1 /* $OpenBSD: if_uath.c,v 1.52 2012/10/03 08:05:26 sthen Exp $ */ 2 3 /*- 4 * Copyright (c) 2006 5 * Damien Bergamini <damien.bergamini@free.fr> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /*- 21 * Driver for Atheros AR5005UG/AR5005UX chipsets. 22 * 23 * IMPORTANT NOTICE: 24 * This driver was written without any documentation or support from Atheros 25 * Communications. It is based on a black-box analysis of the Windows binary 26 * driver. It handles both pre and post-firmware devices. 27 */ 28 29 #include "bpfilter.h" 30 31 #include <sys/param.h> 32 #include <sys/sockio.h> 33 #include <sys/mbuf.h> 34 #include <sys/kernel.h> 35 #include <sys/socket.h> 36 #include <sys/systm.h> 37 #include <sys/timeout.h> 38 #include <sys/conf.h> 39 #include <sys/device.h> 40 41 #include <machine/bus.h> 42 #include <machine/endian.h> 43 #include <machine/intr.h> 44 45 #if NBPFILTER > 0 46 #include <net/bpf.h> 47 #endif 48 #include <net/if.h> 49 #include <net/if_arp.h> 50 #include <net/if_dl.h> 51 #include <net/if_media.h> 52 #include <net/if_types.h> 53 54 #include <netinet/in.h> 55 #include <netinet/in_systm.h> 56 #include <netinet/in_var.h> 57 #include <netinet/if_ether.h> 58 #include <netinet/ip.h> 59 60 #include <net80211/ieee80211_var.h> 61 #include <net80211/ieee80211_radiotap.h> 62 63 #include <dev/rndvar.h> 64 #include <crypto/arc4.h> 65 66 #include <dev/usb/usb.h> 67 #include <dev/usb/usbdi.h> 68 #include <dev/usb/usbdivar.h> /* needs_reattach() */ 69 #include <dev/usb/usbdi_util.h> 70 #include <dev/usb/usbdevs.h> 71 72 #include <dev/usb/if_uathreg.h> 73 #include <dev/usb/if_uathvar.h> 74 75 #ifdef USB_DEBUG 76 #define UATH_DEBUG 77 #endif 78 79 #ifdef UATH_DEBUG 80 #define DPRINTF(x) do { if (uath_debug) printf x; } while (0) 81 #define DPRINTFN(n, x) do { if (uath_debug >= (n)) printf x; } while (0) 82 int uath_debug = 1; 83 #else 84 #define DPRINTF(x) 85 #define DPRINTFN(n, x) 86 #endif 87 88 /*- 89 * Various supported device vendors/products. 90 * UB51: AR5005UG 802.11b/g, UB52: AR5005UX 802.11a/b/g 91 */ 92 #define UATH_DEV(v, p, f) \ 93 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p }, (f) }, \ 94 { { USB_VENDOR_##v, USB_PRODUCT_##v##_##p##_NF }, \ 95 (f) | UATH_FLAG_PRE_FIRMWARE } 96 #define UATH_DEV_UG(v, p) UATH_DEV(v, p, 0) 97 #define UATH_DEV_UX(v, p) UATH_DEV(v, p, UATH_FLAG_ABG) 98 static const struct uath_type { 99 struct usb_devno dev; 100 unsigned int flags; 101 #define UATH_FLAG_PRE_FIRMWARE (1 << 0) 102 #define UATH_FLAG_ABG (1 << 1) 103 } uath_devs[] = { 104 UATH_DEV_UG(ACCTON, SMCWUSBTG2), 105 UATH_DEV_UG(ATHEROS, AR5523), 106 UATH_DEV_UG(ATHEROS2, AR5523_1), 107 UATH_DEV_UG(ATHEROS2, AR5523_2), 108 UATH_DEV_UX(ATHEROS2, AR5523_3), 109 UATH_DEV_UG(CONCEPTRONIC, AR5523_1), 110 UATH_DEV_UX(CONCEPTRONIC, AR5523_2), 111 UATH_DEV_UX(DLINK, DWLAG122), 112 UATH_DEV_UX(DLINK, DWLAG132), 113 UATH_DEV_UG(DLINK, DWLG132), 114 UATH_DEV_UG(DLINK2, WUA2340), 115 UATH_DEV_UG(GIGASET, AR5523), 116 UATH_DEV_UG(GIGASET, SMCWUSBTG), 117 UATH_DEV_UG(GLOBALSUN, AR5523_1), 118 UATH_DEV_UX(GLOBALSUN, AR5523_2), 119 UATH_DEV_UG(IODATA, USBWNG54US), 120 UATH_DEV_UG(MELCO, WLIU2KAMG54), 121 UATH_DEV_UX(NETGEAR, WG111U), 122 UATH_DEV_UG(NETGEAR3, WG111T), 123 UATH_DEV_UG(NETGEAR3, WPN111), 124 UATH_DEV_UG(PHILIPS, SNU6500), 125 UATH_DEV_UX(UMEDIA, AR5523_2), 126 UATH_DEV_UG(UMEDIA, TEW444UBEU), 127 UATH_DEV_UG(WISTRONNEWEB, AR5523_1), 128 UATH_DEV_UX(WISTRONNEWEB, AR5523_2), 129 UATH_DEV_UG(ZCOM, AR5523) 130 }; 131 #define uath_lookup(v, p) \ 132 ((const struct uath_type *)usb_lookup(uath_devs, v, p)) 133 134 void uath_attachhook(void *); 135 int uath_open_pipes(struct uath_softc *); 136 void uath_close_pipes(struct uath_softc *); 137 int uath_alloc_tx_data_list(struct uath_softc *); 138 void uath_free_tx_data_list(struct uath_softc *); 139 int uath_alloc_rx_data_list(struct uath_softc *); 140 void uath_free_rx_data_list(struct uath_softc *); 141 int uath_alloc_tx_cmd_list(struct uath_softc *); 142 void uath_free_tx_cmd_list(struct uath_softc *); 143 int uath_alloc_rx_cmd_list(struct uath_softc *); 144 void uath_free_rx_cmd_list(struct uath_softc *); 145 int uath_media_change(struct ifnet *); 146 void uath_stat(void *); 147 void uath_next_scan(void *); 148 void uath_task(void *); 149 int uath_newstate(struct ieee80211com *, enum ieee80211_state, int); 150 #ifdef UATH_DEBUG 151 void uath_dump_cmd(const uint8_t *, int, char); 152 #endif 153 int uath_cmd(struct uath_softc *, uint32_t, const void *, int, void *, 154 int); 155 int uath_cmd_write(struct uath_softc *, uint32_t, const void *, int, int); 156 int uath_cmd_read(struct uath_softc *, uint32_t, const void *, int, void *, 157 int); 158 int uath_write_reg(struct uath_softc *, uint32_t, uint32_t); 159 int uath_write_multi(struct uath_softc *, uint32_t, const void *, int); 160 int uath_read_reg(struct uath_softc *, uint32_t, uint32_t *); 161 int uath_read_eeprom(struct uath_softc *, uint32_t, void *); 162 void uath_cmd_rxeof(usbd_xfer_handle, usbd_private_handle, usbd_status); 163 void uath_data_rxeof(usbd_xfer_handle, usbd_private_handle, usbd_status); 164 void uath_data_txeof(usbd_xfer_handle, usbd_private_handle, usbd_status); 165 int uath_tx_null(struct uath_softc *); 166 int uath_tx_data(struct uath_softc *, struct mbuf *, 167 struct ieee80211_node *); 168 void uath_start(struct ifnet *); 169 void uath_watchdog(struct ifnet *); 170 int uath_ioctl(struct ifnet *, u_long, caddr_t); 171 int uath_query_eeprom(struct uath_softc *); 172 int uath_reset(struct uath_softc *); 173 int uath_reset_tx_queues(struct uath_softc *); 174 int uath_wme_init(struct uath_softc *); 175 int uath_set_chan(struct uath_softc *, struct ieee80211_channel *); 176 int uath_set_key(struct uath_softc *, const struct ieee80211_key *, int); 177 int uath_set_keys(struct uath_softc *); 178 int uath_set_rates(struct uath_softc *, const struct ieee80211_rateset *); 179 int uath_set_rxfilter(struct uath_softc *, uint32_t, uint32_t); 180 int uath_set_led(struct uath_softc *, int, int); 181 int uath_switch_channel(struct uath_softc *, struct ieee80211_channel *); 182 int uath_init(struct ifnet *); 183 void uath_stop(struct ifnet *, int); 184 int uath_loadfirmware(struct uath_softc *, const u_char *, int); 185 int uath_activate(struct device *, int); 186 187 int uath_match(struct device *, void *, void *); 188 void uath_attach(struct device *, struct device *, void *); 189 int uath_detach(struct device *, int); 190 int uath_activate(struct device *, int); 191 192 struct cfdriver uath_cd = { 193 NULL, "uath", DV_IFNET 194 }; 195 196 const struct cfattach uath_ca = { 197 sizeof(struct uath_softc), 198 uath_match, 199 uath_attach, 200 uath_detach, 201 uath_activate, 202 }; 203 204 int 205 uath_match(struct device *parent, void *match, void *aux) 206 { 207 struct usb_attach_arg *uaa = aux; 208 209 if (uaa->iface != NULL) 210 return UMATCH_NONE; 211 212 return (uath_lookup(uaa->vendor, uaa->product) != NULL) ? 