1 /* $OpenBSD: if_upgt.c,v 1.77 2016/04/13 11:03:37 mpi Exp $ */ 2 3 /* 4 * Copyright (c) 2007 Marcus Glocker <mglocker@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "bpfilter.h" 20 21 #include <sys/param.h> 22 #include <sys/sockio.h> 23 #include <sys/mbuf.h> 24 #include <sys/kernel.h> 25 #include <sys/socket.h> 26 #include <sys/systm.h> 27 #include <sys/timeout.h> 28 #include <sys/conf.h> 29 #include <sys/device.h> 30 #include <sys/endian.h> 31 32 #include <machine/intr.h> 33 34 #if NBPFILTER > 0 35 #include <net/bpf.h> 36 #endif 37 #include <net/if.h> 38 #include <net/if_dl.h> 39 #include <net/if_media.h> 40 41 #include <netinet/in.h> 42 #include <netinet/if_ether.h> 43 44 #include <net80211/ieee80211_var.h> 45 #include <net80211/ieee80211_radiotap.h> 46 47 #include <dev/usb/usb.h> 48 #include <dev/usb/usbdi.h> 49 #include <dev/usb/usbdi_util.h> 50 #include <dev/usb/usbdevs.h> 51 52 #include <dev/usb/if_upgtvar.h> 53 54 /* 55 * Driver for the USB PrismGT devices. 56 * 57 * For now just USB 2.0 devices with the GW3887 chipset are supported. 58 * The driver has been written based on the firmware version 2.13.1.0_LM87. 59 * 60 * TODO's: 61 * - Fix MONITOR mode (MAC filter). 62 * - Add HOSTAP mode. 63 * - Add IBSS mode. 64 * - Support the USB 1.0 devices (NET2280, ISL3880, ISL3886 chipsets). 65 * 66 * Parts of this driver has been influenced by reading the p54u driver 67 * written by Jean-Baptiste Note <jean-baptiste.note@m4x.org> and 68 * Sebastien Bourdeauducq <lekernel@prism54.org>. 69 */ 70 71 #ifdef UPGT_DEBUG 72 int upgt_debug = 2; 73 #define DPRINTF(l, x...) do { if ((l) <= upgt_debug) printf(x); } while (0) 74 #else 75 #define DPRINTF(l, x...) 76 #endif 77 78 /* 79 * Prototypes. 80 */ 81 int upgt_match(struct device *, void *, void *); 82 void upgt_attach(struct device *, struct device *, void *); 83 void upgt_attach_hook(struct device *); 84 int upgt_detach(struct device *, int); 85 86 int upgt_device_type(struct upgt_softc *, uint16_t, uint16_t); 87 int upgt_device_init(struct upgt_softc *); 88 int upgt_mem_init(struct upgt_softc *); 89 uint32_t upgt_mem_alloc(struct upgt_softc *); 90 void upgt_mem_free(struct upgt_softc *, uint32_t); 91 int upgt_fw_alloc(struct upgt_softc *); 92 void upgt_fw_free(struct upgt_softc *); 93 int upgt_fw_verify(struct upgt_softc *); 94 int upgt_fw_load(struct upgt_softc *); 95 int upgt_fw_copy(char *, char *, int); 96 int upgt_eeprom_read(struct upgt_softc *); 97 int upgt_eeprom_parse(struct upgt_softc *); 98 void upgt_eeprom_parse_hwrx(struct upgt_softc *, uint8_t *); 99 void upgt_eeprom_parse_freq3(struct upgt_softc *, uint8_t *, int); 100 void upgt_eeprom_parse_freq4(struct upgt_softc *, uint8_t *, int); 101 void upgt_eeprom_parse_freq6(struct upgt_softc *, uint8_t *, int); 102 103 int upgt_ioctl(struct ifnet *, u_long, caddr_t); 104 int upgt_init(struct ifnet *); 105 void upgt_stop(struct upgt_softc *); 106 int upgt_media_change(struct ifnet *); 107 void upgt_newassoc(struct ieee80211com *, struct ieee80211_node *, 108 int); 109 int upgt_newstate(struct ieee80211com *, enum ieee80211_state, int); 110 void upgt_newstate_task(void *); 111 void upgt_next_scan(void *); 112 void upgt_start(struct ifnet *); 113 void upgt_watchdog(struct ifnet *); 114 void upgt_tx_task(void *); 115 void upgt_tx_done(struct upgt_softc *, uint8_t *); 116 void upgt_rx_cb(struct usbd_xfer *, void *, usbd_status); 117 void upgt_rx(struct upgt_softc *, uint8_t *, int); 118 void upgt_setup_rates(struct upgt_softc *); 119 uint8_t upgt_rx_rate(struct upgt_softc *, const int); 120 int upgt_set_macfilter(struct upgt_softc *, uint8_t state); 121 int upgt_set_channel(struct upgt_softc *, unsigned); 122 void upgt_set_led(struct upgt_softc *, int); 123 void upgt_set_led_blink(void *); 124 int upgt_get_stats(struct upgt_softc *); 125 126 int upgt_alloc_tx(struct upgt_softc *); 127 int upgt_alloc_rx(struct upgt_softc *); 128 int upgt_alloc_cmd(struct upgt_softc *); 129 void upgt_free_tx(struct upgt_softc *); 130 void upgt_free_rx(struct upgt_softc *); 131 void upgt_free_cmd(struct upgt_softc *); 132 int upgt_bulk_xmit(struct upgt_softc *, struct upgt_data *, 133 struct usbd_pipe *, uint32_t *, int); 134 135 void upgt_hexdump(void *, int); 136 uint32_t upgt_crc32_le(const void *, size_t); 137 uint32_t upgt_chksum_le(const uint32_t *, size_t); 138 139 struct cfdriver upgt_cd = { 140 NULL, "upgt", DV_IFNET 141 }; 142 143 const struct cfattach upgt_ca = { 144 sizeof(struct upgt_softc), upgt_match, upgt_attach, upgt_detach 145 }; 146 147 static const struct usb_devno upgt_devs_1[] = { 148 /* version 1 devices */ 149 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST120G } 150 }; 151 152 static const struct usb_devno upgt_devs_2[] = { 153 /* version 2 devices */ 154 { USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_PRISM_GT }, 155 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST121G }, 156 { USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D7050 }, 157 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54AG }, 158 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54GV2 }, 159 { USB_VENDOR_CONCEPTRONIC, USB_PRODUCT_CONCEPTRONIC_PRISM_GT }, 160 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_1 }, 161 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_2 }, 162 { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWLG122A2 }, 163 { USB_VENDOR_FSC, USB_PRODUCT_FSC_E5400 }, 164 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_1 }, 165 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_2 }, 166 { USB_VENDOR_INTERSIL, USB_PRODUCT_INTERSIL_PRISM_GT }, 167 { USB_VENDOR_PHEENET, USB_PRODUCT_PHEENET_GWU513 }, 168 { USB_VENDOR_PHILIPS, USB_PRODUCT_PHILIPS_CPWUA054 }, 169 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG }, 170 { USB_VENDOR_USR, USB_PRODUCT_USR_USR5422 }, 171 { USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_UR045G }, 172 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_1 }, 173 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_2 }, 174 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_MD40900 }, 175 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_XG703A } 176 }; 177 178 int 179 upgt_match(struct device *parent, void *match, void *aux) 180 { 181 struct usb_attach_arg *uaa = aux; 182 183 if (uaa->iface != NULL) 184 return (UMATCH_NONE); 185 186 if (usb_lookup(upgt_devs_1, uaa->vendor, uaa->product) != NULL) 187 return (UMATCH_VENDOR_PRODUCT); 188 189 if (usb_lookup(upgt_devs_2, uaa->vendor, uaa->product) != NULL) 190 return (UMATCH_VENDOR_PRODUCT); 191 192 return (UMATCH_NONE); 193 } 194 195 void 196 upgt_attach(struct device *parent, struct device *self, void *aux) 197 { 198 struct upgt_softc *sc = (struct upgt_softc *)self; 199 struct usb_attach_arg *uaa = aux; 200 usb_interface_descriptor_t *id; 201 usb_endpoint_descriptor_t *ed; 202 usbd_status error; 203 int i; 204 205 /* 206 * Attach USB device. 207 */ 208 sc->sc_udev = uaa->device; 209 210 /* check device type */ 211 if (upgt_device_type(sc, uaa->vendor, uaa->product) != 0) 212 return; 213 214 /* set configuration number */ 215 if (usbd_set_config_no(sc->sc_udev, UPGT_CONFIG_NO, 0) != 0) { 216 printf("%s: could not set configuration no!\n", 217 sc->sc_dev.dv_xname); 218 return; 219 } 220 221 /* get the first interface handle */ 222 error = usbd_device2interface_handle(sc->sc_udev, UPGT_IFACE_INDEX, 223 &sc->sc_iface); 224 if (error != 0) { 225 printf("%s: could not get interface handle!\n", 226 sc->sc_dev.dv_xname); 227 return; 228 } 229 230 /* find endpoints */ 231 id = usbd_get_interface_descriptor(sc->sc_iface); 232 sc->sc_rx_no = sc->sc_tx_no = -1; 233 for (i = 0; i < id->bNumEndpoints; i++) { 234 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 235 if (ed == NULL) { 236 printf("%s: no endpoint descriptor for iface %d!\n", 237 sc->sc_dev.dv_xname, i); 238 return; 239 } 240 241 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 242 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 243 sc->sc_tx_no = ed->bEndpointAddress; 244 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 245 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 246 sc->sc_rx_no = ed->bEndpointAddress; 247 248 /* 249 * 0x01 TX pipe 250 * 0x81 RX pipe 251 * 252 * Deprecated scheme (not used with fw version >2.5.6.x): 253 * 0x02 TX MGMT pipe 254 * 0x82 TX MGMT pipe 255 */ 256 if (sc->sc_tx_no != -1 && sc->sc_rx_no != -1) 257 break; 258 } 259 if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) { 260 printf("%s: missing endpoint!