1 /* $OpenBSD: if_upgt.c,v 1.38 2008/08/27 10:34:24 damien Exp $ */ 2 3 /* 4 * Copyright (c) 2007 Marcus Glocker <mglocker@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include "bpfilter.h" 20 21 #include <sys/param.h> 22 #include <sys/sockio.h> 23 #include <sys/sysctl.h> 24 #include <sys/mbuf.h> 25 #include <sys/kernel.h> 26 #include <sys/socket.h> 27 #include <sys/systm.h> 28 #include <sys/timeout.h> 29 #include <sys/conf.h> 30 #include <sys/device.h> 31 32 #include <machine/bus.h> 33 #include <machine/endian.h> 34 #include <machine/intr.h> 35 36 #if NBPFILTER > 0 37 #include <net/bpf.h> 38 #endif 39 #include <net/if.h> 40 #include <net/if_arp.h> 41 #include <net/if_dl.h> 42 #include <net/if_media.h> 43 #include <net/if_types.h> 44 45 #include <netinet/in.h> 46 #include <netinet/in_systm.h> 47 #include <netinet/in_var.h> 48 #include <netinet/if_ether.h> 49 #include <netinet/ip.h> 50 51 #include <net80211/ieee80211_var.h> 52 #include <net80211/ieee80211_amrr.h> 53 #include <net80211/ieee80211_radiotap.h> 54 55 #include <dev/usb/usb.h> 56 #include <dev/usb/usbdi.h> 57 #include <dev/usb/usbdi_util.h> 58 #include <dev/usb/usbdevs.h> 59 60 #include <dev/usb/if_upgtvar.h> 61 62 /* 63 * Driver for the USB PrismGT devices. 64 * 65 * For now just USB 2.0 devices with the GW3887 chipset are supported. 66 * The driver has been written based on the firmware version 2.13.1.0_LM87. 67 * 68 * TODO's: 69 * - Fix MONITOR mode (MAC filter). 70 * - Add HOSTAP mode. 71 * - Add IBSS mode. 72 * - Support the USB 1.0 devices (NET2280, ISL3880, ISL3886 chipsets). 73 * 74 * Parts of this driver has been influenced by reading the p54u driver 75 * written by Jean-Baptiste Note <jean-baptiste.note@m4x.org> and 76 * Sebastien Bourdeauducq <lekernel@prism54.org>. 77 */ 78 79 #ifdef UPGT_DEBUG 80 int upgt_debug = 2; 81 #define DPRINTF(l, x...) do { if ((l) <= upgt_debug) printf(x); } while (0) 82 #else 83 #define DPRINTF(l, x...) 84 #endif 85 86 /* 87 * Prototypes. 88 */ 89 int upgt_match(struct device *, void *, void *); 90 void upgt_attach(struct device *, struct device *, void *); 91 void upgt_attach_hook(void *); 92 void upgt_shutdown_hook(void *); 93 int upgt_detach(struct device *, int); 94 int upgt_activate(struct device *, enum devact); 95 96 int upgt_device_type(struct upgt_softc *, uint16_t, uint16_t); 97 int upgt_device_init(struct upgt_softc *); 98 int upgt_mem_init(struct upgt_softc *); 99 uint32_t upgt_mem_alloc(struct upgt_softc *); 100 void upgt_mem_free(struct upgt_softc *, uint32_t); 101 int upgt_fw_alloc(struct upgt_softc *); 102 void upgt_fw_free(struct upgt_softc *); 103 int upgt_fw_verify(struct upgt_softc *); 104 int upgt_fw_load(struct upgt_softc *); 105 int upgt_fw_copy(char *, char *, int); 106 int upgt_eeprom_read(struct upgt_softc *); 107 int upgt_eeprom_parse(struct upgt_softc *); 108 void upgt_eeprom_parse_hwrx(struct upgt_softc *, uint8_t *); 109 void upgt_eeprom_parse_freq3(struct upgt_softc *, uint8_t *, int); 110 void upgt_eeprom_parse_freq4(struct upgt_softc *, uint8_t *, int); 111 void upgt_eeprom_parse_freq6(struct upgt_softc *, uint8_t *, int); 112 113 int upgt_ioctl(struct ifnet *, u_long, caddr_t); 114 int upgt_init(struct ifnet *); 115 void upgt_stop(struct upgt_softc *); 116 int upgt_media_change(struct ifnet *); 117 void upgt_newassoc(struct ieee80211com *, struct ieee80211_node *, 118 int); 119 int upgt_newstate(struct ieee80211com *, enum ieee80211_state, int); 120 void upgt_newstate_task(void *); 121 void upgt_next_scan(void *); 122 void upgt_start(struct ifnet *); 123 void upgt_watchdog(struct ifnet *); 124 void upgt_tx_task(void *); 125 void upgt_tx_done(struct upgt_softc *, uint8_t *); 126 void upgt_rx_cb(usbd_xfer_handle, usbd_private_handle, usbd_status); 127 void upgt_rx(struct upgt_softc *, uint8_t *, int); 128 void upgt_setup_rates(struct upgt_softc *); 129 uint8_t upgt_rx_rate(struct upgt_softc *, const int); 130 int upgt_set_macfilter(struct upgt_softc *, uint8_t state); 131 int upgt_set_channel(struct upgt_softc *, unsigned); 132 void upgt_set_led(struct upgt_softc *, int); 133 void upgt_set_led_blink(void *); 134 int upgt_get_stats(struct upgt_softc *); 135 136 int upgt_alloc_tx(struct upgt_softc *); 137 int upgt_alloc_rx(struct upgt_softc *); 138 int upgt_alloc_cmd(struct upgt_softc *); 139 void upgt_free_tx(struct upgt_softc *); 140 void upgt_free_rx(struct upgt_softc *); 141 void upgt_free_cmd(struct upgt_softc *); 142 int upgt_bulk_xmit(struct upgt_softc *, struct upgt_data *, 143 usbd_pipe_handle, uint32_t *, int); 144 145 void upgt_hexdump(void *, int); 146 uint32_t upgt_crc32_le(const void *, size_t); 147 uint32_t upgt_chksum_le(const uint32_t *, size_t); 148 149 struct cfdriver upgt_cd = { 150 NULL, "upgt", DV_IFNET 151 }; 152 153 const struct cfattach upgt_ca = { 154 sizeof(struct upgt_softc), 155 upgt_match, 156 upgt_attach, 157 upgt_detach, 158 upgt_activate, 159 }; 160 161 static const struct usb_devno upgt_devs_1[] = { 162 /* version 1 devices */ 163 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST120G } 164 }; 165 166 static const struct usb_devno upgt_devs_2[] = { 167 /* version 2 devices */ 168 { USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_PRISM_GT }, 169 { USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D7050 }, 170 { USB_VENDOR_CONCEPTRONIC, USB_PRODUCT_CONCEPTRONIC_PRISM_GT }, 171 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_1 }, 172 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_2 }, 173 { USB_VENDOR_FSC, USB_PRODUCT_FSC_E5400 }, 174 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_1 }, 175 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_2 }, 176 { USB_VENDOR_INTERSIL, USB_PRODUCT_INTERSIL_PRISM_GT }, 177 { USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WG111V2_2 }, 178 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG }, 179 { USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_UR045G }, 180 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_1 }, 181 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_2 }, 182 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_XG703A } 183 }; 184 185 int 186 upgt_match(struct device *parent, void *match, void *aux) 187 { 188 struct usb_attach_arg *uaa = aux; 189 190 if (uaa->iface != NULL) 191 return (UMATCH_NONE); 192 193 if (usb_lookup(upgt_devs_1, uaa->vendor, uaa->product) != NULL) 194 return (UMATCH_VENDOR_PRODUCT); 195 196 if (usb_lookup(upgt_devs_2, uaa->vendor, uaa->product) != NULL) 197 return (UMATCH_VENDOR_PRODUCT); 198 199 return (UMATCH_NONE); 200 } 201 202 void 203 upgt_attach(struct device *parent, struct device *self, void *aux) 204 { 205 struct upgt_softc *sc = (struct upgt_softc *)self; 206 struct usb_attach_arg *uaa = aux; 207 usb_interface_descriptor_t *id; 208 usb_endpoint_descriptor_t *ed; 209 usbd_status error; 210 int i; 211 212 /* 213 * Attach USB device. 214 */ 215 sc->sc_udev = uaa->device; 216 217 /* check device type */ 218 if (upgt_device_type(sc, uaa->vendor, uaa->product) != 0) 219 return; 220 221 /* set configuration number */ 222 if (usbd_set_config_no(sc->sc_udev, UPGT_CONFIG_NO, 0) != 0) { 223 printf("%s: could not set configuration no!\n", 224 sc->sc_dev.dv_xname); 225 return; 226 } 227 228 /* get the first interface handle */ 229 error = usbd_device2interface_handle(sc->sc_udev, UPGT_IFACE_INDEX, 230 &sc->sc_iface); 231 if (error != 0) { 232 printf("%s: could not get interface handle!\n", 233 sc->sc_dev.dv_xname); 234 return; 235 } 236 237 /* find endpoints */ 238 id = usbd_get_interface_descriptor(sc->sc_iface); 239 sc->sc_rx_no = sc->sc_tx_no = -1; 240 for (i = 0; i < id->bNumEndpoints; i++) { 241 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 242 if (ed == NULL) { 243 printf("%s: no endpoint descriptor for iface %d!\n", 244 sc->sc_dev.dv_xname, i); 245 return; 246 } 247 248 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 249 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 250 sc->sc_tx_no = ed->bEndpointAddress; 251 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 252 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 253 sc->sc_rx_no = ed->bEndpointAddress; 254 255 /* 256 * 0x01 TX pipe 257 * 0x81 RX pipe 258 * 259 * Deprecated scheme (not used with fw version >2.5.6.x): 260 * 0x02 TX MGMT pipe 261 * 0x82 TX MGMT pipe 262 */ 263 if (sc->sc_tx_no != -1 && sc->sc_rx_no != -1) 264 break; 265 } 266 if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) { 267 printf("%s: missing endpoint!