213 UMATCH_VENDOR_PRODUCT : UMATCH_NONE; 214 } 215 216 void 217 uath_attachhook(void *xsc) 218 { 219 struct uath_softc *sc = xsc; 220 u_char *fw; 221 size_t size; 222 int error; 223 224 if ((error = loadfirmware("uath-ar5523", &fw, &size)) != 0) { 225 printf("%s: error %d, could not read firmware %s\n", 226 sc->sc_dev.dv_xname, error, "uath-ar5523"); 227 return; 228 } 229 230 error = uath_loadfirmware(sc, fw, size); 231 free(fw, M_DEVBUF); 232 233 if (error == 0) { 234 usb_port_status_t status; 235 236 /* 237 * Hack alert: the device doesn't always gracefully detach 238 * from the bus after a firmware upload. We need to force 239 * a port reset and a re-exploration on the parent hub. 240 */ 241 usbd_reset_port(sc->sc_uhub, sc->sc_port, &status); 242 usb_needs_reattach(sc->sc_udev); 243 } else { 244 printf("%s: could not load firmware (error=%s)\n", 245 sc->sc_dev.dv_xname, usbd_errstr(error)); 246 } 247 } 248 249 void 250 uath_attach(struct device *parent, struct device *self, void *aux) 251 { 252 struct uath_softc *sc = (struct uath_softc *)self; 253 struct usb_attach_arg *uaa = aux; 254 struct ieee80211com *ic = &sc->sc_ic; 255 struct ifnet *ifp = &ic->ic_if; 256 usbd_status error; 257 int i; 258 259 sc->sc_udev = uaa->device; 260 sc->sc_uhub = uaa->device->myhub; 261 sc->sc_port = uaa->port; 262 263 sc->sc_flags = uath_lookup(uaa->vendor, uaa->product)->flags; 264 265 if (usbd_set_config_no(sc->sc_udev, UATH_CONFIG_NO, 0) != 0) { 266 printf("%s: could not set configuration no\n", 267 sc->sc_dev.dv_xname); 268 return; 269 } 270 271 /* get the first interface handle */ 272 error = usbd_device2interface_handle(sc->sc_udev, UATH_IFACE_INDEX, 273 &sc->sc_iface); 274 if (error != 0) { 275 printf("%s: could not get interface handle\n", 276 sc->sc_dev.dv_xname); 277 return; 278 } 279 280 /* 281 * We must open the pipes early because they're used to upload the 282 * firmware (pre-firmware devices) or to send firmware commands. 283 */ 284 if (uath_open_pipes(sc) != 0) { 285 printf("%s: could not open pipes\n", sc->sc_dev.dv_xname); 286 return; 287 } 288 289 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) { 290 if (rootvp == NULL) 291 mountroothook_establish(uath_attachhook, sc); 292 else 293 uath_attachhook(sc); 294 return; 295 } 296 297 /* 298 * Only post-firmware devices here. 299 */ 300 usb_init_task(&sc->sc_task, uath_task, sc, USB_TASK_TYPE_GENERIC); 301 timeout_set(&sc->scan_to, uath_next_scan, sc); 302 timeout_set(&sc->stat_to, uath_stat, sc); 303 304 /* 305 * Allocate xfers for firmware commands. 306 */ 307 if (uath_alloc_tx_cmd_list(sc) != 0) { 308 printf("%s: could not allocate Tx command list\n", 309 sc->sc_dev.dv_xname); 310 goto fail1; 311 } 312 if (uath_alloc_rx_cmd_list(sc) != 0) { 313 printf("%s: could not allocate Rx command list\n", 314 sc->sc_dev.dv_xname); 315 goto fail2; 316 } 317 318 /* 319 * Queue Rx command xfers. 320 */ 321 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) { 322 struct uath_rx_cmd *cmd = &sc->rx_cmd[i]; 323 324 usbd_setup_xfer(cmd->xfer, sc->cmd_rx_pipe, cmd, cmd->buf, 325 UATH_MAX_RXCMDSZ, USBD_SHORT_XFER_OK | USBD_NO_COPY, 326 USBD_NO_TIMEOUT, uath_cmd_rxeof); 327 error = usbd_transfer(cmd->xfer); 328 if (error != USBD_IN_PROGRESS && error != 0) { 329 printf("%s: could not queue Rx command xfer\n", 330 sc->sc_dev.dv_xname); 331 goto fail3; 332 } 333 } 334 335 /* 336 * We're now ready to send/receive firmware commands. 337 */ 338 if (uath_reset(sc) != 0) { 339 printf("%s: could not initialize adapter\n", 340 sc->sc_dev.dv_xname); 341 goto fail3; 342 } 343 if (uath_query_eeprom(sc) != 0) { 344 printf("%s: could not read EEPROM\n", sc->sc_dev.dv_xname); 345 goto fail3; 346 } 347 348 printf("%s: MAC/BBP AR5523, RF AR%c112, address %s\n", 349 sc->sc_dev.dv_xname, (sc->sc_flags & UATH_FLAG_ABG) ? '5': '2', 350 ether_sprintf(ic->ic_myaddr)); 351 352 /* 353 * Allocate xfers for Tx/Rx data pipes. 354 */ 355 if (uath_alloc_tx_data_list(sc) != 0) { 356 printf("%s: could not allocate Tx data list\n", 357 sc->sc_dev.dv_xname); 358 goto fail3; 359 } 360 if (uath_alloc_rx_data_list(sc) != 0) { 361 printf("%s: could not allocate Rx data list\n", 362 sc->sc_dev.dv_xname); 363 goto fail4; 364 } 365 366 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */ 367 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */ 368 ic->ic_state = IEEE80211_S_INIT; 369 370 /* set device capabilities */ 371 ic->ic_caps = 372 IEEE80211_C_MONITOR | /* monitor mode supported */ 373 IEEE80211_C_TXPMGT | /* tx power management */ 374 IEEE80211_C_SHPREAMBLE | /* short preamble supported */ 375 IEEE80211_C_SHSLOT | /* short slot time supported */ 376 IEEE80211_C_WEP; /* h/w WEP */ 377 378 /* set supported .11b and .11g rates */ 379 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 380 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 381 382 /* set supported .11b and .11g channels (1 through 14) */ 383 for (i = 1; i <= 14; i++) { 384 ic->ic_channels[i].ic_freq = 385 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 386 ic->ic_channels[i].ic_flags = 387 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 388 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 389 } 390 391 ifp->if_softc = sc; 392 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 393 ifp->if_ioctl = uath_ioctl; 394 ifp->if_start = uath_start; 395 ifp->if_watchdog = uath_watchdog; 396 IFQ_SET_READY(&ifp->if_snd); 397 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 398 399 if_attach(ifp); 400 ieee80211_ifattach(ifp); 401 402 /* override state transition machine */ 403 sc->sc_newstate = ic->ic_newstate; 404 ic->ic_newstate = uath_newstate; 405 ieee80211_media_init(ifp, uath_media_change, ieee80211_media_status); 406 407 #if NBPFILTER > 0 408 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 409 sizeof (struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 410 411 sc->sc_rxtap_len = sizeof sc->sc_rxtapu; 412 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 413 sc->sc_rxtap.wr_ihdr.it_present = htole32(UATH_RX_RADIOTAP_PRESENT); 414 415 sc->sc_txtap_len = sizeof sc->sc_txtapu; 416 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 417 sc->sc_txtap.wt_ihdr.it_present = htole32(UATH_TX_RADIOTAP_PRESENT); 418 #endif 419 420 return; 421 422 fail4: uath_free_tx_data_list(sc); 423 fail3: uath_free_rx_cmd_list(sc); 424 fail2: uath_free_tx_cmd_list(sc); 425 fail1: uath_close_pipes(sc); 426 usbd_deactivate(sc->sc_udev); 427 } 428 429 int 430 uath_detach(struct device *self, int flags) 431 { 432 struct uath_softc *sc = (struct uath_softc *)self; 433 struct ifnet *ifp = &sc->sc_ic.ic_if; 434 int s; 435 436 s = splnet(); 437 438 if (sc->sc_flags & UATH_FLAG_PRE_FIRMWARE) { 439 uath_close_pipes(sc); 440 splx(s); 441 return 0; 442 } 443 444 /* post-firmware device */ 445 446 usb_rem_task(sc->sc_udev, &sc->sc_task); 447 if (timeout_initialized(&sc->scan_to)) 448 timeout_del(&sc->scan_to); 449 if (timeout_initialized(&sc->stat_to)) 450 timeout_del(&sc->stat_to); 451 452 /* abort and free xfers */ 453 uath_free_tx_data_list(sc); 454 uath_free_rx_data_list(sc); 455 uath_free_tx_cmd_list(sc); 456 uath_free_rx_cmd_list(sc); 457 458 /* close Tx/Rx pipes */ 459 uath_close_pipes(sc); 460 461 if (ifp->if_softc != NULL) { 462 ieee80211_ifdetach(ifp); /* free all nodes */ 463 if_detach(ifp); 464 } 465 466 splx(s); 467 468 return 0; 469 } 470 471 int 472 uath_open_pipes(struct uath_softc *sc) 473 { 474 int error; 475 476 /* 477 * XXX pipes numbers are hardcoded because we don't have any way 478 * to distinguish the data pipes from the firmware command pipes 479 * (both are bulk pipes) using the endpoints descriptors. 