1 /* $OpenBSD: if_otus.c,v 1.49 2015/11/24 13:33:18 mpi Exp $ */
4 * Copyright (c) 2009 Damien Bergamini <damien.bergamini@free.fr>
5 * Copyright (c) 2015 Adrian Chadd <adrian@FreeBSD.org>
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21 * Driver for Atheros AR9001U chipset.
24 #include <sys/cdefs.h>
25 __FBSDID("$FreeBSD$");
29 #include <sys/param.h>
30 #include <sys/endian.h>
31 #include <sys/sockio.h>
33 #include <sys/kernel.h>
34 #include <sys/malloc.h>
35 #include <sys/socket.h>
36 #include <sys/systm.h>
40 #include <sys/firmware.h>
41 #include <sys/module.h>
42 #include <sys/taskqueue.h>
44 #include <machine/bus.h>
45 #include <machine/resource.h>
49 #include <net/if_var.h>
50 #include <net/if_arp.h>
51 #include <net/if_dl.h>
52 #include <net/if_media.h>
54 #include <netinet/in.h>
55 #include <netinet/in_systm.h>
56 #include <netinet/in_var.h>
57 #include <netinet/if_ether.h>
58 #include <netinet/ip.h>
60 #include <net80211/ieee80211_var.h>
61 #include <net80211/ieee80211_regdomain.h>
62 #include <net80211/ieee80211_radiotap.h>
63 #include <net80211/ieee80211_ratectl.h>
64 #ifdef IEEE80211_SUPPORT_SUPERG
65 #include <net80211/ieee80211_superg.h>
68 #include <dev/usb/usb.h>
69 #include <dev/usb/usbdi.h>
72 #define USB_DEBUG_VAR otus_debug
73 #include <dev/usb/usb_debug.h>
75 #include "if_otusreg.h"
77 static int otus_debug = 0;
78 static SYSCTL_NODE(_hw_usb, OID_AUTO, otus, CTLFLAG_RW, 0, "USB otus");
79 SYSCTL_INT(_hw_usb_otus, OID_AUTO, debug, CTLFLAG_RWTUN, &otus_debug, 0,
81 #define OTUS_DEBUG_XMIT 0x00000001
82 #define OTUS_DEBUG_RECV 0x00000002
83 #define OTUS_DEBUG_TXDONE 0x00000004
84 #define OTUS_DEBUG_RXDONE 0x00000008
85 #define OTUS_DEBUG_CMD 0x00000010
86 #define OTUS_DEBUG_CMDDONE 0x00000020
87 #define OTUS_DEBUG_RESET 0x00000040
88 #define OTUS_DEBUG_STATE 0x00000080
89 #define OTUS_DEBUG_CMDNOTIFY 0x00000100
90 #define OTUS_DEBUG_REGIO 0x00000200
91 #define OTUS_DEBUG_IRQ 0x00000400
92 #define OTUS_DEBUG_TXCOMP 0x00000800
93 #define OTUS_DEBUG_RX_BUFFER 0x00001000
94 #define OTUS_DEBUG_ANY 0xffffffff
96 #define OTUS_DPRINTF(sc, dm, ...) \
98 if ((dm == OTUS_DEBUG_ANY) || (dm & otus_debug)) \
99 device_printf(sc->sc_dev, __VA_ARGS__); \
102 #define OTUS_DEV(v, p) { USB_VPI(v, p, 0) }
103 static const STRUCT_USB_HOST_ID otus_devs[] = {
104 OTUS_DEV(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_WN7512),
105 OTUS_DEV(USB_VENDOR_ATHEROS2, USB_PRODUCT_ATHEROS2_3CRUSBN275),
106 OTUS_DEV(USB_VENDOR_ATHEROS2, USB_PRODUCT_ATHEROS2_TG121N),
107 OTUS_DEV(USB_VENDOR_ATHEROS2, USB_PRODUCT_ATHEROS2_AR9170),
108 OTUS_DEV(USB_VENDOR_ATHEROS2, USB_PRODUCT_ATHEROS2_WN612),
109 OTUS_DEV(USB_VENDOR_ATHEROS2, USB_PRODUCT_ATHEROS2_WN821NV2),
110 OTUS_DEV(USB_VENDOR_AVM, USB_PRODUCT_AVM_FRITZWLAN),
111 OTUS_DEV(USB_VENDOR_CACE, USB_PRODUCT_CACE_AIRPCAPNX),
112 OTUS_DEV(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DWA130D1),
113 OTUS_DEV(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DWA160A1),
114 OTUS_DEV(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DWA160A2),
115 OTUS_DEV(USB_VENDOR_IODATA, USB_PRODUCT_IODATA_WNGDNUS2),
116 OTUS_DEV(USB_VENDOR_NEC, USB_PRODUCT_NEC_WL300NUG),
117 OTUS_DEV(USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WN111V2),
118 OTUS_DEV(USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WNA1000),
119 OTUS_DEV(USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WNDA3100),
120 OTUS_DEV(USB_VENDOR_PLANEX2, USB_PRODUCT_PLANEX2_GW_US300),
121 OTUS_DEV(USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_O8494),
122 OTUS_DEV(USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_WNC0600),
123 OTUS_DEV(USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_UB81),
124 OTUS_DEV(USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_UB82),
125 OTUS_DEV(USB_VENDOR_ZYDAS, USB_PRODUCT_ZYDAS_ZD1221),
126 OTUS_DEV(USB_VENDOR_ZYXEL, USB_PRODUCT_ZYXEL_NWD271N),
129 static device_probe_t otus_match;
130 static device_attach_t otus_attach;
131 static device_detach_t otus_detach;
133 static int otus_attachhook(struct otus_softc *);
134 static void otus_getradiocaps(struct ieee80211com *, int, int *,
135 struct ieee80211_channel[]);
136 int otus_load_firmware(struct otus_softc *, const char *,
138 int otus_open_pipes(struct otus_softc *);
139 void otus_close_pipes(struct otus_softc *);
141 static int otus_alloc_tx_cmd_list(struct otus_softc *);
142 static void otus_free_tx_cmd_list(struct otus_softc *);
144 static int otus_alloc_rx_list(struct otus_softc *);
145 static void otus_free_rx_list(struct otus_softc *);
146 static int otus_alloc_tx_list(struct otus_softc *);
147 static void otus_free_tx_list(struct otus_softc *);
148 static void otus_free_list(struct otus_softc *, struct otus_data [], int);
149 static struct otus_data *_otus_getbuf(struct otus_softc *);
150 static struct otus_data *otus_getbuf(struct otus_softc *);
151 static void otus_freebuf(struct otus_softc *, struct otus_data *);
153 static struct otus_tx_cmd *_otus_get_txcmd(struct otus_softc *);
154 static struct otus_tx_cmd *otus_get_txcmd(struct otus_softc *);
155 static void otus_free_txcmd(struct otus_softc *, struct otus_tx_cmd *);
157 void otus_next_scan(void *, int);
158 static void otus_tx_task(void *, int pending);
159 void otus_do_async(struct otus_softc *,
160 void (*)(struct otus_softc *, void *), void *, int);
161 int otus_newstate(struct ieee80211vap *, enum ieee80211_state,
163 int otus_cmd(struct otus_softc *, uint8_t, const void *, int,
165 void otus_write(struct otus_softc *, uint32_t, uint32_t);
166 int otus_write_barrier(struct otus_softc *);
167 static struct ieee80211_node *otus_node_alloc(struct ieee80211vap *vap,
168 const uint8_t mac[IEEE80211_ADDR_LEN]);
169 int otus_read_eeprom(struct otus_softc *);
170 void otus_newassoc(struct ieee80211_node *, int);
171 void otus_cmd_rxeof(struct otus_softc *, uint8_t *, int);
172 void otus_sub_rxeof(struct otus_softc *, uint8_t *, int,
174 static int otus_tx(struct otus_softc *, struct ieee80211_node *,
175 struct mbuf *, struct otus_data *,
176 const struct ieee80211_bpf_params *);
177 int otus_ioctl(struct ifnet *, u_long, caddr_t);
178 int otus_set_multi(struct otus_softc *);
179 static int otus_updateedca(struct ieee80211com *);
180 static void otus_updateedca_locked(struct otus_softc *);
181 static void otus_updateslot(struct otus_softc *);
182 static void otus_set_operating_mode(struct otus_softc *sc);
183 static void otus_set_rx_filter(struct otus_softc *sc);
184 int otus_init_mac(struct otus_softc *);
185 uint32_t otus_phy_get_def(struct otus_softc *, uint32_t);
186 int otus_set_board_values(struct otus_softc *,
187 struct ieee80211_channel *);
188 int otus_program_phy(struct otus_softc *,
189 struct ieee80211_channel *);
190 int otus_set_rf_bank4(struct otus_softc *,
191 struct ieee80211_channel *);
192 void otus_get_delta_slope(uint32_t, uint32_t *, uint32_t *);
193 static int otus_set_chan(struct otus_softc *, struct ieee80211_channel *,
195 int otus_set_key(struct ieee80211com *, struct ieee80211_node *,
196 struct ieee80211_key *);
197 void otus_set_key_cb(struct otus_softc *, void *);
198 void otus_delete_key(struct ieee80211com *, struct ieee80211_node *,
199 struct ieee80211_key *);
200 void otus_delete_key_cb(struct otus_softc *, void *);
201 void otus_calibrate_to(void *, int);
202 int otus_set_bssid(struct otus_softc *, const uint8_t *);
203 int otus_set_macaddr(struct otus_softc *, const uint8_t *);
204 void otus_led_newstate_type1(struct otus_softc *);
205 void otus_led_newstate_type2(struct otus_softc *);
206 void otus_led_newstate_type3(struct otus_softc *);
207 int otus_init(struct otus_softc *sc);
208 void otus_stop(struct otus_softc *sc);
210 static device_method_t otus_methods[] = {
211 DEVMETHOD(device_probe, otus_match),
212 DEVMETHOD(device_attach, otus_attach),
213 DEVMETHOD(device_detach, otus_detach),
218 static driver_t otus_driver = {
220 .methods = otus_methods,
221 .size = sizeof(struct otus_softc)
224 static devclass_t otus_devclass;
226 DRIVER_MODULE(otus, uhub, otus_driver, otus_devclass, NULL, 0);
227 MODULE_DEPEND(otus, wlan, 1, 1, 1);
228 MODULE_DEPEND(otus, usb, 1, 1, 1);
229 MODULE_DEPEND(otus, firmware, 1, 1, 1);
230 MODULE_VERSION(otus, 1);
232 static usb_callback_t otus_bulk_tx_callback;
233 static usb_callback_t otus_bulk_rx_callback;
234 static usb_callback_t otus_bulk_irq_callback;
235 static usb_callback_t otus_bulk_cmd_callback;
237 static const struct usb_config otus_config[OTUS_N_XFER] = {
240 .endpoint = UE_ADDR_ANY,
241 .direction = UE_DIR_OUT,
243 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
244 .callback = otus_bulk_tx_callback,
245 .timeout = 5000, /* ms */
249 .endpoint = UE_ADDR_ANY,
250 .direction = UE_DIR_IN,
251 .bufsize = OTUS_RXBUFSZ,
252 .flags = { .ext_buffer = 1, .pipe_bof = 1,.short_xfer_ok = 1,},
253 .callback = otus_bulk_rx_callback,
256 .type = UE_INTERRUPT,
257 .endpoint = UE_ADDR_ANY,
258 .direction = UE_DIR_IN,
259 .bufsize = OTUS_MAX_CTRLSZ,
260 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
261 .callback = otus_bulk_irq_callback,
264 .type = UE_INTERRUPT,
265 .endpoint = UE_ADDR_ANY,
266 .direction = UE_DIR_OUT,
267 .bufsize = OTUS_MAX_CTRLSZ,
268 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
269 .callback = otus_bulk_cmd_callback,
270 .timeout = 5000, /* ms */
275 otus_match(device_t self)
277 struct usb_attach_arg *uaa = device_get_ivars(self);
279 if (uaa->usb_mode != USB_MODE_HOST ||
280 uaa->info.bIfaceIndex != 0 ||
281 uaa->info.bConfigIndex != 0)
284 return (usbd_lookup_id_by_uaa(otus_devs, sizeof(otus_devs), uaa));
288 otus_attach(device_t self)
290 struct usb_attach_arg *uaa = device_get_ivars(self);
291 struct otus_softc *sc = device_get_softc(self);
295 device_set_usb_desc(self);
296 sc->sc_udev = uaa->device;
299 mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK,
302 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->scan_to, 0, otus_next_scan, sc);
303 TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_to, 0, otus_calibrate_to, sc);