\n", sc->sc_dev.dv_xname); 268 return; 269 } 270 271 /* setup tasks and timeouts */ 272 usb_init_task(&sc->sc_task_newstate, upgt_newstate_task, sc); 273 usb_init_task(&sc->sc_task_tx, upgt_tx_task, sc); 274 timeout_set(&sc->scan_to, upgt_next_scan, sc); 275 timeout_set(&sc->led_to, upgt_set_led_blink, sc); 276 277 /* 278 * Open TX and RX USB bulk pipes. 279 */ 280 error = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE, 281 &sc->sc_tx_pipeh); 282 if (error != 0) { 283 printf("%s: could not open TX pipe: %s!\n", 284 sc->sc_dev.dv_xname, usbd_errstr(error)); 285 goto fail; 286 } 287 error = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE, 288 &sc->sc_rx_pipeh); 289 if (error != 0) { 290 printf("%s: could not open RX pipe: %s!\n", 291 sc->sc_dev.dv_xname, usbd_errstr(error)); 292 goto fail; 293 } 294 295 /* 296 * Allocate TX, RX, and CMD xfers. 297 */ 298 if (upgt_alloc_tx(sc) != 0) 299 goto fail; 300 if (upgt_alloc_rx(sc) != 0) 301 goto fail; 302 if (upgt_alloc_cmd(sc) != 0) 303 goto fail; 304 305 /* 306 * We need the firmware loaded to complete the attach. 307 */ 308 if (rootvp == NULL) 309 mountroothook_establish(upgt_attach_hook, sc); 310 else 311 upgt_attach_hook(sc); 312 313 return; 314 fail: 315 printf("%s: %s failed!\n", sc->sc_dev.dv_xname, __func__); 316 } 317 318 void 319 upgt_attach_hook(void *arg) 320 { 321 struct upgt_softc *sc = arg; 322 struct ieee80211com *ic = &sc->sc_ic; 323 struct ifnet *ifp = &ic->ic_if; 324 usbd_status error; 325 int i; 326 327 /* 328 * Load firmware file into memory. 329 */ 330 if (upgt_fw_alloc(sc) != 0) 331 goto fail; 332 333 /* 334 * Initialize the device. 335 */ 336 if (upgt_device_init(sc) != 0) 337 goto fail; 338 339 /* 340 * Verify the firmware. 341 */ 342 if (upgt_fw_verify(sc) != 0) 343 goto fail; 344 345 /* 346 * Calculate device memory space. 347 */ 348 if (sc->sc_memaddr_frame_start == 0 || sc->sc_memaddr_frame_end == 0) { 349 printf("%s: could not find memory space addresses on FW!\n", 350 sc->sc_dev.dv_xname); 351 goto fail; 352 } 353 sc->sc_memaddr_frame_end -= UPGT_MEMSIZE_RX + 1; 354 sc->sc_memaddr_rx_start = sc->sc_memaddr_frame_end + 1; 355 356 DPRINTF(1, "%s: memory address frame start=0x%08x\n", 357 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_start); 358 DPRINTF(1, "%s: memory address frame end=0x%08x\n", 359 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_end); 360 DPRINTF(1, "%s: memory address rx start=0x%08x\n", 361 sc->sc_dev.dv_xname, sc->sc_memaddr_rx_start); 362 363 upgt_mem_init(sc); 364 365 /* 366 * Load the firmware. 367 */ 368 if (upgt_fw_load(sc) != 0) 369 goto fail; 370 371 /* 372 * Startup the RX pipe. 373 */ 374 struct upgt_data *data_rx = &sc->rx_data; 375 376 usbd_setup_xfer(data_rx->xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, 377 MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 378 error = usbd_transfer(data_rx->xfer); 379 if (error != 0 && error != USBD_IN_PROGRESS) { 380 printf("%s: could not queue RX transfer!\n", 381 sc->sc_dev.dv_xname); 382 goto fail; 383 } 384 usbd_delay_ms(sc->sc_udev, 100); 385 386 /* 387 * Read the whole EEPROM content and parse it. 388 */ 389 if (upgt_eeprom_read(sc) != 0) 390 goto fail; 391 if (upgt_eeprom_parse(sc) != 0) 392 goto fail; 393 394 /* 395 * Setup the 802.11 device. 396 */ 397 ic->ic_phytype = IEEE80211_T_OFDM; 398 ic->ic_opmode = IEEE80211_M_STA; 399 ic->ic_state = IEEE80211_S_INIT; 400 ic->ic_caps = 401 IEEE80211_C_MONITOR | 402 IEEE80211_C_SHPREAMBLE | 403 IEEE80211_C_SHSLOT | 404 IEEE80211_C_WEP | 405 IEEE80211_C_RSN; 406 407 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 408 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 409 410 for (i = 1; i <= 14; i++) { 411 ic->ic_channels[i].ic_freq = 412 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 413 ic->ic_channels[i].ic_flags = 414 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 415 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 416 } 417 418 ifp->if_softc = sc; 419 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 420 ifp->if_init = upgt_init; 421 ifp->if_ioctl = upgt_ioctl; 422 ifp->if_start = upgt_start; 423 ifp->if_watchdog = upgt_watchdog; 424 IFQ_SET_READY(&ifp->if_snd); 425 memcpy(ifp->if_xname, sc->sc_dev.dv_xname, IFNAMSIZ); 426 427 if_attach(ifp); 428 ieee80211_ifattach(ifp); 429 ic->ic_newassoc = upgt_newassoc; 430 431 sc->sc_newstate = ic->ic_newstate; 432 ic->ic_newstate = upgt_newstate; 433 ieee80211_media_init(ifp, upgt_media_change, ieee80211_media_status); 434 435 #if NBPFILTER > 0 436 bpfattach(&sc->sc_drvbpf, ifp, DLT_IEEE802_11_RADIO, 437 sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN); 438 439 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 440 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 441 sc->sc_rxtap.wr_ihdr.it_present = htole32(UPGT_RX_RADIOTAP_PRESENT); 442 443 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 444 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 445 sc->sc_txtap.wt_ihdr.it_present = htole32(UPGT_TX_RADIOTAP_PRESENT); 446 #endif 447 448 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, &sc->sc_dev); 449 450 printf("%s: address %s\n", 451 sc->sc_dev.dv_xname, ether_sprintf(ic->ic_myaddr)); 452 453 /* setup shutdown hook */ 454 sc->sc_sdhook = shutdownhook_establish(upgt_shutdown_hook, sc); 455 456 /* device attached */ 457 sc->sc_flags |= UPGT_DEVICE_ATTACHED; 458 459 return; 460 fail: 461 printf("%s: %s failed!\n", sc->sc_dev.dv_xname, __func__); 462 } 463 464 void 465 upgt_shutdown_hook(void *arg) 466 { 467 struct upgt_softc *sc = (struct upgt_softc *)arg; 468 469 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 470 471 /* reset device */ 472 upgt_set_led(sc, UPGT_LED_OFF); 473 (void)upgt_device_init(sc); 474 } 475 476 int 477 upgt_detach(struct device *self, int flags) 478 { 479 struct upgt_softc *sc = (struct upgt_softc *)self; 480 struct ifnet *ifp = &sc->sc_ic.ic_if; 481 int s; 482 483 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 484 485 s = splusb(); 486 487 /* abort and close TX / RX pipes */ 488 if (sc->sc_tx_pipeh != NULL) { 489 usbd_abort_pipe(sc->sc_tx_pipeh); 490 usbd_close_pipe(sc->sc_tx_pipeh); 491 } 492 if (sc->sc_rx_pipeh != NULL) { 493 usbd_abort_pipe(sc->sc_rx_pipeh); 494 usbd_close_pipe(sc->sc_rx_pipeh); 495 } 496 497 /* remove tasks and timeouts */ 498 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 499 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 500 timeout_del(&sc->scan_to); 501 timeout_del(&sc->led_to); 502 503 /* free xfers */ 504 upgt_free_tx(sc); 505 upgt_free_rx(sc); 506 upgt_free_cmd(sc); 507 508 /* free firmware */ 509 upgt_fw_free(sc); 510 511 if (sc->sc_flags & UPGT_DEVICE_ATTACHED) { 512 /* detach interface */ 513 ieee80211_ifdetach(ifp); 514 if_detach(ifp); 515 } 516 517 if (sc->sc_sdhook != NULL) 518 shutdownhook_disestablish(sc->sc_sdhook); 519 520 splx(s); 521 522 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, &sc->sc_dev); 523 524 return (0); 525 } 526 527 int 528 upgt_activate(struct device *self, enum devact act) 529 { 530 switch (act) { 531 case DVACT_ACTIVATE: 532 return (EOPNOTSUPP); 533 case (DVACT_DEACTIVATE): 534 break; 535 } 536 537 return (0); 538 } 539 540 int 541 upgt_device_type(struct upgt_softc *sc, uint16_t vendor, uint16_t product) 542 { 543 if (usb_lookup(upgt_devs_1, vendor, product) != NULL) { 544 sc->sc_device_type = 1; 545 /* XXX */ 546 printf("%s: version 1 devices not supported yet!\n", 547 sc->sc_dev.dv_xname); 548 return (1); 549 } else { 550 sc->sc_device_type = 2; 551 } 552 553 return (0); 554 } 555 556 int 557 upgt_device_init(struct upgt_softc *sc) 558 { 559 struct upgt_data *data_cmd = &sc->cmd_data; 560 char init_cmd[] = { 0x7e, 0x7e, 0x7e, 0x7e }; 561 int len; 562 563 len = sizeof(init_cmd); 564 bcopy(init_cmd, data_cmd->buf, len); 565 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 566 printf("%s: could not send device init string!