480 */ 481 error = usbd_open_pipe(sc->sc_iface, 0x01, USBD_EXCLUSIVE_USE, 482 &sc->cmd_tx_pipe); 483 if (error != 0) { 484 printf("%s: could not open Tx command pipe: %s\n", 485 sc->sc_dev.dv_xname, usbd_errstr(error)); 486 goto fail; 487 } 488 489 error = usbd_open_pipe(sc->sc_iface, 0x02, USBD_EXCLUSIVE_USE, 490 &sc->data_tx_pipe); 491 if (error != 0) { 492 printf("%s: could not open Tx data pipe: %s\n", 493 sc->sc_dev.dv_xname, usbd_errstr(error)); 494 goto fail; 495 } 496 497 error = usbd_open_pipe(sc->sc_iface, 0x81, USBD_EXCLUSIVE_USE, 498 &sc->cmd_rx_pipe); 499 if (error != 0) { 500 printf("%s: could not open Rx command pipe: %s\n", 501 sc->sc_dev.dv_xname, usbd_errstr(error)); 502 goto fail; 503 } 504 505 error = usbd_open_pipe(sc->sc_iface, 0x82, USBD_EXCLUSIVE_USE, 506 &sc->data_rx_pipe); 507 if (error != 0) { 508 printf("%s: could not open Rx data pipe: %s\n", 509 sc->sc_dev.dv_xname, usbd_errstr(error)); 510 goto fail; 511 } 512 513 return 0; 514 515 fail: uath_close_pipes(sc); 516 return error; 517 } 518 519 void 520 uath_close_pipes(struct uath_softc *sc) 521 { 522 /* assumes no transfers are pending on the pipes */ 523 524 if (sc->data_tx_pipe != NULL) 525 usbd_close_pipe(sc->data_tx_pipe); 526 527 if (sc->data_rx_pipe != NULL) 528 usbd_close_pipe(sc->data_rx_pipe); 529 530 if (sc->cmd_tx_pipe != NULL) 531 usbd_close_pipe(sc->cmd_tx_pipe); 532 533 if (sc->cmd_rx_pipe != NULL) 534 usbd_close_pipe(sc->cmd_rx_pipe); 535 } 536 537 int 538 uath_alloc_tx_data_list(struct uath_softc *sc) 539 { 540 int i, error; 541 542 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) { 543 struct uath_tx_data *data = &sc->tx_data[i]; 544 545 data->sc = sc; /* backpointer for callbacks */ 546 547 data->xfer = usbd_alloc_xfer(sc->sc_udev); 548 if (data->xfer == NULL) { 549 printf("%s: could not allocate xfer\n", 550 sc->sc_dev.dv_xname); 551 error = ENOMEM; 552 goto fail; 553 } 554 data->buf = usbd_alloc_buffer(data->xfer, UATH_MAX_TXBUFSZ); 555 if (data->buf == NULL) { 556 printf("%s: could not allocate xfer buffer\n", 557 sc->sc_dev.dv_xname); 558 error = ENOMEM; 559 goto fail; 560 } 561 } 562 return 0; 563 564 fail: uath_free_tx_data_list(sc); 565 return error; 566 } 567 568 void 569 uath_free_tx_data_list(struct uath_softc *sc) 570 { 571 int i; 572 573 /* make sure no transfers are pending */ 574 usbd_abort_pipe(sc->data_tx_pipe); 575 576 for (i = 0; i < UATH_TX_DATA_LIST_COUNT; i++) 577 if (sc->tx_data[i].xfer != NULL) 578 usbd_free_xfer(sc->tx_data[i].xfer); 579 } 580 581 int 582 uath_alloc_rx_data_list(struct uath_softc *sc) 583 { 584 int i, error; 585 586 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 587 struct uath_rx_data *data = &sc->rx_data[i]; 588 589 data->sc = sc; /* backpointer for callbacks */ 590 591 data->xfer = usbd_alloc_xfer(sc->sc_udev); 592 if (data->xfer == NULL) { 593 printf("%s: could not allocate xfer\n", 594 sc->sc_dev.dv_xname); 595 error = ENOMEM; 596 goto fail; 597 } 598 if (usbd_alloc_buffer(data->xfer, sc->rxbufsz) == NULL) { 599 printf("%s: could not allocate xfer buffer\n", 600 sc->sc_dev.dv_xname); 601 error = ENOMEM; 602 goto fail; 603 } 604 605 MGETHDR(data->m, M_DONTWAIT, MT_DATA); 606 if (data->m == NULL) { 607 printf("%s: could not allocate rx mbuf\n", 608 sc->sc_dev.dv_xname); 609 error = ENOMEM; 610 goto fail; 611 } 612 MCLGET(data->m, M_DONTWAIT); 613 if (!(data->m->m_flags & M_EXT)) { 614 printf("%s: could not allocate rx mbuf cluster\n", 615 sc->sc_dev.dv_xname); 616 error = ENOMEM; 617 goto fail; 618 } 619 620 data->buf = mtod(data->m, uint8_t *); 621 } 622 return 0; 623 624 fail: uath_free_rx_data_list(sc); 625 return error; 626 } 627 628 void 629 uath_free_rx_data_list(struct uath_softc *sc) 630 { 631 int i; 632 633 /* make sure no transfers are pending */ 634 usbd_abort_pipe(sc->data_rx_pipe); 635 636 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 637 struct uath_rx_data *data = &sc->rx_data[i]; 638 639 if (data->xfer != NULL) 640 usbd_free_xfer(data->xfer); 641 642 if (data->m != NULL) 643 m_freem(data->m); 644 } 645 } 646 647 int 648 uath_alloc_tx_cmd_list(struct uath_softc *sc) 649 { 650 int i, error; 651 652 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) { 653 struct uath_tx_cmd *cmd = &sc->tx_cmd[i]; 654 655 cmd->sc = sc; /* backpointer for callbacks */ 656 657 cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 658 if (cmd->xfer == NULL) { 659 printf("%s: could not allocate xfer\n", 660 sc->sc_dev.dv_xname); 661 error = ENOMEM; 662 goto fail; 663 } 664 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_TXCMDSZ); 665 if (cmd->buf == NULL) { 666 printf("%s: could not allocate xfer buffer\n", 667 sc->sc_dev.dv_xname); 668 error = ENOMEM; 669 goto fail; 670 } 671 } 672 return 0; 673 674 fail: uath_free_tx_cmd_list(sc); 675 return error; 676 } 677 678 void 679 uath_free_tx_cmd_list(struct uath_softc *sc) 680 { 681 int i; 682 683 /* make sure no transfers are pending */ 684 usbd_abort_pipe(sc->cmd_tx_pipe); 685 686 for (i = 0; i < UATH_TX_CMD_LIST_COUNT; i++) 687 if (sc->tx_cmd[i].xfer != NULL) 688 usbd_free_xfer(sc->tx_cmd[i].xfer); 689 } 690 691 int 692 uath_alloc_rx_cmd_list(struct uath_softc *sc) 693 { 694 int i, error; 695 696 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) { 697 struct uath_rx_cmd *cmd = &sc->rx_cmd[i]; 698 699 cmd->sc = sc; /* backpointer for callbacks */ 700 701 cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 702 if (cmd->xfer == NULL) { 703 printf("%s: could not allocate xfer\n", 704 sc->sc_dev.dv_xname); 705 error = ENOMEM; 706 goto fail; 707 } 708 cmd->buf = usbd_alloc_buffer(cmd->xfer, UATH_MAX_RXCMDSZ); 709 if (cmd->buf == NULL) { 710 printf("%s: could not allocate xfer buffer\n", 711 sc->sc_dev.dv_xname); 712 error = ENOMEM; 713 goto fail; 714 } 715 } 716 return 0; 717 718 fail: uath_free_rx_cmd_list(sc); 719 return error; 720 } 721 722 void 723 uath_free_rx_cmd_list(struct uath_softc *sc) 724 { 725 int i; 726 727 /* make sure no transfers are pending */ 728 usbd_abort_pipe(sc->cmd_rx_pipe); 729 730 for (i = 0; i < UATH_RX_CMD_LIST_COUNT; i++) 731 if (sc->rx_cmd[i].xfer != NULL) 732 usbd_free_xfer(sc->rx_cmd[i].xfer); 733 } 734 735 int 736 uath_media_change(struct ifnet *ifp) 737 { 738 int error; 739 740 error = ieee80211_media_change(ifp); 741 if (error != ENETRESET) 742 return error; 743 744 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING)) 745 uath_init(ifp); 746 747 return 0; 748 } 749 750 /* 751 * This function is called periodically (every second) when associated to 752 * query device statistics. 753 */ 754 void 755 uath_stat(void *arg) 756 { 757 struct uath_softc *sc = arg; 758 int error; 759 760 /* 761 * Send request for statistics asynchronously. The timer will be 762 * restarted when we'll get the stats notification. 763 */ 764 error = uath_cmd_write(sc, UATH_CMD_STATS, NULL, 0, 765 UATH_CMD_FLAG_ASYNC); 766 if (error != 0) { 767 printf("%s: could not query statistics (error=%d)\n", 768 sc->sc_dev.dv_xname, error); 769 } 770 } 771 772 /* 773 * This function is called periodically (every 250ms) during scanning to 774 * switch from one channel to another. 