304 TASK_INIT(&sc->tx_task, 0, otus_tx_task, sc);
305 mbufq_init(&sc->sc_snd, ifqmaxlen);
308 error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer,
309 otus_config, OTUS_N_XFER, sc, &sc->sc_mtx);
311 device_printf(sc->sc_dev,
312 "could not allocate USB transfers, err=%s\n",
317 if ((error = otus_open_pipes(sc)) != 0) {
318 device_printf(sc->sc_dev, "%s: could not open pipes\n",
323 /* XXX check return status; fail out if appropriate */
324 if (otus_attachhook(sc) != 0)
330 otus_close_pipes(sc);
332 mtx_destroy(&sc->sc_mtx);
337 otus_detach(device_t self)
339 struct otus_softc *sc = device_get_softc(self);
340 struct ieee80211com *ic = &sc->sc_ic;
344 usbd_transfer_unsetup(sc->sc_xfer, OTUS_N_XFER);
346 taskqueue_drain_timeout(taskqueue_thread, &sc->scan_to);
347 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_to);
348 taskqueue_drain(taskqueue_thread, &sc->tx_task);
350 otus_close_pipes(sc);
352 /* Wait for all queued asynchronous commands to complete. */
353 usb_rem_wait_task(sc->sc_udev, &sc->sc_task);
355 usbd_ref_wait(sc->sc_udev);
358 ieee80211_ifdetach(ic);
359 mtx_destroy(&sc->sc_mtx);
364 otus_delay_ms(struct otus_softc *sc, int ms)
370 static struct ieee80211vap *
371 otus_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
372 enum ieee80211_opmode opmode, int flags,
373 const uint8_t bssid[IEEE80211_ADDR_LEN],
374 const uint8_t mac[IEEE80211_ADDR_LEN])
376 struct otus_vap *uvp;
377 struct ieee80211vap *vap;
379 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
382 uvp = malloc(sizeof(struct otus_vap), M_80211_VAP, M_WAITOK | M_ZERO);
385 if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
386 flags, bssid) != 0) {
388 free(uvp, M_80211_VAP);
392 /* override state transition machine */
393 uvp->newstate = vap->iv_newstate;
394 vap->iv_newstate = otus_newstate;
396 vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_8;
397 vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
399 ieee80211_ratectl_init(vap);
402 ieee80211_vap_attach(vap, ieee80211_media_change,
403 ieee80211_media_status, mac);
404 ic->ic_opmode = opmode;
410 otus_vap_delete(struct ieee80211vap *vap)
412 struct otus_vap *uvp = OTUS_VAP(vap);
414 ieee80211_ratectl_deinit(vap);
415 ieee80211_vap_detach(vap);
416 free(uvp, M_80211_VAP);
420 otus_parent(struct ieee80211com *ic)
422 struct otus_softc *sc = ic->ic_softc;
425 if (ic->ic_nrunning > 0) {
426 if (!sc->sc_running) {
430 (void) otus_set_multi(sc);
432 } else if (sc->sc_running)
436 ieee80211_start_all(ic);
440 otus_drain_mbufq(struct otus_softc *sc)
443 struct ieee80211_node *ni;
445 OTUS_LOCK_ASSERT(sc);
446 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
447 ni = (struct ieee80211_node *) m->m_pkthdr.rcvif;
448 m->m_pkthdr.rcvif = NULL;
449 ieee80211_free_node(ni);
455 otus_tx_start(struct otus_softc *sc)
458 taskqueue_enqueue(taskqueue_thread, &sc->tx_task);
462 otus_transmit(struct ieee80211com *ic, struct mbuf *m)
464 struct otus_softc *sc = ic->ic_softc;
468 if (! sc->sc_running) {
473 /* XXX TODO: handle fragments */
474 error = mbufq_enqueue(&sc->sc_snd, m);
476 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
477 "%s: mbufq_enqueue failed: %d\n",
492 _otus_start(struct otus_softc *sc)
494 struct ieee80211_node *ni;
495 struct otus_data *bf;
498 OTUS_LOCK_ASSERT(sc);
500 while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
501 bf = otus_getbuf(sc);
503 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
504 "%s: failed to get buffer\n", __func__);
505 mbufq_prepend(&sc->sc_snd, m);
509 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
510 m->m_pkthdr.rcvif = NULL;
512 if (otus_tx(sc, ni, m, bf, NULL) != 0) {
513 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
514 "%s: failed to transmit\n", __func__);
515 if_inc_counter(ni->ni_vap->iv_ifp,
516 IFCOUNTER_OERRORS, 1);
517 otus_freebuf(sc, bf);
518 ieee80211_free_node(ni);
526 otus_tx_task(void *arg, int pending)
528 struct otus_softc *sc = arg;
536 otus_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
537 const struct ieee80211_bpf_params *params)
539 struct ieee80211com *ic= ni->ni_ic;
540 struct otus_softc *sc = ic->ic_softc;
541 struct otus_data *bf = NULL;
544 /* Don't transmit if we're not running */
546 if (! sc->sc_running) {
551 bf = otus_getbuf(sc);
557 if (otus_tx(sc, ni, m, bf, params) != 0) {
566 otus_freebuf(sc, bf);
573 otus_update_chw(struct ieee80211com *ic)
576 printf("%s: TODO\n", __func__);
580 otus_set_channel(struct ieee80211com *ic)
582 struct otus_softc *sc = ic->ic_softc;
583 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET, "%s: set channel: %d\n",
585 ic->ic_curchan->ic_freq);
588 (void) otus_set_chan(sc, ic->ic_curchan, 0);
593 otus_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
596 /* For now, no A-MPDU TX support in the driver */
601 otus_scan_start(struct ieee80211com *ic)
604 // printf("%s: TODO\n", __func__);
608 otus_scan_end(struct ieee80211com *ic)
611 // printf("%s: TODO\n", __func__);
615 otus_update_mcast(struct ieee80211com *ic)
617 struct otus_softc *sc = ic->ic_softc;
619 (void) otus_set_multi(sc);
623 otus_attachhook(struct otus_softc *sc)
625 struct ieee80211com *ic = &sc->sc_ic;
626 usb_device_request_t req;
631 error = otus_load_firmware(sc, "otusfw_init", AR_FW_INIT_ADDR);
633 device_printf(sc->sc_dev, "%s: could not load %s firmware\n",
638 /* XXX not locked? */
639 otus_delay_ms(sc, 1000);
642 error = otus_load_firmware(sc, "otusfw_main", AR_FW_MAIN_ADDR);
644 device_printf(sc->sc_dev, "%s: could not load %s firmware\n",
651 /* Tell device that firmware transfer is complete. */
652 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
653 req.bRequest = AR_FW_DOWNLOAD_COMPLETE;
654 USETW(req.wValue, 0);
655 USETW(req.wIndex, 0);
656 USETW(req.wLength, 0);
657 if (usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, &req, NULL,
658 0, NULL, 250) != 0) {
660 device_printf(sc->sc_dev,
661 "%s: firmware initialization failed\n",
666 /* Send an ECHO command to check that everything is settled. */
668 if (otus_cmd(sc, AR_CMD_ECHO, &in, sizeof in, &out, sizeof(out)) != 0) {
670 device_printf(sc->sc_dev,
671 "%s: echo command failed\n", __func__);
676 device_printf(sc->sc_dev,
677 "%s: echo reply mismatch: 0x%08x!=0x%08x\n",
682 /* Read entire EEPROM. */
683 if (otus_read_eeprom(sc) != 0) {
685 device_printf(sc->sc_dev,
686 "%s: could not read EEPROM\n",
693 sc->txmask = sc->eeprom.baseEepHeader.txMask;
694 sc->rxmask = sc->eeprom.baseEepHeader.rxMask;
695 sc->capflags = sc->eeprom.baseEepHeader.opCapFlags;
696 IEEE80211_ADDR_COPY(ic->ic_macaddr, sc->eeprom.baseEepHeader.macAddr);
697 sc->sc_led_newstate = otus_led_newstate_type3; /* XXX */
699 if (sc->txmask == 0x5)
704 if (sc->rxmask == 0x5)
709 device_printf(sc->sc_dev,
710 "MAC/BBP AR9170, RF AR%X, MIMO %dT%dR, address %s\n",
711 (sc->capflags & AR5416_OPFLAGS_11A) ?
712 0x9104 : ((sc->txmask == 0x5) ? 0x9102 : 0x9101),
713 (sc->txmask == 0x5) ? 2 : 1, (sc->rxmask == 0x5) ? 2 : 1,
714 ether_sprintf(ic->ic_macaddr));
717 ic->ic_name = device_get_nameunit(sc->sc_dev);
718 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
719 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
721 /* Set device capabilities. */
723 IEEE80211_C_STA | /* station mode */
725 IEEE80211_C_BGSCAN | /* Background scan. */
727 IEEE80211_C_SHPREAMBLE | /* Short preamble supported. */
728 IEEE80211_C_WME | /* WME/QoS */
729 IEEE80211_C_SHSLOT | /* Short slot time supported. */
730 IEEE80211_C_FF | /* Atheros fast-frames supported. */
731 IEEE80211_C_MONITOR | /* Enable monitor mode */
732 IEEE80211_C_SWAMSDUTX | /* Do software A-MSDU TX */
733 IEEE80211_C_WPA; /* WPA/RSN. */
738 IEEE80211_HTC_AMPDU |
740 IEEE80211_HTC_AMSDU |
741 IEEE80211_HTCAP_MAXAMSDU_3839 |
742 IEEE80211_HTCAP_SMPS_OFF;
744 otus_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
747 ieee80211_ifattach(ic);
748 ic->ic_raw_xmit = otus_raw_xmit;
749 ic->ic_scan_start = otus_scan_start;
750 ic->ic_scan_end = otus_scan_end;
751 ic->ic_set_channel = otus_set_channel;
752 ic->ic_getradiocaps = otus_getradiocaps;
753 ic->ic_vap_create = otus_vap_create;
754 ic->ic_vap_delete = otus_vap_delete;
755 ic->ic_update_mcast = otus_update_mcast;
756 ic->ic_update_promisc = otus_update_mcast;
757 ic->ic_parent = otus_parent;
758 ic->ic_transmit = otus_transmit;
759 ic->ic_update_chw = otus_update_chw;
760 ic->ic_ampdu_enable = otus_ampdu_enable;
761 ic->ic_wme.wme_update = otus_updateedca;
762 ic->ic_newassoc = otus_newassoc;
763 ic->ic_node_alloc = otus_node_alloc;
766 ic->ic_set_key = otus_set_key;
767 ic->ic_delete_key = otus_delete_key;
770 ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr,
771 sizeof(sc->sc_txtap), OTUS_TX_RADIOTAP_PRESENT,
772 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
773 OTUS_RX_RADIOTAP_PRESENT);
779 otus_getradiocaps(struct ieee80211com *ic,
780 int maxchans, int *nchans, struct ieee80211_channel chans[])
782 struct otus_softc *sc = ic->ic_softc;
783 uint8_t bands[IEEE80211_MODE_BYTES];
785 /* Set supported .11b and .11g rates. */
786 memset(bands, 0, sizeof(bands));
787 if (sc->eeprom.baseEepHeader.opCapFlags & AR5416_OPFLAGS_11G) {
788 setbit(bands, IEEE80211_MODE_11B);
789 setbit(bands, IEEE80211_MODE_11G);
790 setbit(bands, IEEE80211_MODE_11NG);
791 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans,
792 ar_chans, 14, bands, 0);
794 if (sc->eeprom.baseEepHeader.opCapFlags & AR5416_OPFLAGS_11A) {
795 setbit(bands, IEEE80211_MODE_11A);
796 setbit(bands, IEEE80211_MODE_11NA);
797 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
798 &ar_chans[14], nitems(ar_chans) - 14, bands, 0);
803 otus_load_firmware(struct otus_softc *sc, const char *name, uint32_t addr)
805 usb_device_request_t req;
807 const struct firmware *fw;
808 int mlen, error, size;
812 /* Read firmware image from the filesystem. */
813 if ((fw = firmware_get(name)) == NULL) {
814 device_printf(sc->sc_dev,
815 "%s: failed loadfirmware of file %s\n", __func__, name);
818 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
819 req.bRequest = AR_FW_DOWNLOAD;
820 USETW(req.wIndex, 0);