\n", sc->sc_dev.dv_xname); 261 return; 262 } 263 264 /* setup tasks and timeouts */ 265 usb_init_task(&sc->sc_task_newstate, upgt_newstate_task, sc, 266 USB_TASK_TYPE_GENERIC); 267 usb_init_task(&sc->sc_task_tx, upgt_tx_task, sc, USB_TASK_TYPE_GENERIC); 268 timeout_set(&sc->scan_to, upgt_next_scan, sc); 269 timeout_set(&sc->led_to, upgt_set_led_blink, sc); 270 271 /* 272 * Open TX and RX USB bulk pipes. 273 */ 274 error = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE, 275 &sc->sc_tx_pipeh); 276 if (error != 0) { 277 printf("%s: could not open TX pipe: %s!\n", 278 sc->sc_dev.dv_xname, usbd_errstr(error)); 279 goto fail; 280 } 281 error = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE, 282 &sc->sc_rx_pipeh); 283 if (error != 0) { 284 printf("%s: could not open RX pipe: %s!\n", 285 sc->sc_dev.dv_xname, usbd_errstr(error)); 286 goto fail; 287 } 288 289 /* 290 * Allocate TX, RX, and CMD xfers. 291 */ 292 if (upgt_alloc_tx(sc) != 0) 293 goto fail; 294 if (upgt_alloc_rx(sc) != 0) 295 goto fail; 296 if (upgt_alloc_cmd(sc) != 0) 297 goto fail; 298 299 /* 300 * We need the firmware loaded to complete the attach. 301 */ 302 config_mountroot(self, upgt_attach_hook); 303 304 return; 305 fail: 306 printf("%s: %s failed!\n", sc->sc_dev.dv_xname, __func__); 307 } 308 309 void 310 upgt_attach_hook(struct device *self) 311 { 312 struct upgt_softc *sc = (struct upgt_softc *)self; 313 struct ieee80211com *ic = &sc->sc_ic; 314 struct ifnet *ifp = &ic->ic_if; 315 usbd_status error; 316 int i; 317 318 /* 319 * Load firmware file into memory. 320 */ 321 if (upgt_fw_alloc(sc) != 0) 322 goto fail; 323 324 /* 325 * Initialize the device. 326 */ 327 if (upgt_device_init(sc) != 0) 328 goto fail; 329 330 /* 331 * Verify the firmware. 332 */ 333 if (upgt_fw_verify(sc) != 0) 334 goto fail; 335 336 /* 337 * Calculate device memory space. 338 */ 339 if (sc->sc_memaddr_frame_start == 0 || sc->sc_memaddr_frame_end == 0) { 340 printf("%s: could not find memory space addresses on FW!\n", 341 sc->sc_dev.dv_xname); 342 goto fail; 343 } 344 sc->sc_memaddr_frame_end -= UPGT_MEMSIZE_RX + 1; 345 sc->sc_memaddr_rx_start = sc->sc_memaddr_frame_end + 1; 346 347 DPRINTF(1, "%s: memory address frame start=0x%08x\n", 348 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_start); 349 DPRINTF(1, "%s: memory address frame end=0x%08x\n", 350 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_end); 351 DPRINTF(1, "%s: memory address rx start=0x%08x\n", 352 sc->sc_dev.dv_xname, sc->sc_memaddr_rx_start); 353 354 upgt_mem_init(sc); 355 356 /* 357 * Load the firmware. 358 */ 359 if (upgt_fw_load(sc) != 0) 360 goto fail; 361 362 /* 363 * Startup the RX pipe. 364 */ 365 struct upgt_data *data_rx = &sc->rx_data; 366 367 usbd_setup_xfer(data_rx->xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, 368 MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 369 error = usbd_transfer(data_rx->xfer); 370 if (error != 0 && error != USBD_IN_PROGRESS) { 371 printf("%s: could not queue RX transfer!\n", 372 sc->sc_dev.dv_xname); 373 goto fail; 374 } 375 usbd_delay_ms(sc->sc_udev, 100); 376 377 /* 378 * Read the whole EEPROM content and parse it. 379 */ 380 if (upgt_eeprom_read(sc) != 0) 381 goto fail; 382 if (upgt_eeprom_parse(sc) != 0) 383 goto fail; 384 385 /* 386 * Setup the 802.11 device. 387 */ 388 ic->ic_phytype = IEEE80211_T_OFDM; 389 ic->ic_opmode = IEEE80211_M_STA; 390 ic->ic_state = IEEE80211_S_INIT; 391 ic->ic_caps = 392 IEEE80211_C_MONITOR | 393 IEEE80211_C_SHPREAMBLE | 394 IEEE80211_C_SHSLOT | 395 IEEE80211_C_WEP | 396 IEEE80211_C_RSN; 397 398 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 399 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 400 401 for (i = 1; i <= 14; i++) { 402 ic->ic_channels[i].ic_freq = 403 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 404 ic->ic_channels[i].ic_flags = 405 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 406 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 407 } 408 409 ifp->if_softc = sc; 410 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 411 ifp->if_ioctl = upgt_ioctl; 412 ifp->if_start = upgt_start; 413 ifp->if_watchdog = upgt_watchdog; 414 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 415 416 if_attach(ifp); 417 ieee80211_ifattach(ifp); 418 ic->ic_newassoc = upgt_newassoc; 419 420 sc->sc_newstate = ic->ic_newstate; 421 ic->ic_newstate = upgt_newstate; 422 ieee80211_media_init(ifp, upgt_media_change, ieee80211_media_status); 423 424 #if NBPFILTER > 0 425 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 426 sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 427 428 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 429 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 430 sc->sc_rxtap.wr_ihdr.it_present = htole32(UPGT_RX_RADIOTAP_PRESENT); 431 432 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 433 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 434 sc->sc_txtap.wt_ihdr.it_present = htole32(UPGT_TX_RADIOTAP_PRESENT); 435 #endif 436 437 printf("%s: address %s\n", 438 sc->sc_dev.dv_xname, ether_sprintf(ic->ic_myaddr)); 439 440 return; 441 fail: 442 printf("%s: %s failed!\n", sc->sc_dev.dv_xname, __func__); 443 } 444 445 int 446 upgt_detach(struct device *self, int flags) 447 { 448 struct upgt_softc *sc = (struct upgt_softc *)self; 449 struct ifnet *ifp = &sc->sc_ic.ic_if; 450 int s; 451 452 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 453 454 s = splusb(); 455 456 /* abort and close TX / RX pipes */ 457 if (sc->sc_tx_pipeh != NULL) { 458 usbd_abort_pipe(sc->sc_tx_pipeh); 459 usbd_close_pipe(sc->sc_tx_pipeh); 460 } 461 if (sc->sc_rx_pipeh != NULL) { 462 usbd_abort_pipe(sc->sc_rx_pipeh); 463 usbd_close_pipe(sc->sc_rx_pipeh); 464 } 465 466 /* remove tasks and timeouts */ 467 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 468 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 469 if (timeout_initialized(&sc->scan_to)) 470 timeout_del(&sc->scan_to); 471 if (timeout_initialized(&sc->led_to)) 472 timeout_del(&sc->led_to); 473 474 /* free xfers */ 475 upgt_free_tx(sc); 476 upgt_free_rx(sc); 477 upgt_free_cmd(sc); 478 479 /* free firmware */ 480 upgt_fw_free(sc); 481 482 if (ifp->if_softc != NULL) { 483 /* detach interface */ 484 ieee80211_ifdetach(ifp); 485 if_detach(ifp); 486 } 487 488 splx(s); 489 490 return (0); 491 } 492 493 int 494 upgt_device_type(struct upgt_softc *sc, uint16_t vendor, uint16_t product) 495 { 496 if (usb_lookup(upgt_devs_1, vendor, product) != NULL) { 497 sc->sc_device_type = 1; 498 /* XXX */ 499 printf("%s: version 1 devices not supported yet!\n", 500 sc->sc_dev.dv_xname); 501 return (1); 502 } else { 503 sc->sc_device_type = 2; 504 } 505 506 return (0); 507 } 508 509 int 510 upgt_device_init(struct upgt_softc *sc) 511 { 512 struct upgt_data *data_cmd = &sc->cmd_data; 513 char init_cmd[] = { 0x7e, 0x7e, 0x7e, 0x7e }; 514 int len; 515 516 len = sizeof(init_cmd); 517 bcopy(init_cmd, data_cmd->buf, len); 518 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 519 printf("%s: could not send device init string!\n", 520 sc->sc_dev.dv_xname); 521 return (EIO); 522 } 523 usbd_delay_ms(sc->sc_udev, 100); 524 525 DPRINTF(1, "%s: device initialized\n", sc->sc_dev.dv_xname); 526 527 return (0); 528 } 529 530 int 531 upgt_mem_init(struct upgt_softc *sc) 532 { 533 int i; 534 535 for (i = 0; i < UPGT_MEMORY_MAX_PAGES; i++) { 536 sc->sc_memory.page[i].used = 0; 537 538 if (i == 0) { 539 /* 540 * The first memory page is always reserved for 541 * command data. 542 */ 543 sc->sc_memory.page[i].addr = 544 sc->sc_memaddr_frame_start + MCLBYTES; 545 } else { 546 sc->sc_memory.page[i].addr = 547 sc->sc_memory.page[i - 1].addr + MCLBYTES; 548 } 549 550 if (sc->sc_memory.page[i].addr + MCLBYTES >= 551 sc->sc_memaddr_frame_end) 552 break; 553 554 DPRINTF(2, "%s: memory address page %d=0x%08x\n", 555 sc->sc_dev.dv_xname, i, sc->sc_memory.page[i].addr); 556 } 557 558 sc->sc_memory.pages = i; 559 560 DPRINTF(2, "%s: memory pages=%d\n", 561 sc->sc_dev.dv_xname, sc->sc_memory.pages); 562 563 return (0); 564 } 565 566 uint32_t 567 upgt_mem_alloc(struct upgt_softc *sc) 568 { 569 int i; 570 571 for (i = 0; i < sc->sc_memory.pages; i++) { 572 if (sc->sc_memory.page[i].used == 0) { 573 sc->sc_memory.page[i].used = 1; 574 return (sc->sc_memory.page[i].addr); 575 } 576 } 577 578 return (0); 579 } 580 581 void 582 upgt_mem_free(struct upgt_softc *sc, uint32_t addr) 583 { 584 int i; 585 586 for (i = 0; i < sc->sc_memory.pages; i++) { 587 if (sc->sc_memory.page[i].addr == addr) { 588 sc->sc_memory.page[i].used = 0; 589 return; 590 } 591 } 592 593 printf("%s: could not free memory address 0x%08x!