775 */ 776 void 777 uath_next_scan(void *arg) 778 { 779 struct uath_softc *sc = arg; 780 struct ieee80211com *ic = &sc->sc_ic; 781 struct ifnet *ifp = &ic->ic_if; 782 783 if (ic->ic_state == IEEE80211_S_SCAN) 784 ieee80211_next_scan(ifp); 785 } 786 787 void 788 uath_task(void *arg) 789 { 790 struct uath_softc *sc = arg; 791 struct ieee80211com *ic = &sc->sc_ic; 792 enum ieee80211_state ostate; 793 794 ostate = ic->ic_state; 795 796 switch (sc->sc_state) { 797 case IEEE80211_S_INIT: 798 if (ostate == IEEE80211_S_RUN) { 799 /* turn link and activity LEDs off */ 800 (void)uath_set_led(sc, UATH_LED_LINK, 0); 801 (void)uath_set_led(sc, UATH_LED_ACTIVITY, 0); 802 } 803 break; 804 805 case IEEE80211_S_SCAN: 806 if (uath_switch_channel(sc, ic->ic_bss->ni_chan) != 0) { 807 printf("%s: could not switch channel\n", 808 sc->sc_dev.dv_xname); 809 break; 810 } 811 timeout_add_msec(&sc->scan_to, 250); 812 break; 813 814 case IEEE80211_S_AUTH: 815 { 816 struct ieee80211_node *ni = ic->ic_bss; 817 struct uath_cmd_bssid bssid; 818 struct uath_cmd_0b cmd0b; 819 struct uath_cmd_0c cmd0c; 820 821 if (uath_switch_channel(sc, ni->ni_chan) != 0) { 822 printf("%s: could not switch channel\n", 823 sc->sc_dev.dv_xname); 824 break; 825 } 826 827 (void)uath_cmd_write(sc, UATH_CMD_24, NULL, 0, 0); 828 829 bzero(&bssid, sizeof bssid); 830 bssid.len = htobe32(IEEE80211_ADDR_LEN); 831 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid); 832 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid, 833 sizeof bssid, 0); 834 835 bzero(&cmd0b, sizeof cmd0b); 836 cmd0b.code = htobe32(2); 837 cmd0b.size = htobe32(sizeof (cmd0b.data)); 838 (void)uath_cmd_write(sc, UATH_CMD_0B, &cmd0b, sizeof cmd0b, 0); 839 840 bzero(&cmd0c, sizeof cmd0c); 841 cmd0c.magic1 = htobe32(2); 842 cmd0c.magic2 = htobe32(7); 843 cmd0c.magic3 = htobe32(1); 844 (void)uath_cmd_write(sc, UATH_CMD_0C, &cmd0c, sizeof cmd0c, 0); 845 846 if (uath_set_rates(sc, &ni->ni_rates) != 0) { 847 printf("%s: could not set negotiated rate set\n", 848 sc->sc_dev.dv_xname); 849 break; 850 } 851 break; 852 } 853 854 case IEEE80211_S_ASSOC: 855 break; 856 857 case IEEE80211_S_RUN: 858 { 859 struct ieee80211_node *ni = ic->ic_bss; 860 struct uath_cmd_bssid bssid; 861 struct uath_cmd_xled xled; 862 uint32_t val; 863 864 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 865 /* make both LEDs blink while monitoring */ 866 bzero(&xled, sizeof xled); 867 xled.which = htobe32(0); 868 xled.rate = htobe32(1); 869 xled.mode = htobe32(2); 870 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, 871 sizeof xled, 0); 872 break; 873 } 874 875 /* 876 * Tx rate is controlled by firmware, report the maximum 877 * negotiated rate in ifconfig output. 878 */ 879 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 880 881 val = htobe32(1); 882 (void)uath_cmd_write(sc, UATH_CMD_2E, &val, sizeof val, 0); 883 884 bzero(&bssid, sizeof bssid); 885 bssid.flags1 = htobe32(0xc004); 886 bssid.flags2 = htobe32(0x003b); 887 bssid.len = htobe32(IEEE80211_ADDR_LEN); 888 IEEE80211_ADDR_COPY(bssid.bssid, ni->ni_bssid); 889 (void)uath_cmd_write(sc, UATH_CMD_SET_BSSID, &bssid, 890 sizeof bssid, 0); 891 892 /* turn link LED on */ 893 (void)uath_set_led(sc, UATH_LED_LINK, 1); 894 895 /* make activity LED blink */ 896 bzero(&xled, sizeof xled); 897 xled.which = htobe32(1); 898 xled.rate = htobe32(1); 899 xled.mode = htobe32(2); 900 (void)uath_cmd_write(sc, UATH_CMD_SET_XLED, &xled, sizeof xled, 901 0); 902 903 /* set state to associated */ 904 val = htobe32(1); 905 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 906 0); 907 908 /* start statistics timer */ 909 timeout_add_sec(&sc->stat_to, 1); 910 break; 911 } 912 } 913 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 914 } 915 916 int 917 uath_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 918 { 919 struct uath_softc *sc = ic->ic_softc; 920 921 usb_rem_task(sc->sc_udev, &sc->sc_task); 922 timeout_del(&sc->scan_to); 923 timeout_del(&sc->stat_to); 924 925 /* do it in a process context */ 926 sc->sc_state = nstate; 927 sc->sc_arg = arg; 928 usb_add_task(sc->sc_udev, &sc->sc_task); 929 return 0; 930 } 931 932 #ifdef UATH_DEBUG 933 void 934 uath_dump_cmd(const uint8_t *buf, int len, char prefix) 935 { 936 int i; 937 938 for (i = 0; i < len; i++) { 939 if ((i % 16) == 0) 940 printf("\n%c ", prefix); 941 else if ((i % 4) == 0) 942 printf(" "); 943 printf("%02x", buf[i]); 944 } 945 printf("\n"); 946 } 947 #endif 948 949 /* 950 * Low-level function to send read or write commands to the firmware. 951 */ 952 int 953 uath_cmd(struct uath_softc *sc, uint32_t code, const void *idata, int ilen, 954 void *odata, int flags) 955 { 956 struct uath_cmd_hdr *hdr; 957 struct uath_tx_cmd *cmd; 958 uint16_t xferflags; 959 int s, xferlen, error; 960 961 /* grab a xfer */ 962 cmd = &sc->tx_cmd[sc->cmd_idx]; 963 964 /* always bulk-out a multiple of 4 bytes */ 965 xferlen = (sizeof (struct uath_cmd_hdr) + ilen + 3) & ~3; 966 967 hdr = (struct uath_cmd_hdr *)cmd->buf; 968 bzero(hdr, sizeof (struct uath_cmd_hdr)); 969 hdr->len = htobe32(xferlen); 970 hdr->code = htobe32(code); 971 hdr->priv = sc->cmd_idx; /* don't care about endianness */ 972 hdr->magic = htobe32((flags & UATH_CMD_FLAG_MAGIC) ? 1 << 24 : 0); 973 bcopy(idata, (uint8_t *)(hdr + 1), ilen); 974 975 #ifdef UATH_DEBUG 976 if (uath_debug >= 5) { 977 printf("sending command code=0x%02x flags=0x%x index=%u", 978 code, flags, sc->cmd_idx); 979 uath_dump_cmd(cmd->buf, xferlen, '+'); 980 } 981 #endif 982 xferflags = USBD_FORCE_SHORT_XFER | USBD_NO_COPY; 983 if (!(flags & UATH_CMD_FLAG_READ)) { 984 if (!(flags & UATH_CMD_FLAG_ASYNC)) 985 xferflags |= USBD_SYNCHRONOUS; 986 } else 987 s = splusb(); 988 989 cmd->odata = odata; 990 991 usbd_setup_xfer(cmd->xfer, sc->cmd_tx_pipe, cmd, cmd->buf, xferlen, 992 xferflags, UATH_CMD_TIMEOUT, NULL); 993 error = usbd_transfer(cmd->xfer); 994 if (error != USBD_IN_PROGRESS && error != 0) { 995 if (flags & UATH_CMD_FLAG_READ) 996 splx(s); 997 printf("%s: could not send command 0x%x (error=%s)\n", 998 sc->sc_dev.dv_xname, code, usbd_errstr(error)); 999 return error; 1000 } 1001 sc->cmd_idx = (sc->cmd_idx + 1) % UATH_TX_CMD_LIST_COUNT; 1002 1003 if (!(flags & UATH_CMD_FLAG_READ)) 1004 return 0; /* write: don't wait for reply */ 1005 1006 /* wait at most two seconds for command reply */ 1007 error = tsleep(cmd, PCATCH, "uathcmd", 2 * hz); 1008 cmd->odata = NULL; /* in case answer is received too late */ 1009 splx(s); 1010 if (error != 0) { 1011 printf("%s: timeout waiting for command reply\n", 1012 sc->sc_dev.dv_xname); 1013 } 1014 return error; 1015 } 1016 1017 int 1018 uath_cmd_write(struct uath_softc *sc, uint32_t code, const void *data, int len, 1019 int flags) 1020 { 1021 flags &= ~UATH_CMD_FLAG_READ; 1022 return uath_cmd(sc, code, data, len, NULL, flags); 1023 } 1024 1025 int 1026 uath_cmd_read(struct uath_softc *sc, uint32_t code, const void *idata, 1027 int ilen, void *odata, int flags) 1028 { 1029 flags |= UATH_CMD_FLAG_READ; 1030 return uath_cmd(sc, code, idata, ilen, odata, flags); 1031 } 1032 1033 int 1034 uath_write_reg(struct uath_softc *sc, uint32_t reg, uint32_t val) 1035 { 1036 struct uath_write_mac write; 1037 int error; 1038 1039 write.reg = htobe32(reg); 1040 write.len = htobe32(0); /* 0 = single write */ 1041 *(uint32_t *)write.data = htobe32(val); 1042 1043 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write, 1044 3 * sizeof (uint32_t), 0); 1045 if (error != 0) { 1046 printf("%s: could not write register 0x%02x\n", 1047 sc->sc_dev.dv_xname, reg); 1048 } 1049 return error; 1050 } 1051 1052 int 1053 uath_write_multi(struct uath_softc *sc, uint32_t reg, const void *data, 1054 int len) 1055 { 1056 struct uath_write_mac write; 1057 int error; 1058 1059 write.reg = htobe32(reg); 1060 write.len = htobe32(len); 1061 bcopy(data, write.data, len); 1062 1063 /* properly handle the case where len is zero (reset) */ 1064 error = uath_cmd_write(sc, UATH_CMD_WRITE_MAC, &write, 1065 (len == 0) ? sizeof (uint32_t) : 2 * sizeof (uint32_t) + len, 0); 1066 if (error != 0) { 1067 printf("%s: could not write %d bytes to register 0x%02x\n", 1068 sc->sc_dev.dv_xname, len, reg); 1069 } 1070 return error; 1071 } 1072 1073 int 1074 uath_read_reg(struct uath_softc *sc, uint32_t reg, uint32_t *val) 1075 { 1076 struct uath_read_mac read; 1077 int error; 1078 1079 reg = htobe32(reg); 1080 error = uath_cmd_read(sc, UATH_CMD_READ_MAC, ®, sizeof reg, &read, 1081 0); 1082 if (error != 0) { 1083 printf("%s: could not read register 0x%02x\n", 1084 sc->sc_dev.dv_xname, betoh32(reg)); 1085 return error; 1086 } 1087 *val = betoh32(*(uint32_t *)read.data); 1088 return error; 1089 } 1090 1091 int 1092 