\n", 567 sc->sc_dev.dv_xname); 568 return (EIO); 569 } 570 usbd_delay_ms(sc->sc_udev, 100); 571 572 DPRINTF(1, "%s: device initialized\n", sc->sc_dev.dv_xname); 573 574 return (0); 575 } 576 577 int 578 upgt_mem_init(struct upgt_softc *sc) 579 { 580 int i; 581 582 for (i = 0; i < UPGT_MEMORY_MAX_PAGES; i++) { 583 sc->sc_memory.page[i].used = 0; 584 585 if (i == 0) { 586 /* 587 * The first memory page is always reserved for 588 * command data. 589 */ 590 sc->sc_memory.page[i].addr = 591 sc->sc_memaddr_frame_start + MCLBYTES; 592 } else { 593 sc->sc_memory.page[i].addr = 594 sc->sc_memory.page[i - 1].addr + MCLBYTES; 595 } 596 597 if (sc->sc_memory.page[i].addr + MCLBYTES >= 598 sc->sc_memaddr_frame_end) 599 break; 600 601 DPRINTF(2, "%s: memory address page %d=0x%08x\n", 602 sc->sc_dev.dv_xname, i, sc->sc_memory.page[i].addr); 603 } 604 605 sc->sc_memory.pages = i; 606 607 DPRINTF(2, "%s: memory pages=%d\n", 608 sc->sc_dev.dv_xname, sc->sc_memory.pages); 609 610 return (0); 611 } 612 613 uint32_t 614 upgt_mem_alloc(struct upgt_softc *sc) 615 { 616 int i; 617 618 for (i = 0; i < sc->sc_memory.pages; i++) { 619 if (sc->sc_memory.page[i].used == 0) { 620 sc->sc_memory.page[i].used = 1; 621 return (sc->sc_memory.page[i].addr); 622 } 623 } 624 625 return (0); 626 } 627 628 void 629 upgt_mem_free(struct upgt_softc *sc, uint32_t addr) 630 { 631 int i; 632 633 for (i = 0; i < sc->sc_memory.pages; i++) { 634 if (sc->sc_memory.page[i].addr == addr) { 635 sc->sc_memory.page[i].used = 0; 636 return; 637 } 638 } 639 640 printf("%s: could not free memory address 0x%08x!\n", 641 sc->sc_dev.dv_xname, addr); 642 } 643 644 645 int 646 upgt_fw_alloc(struct upgt_softc *sc) 647 { 648 const char *name = "upgt-gw3887"; 649 int error; 650 651 if (sc->sc_fw == NULL) { 652 error = loadfirmware(name, &sc->sc_fw, &sc->sc_fw_size); 653 if (error != 0) { 654 printf("%s: error %d, could not read firmware %s!\n", 655 sc->sc_dev.dv_xname, error, name); 656 return (EIO); 657 } 658 } 659 660 DPRINTF(1, "%s: firmware %s allocated\n", sc->sc_dev.dv_xname, name); 661 662 return (0); 663 } 664 665 void 666 upgt_fw_free(struct upgt_softc *sc) 667 { 668 if (sc->sc_fw != NULL) { 669 free(sc->sc_fw, M_DEVBUF); 670 sc->sc_fw = NULL; 671 DPRINTF(1, "%s: firmware freed\n", sc->sc_dev.dv_xname); 672 } 673 } 674 675 int 676 upgt_fw_verify(struct upgt_softc *sc) 677 { 678 struct upgt_fw_bra_option *bra_option; 679 uint32_t bra_option_type, bra_option_len; 680 uint32_t *uc; 681 int offset, bra_end = 0; 682 683 /* 684 * Seek to beginning of Boot Record Area (BRA). 685 */ 686 for (offset = 0; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 687 uc = (uint32_t *)(sc->sc_fw + offset); 688 if (*uc == 0) 689 break; 690 } 691 for (; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 692 uc = (uint32_t *)(sc->sc_fw + offset); 693 if (*uc != 0) 694 break; 695 } 696 if (offset == sc->sc_fw_size) { 697 printf("%s: firmware Boot Record Area not found!\n", 698 sc->sc_dev.dv_xname); 699 return (EIO); 700 } 701 DPRINTF(1, "%s: firmware Boot Record Area found at offset %d\n", 702 sc->sc_dev.dv_xname, offset); 703 704 /* 705 * Parse Boot Record Area (BRA) options. 706 */ 707 while (offset < sc->sc_fw_size && bra_end == 0) { 708 /* get current BRA option */ 709 bra_option = (struct upgt_fw_bra_option *)(sc->sc_fw + offset); 710 bra_option_type = letoh32(bra_option->type); 711 bra_option_len = letoh32(bra_option->len) * sizeof(*uc); 712 713 switch (bra_option_type) { 714 case UPGT_BRA_TYPE_FW: 715 DPRINTF(1, "%s: UPGT_BRA_TYPE_FW len=%d\n", 716 sc->sc_dev.dv_xname, bra_option_len); 717 718 if (bra_option_len != UPGT_BRA_FWTYPE_SIZE) { 719 printf("%s: wrong UPGT_BRA_TYPE_FW len!\n", 720 sc->sc_dev.dv_xname); 721 return (EIO); 722 } 723 if (memcmp(UPGT_BRA_FWTYPE_LM86, bra_option->data, 724 bra_option_len) == 0) { 725 sc->sc_fw_type = UPGT_FWTYPE_LM86; 726 break; 727 } 728 if (memcmp(UPGT_BRA_FWTYPE_LM87, bra_option->data, 729 bra_option_len) == 0) { 730 sc->sc_fw_type = UPGT_FWTYPE_LM87; 731 break; 732 } 733 if (memcmp(UPGT_BRA_FWTYPE_FMAC, bra_option->data, 734 bra_option_len) == 0) { 735 sc->sc_fw_type = UPGT_FWTYPE_FMAC; 736 break; 737 } 738 printf("%s: unsupported firmware type!\n", 739 sc->sc_dev.dv_xname); 740 return (EIO); 741 case UPGT_BRA_TYPE_VERSION: 742 DPRINTF(1, "%s: UPGT_BRA_TYPE_VERSION len=%d\n", 743 sc->sc_dev.dv_xname, bra_option_len); 744 break; 745 case UPGT_BRA_TYPE_DEPIF: 746 DPRINTF(1, "%s: UPGT_BRA_TYPE_DEPIF len=%d\n", 747 sc->sc_dev.dv_xname, bra_option_len); 748 break; 749 case UPGT_BRA_TYPE_EXPIF: 750 DPRINTF(1, "%s: UPGT_BRA_TYPE_EXPIF len=%d\n", 751 sc->sc_dev.dv_xname, bra_option_len); 752 break; 753 case UPGT_BRA_TYPE_DESCR: 754 DPRINTF(1, "%s: UPGT_BRA_TYPE_DESCR len=%d\n", 755 sc->sc_dev.dv_xname, bra_option_len); 756 757 struct upgt_fw_bra_descr *descr = 758 (struct upgt_fw_bra_descr *)bra_option->data; 759 760 sc->sc_memaddr_frame_start = 761 letoh32(descr->memaddr_space_start); 762 sc->sc_memaddr_frame_end = 763 letoh32(descr->memaddr_space_end); 764 765 DPRINTF(2, "%s: memory address space start=0x%08x\n", 766 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_start); 767 DPRINTF(2, "%s: memory address space end=0x%08x\n", 768 sc->sc_dev.dv_xname, sc->sc_memaddr_frame_end); 769 break; 770 case UPGT_BRA_TYPE_END: 771 DPRINTF(1, "%s: UPGT_BRA_TYPE_END len=%d\n", 772 sc->sc_dev.dv_xname, bra_option_len); 773 bra_end = 1; 774 break; 775 default: 776 DPRINTF(1, "%s: unknown BRA option len=%d\n", 777 sc->sc_dev.dv_xname, bra_option_len); 778 return (EIO); 779 } 780 781 /* jump to next BRA option */ 782 offset += sizeof(struct upgt_fw_bra_option) + bra_option_len; 783 } 784 785 DPRINTF(1, "%s: firmware verified\n", sc->sc_dev.dv_xname); 786 787 return (0); 788 } 789 790 int 791 upgt_fw_load(struct upgt_softc *sc) 792 { 793 struct upgt_data *data_cmd = &sc->cmd_data; 794 struct upgt_data *data_rx = &sc->rx_data; 795 char start_fwload_cmd[] = { 0x3c, 0x0d }; 796 int offset, bsize, n, i, len; 797 uint32_t crc32; 798 799 /* send firmware start load command */ 800 len = sizeof(start_fwload_cmd); 801 bcopy(start_fwload_cmd, data_cmd->buf, len); 802 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 803 printf("%s: could not send start_firmware_load command!\n", 804 sc->sc_dev.dv_xname); 805 return (EIO); 806 } 807 808 /* send X2 header */ 809 len = sizeof(struct upgt_fw_x2_header); 810 struct upgt_fw_x2_header *x2 = data_cmd->buf; 811 bcopy(UPGT_X2_SIGNATURE, x2->signature, UPGT_X2_SIGNATURE_SIZE); 812 x2->startaddr = htole32(UPGT_MEMADDR_FIRMWARE_START); 813 x2->len = htole32(sc->sc_fw_size); 814 x2->crc = upgt_crc32_le(data_cmd->buf + UPGT_X2_SIGNATURE_SIZE, 815 sizeof(struct upgt_fw_x2_header) - UPGT_X2_SIGNATURE_SIZE - 816 sizeof(uint32_t)); 817 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 818 printf("%s: could not send firmware X2 header!\n", 819 sc->sc_dev.dv_xname); 820 return (EIO); 821 } 822 823 /* download firmware */ 824 for (offset = 0; offset < sc->sc_fw_size; offset += bsize) { 825 if (sc->sc_fw_size - offset > UPGT_FW_BLOCK_SIZE) 826 bsize = UPGT_FW_BLOCK_SIZE; 827 else 828 bsize = sc->sc_fw_size - offset; 829 830 n = upgt_fw_copy(sc->sc_fw + offset, data_cmd->buf, bsize); 831 832 DPRINTF(1, "%s: FW offset=%d, read=%d, sent=%d\n", 833 sc->sc_dev.dv_xname, offset, n, bsize); 834 835 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &bsize, 0) 836 != 0) { 837 printf("%s: error while downloading firmware block!\n", 838 sc->sc_dev.dv_xname); 839 return (EIO); 840 } 841 842 bsize = n; 843 } 844 DPRINTF(1, "%s: firmware downloaded\n", sc->sc_dev.dv_xname); 845 846 /* load firmware */ 847 crc32 = upgt_crc32_le(sc->sc_fw, sc->sc_fw_size); 848 *((uint32_t *)(data_cmd->buf) ) = crc32; 849 *((uint8_t *)(data_cmd->buf) + 4) = 'g'; 850 *((uint8_t *)(data_cmd->buf) + 5) = '\r'; 851 len = 6; 852 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 853 printf("%s: could not send load_firmware command!\n", 854 sc->sc_dev.dv_xname); 855 return (EIO); 856 } 857 858 for (i = 0; i < UPGT_FIRMWARE_TIMEOUT; i++) { 859 len = UPGT_FW_BLOCK_SIZE; 860 bzero(data_rx->buf, MCLBYTES); 861 if (upgt_bulk_xmit(sc, data_rx, sc->sc_rx_pipeh, &len, 862 USBD_SHORT_XFER_OK) != 0) { 863 printf("%s: could not read firmware response!\n", 864 sc->sc_dev.dv_xname); 865 return (EIO); 866 } 867 868 if (memcmp(data_rx->buf, "OK", 2) == 0) 869 break; /* firmware load was successful */ 870 } 871 if (i == UPGT_FIRMWARE_TIMEOUT) { 872 printf("%s: firmware load failed!