825 ptr = __DECONST(char *, fw->data);
829 mlen = MIN(size, 4096);
831 USETW(req.wValue, addr);
832 USETW(req.wLength, mlen);
833 if (usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
834 &req, ptr, 0, NULL, 250) != 0) {
845 firmware_put(fw, FIRMWARE_UNLOAD);
847 device_printf(sc->sc_dev,
848 "%s: %s: error=%d\n", __func__, name, error);
853 otus_open_pipes(struct otus_softc *sc)
861 OTUS_UNLOCK_ASSERT(sc);
863 if ((error = otus_alloc_tx_cmd_list(sc)) != 0) {
864 device_printf(sc->sc_dev,
865 "%s: could not allocate command xfer\n",
870 if ((error = otus_alloc_tx_list(sc)) != 0) {
871 device_printf(sc->sc_dev, "%s: could not allocate Tx xfers\n",
876 if ((error = otus_alloc_rx_list(sc)) != 0) {
877 device_printf(sc->sc_dev, "%s: could not allocate Rx xfers\n",
882 /* Enable RX transfers; needed for initial firmware messages */
884 usbd_transfer_start(sc->sc_xfer[OTUS_BULK_RX]);
885 usbd_transfer_start(sc->sc_xfer[OTUS_BULK_IRQ]);
889 fail: otus_close_pipes(sc);
894 otus_close_pipes(struct otus_softc *sc)
898 otus_free_tx_cmd_list(sc);
899 otus_free_tx_list(sc);
900 otus_free_rx_list(sc);
903 usbd_transfer_unsetup(sc->sc_xfer, OTUS_N_XFER);
907 otus_free_cmd_list(struct otus_softc *sc, struct otus_tx_cmd cmd[], int ndata)
911 /* XXX TODO: someone has to have waken up waiters! */
912 for (i = 0; i < ndata; i++) {
913 struct otus_tx_cmd *dp = &cmd[i];
915 if (dp->buf != NULL) {
916 free(dp->buf, M_USBDEV);
923 otus_alloc_cmd_list(struct otus_softc *sc, struct otus_tx_cmd cmd[],
924 int ndata, int maxsz)
928 for (i = 0; i < ndata; i++) {
929 struct otus_tx_cmd *dp = &cmd[i];
930 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT | M_ZERO);
932 if (dp->buf == NULL) {
933 device_printf(sc->sc_dev,
934 "could not allocate buffer\n");
942 otus_free_cmd_list(sc, cmd, ndata);
947 otus_alloc_tx_cmd_list(struct otus_softc *sc)
951 error = otus_alloc_cmd_list(sc, sc->sc_cmd, OTUS_CMD_LIST_COUNT,
956 STAILQ_INIT(&sc->sc_cmd_active);
957 STAILQ_INIT(&sc->sc_cmd_inactive);
958 STAILQ_INIT(&sc->sc_cmd_pending);
959 STAILQ_INIT(&sc->sc_cmd_waiting);
961 for (i = 0; i < OTUS_CMD_LIST_COUNT; i++)
962 STAILQ_INSERT_HEAD(&sc->sc_cmd_inactive, &sc->sc_cmd[i],
969 otus_free_tx_cmd_list(struct otus_softc *sc)
973 * XXX TODO: something needs to wake up any pending/sleeping
976 STAILQ_INIT(&sc->sc_cmd_active);
977 STAILQ_INIT(&sc->sc_cmd_inactive);
978 STAILQ_INIT(&sc->sc_cmd_pending);
979 STAILQ_INIT(&sc->sc_cmd_waiting);
981 otus_free_cmd_list(sc, sc->sc_cmd, OTUS_CMD_LIST_COUNT);
985 otus_alloc_list(struct otus_softc *sc, struct otus_data data[],
986 int ndata, int maxsz)
990 for (i = 0; i < ndata; i++) {
991 struct otus_data *dp = &data[i];
994 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT | M_ZERO);
995 if (dp->buf == NULL) {
996 device_printf(sc->sc_dev,
997 "could not allocate buffer\n");
1006 otus_free_list(sc, data, ndata);
1011 otus_alloc_rx_list(struct otus_softc *sc)
1015 error = otus_alloc_list(sc, sc->sc_rx, OTUS_RX_LIST_COUNT,
1020 STAILQ_INIT(&sc->sc_rx_active);
1021 STAILQ_INIT(&sc->sc_rx_inactive);
1023 for (i = 0; i < OTUS_RX_LIST_COUNT; i++)
1024 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
1030 otus_alloc_tx_list(struct otus_softc *sc)
1034 error = otus_alloc_list(sc, sc->sc_tx, OTUS_TX_LIST_COUNT,
1039 STAILQ_INIT(&sc->sc_tx_inactive);
1041 for (i = 0; i != OTUS_N_XFER; i++) {
1042 STAILQ_INIT(&sc->sc_tx_active[i]);
1043 STAILQ_INIT(&sc->sc_tx_pending[i]);
1046 for (i = 0; i < OTUS_TX_LIST_COUNT; i++) {
1047 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
1054 otus_free_tx_list(struct otus_softc *sc)
1058 /* prevent further allocations from TX list(s) */
1059 STAILQ_INIT(&sc->sc_tx_inactive);
1061 for (i = 0; i != OTUS_N_XFER; i++) {
1062 STAILQ_INIT(&sc->sc_tx_active[i]);
1063 STAILQ_INIT(&sc->sc_tx_pending[i]);
1066 otus_free_list(sc, sc->sc_tx, OTUS_TX_LIST_COUNT);
1070 otus_free_rx_list(struct otus_softc *sc)
1072 /* prevent further allocations from RX list(s) */
1073 STAILQ_INIT(&sc->sc_rx_inactive);
1074 STAILQ_INIT(&sc->sc_rx_active);
1076 otus_free_list(sc, sc->sc_rx, OTUS_RX_LIST_COUNT);
1080 otus_free_list(struct otus_softc *sc, struct otus_data data[], int ndata)
1084 for (i = 0; i < ndata; i++) {
1085 struct otus_data *dp = &data[i];
1087 if (dp->buf != NULL) {
1088 free(dp->buf, M_USBDEV);
1091 if (dp->ni != NULL) {
1092 ieee80211_free_node(dp->ni);
1098 static struct otus_data *
1099 _otus_getbuf(struct otus_softc *sc)
1101 struct otus_data *bf;
1103 bf = STAILQ_FIRST(&sc->sc_tx_inactive);
1105 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
1112 static struct otus_data *
1113 otus_getbuf(struct otus_softc *sc)
1115 struct otus_data *bf;
1117 OTUS_LOCK_ASSERT(sc);
1119 bf = _otus_getbuf(sc);
1124 otus_freebuf(struct otus_softc *sc, struct otus_data *bf)
1127 OTUS_LOCK_ASSERT(sc);
1128 STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next);
1131 static struct otus_tx_cmd *
1132 _otus_get_txcmd(struct otus_softc *sc)
1134 struct otus_tx_cmd *bf;
1136 bf = STAILQ_FIRST(&sc->sc_cmd_inactive);
1138 STAILQ_REMOVE_HEAD(&sc->sc_cmd_inactive, next_cmd);
1144 static struct otus_tx_cmd *
1145 otus_get_txcmd(struct otus_softc *sc)
1147 struct otus_tx_cmd *bf;
1149 OTUS_LOCK_ASSERT(sc);
1151 bf = _otus_get_txcmd(sc);
1153 device_printf(sc->sc_dev, "%s: no tx cmd buffers\n",
1160 otus_free_txcmd(struct otus_softc *sc, struct otus_tx_cmd *bf)
1163 OTUS_LOCK_ASSERT(sc);
1164 STAILQ_INSERT_TAIL(&sc->sc_cmd_inactive, bf, next_cmd);
1168 otus_next_scan(void *arg, int pending)
1171 struct otus_softc *sc = arg;
1173 if (usbd_is_dying(sc->sc_udev))
1176 usbd_ref_incr(sc->sc_udev);
1178 if (sc->sc_ic.ic_state == IEEE80211_S_SCAN)
1179 ieee80211_next_scan(&sc->sc_ic.ic_if);
1181 usbd_ref_decr(sc->sc_udev);
1186 otus_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1188 struct otus_vap *uvp = OTUS_VAP(vap);
1189 struct ieee80211com *ic = vap->iv_ic;
1190 struct otus_softc *sc = ic->ic_softc;
1191 enum ieee80211_state ostate;
1193 ostate = vap->iv_state;
1194 OTUS_DPRINTF(sc, OTUS_DEBUG_STATE, "%s: %s -> %s\n", __func__,
1195 ieee80211_state_name[ostate],
1196 ieee80211_state_name[nstate]);
1198 IEEE80211_UNLOCK(ic);
1202 /* XXX TODO: more fleshing out! */
1205 case IEEE80211_S_INIT:
1206 otus_set_operating_mode(sc);
1207 otus_set_rx_filter(sc);
1209 case IEEE80211_S_RUN:
1210 if (ic->ic_opmode == IEEE80211_M_STA) {
1211 otus_updateslot(sc);
1212 otus_set_operating_mode(sc);
1213 otus_set_rx_filter(sc);
1215 /* Start calibration timer. */
1216 taskqueue_enqueue_timeout(taskqueue_thread,
1224 /* XXX TODO: calibration? */
1226 sc->sc_led_newstate(sc);
1230 return (uvp->newstate(vap, nstate, arg));
1234 otus_cmd(struct otus_softc *sc, uint8_t code, const void *idata, int ilen,
1235 void *odata, int odatalen)
1237 struct otus_tx_cmd *cmd;
1238 struct ar_cmd_hdr *hdr;
1241 OTUS_LOCK_ASSERT(sc);
1243 /* Always bulk-out a multiple of 4 bytes. */
1244 xferlen = (sizeof (*hdr) + ilen + 3) & ~3;
1245 if (xferlen > OTUS_MAX_TXCMDSZ) {
1246 device_printf(sc->sc_dev, "%s: command (0x%02x) size (%d) > %d\n",
1254 cmd = otus_get_txcmd(sc);
1256 device_printf(sc->sc_dev, "%s: failed to get buf\n",
1261 hdr = (struct ar_cmd_hdr *)cmd->buf;
1264 hdr->token = ++sc->token; /* Don't care about endianness. */
1265 cmd->token = hdr->token;
1266 /* XXX TODO: check max cmd length? */
1267 memcpy((uint8_t *)&hdr[1], idata, ilen);
1269 OTUS_DPRINTF(sc, OTUS_DEBUG_CMD,
1270 "%s: sending command code=0x%02x len=%d token=%d\n",
1271 __func__, code, ilen, hdr->token);
1274 cmd->odatalen = odatalen;
1275 cmd->buflen = xferlen;
1277 /* Queue the command to the endpoint */
1278 STAILQ_INSERT_TAIL(&sc->sc_cmd_pending, cmd, next_cmd);
1279 usbd_transfer_start(sc->sc_xfer[OTUS_BULK_CMD]);
1281 /* Sleep on the command; wait for it to complete */
1282 error = msleep(cmd, &sc->sc_mtx, PCATCH, "otuscmd", hz);
1285 * At this point we don't own cmd any longer; it'll be
1286 * freed by the cmd bulk path or the RX notification
1287 * path. If the data is made available then it'll be copied
1288 * to the caller. All that is left to do is communicate
1289 * status back to the caller.
1292 device_printf(sc->sc_dev,
1293 "%s: timeout waiting for command 0x%02x reply\n",
1300 otus_write(struct otus_softc *sc, uint32_t reg, uint32_t val)
1303 OTUS_LOCK_ASSERT(sc);
1305 sc->write_buf[sc->write_idx].reg = htole32(reg);
1306 sc->write_buf[sc->write_idx].val = htole32(val);
1308 if (++sc->write_idx > (AR_MAX_WRITE_IDX-1))
1309 (void)otus_write_barrier(sc);
1313 otus_write_barrier(struct otus_softc *sc)
1317 OTUS_LOCK_ASSERT(sc);
1319 if (sc->write_idx == 0)
1320 return 0; /* Nothing to flush. */
1322 OTUS_DPRINTF(sc, OTUS_DEBUG_REGIO, "%s: called; %d updates\n",
1326 error = otus_cmd(sc, AR_CMD_WREG, sc->write_buf,
1327 sizeof (sc->write_buf[0]) * sc->write_idx, NULL, 0);
1332 static struct ieee80211_node *
1333 otus_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1336 return malloc(sizeof (struct otus_node), M_80211_NODE,
1341 otus_read_eeprom(struct otus_softc *sc)
1343 uint32_t regs[8], reg;
1347 OTUS_LOCK_ASSERT(sc);
1349 /* Read EEPROM by blocks of 32 bytes. */
1350 eep = (uint8_t *)&sc->eeprom;
1351 reg = AR_EEPROM_OFFSET;
1352 for (i = 0; i < sizeof (sc->eeprom) / 32; i++) {
1353 for (j = 0; j < 8; j++, reg += 4)
1354 regs[j] = htole32(reg);
1355 error = otus_cmd(sc, AR_CMD_RREG, regs, sizeof regs, eep, 32);
1364 otus_newassoc(struct ieee80211_node *ni, int isnew)
1366 struct ieee80211com *ic = ni->ni_ic;
1367 struct otus_softc *sc = ic->ic_softc;
1368 struct otus_node *on = OTUS_NODE(ni);
1370 OTUS_DPRINTF(sc, OTUS_DEBUG_STATE, "new assoc isnew=%d addr=%s\n",
1371 isnew, ether_sprintf(ni->ni_macaddr));
1379 otus_cmd_handle_response(struct otus_softc *sc, struct ar_cmd_hdr *hdr)
1381 struct otus_tx_cmd *cmd;
1383 OTUS_LOCK_ASSERT(sc);
1385 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
1386 "%s: received reply code=0x%02x len=%d token=%d\n",
1388 hdr->code, hdr->len, hdr->token);
1391 * Walk the list, freeing items that aren't ours,
1392 * stopping when we hit our token.