uath_read_eeprom(struct uath_softc *sc, uint32_t reg, void *odata) 1093 { 1094 struct uath_read_mac read; 1095 int len, error; 1096 1097 reg = htobe32(reg); 1098 error = uath_cmd_read(sc, UATH_CMD_READ_EEPROM, ®, sizeof reg, 1099 &read, 0); 1100 if (error != 0) { 1101 printf("%s: could not read EEPROM offset 0x%02x\n", 1102 sc->sc_dev.dv_xname, betoh32(reg)); 1103 return error; 1104 } 1105 len = betoh32(read.len); 1106 bcopy(read.data, odata, (len == 0) ? sizeof (uint32_t) : len); 1107 return error; 1108 } 1109 1110 void 1111 uath_cmd_rxeof(usbd_xfer_handle xfer, usbd_private_handle priv, 1112 usbd_status status) 1113 { 1114 struct uath_rx_cmd *cmd = priv; 1115 struct uath_softc *sc = cmd->sc; 1116 struct uath_cmd_hdr *hdr; 1117 1118 if (status != USBD_NORMAL_COMPLETION) { 1119 if (status == USBD_STALLED) 1120 usbd_clear_endpoint_stall_async(sc->cmd_rx_pipe); 1121 return; 1122 } 1123 1124 hdr = (struct uath_cmd_hdr *)cmd->buf; 1125 1126 #ifdef UATH_DEBUG 1127 if (uath_debug >= 5) { 1128 printf("received command code=0x%x index=%u len=%u", 1129 betoh32(hdr->code), hdr->priv, betoh32(hdr->len)); 1130 uath_dump_cmd(cmd->buf, betoh32(hdr->len), '-'); 1131 } 1132 #endif 1133 1134 switch (betoh32(hdr->code) & 0xff) { 1135 /* reply to a read command */ 1136 default: 1137 { 1138 struct uath_tx_cmd *txcmd = &sc->tx_cmd[hdr->priv]; 1139 1140 if (txcmd->odata != NULL) { 1141 /* copy answer into caller's supplied buffer */ 1142 bcopy((uint8_t *)(hdr + 1), txcmd->odata, 1143 betoh32(hdr->len) - sizeof (struct uath_cmd_hdr)); 1144 } 1145 wakeup(txcmd); /* wake up caller */ 1146 break; 1147 } 1148 /* spontaneous firmware notifications */ 1149 case UATH_NOTIF_READY: 1150 DPRINTF(("received device ready notification\n")); 1151 wakeup(UATH_COND_INIT(sc)); 1152 break; 1153 1154 case UATH_NOTIF_TX: 1155 /* this notification is sent when UATH_TX_NOTIFY is set */ 1156 DPRINTF(("received Tx notification\n")); 1157 break; 1158 1159 case UATH_NOTIF_STATS: 1160 DPRINTFN(2, ("received device statistics\n")); 1161 timeout_add_sec(&sc->stat_to, 1); 1162 break; 1163 } 1164 1165 /* setup a new transfer */ 1166 usbd_setup_xfer(xfer, sc->cmd_rx_pipe, cmd, cmd->buf, UATH_MAX_RXCMDSZ, 1167 USBD_SHORT_XFER_OK | USBD_NO_COPY, USBD_NO_TIMEOUT, 1168 uath_cmd_rxeof); 1169 (void)usbd_transfer(xfer); 1170 } 1171 1172 void 1173 uath_data_rxeof(usbd_xfer_handle xfer, usbd_private_handle priv, 1174 usbd_status status) 1175 { 1176 struct uath_rx_data *data = priv; 1177 struct uath_softc *sc = data->sc; 1178 struct ieee80211com *ic = &sc->sc_ic; 1179 struct ifnet *ifp = &ic->ic_if; 1180 struct ieee80211_frame *wh; 1181 struct ieee80211_rxinfo rxi; 1182 struct ieee80211_node *ni; 1183 struct uath_rx_desc *desc; 1184 struct mbuf *mnew, *m; 1185 uint32_t hdr; 1186 int s, len; 1187 1188 if (status != USBD_NORMAL_COMPLETION) { 1189 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1190 return; 1191 1192 if (status == USBD_STALLED) 1193 usbd_clear_endpoint_stall_async(sc->data_rx_pipe); 1194 1195 ifp->if_ierrors++; 1196 return; 1197 } 1198 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1199 1200 if (len < UATH_MIN_RXBUFSZ) { 1201 DPRINTF(("wrong xfer size (len=%d)\n", len)); 1202 ifp->if_ierrors++; 1203 goto skip; 1204 } 1205 1206 hdr = betoh32(*(uint32_t *)data->buf); 1207 1208 /* Rx descriptor is located at the end, 32-bit aligned */ 1209 desc = (struct uath_rx_desc *) 1210 (data->buf + len - sizeof (struct uath_rx_desc)); 1211 1212 if (betoh32(desc->len) > sc->rxbufsz) { 1213 DPRINTF(("bad descriptor (len=%d)\n", betoh32(desc->len))); 1214 ifp->if_ierrors++; 1215 goto skip; 1216 } 1217 1218 /* there's probably a "bad CRC" flag somewhere in the descriptor.. */ 1219 1220 MGETHDR(mnew, M_DONTWAIT, MT_DATA); 1221 if (mnew == NULL) { 1222 printf("%s: could not allocate rx mbuf\n", 1223 sc->sc_dev.dv_xname); 1224 ifp->if_ierrors++; 1225 goto skip; 1226 } 1227 MCLGET(mnew, M_DONTWAIT); 1228 if (!(mnew->m_flags & M_EXT)) { 1229 printf("%s: could not allocate rx mbuf cluster\n", 1230 sc->sc_dev.dv_xname); 1231 m_freem(mnew); 1232 ifp->if_ierrors++; 1233 goto skip; 1234 } 1235 1236 m = data->m; 1237 data->m = mnew; 1238 1239 /* finalize mbuf */ 1240 m->m_pkthdr.rcvif = ifp; 1241 m->m_data = data->buf + sizeof (uint32_t); 1242 m->m_pkthdr.len = m->m_len = betoh32(desc->len) - 1243 sizeof (struct uath_rx_desc) - IEEE80211_CRC_LEN; 1244 1245 data->buf = mtod(data->m, uint8_t *); 1246 1247 wh = mtod(m, struct ieee80211_frame *); 1248 rxi.rxi_flags = 0; 1249 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) && 1250 ic->ic_opmode != IEEE80211_M_MONITOR) { 1251 /* 1252 * Hardware decrypts the frame itself but leaves the WEP bit 1253 * set in the 802.11 header and doesn't remove the IV and CRC 1254 * fields. 1255 */ 1256 wh->i_fc[1] &= ~IEEE80211_FC1_WEP; 1257 ovbcopy(wh, (caddr_t)wh + IEEE80211_WEP_IVLEN + 1258 IEEE80211_WEP_KIDLEN, sizeof (struct ieee80211_frame)); 1259 m_adj(m, IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN); 1260 m_adj(m, -IEEE80211_WEP_CRCLEN); 1261 wh = mtod(m, struct ieee80211_frame *); 1262 1263 rxi.rxi_flags |= IEEE80211_RXI_HWDEC; 1264 } 1265 1266 #if NBPFILTER > 0 1267 /* there are a lot more fields in the Rx descriptor */ 1268 if (sc->sc_drvbpf != NULL) { 1269 struct mbuf mb; 1270 struct uath_rx_radiotap_header *tap = &sc->sc_rxtap; 1271 1272 tap->wr_flags = 0; 1273 tap->wr_chan_freq = htole16(betoh32(desc->freq)); 1274 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1275 tap->wr_dbm_antsignal = (int8_t)betoh32(desc->rssi); 1276 1277 mb.m_data = (caddr_t)tap; 1278 mb.m_len = sc->sc_rxtap_len; 1279 mb.m_next = m; 1280 mb.m_nextpkt = NULL; 1281 mb.m_type = 0; 1282 mb.m_flags = 0; 1283 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1284 } 1285 #endif 1286 1287 s = splnet(); 1288 ni = ieee80211_find_rxnode(ic, wh); 1289 rxi.rxi_rssi = (int)betoh32(desc->rssi); 1290 rxi.rxi_tstamp = 0; /* unused */ 1291 ieee80211_input(ifp, m, ni, &rxi); 1292 1293 /* node is no longer needed */ 1294 ieee80211_release_node(ic, ni); 1295 splx(s); 1296 1297 skip: /* setup a new transfer */ 1298 usbd_setup_xfer(xfer, sc->data_rx_pipe, data, data->buf, sc->rxbufsz, 1299 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, uath_data_rxeof); 1300 (void)usbd_transfer(data->xfer); 1301 } 1302 1303 int 1304 uath_tx_null(struct uath_softc *sc) 1305 { 1306 struct uath_tx_data *data; 1307 struct uath_tx_desc *desc; 1308 1309 data = &sc->tx_data[sc->data_idx]; 1310 1311 data->ni = NULL; 1312 1313 *(uint32_t *)data->buf = UATH_MAKECTL(1, sizeof (struct uath_tx_desc)); 1314 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t)); 1315 1316 bzero(desc, sizeof (struct uath_tx_desc)); 1317 desc->len = htobe32(sizeof (struct uath_tx_desc)); 1318 desc->type = htobe32(UATH_TX_NULL); 1319 1320 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, 1321 sizeof (uint32_t) + sizeof (struct uath_tx_desc), USBD_NO_COPY | 1322 USBD_FORCE_SHORT_XFER, UATH_DATA_TIMEOUT, NULL); 1323 if (usbd_sync_transfer(data->xfer) != 0) 1324 return EIO; 1325 1326 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT; 1327 1328 return uath_cmd_write(sc, UATH_CMD_0F, NULL, 0, UATH_CMD_FLAG_ASYNC); 1329 } 1330 1331 void 1332 uath_data_txeof(usbd_xfer_handle xfer, usbd_private_handle priv, 1333 usbd_status status) 1334 { 1335 struct uath_tx_data *data = priv; 1336 struct uath_softc *sc = data->sc; 1337 struct ieee80211com *ic = &sc->sc_ic; 1338 struct ifnet *ifp = &ic->ic_if; 1339 int s; 1340 1341 if (status != USBD_NORMAL_COMPLETION) { 1342 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1343 return; 1344 1345 