1 /* $OpenBSD: if_uath.c,v 1.89 2024/05/23 03:21:08 jsg Exp $ */ 2 3 /*- 4 * Copyright (c) 2006 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /*- 21 * Driver for Atheros AR5005UG/AR5005UX chipsets. 22 * 23 * IMPORTANT NOTICE: 24 * This driver was written without any documentation or support from Atheros 25 * Communications. It is based on a black-box analysis of the Windows binary 26 * driver. It handles both pre and post-firmware devices. 27 */ 28 29 #include "bpfilter.h" 30 31 #include <sys/param.h> 32 #include <sys/sockio.h> 33 #include <sys/mbuf.h> 34 #include <sys/systm.h> 35 #include <sys/timeout.h> 36 #include <sys/device.h> 37 #include <sys/endian.h> 38 39 #include <machine/bus.h> 40 #include <machine/intr.h> 41 42 #if NBPFILTER > 0 43 #include <net/bpf.h> 44 #endif 45 #include <net/if.h> 46 #include <net/if_dl.h> 47 #include <net/if_media.h> 48 49 #include <netinet/in.h> 50 #include <netinet/if_ether.h> 51 52 #include <net80211/ieee80211_var.h> 53 #include <net80211/ieee80211_radiotap.h> 54 55 #include <dev/usb/usb.h> 56 #include <dev/usb/usbdi.h> 57 #include <dev/usb/usbdivar.h> /* needs_reattach() */ 58 #include <dev/usb/usbdevs.h> 59 60 #include <dev/usb/if_uathreg.h> 61 #include <dev/usb/if_uathvar.h> 62 63 #ifdef UATH_DEBUG 64 #define DPRINTF(x) do { if (uath_debug) printf x; } while (0) 65 #define DPRINTFN(n, x) do { if (uath_debug >= (n)) printf x; } while (0) 66 int uath_debug = 1; 67 #else 68 #define DPRINTF(x) 69 #define DPRINTFN(n, x) 70 #endif 71 72 /*- 73 * Various supported device vendors/products. 74 * UB51: AR5005UG 802.11b/g, UB52: AR5005UX 802.11a/b/g 75 */ 76 #define UATH_DEV(v, p, f) \ 77 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p }, (f) }, \ 78 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p##_NF }, \ 79 (f) | UATH_FLAG_PRE_FIRMWARE } 80 #define UATH_DEV_UG(v, p) UATH_DEV(v, p, 0) 81 #define UATH_DEV_UX(v, p) UATH_DEV(v, p, UATH_FLAG_ABG) 82 static const struct uath_type { 83 struct usb_devno dev; 84 unsigned int flags; 85 #define UATH_FLAG_PRE_FIRMWARE (1 << 0) 86 #define UATH_FLAG_ABG (1 << 1) 87 } uath_devs[] = { 88 UATH_DEV_UG(ACCTON, SMCWUSBTG2), 89 UATH_DEV_UG(ATHEROS, AR5523), 90 UATH_DEV_UG(ATHEROS2, AR5523_1), 91 UATH_DEV_UG(ATHEROS2, AR5523_2), 92 UATH_DEV_UX(ATHEROS2, AR5523_3), 93 UATH_DEV_UG(CONCEPTRONIC, AR5523_1), 94 UATH_DEV_UX(CONCEPTRONIC, AR5523_2), 95 UATH_DEV_UX(DLINK, DWLAG122), 96 UATH_DEV_UX(DLINK, DWLAG132), 97 UATH_DEV_UG(DLINK, DWLG132), 98 UATH_DEV_UG(DLINK2, WUA2340), 99 UATH_DEV_UG(GIGASET, AR5523), 100 UATH_DEV_UG(GIGASET, SMCWUSBTG), 101 UATH_DEV_UG(GLOBALSUN, AR5523_1), 102 UATH_DEV_UX(GLOBALSUN, AR5523_2), 103 UATH_DEV_UG(IODATA, USBWNG54US), 104 UATH_DEV_UG(MELCO, WLIU2KAMG54), 105 UATH_DEV_UX(NETGEAR, WG111U), 106 UATH_DEV_UG(NETGEAR3, WG111T), 107 UATH_DEV_UG(NETGEAR3, WPN111), 108 UATH_DEV_UG(PHILIPS, SNU6500), 109 UATH_DEV_UX(UMEDIA, AR5523_2), 110 UATH_DEV_UG(UMEDIA, TEW444UBEU), 111 UATH_DEV_UG(WISTRONNEWEB, AR5523_1), 112 UATH_DEV_UX(WISTRONNEWEB, AR5523_2), 113 UATH_DEV_UG(ZCOM, AR5523), 114 115 /* Devices that share one of the IDs above. */ 116 { { USB_VENDOR_NETGEAR3, USB_PRODUCT_NETGEAR3_WG111T_1 }, 0 } \ 117 }; 118 #define uath_lookup(v, p) \ 119 ((const struct uath_type *)usb_lookup(uath_devs, v, p)) 120 121 void uath_attachhook(struct device *); 122 int uath_open_pipes(struct uath_softc *); 123 void uath_close_pipes(struct uath_softc *); 124 int uath_alloc_tx_data_list(struct uath_softc *); 125 void uath_free_tx_data_list(struct uath_softc *); 126 int uath_alloc_rx_data_list(struct uath_softc *); 127 void uath_free_rx_data_list(struct uath_softc *); 128 int uath_alloc_tx_cmd_list(struct uath_softc *); 129 void uath_free_tx_cmd_list(struct uath_softc *); 130 int uath_alloc_rx_cmd_list(struct uath_softc *); 131 void uath_free_rx_cmd_list(struct uath_softc *); 132 int uath_media_change(struct ifnet *); 133 void uath_stat(void *); 134 void uath_next_scan(void *); 135 void uath_task(void *); 136 int uath_newstate(struct ieee80211com *, enum ieee80211_state, int); 137 #ifdef UATH_DEBUG 138 void uath_dump_cmd(const uint8_t *, int, char); 139 #endif 140 int uath_cmd(struct uath_softc *, uint32_t, const void *, int, void *, 141 int); 142 int uath_cmd_write(struct uath_softc *, uint32_t, const void *, int, int); 143 int uath_cmd_read(struct uath_softc *, uint32_t, const void *, int, void *, 144 int); 145 int uath_write_reg(struct uath_softc *, uint32_t, uint32_t); 146 int uath_write_multi(struct uath_softc *, uint32_t, const void *, int); 147 int uath_read_reg(struct uath_softc *, uint32_t, uint32_t *); 148 int uath_read_eeprom(struct uath_softc *, uint32_t, void *); 149 void uath_cmd_rxeof(struct usbd_xfer *, void *, usbd_status); 150 void uath_data_rxeof(struct usbd_xfer *, void *, usbd_status); 151 void uath_data_txeof(struct usbd_xfer *, void *, usbd_status); 152 int uath_tx_null(struct uath_softc *); 153 int uath_tx_data(struct uath_softc *, struct mbuf *, 154 struct ieee80211_node *); 155 void uath_start(struct ifnet *); 156 void uath_watchdog(struct ifnet *); 157 int uath_ioctl(struct ifnet *, u_long, caddr_t); 158 int uath_query_eeprom(struct uath_softc *); 159 int uath_reset(struct uath_softc *); 160 int uath_reset_tx_queues(struct uath_softc *); 161 int uath_wme_init(struct uath_softc *); 162 int uath_set_chan(struct uath_softc *, struct ieee80211_channel *); 163 int uath_set_key(struct uath_softc *, const struct ieee80211_key *, int); 164 int uath_set_keys(struct uath_softc *); 165 int uath_set_rates(struct uath_softc *, const struct ieee80211_rateset *); 166 int uath_set_rxfilter(struct uath_softc *, uint32_t, uint32_t); 167 int uath_set_led(struct uath_softc *, int, int); 168 int uath_switch_channel(struct uath_softc *, struct ieee80211_channel *); 169 int uath_init(struct ifnet *); 170 void uath_stop(struct ifnet *, int); 171 int uath_loadfirmware(struct uath_softc *, const u_char *, int); 172 173 int uath_match(struct device *, void *, void *); 174 void uath_attach(struct device *, struct device *, void *); 175 int uath_detach(struct device *, int); 176 177 struct cfdriver uath_cd = { 178 NULL, "uath", DV_IFNET 179 }; 180 181 const struct cfattach uath_ca = { 182 sizeof(struct uath_softc), uath_match, uath_attach, uath_detach 183 }; 184 185 int 186 uath_match(struct device *parent, void *match, void *aux) 187 { 188 struct usb_attach_arg *uaa = aux; 189 190 if (uaa->iface == NULL || uaa->configno != UATH_CONFIG_NO) 191 return UMATCH_NONE; 192 193 return (uath_lookup(uaa->vendor, uaa->product) != NULL) ? 