1394 while ((cmd = STAILQ_FIRST(&sc->sc_cmd_waiting)) != NULL) {
1395 STAILQ_REMOVE_HEAD(&sc->sc_cmd_waiting, next_cmd);
1396 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
1397 "%s: cmd=%p; hdr.token=%d, cmd.token=%d\n",
1402 if (hdr->token == cmd->token) {
1403 /* Copy answer into caller's supplied buffer. */
1404 if (cmd->odata != NULL) {
1405 if (hdr->len != cmd->odatalen) {
1406 device_printf(sc->sc_dev,
1407 "%s: code 0x%02x, len=%d, olen=%d\n",
1411 (int) cmd->odatalen);
1413 memcpy(cmd->odata, &hdr[1],
1414 MIN(cmd->odatalen, hdr->len));
1419 STAILQ_INSERT_TAIL(&sc->sc_cmd_inactive, cmd, next_cmd);
1424 otus_cmd_rxeof(struct otus_softc *sc, uint8_t *buf, int len)
1426 struct ieee80211com *ic = &sc->sc_ic;
1427 struct ar_cmd_hdr *hdr;
1429 OTUS_LOCK_ASSERT(sc);
1431 if (__predict_false(len < sizeof (*hdr))) {
1432 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
1433 "cmd too small %d\n", len);
1436 hdr = (struct ar_cmd_hdr *)buf;
1437 if (__predict_false(sizeof (*hdr) + hdr->len > len ||
1438 sizeof (*hdr) + hdr->len > 64)) {
1439 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
1440 "cmd too large %d\n", hdr->len);
1444 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1450 * This has to reach into the cmd queue "waiting for
1451 * an RX response" list, grab the head entry and check
1452 * if we need to wake anyone up.
1454 if ((hdr->code & 0xc0) != 0xc0) {
1455 otus_cmd_handle_response(sc, hdr);
1459 /* Received unsolicited notification. */
1460 switch (hdr->code & 0x3f) {
1463 case AR_EVT_TX_COMP:
1465 struct ar_evt_tx_comp *tx = (struct ar_evt_tx_comp *)&hdr[1];
1466 struct ieee80211_node *ni;
1468 ni = ieee80211_find_node(&ic->ic_sta, tx->macaddr);
1470 device_printf(sc->sc_dev,
1471 "%s: txcomp on unknown node (%s)\n",
1473 ether_sprintf(tx->macaddr));
1477 OTUS_DPRINTF(sc, OTUS_DEBUG_TXCOMP,
1478 "tx completed %s status=%d phy=0x%x\n",
1479 ether_sprintf(tx->macaddr), le16toh(tx->status),
1482 switch (le16toh(tx->status)) {
1483 case AR_TX_STATUS_COMP:
1486 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
1487 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
1490 * We don't get the above; only error notifications.
1491 * Sigh. So, don't worry about this.
1494 case AR_TX_STATUS_RETRY_COMP:
1495 OTUS_NODE(ni)->tx_retries++;
1497 case AR_TX_STATUS_FAILED:
1498 OTUS_NODE(ni)->tx_err++;
1501 ieee80211_free_node(ni);
1506 case AR_EVT_DO_BB_RESET:
1508 * This is "tell driver to reset baseband" from ar9170-fw.
1510 * I'm not sure what we should do here, so I'm going to
1511 * fall through; it gets generated when RTSRetryCnt internally
1512 * reaches '5' - I guess the firmware authors thought that
1513 * meant that the BB may have gone deaf or something.
1516 device_printf(sc->sc_dev,
1517 "%s: received notification code=0x%02x len=%d\n",
1519 hdr->code, hdr->len);
1524 * Handle a single MPDU.
1526 * This may be a single MPDU, or it may be a sub-frame from an A-MPDU.
1527 * In the latter case some of the header details need to be adjusted.
1530 otus_sub_rxeof(struct otus_softc *sc, uint8_t *buf, int len, struct mbufq *rxq)
1532 struct ieee80211com *ic = &sc->sc_ic;
1533 struct ieee80211_rx_stats rxs;
1535 struct ieee80211_node *ni;
1537 struct ar_rx_macstatus *mac_status = NULL;
1538 struct ar_rx_phystatus *phy_status = NULL;
1539 struct ieee80211_frame *wh;
1544 if (otus_debug & OTUS_DEBUG_RX_BUFFER) {
1545 device_printf(sc->sc_dev, "%s: %*D\n",
1546 __func__, len, buf, "-");
1550 * Before any data path stuff - check to see if this is a command
1553 * All bits in the PLCP header are set to 1 for non-MPDU.
1555 if ((len >= AR_PLCP_HDR_LEN) &&
1556 memcmp(buf, AR_PLCP_HDR_INTR, AR_PLCP_HDR_LEN) == 0) {
1557 otus_cmd_rxeof(sc, buf + AR_PLCP_HDR_LEN,
1558 len - AR_PLCP_HDR_LEN);
1563 * First step - get the status for the given frame.
1564 * This will tell us whether it's a single MPDU or
1565 * an A-MPDU subframe.
1567 if (len < sizeof(*mac_status)) {
1568 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1569 "%s: sub-xfer too short (no mac_status) (len %d)\n",
1571 counter_u64_add(ic->ic_ierrors, 1);
1575 * Remove the mac_status from the payload length.
1577 * Note: cheating, don't reallocate the buffer!
1579 mac_status = (struct ar_rx_macstatus *)(buf + len - sizeof(*mac_status));
1580 len -= sizeof(*mac_status);
1582 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "%s: mac status=0x%x\n",
1583 __func__, mac_status->status);
1586 * Next - check the MAC status before doing anything else.
1587 * Extract out the PLCP header for single and first frames;
1588 * since there's a single RX path we can shove PLCP headers
1589 * from both into sc->ar_last_rx_plcp[] so it can be reused.
1591 if (((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_SINGLE) ||
1592 ((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_FIRST)) {
1594 * Ok, we need to at least have a PLCP header at
1597 if (len < AR_PLCP_HDR_LEN) {
1598 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1599 "%s sub-xfer too short (no mac+plcp) (len %d\n)",
1601 counter_u64_add(ic->ic_ierrors, 1);
1604 memcpy(sc->ar_last_rx_plcp, buf, AR_PLCP_HDR_LEN);
1607 * At this point we can just consume the PLCP header.
1608 * The beginning of the frame should thus be data.
1610 buf += AR_PLCP_HDR_LEN;
1611 len -= AR_PLCP_HDR_LEN;
1615 * Next - see if we have a PHY status.
1617 * The PHY status is at the end of the final A-MPDU subframe
1618 * or a single MPDU frame.
1620 * We'll use this to tag frames with noise floor / RSSI
1621 * if they have valid information.
1623 if (((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_SINGLE) ||
1624 ((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_LAST)) {
1625 if (len < sizeof(*phy_status)) {
1626 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1627 "%s sub-xfer too short (no phy status) (len %d\n)",
1629 counter_u64_add(ic->ic_ierrors, 1);
1633 * Take a pointer to the phy status and remove the length
1634 * from the end of the buffer.
1636 * Note: we're cheating here; don't reallocate the buffer!
1638 phy_status = (struct ar_rx_phystatus *)
1639 (buf + len - sizeof(*phy_status));
1640 len -= sizeof(*phy_status);
1644 * Middle frames just have a MAC status (stripped above.)
1645 * No PHY status, and PLCP is from ar_last_rx_plcp.
1649 * Discard error frames; don't discard BAD_RA (eg monitor mode);
1650 * let net80211 do that
1652 if (__predict_false((mac_status->error & ~AR_RX_ERROR_BAD_RA) != 0)) {
1653 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "error frame 0x%02x\n", mac_status->error);
1654 if (mac_status->error & AR_RX_ERROR_FCS) {
1655 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "bad FCS\n");
1656 } else if (mac_status->error & AR_RX_ERROR_MMIC) {
1657 /* Report Michael MIC failures to net80211. */
1659 ieee80211_notify_michael_failure(ni->ni_vap, wh, keyidx);
1661 device_printf(sc->sc_dev, "%s: MIC failure\n", __func__);
1663 counter_u64_add(ic->ic_ierrors, 1);
1668 * Make sure there's room for an 802.11 header + FCS.
1670 * Note: a CTS/ACK is 14 bytes (FC, DUR, RA, FCS).
1671 * Making it IEEE80211_MIN_LEN misses CTS/ACKs.
1673 * This won't be tossed at this point; eventually once
1674 * rx radiotap is implemented this will allow for
1675 * CTS/ACK frames. Passing them up to net80211 will
1676 * currently make it angry (too short packets.)
1678 if (len < 2 + 2 + IEEE80211_ADDR_LEN + IEEE80211_CRC_LEN) {
1679 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1680 "%s: too short for 802.11 (len %d)\n",
1682 counter_u64_add(ic->ic_ierrors, 1);
1686 len -= IEEE80211_CRC_LEN; /* strip 802.11 FCS */
1687 wh = (struct ieee80211_frame *) buf;
1690 * The firmware does seem to spit out a bunch of frames
1691 * with invalid frame control values here. Just toss them
1692 * rather than letting net80211 get angry and log.
1694 if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
1695 IEEE80211_FC0_VERSION_0) {
1696 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1697 "%s: invalid 802.11 fc version (firmware bug?)\n",
1699 counter_u64_add(ic->ic_ierrors, 1);
1703 m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR);
1705 device_printf(sc->sc_dev, "%s: failed m_get2() (len=%d)\n",
1707 counter_u64_add(ic->ic_ierrors, 1);
1711 /* Finalize mbuf. */
1712 memcpy(mtod(m, uint8_t *), wh, len);
1713 m->m_pkthdr.len = m->m_len = len;
1715 /* XXX TODO: add setting rx radiotap fields here */
1718 * Ok, check the frame length and toss if it's too short
1719 * for net80211. This will toss ACK/CTS.
1721 if (m->m_len < IEEE80211_MIN_LEN) {
1722 /* XXX TODO: add radiotap receive here */
1723 m_free(m); m = NULL;
1727 /* Add RSSI to this mbuf if we have a PHY header */
1728 bzero(&rxs, sizeof(rxs));
1729 rxs.r_flags = IEEE80211_R_NF;
1730 rxs.c_nf = sc->sc_nf[0]; /* XXX chain 0 != combined rssi/nf */
1731 if (phy_status != NULL) {
1732 rxs.r_flags |= IEEE80211_R_RSSI;
1733 rxs.c_rssi = phy_status->rssi;
1735 /* XXX TODO: add MIMO RSSI/NF as well */
1736 if (ieee80211_add_rx_params(m, &rxs) == 0) {
1737 counter_u64_add(ic->ic_ierrors, 1);
1741 /* XXX make a method */
1742 STAILQ_INSERT_TAIL(&rxq->mq_head, m, m_stailqpkt);
1746 ni = ieee80211_find_rxnode(ic, wh);
1748 rxi.rxi_rssi = tail->rssi;
1749 rxi.rxi_tstamp = 0; /* unused */
1750 ieee80211_input(ifp, m, ni, &rxi);
1752 /* Node is no longer needed. */
1753 ieee80211_release_node(ic, ni);
1759 otus_rxeof(struct usb_xfer *xfer, struct otus_data *data, struct mbufq *rxq)
1761 struct otus_softc *sc = usbd_xfer_softc(xfer);
1762 caddr_t buf = data->buf;
1763 struct ar_rx_head *head;
1765 int len, offset = 0;
1767 usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
1769 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1770 "%s: transfer completed; len=%d\n",
1772 if (otus_debug & OTUS_DEBUG_RX_BUFFER) {
1773 device_printf(sc->sc_dev, "%s: %*D\n",
1774 __func__, len, buf, "-");
1777 while (len >= sizeof (*head)) {
1778 head = (struct ar_rx_head *)buf;
1779 if (__predict_false(head->tag != htole16(AR_RX_HEAD_TAG))) {
1780 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1781 "tag not valid 0x%x\n", le16toh(head->tag));
1784 hlen = le16toh(head->len);
1785 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "%s: hlen=%d\n",
1787 if (__predict_false(sizeof (*head) + hlen > len)) {
1788 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1789 "xfer too short %d/%d\n", len, hlen);
1792 /* Process sub-xfer. */
1793 otus_sub_rxeof(sc, (uint8_t *) (((uint8_t *) buf) + 4), hlen, rxq);
1795 /* Next sub-xfer is aligned on a 32-bit boundary. */
1796 hlen = (sizeof (*head) + hlen + 3) & ~3;
1798 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
1799 "%s: rounded size is %d, next packet starts at %d\n",
1800 __func__, hlen, offset);
1804 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "%s: done!\n", __func__);
1808 otus_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
1810 struct otus_softc *sc = usbd_xfer_softc(xfer);
1811 struct ieee80211com *ic = &sc->sc_ic;
1812 struct ieee80211_frame *wh;
1813 struct ieee80211_node *ni;
1816 struct otus_data *data;
1818 OTUS_LOCK_ASSERT(sc);
1820 mbufq_init(&scrx, 1024);
1823 device_printf(sc->sc_dev, "%s: called; state=%d; error=%d\n",
1825 USB_GET_STATE(xfer),
1829 switch (USB_GET_STATE(xfer)) {
1830 case USB_ST_TRANSFERRED:
1831 data = STAILQ_FIRST(&sc->sc_rx_active);
1834 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1835 otus_rxeof(xfer, data, &scrx);
1836 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1841 * XXX TODO: what if sc_rx isn't empty, but data
1842 * is empty? Then we leak mbufs.