printf("%s: could not transmit buffer: %s\n", 1346 sc->sc_dev.dv_xname, usbd_errstr(status)); 1347 1348 if (status == USBD_STALLED) 1349 usbd_clear_endpoint_stall_async(sc->data_tx_pipe); 1350 1351 ifp->if_oerrors++; 1352 return; 1353 } 1354 1355 s = splnet(); 1356 1357 ieee80211_release_node(ic, data->ni); 1358 data->ni = NULL; 1359 1360 sc->tx_queued--; 1361 ifp->if_opackets++; 1362 1363 sc->sc_tx_timer = 0; 1364 ifp->if_flags &= ~IFF_OACTIVE; 1365 uath_start(ifp); 1366 1367 splx(s); 1368 } 1369 1370 int 1371 uath_tx_data(struct uath_softc *sc, struct mbuf *m0, struct ieee80211_node *ni) 1372 { 1373 struct ieee80211com *ic = &sc->sc_ic; 1374 struct uath_tx_data *data; 1375 struct uath_tx_desc *desc; 1376 const struct ieee80211_frame *wh; 1377 int paylen, totlen, xferlen, error; 1378 1379 data = &sc->tx_data[sc->data_idx]; 1380 desc = (struct uath_tx_desc *)(data->buf + sizeof (uint32_t)); 1381 1382 data->ni = ni; 1383 1384 #if NBPFILTER > 0 1385 if (sc->sc_drvbpf != NULL) { 1386 struct mbuf mb; 1387 struct uath_tx_radiotap_header *tap = &sc->sc_txtap; 1388 1389 tap->wt_flags = 0; 1390 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1391 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1392 1393 mb.m_data = (caddr_t)tap; 1394 mb.m_len = sc->sc_txtap_len; 1395 mb.m_next = m0; 1396 mb.m_nextpkt = NULL; 1397 mb.m_type = 0; 1398 mb.m_flags = 0; 1399 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1400 } 1401 #endif 1402 1403 paylen = m0->m_pkthdr.len; 1404 xferlen = sizeof (uint32_t) + sizeof (struct uath_tx_desc) + paylen; 1405 1406 wh = mtod(m0, struct ieee80211_frame *); 1407 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1408 uint8_t *frm = (uint8_t *)(desc + 1); 1409 uint32_t iv; 1410 1411 /* h/w WEP: it's up to the host to fill the IV field */ 1412 bcopy(wh, frm, sizeof (struct ieee80211_frame)); 1413 frm += sizeof (struct ieee80211_frame); 1414 1415 /* insert IV: code copied from net80211 */ 1416 iv = (ic->ic_iv != 0) ? ic->ic_iv : arc4random(); 1417 if (iv >= 0x03ff00 && (iv & 0xf8ff00) == 0x00ff00) 1418 iv += 0x000100; 1419 ic->ic_iv = iv + 1; 1420 1421 *frm++ = iv & 0xff; 1422 *frm++ = (iv >> 8) & 0xff; 1423 *frm++ = (iv >> 16) & 0xff; 1424 *frm++ = ic->ic_wep_txkey << 6; 1425 1426 m_copydata(m0, sizeof (struct ieee80211_frame), 1427 m0->m_pkthdr.len - sizeof (struct ieee80211_frame), frm); 1428 1429 paylen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; 1430 xferlen += IEEE80211_WEP_IVLEN + IEEE80211_WEP_KIDLEN; 1431 totlen = xferlen + IEEE80211_WEP_CRCLEN; 1432 } else { 1433 m_copydata(m0, 0, m0->m_pkthdr.len, (uint8_t *)(desc + 1)); 1434 totlen = xferlen; 1435 } 1436 1437 /* fill Tx descriptor */ 1438 *(uint32_t *)data->buf = UATH_MAKECTL(1, xferlen - sizeof (uint32_t)); 1439 1440 desc->len = htobe32(totlen); 1441 desc->priv = sc->data_idx; /* don't care about endianness */ 1442 desc->paylen = htobe32(paylen); 1443 desc->type = htobe32(UATH_TX_DATA); 1444 desc->flags = htobe32(0); 1445 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1446 desc->dest = htobe32(UATH_ID_BROADCAST); 1447 desc->magic = htobe32(3); 1448 } else { 1449 desc->dest = htobe32(UATH_ID_BSS); 1450 desc->magic = htobe32(1); 1451 } 1452 1453 m_freem(m0); /* mbuf is no longer needed */ 1454 1455 #ifdef UATH_DEBUG 1456 if (uath_debug >= 6) { 1457 printf("sending frame index=%u len=%d xferlen=%d", 1458 sc->data_idx, paylen, xferlen); 1459 uath_dump_cmd(data->buf, xferlen, '+'); 1460 } 1461 #endif 1462 usbd_setup_xfer(data->xfer, sc->data_tx_pipe, data, data->buf, xferlen, 1463 USBD_FORCE_SHORT_XFER | USBD_NO_COPY, UATH_DATA_TIMEOUT, 1464 uath_data_txeof); 1465 error = usbd_transfer(data->xfer); 1466 if (error != USBD_IN_PROGRESS && error != 0) { 1467 ic->ic_if.if_oerrors++; 1468 return error; 1469 } 1470 sc->data_idx = (sc->data_idx + 1) % UATH_TX_DATA_LIST_COUNT; 1471 sc->tx_queued++; 1472 1473 return 0; 1474 } 1475 1476 void 1477 uath_start(struct ifnet *ifp) 1478 { 1479 struct uath_softc *sc = ifp->if_softc; 1480 struct ieee80211com *ic = &sc->sc_ic; 1481 struct ieee80211_node *ni; 1482 struct mbuf *m0; 1483 1484 /* 1485 * net80211 may still try to send management frames even if the 1486 * IFF_RUNNING flag is not set... 1487 */ 1488 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1489 return; 1490 1491 for (;;) { 1492 IF_POLL(&ic->ic_mgtq, m0); 1493 if (m0 != NULL) { 1494 if (sc->tx_queued >= UATH_TX_DATA_LIST_COUNT) { 1495 ifp->if_flags |= IFF_OACTIVE; 1496 break; 1497 } 1498 IF_DEQUEUE(&ic->ic_mgtq, m0); 1499 1500 ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif; 1501 m0->m_pkthdr.rcvif = NULL; 1502 #if NBPFILTER > 0 1503 if (ic->ic_rawbpf != NULL) 1504 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1505 #endif 1506 if (uath_tx_data(sc, m0, ni) != 0) 1507 break; 1508 } else { 1509 if (ic->ic_state != IEEE80211_S_RUN) 1510 break; 1511 IFQ_POLL(&ifp->if_snd, m0); 1512 if (m0 == NULL) 1513 break; 1514 if (sc->tx_queued >= UATH_TX_DATA_LIST_COUNT) { 1515 ifp->if_flags |= IFF_OACTIVE; 1516 break; 1517 } 1518 IFQ_DEQUEUE(&ifp->if_snd, m0); 1519 #if NBPFILTER > 0 1520 if (ifp->if_bpf != NULL) 1521 bpf_mtap(ifp->if_bpf, m0, BPF_DIRECTION_OUT); 1522 #endif 1523 m0 = ieee80211_encap(ifp, m0, &ni); 1524 if (m0 == NULL) 1525 continue; 1526 #if NBPFILTER > 0 1527 if (ic->ic_rawbpf != NULL) 1528 bpf_mtap(ic->ic_rawbpf, m0, BPF_DIRECTION_OUT); 1529 #endif 1530 if (uath_tx_data(sc, m0, ni) != 0) { 1531 if (ni != NULL) 1532 ieee80211_release_node(ic, ni); 1533 ifp->if_oerrors++; 1534 break; 1535 } 1536 } 1537 1538 sc->sc_tx_timer = 5; 1539 ifp->if_timer = 1; 1540 } 1541 } 1542 1543 void 1544 uath_watchdog(struct ifnet *ifp) 1545 { 1546 struct uath_softc *sc = ifp->if_softc; 1547 1548 ifp->if_timer = 0; 1549 1550 if (sc->sc_tx_timer > 0) { 1551 if (--sc->sc_tx_timer == 0) { 1552 printf("%s: device timeout\n", sc->sc_dev.dv_xname); 1553 /*uath_init(ifp); XXX needs a process context! */ 1554 ifp->if_oerrors++; 1555 return; 1556 } 1557 ifp->if_timer = 1; 1558 } 1559 1560 ieee80211_watchdog(ifp); 1561 } 1562 1563 int 1564 uath_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1565 { 1566 struct uath_softc *sc = ifp->if_softc; 1567 struct ieee80211com *ic = &sc->sc_ic; 1568 struct ifaddr *ifa; 1569 struct ifreq *ifr; 1570 int s, error = 0; 1571 1572 s = splnet(); 1573 1574 switch (cmd) { 1575 case SIOCSIFADDR: 1576 ifa = (struct ifaddr *)data; 1577 ifp->if_flags |= IFF_UP; 1578 #ifdef INET 1579 if (ifa->ifa_addr->sa_family == AF_INET) 1580 arp_ifinit(&ic->ic_ac, ifa); 1581 #endif 1582 /* FALLTHROUGH */ 1583 case SIOCSIFFLAGS: 1584 if (ifp->if_flags & IFF_UP) { 1585 if (!(ifp->if_flags & IFF_RUNNING)) 1586 uath_init(ifp); 1587 } else { 1588 if (ifp->if_flags & IFF_RUNNING) 1589 uath_stop(ifp, 1); 1590 } 1591 break; 1592 1593 case SIOCADDMULTI: 1594 case SIOCDELMULTI: 1595 ifr = (struct ifreq *)data; 1596 error = (cmd == SIOCADDMULTI) ? 