\n", 594 sc->sc_dev.dv_xname, addr); 595 } 596 597 598 int 599 upgt_fw_alloc(struct upgt_softc *sc) 600 { 601 const char *name = "upgt-gw3887"; 602 int error; 603 604 if (sc->sc_fw == NULL) { 605 error = loadfirmware(name, &sc->sc_fw, &sc->sc_fw_size); 606 if (error != 0) { 607 printf("%s: error %d, could not read firmware %s!\n", 608 sc->sc_dev.dv_xname, error, name); 609 return (EIO); 610 } 611 } 612 613 DPRINTF(1, "%s: firmware %s allocated\n", sc->sc_dev.dv_xname, name); 614 615 return (0); 616 } 617 618 void 619 upgt_fw_free(struct upgt_softc *sc) 620 { 621 if (sc->sc_fw != NULL) { 622 free(sc->sc_fw, M_DEVBUF, 0); 623 sc->sc_fw = NULL; 624 DPRINTF(1, "%s: firmware freed\n", sc->sc_dev.dv_xname); 625 } 626 } 627 628 int 629 upgt_fw_verify(struct upgt_softc *sc) 630 { 631 struct upgt_fw_bra_option *bra_option; 632 uint32_t bra_option_type, bra_option_len; 633 uint32_t *uc; 634 int offset, bra_end = 0; 635 636 /* 637 * Seek to beginning of Boot Record Area (BRA). 638 */ 639 for (offset = 0; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 640 uc = (uint32_t *)(sc->sc_fw + offset); 641 if (*uc == 0) 642 break; 643 } 644 for (; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 645 uc = (uint32_t *)(sc->sc_fw + offset); 646 if (*uc != 0) 647 break; 648 } 649 if (offset == sc->sc_fw_size) { 650 printf("%s: firmware Boot Record Area not found!\n", 651 sc->sc_dev.dv_xname); 652 return (EIO); 653 } 654 DPRINTF(1, "%s: firmware Boot Record Area found at offset %d\n", 655 sc->sc_dev.dv_xname, offset); 656 657 /* 658 * Parse Boot Record Area (BRA) options. 659 */ 660 while (offset < sc->sc_fw_size && bra_end == 0) { 661 /* get current BRA option */ 662 bra_option = (struct upgt_fw_bra_option *)(sc->sc_fw + offset); 663 bra_option_type = letoh32(bra_option->type); 664 bra_option_len = letoh32(bra_option->len) * sizeof(*uc); 665 666 switch (bra_option_type) { 667 case UPGT_BRA_TYPE_FW: 668 DPRINTF(1, "%s: UPGT_BRA_TYPE_FW len=%d\n", 669 sc->sc_dev.dv_xname, bra_option_len); 670 671 if (bra_option_len != UPGT_BRA_FWTYPE_SIZE) { 672 printf("%s: wrong UPGT_BRA_TYPE_FW len!\n", 673 sc->sc_dev.dv_xname); 674 return (EIO); 675 } 676 if (memcmp(UPGT_BRA_FWTYPE_LM86, bra_option->data, 677 bra_option_len) == 0) { 678 sc->sc_fw_type = UPGT_FWTYPE_LM86; 679 break; 680 } 681 if (memcmp(UPGT_BRA_FWTYPE_LM87, bra_option->data, 682 bra_option_len) == 0) { 683 sc->sc_fw_type = UPGT_FWTYPE_LM87; 684 break; 685 } 686 if (memcmp(UPGT_BRA_FWTYPE_FMAC, bra_option->data, 687 bra_option_len) == 0) { 688 sc->sc_fw_type = UPGT_FWTYPE_FMAC; 689 break; 690 } 691 printf("%s: unsupported firmware type!\n", 692 sc->sc_dev.dv_xname); 693 return (EIO); 694 case UPGT_BRA_TYPE_VERSION: 695 DPRINTF(1, "%s: UPGT_BRA_TYPE_VERSION len=%d\n", 696 sc->sc_dev.dv_xname, bra_option_len); 697 break; 698 case UPGT_BRA_TYPE_DEPIF: 699 DPRINTF(1, "%s: UPGT_BRA_TYPE_DEPIF len=%d\n", 700 sc->sc_dev.dv_xname, bra_option_len); 701 break; 702 case UPGT_BRA_TYPE_EXPIF: 703 DPRINTF(1, "%s: UPGT_BRA_TYPE_EXPIF len=%d\n", 704 sc->sc_dev.dv_xname, bra_option_len); 705 break; 706 case UPGT_BRA_TYPE_DESCR: 707 DPRINTF(1, "%s: UPGT_BRA_TYPE_DESCR len=%d\n", 708 sc->sc_dev.dv_xname, bra_option_len); 709 710 struct upgt_fw_bra_descr *descr = 711 (struct upgt_fw_bra_descr *)bra_option->data; 712 713 sc->sc_memaddr_frame_start = 714 letoh32(descr->memaddr_space_start); 715 sc->sc_memaddr_frame_end = 716 letoh32(descr->memaddr_space_end); 717 718 DPRINTF(2, "%s: memory address space start=0x%08x\n", 719 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_start); 720 DPRINTF(2, "%s: memory address space end=0x%08x\n", 721 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_end); 722 break; 723 case UPGT_BRA_TYPE_END: 724 DPRINTF(1, "%s: UPGT_BRA_TYPE_END len=%d\n", 725 sc->sc_dev.dv_xname, bra_option_len); 726 bra_end = 1; 727 break; 728 default: 729 DPRINTF(1, "%s: unknown BRA option len=%d\n", 730 sc->sc_dev.dv_xname, bra_option_len); 731 return (EIO); 732 } 733 734 /* jump to next BRA option */ 735 offset += sizeof(struct upgt_fw_bra_option) + bra_option_len; 736 } 737 738 DPRINTF(1, "%s: firmware verified\n", sc->sc_dev.dv_xname); 739 740 return (0); 741 } 742 743 int 744 upgt_fw_load(struct upgt_softc *sc) 745 { 746 struct upgt_data *data_cmd = &sc->cmd_data; 747 struct upgt_data *data_rx = &sc->rx_data; 748 char start_fwload_cmd[] = { 0x3c, 0x0d }; 749 int offset, bsize, n, i, len; 750 uint32_t crc32; 751 752 /* send firmware start load command */ 753 len = sizeof(start_fwload_cmd); 754 bcopy(start_fwload_cmd, data_cmd->buf, len); 755 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 756 printf("%s: could not send start_firmware_load command!\n", 757 sc->sc_dev.dv_xname); 758 return (EIO); 759 } 760 761 /* send X2 header */ 762 len = sizeof(struct upgt_fw_x2_header); 763 struct upgt_fw_x2_header *x2 = data_cmd->buf; 764 bcopy(UPGT_X2_SIGNATURE, x2->signature, UPGT_X2_SIGNATURE_SIZE); 765 x2->startaddr = htole32(UPGT_MEMADDR_FIRMWARE_START); 766 x2->len = htole32(sc->sc_fw_size); 767 x2->crc = upgt_crc32_le(data_cmd->buf + UPGT_X2_SIGNATURE_SIZE, 768 sizeof(struct upgt_fw_x2_header) - UPGT_X2_SIGNATURE_SIZE - 769 sizeof(uint32_t)); 770 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 771 printf("%s: could not send firmware X2 header!\n", 772 sc->sc_dev.dv_xname); 773 return (EIO); 774 } 775 776 /* download firmware */ 777 for (offset = 0; offset < sc->sc_fw_size; offset += bsize) { 778 if (sc->sc_fw_size - offset > UPGT_FW_BLOCK_SIZE) 779 bsize = UPGT_FW_BLOCK_SIZE; 780 else 781 bsize = sc->sc_fw_size - offset; 782 783 n = upgt_fw_copy(sc->sc_fw + offset, data_cmd->buf, bsize); 784 785 DPRINTF(1, "%s: FW offset=%d, read=%d, sent=%d\n", 786 sc->sc_dev.dv_xname, offset, n, bsize); 787 788 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &bsize, 0) 789 != 0) { 790 printf("%s: error while downloading firmware block!\n", 791 sc->sc_dev.dv_xname); 792 return (EIO); 793 } 794 795 bsize = n; 796 } 797 DPRINTF(1, "%s: firmware downloaded\n", sc->sc_dev.dv_xname); 798 799 /* load firmware */ 800 crc32 = upgt_crc32_le(sc->sc_fw, sc->sc_fw_size); 801 *((uint32_t *)(data_cmd->buf) ) = crc32; 802 *((uint8_t *)(data_cmd->buf) + 4) = 'g'; 803 *((uint8_t *)(data_cmd->buf) + 5) = '\r'; 804 len = 6; 805 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 806 printf("%s: could not send load_firmware command!\n", 807 sc->sc_dev.dv_xname); 808 return (EIO); 809 } 810 811 for (i = 0; i < UPGT_FIRMWARE_TIMEOUT; i++) { 812 len = UPGT_FW_BLOCK_SIZE; 813 bzero(data_rx->buf, MCLBYTES); 814 if (upgt_bulk_xmit(sc, data_rx, sc->sc_rx_pipeh, &len, 815 USBD_SHORT_XFER_OK) != 0) { 816 printf("%s: could not read firmware response!\n", 817 sc->sc_dev.dv_xname); 818 return (EIO); 819 } 820 821 if (memcmp(data_rx->buf, "OK", 2) == 0) 822 break; /* firmware load was successful */ 823 } 824 if (i == UPGT_FIRMWARE_TIMEOUT) { 825 printf("%s: firmware load failed!