uath_cmd_led led; 1793 1794 led.which = htobe32(which); 1795 led.state = htobe32(on ? UATH_LED_ON : UATH_LED_OFF); 1796 1797 DPRINTFN(2, ("switching %s led %s\n", 1798 (which == UATH_LED_LINK) ? "link" : "activity", 1799 on ? "on" : "off")); 1800 return uath_cmd_write(sc, UATH_CMD_SET_LED, &led, sizeof led, 0); 1801 } 1802 1803 int 1804 uath_switch_channel(struct uath_softc *sc, struct ieee80211_channel *c) 1805 { 1806 uint32_t val; 1807 int error; 1808 1809 /* set radio frequency */ 1810 if ((error = uath_set_chan(sc, c)) != 0) { 1811 printf("%s: could not set channel\n", sc->sc_dev.dv_xname); 1812 return error; 1813 } 1814 1815 /* reset Tx rings */ 1816 if ((error = uath_reset_tx_queues(sc)) != 0) { 1817 printf("%s: could not reset Tx queues\n", 1818 sc->sc_dev.dv_xname); 1819 return error; 1820 } 1821 1822 /* set Tx rings WME properties */ 1823 if ((error = uath_wme_init(sc)) != 0) { 1824 printf("%s: could not init Tx queues\n", 1825 sc->sc_dev.dv_xname); 1826 return error; 1827 } 1828 1829 val = htobe32(0); 1830 error = uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0); 1831 if (error != 0) { 1832 printf("%s: could not set state\n", sc->sc_dev.dv_xname); 1833 return error; 1834 } 1835 1836 return uath_tx_null(sc); 1837 } 1838 1839 int 1840 uath_init(struct ifnet *ifp) 1841 { 1842 struct uath_softc *sc = ifp->if_softc; 1843 struct ieee80211com *ic = &sc->sc_ic; 1844 struct uath_cmd_31 cmd31; 1845 uint32_t val; 1846 int i, error; 1847 1848 /* reset data and command rings */ 1849 sc->tx_queued = sc->data_idx = sc->cmd_idx = 0; 1850 1851 val = htobe32(0); 1852 (void)uath_cmd_write(sc, UATH_CMD_02, &val, sizeof val, 0); 1853 1854 /* set MAC address */ 1855 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 1856 (void)uath_write_multi(sc, 0x13, ic->ic_myaddr, IEEE80211_ADDR_LEN); 1857 1858 (void)uath_write_reg(sc, 0x02, 0x00000001); 1859 (void)uath_write_reg(sc, 0x0e, 0x0000003f); 1860 (void)uath_write_reg(sc, 0x10, 0x00000001); 1861 (void)uath_write_reg(sc, 0x06, 0x0000001e); 1862 1863 /* 1864 * Queue Rx data xfers. 1865 */ 1866 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 1867 struct uath_rx_data *data = &sc->rx_data[i]; 1868 1869 usbd_setup_xfer(data->xfer, sc->data_rx_pipe, data, data->buf, 1870 sc->rxbufsz, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, 1871 uath_data_rxeof); 1872 error = usbd_transfer(data->xfer); 1873 if (error != USBD_IN_PROGRESS && error != 0) { 1874 printf("%s: could not queue Rx transfer\n", 1875 sc->sc_dev.dv_xname); 1876 goto fail; 1877 } 1878 } 1879 1880 error = uath_cmd_read(sc, UATH_CMD_07, NULL, 0, &val, 1881 UATH_CMD_FLAG_MAGIC); 1882 if (error != 0) { 1883 printf("%s: could not send read command 07h\n", 1884 sc->sc_dev.dv_xname); 1885 goto fail; 1886 } 1887 DPRINTF(("command 07h return code: %x\n", betoh32(val))); 1888 1889 /* set default channel */ 1890 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1891 if ((error = uath_set_chan(sc, ic->ic_bss->ni_chan)) != 0) { 1892 printf("%s: could not set channel\n", sc->sc_dev.dv_xname); 1893 goto fail; 1894 } 1895 1896 if ((error = uath_wme_init(sc)) != 0) { 1897 printf("%s: could not setup WME parameters\n", 1898 sc->sc_dev.dv_xname); 1899 goto fail; 1900 } 1901 1902 /* init MAC registers */ 1903 (void)uath_write_reg(sc, 0x19, 0x00000000); 1904 (void)uath_write_reg(sc, 0x1a, 0x0000003c); 1905 (void)uath_write_reg(sc, 0x1b, 0x0000003c); 1906 (void)uath_write_reg(sc, 0x1c, 0x00000000); 1907 (void)uath_write_reg(sc, 0x1e, 0x00000000); 1908 (void)uath_write_reg(sc, 0x1f, 0x00000003); 1909 (void)uath_write_reg(sc, 0x0c, 0x00000000); 1910 (void)uath_write_reg(sc, 0x0f, 0x00000002); 1911 (void)uath_write_reg(sc, 0x0a, 0x00000007); /* XXX retry? */ 1912 (void)uath_write_reg(sc, 0x09, ic->ic_rtsthreshold); 1913 1914 val = htobe32(4); 1915 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0); 1916 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0); 1917 (void)uath_cmd_write(sc, UATH_CMD_1B, NULL, 0, 0); 1918 1919 if ((error = uath_set_keys(sc)) != 0) { 1920 printf("%s: could not set crypto keys\n", 1921 sc->sc_dev.dv_xname); 1922 goto fail; 1923 } 1924 1925 /* enable Rx */ 1926 (void)uath_set_rxfilter(sc, 0x0000, 4); 1927 (void)uath_set_rxfilter(sc, 0x0817, 1); 1928 1929 cmd31.magic1 = htobe32(0xffffffff); 1930 cmd31.magic2 = htobe32(0xffffffff); 1931 (void)uath_cmd_write(sc, UATH_CMD_31, &cmd31, sizeof cmd31, 0); 1932 1933 ifp->if_flags |= IFF_RUNNING; 1934 ifq_clr_oactive(&ifp->if_snd); 1935 1936 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1937 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1938 else 1939 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1940 1941 return 0; 1942 1943 fail: uath_stop(ifp, 1); 1944 return error; 1945 } 1946 1947 void 1948 uath_stop(struct ifnet *ifp, int disable) 1949 { 1950 struct uath_softc *sc = ifp->if_softc; 1951 struct ieee80211com *ic = &sc->sc_ic; 1952 uint32_t val; 1953 int s; 1954 1955 s = splusb(); 1956 1957 sc->sc_tx_timer = 0; 1958 ifp->if_timer = 0; 1959 ifp->if_flags &= ~IFF_RUNNING; 1960 ifq_clr_oactive(&ifp->if_snd); 1961 1962 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); /* free all nodes */ 1963 1964 val = htobe32(0); 1965 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0); 1966 (void)uath_cmd_write(sc, UATH_CMD_RESET, NULL, 0, 0); 1967 1968 val = htobe32(0); 1969 (void)uath_cmd_write(sc, UATH_CMD_15, &val, sizeof val, 0); 1970 1971 #if 0 1972 (void)uath_cmd_read(sc, UATH_CMD_SHUTDOWN, NULL, 0, NULL, 1973 UATH_CMD_FLAG_MAGIC); 1974 #endif 1975 1976 /* abort any pending transfers */ 1977 usbd_abort_pipe(sc->data_tx_pipe); 1978 usbd_abort_pipe(sc->data_rx_pipe); 1979 usbd_abort_pipe(sc->cmd_tx_pipe); 1980 1981 splx(s); 1982 } 1983 1984 /* 1985 * Load the MIPS R4000 microcode into the device. Once the image is loaded, 1986 * the device will detach itself from the bus and reattach later with a new 1987 * product Id (a la ezusb). XXX this could also be implemented in userland 1988 * through /dev/ugen. 1989 */ 1990 int 1991 uath_loadfirmware(struct uath_softc *sc, const u_char *fw, int len) 1992 { 1993 struct usbd_xfer *ctlxfer, *txxfer, *rxxfer; 1994 struct uath_fwblock *txblock, *rxblock; 1995 