1597 ether_addmulti(ifr, &ic->ic_ac) : 1598 ether_delmulti(ifr, &ic->ic_ac); 1599 if (error == ENETRESET) 1600 error = 0; 1601 break; 1602 1603 default: 1604 error = ieee80211_ioctl(ifp, cmd, data); 1605 } 1606 1607 if (error == ENETRESET) { 1608 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1609 (IFF_UP | IFF_RUNNING)) 1610 uath_init(ifp); 1611 error = 0; 1612 } 1613 1614 splx(s); 1615 1616 return error; 1617 } 1618 1619 int 1620 uath_query_eeprom(struct uath_softc *sc) 1621 { 1622 uint32_t tmp; 1623 int error; 1624 1625 /* retrieve MAC address */ 1626 error = uath_read_eeprom(sc, UATH_EEPROM_MACADDR, sc->sc_ic.ic_myaddr); 1627 if (error != 0) { 1628 printf("%s: could not read MAC address\n", 1629 sc->sc_dev.dv_xname); 1630 return error; 1631 } 1632 1633 /* retrieve the maximum frame size that the hardware can receive */ 1634 error = uath_read_eeprom(sc, UATH_EEPROM_RXBUFSZ, &tmp); 1635 if (error != 0) { 1636 printf("%s: could not read maximum Rx buffer size\n", 1637 sc->sc_dev.dv_xname); 1638 return error; 1639 } 1640 sc->rxbufsz = betoh32(tmp) & 0xfff; 1641 DPRINTF(("maximum Rx buffer size %d\n", sc->rxbufsz)); 1642 return 0; 1643 } 1644 1645 int 1646 uath_reset(struct uath_softc *sc) 1647 { 1648 struct uath_cmd_setup setup; 1649 uint32_t reg, val; 1650 int s, error; 1651 1652 /* init device with some voodoo incantations.. */ 1653 setup.magic1 = htobe32(1); 1654 setup.magic2 = htobe32(5); 1655 setup.magic3 = htobe32(200); 1656 setup.magic4 = htobe32(27); 1657 s = splusb(); 1658 error = uath_cmd_write(sc, UATH_CMD_SETUP, &setup, sizeof setup, 1659 UATH_CMD_FLAG_ASYNC); 1660 /* ..and wait until firmware notifies us that it is ready */ 1661 if (error == 0) 1662 error = tsleep(UATH_COND_INIT(sc), PCATCH, "uathinit", 5 * hz); 1663 splx(s); 1664 if (error != 0) 1665 return error; 1666 1667 /* read PHY registers */ 1668 for (reg = 0x09; reg <= 0x24; reg++) { 1669 if (reg == 0x0b || reg == 0x0c) 1670 continue; 1671 DELAY(100); 1672 if ((error = uath_read_reg(sc, reg, &val)) != 0) 1673 return error; 1674 DPRINTFN(2, ("reg 0x%02x=0x%08x\n", reg, val)); 1675 } 1676 return error; 1677 } 1678 1679 int 1680 uath_reset_tx_queues(struct uath_softc *sc) 1681 { 1682 int ac, error; 1683 1684 for (ac = 0; ac < 4; ac++) { 1685 const uint32_t qid = htobe32(UATH_AC_TO_QID(ac)); 1686 1687 DPRINTF(("resetting Tx queue %d\n", UATH_AC_TO_QID(ac))); 1688 error = uath_cmd_write(sc, UATH_CMD_RESET_QUEUE, &qid, 1689 sizeof qid, 0); 1690 if (error != 0) 1691 break; 1692 } 1693 return error; 1694 } 1695 1696 int 1697 uath_wme_init(struct uath_softc *sc) 1698 { 1699 struct uath_qinfo qinfo; 1700 int ac, error; 1701 static const struct uath_wme_settings uath_wme_11g[4] = { 1702 { 7, 4, 10, 0, 0 }, /* Background */ 1703 { 3, 4, 10, 0, 0 }, /* Best-Effort */ 1704 { 3, 3, 4, 26, 0 }, /* Video */ 1705 { 2, 2, 3, 47, 0 } /* Voice */ 1706 }; 1707 1708 bzero(&qinfo, sizeof qinfo); 1709 qinfo.size = htobe32(32); 1710 qinfo.magic1 = htobe32(1); /* XXX ack policy? */ 1711 qinfo.magic2 = htobe32(1); 1712 for (ac = 0; ac < 4; ac++) { 1713 qinfo.qid = htobe32(UATH_AC_TO_QID(ac)); 1714 qinfo.ac = htobe32(ac); 1715 qinfo.aifsn = htobe32(uath_wme_11g[ac].aifsn); 1716 qinfo.logcwmin = htobe32(uath_wme_11g[ac].logcwmin); 1717 qinfo.logcwmax = htobe32(uath_wme_11g[ac].logcwmax); 1718 qinfo.txop = htobe32(UATH_TXOP_TO_US( 1719 uath_wme_11g[ac].txop)); 1720 qinfo.acm = htobe32(uath_wme_11g[ac].acm); 1721 1722 DPRINTF(("setting up Tx queue %d\n", UATH_AC_TO_QID(ac))); 1723 error = uath_cmd_write(sc, UATH_CMD_SET_QUEUE, &qinfo, 1724 sizeof qinfo, 0); 1725 if (error != 0) 1726 break; 1727 } 1728 return error; 1729 } 1730 1731 int 1732 uath_set_chan(struct uath_softc *sc, struct ieee80211_channel *c) 1733 { 1734 struct uath_set_chan chan; 1735 1736 bzero(&chan, sizeof chan); 1737 chan.flags = htobe32(0x1400); 1738 chan.freq = htobe32(c->ic_freq); 1739 chan.magic1 = htobe32(20); 1740 chan.magic2 = htobe32(50); 1741 chan.magic3 = htobe32(1); 1742 1743 DPRINTF(("switching to channel %d\n", 1744 ieee80211_chan2ieee(&sc->sc_ic, c))); 1745 return uath_cmd_write(sc, UATH_CMD_SET_CHAN, &chan, sizeof chan, 0); 1746 } 1747 1748 int 1749 uath_set_key(struct uath_softc *sc, const struct ieee80211_key *k, int index) 1750 { 1751 struct uath_cmd_crypto crypto; 1752 int i; 1753 1754 bzero(&crypto, sizeof crypto); 1755 crypto.keyidx = htobe32(index); 1756 crypto.magic1 = htobe32(1); 1757 crypto.size = htobe32(368); 1758 crypto.mask = htobe32(0xffff); 1759 crypto.flags = htobe32(0x80000068); 1760 if (index != UATH_DEFAULT_KEY) 1761 crypto.flags |= htobe32(index << 16); 1762 memset(crypto.magic2, 0xff, sizeof crypto.magic2); 1763 1764 /* 1765 * Each byte of the key must be XOR'ed with 10101010 before being 1766 * transmitted to the firmware. 1767 */ 1768 for (i = 0; i < k->k_len; i++) 1769 crypto.key[i] = k->k_key[i] ^ 0xaa; 1770 1771 DPRINTF(("setting crypto key index=%d len=%d\n", index, k->k_len)); 1772 return uath_cmd_write(sc, UATH_CMD_CRYPTO, &crypto, sizeof crypto, 0); 1773 } 1774 1775 int 1776 uath_set_keys(struct uath_softc *sc) 1777 { 1778 const struct ieee80211com *ic = &sc->sc_ic; 1779 int i, error; 1780 1781 for (i = 0; i < IEEE80211_WEP_NKID; i++) { 1782 const struct ieee80211_key *k = &ic->ic_nw_keys[i]; 1783 1784 if (k->k_len > 0 && (error = uath_set_key(sc, k, i)) != 0) 1785 return error; 1786 } 1787 return uath_set_key(sc, &ic->ic_nw_keys[ic->ic_wep_txkey], 1788 UATH_DEFAULT_KEY); 1789 } 1790 1791 int 1792 uath_set_rates(struct uath_softc *sc, const struct ieee80211_rateset *rs) 1793 { 1794 struct uath_cmd_rates rates; 1795 1796 bzero(&rates, sizeof rates); 1797 rates.magic1 = htobe32(0x02); 1798 rates.size = htobe32(1 + sizeof rates.rates); 1799 rates.nrates = rs->rs_nrates; 1800 bcopy(rs->rs_rates, rates.rates, rs->rs_nrates); 1801 1802 DPRINTF(("setting supported rates nrates=%d\n", rs->rs_nrates)); 1803 return uath_cmd_write(sc, UATH_CMD_SET_RATES, &rates, sizeof rates, 0); 1804 } 1805 1806 int 1807 uath_set_rxfilter(struct uath_softc *sc, uint32_t filter, uint32_t flags) 1808 { 1809 struct uath_cmd_filter rxfilter; 1810 1811 rxfilter.filter = htobe32(filter); 1812 rxfilter.flags = htobe32(flags); 1813 1814 DPRINTF(("setting Rx filter=0x%x flags=0x%x\n", filter, flags)); 1815 return uath_cmd_write(sc, UATH_CMD_SET_FILTER, &rxfilter, 1816 sizeof rxfilter, 0); 1817 } 1818 1819 int 1820 uath_set_led(struct uath_softc *sc, int which, int on) 1821 { 1822 struct uath_cmd_led led; 1823 1824 led.which = htobe32(which); 1825 led.state = htobe32(on ? UATH_LED_ON : UATH_LED_OFF); 1826 1827 DPRINTFN(2, ("switching %s led %s\n", 1828 (which == UATH_LED_LINK) ? "link" : "activity", 1829 on ? "on" : "off")); 1830 return uath_cmd_write(sc, UATH_CMD_SET_LED, &led, sizeof led, 0); 1831 } 1832 1833 int 1834 uath_switch_channel(struct uath_softc *sc, struct ieee80211_channel *c) 1835 { 1836 uint32_t val; 1837 int error; 1838 1839 /* set radio frequency */ 1840 if ((error = uath_set_chan(sc, c)) != 0) { 1841 printf("%s: could not set channel\n", sc->sc_dev.dv_xname); 1842 return error; 1843 } 1844 1845 /* reset Tx rings */ 1846 if ((error = uath_reset_tx_queues(sc)) != 0) { 1847 printf("%s: could not reset Tx queues\n", 1848 sc->sc_dev.dv_xname); 1849 return error; 1850 } 1851 1852 /* set Tx rings WME properties */ 1853 if ((error = uath_wme_init(sc)) != 0) { 1854 printf("%s: could not init Tx queues\n", 1855 sc->sc_dev.dv_xname); 1856 return error; 1857 } 1858 1859 val = htobe32(0); 1860 error = uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0); 1861 if (error != 0) { 1862 printf("%s: could not set state\n", sc->sc_dev.dv_xname); 1863 return error; 1864 } 1865 1866 return uath_tx_null(sc); 1867 } 1868 1869 int 1870 uath_init(struct ifnet *ifp) 1871 { 1872 struct uath_softc *sc = ifp->if_softc; 1873 struct ieee80211com *ic = &sc->sc_ic; 1874 struct uath_cmd_31 cmd31; 1875 uint32_t val; 1876 int i, error; 1877 1878 /* reset data and command rings */ 1879 sc->tx_queued = sc->data_idx = sc->cmd_idx = 0; 1880 1881 val = htobe32(0); 1882 (void)uath_cmd_write(sc, UATH_CMD_02, &val, sizeof val, 0); 1883 1884 /* set MAC address */ 1885 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 1886 (void)uath_write_multi(sc, 0x13, ic->ic_myaddr, IEEE80211_ADDR_LEN); 1887 1888 (void)uath_write_reg(sc, 0x02, 0x00000001); 1889 (void)uath_write_reg(sc, 0x0e, 0x0000003f); 1890 (void)uath_write_reg(sc, 0x10, 0x00000001); 1891 (void)uath_write_reg(sc, 0x06, 0x0000001e); 1892 1893 /* 1894 * Queue Rx data xfers. 