\n", sc->sc_dev.dv_xname); 826 return (EIO); 827 } 828 DPRINTF(1, "%s: firmware loaded\n", sc->sc_dev.dv_xname); 829 830 return (0); 831 } 832 833 /* 834 * While copying the version 2 firmware, we need to replace two characters: 835 * 836 * 0x7e -> 0x7d 0x5e 837 * 0x7d -> 0x7d 0x5d 838 */ 839 int 840 upgt_fw_copy(char *src, char *dst, int size) 841 { 842 int i, j; 843 844 for (i = 0, j = 0; i < size && j < size; i++) { 845 switch (src[i]) { 846 case 0x7e: 847 dst[j] = 0x7d; 848 j++; 849 dst[j] = 0x5e; 850 j++; 851 break; 852 case 0x7d: 853 dst[j] = 0x7d; 854 j++; 855 dst[j] = 0x5d; 856 j++; 857 break; 858 default: 859 dst[j] = src[i]; 860 j++; 861 break; 862 } 863 } 864 865 return (i); 866 } 867 868 int 869 upgt_eeprom_read(struct upgt_softc *sc) 870 { 871 struct upgt_data *data_cmd = &sc->cmd_data; 872 struct upgt_lmac_mem *mem; 873 struct upgt_lmac_eeprom *eeprom; 874 int offset, block, len; 875 876 offset = 0; 877 block = UPGT_EEPROM_BLOCK_SIZE; 878 while (offset < UPGT_EEPROM_SIZE) { 879 DPRINTF(1, "%s: request EEPROM block (offset=%d, len=%d)\n", 880 sc->sc_dev.dv_xname, offset, block); 881 882 /* 883 * Transmit the URB containing the CMD data. 884 */ 885 bzero(data_cmd->buf, MCLBYTES); 886 887 mem = (struct upgt_lmac_mem *)data_cmd->buf; 888 mem->addr = htole32(sc->sc_memaddr_frame_start + 889 UPGT_MEMSIZE_FRAME_HEAD); 890 891 eeprom = (struct upgt_lmac_eeprom *)(mem + 1); 892 eeprom->header1.flags = 0; 893 eeprom->header1.type = UPGT_H1_TYPE_CTRL; 894 eeprom->header1.len = htole16(( 895 sizeof(struct upgt_lmac_eeprom) - 896 sizeof(struct upgt_lmac_header)) + block); 897 898 eeprom->header2.reqid = htole32(sc->sc_memaddr_frame_start); 899 eeprom->header2.type = htole16(UPGT_H2_TYPE_EEPROM); 900 eeprom->header2.flags = 0; 901 902 eeprom->offset = htole16(offset); 903 eeprom->len = htole16(block); 904 905 len = sizeof(*mem) + sizeof(*eeprom) + block; 906 907 mem->chksum = upgt_chksum_le((uint32_t *)eeprom, 908 len - sizeof(*mem)); 909 910 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 911 USBD_FORCE_SHORT_XFER) != 0) { 912 printf("%s: could not transmit EEPROM data URB!\n", 913 sc->sc_dev.dv_xname); 914 return (EIO); 915 } 916 if (tsleep(sc, 0, "eeprom_request", UPGT_USB_TIMEOUT)) { 917 printf("%s: timeout while waiting for EEPROM data!\n", 918 sc->sc_dev.dv_xname); 919 return (EIO); 920 } 921 922 offset += block; 923 if (UPGT_EEPROM_SIZE - offset < block) 924 block = UPGT_EEPROM_SIZE - offset; 925 } 926 927 return (0); 928 } 929 930 int 931 upgt_eeprom_parse(struct upgt_softc *sc) 932 { 933 struct ieee80211com *ic = &sc->sc_ic; 934 struct upgt_eeprom_header *eeprom_header; 935 struct upgt_eeprom_option *eeprom_option; 936 uint16_t option_len; 937 uint16_t option_type; 938 uint16_t preamble_len; 939 int option_end = 0; 940 941 /* calculate eeprom options start offset */ 942 eeprom_header = (struct upgt_eeprom_header *)sc->sc_eeprom; 943 preamble_len = letoh16(eeprom_header->preamble_len); 944 eeprom_option = (struct upgt_eeprom_option *)(sc->sc_eeprom + 945 (sizeof(struct upgt_eeprom_header) + preamble_len)); 946 947 while (!option_end) { 948 /* the eeprom option length is stored in words */ 949 option_len = 950 (letoh16(eeprom_option->len) - 1) * sizeof(uint16_t); 951 option_type = 952 letoh16(eeprom_option->type); 953 954 switch (option_type) { 955 case UPGT_EEPROM_TYPE_NAME: 956 DPRINTF(1, "%s: EEPROM name len=%d\n", 957 sc->sc_dev.dv_xname, option_len); 958 break; 959 case UPGT_EEPROM_TYPE_SERIAL: 960 DPRINTF(1, "%s: EEPROM serial len=%d\n", 961 sc->sc_dev.dv_xname, option_len); 962 break; 963 case UPGT_EEPROM_TYPE_MAC: 964 DPRINTF(1, "%s: EEPROM mac len=%d\n", 965 sc->sc_dev.dv_xname, option_len); 966 967 IEEE80211_ADDR_COPY(ic->ic_myaddr, eeprom_option->data); 968 break; 969 case UPGT_EEPROM_TYPE_HWRX: 970 DPRINTF(1, "%s: EEPROM hwrx len=%d\n", 971 sc->sc_dev.dv_xname, option_len); 972 973 upgt_eeprom_parse_hwrx(sc, eeprom_option->data); 974 break; 975 case UPGT_EEPROM_TYPE_CHIP: 976 DPRINTF(1, "%s: EEPROM chip len=%d\n", 977 sc->sc_dev.dv_xname, option_len); 978 break; 979 case UPGT_EEPROM_TYPE_FREQ3: 980 DPRINTF(1, "%s: EEPROM freq3 len=%d\n", 981 sc->sc_dev.dv_xname, option_len); 982 983 upgt_eeprom_parse_freq3(sc, eeprom_option->data, 984 option_len); 985 break; 986 case UPGT_EEPROM_TYPE_FREQ4: 987 DPRINTF(1, "%s: EEPROM freq4 len=%d\n", 988 sc->sc_dev.dv_xname, option_len); 989 990 upgt_eeprom_parse_freq4(sc, eeprom_option->data, 991 option_len); 992 break; 993 case UPGT_EEPROM_TYPE_FREQ5: 994 DPRINTF(1, "%s: EEPROM freq5 len=%d\n", 995 sc->sc_dev.dv_xname, option_len); 996 break; 997 case UPGT_EEPROM_TYPE_FREQ6: 998 DPRINTF(1, "%s: EEPROM freq6 len=%d\n", 999 sc->sc_dev.dv_xname, option_len); 1000 1001 upgt_eeprom_parse_freq6(sc, eeprom_option->data, 1002 option_len); 1003 break; 1004 case UPGT_EEPROM_TYPE_END: 1005 DPRINTF(1, "%s: EEPROM end len=%d\n", 1006 sc->sc_dev.dv_xname, option_len); 1007 option_end = 1; 1008 break; 1009 case UPGT_EEPROM_TYPE_OFF: 1010 DPRINTF(1, "%s: EEPROM off without end option!\n", 1011 sc->sc_dev.dv_xname); 1012 return (EIO); 1013 default: 1014 DPRINTF(1, "%s: EEPROM unknown type 0x%04x len=%d\n", 1015 sc->sc_dev.dv_xname, option_type, option_len); 1016 break; 1017 } 1018 1019 /* jump to next EEPROM option */ 1020 eeprom_option = (struct upgt_eeprom_option *) 1021 (eeprom_option->data + option_len); 1022 } 1023 1024 return (0); 1025 } 1026 1027 void 1028 upgt_eeprom_parse_hwrx(struct upgt_softc *sc, uint8_t *data) 1029 { 1030 struct upgt_eeprom_option_hwrx *option_hwrx; 1031 1032 option_hwrx = (struct upgt_eeprom_option_hwrx *)data; 1033 1034 sc->sc_eeprom_hwrx = option_hwrx->rxfilter - UPGT_EEPROM_RX_CONST; 1035 1036 DPRINTF(2, "%s: hwrx option value=0x%04x\n", 1037 sc->sc_dev.dv_xname, sc->sc_eeprom_hwrx); 1038 } 1039 1040 void 1041 upgt_eeprom_parse_freq3(struct upgt_softc *sc, uint8_t *data, int len) 1042 { 1043 struct upgt_eeprom_freq3_header *freq3_header; 1044 struct upgt_lmac_freq3 *freq3; 1045 int i, elements, flags; 1046 unsigned channel; 1047 1048 freq3_header = (struct upgt_eeprom_freq3_header *)data; 1049 freq3 = (struct upgt_lmac_freq3 *)(freq3_header + 1); 1050 1051 flags = freq3_header->flags; 1052 elements = freq3_header->elements; 1053 1054 DPRINTF(2, "%s: flags=0x%02x\n", sc->sc_dev.dv_xname, flags); 1055 DPRINTF(2, "%s: elements=%d\n", sc->sc_dev.dv_xname, elements); 1056 1057 for (i = 0; i < elements; i++) { 1058 channel = ieee80211_mhz2ieee(letoh16(freq3[i].freq), 0); 1059 1060 sc->sc_eeprom_freq3[channel] = freq3[i]; 1061 1062 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1063 sc->sc_dev.dv_xname, 1064 letoh16(sc->sc_eeprom_freq3[channel].freq), channel); 1065 } 1066 } 1067 1068 void 1069 upgt_eeprom_parse_freq4(struct upgt_softc *sc, uint8_t *data, int len) 1070 { 1071 struct upgt_eeprom_freq4_header *freq4_header; 1072 struct upgt_eeprom_freq4_1 *freq4_1; 1073 struct upgt_eeprom_freq4_2 *freq4_2; 1074 int i, j, elements, settings, flags; 1075 unsigned channel; 1076 1077 freq4_header = (struct upgt_eeprom_freq4_header *)data; 1078 freq4_1 = (struct upgt_eeprom_freq4_1 *)(freq4_header + 1); 1079 1080 flags = freq4_header->flags; 1081 elements = freq4_header->elements; 1082 settings = freq4_header->settings; 1083 1084 /* we need this value later */ 1085 sc->sc_eeprom_freq6_settings = freq4_header->settings; 1086 1087 DPRINTF(2, "%s: flags=0x%02x\n", sc->sc_dev.dv_xname, flags); 1088 DPRINTF(2, "%s: elements=%d\n", sc->sc_dev.dv_xname, elements); 1089 DPRINTF(2, "%s: settings=%d\n", sc->sc_dev.dv_xname, settings); 1090 1091 for (i = 0; i < elements; i++) { 1092 channel = ieee80211_mhz2ieee(letoh16(freq4_1[i].freq), 0); 1093 1094 freq4_2 = (struct upgt_eeprom_freq4_2 *)freq4_1[i].data; 1095 1096 for (j = 0; j < settings; j++) { 1097 sc->sc_eeprom_freq4[channel][j].cmd = freq4_2[j]; 1098 sc->sc_eeprom_freq4[channel][j].pad = 0; 1099 } 1100 1101 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1102 sc->sc_dev.dv_xname, 1103 letoh16(freq4_1[i].freq), channel); 1104 } 1105 } 1106 1107 void 1108 upgt_eeprom_parse_freq6(struct upgt_softc *sc, uint8_t *data, int len) 1109 { 1110 struct upgt_lmac_freq6 *freq6; 1111 int i, elements; 1112 unsigned channel; 1113 1114 freq6 = (struct upgt_lmac_freq6 *)data; 1115 1116 elements = len / sizeof(struct upgt_lmac_freq6); 1117 1118 DPRINTF(2, "%s: elements=%d\n", sc->sc_dev.dv_xname, elements); 1119 1120 for (i = 0; i < elements; i++) { 1121 channel = ieee80211_mhz2ieee(letoh16(freq6[i].freq), 0); 1122 1123 sc->sc_eeprom_freq6[channel] = freq6[i]; 1124 1125 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1126 sc->sc_dev.dv_xname, 1127 letoh16(sc->sc_eeprom_freq6[channel].freq), channel); 1128 } 1129 } 1130 1131 int 1132 upgt_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1133 { 1134 struct upgt_softc *sc = ifp->if_softc; 1135 struct ieee80211com *ic = &sc->sc_ic; 1136 struct ifreq *ifr; 1137 int s, error = 0; 1138 uint8_t chan; 1139 1140 s = splnet(); 1141 1142 switch (cmd) { 1143 case SIOCSIFADDR: 1144 ifp->if_flags |= IFF_UP; 1145 /* FALLTHROUGH */ 1146 case SIOCSIFFLAGS: 1147 if (ifp->if_flags & IFF_UP) { 1148 if ((ifp->if_flags & IFF_RUNNING) == 0) 1149 upgt_init(ifp); 1150 } else { 1151 if (ifp->if_flags & IFF_RUNNING) 1152 upgt_stop(sc); 1153 } 1154 break; 1155 case SIOCADDMULTI: 1156 case SIOCDELMULTI: 1157 ifr = (struct ifreq *)data; 1158 error = (cmd == SIOCADDMULTI) ? 