194 UMATCH_VENDOR_PRODUCT : UMATCH_NONE; 195 } 196 197 void 198 uath_attachhook(struct device *self) 199 { 200 struct uath_softc *sc = (struct uath_softc *)self; 201 u_char *fw; 202 size_t size; 203 int error; 204 205 if ((error = loadfirmware("uath-ar5523", &fw, &size)) != 0) { 206 printf("%s: error %d, could not read firmware %s\n", 207 sc->sc_dev.dv_xname, error, "uath-ar5523"); 208 return; 209 } 210 211 error = uath_loadfirmware(sc, fw, size); 212 free(fw, M_DEVBUF, size); 213 214 if (error == 0) { 215 /* 216 * Hack alert: the device doesn't always gracefully detach 217 * from the bus after a firmware upload. We need to force 218 * a port reset and a re-exploration on the parent hub. 219 */ 220 usbd_reset_port(sc->sc_uhub, sc->sc_port); 221 usb_needs_reattach(sc->sc_udev); 222 } else { 223 printf("%s: could not load firmware (error=%s)\n", 224 sc->sc_dev.dv_xname, usbd_errstr(error)); 225 } 226 } 227 228 void 229 uath_attach(struct device *parent, struct device *self, void *aux) 230 { 231 struct uath_softc *sc = (struct uath_softc *)self; 232 struct usb_attach_arg *uaa = aux; 233 struct ieee80211com *ic = &sc->sc_ic; 234 struct ifnet *ifp = &ic->ic_if; 235 usbd_status error; 236 int i; 237 238 sc->sc_udev = uaa->device; 239 sc->sc_uhub = uaa->device->myhub; 240 sc->sc_port = uaa->port; 241 242 sc->sc_flags = uath_lookup(uaa->vendor, uaa->product)->flags; 243 244 /* get the first interface handle */ 245 error = usbd_device2interface_handle(sc->sc_udev, UATH_IFACE_INDEX, 246 &sc->sc_iface); 247 if (error != 0) { 248 printf("%s: could not get interface handle\n", 249 sc->sc_dev.dv_xname); 250 return; 251 } 252 253 /* 254 * We must open the pipes early because they're used to upload the 255 * firmware (pre-firmware devices) or to send firmware commands. 256 */ 257 if (uath_open_pipes(sc) != 0) { 258 printf("%s: could not open pipes\n", sc->sc_dev.dv_xname); 259 return; 260 } 261 262 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) { 263 config_mountroot(self, uath_attachhook); 264 return; 265 } 266 267 /* 268 * Only post-firmware devices here. 269 */ 270 usb_init_task(&sc->sc_task, uath_task, sc, USB_TASK_TYPE_GENERIC); 271 timeout_set(&sc->scan_to, uath_next_scan, sc); 272 timeout_set(&sc->stat_to, uath_stat, sc); 273 274 /* 275 * Allocate xfers for firmware commands. 276 */ 277 if (uath_alloc_tx_cmd_list(sc) != 0) { 278 printf("%s: could not allocate Tx command list\n", 279 sc->sc_dev.dv_xname); 280 goto fail; 281 } 282 if (uath_alloc_rx_cmd_list(sc) != 0) { 283 printf("%s: could not allocate Rx command list\n", 284 sc->sc_dev.dv_xname); 285 goto fail; 286 } 287 288 /* 289 * Queue Rx command xfers. 290 */ 291 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) { 292 struct uath_rx_cmd *cmd = &sc->rx_cmd[i]; 293 294 usbd_setup_xfer(cmd->xfer, sc->cmd_rx_pipe, cmd, cmd->buf, 295 UATH_MAX_RXCMDSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 296 USBD_NO_TIMEOUT, uath_cmd_rxeof); 297 error = usbd_transfer(cmd->xfer); 298 if (error != USBD_IN_PROGRESS && error != 0) { 299 printf("%s: could not queue Rx command xfer\n", 300 sc->sc_dev.dv_xname); 301 goto fail; 302 } 303 } 304 305 /* 306 * We're now ready to send/receive firmware commands. 307 */ 308 if (uath_reset(sc) != 0) { 309 printf("%s: could not initialize adapter\n", 310 sc->sc_dev.dv_xname); 311 goto fail; 312 } 313 if (uath_query_eeprom(sc) != 0) { 314 printf("%s: could not read EEPROM\n", sc->sc_dev.dv_xname); 315 goto fail; 316 } 317 318 printf("%s: MAC/BBP AR5523, RF AR%c112, address %s\n", 319 sc->sc_dev.dv_xname, (sc->sc_flags & UATH_FLAG_ABG) ? '5': '2', 320 ether_sprintf(ic->ic_myaddr)); 321 322 /* 323 * Allocate xfers for Tx/Rx data pipes. 324 */ 325 if (uath_alloc_tx_data_list(sc) != 0) { 326 printf("%s: could not allocate Tx data list\n", 327 sc->sc_dev.dv_xname); 328 goto fail; 329 } 330 if (uath_alloc_rx_data_list(sc) != 0) { 331 printf("%s: could not allocate Rx data list\n", 332 sc->sc_dev.dv_xname); 333 goto fail; 334 } 335 336 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 337 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 338 ic->ic_state = IEEE80211_S_INIT; 339 340 /* set device capabilities */ 341 ic->ic_caps = 342 IEEE80211_C_MONITOR | /* monitor mode supported */ 343 IEEE80211_C_TXPMGT | /* tx power management */ 344 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 345 IEEE80211_C_SHSLOT | /* short slot time supported */ 346 IEEE80211_C_WEP; /* h/w WEP */ 347 348 /* set supported .11b and .11g rates */ 349 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 350 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 351 352 /* set supported .11b and .11g channels (1 through 14) */ 353 for (i = 1; i <= 14; i++) { 354 ic->ic_channels[i].ic_freq = 355 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 356 ic->ic_channels[i].ic_flags = 357 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 358 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 359 } 360 361 ifp->if_softc = sc; 362 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 363 ifp->if_ioctl = uath_ioctl; 364 ifp->if_start = uath_start; 365 ifp->if_watchdog = uath_watchdog; 366 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 367 368 if_attach(ifp); 369 ieee80211_ifattach(ifp); 370 371 /* override state transition machine */ 372 sc->sc_newstate = ic->ic_newstate; 373 ic->ic_newstate = uath_newstate; 374 ieee80211_media_init(ifp, uath_media_change, ieee80211_media_status); 375 376 #if NBPFILTER > 0 377 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 378 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 379 380 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 381 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 382 sc->sc_rxtap.wr_ihdr.it_present = htole32(UATH_RX_RADIOTAP_PRESENT); 383 384 sc->sc_txtap_len = sizeof sc->sc_txtapu; 385 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 386 sc->sc_txtap.wt_ihdr.it_present = htole32(UATH_TX_RADIOTAP_PRESENT); 387 #endif 388 389 return; 390 391 fail: uath_close_pipes(sc); 392 uath_free_tx_data_list(sc); 393 uath_free_rx_cmd_list(sc); 394 uath_free_tx_cmd_list(sc); 395 usbd_deactivate(sc->sc_udev); 396 } 397 398 int 399 uath_detach(struct device *self, int flags) 400 { 401 struct uath_softc *sc = (struct uath_softc *)self; 402 struct ifnet *ifp = &sc->sc_ic.ic_if; 403 int s; 404 405 s = splnet(); 406 407 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) { 408 uath_close_pipes(sc); 409 splx(s); 410 return 0; 411 } 412 413 /* post-firmware device */ 414 415 usb_rem_task(sc->sc_udev, &sc->sc_task); 416 if (timeout_initialized(&sc->scan_to)) 417 timeout_del(&sc->scan_to); 418 if (timeout_initialized(&sc->stat_to)) 419 timeout_del(&sc->stat_to); 420 421 /* close Tx/Rx pipes */ 422 uath_close_pipes(sc); 423 424 /* free xfers */ 425 uath_free_tx_data_list(sc); 426 uath_free_rx_data_list(sc); 427 uath_free_tx_cmd_list(sc); 428 uath_free_rx_cmd_list(sc); 429 430 if (ifp->if_softc != NULL) { 431 ieee80211_ifdetach(ifp); /* free all nodes */ 432 if_detach(ifp); 433 } 434 435 splx(s); 436 437 return 0; 438 } 439 440 int 441 uath_open_pipes(struct uath_softc *sc) 442 { 443 int error; 444 445 /* 446 * XXX pipes numbers are hardcoded because we don't have any way 447 * to distinguish the data pipes from the firmware command pipes 448 * (both are bulk pipes) using the endpoints descriptors. 