\n", sc->sc_dev.dv_xname); 873 return (EIO); 874 } 875 DPRINTF(1, "%s: firmware loaded\n", sc->sc_dev.dv_xname); 876 877 return (0); 878 } 879 880 /* 881 * While copying the version 2 firmware, we need to replace two characters: 882 * 883 * 0x7e -> 0x7d 0x5e 884 * 0x7d -> 0x7d 0x5d 885 */ 886 int 887 upgt_fw_copy(char *src, char *dst, int size) 888 { 889 int i, j; 890 891 for (i = 0, j = 0; i < size && j < size; i++) { 892 switch (src[i]) { 893 case 0x7e: 894 dst[j] = 0x7d; 895 j++; 896 dst[j] = 0x5e; 897 j++; 898 break; 899 case 0x7d: 900 dst[j] = 0x7d; 901 j++; 902 dst[j] = 0x5d; 903 j++; 904 break; 905 default: 906 dst[j] = src[i]; 907 j++; 908 break; 909 } 910 } 911 912 return (i); 913 } 914 915 int 916 upgt_eeprom_read(struct upgt_softc *sc) 917 { 918 struct upgt_data *data_cmd = &sc->cmd_data; 919 struct upgt_lmac_mem *mem; 920 struct upgt_lmac_eeprom *eeprom; 921 int offset, block, len; 922 923 offset = 0; 924 block = UPGT_EEPROM_BLOCK_SIZE; 925 while (offset < UPGT_EEPROM_SIZE) { 926 DPRINTF(1, "%s: request EEPROM block (offset=%d, len=%d)\n", 927 sc->sc_dev.dv_xname, offset, block); 928 929 /* 930 * Transmit the URB containing the CMD data. 931 */ 932 bzero(data_cmd->buf, MCLBYTES); 933 934 mem = (struct upgt_lmac_mem *)data_cmd->buf; 935 mem->addr = htole32(sc->sc_memaddr_frame_start + 936 UPGT_MEMSIZE_FRAME_HEAD); 937 938 eeprom = (struct upgt_lmac_eeprom *)(mem + 1); 939 eeprom->header1.flags = 0; 940 eeprom->header1.type = UPGT_H1_TYPE_CTRL; 941 eeprom->header1.len = htole16(( 942 sizeof(struct upgt_lmac_eeprom) - 943 sizeof(struct upgt_lmac_header)) + block); 944 945 eeprom->header2.reqid = htole32(sc->sc_memaddr_frame_start); 946 eeprom->header2.type = htole16(UPGT_H2_TYPE_EEPROM); 947 eeprom->header2.flags = 0; 948 949 eeprom->offset = htole16(offset); 950 eeprom->len = htole16(block); 951 952 len = sizeof(*mem) + sizeof(*eeprom) + block; 953 954 mem->chksum = upgt_chksum_le((uint32_t *)eeprom, 955 len - sizeof(*mem)); 956 957 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 958 USBD_FORCE_SHORT_XFER) != 0) { 959 printf("%s: could not transmit EEPROM data URB!\n", 960 sc->sc_dev.dv_xname); 961 return (EIO); 962 } 963 if (tsleep(sc, 0, "eeprom_request", UPGT_USB_TIMEOUT)) { 964 printf("%s: timeout while waiting for EEPROM data!\n", 965 sc->sc_dev.dv_xname); 966 return (EIO); 967 } 968 969 offset += block; 970 if (UPGT_EEPROM_SIZE - offset < block) 971 block = UPGT_EEPROM_SIZE - offset; 972 } 973 974 return (0); 975 } 976 977 int 978 upgt_eeprom_parse(struct upgt_softc *sc) 979 { 980 struct ieee80211com *ic = &sc->sc_ic; 981 struct upgt_eeprom_header *eeprom_header; 982 struct upgt_eeprom_option *eeprom_option; 983 uint16_t option_len; 984 uint16_t option_type; 985 uint16_t preamble_len; 986 int option_end = 0; 987 988 /* calculate eeprom options start offset */ 989 eeprom_header = (struct upgt_eeprom_header *)sc->sc_eeprom; 990 preamble_len = letoh16(eeprom_header->preamble_len); 991 eeprom_option = (struct upgt_eeprom_option *)(sc->sc_eeprom + 992 (sizeof(struct upgt_eeprom_header) + preamble_len)); 993 994 while (!option_end) { 995 /* the eeprom option length is stored in words */ 996 option_len = 997 (letoh16(eeprom_option->len) - 1) * sizeof(uint16_t); 998 option_type = 999 letoh16(eeprom_option->type); 1000 1001 switch (option_type) { 1002 case UPGT_EEPROM_TYPE_NAME: 1003 DPRINTF(1, "%s: EEPROM name len=%d\n", 1004 sc->sc_dev.dv_xname, option_len); 1005 break; 1006 case UPGT_EEPROM_TYPE_SERIAL: 1007 DPRINTF(1, "%s: EEPROM serial len=%d\n", 1008 sc->sc_dev.dv_xname, option_len); 1009 break; 1010 case UPGT_EEPROM_TYPE_MAC: 1011 DPRINTF(1, "%s: EEPROM mac len=%d\n", 1012 sc->sc_dev.dv_xname, option_len); 1013 1014 IEEE80211_ADDR_COPY(ic->ic_myaddr, eeprom_option->data); 1015 break; 1016 case UPGT_EEPROM_TYPE_HWRX: 1017 DPRINTF(1, "%s: EEPROM hwrx len=%d\n", 1018 sc->sc_dev.dv_xname, option_len); 1019 1020 upgt_eeprom_parse_hwrx(sc, eeprom_option->data); 1021 break; 1022 case UPGT_EEPROM_TYPE_CHIP: 1023 DPRINTF(1, "%s: EEPROM chip len=%d\n", 1024 sc->sc_dev.dv_xname, option_len); 1025 break; 1026 case UPGT_EEPROM_TYPE_FREQ3: 1027 DPRINTF(1, "%s: EEPROM freq3 len=%d\n", 1028 sc->sc_dev.dv_xname, option_len); 1029 1030 upgt_eeprom_parse_freq3(sc, eeprom_option->data, 1031 option_len); 1032 break; 1033 case UPGT_EEPROM_TYPE_FREQ4: 1034 DPRINTF(1, "%s: EEPROM freq4 len=%d\n", 1035 sc->sc_dev.dv_xname, option_len); 1036 1037 upgt_eeprom_parse_freq4(sc, eeprom_option->data, 1038 option_len); 1039 break; 1040 case UPGT_EEPROM_TYPE_FREQ5: 1041 DPRINTF(1, "%s: EEPROM freq5 len=%d\n", 1042 sc->sc_dev.dv_xname, option_len); 1043 break; 1044 case UPGT_EEPROM_TYPE_FREQ6: 1045 DPRINTF(1, "%s: EEPROM freq6 len=%d\n", 1046 sc->sc_dev.dv_xname, option_len); 1047 1048 upgt_eeprom_parse_freq6(sc, eeprom_option->data, 1049 option_len); 1050 break; 1051 case UPGT_EEPROM_TYPE_END: 1052 DPRINTF(1, "%s: EEPROM end len=%d\n", 1053 sc->sc_dev.dv_xname, option_len); 1054 option_end = 1; 1055 break; 1056 case UPGT_EEPROM_TYPE_OFF: 1057 DPRINTF(1, "%s: EEPROM off without end option!\n", 1058 sc->sc_dev.dv_xname); 1059 return (EIO); 1060 default: 1061 DPRINTF(1, "%s: EEPROM unknown type 0x%04x len=%d\n", 1062 sc->sc_dev.dv_xname, option_type, option_len); 1063 break; 1064 } 1065 1066 /* jump to next EEPROM option */ 1067 eeprom_option = (struct upgt_eeprom_option *) 1068 (eeprom_option->data + option_len); 1069 } 1070 1071 return (0); 1072 } 1073 1074 void 1075 upgt_eeprom_parse_hwrx(struct upgt_softc *sc, uint8_t *data) 1076 { 1077 struct upgt_eeprom_option_hwrx *option_hwrx; 1078 1079 option_hwrx = (struct upgt_eeprom_option_hwrx *)data; 1080 1081 sc->sc_eeprom_hwrx = option_hwrx->rxfilter - UPGT_EEPROM_RX_CONST; 1082 1083 DPRINTF(2, "%s: hwrx option value=0x%04x\n", 1084 sc->sc_dev.dv_xname, sc->sc_eeprom_hwrx); 1085 } 1086 1087 void 1088 upgt_eeprom_parse_freq3(struct upgt_softc *sc, uint8_t *data, int len) 1089 { 1090 struct upgt_eeprom_freq3_header *freq3_header; 1091 struct upgt_lmac_freq3 *freq3; 1092 int i, elements, flags; 1093 unsigned channel; 1094 1095 freq3_header = (struct upgt_eeprom_freq3_header *)data; 1096 freq3 = (struct upgt_lmac_freq3 *)(freq3_header + 1); 1097 1098 flags = freq3_header->flags; 1099 elements = freq3_header->elements; 1100 1101 DPRINTF(2, "%s: flags=0x%02x\n", sc->sc_dev.dv_xname, flags); 1102 DPRINTF(2, "%s: elements=%d\n", sc->sc_dev.dv_xname, elements); 1103 1104 for (i = 0; i < elements; i++) { 1105 channel = ieee80211_mhz2ieee(letoh16(freq3[i].freq), 0); 1106 1107 sc->sc_eeprom_freq3[channel] = freq3[i]; 1108 1109 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1110 sc->sc_dev.dv_xname, 1111 letoh16(sc->sc_eeprom_freq3[channel].freq), channel); 1112 } 1113 } 1114 1115 void 1116 upgt_eeprom_parse_freq4(struct upgt_softc *sc, uint8_t *data, int len) 1117 { 1118 struct upgt_eeprom_freq4_header *freq4_header; 1119 struct upgt_eeprom_freq4_1 *freq4_1; 1120 struct upgt_eeprom_freq4_2 *freq4_2; 1121 int i, j, elements, settings, flags; 1122 unsigned channel; 1123 1124 freq4_header = (struct upgt_eeprom_freq4_header *)data; 1125 freq4_1 = (struct upgt_eeprom_freq4_1 *)(freq4_header + 1); 1126 1127 flags = freq4_header->flags; 1128 elements = freq4_header->elements; 1129 settings = freq4_header->settings; 1130 1131 /* we need this value later */ 1132 sc->sc_eeprom_freq6_settings = freq4_header->settings; 1133 1134 DPRINTF(2, "%s: flags=0x%02x\n", sc->sc_dev.dv_xname, flags); 1135 DPRINTF(2, "%s: elements=%d\n", sc->sc_dev.dv_xname, elements); 1136 DPRINTF(2, "%s: settings=%d\n", sc->sc_dev.dv_xname, settings); 1137 1138 for (i = 0; i < elements; i++) { 1139 channel = ieee80211_mhz2ieee(letoh16(freq4_1[i].freq), 0); 1140 1141 freq4_2 = (struct upgt_eeprom_freq4_2 *)freq4_1[i].data; 1142 1143 for (j = 0; j < settings; j++) { 1144 sc->sc_eeprom_freq4[channel][j].cmd = freq4_2[j]; 1145 sc->sc_eeprom_freq4[channel][j].pad = 0; 1146 } 1147 1148 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1149 sc->sc_dev.dv_xname, 1150 letoh16(freq4_1[i].freq), channel); 1151 } 1152 } 1153 1154 void 1155 upgt_eeprom_parse_freq6(struct upgt_softc *sc, uint8_t *data, int len) 1156 { 1157 struct upgt_lmac_freq6 *freq6; 1158 int i, elements; 1159 unsigned channel; 1160 1161 freq6 = (struct upgt_lmac_freq6 *)data; 1162 1163 elements = len / sizeof(struct upgt_lmac_freq6); 1164 1165 DPRINTF(2, "%s: elements=%d\n", sc->sc_dev.dv_xname, elements); 1166 1167 for (i = 0; i < elements; i++) { 1168 channel = ieee80211_mhz2ieee(letoh16(freq6[i].freq), 0); 1169 1170 sc->sc_eeprom_freq6[channel] = freq6[i]; 1171 1172 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1173 sc->sc_dev.dv_xname, 1174 letoh16(sc->sc_eeprom_freq6[channel].freq), channel); 1175 } 1176 } 1177 1178 int 1179 upgt_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 1180 { 1181 struct upgt_softc *sc = ifp->if_softc; 1182 struct ieee80211com *ic = &sc->sc_ic; 1183 struct ifaddr *ifa; 1184 struct ifreq *ifr; 1185 int s, error = 0; 1186 uint8_t chan; 1187 1188 s = splnet(); 1189 1190 switch (cmd) { 1191 case SIOCSIFADDR: 1192 ifa = (struct ifaddr *)data; 1193 ifp->if_flags |= IFF_UP; 1194 #ifdef INET 1195 if (ifa->ifa_addr->sa_family == AF_INET) 1196 arp_ifinit(&ic->ic_ac, ifa); 1197 #endif 1198 /* FALLTHROUGH */ 1199 case SIOCSIFFLAGS: 1200 if (ifp->if_flags & IFF_UP) { 1201 if ((ifp->if_flags & IFF_RUNNING) == 0) 1202 upgt_init(ifp); 1203 } else { 1204 if (ifp->if_flags & IFF_RUNNING) 1205 upgt_stop(sc); 1206 } 1207 break; 1208 case SIOCADDMULTI: 1209 case SIOCDELMULTI: 1210 ifr = (struct ifreq *)data; 1211 error = (cmd == SIOCADDMULTI) ? 