1159 ether_addmulti(ifr, &ic->ic_ac) : 1160 ether_delmulti(ifr, &ic->ic_ac); 1161 if (error == ENETRESET) 1162 error = 0; 1163 break; 1164 case SIOCS80211CHANNEL: 1165 /* allow fast channel switching in monitor mode */ 1166 error = ieee80211_ioctl(ifp, cmd, data); 1167 if (error == ENETRESET && 1168 ic->ic_opmode == IEEE80211_M_MONITOR) { 1169 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1170 (IFF_UP | IFF_RUNNING)) { 1171 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1172 chan = ieee80211_chan2ieee(ic, 1173 ic->ic_bss->ni_chan); 1174 upgt_set_channel(sc, chan); 1175 } 1176 error = 0; 1177 } 1178 break; 1179 default: 1180 error = ieee80211_ioctl(ifp, cmd, data); 1181 break; 1182 } 1183 1184 if (error == ENETRESET) { 1185 if (ifp->if_flags & (IFF_UP | IFF_RUNNING)) 1186 upgt_init(ifp); 1187 error = 0; 1188 } 1189 1190 splx(s); 1191 1192 return (error); 1193 } 1194 1195 int 1196 upgt_init(struct ifnet *ifp) 1197 { 1198 struct upgt_softc *sc = ifp->if_softc; 1199 struct ieee80211com *ic = &sc->sc_ic; 1200 1201 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1202 1203 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 1204 1205 /* select default channel */ 1206 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1207 sc->sc_cur_chan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1208 1209 /* setup device rates */ 1210 upgt_setup_rates(sc); 1211 1212 ifp->if_flags |= IFF_RUNNING; 1213 ifq_clr_oactive(&ifp->if_snd); 1214 1215 upgt_set_macfilter(sc, IEEE80211_S_SCAN); 1216 1217 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1218 upgt_set_channel(sc, sc->sc_cur_chan); 1219 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1220 } else 1221 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1222 1223 return (0); 1224 } 1225 1226 void 1227 upgt_stop(struct upgt_softc *sc) 1228 { 1229 struct ieee80211com *ic = &sc->sc_ic; 1230 struct ifnet *ifp = &ic->ic_if; 1231 1232 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1233 1234 /* device down */ 1235 ifp->if_timer = 0; 1236 ifp->if_flags &= ~IFF_RUNNING; 1237 ifq_clr_oactive(&ifp->if_snd); 1238 1239 upgt_set_led(sc, UPGT_LED_OFF); 1240 1241 /* change device back to initial state */ 1242 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1243 } 1244 1245 int 1246 upgt_media_change(struct ifnet *ifp) 1247 { 1248 struct upgt_softc *sc = ifp->if_softc; 1249 int error; 1250 1251 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1252 1253 if ((error = ieee80211_media_change(ifp) != ENETRESET)) 1254 return (error); 1255 1256 if (ifp->if_flags & (IFF_UP | IFF_RUNNING)) { 1257 /* give pending USB transfers a chance to finish */ 1258 usbd_delay_ms(sc->sc_udev, 100); 1259 upgt_init(ifp); 1260 } 1261 1262 return (0); 1263 } 1264 1265 void 1266 upgt_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1267 { 1268 ni->ni_txrate = 0; 1269 } 1270 1271 int 1272 upgt_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1273 { 1274 struct upgt_softc *sc = ic->ic_if.if_softc; 1275 1276 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 1277 timeout_del(&sc->scan_to); 1278 1279 /* do it in a process context */ 1280 sc->sc_state = nstate; 1281 sc->sc_arg = arg; 1282 usb_add_task(sc->sc_udev, &sc->sc_task_newstate); 1283 1284 return (0); 1285 } 1286 1287 void 1288 upgt_newstate_task(void *arg) 1289 { 1290 struct upgt_softc *sc = arg; 1291 struct ieee80211com *ic = &sc->sc_ic; 1292 struct ieee80211_node *ni; 1293 unsigned channel; 1294 1295 switch (sc->sc_state) { 1296 case IEEE80211_S_INIT: 1297 DPRINTF(1, "%s: newstate is IEEE80211_S_INIT\n", 1298 sc->sc_dev.dv_xname); 1299 1300 /* do not accept any frames if the device is down */ 1301 upgt_set_macfilter(sc, IEEE80211_S_INIT); 1302 upgt_set_led(sc, UPGT_LED_OFF); 1303 break; 1304 case IEEE80211_S_SCAN: 1305 DPRINTF(1, "%s: newstate is IEEE80211_S_SCAN\n", 1306 sc->sc_dev.dv_xname); 1307 1308 channel = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1309 upgt_set_channel(sc, channel); 1310 timeout_add_msec(&sc->scan_to, 200); 1311 break; 1312 case IEEE80211_S_AUTH: 1313 DPRINTF(1, "%s: newstate is IEEE80211_S_AUTH\n", 1314 sc->sc_dev.dv_xname); 1315 1316 channel = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1317 upgt_set_channel(sc, channel); 1318 break; 1319 case IEEE80211_S_ASSOC: 1320 DPRINTF(1, "%s: newstate is IEEE80211_S_ASSOC\n", 1321 sc->sc_dev.dv_xname); 1322 break; 1323 case IEEE80211_S_RUN: 1324 DPRINTF(1, "%s: newstate is IEEE80211_S_RUN\n", 1325 sc->sc_dev.dv_xname); 1326 1327 ni = ic->ic_bss; 1328 1329 /* 1330 * TX rate control is done by the firmware. 1331 * Report the maximum rate which is available therefore. 1332 */ 1333 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 1334 1335 if (ic->ic_opmode != IEEE80211_M_MONITOR) 1336 upgt_set_macfilter(sc, IEEE80211_S_RUN); 1337 upgt_set_led(sc, UPGT_LED_ON); 1338 break; 1339 } 1340 1341 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 1342 } 1343 1344 void 1345 upgt_next_scan(void *arg) 1346 { 1347 struct upgt_softc *sc = arg; 1348 struct ieee80211com *ic = &sc->sc_ic; 1349 struct ifnet *ifp = &ic->ic_if; 1350 1351 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1352 1353 if (ic->ic_state == IEEE80211_S_SCAN) 1354 ieee80211_next_scan(ifp); 1355 } 1356 1357 void 1358 upgt_start(struct ifnet *ifp) 1359 { 1360 struct upgt_softc *sc = ifp->if_softc; 1361 struct ieee80211com *ic = &sc->sc_ic; 1362 struct ieee80211_node *ni; 1363 struct mbuf *m; 1364 int i; 1365 1366 /* don't transmit packets if interface is busy or down */ 1367 if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(&ifp->if_snd)) 1368 return; 1369 1370 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1371 1372 for (i = 0; i < UPGT_TX_COUNT; i++) { 1373 struct upgt_data *data_tx = &sc->tx_data[i]; 1374 1375 m = mq_dequeue(&ic->ic_mgtq); 1376 if (m != NULL) { 1377 /* management frame */ 1378 ni = m->m_pkthdr.ph_cookie; 1379 #if NBPFILTER > 0 1380 if (ic->ic_rawbpf != NULL) 1381 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1382 #endif 1383 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1384 printf("%s: no free prism memory!\n", 1385 sc->sc_dev.dv_xname); 1386 return; 1387 } 1388 data_tx->ni = ni; 1389 data_tx->m = m; 1390 sc->tx_queued++; 1391 } else { 1392 /* data frame */ 1393 if (ic->ic_state != IEEE80211_S_RUN) 1394 break; 1395 1396 IFQ_DEQUEUE(&ifp->if_snd, m); 1397 if (m == NULL) 1398 break; 1399 1400 #if NBPFILTER > 0 1401 if (ifp->if_bpf != NULL) 1402 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1403 #endif 1404 m = ieee80211_encap(ifp, m, &ni); 1405 if (m == NULL) 1406 continue; 1407 #if NBPFILTER > 0 1408 if (ic->ic_rawbpf != NULL) 1409 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1410 #endif 1411 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1412 printf("%s: no free prism memory!\n", 1413 sc->sc_dev.dv_xname); 1414 return; 1415 } 1416 data_tx->ni = ni; 1417 data_tx->m = m; 1418 sc->tx_queued++; 1419 } 1420 } 1421 1422 if (sc->tx_queued > 0) { 1423 DPRINTF(2, "%s: tx_queued=%d\n", 1424 sc->sc_dev.dv_xname, sc->tx_queued); 1425 /* process the TX queue in process context */ 1426 ifp->if_timer = 5; 1427 ifq_set_oactive(&ifp->if_snd); 1428 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 1429 usb_add_task(sc->sc_udev, &sc->sc_task_tx); 1430 } 1431 } 1432 1433 void 1434 upgt_watchdog(struct ifnet *ifp) 1435 { 1436 struct upgt_softc *sc = ifp->if_softc; 1437 struct ieee80211com *ic = &sc->sc_ic; 1438 1439 if (ic->ic_state == IEEE80211_S_INIT) 1440 return; 1441 1442 printf("%s: watchdog timeout!