449 */ 450 error = usbd_open_pipe(sc->sc_iface, 0x01, USBD_EXCLUSIVE_USE, 451 &sc->cmd_tx_pipe); 452 if (error != 0) { 453 printf("%s: could not open Tx command pipe: %s\n", 454 sc->sc_dev.dv_xname, usbd_errstr(error)); 455 goto fail; 456 } 457 458 error = usbd_open_pipe(sc->sc_iface, 0x02, USBD_EXCLUSIVE_USE, 459 &sc->data_tx_pipe); 460 if (error != 0) { 461 printf("%s: could not open Tx data pipe: %s\n", 462 sc->sc_dev.dv_xname, usbd_errstr(error)); 463 goto fail; 464 } 465 466 error = usbd_open_pipe(sc->sc_iface, 0x81, USBD_EXCLUSIVE_USE, 467 &sc->cmd_rx_pipe); 468 if (error != 0) { 469 printf("%s: could not open Rx command pipe: %s\n", 470 sc->sc_dev.dv_xname, usbd_errstr(error)); 471 goto fail; 472 } 473 474 error = usbd_open_pipe(sc->sc_iface, 0x82, USBD_EXCLUSIVE_USE, 475 &sc->data_rx_pipe); 476 if (error != 0) { 477 printf("%s: could not open Rx data pipe: %s\n", 478 sc->sc_dev.dv_xname, usbd_errstr(error)); 479 goto fail; 480 } 481 482 return 0; 483 484 fail: uath_close_pipes(sc); 485 return error; 486 } 487 488 void 489 uath_close_pipes(struct uath_softc *sc) 490 { 491 if (sc->data_tx_pipe != NULL) { 492 usbd_close_pipe(sc->data_tx_pipe); 493 sc->data_tx_pipe = NULL; 494 } 495 496 if (sc->data_rx_pipe != NULL) { 497 usbd_close_pipe(sc->data_rx_pipe); 498 sc->data_rx_pipe = NULL; 499 } 500 501 if (sc->cmd_tx_pipe != NULL) { 502 usbd_close_pipe(sc->cmd_tx_pipe); 503 sc->cmd_tx_pipe = NULL; 504 } 505 506 if (sc->cmd_rx_pipe != NULL) { 507 usbd_close_pipe(sc->cmd_rx_pipe); 508 sc->cmd_rx_pipe = NULL; 509 } 510 } 511 512 int 513 uath_alloc_tx_data_list(struct uath_softc *sc) 514 { 515 int i, error; 516 517 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) { 518 struct uath_tx_data *data = &sc->tx_data[i]; 519 520 data->sc = sc; /* backpointer for callbacks */ 521 522 data->xfer = usbd_alloc_xfer(sc->sc_udev); 523 if (data->xfer == NULL) { 524 printf("%s: could not allocate xfer\n", 525 sc->sc_dev.dv_xname); 526 error = ENOMEM; 527 goto fail; 528 } 529 data->buf = usbd_alloc_buffer(data->xfer, UATH_MAX_TXBUFSZ); 530 if (data->buf == NULL) { 531 printf("%s: could not allocate xfer buffer\n", 532 sc->sc_dev.dv_xname); 533 error = ENOMEM; 534 goto fail; 535 } 536 } 537 return 0; 538 539 fail: uath_free_tx_data_list(sc); 540 return error; 541 } 542 543 void 544 uath_free_tx_data_list(struct uath_softc *sc) 545 { 546 int i; 547 548 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) 549 if (sc->tx_data[i].xfer != NULL) { 550 usbd_free_xfer(sc->tx_data[i].xfer); 551 sc->tx_data[i].xfer = NULL; 552 } 553 } 554 555 int 556 uath_alloc_rx_data_list(struct uath_softc *sc) 557 { 558 int i, error; 559 560 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 561 struct uath_rx_data *data = &sc->rx_data[i]; 562 563 data->sc = sc; /* backpointer for callbacks */ 564 565 data->xfer = usbd_alloc_xfer(sc->sc_udev); 566 if (data->xfer == NULL) { 567 printf("%s: could not allocate xfer\n", 568 sc->sc_dev.dv_xname); 569 error = ENOMEM; 570 goto fail; 571 } 572 if (usbd_alloc_buffer(data->xfer, sc->rxbufsz) == NULL) { 573 printf("%s: could not allocate xfer buffer\n", 574 sc->sc_dev.dv_xname); 575 error = ENOMEM; 576 goto fail; 577 } 578 579 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 580 if (data->m == NULL) { 581 printf("%s: could not allocate rx mbuf\n", 582 sc->sc_dev.dv_xname); 583 error = ENOMEM; 584 goto fail; 585 } 586 MCLGETL(data->m, M_DONTWAIT, sc->rxbufsz); 587 if (!(data->m->m_flags & M_EXT)) { 588 printf("%s: could not allocate rx mbuf cluster\n", 589 sc->sc_dev.dv_xname); 590 error = ENOMEM; 591 goto fail; 592 } 593 594 data->buf = mtod(data->m, uint8_t *); 595 } 596 return 0; 597 598 fail: uath_free_rx_data_list(sc); 599 return error; 600 } 601 602 void 603 uath_free_rx_data_list(struct uath_softc *sc) 604 { 605 int i; 606 607 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 608 struct uath_rx_data *data = &sc->rx_data[i]; 609 610 if (data->xfer != NULL) { 611 usbd_free_xfer(data->xfer); 612 data->xfer = NULL; 613 } 614 615 if (data->m != NULL) { 616 m_freem(data->m); 617 data->m = NULL; 618 } 619 } 620 } 621 622 int 623 uath_alloc_tx_cmd_list(struct uath_softc *sc) 624 { 625 int i, error; 626 627 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) { 628 struct uath_tx_cmd *cmd = &sc->tx_cmd[i]; 629 630 cmd->sc = sc; /* backpointer for callbacks */ 631 632 cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 633 if (cmd->xfer == NULL) { 634 printf("%s: could not allocate xfer\n", 635 sc->sc_dev.dv_xname); 636 error = ENOMEM; 637 goto fail; 638 } 639 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_TXCMDSZ); 640 if (cmd->buf == NULL) { 641 printf("%s: could not allocate xfer buffer\n", 642 sc->sc_dev.dv_xname); 643 error = ENOMEM; 644 goto fail; 645 } 646 } 647 return 0; 648 649 fail: uath_free_tx_cmd_list(sc); 650 return error; 651 } 652 653 void 654 uath_free_tx_cmd_list(struct uath_softc *sc) 655 { 656 int i; 657 658 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) 659 if (sc->tx_cmd[i].xfer != NULL) { 660 usbd_free_xfer(sc->tx_cmd[i].xfer); 661 sc->tx_cmd[i].xfer = NULL; 662 } 663 } 664 665 int 666 uath_alloc_rx_cmd_list(struct uath_softc *sc) 667 { 668 int i, error; 669 670 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) { 671 struct uath_rx_cmd *cmd = &sc->rx_cmd[i]; 672 673 cmd->sc = sc; /* backpointer for callbacks */ 674 675 cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 676 if (cmd->xfer == NULL) { 677 printf("%s: could not allocate xfer\n", 678 sc->sc_dev.dv_xname); 679 error = ENOMEM; 680 goto fail; 681 } 682 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_RXCMDSZ); 683 if (cmd->buf == NULL) { 684 printf("%s: could not allocate xfer buffer\n", 685 sc->sc_dev.dv_xname); 686 error = ENOMEM; 687 goto fail; 688 } 689 } 690 return 0; 691 692 fail: uath_free_rx_cmd_list(sc); 693 return error; 694 } 695 696 void 697 uath_free_rx_cmd_list(struct uath_softc *sc) 698 { 699 int i; 700 701 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) 702 if (sc->rx_cmd[i].xfer != NULL) { 703 usbd_free_xfer(sc->rx_cmd[i].xfer); 704 sc->rx_cmd[i].xfer = NULL; 705 } 706 } 707 708 int 709 uath_media_change(struct ifnet *ifp) 710 { 711 int error; 712 713 error = ieee80211_media_change(ifp); 714 if (error != ENETRESET) 715 return error; 716 717 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 718 error = uath_init(ifp); 719 720 return error; 721 } 722 723 /* 724 * This function is called periodically (every second) when associated to 725 * query device statistics. 726 */ 727 void 728 uath_stat(void *arg) 729 { 730 struct uath_softc *sc = arg; 731 int error; 732 733 /* 734 * Send request for statistics asynchronously. The timer will be 735 * restarted when we'll get the stats notification. 736 */ 737 error = uath_cmd_write(sc, UATH_CMD_STATS, NULL, 0, 738 UATH_CMD_FLAG_ASYNC); 739 if (error != 0) { 740 printf("%s: could not query statistics (error=%d)\n", 741 sc->sc_dev.dv_xname, error); 742 } 743 } 744 745 /* 746 * This function is called periodically (every 250ms) during scanning to 747 * switch from one channel to another. 748 */ 749 void 750 uath_next_scan(void *arg) 751 { 752 struct uath_softc *sc = arg; 753 struct ieee80211com *ic = &sc->sc_ic; 754 struct ifnet *ifp = &ic->ic_if; 755 756 if (ic->ic_state == IEEE80211_S_SCAN) 757 ieee80211_next_scan(ifp); 758 } 759 760 void 761 uath_task(void *arg) 762 { 763 struct uath_softc *sc = arg; 764 struct ieee80211com *ic = &sc->sc_ic; 765 enum ieee80211_state ostate; 766 767 ostate = ic->ic_state; 768 769 switch (sc->sc_state) { 770 case IEEE80211_S_INIT: 771 if (ostate == IEEE80211_S_RUN) { 772 /* turn link and activity LEDs off */ 773 (void)uath_set_led(sc, UATH_LED_LINK, 0); 774 (void)uath_set_led(sc, UATH_LED_ACTIVITY, 0); 775 } 776 break; 777 778 case IEEE80211_S_SCAN: 779 if (uath_switch_channel(sc, ic->ic_bss->ni_chan) != 0) { 780 printf("%s: could not switch channel\n", 781 sc->sc_dev.dv_xname); 782 break; 783 } 784 timeout_add_msec(&sc->scan_to, 250); 785 break; 786 787 case IEEE80211_S_AUTH: 788 { 789 struct ieee80211_node *ni = ic->ic_bss; 790 struct uath_cmd_bssid bssid; 791 struct uath_cmd_0b cmd0b; 792 struct uath_cmd_0c cmd0c; 793 794 if (uath_switch_channel(sc, ni->ni_chan) != 0) { 795 printf("%s: could not switch channel\n", 796 sc->sc_dev.dv_xname); 797 break; 798 } 799 800 (void)uath_cmd_write(sc, UATH_CMD_24, NULL, 0, 0); 801 802 bzero(&bssid, sizeof bssid); 803 bssid.len = htobe32(IEEE80211_ADDR_LEN); 804 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid); 805 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid, 806 sizeof bssid, 0); 807 808 bzero(&cmd0b, sizeof cmd0b); 809 cmd0b.code = htobe32(2); 810 cmd0b.size = htobe32(sizeof (cmd0b.data)); 811 (void)uath_cmd_write(sc, UATH_CMD_0B, &cmd0b, sizeof cmd0b, 0); 812 813 bzero(&cmd0c, sizeof cmd0c); 814 cmd0c.magic1 = htobe32(2); 815 cmd0c.magic2 = htobe32(7); 816 cmd0c.magic3 = htobe32(1); 817 (void)uath_cmd_write(sc, UATH_CMD_0C, &cmd0c, sizeof cmd0c, 0); 818 819 if (uath_set_rates(sc, &ni->ni_rates) != 0) { 820 printf("%s: could not set negotiated rate set\n", 821 sc->sc_dev.dv_xname); 822 break; 823 } 824 break; 825 } 826 827 case IEEE80211_S_ASSOC: 828 break; 829 830 case IEEE80211_S_RUN: 831 { 832 struct ieee80211_node *ni = ic->ic_bss; 833 struct uath_cmd_bssid bssid; 834 struct uath_cmd_xled xled; 835 uint32_t val; 836 837 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 838 /* make both LEDs blink while monitoring */ 839 bzero(&xled, sizeof xled); 840 xled.which = htobe32(0); 841 xled.rate = htobe32(1); 842 xled.mode = htobe32(2); 843 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, 844 sizeof xled, 0); 845 break; 846 } 847 848 /* 849 * Tx rate is controlled by firmware, report the maximum 850 * negotiated rate in ifconfig output. 851 */ 852 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 853 854 val = htobe32(1); 855 (void)uath_cmd_write(sc, UATH_CMD_2E, &val, sizeof val, 0); 856 857 bzero(&bssid, sizeof bssid); 858 bssid.flags1 = htobe32(0xc004); 859 bssid.flags2 = htobe32(0x003b); 860 bssid.len = htobe32(IEEE80211_ADDR_LEN); 861 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid); 862 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid, 863 sizeof bssid, 0); 864 865 /* turn link LED on */ 866 (void)uath_set_led(sc, UATH_LED_LINK, 1); 867 868 /* make activity LED blink */ 869 bzero(&xled, sizeof xled); 870 xled.which = htobe32(1); 871 xled.rate = htobe32(1); 872 xled.mode = htobe32(2); 873 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, sizeof xled, 874 0); 875 876 /* set state to associated */ 877 val = htobe32(1); 878 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 879 0); 880 881 /* start statistics timer */ 882 timeout_add_sec(&sc->stat_to, 1); 883 break; 884 } 885 } 886 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 887 } 888 889 int 890 uath_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 891 { 892 struct uath_softc *sc = ic->ic_softc; 893 894 usb_rem_task(sc->sc_udev, &sc->sc_task); 895 timeout_del(&sc->scan_to); 896 timeout_del(&sc->stat_to); 897 898 /* do it in a process context */ 899 sc->sc_state = nstate; 900 sc->sc_arg = arg; 901 usb_add_task(sc->sc_udev, &sc->sc_task); 902 return 0; 903 } 904 905 #ifdef UATH_DEBUG 906 void 907 uath_dump_cmd(const uint8_t *buf, int len, char prefix) 908 { 909 int i; 910 911 for (i = 0; i < len; i++) { 912 if ((i % 16) == 0) 913 printf("\n%c ", prefix); 914 else if ((i % 4) == 0) 915 printf(" "); 916 printf("%02x", buf[i]); 917 } 918 printf("\n"); 919 } 920 #endif 921 922 /* 923 * Low-level function to send read or write commands to the firmware. 924 */ 925 int 926 uath_cmd(struct uath_softc *sc, uint32_t code, const void *idata, int ilen, 927 void *odata, int flags) 928 { 929 struct uath_cmd_hdr *hdr; 930 struct uath_tx_cmd *cmd; 931 uint16_t xferflags; 932 int s, xferlen, error; 933 934 /* grab a xfer */ 935 cmd = &sc->tx_cmd[sc->cmd_idx]; 936 937 /* always bulk-out a multiple of 4 bytes */ 938 xferlen = (sizeof (struct uath_cmd_hdr) + ilen + 3) & ~3; 939 940 hdr = (struct uath_cmd_hdr *)cmd->buf; 941 bzero(hdr, sizeof (struct uath_cmd_hdr)); 942 hdr->len = htobe32(xferlen); 943 hdr->code = htobe32(code); 944 hdr->priv = sc->cmd_idx; /* don't care about endianness */ 945 hdr->magic = htobe32((flags & UATH_CMD_FLAG_MAGIC) ? 1 << 24 : 0); 946 bcopy(idata, (uint8_t *)(hdr + 1), ilen); 947 948 #ifdef UATH_DEBUG 949 if (uath_debug >= 5) { 950 printf("sending command code=0x%02x flags=0x%x index=%u", 951 code, flags, sc->cmd_idx); 952 uath_dump_cmd(cmd->buf, xferlen, '+'); 953 } 954 #endif 955 xferflags = USBD_FORCE_SHORT_XFER | USBD_NO_COPY; 956 if (!(flags & UATH_CMD_FLAG_READ)) { 957 if (!(flags & UATH_CMD_FLAG_ASYNC)) 958 xferflags |= USBD_SYNCHRONOUS; 959 } else 960 s = splusb(); 961 962 cmd->odata = odata; 963 964 usbd_setup_xfer(cmd->xfer, sc->cmd_tx_pipe, cmd, cmd->buf, xferlen, 965 xferflags, UATH_CMD_TIMEOUT, NULL); 966 error = usbd_transfer(cmd->xfer); 967 if (error != USBD_IN_PROGRESS && error != 0) { 968 if (flags & UATH_CMD_FLAG_READ) 969 splx(s); 970 printf("%s: could not send command 0x%x (error=%s)\n", 971 sc->sc_dev.dv_xname, code, usbd_errstr(error)); 972 return error; 973 } 974 sc->cmd_idx = (sc->cmd_idx + 1) % UATH_TX_CMD_LIST_COUNT; 975 976 if (!(flags & UATH_CMD_FLAG_READ)) 977 return 0; /* write: don't wait for reply */ 978 979 /* wait at most two seconds for command reply */ 980 error = tsleep_nsec(cmd, PCATCH, "uathcmd", SEC_TO_NSEC(2)); 981 cmd->odata = NULL; /* in case answer is received too late */ 982 splx(s); 983 if (error != 0) { 984 printf("%s: timeout waiting for command reply\n", 985 sc->sc_dev.dv_xname); 986 } 987 return error; 988 } 989 990 int 991 uath_cmd_write(struct uath_softc *sc, uint32_t code, const void *data, int len, 992 int flags) 993 { 994 flags &= ~UATH_CMD_FLAG_READ; 995 return uath_cmd(sc, code, data, len, NULL, flags); 996 } 997 998 int 999 uath_cmd_read(struct uath_softc *sc, uint32_t code, const void *idata, 1000 int ilen, void *odata, int flags) 1001 { 1002 flags |= UATH_CMD_FLAG_READ; 1003 return uath_cmd(sc, code, idata, ilen, odata, flags); 1004 } 1005 1006 int 1007 uath_write_reg(struct uath_softc *sc, uint32_t reg, uint32_t val) 1008 { 1009 struct uath_write_mac write; 1010 int error; 1011 1012 write.reg = htobe32(reg); 1013 write.len = htobe32(0); /* 0 = single write */ 1014 *(uint32_t *)write.data = htobe32(val); 1015 1016 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write, 1017 3 * sizeof (uint32_t), 0); 1018 if (error != 0) { 1019 printf("%s: could not write register 0x%02x\n", 1020 sc->sc_dev.dv_xname, reg); 1021 } 1022 return error; 1023 } 1024 1025 int 1026 uath_write_multi(struct uath_softc *sc, uint32_t reg, const void *data, 1027 int len) 1028 { 1029 struct uath_write_mac write; 1030 int error; 1031 1032 write.reg = htobe32(reg); 1033 write.len = htobe32(len); 1034 bcopy(data, write.data, len); 1035 1036 /* properly handle the case where len is zero (reset) */ 1037 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write, 1038 (len == 0) ? sizeof (uint32_t) : 2 * sizeof (uint32_t) + len, 0); 1039 if (error != 0) { 1040 printf("%s: could not write %d bytes to register 0x%02x\n", 1041 sc->sc_dev.dv_xname, len, reg); 1042 } 1043 return error; 1044 } 1045 1046 int 1047 uath_read_reg(struct uath_softc *sc, uint32_t reg, uint32_t *val) 1048 { 1049 struct uath_read_mac read; 1050 int error; 1051 1052 reg = htobe32(reg); 1053 error = uath_cmd_read(sc, UATH_CMD_READ_MAC, ®, sizeof reg, &read, 1054 0); 1055 if (error != 0) { 1056 printf("%s: could not read register 0x%02x\n", 1057 sc->sc_dev.dv_xname, betoh32(reg)); 