1212 ether_addmulti(ifr, &ic->ic_ac) : 1213 ether_delmulti(ifr, &ic->ic_ac); 1214 if (error == ENETRESET) 1215 error = 0; 1216 break; 1217 case SIOCS80211CHANNEL: 1218 /* allow fast channel switching in monitor mode */ 1219 error = ieee80211_ioctl(ifp, cmd, data); 1220 if (error == ENETRESET && 1221 ic->ic_opmode == IEEE80211_M_MONITOR) { 1222 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1223 (IFF_UP | IFF_RUNNING)) { 1224 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1225 chan = ieee80211_chan2ieee(ic, 1226 ic->ic_bss->ni_chan); 1227 upgt_set_channel(sc, chan); 1228 } 1229 error = 0; 1230 } 1231 break; 1232 default: 1233 error = ieee80211_ioctl(ifp, cmd, data); 1234 break; 1235 } 1236 1237 if (error == ENETRESET) { 1238 if (ifp->if_flags & (IFF_UP | IFF_RUNNING)) 1239 upgt_init(ifp); 1240 error = 0; 1241 } 1242 1243 splx(s); 1244 1245 return (error); 1246 } 1247 1248 int 1249 upgt_init(struct ifnet *ifp) 1250 { 1251 struct upgt_softc *sc = ifp->if_softc; 1252 struct ieee80211com *ic = &sc->sc_ic; 1253 1254 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1255 1256 IEEE80211_ADDR_COPY(ic->ic_myaddr, LLADDR(ifp->if_sadl)); 1257 1258 /* select default channel */ 1259 ic->ic_bss->ni_chan = ic->ic_ibss_chan; 1260 sc->sc_cur_chan = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1261 1262 /* setup device rates */ 1263 upgt_setup_rates(sc); 1264 1265 ifp->if_flags |= IFF_RUNNING; 1266 ifp->if_flags &= ~IFF_OACTIVE; 1267 1268 upgt_set_macfilter(sc, IEEE80211_S_SCAN); 1269 1270 if (ic->ic_opmode == IEEE80211_M_MONITOR) { 1271 upgt_set_channel(sc, sc->sc_cur_chan); 1272 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1273 } else 1274 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1275 1276 return (0); 1277 } 1278 1279 void 1280 upgt_stop(struct upgt_softc *sc) 1281 { 1282 struct ieee80211com *ic = &sc->sc_ic; 1283 struct ifnet *ifp = &ic->ic_if; 1284 1285 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1286 1287 /* device down */ 1288 ifp->if_timer = 0; 1289 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1290 1291 /* change device back to initial state */ 1292 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1293 } 1294 1295 int 1296 upgt_media_change(struct ifnet *ifp) 1297 { 1298 struct upgt_softc *sc = ifp->if_softc; 1299 int error; 1300 1301 DPRINTF(1, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1302 1303 if ((error = ieee80211_media_change(ifp) != ENETRESET)) 1304 return (error); 1305 1306 if (ifp->if_flags & (IFF_UP | IFF_RUNNING)) { 1307 /* give pending USB transfers a chance to finish */ 1308 usbd_delay_ms(sc->sc_udev, 100); 1309 upgt_init(ifp); 1310 } 1311 1312 return (0); 1313 } 1314 1315 void 1316 upgt_newassoc(struct ieee80211com *ic, struct ieee80211_node *ni, int isnew) 1317 { 1318 ni->ni_txrate = 0; 1319 } 1320 1321 int 1322 upgt_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1323 { 1324 struct upgt_softc *sc = ic->ic_if.if_softc; 1325 1326 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 1327 timeout_del(&sc->scan_to); 1328 1329 /* do it in a process context */ 1330 sc->sc_state = nstate; 1331 sc->sc_arg = arg; 1332 usb_add_task(sc->sc_udev, &sc->sc_task_newstate); 1333 1334 return (0); 1335 } 1336 1337 void 1338 upgt_newstate_task(void *arg) 1339 { 1340 struct upgt_softc *sc = arg; 1341 struct ieee80211com *ic = &sc->sc_ic; 1342 struct ieee80211_node *ni; 1343 enum ieee80211_state ostate; 1344 unsigned channel; 1345 1346 ostate = ic->ic_state; 1347 1348 switch (sc->sc_state) { 1349 case IEEE80211_S_INIT: 1350 DPRINTF(1, "%s: newstate is IEEE80211_S_INIT\n", 1351 sc->sc_dev.dv_xname); 1352 1353 /* do not accept any frames if the device is down */ 1354 upgt_set_macfilter(sc, IEEE80211_S_INIT); 1355 upgt_set_led(sc, UPGT_LED_OFF); 1356 break; 1357 case IEEE80211_S_SCAN: 1358 DPRINTF(1, "%s: newstate is IEEE80211_S_SCAN\n", 1359 sc->sc_dev.dv_xname); 1360 1361 channel = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1362 upgt_set_channel(sc, channel); 1363 timeout_add(&sc->scan_to, hz / 5); 1364 break; 1365 case IEEE80211_S_AUTH: 1366 DPRINTF(1, "%s: newstate is IEEE80211_S_AUTH\n", 1367 sc->sc_dev.dv_xname); 1368 1369 channel = ieee80211_chan2ieee(ic, ic->ic_bss->ni_chan); 1370 upgt_set_channel(sc, channel); 1371 break; 1372 case IEEE80211_S_ASSOC: 1373 DPRINTF(1, "%s: newstate is IEEE80211_S_ASSOC\n", 1374 sc->sc_dev.dv_xname); 1375 break; 1376 case IEEE80211_S_RUN: 1377 DPRINTF(1, "%s: newstate is IEEE80211_S_RUN\n", 1378 sc->sc_dev.dv_xname); 1379 1380 ni = ic->ic_bss; 1381 1382 /* 1383 * TX rate control is done by the firmware. 1384 * Report the maximum rate which is available therefore. 1385 */ 1386 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 1387 1388 if (ic->ic_opmode != IEEE80211_M_MONITOR) 1389 upgt_set_macfilter(sc, IEEE80211_S_RUN); 1390 upgt_set_led(sc, UPGT_LED_ON); 1391 break; 1392 } 1393 1394 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 1395 } 1396 1397 void 1398 upgt_next_scan(void *arg) 1399 { 1400 struct upgt_softc *sc = arg; 1401 struct ieee80211com *ic = &sc->sc_ic; 1402 struct ifnet *ifp = &ic->ic_if; 1403 1404 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1405 1406 if (ic->ic_state == IEEE80211_S_SCAN) 1407 ieee80211_next_scan(ifp); 1408 } 1409 1410 void 1411 upgt_start(struct ifnet *ifp) 1412 { 1413 struct upgt_softc *sc = ifp->if_softc; 1414 struct ieee80211com *ic = &sc->sc_ic; 1415 struct ieee80211_node *ni; 1416 struct mbuf *m; 1417 int i; 1418 1419 /* don't transmit packets if interface is busy or down */ 1420 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1421 return; 1422 1423 DPRINTF(2, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1424 1425 for (i = 0; i < UPGT_TX_COUNT; i++) { 1426 struct upgt_data *data_tx = &sc->tx_data[i]; 1427 1428 IF_POLL(&ic->ic_mgtq, m); 1429 if (m != NULL) { 1430 /* management frame */ 1431 IF_DEQUEUE(&ic->ic_mgtq, m); 1432 1433 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 1434 m->m_pkthdr.rcvif = NULL; 1435 #if NBPFILTER > 0 1436 if (ic->ic_rawbpf != NULL) 1437 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1438 #endif 1439 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1440 printf("%s: no free prism memory!\n", 1441 sc->sc_dev.dv_xname); 1442 return; 1443 } 1444 data_tx->ni = ni; 1445 data_tx->m = m; 1446 sc->tx_queued++; 1447 } else { 1448 /* data frame */ 1449 if (ic->ic_state != IEEE80211_S_RUN) 1450 break; 1451 1452 IFQ_POLL(&ifp->if_snd, m); 1453 if (m == NULL) 1454 break; 1455 1456 IFQ_DEQUEUE(&ifp->if_snd, m); 1457 #if NBPFILTER > 0 1458 if (ifp->if_bpf != NULL) 1459 bpf_mtap(ifp->if_bpf, m, BPF_DIRECTION_OUT); 1460 #endif 1461 m = ieee80211_encap(ifp, m, &ni); 1462 if (m == NULL) 1463 continue; 1464 #if NBPFILTER > 0 1465 if (ic->ic_rawbpf != NULL) 1466 bpf_mtap(ic->ic_rawbpf, m, BPF_DIRECTION_OUT); 1467 #endif 1468 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1469 printf("%s: no free prism memory!\n", 1470 sc->sc_dev.dv_xname); 1471 return; 1472 } 1473 data_tx->ni = ni; 1474 data_tx->m = m; 1475 sc->tx_queued++; 1476 } 1477 } 1478 1479 if (sc->tx_queued > 0) { 1480 DPRINTF(2, "%s: tx_queued=%d\n", 1481 sc->sc_dev.dv_xname, sc->tx_queued); 1482 /* process the TX queue in process context */ 1483 ifp->if_timer = 5; 1484 ifp->if_flags |= IFF_OACTIVE; 1485 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 1486 usb_add_task(sc->sc_udev, &sc->sc_task_tx); 1487 } 1488 } 1489 1490 void 1491 upgt_watchdog(struct ifnet *ifp) 1492 { 1493 struct upgt_softc *sc = ifp->if_softc; 1494 struct ieee80211com *ic = &sc->sc_ic; 1495 1496 if (ic->ic_state == IEEE80211_S_INIT) 1497 return; 1498 1499 printf("%s: watchdog timeout!