1844 data = STAILQ_FIRST(&sc->sc_rx_inactive);
1846 //KASSERT(m == NULL, ("mbuf isn't NULL"));
1849 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
1850 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
1851 usbd_xfer_set_frame_data(xfer, 0, data->buf,
1852 usbd_xfer_max_len(xfer));
1853 usbd_transfer_submit(xfer);
1855 * To avoid LOR we should unlock our private mutex here to call
1856 * ieee80211_input() because here is at the end of a USB
1857 * callback and safe to unlock.
1860 while ((m = mbufq_dequeue(&scrx)) != NULL) {
1861 wh = mtod(m, struct ieee80211_frame *);
1862 ni = ieee80211_find_rxnode(ic,
1863 (struct ieee80211_frame_min *)wh);
1865 if (ni->ni_flags & IEEE80211_NODE_HT)
1866 m->m_flags |= M_AMPDU;
1867 (void)ieee80211_input_mimo(ni, m);
1868 ieee80211_free_node(ni);
1870 (void)ieee80211_input_mimo_all(ic, m);
1872 #ifdef IEEE80211_SUPPORT_SUPERG
1873 ieee80211_ff_age_all(ic, 100);
1878 /* needs it to the inactive queue due to a error. */
1879 data = STAILQ_FIRST(&sc->sc_rx_active);
1881 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
1882 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
1884 if (error != USB_ERR_CANCELLED) {
1885 usbd_xfer_set_stall(xfer);
1886 counter_u64_add(ic->ic_ierrors, 1);
1894 otus_txeof(struct usb_xfer *xfer, struct otus_data *data)
1896 struct otus_softc *sc = usbd_xfer_softc(xfer);
1898 OTUS_DPRINTF(sc, OTUS_DEBUG_TXDONE,
1899 "%s: called; data=%p\n", __func__, data);
1901 OTUS_LOCK_ASSERT(sc);
1903 if (sc->sc_tx_n_active == 0) {
1904 device_printf(sc->sc_dev,
1905 "%s: completed but tx_active=0\n",
1908 sc->sc_tx_n_active--;
1913 /* XXX we get TX status via the RX path.. */
1914 ieee80211_tx_complete(data->ni, data->m, 0);
1921 otus_txcmdeof(struct usb_xfer *xfer, struct otus_tx_cmd *cmd)
1923 struct otus_softc *sc = usbd_xfer_softc(xfer);
1925 OTUS_LOCK_ASSERT(sc);
1927 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
1928 "%s: called; data=%p; odata=%p\n",
1929 __func__, cmd, cmd->odata);
1932 * Non-response commands still need wakeup so the caller
1933 * knows it was submitted and completed OK; response commands should
1934 * wait until they're ACKed by the firmware with a response.
1937 STAILQ_INSERT_TAIL(&sc->sc_cmd_waiting, cmd, next_cmd);
1940 otus_free_txcmd(sc, cmd);
1945 otus_bulk_tx_callback(struct usb_xfer *xfer, usb_error_t error)
1947 uint8_t which = OTUS_BULK_TX;
1948 struct otus_softc *sc = usbd_xfer_softc(xfer);
1949 struct ieee80211com *ic = &sc->sc_ic;
1950 struct otus_data *data;
1952 OTUS_LOCK_ASSERT(sc);
1954 switch (USB_GET_STATE(xfer)) {
1955 case USB_ST_TRANSFERRED:
1956 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
1959 OTUS_DPRINTF(sc, OTUS_DEBUG_TXDONE,
1960 "%s: transfer done %p\n", __func__, data);
1961 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
1962 otus_txeof(xfer, data);
1963 otus_freebuf(sc, data);
1967 data = STAILQ_FIRST(&sc->sc_tx_pending[which]);
1969 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
1970 "%s: empty pending queue sc %p\n", __func__, sc);
1971 sc->sc_tx_n_active = 0;
1974 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next);
1975 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next);
1976 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
1977 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
1978 "%s: submitting transfer %p\n", __func__, data);
1979 usbd_transfer_submit(xfer);
1980 sc->sc_tx_n_active++;
1983 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
1985 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
1986 otus_txeof(xfer, data);
1987 otus_freebuf(sc, data);
1989 counter_u64_add(ic->ic_oerrors, 1);
1991 if (error != USB_ERR_CANCELLED) {
1992 usbd_xfer_set_stall(xfer);
1999 #ifdef IEEE80211_SUPPORT_SUPERG
2001 * If the TX active queue drops below a certain
2002 * threshold, ensure we age fast-frames out so they're
2005 if (sc->sc_tx_n_active < 2) {
2006 /* XXX ew - net80211 should defer this for us! */
2008 ieee80211_ff_flush(ic, WME_AC_VO);
2009 ieee80211_ff_flush(ic, WME_AC_VI);
2010 ieee80211_ff_flush(ic, WME_AC_BE);
2011 ieee80211_ff_flush(ic, WME_AC_BK);
2020 otus_bulk_cmd_callback(struct usb_xfer *xfer, usb_error_t error)
2022 struct otus_softc *sc = usbd_xfer_softc(xfer);
2024 struct ieee80211com *ic = &sc->sc_ic;
2026 struct otus_tx_cmd *cmd;
2028 OTUS_LOCK_ASSERT(sc);
2030 switch (USB_GET_STATE(xfer)) {
2031 case USB_ST_TRANSFERRED:
2032 cmd = STAILQ_FIRST(&sc->sc_cmd_active);
2035 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
2036 "%s: transfer done %p\n", __func__, cmd);
2037 STAILQ_REMOVE_HEAD(&sc->sc_cmd_active, next_cmd);
2038 otus_txcmdeof(xfer, cmd);
2042 cmd = STAILQ_FIRST(&sc->sc_cmd_pending);
2044 OTUS_DPRINTF(sc, OTUS_DEBUG_CMD,
2045 "%s: empty pending queue sc %p\n", __func__, sc);
2048 STAILQ_REMOVE_HEAD(&sc->sc_cmd_pending, next_cmd);
2049 STAILQ_INSERT_TAIL(&sc->sc_cmd_active, cmd, next_cmd);
2050 usbd_xfer_set_frame_data(xfer, 0, cmd->buf, cmd->buflen);
2051 OTUS_DPRINTF(sc, OTUS_DEBUG_CMD,
2052 "%s: submitting transfer %p; buf=%p, buflen=%d\n", __func__, cmd, cmd->buf, cmd->buflen);
2053 usbd_transfer_submit(xfer);
2056 cmd = STAILQ_FIRST(&sc->sc_cmd_active);
2058 STAILQ_REMOVE_HEAD(&sc->sc_cmd_active, next_cmd);
2059 otus_txcmdeof(xfer, cmd);
2062 if (error != USB_ERR_CANCELLED) {
2063 usbd_xfer_set_stall(xfer);
2071 * This isn't used by carl9170; it however may be used by the
2072 * initial bootloader.
2075 otus_bulk_irq_callback(struct usb_xfer *xfer, usb_error_t error)
2077 struct otus_softc *sc = usbd_xfer_softc(xfer);
2081 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
2082 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ,
2083 "%s: called; state=%d\n", __func__, USB_GET_STATE(xfer));
2085 switch (USB_GET_STATE(xfer)) {
2086 case USB_ST_TRANSFERRED:
2088 * Read usb frame data, if any.
2089 * "actlen" has the total length for all frames
2092 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ,
2093 "%s: comp; %d bytes\n",
2097 pc = usbd_xfer_get_frame(xfer, 0);
2098 otus_dump_usb_rx_page(sc, pc, actlen);
2100 /* XXX fallthrough */
2103 * Setup xfer frame lengths/count and data
2105 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ, "%s: setup\n", __func__);
2106 usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
2107 usbd_transfer_submit(xfer);
2110 default: /* Error */
2112 * Print error message and clear stall
2115 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ, "%s: ERROR?\n", __func__);
2121 * Map net80211 rate to hw rate for otus MAC/PHY.
2124 otus_rate_to_hw_rate(struct otus_softc *sc, uint8_t rate)
2128 is_2ghz = !! (IEEE80211_IS_CHAN_2GHZ(sc->sc_ic.ic_curchan));
2163 device_printf(sc->sc_dev, "%s: unknown rate '%d'\n",
2164 __func__, (int) rate);
2167 return (0x0); /* 1MB CCK */
2169 return (0xb); /* 6MB OFDM */
2174 otus_hw_rate_is_ht(struct otus_softc *sc, uint8_t hw_rate)
2177 return !! (hw_rate & 0x80);
2181 otus_hw_rate_is_ofdm(struct otus_softc *sc, uint8_t hw_rate)
2197 otus_tx_update_ratectl(struct otus_softc *sc, struct ieee80211_node *ni)
2199 struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
2200 struct otus_node *on = OTUS_NODE(ni);
2202 txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
2203 IEEE80211_RATECTL_TX_STATS_RETRIES;
2205 txs->nframes = on->tx_done;
2206 txs->nsuccess = on->tx_done - on->tx_err;
2207 txs->nretries = on->tx_retries;
2209 ieee80211_ratectl_tx_update(ni->ni_vap, txs);
2210 on->tx_done = on->tx_err = on->tx_retries = 0;
2214 * XXX TODO: support tx bpf parameters for configuration!