1058 return error; 1059 } 1060 *val = betoh32(*(uint32_t *)read.data); 1061 return error; 1062 } 1063 1064 int 1065 uath_read_eeprom(struct uath_softc *sc, uint32_t reg, void *odata) 1066 { 1067 struct uath_read_mac read; 1068 int len, error; 1069 1070 reg = htobe32(reg); 1071 error = uath_cmd_read(sc, UATH_CMD_READ_EEPROM, ®, sizeof reg, 1072 &read, 0); 1073 if (error != 0) { 1074 printf("%s: could not read EEPROM offset 0x%02x\n", 1075 sc->sc_dev.dv_xname, betoh32(reg)); 1076 return error; 1077 } 1078 len = betoh32(read.len); 1079 bcopy(read.data, odata, (len == 0) ? sizeof (uint32_t) : len); 1080 return error; 1081 } 1082 1083 void 1084 uath_cmd_rxeof(struct usbd_xfer *xfer, void *priv, 1085 usbd_status status) 1086 { 1087 struct uath_rx_cmd *cmd = priv; 1088 struct uath_softc *sc = cmd->sc; 1089 struct uath_cmd_hdr *hdr; 1090 1091 if (status != USBD_NORMAL_COMPLETION) { 1092 if (status == USBD_STALLED) 1093 usbd_clear_endpoint_stall_async(sc->cmd_rx_pipe); 1094 return; 1095 } 1096 1097 hdr = (struct uath_cmd_hdr *)cmd->buf; 1098 1099 #ifdef UATH_DEBUG 1100 if (uath_debug >= 5) { 1101 printf("received command code=0x%x index=%u len=%u", 1102 betoh32(hdr->code), hdr->priv, betoh32(hdr->len)); 1103 uath_dump_cmd(cmd->buf, betoh32(hdr->len), '-'); 1104 } 1105 #endif 1106 1107 switch (betoh32(hdr->code) & 0xff) { 1108 /* reply to a read command */ 1109 default: 1110 { 1111 struct uath_tx_cmd *txcmd = &sc->tx_cmd[hdr->priv]; 1112 1113 if (txcmd->odata != NULL) { 1114 /* copy answer into caller's supplied buffer */ 1115 bcopy((uint8_t *)(hdr + 1), txcmd->odata, 1116 betoh32(hdr->len) - sizeof (struct uath_cmd_hdr)); 1117 } 1118 wakeup(txcmd); /* wake up caller */ 1119 break; 1120 } 1121 /* spontaneous firmware notifications */ 1122 case UATH_NOTIF_READY: 1123 DPRINTF(("received device ready notification\n")); 1124 wakeup(UATH_COND_INIT(sc)); 1125 break; 1126 1127 case UATH_NOTIF_TX: 1128 /* this notification is sent when UATH_TX_NOTIFY is set */ 1129 DPRINTF(("received Tx notification\n")); 1130 break; 1131 1132 case UATH_NOTIF_STATS: 1133 DPRINTFN(2, ("received device statistics\n")); 1134 timeout_add_sec(&sc->stat_to, 1); 1135 break; 1136 } 1137 1138 /* setup a new transfer */ 1139 usbd_setup_xfer(xfer, sc->cmd_rx_pipe, cmd, cmd->buf, UATH_MAX_RXCMDSZ, 1140 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, 1141 uath_cmd_rxeof); 1142 (void)usbd_transfer(xfer); 1143 } 1144 1145 void 1146 uath_data_rxeof(struct usbd_xfer *xfer, void *priv, 1147 usbd_status status) 1148 { 1149 struct uath_rx_data *data = priv; 1150 struct uath_softc *sc = data->sc; 1151 struct ieee80211com *ic = &sc->sc_ic; 1152 struct ifnet *ifp = &ic->ic_if; 1153 struct ieee80211_frame *wh; 1154 struct ieee80211_rxinfo rxi; 1155 struct ieee80211_node *ni; 1156 struct uath_rx_desc *desc; 1157 struct mbuf *mnew, *m; 1158 uint32_t hdr; 1159 int s, len; 1160 1161 if (status != USBD_NORMAL_COMPLETION) { 1162 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1163 return; 1164 1165 if (status == USBD_STALLED) 1166 usbd_clear_endpoint_stall_async(sc->data_rx_pipe); 1167 1168 ifp->if_ierrors++; 1169 return; 1170 } 1171 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1172 1173 if (len < UATH_MIN_RXBUFSZ) { 1174 DPRINTF(("wrong xfer size (len=%d)\n", len)); 1175 ifp->if_ierrors++; 1176 goto skip; 1177 } 1178 1179 hdr = betoh32(*(uint32_t *)data->buf); 1180 1181 /* Rx descriptor is located at the end, 32-bit aligned */ 1182 desc = (struct uath_rx_desc *) 1183 (data->buf + len - sizeof (struct uath_rx_desc)); 1184 1185 if (betoh32(desc->len) > sc->rxbufsz) { 1186 DPRINTF(("bad descriptor (len=%d)\n", betoh32(desc->len))); 1187 ifp->if_ierrors++; 1188 goto skip; 1189 } 1190 1191 /* there's probably a "bad CRC" flag somewhere in the descriptor.. */ 1192 1193 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1194 if (mnew == NULL) { 1195 printf("%s: could not allocate rx mbuf\n", 1196 sc->sc_dev.dv_xname); 1197 ifp->if_ierrors++; 1198 goto skip; 1199 } 1200 MCLGETL(mnew, M_DONTWAIT, sc->rxbufsz); 1201 if (!(mnew->m_flags & M_EXT)) { 1202 printf("%s: could not allocate rx mbuf cluster\n", 1203 sc->sc_dev.dv_xname); 1204 m_freem(mnew); 1205 ifp->if_ierrors++; 1206 goto skip; 1207 } 1208 1209 m = data->m; 1210 data->m = mnew; 1211 1212 /* finalize mbuf */ 1213 m->m_data = data->buf + sizeof (uint32_t); 1214 m->m_pkthdr.len = m->m_len = betoh32(desc->len) - 1215 sizeof (struct uath_rx_desc) - IEEE80211_CRC_LEN; 1216 1217 data->buf = mtod(data->m, uint8_t *); 1218 1219 wh = mtod(m, struct ieee80211_frame *); 1220 memset(&rxi, 0, sizeof(rxi)); 1221 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) && 1222 ic->ic_opmode != IEEE80211_M_MONITOR) { 1223 /* 1224 * Hardware decrypts the frame itself but leaves the WEP bit 1225 * set in the 802.11 header and doesn't remove the IV and CRC 1226 * fields. 1227 */ 1228 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 1229 memmove((caddr_t)wh + IEEE80211_WEP_IVLEN + 1230 IEEE80211_WEP_KIDLEN, wh, sizeof (struct ieee80211_frame)); 1231 m_adj(m, IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN); 1232 m_adj(m, -IEEE80211_WEP_CRCLEN); 1233 wh = mtod(m, struct ieee80211_frame *); 1234 1235 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1236 } 1237 1238 #if NBPFILTER > 0 1239 /* there are a lot more fields in the Rx descriptor */ 1240 if (sc->sc_drvbpf != NULL) { 1241 struct mbuf mb; 1242 struct uath_rx_radiotap_header *tap = &sc->sc_rxtap; 1243 1244 tap->wr_flags = 0; 1245 tap->wr_chan_freq = htole16(betoh32(desc->freq)); 1246 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1247 tap->wr_dbm_antsignal = (int8_t)betoh32(desc->rssi); 1248 1249 mb.m_data = (caddr_t)tap; 1250 mb.m_len = sc->sc_rxtap_len; 1251 mb.m_next = m; 1252 mb.m_nextpkt = NULL; 1253 mb.m_type = 0; 1254 mb.m_flags = 0; 1255 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1256 } 1257 #endif 1258 1259 s = splnet(); 1260 ni = ieee80211_find_rxnode(ic, wh); 1261 rxi.rxi_rssi = (int)betoh32(desc->rssi); 1262 ieee80211_input(ifp, m, ni, &rxi); 1263 1264 /* node is no longer needed */ 1265 ieee80211_release_node(ic, ni); 1266 splx(s); 1267 1268 skip: /* setup a new transfer */ 1269 usbd_setup_xfer(xfer, sc->data_rx_pipe, data, data->buf, sc->rxbufsz, 1270 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, uath_data_rxeof); 1271 (void)usbd_transfer(data->xfer); 1272 } 1273 1274 int 1275 uath_tx_null(struct uath_softc *sc) 1276 { 1277 struct uath_tx_data *data; 1278 struct uath_tx_desc *desc; 1279 1280 data = &sc->tx_data[sc->data_idx]; 1281 1282 data->ni = NULL; 1283 1284 *(uint32_t *)data->buf = UATH_MAKECTL(1, sizeof (struct uath_tx_desc)); 1285 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t)); 1286 1287 bzero(desc, sizeof (struct uath_tx_desc)); 1288 desc->len = htobe32(sizeof (struct uath_tx_desc)); 1289 desc->type = htobe32(UATH_TX_NULL); 1290 1291 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, 1292 sizeof (uint32_t) + sizeof (struct uath_tx_desc), USBD_NO_COPY | 1293 USBD_FORCE_SHORT_XFER | USBD_SYNCHRONOUS, UATH_DATA_TIMEOUT, NULL); 1294 if (usbd_transfer(data->xfer) != 0) 1295 return EIO; 1296 1297 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT; 1298 1299 return uath_cmd_write(sc, UATH_CMD_0F, NULL, 0, UATH_CMD_FLAG_ASYNC); 1300 } 1301 1302 void 1303 uath_data_txeof(struct usbd_xfer *xfer, void *priv, 1304 usbd_status