\n", sc->sc_dev.dv_xname); 1443 1444 /* TODO: what shall we do on TX timeout? */ 1445 1446 ieee80211_watchdog(ifp); 1447 } 1448 1449 void 1450 upgt_tx_task(void *arg) 1451 { 1452 struct upgt_softc *sc = arg; 1453 struct ieee80211com *ic = &sc->sc_ic; 1454 struct ieee80211_frame *wh; 1455 struct ieee80211_key *k; 1456 struct upgt_lmac_mem *mem; 1457 struct upgt_lmac_tx_desc *txdesc; 1458 struct mbuf *m; 1459 uint32_t addr; 1460 int len, i, s; 1461 usbd_status error; 1462 1463 s = splusb(); 1464 1465 upgt_set_led(sc, UPGT_LED_BLINK); 1466 1467 for (i = 0; i < UPGT_TX_COUNT; i++) { 1468 struct upgt_data *data_tx = &sc->tx_data[i]; 1469 1470 if (data_tx->m == NULL) { 1471 DPRINTF(2, "%s: %d: m is NULL\n", 1472 sc->sc_dev.dv_xname, i); 1473 continue; 1474 } 1475 1476 m = data_tx->m; 1477 addr = data_tx->addr + UPGT_MEMSIZE_FRAME_HEAD; 1478 1479 /* 1480 * Software crypto. 1481 */ 1482 wh = mtod(m, struct ieee80211_frame *); 1483 1484 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1485 k = ieee80211_get_txkey(ic, wh, ic->ic_bss); 1486 1487 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) { 1488 splx(s); 1489 return; 1490 } 1491 1492 /* in case packet header moved, reset pointer */ 1493 wh = mtod(m, struct ieee80211_frame *); 1494 } 1495 1496 /* 1497 * Transmit the URB containing the TX data. 1498 */ 1499 bzero(data_tx->buf, MCLBYTES); 1500 1501 mem = (struct upgt_lmac_mem *)data_tx->buf; 1502 mem->addr = htole32(addr); 1503 1504 txdesc = (struct upgt_lmac_tx_desc *)(mem + 1); 1505 1506 /* XXX differ between data and mgmt frames? */ 1507 txdesc->header1.flags = UPGT_H1_FLAGS_TX_DATA; 1508 txdesc->header1.type = UPGT_H1_TYPE_TX_DATA; 1509 txdesc->header1.len = htole16(m->m_pkthdr.len); 1510 1511 txdesc->header2.reqid = htole32(data_tx->addr); 1512 txdesc->header2.type = htole16(UPGT_H2_TYPE_TX_ACK_YES); 1513 txdesc->header2.flags = htole16(UPGT_H2_FLAGS_TX_ACK_YES); 1514 1515 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1516 IEEE80211_FC0_TYPE_MGT) { 1517 /* always send mgmt frames at lowest rate (DS1) */ 1518 memset(txdesc->rates, 0x10, sizeof(txdesc->rates)); 1519 } else { 1520 bcopy(sc->sc_cur_rateset, txdesc->rates, 1521 sizeof(txdesc->rates)); 1522 } 1523 txdesc->type = htole32(UPGT_TX_DESC_TYPE_DATA); 1524 txdesc->pad3[0] = UPGT_TX_DESC_PAD3_SIZE; 1525 1526 #if NBPFILTER > 0 1527 if (sc->sc_drvbpf != NULL) { 1528 struct mbuf mb; 1529 struct upgt_tx_radiotap_header *tap = &sc->sc_txtap; 1530 1531 tap->wt_flags = 0; 1532 tap->wt_rate = 0; /* TODO: where to get from? */ 1533 tap->wt_chan_freq = 1534 htole16(ic->ic_bss->ni_chan->ic_freq); 1535 tap->wt_chan_flags = 1536 htole16(ic->ic_bss->ni_chan->ic_flags); 1537 1538 mb.m_data = (caddr_t)tap; 1539 mb.m_len = sc->sc_txtap_len; 1540 mb.m_next = m; 1541 mb.m_nextpkt = NULL; 1542 mb.m_type = 0; 1543 mb.m_flags = 0; 1544 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1545 } 1546 #endif 1547 /* copy frame below our TX descriptor header */ 1548 m_copydata(m, 0, m->m_pkthdr.len, 1549 data_tx->buf + (sizeof(*mem) + sizeof(*txdesc))); 1550 1551 /* calculate frame size */ 1552 len = sizeof(*mem) + sizeof(*txdesc) + m->m_pkthdr.len; 1553 1554 /* we need to align the frame to a 4 byte boundary */ 1555 len = (len + 3) & ~3; 1556 1557 /* calculate frame checksum */ 1558 mem->chksum = upgt_chksum_le((uint32_t *)txdesc, 1559 len - sizeof(*mem)); 1560 1561 /* we do not need the mbuf anymore */ 1562 m_freem(m); 1563 data_tx->m = NULL; 1564 1565 DPRINTF(2, "%s: TX start data sending\n", sc->sc_dev.dv_xname); 1566 1567 usbd_setup_xfer(data_tx->xfer, sc->sc_tx_pipeh, data_tx, 1568 data_tx->buf, len, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 1569 UPGT_USB_TIMEOUT, NULL); 1570 error = usbd_transfer(data_tx->xfer); 1571 if (error != 0 && error != USBD_IN_PROGRESS) { 1572 printf("%s: could not transmit TX data URB!\n", 1573 sc->sc_dev.dv_xname); 1574 splx(s); 1575 return; 1576 } 1577 1578 DPRINTF(2, "%s: TX sent (%d bytes)\n", 1579 sc->sc_dev.dv_xname, len); 1580 } 1581 1582 /* 1583 * If we don't regulary read the device statistics, the RX queue 1584 * will stall. It's strange, but it works, so we keep reading 1585 * the statistics here. *shrug* 1586 */ 1587 upgt_get_stats(sc); 1588 1589 splx(s); 1590 } 1591 1592 void 1593 upgt_tx_done(struct upgt_softc *sc, uint8_t *data) 1594 { 1595 struct ieee80211com *ic = &sc->sc_ic; 1596 struct ifnet *ifp = &ic->ic_if; 1597 struct upgt_lmac_tx_done_desc *desc; 1598 int i, s; 1599 1600 s = splnet(); 1601 1602 desc = (struct upgt_lmac_tx_done_desc *)data; 1603 1604 for (i = 0; i < UPGT_TX_COUNT; i++) { 1605 struct upgt_data *data_tx = &sc->tx_data[i]; 1606 1607 if (data_tx->addr == letoh32(desc->header2.reqid)) { 1608 upgt_mem_free(sc, data_tx->addr); 1609 ieee80211_release_node(ic, data_tx->ni); 1610 data_tx->ni = NULL; 1611 data_tx->addr = 0; 1612 1613 sc->tx_queued--; 1614 ifp->if_opackets++; 1615 1616 DPRINTF(2, "%s: TX done: ", sc->sc_dev.dv_xname); 1617 DPRINTF(2, "memaddr=0x%08x, status=0x%04x, rssi=%d, ", 1618 letoh32(desc->header2.reqid), 1619 letoh16(desc->status), 1620 letoh16(desc->rssi)); 1621 DPRINTF(2, "seq=%d\n", letoh16(desc->seq)); 1622 break; 1623 } 1624 } 1625 1626 if (sc->tx_queued == 0) { 1627 /* TX queued was processed, continue */ 1628 ifp->if_timer = 0; 1629 ifq_clr_oactive(&ifp->if_snd); 1630 upgt_start(ifp); 1631 } 1632 1633 splx(s); 1634 } 1635 1636 void 1637 upgt_rx_cb(struct usbd_xfer *xfer, void *priv, usbd_status status) 1638 { 1639 struct upgt_data *data_rx = priv; 1640 struct upgt_softc *sc = data_rx->sc; 1641 int len; 1642 struct upgt_lmac_header *header; 1643 struct upgt_lmac_eeprom *eeprom; 1644 uint8_t h1_type; 1645 uint16_t h2_type; 1646 1647 DPRINTF(3, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1648 1649 if (status != USBD_NORMAL_COMPLETION) { 1650 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1651 return; 1652 if (status == USBD_STALLED) 1653 usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh); 1654 goto skip; 1655 } 1656 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1657 1658 /* 1659 * Check what type of frame came in. 1660 */ 1661 header = (struct upgt_lmac_header *)(data_rx->buf + 4); 1662 1663 h1_type = header->header1.type; 1664 h2_type = letoh16(header->header2.type); 1665 1666 if (h1_type == UPGT_H1_TYPE_CTRL && 1667 h2_type == UPGT_H2_TYPE_EEPROM) { 1668 eeprom = (struct upgt_lmac_eeprom *)(data_rx->buf + 4); 1669 uint16_t eeprom_offset = letoh16(eeprom->offset); 1670 uint16_t eeprom_len = letoh16(eeprom->len); 1671 1672 DPRINTF(2, "%s: received EEPROM block (offset=%d, len=%d)\n", 1673 sc->sc_dev.dv_xname, eeprom_offset, eeprom_len); 1674 1675 bcopy(data_rx->buf + sizeof(struct upgt_lmac_eeprom) + 4, 1676 sc->sc_eeprom + eeprom_offset, eeprom_len); 1677 1678 /* EEPROM data has arrived in time, wakeup tsleep() */ 1679 wakeup(sc); 1680 } else 1681 if (h1_type == UPGT_H1_TYPE_CTRL && 1682 h2_type == UPGT_H2_TYPE_TX_DONE) { 1683 DPRINTF(2, "%s: received 802.11 TX done\n", 1684 sc->sc_dev.dv_xname); 1685 1686 upgt_tx_done(sc, data_rx->buf + 4); 1687 } else 1688 if (h1_type == UPGT_H1_TYPE_RX_DATA || 1689 h1_type == UPGT_H1_TYPE_RX_DATA_MGMT) { 1690 DPRINTF(3, "%s: received 802.11 RX data\n", 1691 sc->sc_dev.dv_xname); 1692 1693 upgt_rx(sc, data_rx->buf + 4, letoh16(header->header1.len)); 1694 } else 1695 if (h1_type == UPGT_H1_TYPE_CTRL && 1696 h2_type == UPGT_H2_TYPE_STATS) { 1697 DPRINTF(2, "%s: received statistic data\n", 1698 sc->sc_dev.dv_xname); 1699 1700 /* TODO: what could we do with the statistic data? */ 1701 } else { 1702 /* ignore unknown frame types */ 1703 DPRINTF(1, "%s: received unknown frame type 0x%02x\n", 1704 sc->sc_dev.dv_xname, header->header1.type); 1705 } 1706 1707 skip: /* setup new transfer */ 1708 usbd_setup_xfer(xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, MCLBYTES, 1709 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 1710 (void)usbd_transfer(xfer); 1711 } 1712 1713 void 1714 upgt_rx(struct upgt_softc *sc, uint8_t *data, int pkglen) 1715 { 1716 struct ieee80211com *ic = &sc->sc_ic; 1717 struct ifnet *ifp = &ic->ic_if; 1718 struct upgt_lmac_rx_desc *rxdesc; 1719 struct ieee80211_frame *wh; 1720 struct ieee80211_rxinfo rxi; 1721 struct ieee80211_node *ni; 1722 struct mbuf *m; 1723 int s; 1724 1725 /* access RX packet descriptor */ 1726 rxdesc = (struct upgt_lmac_rx_desc *)data; 1727 1728 /* create mbuf which is suitable for strict alignment archs */ 1729 m = m_devget(rxdesc->data, pkglen, ETHER_ALIGN); 1730 if (m == NULL) { 1731 DPRINTF(1, "%s: could not create RX mbuf!