2218 * ac = params->ibp_pri & 3;
2219 * rate = params->ibp_rate0;
2220 * params->ibp_flags & IEEE80211_BPF_NOACK
2221 * params->ibp_flags & IEEE80211_BPF_RTS
2222 * params->ibp_flags & IEEE80211_BPF_CTS
2223 * tx->rts_ntries = params->ibp_try1;
2224 * tx->data_ntries = params->ibp_try0;
2227 otus_tx(struct otus_softc *sc, struct ieee80211_node *ni, struct mbuf *m,
2228 struct otus_data *data, const struct ieee80211_bpf_params *params)
2230 const struct ieee80211_txparam *tp = ni->ni_txparms;
2231 struct ieee80211com *ic = &sc->sc_ic;
2232 struct ieee80211vap *vap = ni->ni_vap;
2233 struct ieee80211_frame *wh;
2234 struct ieee80211_key *k;
2235 struct ar_tx_head *head;
2237 uint16_t macctl, qos;
2239 int hasqos, xferlen, type, ismcast;
2241 wh = mtod(m, struct ieee80211_frame *);
2242 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2243 k = ieee80211_crypto_encap(ni, m);
2245 device_printf(sc->sc_dev,
2246 "%s: m=%p: ieee80211_crypto_encap returns NULL\n",
2251 wh = mtod(m, struct ieee80211_frame *);
2254 /* Calculate transfer length; ensure data buffer is large enough */
2255 xferlen = sizeof (*head) + m->m_pkthdr.len;
2256 if (xferlen > OTUS_TXBUFSZ) {
2257 device_printf(sc->sc_dev,
2258 "%s: 802.11 TX frame is %d bytes, max %d bytes\n",
2265 hasqos = !! IEEE80211_QOS_HAS_SEQ(wh);
2269 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
2270 tid = qos & IEEE80211_QOS_TID;
2271 qid = TID_TO_WME_AC(tid);
2277 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2278 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1);
2280 /* Pickup a rate index. */
2282 rate = otus_rate_to_hw_rate(sc, params->ibp_rate0);
2283 else if (!!(m->m_flags & M_EAPOL) || type != IEEE80211_FC0_TYPE_DATA)
2284 rate = otus_rate_to_hw_rate(sc, tp->mgmtrate);
2286 rate = otus_rate_to_hw_rate(sc, tp->mcastrate);
2287 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
2288 rate = otus_rate_to_hw_rate(sc, tp->ucastrate);
2290 (void) ieee80211_ratectl_rate(ni, NULL, 0);
2291 rate = otus_rate_to_hw_rate(sc, ni->ni_txrate);
2295 macctl = AR_TX_MAC_BACKOFF | AR_TX_MAC_HW_DUR | AR_TX_MAC_QID(qid);
2298 * XXX TODO: params for NOACK, ACK, RTS, CTS, etc
2301 (hasqos && ((qos & IEEE80211_QOS_ACKPOLICY) ==
2302 IEEE80211_QOS_ACKPOLICY_NOACK)))
2303 macctl |= AR_TX_MAC_NOACK;
2306 if (m->m_pkthdr.len + IEEE80211_CRC_LEN >= vap->iv_rtsthreshold)
2307 macctl |= AR_TX_MAC_RTS;
2308 else if (otus_hw_rate_is_ht(sc, rate)) {
2309 if (ic->ic_htprotmode == IEEE80211_PROT_RTSCTS)
2310 macctl |= AR_TX_MAC_RTS;
2311 } else if (ic->ic_flags & IEEE80211_F_USEPROT) {
2312 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
2313 macctl |= AR_TX_MAC_CTS;
2314 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
2315 macctl |= AR_TX_MAC_RTS;
2319 phyctl |= AR_TX_PHY_MCS(rate & 0x7f); /* Note: MCS rates are 0x80 and above */
2320 if (otus_hw_rate_is_ht(sc, rate)) {
2321 phyctl |= AR_TX_PHY_MT_HT;
2322 /* Always use all tx antennas for now, just to be safe */
2323 phyctl |= AR_TX_PHY_ANTMSK(sc->txmask);
2326 phyctl |= (rate & 0x7) << AR_TX_PHY_TX_HEAVY_CLIP_SHIFT;
2327 } else if (otus_hw_rate_is_ofdm(sc, rate)) {
2328 phyctl |= AR_TX_PHY_MT_OFDM;
2329 /* Always use all tx antennas for now, just to be safe */
2330 phyctl |= AR_TX_PHY_ANTMSK(sc->txmask);
2332 phyctl |= AR_TX_PHY_MT_CCK;
2333 phyctl |= AR_TX_PHY_ANTMSK(sc->txmask);
2336 /* Update net80211 with the current counters */
2337 otus_tx_update_ratectl(sc, ni);
2339 /* Update rate control stats for frames that are ACK'ed. */
2340 if (!(macctl & AR_TX_MAC_NOACK))
2341 OTUS_NODE(ni)->tx_done++;
2343 /* Fill Tx descriptor. */
2344 head = (struct ar_tx_head *)data->buf;
2345 head->len = htole16(m->m_pkthdr.len + IEEE80211_CRC_LEN);
2346 head->macctl = htole16(macctl);
2347 head->phyctl = htole32(phyctl);
2349 m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)&head[1]);
2351 data->buflen = xferlen;
2355 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
2356 "%s: tx: m=%p; data=%p; len=%d mac=0x%04x phy=0x%08x rate=0x%02x, ni_txrate=%d\n",
2357 __func__, m, data, le16toh(head->len), macctl, phyctl,
2358 (int) rate, (int) ni->ni_txrate);
2360 /* Submit transfer */
2361 STAILQ_INSERT_TAIL(&sc->sc_tx_pending[OTUS_BULK_TX], data, next);
2362 usbd_transfer_start(sc->sc_xfer[OTUS_BULK_TX]);
2368 otus_hash_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt)
2370 uint32_t val, *hashes = arg;
2372 val = le32dec(LLADDR(sdl) + 4);
2373 /* Get address byte 5 */
2374 val = val & 0x0000ff00;
2377 /* As per below, shift it >> 2 to get only 6 bits */
2380 hashes[0] |= 1 << val;
2382 hashes[1] |= 1 << (val - 32);
2389 otus_set_multi(struct otus_softc *sc)
2391 struct ieee80211com *ic = &sc->sc_ic;
2395 if (ic->ic_allmulti > 0 || ic->ic_promisc > 0 ||
2396 ic->ic_opmode == IEEE80211_M_MONITOR) {
2397 hashes[0] = 0xffffffff;
2398 hashes[1] = 0xffffffff;
2400 struct ieee80211vap *vap;
2402 hashes[0] = hashes[1] = 0;
2403 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
2404 if_foreach_llmaddr(vap->iv_ifp, otus_hash_maddr,
2408 /* XXX openbsd code */
2409 while (enm != NULL) {
2410 bit = enm->enm_addrlo[5] >> 2;
2412 hashes[0] |= 1 << bit;
2414 hashes[1] |= 1 << (bit - 32);
2415 ETHER_NEXT_MULTI(step, enm);
2419 hashes[1] |= 1U << 31; /* Make sure the broadcast bit is set. */
2422 otus_write(sc, AR_MAC_REG_GROUP_HASH_TBL_L, hashes[0]);
2423 otus_write(sc, AR_MAC_REG_GROUP_HASH_TBL_H, hashes[1]);
2424 r = otus_write_barrier(sc);
2425 /* XXX operating mode? filter? */
2431 otus_updateedca(struct ieee80211com *ic)
2433 struct otus_softc *sc = ic->ic_softc;
2437 * XXX TODO: take temporary copy of EDCA information
2438 * when scheduling this so we have a more time-correct view
2440 * XXX TODO: this can be done on the net80211 level
2442 otus_updateedca_locked(sc);
2448 otus_updateedca_locked(struct otus_softc *sc)
2450 #define EXP2(val) ((1 << (val)) - 1)
2451 #define AIFS(val) ((val) * 9 + 10)
2452 struct chanAccParams chp;
2453 struct ieee80211com *ic = &sc->sc_ic;
2454 const struct wmeParams *edca;
2456 ieee80211_wme_ic_getparams(ic, &chp);
2458 OTUS_LOCK_ASSERT(sc);
2460 edca = chp.cap_wmeParams;
2462 /* Set CWmin/CWmax values. */
2463 otus_write(sc, AR_MAC_REG_AC0_CW,
2464 EXP2(edca[WME_AC_BE].wmep_logcwmax) << 16 |
2465 EXP2(edca[WME_AC_BE].wmep_logcwmin));
2466 otus_write(sc, AR_MAC_REG_AC1_CW,
2467 EXP2(edca[WME_AC_BK].wmep_logcwmax) << 16 |
2468 EXP2(edca[WME_AC_BK].wmep_logcwmin));
2469 otus_write(sc, AR_MAC_REG_AC2_CW,
2470 EXP2(edca[WME_AC_VI].wmep_logcwmax) << 16 |
2471 EXP2(edca[WME_AC_VI].wmep_logcwmin));
2472 otus_write(sc, AR_MAC_REG_AC3_CW,
2473 EXP2(edca[WME_AC_VO].wmep_logcwmax) << 16 |
2474 EXP2(edca[WME_AC_VO].wmep_logcwmin));
2475 otus_write(sc, AR_MAC_REG_AC4_CW, /* Special TXQ. */
2476 EXP2(edca[WME_AC_VO].wmep_logcwmax) << 16 |
2477 EXP2(edca[WME_AC_VO].wmep_logcwmin));
2479 /* Set AIFSN values. */
2480 otus_write(sc, AR_MAC_REG_AC1_AC0_AIFS,
2481 AIFS(edca[WME_AC_VI].wmep_aifsn) << 24 |
2482 AIFS(edca[WME_AC_BK].wmep_aifsn) << 12 |
2483 AIFS(edca[WME_AC_BE].wmep_aifsn));
2484 otus_write(sc, AR_MAC_REG_AC3_AC2_AIFS,
2485 AIFS(edca[WME_AC_VO].wmep_aifsn) << 16 | /* Special TXQ. */
2486 AIFS(edca[WME_AC_VO].wmep_aifsn) << 4 |
2487 AIFS(edca[WME_AC_VI].wmep_aifsn) >> 8);
2489 /* Set TXOP limit. */
2490 otus_write(sc, AR_MAC_REG_AC1_AC0_TXOP,
2491 edca[WME_AC_BK].wmep_txopLimit << 16 |
2492 edca[WME_AC_BE].wmep_txopLimit);
2493 otus_write(sc, AR_MAC_REG_AC3_AC2_TXOP,
2494 edca[WME_AC_VO].wmep_txopLimit << 16 |
2495 edca[WME_AC_VI].wmep_txopLimit);
2497 /* XXX ACK policy? */
2499 (void)otus_write_barrier(sc);
2506 otus_updateslot(struct otus_softc *sc)
2508 struct ieee80211com *ic = &sc->sc_ic;
2511 OTUS_LOCK_ASSERT(sc);
2513 slottime = IEEE80211_GET_SLOTTIME(ic);
2514 otus_write(sc, AR_MAC_REG_SLOT_TIME, slottime << 10);
2515 (void)otus_write_barrier(sc);
2519 * Things to do based on 2GHz or 5GHz:
2528 * And in the transmit path
2529 * + tpc: carl9170_tx_rate_tpc_chains
2530 * + carl9170_tx_physet()
2531 * + disable short premable tx
2535 otus_init_mac(struct otus_softc *sc)
2539 OTUS_LOCK_ASSERT(sc);
2541 otus_write(sc, AR_MAC_REG_ACK_EXTENSION, 0x40);
2542 otus_write(sc, AR_MAC_REG_RETRY_MAX, 0);
2543 otus_write(sc, AR_MAC_REG_RX_THRESHOLD, 0xc1f80);
2544 otus_write(sc, AR_MAC_REG_RX_PE_DELAY, 0x70);
2545 otus_write(sc, AR_MAC_REG_EIFS_AND_SIFS, 0xa144000);
2546 otus_write(sc, AR_MAC_REG_SLOT_TIME, 9 << 10);
2547 otus_write(sc, AR_MAC_REG_TID_CFACK_CFEND_RATE, 0x19000000);
2548 /* NAV protects ACK only (in TXOP). */
2549 otus_write(sc, AR_MAC_REG_TXOP_DURATION, 0x201);
2550 /* Set beacon Tx power to 0x7. */
2551 otus_write(sc, AR_MAC_REG_BCN_HT1, 0x8000170);
2552 otus_write(sc, AR_MAC_REG_BACKOFF_PROTECT, 0x105);
2553 otus_write(sc, AR_MAC_REG_AMPDU_FACTOR, 0x10000a);
2555 otus_set_rx_filter(sc);
2557 otus_write(sc, AR_MAC_REG_BASIC_RATE, 0x150f);
2558 otus_write(sc, AR_MAC_REG_MANDATORY_RATE, 0x150f);
2559 otus_write(sc, AR_MAC_REG_RTS_CTS_RATE, 0x10b01bb);
2560 otus_write(sc, AR_MAC_REG_ACK_TPC, 0x4003c1e);
2562 /* Enable LED0 and LED1. */
2563 otus_write(sc, AR_GPIO_REG_PORT_TYPE, 0x3);
2564 otus_write(sc, AR_GPIO_REG_PORT_DATA, 0x3);
2565 /* Switch MAC to OTUS interface. */
2566 otus_write(sc, 0x1c3600, 0x3);
2567 otus_write(sc, AR_MAC_REG_AMPDU_RX_THRESH, 0xffff);
2568 otus_write(sc, AR_MAC_REG_MISC_680, 0xf00008);
2569 /* Disable Rx timeout (workaround). */
2570 otus_write(sc, AR_MAC_REG_RX_TIMEOUT, 0);
2572 /* Set USB Rx stream mode maximum frame number to 2. */
2573 otus_write(sc, 0x1e1110, 0x4);
2574 /* Set USB Rx stream mode timeout to 10us. */
2575 otus_write(sc, 0x1e1114, 0x80);
2577 /* Set clock frequency to 88/80MHz. */
2578 otus_write(sc, AR_PWR_REG_CLOCK_SEL, 0x73);
2579 /* Set WLAN DMA interrupt mode: generate intr per packet. */
2580 otus_write(sc, AR_MAC_REG_TXRX_MPI, 0x110011);
2581 otus_write(sc, AR_MAC_REG_FCS_SELECT, 0x4);
2582 otus_write(sc, AR_MAC_REG_TXOP_NOT_ENOUGH_INDICATION, 0x141e0f48);
2584 /* Disable HW decryption for now. */
2585 otus_write(sc, AR_MAC_REG_ENCRYPTION, 0x78);
2587 if ((error = otus_write_barrier(sc)) != 0)
2590 /* Set default EDCA parameters. */
2591 otus_updateedca_locked(sc);
2597 * Return default value for PHY register based on current operating mode.
2600 otus_phy_get_def(struct otus_softc *sc, uint32_t reg)
2604 for (i = 0; i < nitems(ar5416_phy_regs); i++)
2605 if (AR_PHY(ar5416_phy_regs[i]) == reg)
2606 return sc->phy_vals[i];
2607 return 0; /* Register not found. */
2611 * Update PHY's programming based on vendor-specific data stored in EEPROM.
2612 * This is for FEM-type devices only.