status) 1305 { 1306 struct uath_tx_data *data = priv; 1307 struct uath_softc *sc = data->sc; 1308 struct ieee80211com *ic = &sc->sc_ic; 1309 struct ifnet *ifp = &ic->ic_if; 1310 int s; 1311 1312 if (status != USBD_NORMAL_COMPLETION) { 1313 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1314 return; 1315 1316 printf("%s: could not transmit buffer: %s\n", 1317 sc->sc_dev.dv_xname, usbd_errstr(status)); 1318 1319 if (status == USBD_STALLED) 1320 usbd_clear_endpoint_stall_async(sc->data_tx_pipe); 1321 1322 ifp->if_oerrors++; 1323 return; 1324 } 1325 1326 s = splnet(); 1327 1328 ieee80211_release_node(ic, data->ni); 1329 data->ni = NULL; 1330 1331 sc->tx_queued--; 1332 1333 sc->sc_tx_timer = 0; 1334 ifq_clr_oactive(&ifp->if_snd); 1335 uath_start(ifp); 1336 1337 splx(s); 1338 } 1339 1340 int 1341 uath_tx_data(struct uath_softc *sc, struct mbuf *m0, struct ieee80211_node *ni) 1342 { 1343 struct ieee80211com *ic = &sc->sc_ic; 1344 struct uath_tx_data *data; 1345 struct uath_tx_desc *desc; 1346 const struct ieee80211_frame *wh; 1347 int paylen, totlen, xferlen, error; 1348 1349 data = &sc->tx_data[sc->data_idx]; 1350 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t)); 1351 1352 data->ni = ni; 1353 1354 #if NBPFILTER > 0 1355 if (sc->sc_drvbpf != NULL) { 1356 struct mbuf mb; 1357 struct uath_tx_radiotap_header *tap = &sc->sc_txtap; 1358 1359 tap->wt_flags = 0; 1360 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1361 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1362 1363 mb.m_data = (caddr_t)tap; 1364 mb.m_len = sc->sc_txtap_len; 1365 mb.m_next = m0; 1366 mb.m_nextpkt = NULL; 1367 mb.m_type = 0; 1368 mb.m_flags = 0; 1369 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1370 } 1371 #endif 1372 1373 paylen = m0->m_pkthdr.len; 1374 xferlen = sizeof (uint32_t) + sizeof (struct uath_tx_desc) + paylen; 1375 1376 wh = mtod(m0, struct ieee80211_frame *); 1377 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1378 uint8_t *frm = (uint8_t *)(desc + 1); 1379 uint32_t iv; 1380 1381 /* h/w WEP: it's up to the host to fill the IV field */ 1382 bcopy(wh, frm, sizeof (struct ieee80211_frame)); 1383 frm += sizeof (struct ieee80211_frame); 1384 1385 /* insert IV: code copied from net80211 */ 1386 iv = (ic->ic_iv != 0) ? ic->ic_iv : arc4random(); 1387 if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00) 1388 iv += 0x000100; 1389 ic->ic_iv = iv + 1; 1390 1391 *frm++ = iv & 0xff; 1392 *frm++ = (iv >> 8) & 0xff; 1393 *frm++ = (iv >> 16) & 0xff; 1394 *frm++ = ic->ic_wep_txkey << 6; 1395 1396 m_copydata(m0, sizeof(struct ieee80211_frame), 1397 m0->m_pkthdr.len - sizeof(struct ieee80211_frame), frm); 1398 1399 paylen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; 1400 xferlen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; 1401 totlen = xferlen + IEEE80211_WEP_CRCLEN; 1402 } else { 1403 m_copydata(m0, 0, m0->m_pkthdr.len, desc + 1); 1404 totlen = xferlen; 1405 } 1406 1407 /* fill Tx descriptor */ 1408 *(uint32_t *)data->buf = UATH_MAKECTL(1, xferlen - sizeof (uint32_t)); 1409 1410 desc->len = htobe32(totlen); 1411 desc->priv = sc->data_idx; /* don't care about endianness */ 1412 desc->paylen = htobe32(paylen); 1413 desc->type = htobe32(UATH_TX_DATA); 1414 desc->flags = htobe32(0); 1415 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1416 desc->dest = htobe32(UATH_ID_BROADCAST); 1417 desc->magic = htobe32(3); 1418 } else { 1419 desc->dest = htobe32(UATH_ID_BSS); 1420 desc->magic = htobe32(1); 1421 } 1422 1423 m_freem(m0); /* mbuf is no longer needed */ 1424 1425 #ifdef UATH_DEBUG 1426 if (uath_debug >= 6) { 1427 printf("sending frame index=%u len=%d xferlen=%d", 1428 sc->data_idx, paylen, xferlen); 1429 uath_dump_cmd(data->buf, xferlen, '+'); 1430 } 1431 #endif 1432 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, xferlen, 1433 USBD_FORCE_SHORT_XFER | USBD_NO_COPY, UATH_DATA_TIMEOUT, 1434 uath_data_txeof); 1435 error = usbd_transfer(data->xfer); 1436 if (error != USBD_IN_PROGRESS && error != 0) { 1437 ic->ic_if.if_oerrors++; 1438 return error; 1439 } 1440 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT; 1441 sc->tx_queued++; 1442 1443 return 0; 1444 } 1445 1446 void 1447 uath_start(struct ifnet *ifp) 1448 { 1449 struct uath_softc *sc = ifp->if_softc; 1450 struct ieee80211com *ic = &sc->sc_ic; 1451 struct ieee80211_node *ni; 1452 struct mbuf *m0; 1453 1454 /* 1455 * net80211 may still try to send management frames even if the 1456 * IFF_RUNNING flag is not set... 1457 */ 1458 if (!(ifp->if_flags & IFF_RUNNING) && ifq_is_oactive(&ifp->if_snd)) 1459 return; 1460 1461 for (;;) { 1462 if (sc->tx_queued >= UATH_TX_DATA_LIST_COUNT) { 1463 ifq_set_oactive(&ifp->if_snd); 1464 break; 1465 } 1466 1467 m0 = mq_dequeue(&ic->ic_mgtq); 1468 if (m0 != NULL) { 1469 ni = m0->m_pkthdr.ph_cookie; 1470 #if NBPFILTER > 0 1471 if (ic->ic_rawbpf != NULL) 1472 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1473 #endif 1474 if (uath_tx_data(sc, m0, ni) != 0) 1475 break; 1476 } else { 1477 if (ic->ic_state != IEEE80211_S_RUN) 1478 break; 1479 1480 m0 = ifq_dequeue(&ifp->if_snd); 1481 if (m0 == NULL) 1482 break; 1483 #if NBPFILTER > 0 1484 if (ifp->if_bpf != NULL) 1485 bpf_mtap(ifp->if_bpf, m0, BPF_DIRECTION_OUT); 1486 #endif 1487 m0 = ieee80211_encap(ifp, m0, &ni); 1488 if (m0 == NULL) 1489 continue; 1490 #if NBPFILTER > 0 1491 if (ic->ic_rawbpf != NULL) 1492 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1493 #endif 1494 if (uath_tx_data(sc, m0, ni) != 0) { 1495 if (ni != NULL) 1496 ieee80211_release_node(ic, ni); 1497 ifp->if_oerrors++; 1498 break; 1499 } 1500 } 1501 1502 sc->sc_tx_timer = 5; 1503 ifp->if_timer = 1; 1504 } 1505 } 1506 1507 void 1508 uath_watchdog(struct ifnet *ifp) 1509 { 1510 struct uath_softc *sc = ifp->if_softc; 1511 1512 ifp->if_timer = 0; 1513 1514 if (sc->sc_tx_timer > 0) { 1515 if (--sc->sc_tx_timer == 0) { 1516 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1517 /*uath_init(ifp); XXX needs a process context! */ 1518 ifp->if_oerrors++; 1519 return; 1520 } 1521 ifp->if_timer = 1; 1522 } 1523 1524 ieee80211_watchdog(ifp); 1525 } 1526 1527 int 1528 uath_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1529 { 1530 int s, error = 0; 1531 1532 s = splnet(); 1533 1534 switch (cmd) { 1535 case SIOCSIFADDR: 1536 ifp->if_flags |= IFF_UP; 1537 /* FALLTHROUGH */ 1538 case SIOCSIFFLAGS: 1539 if (ifp->if_flags & IFF_UP) { 1540 if (!