1895 */ 1896 for (i = 0; i < UATH_RX_DATA_LIST_COUNT; i++) { 1897 struct uath_rx_data *data = &sc->rx_data[i]; 1898 1899 usbd_setup_xfer(data->xfer, sc->data_rx_pipe, data, data->buf, 1900 sc->rxbufsz, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, 1901 uath_data_rxeof); 1902 error = usbd_transfer(data->xfer); 1903 if (error != USBD_IN_PROGRESS && error != 0) { 1904 printf("%s: could not queue Rx transfer\n", 1905 sc->sc_dev.dv_xname); 1906 goto fail; 1907 } 1908 } 1909 1910 error = uath_cmd_read(sc, UATH_CMD_07, NULL, 0, &val, 1911 UATH_CMD_FLAG_MAGIC); 1912 if (error != 0) { 1913 printf("%s: could not send read command 07h\n", 1914 sc->sc_dev.dv_xname); 1915 goto fail; 1916 } 1917 DPRINTF(("command 07h return code: %x\n", betoh32(val))); 1918 1919 /* set default channel */ 1920 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1921 if ((error = uath_set_chan(sc, ic->ic_bss->ni_chan)) != 0) { 1922 printf("%s: could not set channel\n", sc->sc_dev.dv_xname); 1923 goto fail; 1924 } 1925 1926 if ((error = uath_wme_init(sc)) != 0) { 1927 printf("%s: could not setup WME parameters\n", 1928 sc->sc_dev.dv_xname); 1929 goto fail; 1930 } 1931 1932 /* init MAC registers */ 1933 (void)uath_write_reg(sc, 0x19, 0x00000000); 1934 (void)uath_write_reg(sc, 0x1a, 0x0000003c); 1935 (void)uath_write_reg(sc, 0x1b, 0x0000003c); 1936 (void)uath_write_reg(sc, 0x1c, 0x00000000); 1937 (void)uath_write_reg(sc, 0x1e, 0x00000000); 1938 (void)uath_write_reg(sc, 0x1f, 0x00000003); 1939 (void)uath_write_reg(sc, 0x0c, 0x00000000); 1940 (void)uath_write_reg(sc, 0x0f, 0x00000002); 1941 (void)uath_write_reg(sc, 0x0a, 0x00000007); /* XXX retry? */ 1942 (void)uath_write_reg(sc, 0x09, ic->ic_rtsthreshold); 1943 1944 val = htobe32(4); 1945 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0); 1946 (void)uath_cmd_write(sc, UATH_CMD_27, &val, sizeof val, 0); 1947 (void)uath_cmd_write(sc, UATH_CMD_1B, NULL, 0, 0); 1948 1949 if ((error = uath_set_keys(sc)) != 0) { 1950 printf("%s: could not set crypto keys\n", 1951 sc->sc_dev.dv_xname); 1952 goto fail; 1953 } 1954 1955 /* enable Rx */ 1956 (void)uath_set_rxfilter(sc, 0x0000, 4); 1957 (void)uath_set_rxfilter(sc, 0x0817, 1); 1958 1959 cmd31.magic1 = htobe32(0xffffffff); 1960 cmd31.magic2 = htobe32(0xffffffff); 1961 (void)uath_cmd_write(sc, UATH_CMD_31, &cmd31, sizeof cmd31, 0); 1962 1963 ifp->if_flags &= ~IFF_OACTIVE; 1964 ifp->if_flags |= IFF_RUNNING; 1965 1966 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1967 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1968 else 1969 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1970 1971 return 0; 1972 1973 fail: uath_stop(ifp, 1); 1974 return error; 1975 } 1976 1977 void 1978 uath_stop(struct ifnet *ifp, int disable) 1979 { 1980 struct uath_softc *sc = ifp->if_softc; 1981 struct ieee80211com *ic = &sc->sc_ic; 1982 uint32_t val; 1983 int s; 1984 1985 s = splusb(); 1986 1987 sc->sc_tx_timer = 0; 1988 ifp->if_timer = 0; 1989 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1990 1991 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); /* free all nodes */ 1992 1993 val = htobe32(0); 1994 (void)uath_cmd_write(sc, UATH_CMD_SET_STATE, &val, sizeof val, 0); 1995 (void)uath_cmd_write(sc, UATH_CMD_RESET, NULL, 0, 0); 1996 1997 val = htobe32(0); 1998 (void)uath_cmd_write(sc, UATH_CMD_15, &val, sizeof val, 0); 1999 2000 #if 0 2001 (void)uath_cmd_read(sc, UATH_CMD_SHUTDOWN, NULL, 0, NULL, 2002 UATH_CMD_FLAG_MAGIC); 2003 #endif 2004 2005 /* abort any pending transfers */ 2006 usbd_abort_pipe(sc->data_tx_pipe); 2007 usbd_abort_pipe(sc->data_rx_pipe); 2008 usbd_abort_pipe(sc->cmd_tx_pipe); 2009 2010 splx(s); 2011 } 2012 2013 /* 2014 * Load the MIPS R4000 microcode into the device. Once the image is loaded, 2015 * the device will detach itself from the bus and reattach later with a new 2016 * product Id (a la ezusb). XXX this could also be implemented in userland 2017 * through /dev/ugen. 2018 */ 2019 int 2020 uath_loadfirmware(struct uath_softc *sc, const u_char *fw, int len) 2021 { 2022 usbd_xfer_handle ctlxfer, txxfer, rxxfer; 2023 struct uath_fwblock *txblock, *rxblock; 2024 uint8_t *txdata; 2025 int error = 0; 2026 2027 if ((ctlxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 2028 printf("%s: could not allocate Tx control xfer\n", 2029 sc->sc_dev.dv_xname); 2030 error = USBD_NOMEM; 2031 goto fail1; 2032 } 2033 txblock = usbd_alloc_buffer(ctlxfer, sizeof (struct uath_fwblock)); 2034 if (txblock == NULL) { 2035 printf("%s: could not allocate Tx control block\n", 2036 sc->sc_dev.dv_xname); 2037 error = USBD_NOMEM; 2038 goto fail2; 2039 } 2040 2041 if ((txxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 2042 printf("%s: could not allocate Tx xfer\n", 2043 sc->sc_dev.dv_xname); 2044 error = USBD_NOMEM; 2045 goto fail2; 2046 } 2047 txdata = usbd_alloc_buffer(txxfer, UATH_MAX_FWBLOCK_SIZE); 2048 if (txdata == NULL) { 2049 printf("%s: could not allocate Tx buffer\n", 2050 sc->sc_dev.dv_xname); 2051 error = USBD_NOMEM; 2052 goto fail3; 2053 } 2054 2055 if ((rxxfer = usbd_alloc_xfer(sc->sc_udev)) == NULL) { 2056 printf("%s: could not allocate Rx control xfer\n", 2057 sc->sc_dev.dv_xname); 2058 error = USBD_NOMEM; 2059 goto fail3; 2060 } 2061 rxblock = usbd_alloc_buffer(rxxfer, sizeof (struct uath_fwblock)); 2062 if (rxblock == NULL) { 2063 printf("%s: could not allocate Rx control block\n", 2064 sc->sc_dev.dv_xname); 2065 error = USBD_NOMEM; 2066 goto fail4; 2067 } 2068 2069 bzero(txblock, sizeof (struct uath_fwblock)); 2070 txblock->flags = htobe32(UATH_WRITE_BLOCK); 2071 txblock->total = htobe32(len); 2072 2073 while (len > 0) { 2074 int mlen = min(len, UATH_MAX_FWBLOCK_SIZE); 2075 2076 txblock->remain = htobe32(len - mlen); 2077 txblock->len = htobe32(mlen); 2078 2079 DPRINTF(("sending firmware block: %d bytes remaining\n", 2080 len - mlen)); 2081 2082 /* send firmware block meta-data */ 2083 usbd_setup_xfer(ctlxfer, sc->cmd_tx_pipe, sc, txblock, 2084 sizeof (struct uath_fwblock), USBD_NO_COPY, 2085 UATH_CMD_TIMEOUT, NULL); 2086 if ((error = usbd_sync_transfer(ctlxfer)) != 0) { 2087 printf("%s: could not send firmware block info\n", 2088 sc->sc_dev.dv_xname); 2089 break; 2090 } 2091 2092 /* send firmware block data */ 2093 bcopy(fw, txdata, mlen); 2094 usbd_setup_xfer(txxfer, sc->data_tx_pipe, sc, txdata, mlen, 2095 USBD_NO_COPY, UATH_DATA_TIMEOUT, NULL); 2096 if ((error = usbd_sync_transfer(txxfer)) != 0) { 2097 printf("%s: could not send firmware block data\n", 2098 sc->sc_dev.dv_xname); 2099 break; 2100 } 2101 2102 /* wait for ack from firmware */ 2103 usbd_setup_xfer(rxxfer, sc->cmd_rx_pipe, sc, rxblock, 2104 sizeof (struct uath_fwblock), USBD_SHORT_XFER_OK | 2105 USBD_NO_COPY, UATH_CMD_TIMEOUT, NULL); 2106 if ((error = usbd_sync_transfer(rxxfer)) != 0) { 2107 printf("%s: could not read firmware answer\n", 2108 sc->sc_dev.dv_xname); 2109 break; 2110 } 2111 2112 DPRINTFN(2, ("rxblock flags=0x%x total=%d\n", 2113 betoh32(rxblock->flags), betoh32(rxblock->rxtotal))); 2114 fw += mlen; 2115 len -= mlen; 2116 } 2117 2118 fail4: usbd_free_xfer(rxxfer); 2119 fail3: usbd_free_xfer(txxfer); 2120 fail2: usbd_free_xfer(ctlxfer); 2121 fail1: return error; 2122 } 2123 2124 int 2125 uath_activate(struct device *self, int act) 2126 { 2127 struct uath_softc *sc = (struct uath_softc *)self; 2128 2129 switch (act) { 2130 case DVACT_DEACTIVATE: 2131 usbd_deactivate(sc->sc_udev); 2132 break; 2133 } 2134 return 0; 2135 } 2136