uint8_t *txdata; 1996 int error = 0; 1997 1998 if ((ctlxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 1999 printf("%s: could not allocate Tx control xfer\n", 2000 sc->sc_dev.dv_xname); 2001 error = USBD_NOMEM; 2002 goto fail1; 2003 } 2004 txblock = usbd_alloc_buffer(ctlxfer, sizeof (struct uath_fwblock)); 2005 if (txblock == NULL) { 2006 printf("%s: could not allocate Tx control block\n", 2007 sc->sc_dev.dv_xname); 2008 error = USBD_NOMEM; 2009 goto fail2; 2010 } 2011 2012 if ((txxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 2013 printf("%s: could not allocate Tx xfer\n", 2014 sc->sc_dev.dv_xname); 2015 error = USBD_NOMEM; 2016 goto fail2; 2017 } 2018 txdata = usbd_alloc_buffer(txxfer, UATH_MAX_FWBLOCK_SIZE); 2019 if (txdata == NULL) { 2020 printf("%s: could not allocate Tx buffer\n", 2021 sc->sc_dev.dv_xname); 2022 error = USBD_NOMEM; 2023 goto fail3; 2024 } 2025 2026 if ((rxxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 2027 printf("%s: could not allocate Rx control xfer\n", 2028 sc->sc_dev.dv_xname); 2029 error = USBD_NOMEM; 2030 goto fail3; 2031 } 2032 rxblock = usbd_alloc_buffer(rxxfer, sizeof (struct uath_fwblock)); 2033 if (rxblock == NULL) { 2034 printf("%s: could not allocate Rx control block\n", 2035 sc->sc_dev.dv_xname); 2036 error = USBD_NOMEM; 2037 goto fail4; 2038 } 2039 2040 bzero(txblock, sizeof (struct uath_fwblock)); 2041 txblock->flags = htobe32(UATH_WRITE_BLOCK); 2042 txblock->total = htobe32(len); 2043 2044 while (len > 0) { 2045 int mlen = min(len, UATH_MAX_FWBLOCK_SIZE); 2046 2047 txblock->remain = htobe32(len - mlen); 2048 txblock->len = htobe32(mlen); 2049 2050 DPRINTF(("sending firmware block: %d bytes remaining\n", 2051 len - mlen)); 2052 2053 /* send firmware block meta-data */ 2054 usbd_setup_xfer(ctlxfer, sc->cmd_tx_pipe, sc, txblock, 2055 sizeof (struct uath_fwblock), 2056 USBD_NO_COPY | USBD_SYNCHRONOUS, 2057 UATH_CMD_TIMEOUT, NULL); 2058 if ((error = usbd_transfer(ctlxfer)) != 0) { 2059 printf("%s: could not send firmware block info\n", 2060 sc->sc_dev.dv_xname); 2061 break; 2062 } 2063 2064 /* send firmware block data */ 2065 bcopy(fw, txdata, mlen); 2066 usbd_setup_xfer(txxfer, sc->data_tx_pipe, sc, txdata, mlen, 2067 USBD_NO_COPY | USBD_SYNCHRONOUS, UATH_DATA_TIMEOUT, NULL); 2068 if ((error = usbd_transfer(txxfer)) != 0) { 2069 printf("%s: could not send firmware block data\n", 2070 sc->sc_dev.dv_xname); 2071 break; 2072 } 2073 2074 /* wait for ack from firmware */ 2075 usbd_setup_xfer(rxxfer, sc->cmd_rx_pipe, sc, rxblock, 2076 sizeof (struct uath_fwblock), USBD_SHORT_XFER_OK | 2077 USBD_NO_COPY | USBD_SYNCHRONOUS, UATH_CMD_TIMEOUT, NULL); 2078 if ((error = usbd_transfer(rxxfer)) != 0) { 2079 printf("%s: could not read firmware answer\n", 2080 sc->sc_dev.dv_xname); 2081 break; 2082 } 2083 2084 DPRINTFN(2, ("rxblock flags=0x%x total=%d\n", 2085 betoh32(rxblock->flags), betoh32(rxblock->rxtotal))); 2086 fw += mlen; 2087 len -= mlen; 2088 } 2089 2090 fail4: usbd_free_xfer(rxxfer); 2091 fail3: usbd_free_xfer(txxfer); 2092 fail2: usbd_free_xfer(ctlxfer); 2093 fail1: return error; 2094 } 2095