(ifp->if_flags & IFF_RUNNING)) 1541 uath_init(ifp); 1542 } else { 1543 if (ifp->if_flags & IFF_RUNNING) 1544 uath_stop(ifp, 1); 1545 } 1546 break; 1547 1548 default: 1549 error = ieee80211_ioctl(ifp, cmd, data); 1550 } 1551 1552 if (error == ENETRESET) { 1553 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1554 (IFF_UP | IFF_RUNNING)) 1555 uath_init(ifp); 1556 error = 0; 1557 } 1558 1559 splx(s); 1560 1561 return error; 1562 } 1563 1564 int 1565 uath_query_eeprom(struct uath_softc *sc) 1566 { 1567 uint32_t tmp; 1568 int error; 1569 1570 /* retrieve MAC address */ 1571 error = uath_read_eeprom(sc, UATH_EEPROM_MACADDR, sc->sc_ic.ic_myaddr); 1572 if (error != 0) { 1573 printf("%s: could not read MAC address\n", 1574 sc->sc_dev.dv_xname); 1575 return error; 1576 } 1577 1578 /* retrieve the maximum frame size that the hardware can receive */ 1579 error = uath_read_eeprom(sc, UATH_EEPROM_RXBUFSZ, &tmp); 1580 if (error != 0) { 1581 printf("%s: could not read maximum Rx buffer size\n", 1582 sc->sc_dev.dv_xname); 1583 return error; 1584 } 1585 sc->rxbufsz = betoh32(tmp) & 0xfff; 1586 DPRINTF(("maximum Rx buffer size %d\n", sc->rxbufsz)); 1587 return 0; 1588 } 1589 1590 int 1591 uath_reset(struct uath_softc *sc) 1592 { 1593 struct uath_cmd_setup setup; 1594 uint32_t reg, val; 1595 int s, error; 1596 1597 /* init device with some voodoo incantations.. */ 1598 setup.magic1 = htobe32(1); 1599 setup.magic2 = htobe32(5); 1600 setup.magic3 = htobe32(200); 1601 setup.magic4 = htobe32(27); 1602 s = splusb(); 1603 error = uath_cmd_write(sc, UATH_CMD_SETUP, &setup, sizeof setup, 1604 UATH_CMD_FLAG_ASYNC); 1605 /* ..and wait until firmware notifies us that it is ready */ 1606 if (error == 0) 1607 error = tsleep_nsec(UATH_COND_INIT(sc), PCATCH, "uathinit", 1608 SEC_TO_NSEC(5)); 1609 splx(s); 1610 if (error != 0) 1611 return error; 1612 1613 /* read PHY registers */ 1614 for (reg = 0x09; reg <= 0x24; reg++) { 1615 if (reg == 0x0b || reg == 0x0c) 1616 continue; 1617 DELAY(100); 1618 if ((error = uath_read_reg(sc, reg, &val)) != 0) 1619 return error; 1620 DPRINTFN(2, ("reg 0x%02x=0x%08x\n", reg, val)); 1621 } 1622 return error; 1623 } 1624 1625 int 1626 uath_reset_tx_queues(struct uath_softc *sc) 1627 { 1628 int ac, error; 1629 1630 for (ac = 0; ac < 4; ac++) { 1631 const uint32_t qid = htobe32(UATH_AC_TO_QID(ac)); 1632 1633 DPRINTF(("resetting Tx queue %d\n", UATH_AC_TO_QID(ac))); 1634 error = uath_cmd_write(sc, UATH_CMD_RESET_QUEUE, &qid, 1635 sizeof qid, 0); 1636 if (error != 0) 1637 break; 1638 } 1639 return error; 1640 } 1641 1642 int 1643 uath_wme_init(struct uath_softc *sc) 1644 { 1645 struct uath_qinfo qinfo; 1646 int ac, error; 1647 static const struct uath_wme_settings uath_wme_11g[4] = { 1648 { 7, 4, 10, 0, 0 }, /* Background */ 1649 { 3, 4, 10, 0, 0 }, /* Best-Effort */ 1650 { 3, 3, 4, 26, 0 }, /* Video */ 1651 { 2, 2, 3, 47, 0 } /* Voice */ 1652 }; 1653 1654 bzero(&qinfo, sizeof qinfo); 1655 qinfo.size = htobe32(32); 1656 qinfo.magic1 = htobe32(1); /* XXX ack policy? */ 1657 qinfo.magic2 = htobe32(1); 1658 for (ac = 0; ac < 4; ac++) { 1659 qinfo.qid = htobe32(UATH_AC_TO_QID(ac)); 1660 qinfo.ac = htobe32(ac); 1661 qinfo.aifsn = htobe32(uath_wme_11g[ac].aifsn); 1662 qinfo.logcwmin = htobe32(uath_wme_11g[ac].logcwmin); 1663 qinfo.logcwmax = htobe32(uath_wme_11g[ac].logcwmax); 1664 qinfo.txop = htobe32(UATH_TXOP_TO_US( 1665 uath_wme_11g[ac].txop)); 1666 qinfo.acm = htobe32(uath_wme_11g[ac].acm); 1667 1668 DPRINTF(("setting up Tx queue %d\n", UATH_AC_TO_QID(ac))); 1669 error = uath_cmd_write(sc, UATH_CMD_SET_QUEUE, &qinfo, 1670 sizeof qinfo, 0); 1671 if (error != 0) 1672 break; 1673 } 1674 return error; 1675 } 1676 1677 int 1678 uath_set_chan(struct uath_softc *sc, struct ieee80211_channel *c) 1679 { 1680 struct uath_set_chan chan; 1681 1682 bzero(&chan, sizeof chan); 1683 chan.flags = htobe32(0x1400); 1684 chan.freq = htobe32(c->ic_freq); 1685 chan.magic1 = htobe32(20); 1686 chan.magic2 = htobe32(50); 1687 chan.magic3 = htobe32(1); 1688 1689 DPRINTF(("switching to channel %d\n", 1690 ieee80211_chan2ieee(&sc->sc_ic, c))); 1691 return uath_cmd_write(sc, UATH_CMD_SET_CHAN, &chan, sizeof chan, 0); 1692 } 1693 1694 int 1695 uath_set_key(struct uath_softc *sc, const struct ieee80211_key *k, int index) 1696 { 1697 struct uath_cmd_crypto crypto; 1698 int i; 1699 1700 bzero(&crypto, sizeof crypto); 1701 crypto.keyidx = htobe32(index); 1702 crypto.magic1 = htobe32(1); 1703 crypto.size = htobe32(368); 1704 crypto.mask = htobe32(0xffff); 1705 crypto.flags = htobe32(0x80000068); 1706 if (index != UATH_DEFAULT_KEY) 1707 crypto.flags |= htobe32(index << 16); 1708 memset(crypto.magic2, 0xff, sizeof crypto.magic2); 1709 1710 /* 1711 * Each byte of the key must be XOR'ed with 10101010 before being 1712 * transmitted to the firmware. 1713 */ 1714 for (i = 0; i < k->k_len; i++) 1715 crypto.key[i] = k->k_key[i] ^ 0xaa; 1716 1717 DPRINTF(("setting crypto key index=%d len=%d\n", index, k->k_len)); 1718 return uath_cmd_write(sc, UATH_CMD_CRYPTO, &crypto, sizeof crypto, 0); 1719 } 1720 1721 int 1722 uath_set_keys(struct uath_softc *sc) 1723 { 1724 const struct ieee80211com *ic = &sc->sc_ic; 1725 int i, error; 1726 1727 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 1728 const struct ieee80211_key *k = &ic->ic_nw_keys[i]; 1729 1730 if (k->k_len > 0 && (error = uath_set_key(sc, k, i)) != 0) 1731 return error; 1732 } 1733 return uath_set_key(sc, &ic->ic_nw_keys[ic->ic_wep_txkey], 1734 UATH_DEFAULT_KEY); 1735 } 1736 1737 int 1738 uath_set_rates(struct uath_softc *sc, const struct ieee80211_rateset *rs) 1739 { 1740 struct uath_cmd_rates rates; 1741 1742 bzero(&rates, sizeof rates); 1743 rates.magic1 = htobe32(0x02); 1744 rates.size = htobe32(1 + sizeof rates.rates); 1745 rates.nrates = rs->rs_nrates; 1746 bcopy(rs->rs_rates, rates.rates, rs->rs_nrates); 1747 1748 DPRINTF(("setting supported rates nrates=%d\n", rs->rs_nrates)); 1749 return uath_cmd_write(sc, UATH_CMD_SET_RATES, &rates, sizeof rates, 0); 1750 } 1751 1752 int 1753 uath_set_rxfilter(struct uath_softc *sc, uint32_t filter, uint32_t flags) 1754 { 1755 struct uath_cmd_filter rxfilter; 1756 1757 rxfilter.filter = htobe32(filter); 1758 rxfilter.flags = htobe32(flags); 1759 1760 DPRINTF(("setting Rx filter=0x%x flags=0x%x\n", filter, flags)); 1761 return uath_cmd_write(sc, UATH_CMD_SET_FILTER, &rxfilter, 1762 sizeof rxfilter, 0); 1763 } 1764 1765 int 1766 uath_set_led(struct uath_softc *sc, int which, int on) 1767 { 1768 struct uath_cmd_led led; 1769 1770 led.which = htobe32(which); 1771 led.state = htobe32(on ? UATH_LED_ON : UATH_LED_OFF); 1772 1773 DPRINTFN(2, ("switching %s led %s\n", 1774 (which == UATH_LED_LINK) ? "link" : "activity", 1775 on ? "on" : "off")); 1776 return uath_cmd_write(sc, UATH_CMD_SET_LED, &led, sizeof led, 0); 1777 } 1778 1779 int 1780 uath_switch_channel(struct uath_softc *sc, struct ieee80211_channel *c) 1781 { 1782 uint32_t val; 1783 int error; 1784 1785 /* set radio frequency */ 1786 if ((error = uath_set_chan(sc, c)) != 0) { 1787 printf("%s: could not set channel\n", sc->sc_dev.dv_xname); 1788 return error; 1789 } 1790 1791 /* reset Tx rings */ 1792 if ((error = uath_reset_tx_queues(sc)) != 0) { 1793 printf("%s: could not reset Tx queues\n", 1794 sc->sc_dev.dv_xname); 1795 return error; 1796 } 1797 1798 /* set Tx rings WME properties */ 1799 if ((error = uath_wme_init(sc)) != 0) { 1800 printf("%s: could not init Tx queues\n", 1801 sc->sc_dev.dv_xname); 1802 return error; 1803 } 1804 1805 val = htobe32(0); 1806 error = uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0); 1807 if (error != 0) { 1808 printf("%s: could not set state\n", sc->sc_dev.dv_xname); 1809 return error; 1810 } 1811 1812 return uath_tx_null(sc); 1813 } 1814 1815 int 1816 uath_init(struct ifnet *ifp) 1817 { 1818 struct uath_softc *sc = ifp->if_softc; 1819 struct ieee80211com *ic = &sc->sc_ic; 1820 struct uath_cmd_31 cmd31; 1821 uint32_t val; 1822 int i, error; 1823 1824 /* reset data and command rings */ 1825 sc->tx_queued = sc->data_idx = sc->cmd_idx = 0; 1826 1827 val = htobe32(0); 1828 (void)uath_cmd_write(sc, UATH_CMD_02, &val, sizeof val, 0); 1829 1830 /* set MAC address */ 1831 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 1832 (void)uath_write_multi(sc, 0x13, ic->ic_myaddr, IEEE80211_ADDR_LEN); 1833 1834 (void)uath_write_reg(sc, 0x02, 0x00000001); 1835 (void)uath_write_reg(sc, 0x0e, 0x0000003f); 1836 (void)uath_write_reg(sc, 0x10, 0x00000001); 1837 (void)uath_write_reg(sc, 0x06, 0x0000001e); 1838 1839 /* 1840 * Queue Rx data xfers. 