\n", sc->sc_dev.dv_xname); 1732 ifp->if_ierrors++; 1733 return; 1734 } 1735 1736 s = splnet(); 1737 1738 #if NBPFILTER > 0 1739 if (sc->sc_drvbpf != NULL) { 1740 struct mbuf mb; 1741 struct upgt_rx_radiotap_header *tap = &sc->sc_rxtap; 1742 1743 tap->wr_flags = IEEE80211_RADIOTAP_F_FCS; 1744 tap->wr_rate = upgt_rx_rate(sc, rxdesc->rate); 1745 tap->wr_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1746 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1747 tap->wr_antsignal = rxdesc->rssi; 1748 1749 mb.m_data = (caddr_t)tap; 1750 mb.m_len = sc->sc_rxtap_len; 1751 mb.m_next = m; 1752 mb.m_nextpkt = NULL; 1753 mb.m_type = 0; 1754 mb.m_flags = 0; 1755 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1756 } 1757 #endif 1758 /* trim FCS */ 1759 m_adj(m, -IEEE80211_CRC_LEN); 1760 1761 wh = mtod(m, struct ieee80211_frame *); 1762 ni = ieee80211_find_rxnode(ic, wh); 1763 1764 /* push the frame up to the 802.11 stack */ 1765 rxi.rxi_flags = 0; 1766 rxi.rxi_rssi = rxdesc->rssi; 1767 rxi.rxi_tstamp = 0; /* unused */ 1768 ieee80211_input(ifp, m, ni, &rxi); 1769 1770 /* node is no longer needed */ 1771 ieee80211_release_node(ic, ni); 1772 1773 splx(s); 1774 1775 DPRINTF(3, "%s: RX done\n", sc->sc_dev.dv_xname); 1776 } 1777 1778 void 1779 upgt_setup_rates(struct upgt_softc *sc) 1780 { 1781 struct ieee80211com *ic = &sc->sc_ic; 1782 1783 /* 1784 * 0x01 = OFMD6 0x10 = DS1 1785 * 0x04 = OFDM9 0x11 = DS2 1786 * 0x06 = OFDM12 0x12 = DS5 1787 * 0x07 = OFDM18 0x13 = DS11 1788 * 0x08 = OFDM24 1789 * 0x09 = OFDM36 1790 * 0x0a = OFDM48 1791 * 0x0b = OFDM54 1792 */ 1793 const uint8_t rateset_auto_11b[] = 1794 { 0x13, 0x13, 0x12, 0x11, 0x11, 0x10, 0x10, 0x10 }; 1795 const uint8_t rateset_auto_11g[] = 1796 { 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x04, 0x01 }; 1797 const uint8_t rateset_fix_11bg[] = 1798 { 0x10, 0x11, 0x12, 0x13, 0x01, 0x04, 0x06, 0x07, 1799 0x08, 0x09, 0x0a, 0x0b }; 1800 1801 if (ic->ic_fixed_rate == -1) { 1802 /* 1803 * Automatic rate control is done by the device. 1804 * We just pass the rateset from which the device 1805 * will pickup a rate. 1806 */ 1807 if (ic->ic_curmode == IEEE80211_MODE_11B) 1808 bcopy(rateset_auto_11b, sc->sc_cur_rateset, 1809 sizeof(sc->sc_cur_rateset)); 1810 if (ic->ic_curmode == IEEE80211_MODE_11G || 1811 ic->ic_curmode == IEEE80211_MODE_AUTO) 1812 bcopy(rateset_auto_11g, sc->sc_cur_rateset, 1813 sizeof(sc->sc_cur_rateset)); 1814 } else { 1815 /* set a fixed rate */ 1816 memset(sc->sc_cur_rateset, rateset_fix_11bg[ic->ic_fixed_rate], 1817 sizeof(sc->sc_cur_rateset)); 1818 } 1819 } 1820 1821 uint8_t 1822 upgt_rx_rate(struct upgt_softc *sc, const int rate) 1823 { 1824 struct ieee80211com *ic = &sc->sc_ic; 1825 1826 if (ic->ic_curmode == IEEE80211_MODE_11B) { 1827 if (rate < 0 || rate > 3) 1828 /* invalid rate */ 1829 return (0); 1830 1831 switch (rate) { 1832 case 0: 1833 return (2); 1834 case 1: 1835 return (4); 1836 case 2: 1837 return (11); 1838 case 3: 1839 return (22); 1840 default: 1841 return (0); 1842 } 1843 } 1844 1845 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1846 if (rate < 0 || rate > 11) 1847 /* invalid rate */ 1848 return (0); 1849 1850 switch (rate) { 1851 case 0: 1852 return (2); 1853 case 1: 1854 return (4); 1855 case 2: 1856 return (11); 1857 case 3: 1858 return (22); 1859 case 4: 1860 return (12); 1861 case 5: 1862 return (18); 1863 case 6: 1864 return (24); 1865 case 7: 1866 return (36); 1867 case 8: 1868 return (48); 1869 case 9: 1870 return (72); 1871 case 10: 1872 return (96); 1873 case 11: 1874 return (108); 1875 default: 1876 return (0); 1877 } 1878 } 1879 1880 return (0); 1881 } 1882 1883 int 1884 upgt_set_macfilter(struct upgt_softc *sc, uint8_t state) 1885 { 1886 struct ieee80211com *ic = &sc->sc_ic; 1887 struct ieee80211_node *ni = ic->ic_bss; 1888 struct upgt_data *data_cmd = &sc->cmd_data; 1889 struct upgt_lmac_mem *mem; 1890 struct upgt_lmac_filter *filter; 1891 int len; 1892 uint8_t broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1893 1894 /* 1895 * Transmit the URB containing the CMD data. 1896 */ 1897 bzero(data_cmd->buf, MCLBYTES); 1898 1899 mem = (struct upgt_lmac_mem *)data_cmd->buf; 1900 mem->addr = htole32(sc->sc_memaddr_frame_start + 1901 UPGT_MEMSIZE_FRAME_HEAD); 1902 1903 filter = (struct upgt_lmac_filter *)(mem + 1); 1904 1905 filter->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 1906 filter->header1.type = UPGT_H1_TYPE_CTRL; 1907 filter->header1.len = htole16( 1908 sizeof(struct upgt_lmac_filter) - 1909 sizeof(struct upgt_lmac_header)); 1910 1911 filter->header2.reqid = htole32(sc->sc_memaddr_frame_start); 1912 filter->header2.type = htole16(UPGT_H2_TYPE_MACFILTER); 1913 filter->header2.flags = 0; 1914 1915 switch (state) { 1916 case IEEE80211_S_INIT: 1917 DPRINTF(1, "%s: set MAC filter to INIT\n", 1918 sc->sc_dev.dv_xname); 1919 1920 filter->type = htole16(UPGT_FILTER_TYPE_RESET); 1921 break; 1922 case IEEE80211_S_SCAN: 1923 DPRINTF(1, "%s: set MAC filter to SCAN (bssid %s)\n", 1924 sc->sc_dev.dv_xname, ether_sprintf(broadcast)); 1925 1926 filter->type = htole16(UPGT_FILTER_TYPE_NONE); 1927 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 1928 IEEE80211_ADDR_COPY(filter->src, broadcast); 1929 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 1930 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 1931 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 1932 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 1933 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 1934 break; 1935 case IEEE80211_S_RUN: 1936 DPRINTF(1, "%s: set MAC filter to RUN (bssid %s)\n", 1937 sc->sc_dev.dv_xname, ether_sprintf(ni->ni_bssid)); 1938 1939 filter->type = htole16(UPGT_FILTER_TYPE_STA); 1940 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 1941 IEEE80211_ADDR_COPY(filter->src, ni->ni_bssid); 1942 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 1943 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 1944 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 1945 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 1946 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 1947 break; 1948 default: 1949 printf("%s: MAC filter does not know that state!\n", 1950 sc->sc_dev.dv_xname); 1951 break; 1952 } 1953 1954 len = sizeof(*mem) + sizeof(*filter); 1955 1956 mem->chksum = upgt_chksum_le((uint32_t *)filter, 1957 len - sizeof(*mem)); 1958 1959 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 1960 printf("%s: could not transmit macfilter CMD data URB!\n", 1961 sc->sc_dev.dv_xname); 1962 return (EIO); 1963 } 1964 1965 return (0); 1966 } 1967 1968 int 1969 upgt_set_channel(struct upgt_softc *sc, unsigned channel) 1970 { 1971 struct upgt_data *data_cmd = &sc->cmd_data; 1972 struct upgt_lmac_mem *mem; 1973 struct upgt_lmac_channel *chan; 1974 int len; 1975 1976 DPRINTF(1, "%s: %s: %d\n", sc->sc_dev.dv_xname, __func__, channel); 1977 1978 /* 1979 * Transmit the URB containing the CMD data. 1980 */ 1981 bzero(data_cmd->buf, MCLBYTES); 1982 1983 mem = (struct upgt_lmac_mem *)data_cmd->buf; 1984 mem->addr = htole32(sc->sc_memaddr_frame_start + 1985 UPGT_MEMSIZE_FRAME_HEAD); 1986 1987 chan = (struct upgt_lmac_channel *)(mem + 1); 1988 1989 chan->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 1990 chan->header1.type = UPGT_H1_TYPE_CTRL; 1991 chan->header1.len = htole16( 1992 sizeof(struct upgt_lmac_channel) - 1993 sizeof(struct upgt_lmac_header)); 1994 1995 chan->header2.reqid = htole32(sc->sc_memaddr_frame_start); 1996 chan->header2.type = htole16(UPGT_H2_TYPE_CHANNEL); 1997 chan->header2.flags = 0; 1998 1999 chan->unknown1 = htole16(UPGT_CHANNEL_UNKNOWN1); 2000 chan->unknown2 = htole16(UPGT_CHANNEL_UNKNOWN2); 2001 chan->freq6 = sc->sc_eeprom_freq6[channel]; 2002 chan->settings = sc->sc_eeprom_freq6_settings; 2003 chan->unknown3 = UPGT_CHANNEL_UNKNOWN3; 2004 2005 bcopy(&sc->sc_eeprom_freq3[channel].data, chan->freq3_1, 2006 sizeof(chan->freq3_1)); 2007 2008 bcopy(&sc->sc_eeprom_freq4[channel], chan->freq4, 2009 sizeof(sc->sc_eeprom_freq4[channel])); 2010 2011 bcopy(&sc->sc_eeprom_freq3[channel].data, chan->freq3_2, 2012 sizeof(chan->freq3_2)); 2013 2014 len = sizeof(*mem) + sizeof(*chan); 2015 2016 mem->chksum = upgt_chksum_le((uint32_t *)chan, 2017 len - sizeof(*mem)); 2018 2019 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2020 printf("%s: could not transmit channel CMD data URB!