2615 otus_set_board_values(struct otus_softc *sc, struct ieee80211_channel *c)
2617 const struct ModalEepHeader *eep;
2618 uint32_t tmp, offset;
2620 if (IEEE80211_IS_CHAN_5GHZ(c))
2621 eep = &sc->eeprom.modalHeader[0];
2623 eep = &sc->eeprom.modalHeader[1];
2625 /* Offset of chain 2. */
2626 offset = 2 * 0x1000;
2628 tmp = le32toh(eep->antCtrlCommon);
2629 otus_write(sc, AR_PHY_SWITCH_COM, tmp);
2631 tmp = le32toh(eep->antCtrlChain[0]);
2632 otus_write(sc, AR_PHY_SWITCH_CHAIN_0, tmp);
2634 tmp = le32toh(eep->antCtrlChain[1]);
2635 otus_write(sc, AR_PHY_SWITCH_CHAIN_0 + offset, tmp);
2637 if (1 /* sc->sc_sco == AR_SCO_SCN */) {
2638 tmp = otus_phy_get_def(sc, AR_PHY_SETTLING);
2639 tmp &= ~(0x7f << 7);
2640 tmp |= (eep->switchSettling & 0x7f) << 7;
2641 otus_write(sc, AR_PHY_SETTLING, tmp);
2644 tmp = otus_phy_get_def(sc, AR_PHY_DESIRED_SZ);
2646 tmp |= eep->pgaDesiredSize << 8 | eep->adcDesiredSize;
2647 otus_write(sc, AR_PHY_DESIRED_SZ, tmp);
2649 tmp = eep->txEndToXpaOff << 24 | eep->txEndToXpaOff << 16 |
2650 eep->txFrameToXpaOn << 8 | eep->txFrameToXpaOn;
2651 otus_write(sc, AR_PHY_RF_CTL4, tmp);
2653 tmp = otus_phy_get_def(sc, AR_PHY_RF_CTL3);
2654 tmp &= ~(0xff << 16);
2655 tmp |= eep->txEndToRxOn << 16;
2656 otus_write(sc, AR_PHY_RF_CTL3, tmp);
2658 tmp = otus_phy_get_def(sc, AR_PHY_CCA);
2659 tmp &= ~(0x7f << 12);
2660 tmp |= (eep->thresh62 & 0x7f) << 12;
2661 otus_write(sc, AR_PHY_CCA, tmp);
2663 tmp = otus_phy_get_def(sc, AR_PHY_RXGAIN);
2664 tmp &= ~(0x3f << 12);
2665 tmp |= (eep->txRxAttenCh[0] & 0x3f) << 12;
2666 otus_write(sc, AR_PHY_RXGAIN, tmp);
2668 tmp = otus_phy_get_def(sc, AR_PHY_RXGAIN + offset);
2669 tmp &= ~(0x3f << 12);
2670 tmp |= (eep->txRxAttenCh[1] & 0x3f) << 12;
2671 otus_write(sc, AR_PHY_RXGAIN + offset, tmp);
2673 tmp = otus_phy_get_def(sc, AR_PHY_GAIN_2GHZ);
2674 tmp &= ~(0x3f << 18);
2675 tmp |= (eep->rxTxMarginCh[0] & 0x3f) << 18;
2676 if (IEEE80211_IS_CHAN_5GHZ(c)) {
2677 tmp &= ~(0xf << 10);
2678 tmp |= (eep->bswMargin[0] & 0xf) << 10;
2680 otus_write(sc, AR_PHY_GAIN_2GHZ, tmp);
2682 tmp = otus_phy_get_def(sc, AR_PHY_GAIN_2GHZ + offset);
2683 tmp &= ~(0x3f << 18);
2684 tmp |= (eep->rxTxMarginCh[1] & 0x3f) << 18;
2685 otus_write(sc, AR_PHY_GAIN_2GHZ + offset, tmp);
2687 tmp = otus_phy_get_def(sc, AR_PHY_TIMING_CTRL4);
2688 tmp &= ~(0x3f << 5 | 0x1f);
2689 tmp |= (eep->iqCalICh[0] & 0x3f) << 5 | (eep->iqCalQCh[0] & 0x1f);
2690 otus_write(sc, AR_PHY_TIMING_CTRL4, tmp);
2692 tmp = otus_phy_get_def(sc, AR_PHY_TIMING_CTRL4 + offset);
2693 tmp &= ~(0x3f << 5 | 0x1f);
2694 tmp |= (eep->iqCalICh[1] & 0x3f) << 5 | (eep->iqCalQCh[1] & 0x1f);
2695 otus_write(sc, AR_PHY_TIMING_CTRL4 + offset, tmp);
2697 tmp = otus_phy_get_def(sc, AR_PHY_TPCRG1);
2698 tmp &= ~(0xf << 16);
2699 tmp |= (eep->xpd & 0xf) << 16;
2700 otus_write(sc, AR_PHY_TPCRG1, tmp);
2702 return otus_write_barrier(sc);
2706 otus_program_phy(struct otus_softc *sc, struct ieee80211_channel *c)
2708 const uint32_t *vals;
2711 /* Select PHY programming based on band and bandwidth. */
2712 if (IEEE80211_IS_CHAN_2GHZ(c)) {
2713 if (IEEE80211_IS_CHAN_HT40(c))
2714 vals = ar5416_phy_vals_2ghz_40mhz;
2716 vals = ar5416_phy_vals_2ghz_20mhz;
2718 if (IEEE80211_IS_CHAN_HT40(c))
2719 vals = ar5416_phy_vals_5ghz_40mhz;
2721 vals = ar5416_phy_vals_5ghz_20mhz;
2723 for (i = 0; i < nitems(ar5416_phy_regs); i++)
2724 otus_write(sc, AR_PHY(ar5416_phy_regs[i]), vals[i]);
2725 sc->phy_vals = vals;
2727 if (sc->eeprom.baseEepHeader.deviceType == 0x80) /* FEM */
2728 if ((error = otus_set_board_values(sc, c)) != 0)
2731 /* Initial Tx power settings. */
2732 otus_write(sc, AR_PHY_POWER_TX_RATE_MAX, 0x7f);
2733 otus_write(sc, AR_PHY_POWER_TX_RATE1, 0x3f3f3f3f);
2734 otus_write(sc, AR_PHY_POWER_TX_RATE2, 0x3f3f3f3f);
2735 otus_write(sc, AR_PHY_POWER_TX_RATE3, 0x3f3f3f3f);
2736 otus_write(sc, AR_PHY_POWER_TX_RATE4, 0x3f3f3f3f);
2737 otus_write(sc, AR_PHY_POWER_TX_RATE5, 0x3f3f3f3f);
2738 otus_write(sc, AR_PHY_POWER_TX_RATE6, 0x3f3f3f3f);
2739 otus_write(sc, AR_PHY_POWER_TX_RATE7, 0x3f3f3f3f);
2740 otus_write(sc, AR_PHY_POWER_TX_RATE8, 0x3f3f3f3f);
2741 otus_write(sc, AR_PHY_POWER_TX_RATE9, 0x3f3f3f3f);
2743 if (IEEE80211_IS_CHAN_2GHZ(c))
2744 otus_write(sc, AR_PWR_REG_PLL_ADDAC, 0x5163);
2746 otus_write(sc, AR_PWR_REG_PLL_ADDAC, 0x5143);
2748 return otus_write_barrier(sc);
2751 static __inline uint8_t
2752 otus_reverse_bits(uint8_t v)
2754 v = ((v >> 1) & 0x55) | ((v & 0x55) << 1);
2755 v = ((v >> 2) & 0x33) | ((v & 0x33) << 2);
2756 v = ((v >> 4) & 0x0f) | ((v & 0x0f) << 4);
2761 otus_set_rf_bank4(struct otus_softc *sc, struct ieee80211_channel *c)
2763 uint8_t chansel, d0, d1;
2767 OTUS_LOCK_ASSERT(sc);
2770 if (IEEE80211_IS_CHAN_5GHZ(c)) {
2771 chansel = (c->ic_freq - 4800) / 5;
2773 d0 |= AR_BANK4_AMODE_REFSEL(2);
2775 d0 |= AR_BANK4_AMODE_REFSEL(1);
2777 d0 |= AR_BANK4_AMODE_REFSEL(2);
2778 if (c->ic_freq == 2484) { /* CH 14 */
2779 d0 |= AR_BANK4_BMODE_LF_SYNTH_FREQ;
2780 chansel = 10 + (c->ic_freq - 2274) / 5;
2782 chansel = 16 + (c->ic_freq - 2272) / 5;
2785 d0 |= AR_BANK4_ADDR(1) | AR_BANK4_CHUP;
2786 d1 = otus_reverse_bits(chansel);
2788 /* Write bits 0-4 of d0 and d1. */
2789 data = (d1 & 0x1f) << 5 | (d0 & 0x1f);
2790 otus_write(sc, AR_PHY(44), data);
2791 /* Write bits 5-7 of d0 and d1. */
2792 data = (d1 >> 5) << 5 | (d0 >> 5);
2793 otus_write(sc, AR_PHY(58), data);
2795 if ((error = otus_write_barrier(sc)) == 0)
2796 otus_delay_ms(sc, 10);
2801 otus_get_delta_slope(uint32_t coeff, uint32_t *exponent, uint32_t *mantissa)
2803 #define COEFF_SCALE_SHIFT 24
2806 /* exponent = 14 - floor(log2(coeff)) */
2807 for (exp = 31; exp > 0; exp--)
2808 if (coeff & (1 << exp))
2810 KASSERT(exp != 0, ("exp"));
2811 exp = 14 - (exp - COEFF_SCALE_SHIFT);
2813 /* mantissa = floor(coeff * 2^exponent + 0.5) */
2814 man = coeff + (1 << (COEFF_SCALE_SHIFT - exp - 1));
2816 *mantissa = man >> (COEFF_SCALE_SHIFT - exp);
2817 *exponent = exp - 16;
2818 #undef COEFF_SCALE_SHIFT
2822 otus_set_chan(struct otus_softc *sc, struct ieee80211_channel *c, int assoc)
2824 struct ieee80211com *ic = &sc->sc_ic;
2825 struct ar_cmd_frequency cmd;
2826 struct ar_rsp_frequency rsp;
2827 const uint32_t *vals;
2828 uint32_t coeff, exp, man, tmp;
2833 chan = ieee80211_chan2ieee(ic, c);
2835 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
2836 "setting channel %d (%dMHz)\n", chan, c->ic_freq);
2838 tmp = IEEE80211_IS_CHAN_2GHZ(c) ? 0x105 : 0x104;
2839 otus_write(sc, AR_MAC_REG_DYNAMIC_SIFS_ACK, tmp);
2840 if ((error = otus_write_barrier(sc)) != 0)
2843 /* Disable BB Heavy Clip. */
2844 otus_write(sc, AR_PHY_HEAVY_CLIP_ENABLE, 0x200);
2845 if ((error = otus_write_barrier(sc)) != 0)
2848 /* XXX Is that FREQ_START ? */
2849 error = otus_cmd(sc, AR_CMD_FREQ_STRAT, NULL, 0, NULL, 0);
2853 /* Reprogram PHY and RF on channel band or bandwidth changes. */
2854 if (sc->bb_reset || c->ic_flags != sc->sc_curchan->ic_flags) {
2855 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET, "band switch\n");
2857 /* Cold/Warm reset BB/ADDA. */
2858 otus_write(sc, AR_PWR_REG_RESET, sc->bb_reset ? 0x800 : 0x400);
2859 if ((error = otus_write_barrier(sc)) != 0)
2861 otus_write(sc, AR_PWR_REG_RESET, 0);
2862 if ((error = otus_write_barrier(sc)) != 0)
2866 if ((error = otus_program_phy(sc, c)) != 0) {
2867 device_printf(sc->sc_dev,
2868 "%s: could not program PHY\n",
2873 /* Select RF programming based on band. */
2874 if (IEEE80211_IS_CHAN_5GHZ(c))
2875 vals = ar5416_banks_vals_5ghz;
2877 vals = ar5416_banks_vals_2ghz;
2878 for (i = 0; i < nitems(ar5416_banks_regs); i++)
2879 otus_write(sc, AR_PHY(ar5416_banks_regs[i]), vals[i]);
2880 if ((error = otus_write_barrier(sc)) != 0) {
2881 device_printf(sc->sc_dev,
2882 "%s: could not program RF\n",
2886 code = AR_CMD_RF_INIT;
2888 code = AR_CMD_FREQUENCY;
2891 if ((error = otus_set_rf_bank4(sc, c)) != 0)
2894 tmp = (sc->txmask == 0x5) ? 0x340 : 0x240;
2895 otus_write(sc, AR_PHY_TURBO, tmp);
2896 if ((error = otus_write_barrier(sc)) != 0)
2899 /* Send firmware command to set channel. */
2900 cmd.freq = htole32((uint32_t)c->ic_freq * 1000);
2901 cmd.dynht2040 = htole32(0);
2902 cmd.htena = htole32(1);
2903 /* Set Delta Slope (exponent and mantissa). */
2904 coeff = (100 << 24) / c->ic_freq;
2905 otus_get_delta_slope(coeff, &exp, &man);
2906 cmd.dsc_exp = htole32(exp);
2907 cmd.dsc_man = htole32(man);
2908 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
2909 "ds coeff=%u exp=%u man=%u\n", coeff, exp, man);
2910 /* For Short GI, coeff is 9/10 that of normal coeff. */
2911 coeff = (9 * coeff) / 10;
2912 otus_get_delta_slope(coeff, &exp, &man);
2913 cmd.dsc_shgi_exp = htole32(exp);
2914 cmd.dsc_shgi_man = htole32(man);
2915 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
2916 "ds shgi coeff=%u exp=%u man=%u\n", coeff, exp, man);
2917 /* Set wait time for AGC and noise calibration (100 or 200ms). */
2918 cmd.check_loop_count = assoc ? htole32(2000) : htole32(1000);
2919 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
2920 "%s\n", (code == AR_CMD_RF_INIT) ? "RF_INIT" : "FREQUENCY");
2921 error = otus_cmd(sc, code, &cmd, sizeof cmd, &rsp, sizeof(rsp));