1841 */ 1842 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 1843 struct uath_rx_data *data = &sc->rx_data[i]; 1844 1845 usbd_setup_xfer(data->xfer, sc->data_rx_pipe, data, data->buf, 1846 sc->rxbufsz, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, 1847 uath_data_rxeof); 1848 error = usbd_transfer(data->xfer); 1849 if (error != USBD_IN_PROGRESS && error != 0) { 1850 printf("%s: could not queue Rx transfer\n", 1851 sc->sc_dev.dv_xname); 1852 goto fail; 1853 } 1854 } 1855 1856 error = uath_cmd_read(sc, UATH_CMD_07, NULL, 0, &val, 1857 UATH_CMD_FLAG_MAGIC); 1858 if (error != 0) { 1859 printf("%s: could not send read command 07h\n", 1860 sc->sc_dev.dv_xname); 1861 goto fail; 1862 } 1863 DPRINTF(("command 07h return code: %x\n", betoh32(val))); 1864 1865 /* set default channel */ 1866 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1867 if ((error = uath_set_chan(sc, ic->ic_bss->ni_chan)) != 0) { 1868 printf("%s: could not set channel\n", sc->sc_dev.dv_xname); 1869 goto fail; 1870 } 1871 1872 if ((error = uath_wme_init(sc)) != 0) { 1873 printf("%s: could not setup WME parameters\n", 1874 sc->sc_dev.dv_xname); 1875 goto fail; 1876 } 1877 1878 /* init MAC registers */ 1879 (void)uath_write_reg(sc, 0x19, 0x00000000); 1880 (void)uath_write_reg(sc, 0x1a, 0x0000003c); 1881 (void)uath_write_reg(sc, 0x1b, 0x0000003c); 1882 (void)uath_write_reg(sc, 0x1c, 0x00000000); 1883 (void)uath_write_reg(sc, 0x1e, 0x00000000); 1884 (void)uath_write_reg(sc, 0x1f, 0x00000003); 1885 (void)uath_write_reg(sc, 0x0c, 0x00000000); 1886 (void)uath_write_reg(sc, 0x0f, 0x00000002); 1887 (void)uath_write_reg(sc, 0x0a, 0x00000007); /* XXX retry? */ 1888 (void)uath_write_reg(sc, 0x09, ic->ic_rtsthreshold); 1889 1890 val = htobe32(4); 1891 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0); 1892 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0); 1893 (void)uath_cmd_write(sc, UATH_CMD_1B, NULL, 0, 0); 1894 1895 if ((error = uath_set_keys(sc)) != 0) { 1896 printf("%s: could not set crypto keys\n", 1897 sc->sc_dev.dv_xname); 1898 goto fail; 1899 } 1900 1901 /* enable Rx */ 1902 (void)uath_set_rxfilter(sc, 0x0000, 4); 1903 (void)uath_set_rxfilter(sc, 0x0817, 1); 1904 1905 cmd31.magic1 = htobe32(0xffffffff); 1906 cmd31.magic2 = htobe32(0xffffffff); 1907 (void)uath_cmd_write(sc, UATH_CMD_31, &cmd31, sizeof cmd31, 0); 1908 1909 ifp->if_flags |= IFF_RUNNING; 1910 ifq_clr_oactive(&ifp->if_snd); 1911 1912 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1913 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1914 else 1915 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1916 1917 return 0; 1918 1919 fail: uath_stop(ifp, 1); 1920 return error; 1921 } 1922 1923 void 1924 uath_stop(struct ifnet *ifp, int disable) 1925 { 1926 struct uath_softc *sc = ifp->if_softc; 1927 struct ieee80211com *ic = &sc->sc_ic; 1928 uint32_t val; 1929 int s; 1930 1931 s = splusb(); 1932 1933 sc->sc_tx_timer = 0; 1934 ifp->if_timer = 0; 1935 ifp->if_flags &= ~IFF_RUNNING; 1936 ifq_clr_oactive(&ifp->if_snd); 1937 1938 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); /* free all nodes */ 1939 1940 val = htobe32(0); 1941 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0); 1942 (void)uath_cmd_write(sc, UATH_CMD_RESET, NULL, 0, 0); 1943 1944 val = htobe32(0); 1945 (void)uath_cmd_write(sc, UATH_CMD_15, &val, sizeof val, 0); 1946 1947 #if 0 1948 (void)uath_cmd_read(sc, UATH_CMD_SHUTDOWN, NULL, 0, NULL, 1949 UATH_CMD_FLAG_MAGIC); 1950 #endif 1951 1952 /* abort any pending transfers */ 1953 usbd_abort_pipe(sc->data_tx_pipe); 1954 usbd_abort_pipe(sc->data_rx_pipe); 1955 usbd_abort_pipe(sc->cmd_tx_pipe); 1956 1957 splx(s); 1958 } 1959 1960 /* 1961 * Load the MIPS R4000 microcode into the device. Once the image is loaded, 1962 * the device will detach itself from the bus and reattach later with a new 1963 * product Id (a la ezusb). XXX this could also be implemented in userland 1964 * through /dev/ugen. 1965 */ 1966 int 1967 uath_loadfirmware(struct uath_softc *sc, const u_char *fw, int len) 1968 { 1969 struct usbd_xfer *ctlxfer, *txxfer, *rxxfer; 1970 struct uath_fwblock *txblock, *rxblock; 1971 uint8_t *txdata; 1972 int error = 0; 1973 1974 if ((ctlxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 1975 printf("%s: could not allocate Tx control xfer\n", 1976 sc->sc_dev.dv_xname); 1977 error = USBD_NOMEM; 1978 goto fail1; 1979 } 1980 txblock = usbd_alloc_buffer(ctlxfer, sizeof (struct uath_fwblock)); 1981 if (txblock == NULL) { 1982 printf("%s: could not allocate Tx control block\n", 1983 sc->sc_dev.dv_xname); 1984 error = USBD_NOMEM; 1985 goto fail2; 1986 } 1987 1988 if ((txxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 1989 printf("%s: could not allocate Tx xfer\n", 1990 sc->sc_dev.dv_xname); 1991 error = USBD_NOMEM; 1992 goto fail2; 1993 } 1994 txdata = usbd_alloc_buffer(txxfer, UATH_MAX_FWBLOCK_SIZE); 1995 if (txdata == NULL) { 1996 printf("%s: could not allocate Tx buffer\n", 1997 sc->sc_dev.dv_xname); 1998 error = USBD_NOMEM; 1999 goto fail3; 2000 } 2001 2002 if ((rxxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 2003 printf("%s: could not allocate Rx control xfer\n", 2004 sc->sc_dev.dv_xname); 2005 error = USBD_NOMEM; 2006 goto fail3; 2007 } 2008 rxblock = usbd_alloc_buffer(rxxfer, sizeof (struct uath_fwblock)); 2009 if (rxblock == NULL) { 2010 printf("%s: could not allocate Rx control block\n", 2011 sc->sc_dev.dv_xname); 2012 error = USBD_NOMEM; 2013 goto fail4; 2014 } 2015 2016 bzero(txblock, sizeof (struct uath_fwblock)); 2017 txblock->flags = htobe32(UATH_WRITE_BLOCK); 2018 txblock->total = htobe32(len); 2019 2020 while (len > 0) { 2021 int mlen = min(len, UATH_MAX_FWBLOCK_SIZE); 2022 2023 txblock->remain = htobe32(len - mlen); 2024 txblock->len = htobe32(mlen); 2025 2026 DPRINTF(("sending firmware block: %d bytes remaining\n", 2027 len - mlen)); 2028 2029 /* send firmware block meta-data */ 2030 usbd_setup_xfer(ctlxfer, sc->cmd_tx_pipe, sc, txblock, 2031 sizeof (struct uath_fwblock), 2032 USBD_NO_COPY | USBD_SYNCHRONOUS, 2033 UATH_CMD_TIMEOUT, NULL); 2034 if ((error = usbd_transfer(ctlxfer)) != 0) { 2035 printf("%s: could not send firmware block info\n", 2036 sc->sc_dev.dv_xname); 2037 break; 2038 } 2039 2040 /* send firmware block data */ 2041 bcopy(fw, txdata, mlen); 2042 usbd_setup_xfer(txxfer, sc->data_tx_pipe, sc, txdata, mlen, 2043 USBD_NO_COPY | USBD_SYNCHRONOUS, UATH_DATA_TIMEOUT, NULL); 2044 if ((error = usbd_transfer(txxfer)) != 0) { 2045 printf("%s: could not send firmware block data\n", 2046 sc->sc_dev.dv_xname); 2047 break; 2048 } 2049 2050 /* wait for ack from firmware */ 2051 usbd_setup_xfer(rxxfer, sc->cmd_rx_pipe, sc, rxblock, 2052 sizeof (struct uath_fwblock), USBD_SHORT_XFER_OK | 2053 USBD_NO_COPY | USBD_SYNCHRONOUS, UATH_CMD_TIMEOUT, NULL); 2054 if ((error = usbd_transfer(rxxfer)) != 0) { 2055 printf("%s: could not read firmware answer\n", 2056 sc->sc_dev.dv_xname); 2057 break; 2058 } 2059 2060 DPRINTFN(2, ("rxblock flags=0x%x total=%d\n", 2061 betoh32(rxblock->flags), betoh32(rxblock->rxtotal))); 2062 fw += mlen; 2063 len -= mlen; 2064 } 2065 2066 fail4: usbd_free_xfer(rxxfer); 2067 fail3: usbd_free_xfer(txxfer); 2068 fail2: usbd_free_xfer(ctlxfer); 2069 fail1: return error; 2070 } 2071