\n", 2021 sc->sc_dev.dv_xname); 2022 return (EIO); 2023 } 2024 2025 return (0); 2026 } 2027 2028 void 2029 upgt_set_led(struct upgt_softc *sc, int action) 2030 { 2031 struct ieee80211com *ic = &sc->sc_ic; 2032 struct upgt_data *data_cmd = &sc->cmd_data; 2033 struct upgt_lmac_mem *mem; 2034 struct upgt_lmac_led *led; 2035 struct timeval t; 2036 int len; 2037 2038 /* 2039 * Transmit the URB containing the CMD data. 2040 */ 2041 bzero(data_cmd->buf, MCLBYTES); 2042 2043 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2044 mem->addr = htole32(sc->sc_memaddr_frame_start + 2045 UPGT_MEMSIZE_FRAME_HEAD); 2046 2047 led = (struct upgt_lmac_led *)(mem + 1); 2048 2049 led->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2050 led->header1.type = UPGT_H1_TYPE_CTRL; 2051 led->header1.len = htole16( 2052 sizeof(struct upgt_lmac_led) - 2053 sizeof(struct upgt_lmac_header)); 2054 2055 led->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2056 led->header2.type = htole16(UPGT_H2_TYPE_LED); 2057 led->header2.flags = 0; 2058 2059 switch (action) { 2060 case UPGT_LED_OFF: 2061 led->mode = htole16(UPGT_LED_MODE_SET); 2062 led->action_fix = 0; 2063 led->action_tmp = htole16(UPGT_LED_ACTION_OFF); 2064 led->action_tmp_dur = 0; 2065 break; 2066 case UPGT_LED_ON: 2067 led->mode = htole16(UPGT_LED_MODE_SET); 2068 led->action_fix = 0; 2069 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2070 led->action_tmp_dur = 0; 2071 break; 2072 case UPGT_LED_BLINK: 2073 if (ic->ic_state != IEEE80211_S_RUN) 2074 return; 2075 if (sc->sc_led_blink) 2076 /* previous blink was not finished */ 2077 return; 2078 led->mode = htole16(UPGT_LED_MODE_SET); 2079 led->action_fix = htole16(UPGT_LED_ACTION_OFF); 2080 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2081 led->action_tmp_dur = htole16(UPGT_LED_ACTION_TMP_DUR); 2082 /* lock blink */ 2083 sc->sc_led_blink = 1; 2084 t.tv_sec = 0; 2085 t.tv_usec = UPGT_LED_ACTION_TMP_DUR * 1000L; 2086 timeout_add(&sc->led_to, tvtohz(&t)); 2087 break; 2088 default: 2089 return; 2090 } 2091 2092 len = sizeof(*mem) + sizeof(*led); 2093 2094 mem->chksum = upgt_chksum_le((uint32_t *)led, 2095 len - sizeof(*mem)); 2096 2097 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2098 printf("%s: could not transmit led CMD URB!\n", 2099 sc->sc_dev.dv_xname); 2100 } 2101 } 2102 2103 void 2104 upgt_set_led_blink(void *arg) 2105 { 2106 struct upgt_softc *sc = arg; 2107 2108 /* blink finished, we are ready for a next one */ 2109 sc->sc_led_blink = 0; 2110 timeout_del(&sc->led_to); 2111 } 2112 2113 int 2114 upgt_get_stats(struct upgt_softc *sc) 2115 { 2116 struct upgt_data *data_cmd = &sc->cmd_data; 2117 struct upgt_lmac_mem *mem; 2118 struct upgt_lmac_stats *stats; 2119 int len; 2120 2121 /* 2122 * Transmit the URB containing the CMD data. 2123 */ 2124 bzero(data_cmd->buf, MCLBYTES); 2125 2126 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2127 mem->addr = htole32(sc->sc_memaddr_frame_start + 2128 UPGT_MEMSIZE_FRAME_HEAD); 2129 2130 stats = (struct upgt_lmac_stats *)(mem + 1); 2131 2132 stats->header1.flags = 0; 2133 stats->header1.type = UPGT_H1_TYPE_CTRL; 2134 stats->header1.len = htole16( 2135 sizeof(struct upgt_lmac_stats) - 2136 sizeof(struct upgt_lmac_header)); 2137 2138 stats->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2139 stats->header2.type = htole16(UPGT_H2_TYPE_STATS); 2140 stats->header2.flags = 0; 2141 2142 len = sizeof(*mem) + sizeof(*stats); 2143 2144 mem->chksum = upgt_chksum_le((uint32_t *)stats, 2145 len - sizeof(*mem)); 2146 2147 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2148 printf("%s: could not transmit statistics CMD data URB!\n", 2149 sc->sc_dev.dv_xname); 2150 return (EIO); 2151 } 2152 2153 return (0); 2154 2155 } 2156 2157 int 2158 upgt_alloc_tx(struct upgt_softc *sc) 2159 { 2160 int i; 2161 2162 sc->tx_queued = 0; 2163 2164 for (i = 0; i < UPGT_TX_COUNT; i++) { 2165 struct upgt_data *data_tx = &sc->tx_data[i]; 2166 2167 data_tx->sc = sc; 2168 2169 data_tx->xfer = usbd_alloc_xfer(sc->sc_udev); 2170 if (data_tx->xfer == NULL) { 2171 printf("%s: could not allocate TX xfer!\n", 2172 sc->sc_dev.dv_xname); 2173 return (ENOMEM); 2174 } 2175 2176 data_tx->buf = usbd_alloc_buffer(data_tx->xfer, MCLBYTES); 2177 if (data_tx->buf == NULL) { 2178 printf("%s: could not allocate TX buffer!\n", 2179 sc->sc_dev.dv_xname); 2180 return (ENOMEM); 2181 } 2182 2183 bzero(data_tx->buf, MCLBYTES); 2184 } 2185 2186 return (0); 2187 } 2188 2189 int 2190 upgt_alloc_rx(struct upgt_softc *sc) 2191 { 2192 struct upgt_data *data_rx = &sc->rx_data; 2193 2194 data_rx->sc = sc; 2195 2196 data_rx->xfer = usbd_alloc_xfer(sc->sc_udev); 2197 if (data_rx->xfer == NULL) { 2198 printf("%s: could not allocate RX xfer!\n", 2199 sc->sc_dev.dv_xname); 2200 return (ENOMEM); 2201 } 2202 2203 data_rx->buf = usbd_alloc_buffer(data_rx->xfer, MCLBYTES); 2204 if (data_rx->buf == NULL) { 2205 printf("%s: could not allocate RX buffer!\n", 2206 sc->sc_dev.dv_xname); 2207 return (ENOMEM); 2208 } 2209 2210 bzero(data_rx->buf, MCLBYTES); 2211 2212 return (0); 2213 } 2214 2215 int 2216 upgt_alloc_cmd(struct upgt_softc *sc) 2217 { 2218 struct upgt_data *data_cmd = &sc->cmd_data; 2219 2220 data_cmd->sc = sc; 2221 2222 data_cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 2223 if (data_cmd->xfer == NULL) { 2224 printf("%s: could not allocate RX xfer!\n", 2225 sc->sc_dev.dv_xname); 2226 return (ENOMEM); 2227 } 2228 2229 data_cmd->buf = usbd_alloc_buffer(data_cmd->xfer, MCLBYTES); 2230 if (data_cmd->buf == NULL) { 2231 printf("%s: could not allocate RX buffer!\n", 2232 sc->sc_dev.dv_xname); 2233 return (ENOMEM); 2234 } 2235 2236 bzero(data_cmd->buf, MCLBYTES); 2237 2238 return (0); 2239 } 2240 2241 void 2242 upgt_free_tx(struct upgt_softc *sc) 2243 { 2244 int i; 2245 2246 for (i = 0; i < UPGT_TX_COUNT; i++) { 2247 struct upgt_data *data_tx = &sc->tx_data[i]; 2248 2249 if (data_tx->xfer != NULL) { 2250 usbd_free_xfer(data_tx->xfer); 2251 data_tx->xfer = NULL; 2252 } 2253 2254 data_tx->ni = NULL; 2255 } 2256 } 2257 2258 void 2259 upgt_free_rx(struct upgt_softc *sc) 2260 { 2261 struct upgt_data *data_rx = &sc->rx_data; 2262 2263 if (data_rx->xfer != NULL) { 2264 usbd_free_xfer(data_rx->xfer); 2265 data_rx->xfer = NULL; 2266 } 2267 2268 data_rx->ni = NULL; 2269 } 2270 2271 void 2272 upgt_free_cmd(struct upgt_softc *sc) 2273 { 2274 struct upgt_data *data_cmd = &sc->cmd_data; 2275 2276 if (data_cmd->xfer != NULL) { 2277 usbd_free_xfer(data_cmd->xfer); 2278 data_cmd->xfer = NULL; 2279 } 2280 } 2281 2282 int 2283 upgt_bulk_xmit(struct upgt_softc *sc, struct upgt_data *data, 2284 struct usbd_pipe *pipeh, uint32_t *size, int flags) 2285 { 2286 usbd_status status; 2287 2288 usbd_setup_xfer(data->xfer, pipeh, 0, data->buf, *size, 2289 USBD_NO_COPY | USBD_SYNCHRONOUS | flags, UPGT_USB_TIMEOUT, NULL); 2290 status = usbd_transfer(data->xfer); 2291 if (status != USBD_NORMAL_COMPLETION) { 2292 printf("%s: %s: error %s!\n", 2293 sc->sc_dev.dv_xname, __func__, usbd_errstr(status)); 2294 return (EIO); 2295 } 2296 2297 return (0); 2298 } 2299 2300 void 2301 upgt_hexdump(void *buf, int len) 2302 { 2303 int i; 2304 2305 for (i = 0; i < len; i++) { 2306 if (i % 16 == 0) 2307 printf("%s%5i:", i ? "\n" : "", i); 2308 if (i % 4 == 0) 2309 printf(" "); 2310 printf("%02x", (int)*((u_char *)buf + i)); 2311 } 2312 printf("\n"); 2313 } 2314 2315 uint32_t 2316 upgt_crc32_le(const void *buf, size_t size) 2317 { 2318 uint32_t crc; 2319 2320 crc = ether_crc32_le(buf, size); 2321 2322 /* apply final XOR value as common for CRC-32 */ 2323 crc = htole32(crc ^ 0xffffffffU); 2324 2325 return (crc); 2326 } 2327 2328 /* 2329 * The firmware awaits a checksum for each frame we send to it. 2330 * The algorithm used therefor is uncommon but somehow similar to CRC32. 2331 */ 2332 uint32_t 2333 upgt_chksum_le(const uint32_t *buf, size_t size) 2334 { 2335 int i; 2336 uint32_t crc = 0; 2337 2338 for (i = 0; i < size; i += sizeof(uint32_t)) { 2339 crc = htole32(crc ^ *buf++); 2340 crc = htole32((crc >> 5) ^ (crc << 3)); 2341 } 2342 2343 return (crc); 2344 } 2345