\n", sc->sc_dev.dv_xname); 1500 1501 /* TODO: what shall we do on TX timeout? */ 1502 1503 ieee80211_watchdog(ifp); 1504 } 1505 1506 void 1507 upgt_tx_task(void *arg) 1508 { 1509 struct upgt_softc *sc = arg; 1510 struct ieee80211com *ic = &sc->sc_ic; 1511 struct ieee80211_frame *wh; 1512 struct ieee80211_key *k; 1513 struct upgt_lmac_mem *mem; 1514 struct upgt_lmac_tx_desc *txdesc; 1515 struct mbuf *m; 1516 uint32_t addr; 1517 int len, i, s; 1518 usbd_status error; 1519 1520 s = splusb(); 1521 1522 upgt_set_led(sc, UPGT_LED_BLINK); 1523 1524 for (i = 0; i < UPGT_TX_COUNT; i++) { 1525 struct upgt_data *data_tx = &sc->tx_data[i]; 1526 1527 if (data_tx->m == NULL) { 1528 DPRINTF(2, "%s: %d: m is NULL\n", 1529 sc->sc_dev.dv_xname, i); 1530 continue; 1531 } 1532 1533 m = data_tx->m; 1534 addr = data_tx->addr + UPGT_MEMSIZE_FRAME_HEAD; 1535 1536 /* 1537 * Software crypto. 1538 */ 1539 wh = mtod(m, struct ieee80211_frame *); 1540 1541 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) { 1542 k = ieee80211_get_txkey(ic, wh, ic->ic_bss); 1543 1544 if ((m = ieee80211_encrypt(ic, m, k)) == NULL) 1545 return; 1546 1547 /* in case packet header moved, reset pointer */ 1548 wh = mtod(m, struct ieee80211_frame *); 1549 } 1550 1551 /* 1552 * Transmit the URB containing the TX data. 1553 */ 1554 bzero(data_tx->buf, MCLBYTES); 1555 1556 mem = (struct upgt_lmac_mem *)data_tx->buf; 1557 mem->addr = htole32(addr); 1558 1559 txdesc = (struct upgt_lmac_tx_desc *)(mem + 1); 1560 1561 /* XXX differ between data and mgmt frames? */ 1562 txdesc->header1.flags = UPGT_H1_FLAGS_TX_DATA; 1563 txdesc->header1.type = UPGT_H1_TYPE_TX_DATA; 1564 txdesc->header1.len = htole16(m->m_pkthdr.len); 1565 1566 txdesc->header2.reqid = htole32(data_tx->addr); 1567 txdesc->header2.type = htole16(UPGT_H2_TYPE_TX_ACK_YES); 1568 txdesc->header2.flags = htole16(UPGT_H2_FLAGS_TX_ACK_YES); 1569 1570 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1571 IEEE80211_FC0_TYPE_MGT) { 1572 /* always send mgmt frames at lowest rate (DS1) */ 1573 memset(txdesc->rates, 0x10, sizeof(txdesc->rates)); 1574 } else { 1575 bcopy(sc->sc_cur_rateset, txdesc->rates, 1576 sizeof(txdesc->rates)); 1577 } 1578 txdesc->type = htole32(UPGT_TX_DESC_TYPE_DATA); 1579 txdesc->pad3[0] = UPGT_TX_DESC_PAD3_SIZE; 1580 1581 #if NBPFILTER > 0 1582 if (sc->sc_drvbpf != NULL) { 1583 struct mbuf mb; 1584 struct upgt_tx_radiotap_header *tap = &sc->sc_txtap; 1585 1586 tap->wt_flags = 0; 1587 tap->wt_rate = 0; /* TODO: where to get from? */ 1588 tap->wt_chan_freq = 1589 htole16(ic->ic_bss->ni_chan->ic_freq); 1590 tap->wt_chan_flags = 1591 htole16(ic->ic_bss->ni_chan->ic_flags); 1592 1593 mb.m_data = (caddr_t)tap; 1594 mb.m_len = sc->sc_txtap_len; 1595 mb.m_next = m; 1596 mb.m_nextpkt = NULL; 1597 mb.m_type = 0; 1598 mb.m_flags = 0; 1599 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_OUT); 1600 } 1601 #endif 1602 /* copy frame below our TX descriptor header */ 1603 m_copydata(m, 0, m->m_pkthdr.len, 1604 data_tx->buf + (sizeof(*mem) + sizeof(*txdesc))); 1605 1606 /* calculate frame size */ 1607 len = sizeof(*mem) + sizeof(*txdesc) + m->m_pkthdr.len; 1608 1609 /* we need to align the frame to a 4 byte boundary */ 1610 len = (len + 3) & ~3; 1611 1612 /* calculate frame checksum */ 1613 mem->chksum = upgt_chksum_le((uint32_t *)txdesc, 1614 len - sizeof(*mem)); 1615 1616 /* we do not need the mbuf anymore */ 1617 m_freem(m); 1618 data_tx->m = NULL; 1619 1620 DPRINTF(2, "%s: TX start data sending\n", sc->sc_dev.dv_xname); 1621 1622 usbd_setup_xfer(data_tx->xfer, sc->sc_tx_pipeh, data_tx, 1623 data_tx->buf, len, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 1624 UPGT_USB_TIMEOUT, NULL); 1625 error = usbd_transfer(data_tx->xfer); 1626 if (error != 0 && error != USBD_IN_PROGRESS) { 1627 printf("%s: could not transmit TX data URB!\n", 1628 sc->sc_dev.dv_xname); 1629 return; 1630 } 1631 1632 DPRINTF(2, "%s: TX sent (%d bytes)\n", 1633 sc->sc_dev.dv_xname, len); 1634 } 1635 1636 /* 1637 * If we don't regulary read the device statistics, the RX queue 1638 * will stall. It's strange, but it works, so we keep reading 1639 * the statistics here. *shrug* 1640 */ 1641 upgt_get_stats(sc); 1642 1643 splx(s); 1644 } 1645 1646 void 1647 upgt_tx_done(struct upgt_softc *sc, uint8_t *data) 1648 { 1649 struct ieee80211com *ic = &sc->sc_ic; 1650 struct ifnet *ifp = &ic->ic_if; 1651 struct upgt_lmac_tx_done_desc *desc; 1652 int i, s; 1653 1654 s = splnet(); 1655 1656 desc = (struct upgt_lmac_tx_done_desc *)data; 1657 1658 for (i = 0; i < UPGT_TX_COUNT; i++) { 1659 struct upgt_data *data_tx = &sc->tx_data[i]; 1660 1661 if (data_tx->addr == letoh32(desc->header2.reqid)) { 1662 upgt_mem_free(sc, data_tx->addr); 1663 ieee80211_release_node(ic, data_tx->ni); 1664 data_tx->ni = NULL; 1665 data_tx->addr = 0; 1666 1667 sc->tx_queued--; 1668 ifp->if_opackets++; 1669 1670 DPRINTF(2, "%s: TX done: ", sc->sc_dev.dv_xname); 1671 DPRINTF(2, "memaddr=0x%08x, status=0x%04x, rssi=%d, ", 1672 letoh32(desc->header2.reqid), 1673 letoh16(desc->status), 1674 letoh16(desc->rssi)); 1675 DPRINTF(2, "seq=%d\n", letoh16(desc->seq)); 1676 break; 1677 } 1678 } 1679 1680 if (sc->tx_queued == 0) { 1681 /* TX queued was processed, continue */ 1682 ifp->if_timer = 0; 1683 ifp->if_flags &= ~IFF_OACTIVE; 1684 upgt_start(ifp); 1685 } 1686 1687 splx(s); 1688 } 1689 1690 void 1691 upgt_rx_cb(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status) 1692 { 1693 struct upgt_data *data_rx = priv; 1694 struct upgt_softc *sc = data_rx->sc; 1695 int len; 1696 struct upgt_lmac_header *header; 1697 struct upgt_lmac_eeprom *eeprom; 1698 uint8_t h1_type; 1699 uint16_t h2_type; 1700 1701 DPRINTF(3, "%s: %s\n", sc->sc_dev.dv_xname, __func__); 1702 1703 if (status != USBD_NORMAL_COMPLETION) { 1704 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1705 return; 1706 if (status == USBD_STALLED) 1707 usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh); 1708 goto skip; 1709 } 1710 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1711 1712 /* 1713 * Check what type of frame came in. 1714 */ 1715 header = (struct upgt_lmac_header *)(data_rx->buf + 4); 1716 1717 h1_type = header->header1.type; 1718 h2_type = letoh16(header->header2.type); 1719 1720 if (h1_type == UPGT_H1_TYPE_CTRL && 1721 h2_type == UPGT_H2_TYPE_EEPROM) { 1722 eeprom = (struct upgt_lmac_eeprom *)(data_rx->buf + 4); 1723 uint16_t eeprom_offset = letoh16(eeprom->offset); 1724 uint16_t eeprom_len = letoh16(eeprom->len); 1725 1726 DPRINTF(2, "%s: received EEPROM block (offset=%d, len=%d)\n", 1727 sc->sc_dev.dv_xname, eeprom_offset, eeprom_len); 1728 1729 bcopy(data_rx->buf + sizeof(struct upgt_lmac_eeprom) + 4, 1730 sc->sc_eeprom + eeprom_offset, eeprom_len); 1731 1732 /* EEPROM data has arrived in time, wakeup tsleep() */ 1733 wakeup(sc); 1734 } else 1735 if (h1_type == UPGT_H1_TYPE_CTRL && 1736 h2_type == UPGT_H2_TYPE_TX_DONE) { 1737 DPRINTF(2, "%s: received 802.11 TX done\n", 1738 sc->sc_dev.dv_xname); 1739 1740 upgt_tx_done(sc, data_rx->buf + 4); 1741 } else 1742 if (h1_type == UPGT_H1_TYPE_RX_DATA || 1743 h1_type == UPGT_H1_TYPE_RX_DATA_MGMT) { 1744 DPRINTF(3, "%s: received 802.11 RX data\n", 1745 sc->sc_dev.dv_xname); 1746 1747 upgt_rx(sc, data_rx->buf + 4, letoh16(header->header1.len)); 1748 } else 1749 if (h1_type == UPGT_H1_TYPE_CTRL && 1750 h2_type == UPGT_H2_TYPE_STATS) { 1751 DPRINTF(2, "%s: received statistic data\n", 1752 sc->sc_dev.dv_xname); 1753 1754 /* TODO: what could we do with the statistic data? */ 1755 } else { 1756 /* ignore unknown frame types */ 1757 DPRINTF(1, "%s: received unknown frame type 0x%02x\n", 1758 sc->sc_dev.dv_xname, header->header1.type); 1759 } 1760 1761 skip: /* setup new transfer */ 1762 usbd_setup_xfer(xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, MCLBYTES, 1763 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 1764 (void)usbd_transfer(xfer); 1765 } 1766 1767 void 1768 upgt_rx(struct upgt_softc *sc, uint8_t *data, int pkglen) 1769 { 1770 struct ieee80211com *ic = &sc->sc_ic; 1771 struct ifnet *ifp = &ic->ic_if; 1772 struct upgt_lmac_rx_desc *rxdesc; 1773 struct ieee80211_frame *wh; 1774 struct ieee80211_rxinfo rxi; 1775 struct ieee80211_node *ni; 1776 struct mbuf *m; 1777 int s; 1778 1779 /* access RX packet descriptor */ 1780 rxdesc = (struct upgt_lmac_rx_desc *)data; 1781 1782 /* create mbuf which is suitable for strict alignment archs */ 1783 m = m_devget(rxdesc->data - ETHER_ALIGN, pkglen + ETHER_ALIGN, 0, ifp, 1784 NULL); 1785 if (m == NULL) { 1786 DPRINTF(1, "%s: could not create RX mbuf!