2924 if ((rsp.status & htole32(AR_CAL_ERR_AGC | AR_CAL_ERR_NF_VAL)) != 0) {
2925 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
2926 "status=0x%x\n", le32toh(rsp.status));
2927 /* Force cold reset on next channel. */
2931 if (otus_debug & OTUS_DEBUG_RESET) {
2932 device_printf(sc->sc_dev, "calibration status=0x%x\n",
2933 le32toh(rsp.status));
2934 for (i = 0; i < 2; i++) { /* 2 Rx chains */
2935 /* Sign-extend 9-bit NF values. */
2936 device_printf(sc->sc_dev,
2937 "noisefloor chain %d=%d\n", i,
2938 (((int32_t)le32toh(rsp.nf[i])) << 4) >> 23);
2939 device_printf(sc->sc_dev,
2940 "noisefloor ext chain %d=%d\n", i,
2941 ((int32_t)le32toh(rsp.nf_ext[i])) >> 23);
2945 for (i = 0; i < OTUS_NUM_CHAINS; i++) {
2946 sc->sc_nf[i] = ((((int32_t)le32toh(rsp.nf[i])) << 4) >> 23);
2955 otus_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
2956 struct ieee80211_key *k)
2958 struct otus_softc *sc = ic->ic_softc;
2959 struct otus_cmd_key cmd;
2961 /* Defer setting of WEP keys until interface is brought up. */
2962 if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
2963 (IFF_UP | IFF_RUNNING))
2966 /* Do it in a process context. */
2968 cmd.associd = (ni != NULL) ? ni->ni_associd : 0;
2969 otus_do_async(sc, otus_set_key_cb, &cmd, sizeof cmd);
2974 otus_set_key_cb(struct otus_softc *sc, void *arg)
2976 struct otus_cmd_key *cmd = arg;
2977 struct ieee80211_key *k = &cmd->key;
2978 struct ar_cmd_ekey key;
2982 memset(&key, 0, sizeof key);
2983 if (k->k_flags & IEEE80211_KEY_GROUP) {
2984 key.uid = htole16(k->k_id);
2985 IEEE80211_ADDR_COPY(key.macaddr, sc->sc_ic.ic_myaddr);
2986 key.macaddr[0] |= 0x80;
2988 key.uid = htole16(OTUS_UID(cmd->associd));
2989 IEEE80211_ADDR_COPY(key.macaddr, ni->ni_macaddr);
2991 key.kix = htole16(0);
2992 /* Map net80211 cipher to hardware. */
2993 switch (k->k_cipher) {
2994 case IEEE80211_CIPHER_WEP40:
2995 cipher = AR_CIPHER_WEP64;
2997 case IEEE80211_CIPHER_WEP104:
2998 cipher = AR_CIPHER_WEP128;
3000 case IEEE80211_CIPHER_TKIP:
3001 cipher = AR_CIPHER_TKIP;
3003 case IEEE80211_CIPHER_CCMP:
3004 cipher = AR_CIPHER_AES;
3009 key.cipher = htole16(cipher);
3010 memcpy(key.key, k->k_key, MIN(k->k_len, 16));
3011 error = otus_cmd(sc, AR_CMD_EKEY, &key, sizeof key, NULL, 0);
3012 if (error != 0 || k->k_cipher != IEEE80211_CIPHER_TKIP)
3015 /* TKIP: set Tx/Rx MIC Key. */
3016 key.kix = htole16(1);
3017 memcpy(key.key, k->k_key + 16, 16);
3018 (void)otus_cmd(sc, AR_CMD_EKEY, &key, sizeof key, NULL, 0);
3022 otus_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
3023 struct ieee80211_key *k)
3025 struct otus_softc *sc = ic->ic_softc;
3026 struct otus_cmd_key cmd;
3028 if (!(ic->ic_if.if_flags & IFF_RUNNING) ||
3029 ic->ic_state != IEEE80211_S_RUN)
3030 return; /* Nothing to do. */
3032 /* Do it in a process context. */
3034 cmd.associd = (ni != NULL) ? ni->ni_associd : 0;
3035 otus_do_async(sc, otus_delete_key_cb, &cmd, sizeof cmd);
3039 otus_delete_key_cb(struct otus_softc *sc, void *arg)
3041 struct otus_cmd_key *cmd = arg;
3042 struct ieee80211_key *k = &cmd->key;
3045 if (k->k_flags & IEEE80211_KEY_GROUP)
3046 uid = htole32(k->k_id);
3048 uid = htole32(OTUS_UID(cmd->associd));
3049 (void)otus_cmd(sc, AR_CMD_DKEY, &uid, sizeof uid, NULL, 0);
3054 * XXX TODO: check if we have to be doing any calibration in the host
3055 * or whether it's purely a firmware thing.
3058 otus_calibrate_to(void *arg, int pending)
3061 struct otus_softc *sc = arg;
3063 device_printf(sc->sc_dev, "%s: called\n", __func__);
3064 struct ieee80211com *ic = &sc->sc_ic;
3065 struct ieee80211_node *ni;
3068 if (usbd_is_dying(sc->sc_udev))
3071 usbd_ref_incr(sc->sc_udev);
3075 ieee80211_amrr_choose(&sc->amrr, ni, &((struct otus_node *)ni)->amn);
3078 if (!usbd_is_dying(sc->sc_udev))
3079 timeout_add_sec(&sc->calib_to, 1);
3081 usbd_ref_decr(sc->sc_udev);
3086 otus_set_bssid(struct otus_softc *sc, const uint8_t *bssid)
3089 OTUS_LOCK_ASSERT(sc);
3091 otus_write(sc, AR_MAC_REG_BSSID_L,
3092 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
3093 otus_write(sc, AR_MAC_REG_BSSID_H,
3094 bssid[4] | bssid[5] << 8);
3095 return otus_write_barrier(sc);
3099 otus_set_macaddr(struct otus_softc *sc, const uint8_t *addr)
3101 OTUS_LOCK_ASSERT(sc);
3103 otus_write(sc, AR_MAC_REG_MAC_ADDR_L,
3104 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
3105 otus_write(sc, AR_MAC_REG_MAC_ADDR_H,
3106 addr[4] | addr[5] << 8);
3107 return otus_write_barrier(sc);
3110 /* Default single-LED. */
3112 otus_led_newstate_type1(struct otus_softc *sc)
3115 device_printf(sc->sc_dev, "%s: TODO\n", __func__);
3118 /* NETGEAR, dual-LED. */
3120 otus_led_newstate_type2(struct otus_softc *sc)
3123 device_printf(sc->sc_dev, "%s: TODO\n", __func__);
3126 /* NETGEAR, single-LED/3 colors (blue, red, purple.) */
3128 otus_led_newstate_type3(struct otus_softc *sc)
3131 struct ieee80211com *ic = &sc->sc_ic;
3132 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3134 uint32_t state = sc->led_state;
3136 OTUS_LOCK_ASSERT(sc);
3139 state = 0; /* led off */
3140 } else if (vap->iv_state == IEEE80211_S_INIT) {
3141 state = 0; /* LED off. */
3142 } else if (vap->iv_state == IEEE80211_S_RUN) {
3143 /* Associated, LED always on. */
3144 if (IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan))
3145 state = AR_LED0_ON; /* 2GHz=>Red. */
3147 state = AR_LED1_ON; /* 5GHz=>Blue. */
3149 /* Scanning, blink LED. */
3150 state ^= AR_LED0_ON | AR_LED1_ON;
3151 if (IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan))
3152 state &= ~AR_LED1_ON;
3154 state &= ~AR_LED0_ON;
3156 if (state != sc->led_state) {
3157 otus_write(sc, AR_GPIO_REG_PORT_DATA, state);
3158 if (otus_write_barrier(sc) == 0)
3159 sc->led_state = state;
3164 static uint8_t zero_macaddr[IEEE80211_ADDR_LEN] = { 0,0,0,0,0,0 };
3167 * Set up operating mode, MAC/BSS address and RX filter.
3170 otus_set_operating_mode(struct otus_softc *sc)
3172 struct ieee80211com *ic = &sc->sc_ic;
3173 struct ieee80211vap *vap;
3174 uint32_t cam_mode = AR_MAC_CAM_DEFAULTS;
3175 uint32_t rx_ctrl = AR_MAC_RX_CTRL_DEAGG | AR_MAC_RX_CTRL_SHORT_FILTER;
3176 uint32_t sniffer = AR_MAC_SNIFFER_DEFAULTS;
3177 uint32_t enc_mode = 0x78; /* XXX */
3178 const uint8_t *macaddr;
3179 uint8_t bssid[IEEE80211_ADDR_LEN];
3180 struct ieee80211_node *ni;
3182 OTUS_LOCK_ASSERT(sc);
3185 * If we're in sniffer mode or we don't have a MAC
3186 * address assigned, ensure it gets reset to all-zero.
3188 IEEE80211_ADDR_COPY(bssid, zero_macaddr);
3189 vap = TAILQ_FIRST(&ic->ic_vaps);
3190 macaddr = vap ? vap->iv_myaddr : ic->ic_macaddr;
3192 switch (ic->ic_opmode) {
3193 case IEEE80211_M_STA:
3195 ni = ieee80211_ref_node(vap->iv_bss);
3196 IEEE80211_ADDR_COPY(bssid, ni->ni_bssid);
3197 ieee80211_free_node(ni);
3199 cam_mode |= AR_MAC_CAM_STA;
3200 rx_ctrl |= AR_MAC_RX_CTRL_PASS_TO_HOST;
3202 case IEEE80211_M_MONITOR:
3204 * Note: monitor mode ends up causing the MAC to
3205 * generate ACK frames for everything it sees.
3206 * So don't do that; instead just put it in STA mode
3207 * and disable RX filters.
3210 cam_mode |= AR_MAC_CAM_STA;
3211 rx_ctrl |= AR_MAC_RX_CTRL_PASS_TO_HOST;
3216 * TODO: if/when we do hardware encryption, ensure it's
3217 * disabled if the NIC is in monitor mode.
3219 otus_write(sc, AR_MAC_REG_SNIFFER, sniffer);
3220 otus_write(sc, AR_MAC_REG_CAM_MODE, cam_mode);
3221 otus_write(sc, AR_MAC_REG_ENCRYPTION, enc_mode);
3222 otus_write(sc, AR_MAC_REG_RX_CONTROL, rx_ctrl);
3223 otus_set_macaddr(sc, macaddr);
3224 otus_set_bssid(sc, bssid);
3229 otus_set_rx_filter(struct otus_softc *sc)
3231 // struct ieee80211com *ic = &sc->sc_ic;
3233 OTUS_LOCK_ASSERT(sc);
3236 if (ic->ic_allmulti > 0 || ic->ic_promisc > 0 ||
3237 ic->ic_opmode == IEEE80211_M_MONITOR) {
3238 otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0xff00ffff);
3241 /* Filter any control frames, BAR is bit 24. */
3242 otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0x0500ffff);
3249 otus_init(struct otus_softc *sc)
3251 struct ieee80211com *ic = &sc->sc_ic;
3254 OTUS_UNLOCK_ASSERT(sc);
3258 /* Drain any pending TX frames */
3259 otus_drain_mbufq(sc);
3262 if ((error = otus_init_mac(sc)) != 0) {
3264 device_printf(sc->sc_dev,
3265 "%s: could not initialize MAC\n", __func__);
3269 otus_set_operating_mode(sc);
3270 otus_set_rx_filter(sc);
3271 (void) otus_set_operating_mode(sc);
3273 sc->bb_reset = 1; /* Force cold reset. */
3275 if ((error = otus_set_chan(sc, ic->ic_curchan, 0)) != 0) {
3277 device_printf(sc->sc_dev,
3278 "%s: could not set channel\n", __func__);
3283 otus_write(sc, AR_MAC_REG_DMA_TRIGGER, 0x100);
3284 (void)otus_write_barrier(sc);
3293 otus_stop(struct otus_softc *sc)
3299 OTUS_UNLOCK_ASSERT(sc);
3303 sc->sc_tx_timer = 0;
3306 taskqueue_drain_timeout(taskqueue_thread, &sc->scan_to);
3307 taskqueue_drain_timeout(taskqueue_thread, &sc->calib_to);
3308 taskqueue_drain(taskqueue_thread, &sc->tx_task);
3313 otus_write(sc, AR_MAC_REG_DMA_TRIGGER, 0);
3314 (void)otus_write_barrier(sc);
3316 /* Drain any pending TX frames */
3317 otus_drain_mbufq(sc);
projects / FreeBSD / FreeBSD.git / blob