\n", sc->sc_dev.dv_xname); 1787 ifp->if_ierrors++; 1788 return; 1789 } 1790 m_adj(m, ETHER_ALIGN); 1791 1792 s = splnet(); 1793 1794 #if NBPFILTER > 0 1795 if (sc->sc_drvbpf != NULL) { 1796 struct mbuf mb; 1797 struct upgt_rx_radiotap_header *tap = &sc->sc_rxtap; 1798 1799 tap->wr_flags = IEEE80211_RADIOTAP_F_FCS; 1800 tap->wr_rate = upgt_rx_rate(sc, rxdesc->rate); 1801 tap->wr_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq); 1802 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags); 1803 tap->wr_antsignal = rxdesc->rssi; 1804 1805 mb.m_data = (caddr_t)tap; 1806 mb.m_len = sc->sc_rxtap_len; 1807 mb.m_next = m; 1808 mb.m_nextpkt = NULL; 1809 mb.m_type = 0; 1810 mb.m_flags = 0; 1811 bpf_mtap(sc->sc_drvbpf, &mb, BPF_DIRECTION_IN); 1812 } 1813 #endif 1814 /* trim FCS */ 1815 m_adj(m, -IEEE80211_CRC_LEN); 1816 1817 wh = mtod(m, struct ieee80211_frame *); 1818 ni = ieee80211_find_rxnode(ic, wh); 1819 1820 /* push the frame up to the 802.11 stack */ 1821 rxi.rxi_flags = 0; 1822 rxi.rxi_rssi = rxdesc->rssi; 1823 rxi.rxi_tstamp = 0; /* unused */ 1824 ieee80211_input(ifp, m, ni, &rxi); 1825 1826 /* node is no longer needed */ 1827 ieee80211_release_node(ic, ni); 1828 1829 splx(s); 1830 1831 DPRINTF(3, "%s: RX done\n", sc->sc_dev.dv_xname); 1832 } 1833 1834 void 1835 upgt_setup_rates(struct upgt_softc *sc) 1836 { 1837 struct ieee80211com *ic = &sc->sc_ic; 1838 1839 /* 1840 * 0x01 = OFMD6 0x10 = DS1 1841 * 0x04 = OFDM9 0x11 = DS2 1842 * 0x06 = OFDM12 0x12 = DS5 1843 * 0x07 = OFDM18 0x13 = DS11 1844 * 0x08 = OFDM24 1845 * 0x09 = OFDM36 1846 * 0x0a = OFDM48 1847 * 0x0b = OFDM54 1848 */ 1849 const uint8_t rateset_auto_11b[] = 1850 { 0x13, 0x13, 0x12, 0x11, 0x11, 0x10, 0x10, 0x10 }; 1851 const uint8_t rateset_auto_11g[] = 1852 { 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x04, 0x01 }; 1853 const uint8_t rateset_fix_11bg[] = 1854 { 0x10, 0x11, 0x12, 0x13, 0x01, 0x04, 0x06, 0x07, 1855 0x08, 0x09, 0x0a, 0x0b }; 1856 1857 if (ic->ic_fixed_rate == -1) { 1858 /* 1859 * Automatic rate control is done by the device. 1860 * We just pass the rateset from which the device 1861 * will pickup a rate. 1862 */ 1863 if (ic->ic_curmode == IEEE80211_MODE_11B) 1864 bcopy(rateset_auto_11b, sc->sc_cur_rateset, 1865 sizeof(sc->sc_cur_rateset)); 1866 if (ic->ic_curmode == IEEE80211_MODE_11G || 1867 ic->ic_curmode == IEEE80211_MODE_AUTO) 1868 bcopy(rateset_auto_11g, sc->sc_cur_rateset, 1869 sizeof(sc->sc_cur_rateset)); 1870 } else { 1871 /* set a fixed rate */ 1872 memset(sc->sc_cur_rateset, rateset_fix_11bg[ic->ic_fixed_rate], 1873 sizeof(sc->sc_cur_rateset)); 1874 } 1875 } 1876 1877 uint8_t 1878 upgt_rx_rate(struct upgt_softc *sc, const int rate) 1879 { 1880 struct ieee80211com *ic = &sc->sc_ic; 1881 1882 if (ic->ic_curmode == IEEE80211_MODE_11B) { 1883 if (rate < 0 || rate > 3) 1884 /* invalid rate */ 1885 return (0); 1886 1887 switch (rate) { 1888 case 0: 1889 return (2); 1890 case 1: 1891 return (4); 1892 case 2: 1893 return (11); 1894 case 3: 1895 return (22); 1896 default: 1897 return (0); 1898 } 1899 } 1900 1901 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1902 if (rate < 0 || rate > 11) 1903 /* invalid rate */ 1904 return (0); 1905 1906 switch (rate) { 1907 case 0: 1908 return (2); 1909 case 1: 1910 return (4); 1911 case 2: 1912 return (11); 1913 case 3: 1914 return (22); 1915 case 4: 1916 return (12); 1917 case 5: 1918 return (18); 1919 case 6: 1920 return (24); 1921 case 7: 1922 return (36); 1923 case 8: 1924 return (48); 1925 case 9: 1926 return (72); 1927 case 10: 1928 return (96); 1929 case 11: 1930 return (108); 1931 default: 1932 return (0); 1933 } 1934 } 1935 1936 return (0); 1937 } 1938 1939 int 1940 upgt_set_macfilter(struct upgt_softc *sc, uint8_t state) 1941 { 1942 struct ieee80211com *ic = &sc->sc_ic; 1943 struct ieee80211_node *ni = ic->ic_bss; 1944 struct upgt_data *data_cmd = &sc->cmd_data; 1945 struct upgt_lmac_mem *mem; 1946 struct upgt_lmac_filter *filter; 1947 int len; 1948 uint8_t broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1949 1950 /* 1951 * Transmit the URB containing the CMD data. 1952 */ 1953 bzero(data_cmd->buf, MCLBYTES); 1954 1955 mem = (struct upgt_lmac_mem *)data_cmd->buf; 1956 mem->addr = htole32(sc->sc_memaddr_frame_start + 1957 UPGT_MEMSIZE_FRAME_HEAD); 1958 1959 filter = (struct upgt_lmac_filter *)(mem + 1); 1960 1961 filter->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 1962 filter->header1.type = UPGT_H1_TYPE_CTRL; 1963 filter->header1.len = htole16( 1964 sizeof(struct upgt_lmac_filter) - 1965 sizeof(struct upgt_lmac_header)); 1966 1967 filter->header2.reqid = htole32(sc->sc_memaddr_frame_start); 1968 filter->header2.type = htole16(UPGT_H2_TYPE_MACFILTER); 1969 filter->header2.flags = 0; 1970 1971 switch (state) { 1972 case IEEE80211_S_INIT: 1973 DPRINTF(1, "%s: set MAC filter to INIT\n", 1974 sc->sc_dev.dv_xname); 1975 1976 filter->type = htole16(UPGT_FILTER_TYPE_RESET); 1977 break; 1978 case IEEE80211_S_SCAN: 1979 DPRINTF(1, "%s: set MAC filter to SCAN (bssid %s)\n", 1980 sc->sc_dev.dv_xname, ether_sprintf(broadcast)); 1981 1982 filter->type = htole16(UPGT_FILTER_TYPE_NONE); 1983 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 1984 IEEE80211_ADDR_COPY(filter->src, broadcast); 1985 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 1986 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 1987 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 1988 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 1989 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 1990 break; 1991 case IEEE80211_S_RUN: 1992 DPRINTF(1, "%s: set MAC filter to RUN (bssid %s)\n", 1993 sc->sc_dev.dv_xname, ether_sprintf(ni->ni_bssid)); 1994 1995 filter->type = htole16(UPGT_FILTER_TYPE_STA); 1996 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 1997 IEEE80211_ADDR_COPY(filter->src, ni->ni_bssid); 1998 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 1999 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2000 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2001 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2002 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2003 break; 2004 default: 2005 printf("%s: MAC filter does not know that state!\n", 2006 sc->sc_dev.dv_xname); 2007 break; 2008 } 2009 2010 len = sizeof(*mem) + sizeof(*filter); 2011 2012 mem->chksum = upgt_chksum_le((uint32_t *)filter, 2013 len - sizeof(*mem)); 2014 2015 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2016 printf("%s: could not transmit macfilter CMD data URB!\n", 2017 sc->sc_dev.dv_xname); 2018 return (EIO); 2019 } 2020 2021 return (0); 2022 } 2023 2024 int 2025 upgt_set_channel(struct upgt_softc *sc, unsigned channel) 2026 { 2027 struct upgt_data *data_cmd = &sc->cmd_data; 2028 struct upgt_lmac_mem *mem; 2029 struct upgt_lmac_channel *chan; 2030 int len; 2031 2032 DPRINTF(1, "%s: %s: %d\n", sc->sc_dev.dv_xname, __func__, channel); 2033 2034 /* 2035 * Transmit the URB containing the CMD data. 2036 */ 2037 bzero(data_cmd->buf, MCLBYTES); 2038 2039 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2040 mem->addr = htole32(sc->sc_memaddr_frame_start + 2041 UPGT_MEMSIZE_FRAME_HEAD); 2042 2043 chan = (struct upgt_lmac_channel *)(mem + 1); 2044 2045 chan->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2046 chan->header1.type = UPGT_H1_TYPE_CTRL; 2047 chan->header1.len = htole16( 2048 sizeof(struct upgt_lmac_channel) - 2049 sizeof(struct upgt_lmac_header)); 2050 2051 chan->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2052 chan->header2.type = htole16(UPGT_H2_TYPE_CHANNEL); 2053 chan->header2.flags = 0; 2054 2055 chan->unknown1 = htole16(UPGT_CHANNEL_UNKNOWN1); 2056 chan->unknown2 = htole16(UPGT_CHANNEL_UNKNOWN2); 2057 chan->freq6 = sc->sc_eeprom_freq6[channel]; 2058 chan->settings = sc->sc_eeprom_freq6_settings; 2059 chan->unknown3 = UPGT_CHANNEL_UNKNOWN3; 2060 2061 bcopy(&sc->sc_eeprom_freq3[channel].data, chan->freq3_1, 2062 sizeof(chan->freq3_1)); 2063 2064 bcopy(&sc->sc_eeprom_freq4[channel], chan->freq4, 2065 sizeof(sc->sc_eeprom_freq4[channel])); 2066 2067 bcopy(&sc->sc_eeprom_freq3[channel].data, chan->freq3_2, 2068 sizeof(chan->freq3_2)); 2069 2070 len = sizeof(*mem) + sizeof(*chan); 2071 2072 mem->chksum = upgt_chksum_le((uint32_t *)chan, 2073 len - sizeof(*mem)); 2074 2075 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2076 printf("%s: could not transmit channel CMD data URB!\n", 2077 sc->sc_dev.dv_xname); 2078 return (EIO); 2079 } 2080 2081 return (0); 2082 } 2083 2084 void 2085 upgt_set_led(struct upgt_softc *sc, int action) 2086 { 2087 struct ieee80211com *ic = &sc->sc_ic; 2088 struct upgt_data *data_cmd = &sc->cmd_data; 2089 struct upgt_lmac_mem *mem; 2090 struct upgt_lmac_led *led; 2091 struct timeval t; 2092 int len; 2093 2094 /* 2095 * Transmit the URB containing the CMD data. 2096 */ 2097 bzero(data_cmd->buf, MCLBYTES); 2098 2099 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2100 mem->addr = htole32(sc->sc_memaddr_frame_start + 2101 UPGT_MEMSIZE_FRAME_HEAD); 2102 2103 led = (struct upgt_lmac_led *)(mem + 1); 2104 2105 led->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2106 led->header1.type = UPGT_H1_TYPE_CTRL; 2107 led->header1.len = htole16( 2108 sizeof(struct upgt_lmac_led) - 2109 sizeof(struct upgt_lmac_header)); 2110 2111 led->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2112 led->header2.type = htole16(UPGT_H2_TYPE_LED); 2113 led->header2.flags = 0; 2114 2115 switch (action) { 2116 case UPGT_LED_OFF: 2117 led->mode = htole16(UPGT_LED_MODE_SET); 2118 led->action_fix = 0; 2119 led->action_tmp = htole16(UPGT_LED_ACTION_OFF); 2120 led->action_tmp_dur = 0; 2121 break; 2122 case UPGT_LED_ON: 2123 led->mode = htole16(UPGT_LED_MODE_SET); 2124 led->action_fix = 0; 2125 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2126 led->action_tmp_dur = 0; 2127 break; 2128 case UPGT_LED_BLINK: 2129 if (ic->ic_state != IEEE80211_S_RUN) 2130 return; 2131 if (sc->sc_led_blink) 2132 /* previous blink was not finished */ 2133 return; 2134 led->mode = htole16(UPGT_LED_MODE_SET); 2135 led->action_fix = htole16(UPGT_LED_ACTION_OFF); 2136 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2137 led->action_tmp_dur = htole16(UPGT_LED_ACTION_TMP_DUR); 2138 /* lock blink */ 2139 sc->sc_led_blink = 1; 2140 t.tv_sec = 0; 2141 t.tv_usec = UPGT_LED_ACTION_TMP_DUR * 1000L; 2142 timeout_add(&sc->led_to, tvtohz(&t)); 2143 break; 2144 default: 2145 return; 2146 } 2147 2148 len = sizeof(*mem) + sizeof(*led); 2149 2150 mem->chksum = upgt_chksum_le((uint32_t *)led, 2151 len - sizeof(*mem)); 2152 2153 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2154 printf("%s: could not transmit led CMD URB!\n", 2155 sc->sc_dev.dv_xname); 2156 } 2157 } 2158 2159 void 2160 upgt_set_led_blink(void *arg) 2161 { 2162 struct upgt_softc *sc = arg; 2163 2164 /* blink finished, we are ready for a next one */ 2165 sc->sc_led_blink = 0; 2166 timeout_del(&sc->led_to); 2167 } 2168 2169 int 2170 upgt_get_stats(struct upgt_softc *sc) 2171 { 2172 struct upgt_data *data_cmd = &sc->cmd_data; 2173 struct upgt_lmac_mem *mem; 2174 struct upgt_lmac_stats *stats; 2175 int len; 2176 2177 /* 2178 * Transmit the URB containing the CMD data. 2179 */ 2180 bzero(data_cmd->buf, MCLBYTES); 2181 2182 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2183 mem->addr = htole32(sc->sc_memaddr_frame_start + 2184 UPGT_MEMSIZE_FRAME_HEAD); 2185 2186 stats = (struct upgt_lmac_stats *)(mem + 1); 2187 2188 stats->header1.flags = 0; 2189 stats->header1.type = UPGT_H1_TYPE_CTRL; 2190 stats->header1.len = htole16( 2191 sizeof(struct upgt_lmac_stats) - 2192 sizeof(struct upgt_lmac_header)); 2193 2194 stats->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2195 stats->header2.type = htole16(UPGT_H2_TYPE_STATS); 2196 stats->header2.flags = 0; 2197 2198 len = sizeof(*mem) + sizeof(*stats); 2199 2200 mem->chksum = upgt_chksum_le((uint32_t *)stats, 2201 len - sizeof(*mem)); 2202 2203 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2204 printf("%s: could not transmit statistics CMD data URB!\n", 2205 sc->sc_dev.dv_xname); 2206 return (EIO); 2207 } 2208 2209 return (0); 2210 2211 } 2212 2213 int 2214 upgt_alloc_tx(struct upgt_softc *sc) 2215 { 2216 int i; 2217 2218 sc->tx_queued = 0; 2219 2220 for (i = 0; i < UPGT_TX_COUNT; i++) { 2221 struct upgt_data *data_tx = &sc->tx_data[i]; 2222 2223 data_tx->sc = sc; 2224 2225 data_tx->xfer = usbd_alloc_xfer(sc->sc_udev); 2226 if (data_tx->xfer == NULL) { 2227 printf("%s: could not allocate TX xfer!\n", 2228 sc->sc_dev.dv_xname); 2229 return (ENOMEM); 2230 } 2231 2232 data_tx->buf = usbd_alloc_buffer(data_tx->xfer, MCLBYTES); 2233 if (data_tx->buf == NULL) { 2234 printf("%s: could not allocate TX buffer!\n", 2235 sc->sc_dev.dv_xname); 2236 return (ENOMEM); 2237 } 2238 2239 bzero(data_tx->buf, MCLBYTES); 2240 } 2241 2242 return (0); 2243 } 2244 2245 int 2246 upgt_alloc_rx(struct upgt_softc *sc) 2247 { 2248 struct upgt_data *data_rx = &sc->rx_data; 2249 2250 data_rx->sc = sc; 2251 2252 data_rx->xfer = usbd_alloc_xfer(sc->sc_udev); 2253 if (data_rx->xfer == NULL) { 2254 printf("%s: could not allocate RX xfer!\n", 2255 sc->sc_dev.dv_xname); 2256 return (ENOMEM); 2257 } 2258 2259 data_rx->buf = usbd_alloc_buffer(data_rx->xfer, MCLBYTES); 2260 if (data_rx->buf == NULL) { 2261 printf("%s: could not allocate RX buffer!\n", 2262 sc->sc_dev.dv_xname); 2263 return (ENOMEM); 2264 } 2265 2266 bzero(data_rx->buf, MCLBYTES); 2267 2268 return (0); 2269 } 2270 2271 int 2272 upgt_alloc_cmd(struct upgt_softc *sc) 2273 { 2274 struct upgt_data *data_cmd = &sc->cmd_data; 2275 2276 data_cmd->sc = sc; 2277 2278 data_cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 2279 if (data_cmd->xfer == NULL) { 2280 printf("%s: could not allocate RX xfer!\n", 2281 sc->sc_dev.dv_xname); 2282 return (ENOMEM); 2283 } 2284 2285 data_cmd->buf = usbd_alloc_buffer(data_cmd->xfer, MCLBYTES); 2286 if (data_cmd->buf == NULL) { 2287 printf("%s: could not allocate RX buffer!\n", 2288 sc->sc_dev.dv_xname); 2289 return (ENOMEM); 2290 } 2291 2292 bzero(data_cmd->buf, MCLBYTES); 2293 2294 return (0); 2295 } 2296 2297 void 2298 upgt_free_tx(struct upgt_softc *sc) 2299 { 2300 int i; 2301 2302 for (i = 0; i < UPGT_TX_COUNT; i++) { 2303 struct upgt_data *data_tx = &sc->tx_data[i]; 2304 2305 if (data_tx->xfer != NULL) { 2306 usbd_free_xfer(data_tx->xfer); 2307 data_tx->xfer = NULL; 2308 } 2309 2310 data_tx->ni = NULL; 2311 } 2312 } 2313 2314 void 2315 upgt_free_rx(struct upgt_softc *sc) 2316 { 2317 struct upgt_data *data_rx = &sc->rx_data; 2318 2319 if (data_rx->xfer != NULL) { 2320 usbd_free_xfer(data_rx->xfer); 2321 data_rx->xfer = NULL; 2322 } 2323 2324 data_rx->ni = NULL; 2325 } 2326 2327 void 2328 upgt_free_cmd(struct upgt_softc *sc) 2329 { 2330 struct upgt_data *data_cmd = &sc->cmd_data; 2331 2332 if (data_cmd->xfer != NULL) { 2333 usbd_free_xfer(data_cmd->xfer); 2334 data_cmd->xfer = NULL; 2335 } 2336 } 2337 2338 int 2339 upgt_bulk_xmit(struct upgt_softc *sc, struct upgt_data *data, 2340 usbd_pipe_handle pipeh, uint32_t *size, int flags) 2341 { 2342 usbd_status status; 2343 2344 status = usbd_bulk_transfer(data->xfer, pipeh, 2345 USBD_NO_COPY | flags, UPGT_USB_TIMEOUT, data->buf, size, 2346 "upgt_bulk_xmit"); 2347 if (status != USBD_NORMAL_COMPLETION) { 2348 printf("%s: %s: error %s!\n", 2349 sc->sc_dev.dv_xname, __func__, usbd_errstr(status)); 2350 return (EIO); 2351 } 2352 2353 return (0); 2354 } 2355 2356 void 2357 upgt_hexdump(void *buf, int len) 2358 { 2359 int i; 2360 2361 for (i = 0; i < len; i++) { 2362 if (i % 16 == 0) 2363 printf("%s%5i:", i ? "\n" : "", i); 2364 if (i % 4 == 0) 2365 printf(" "); 2366 printf("%02x", (int)*((u_char *)buf + i)); 2367 } 2368 printf("\n"); 2369 } 2370 2371 uint32_t 2372 upgt_crc32_le(const void *buf, size_t size) 2373 { 2374 uint32_t crc; 2375 2376 crc = ether_crc32_le(buf, size); 2377 2378 /* apply final XOR value as common for CRC-32 */ 2379 crc = htole32(crc ^ 0xffffffffU); 2380 2381 return (crc); 2382 } 2383 2384 /* 2385 * The firmware awaits a checksum for each frame we send to it. 2386 * The algorithm used therefor is uncommon but somehow similar to CRC32. 2387 */ 2388 uint32_t 2389 upgt_chksum_le(const uint32_t *buf, size_t size) 2390 { 2391 int i; 2392 uint32_t crc = 0; 2393 2394 for (i = 0; i < size; i += sizeof(uint32_t)) { 2395 crc = htole32(crc ^ *buf++); 2396 crc = htole32((crc >> 5) ^ (crc << 3)); 2397 } 2398 2399 return (crc); 2400 } 2401