2 * Copyright (c) 2006,2007
3 * Damien Bergamini <damien.bergamini@free.fr>
4 * Benjamin Close <Benjamin.Close@clearchain.com>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/cdefs.h>
20 __FBSDID("$FreeBSD$");
23 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters.
25 * The 3945ABG network adapter doesn't use traditional hardware as
26 * many other adaptors do. Instead at run time the eeprom is set into a known
27 * state and told to load boot firmware. The boot firmware loads an init and a
28 * main binary firmware image into SRAM on the card via DMA.
29 * Once the firmware is loaded, the driver/hw then
30 * communicate by way of circular dma rings via the SRAM to the firmware.
32 * There is 6 memory rings. 1 command ring, 1 rx data ring & 4 tx data rings.
33 * The 4 tx data rings allow for prioritization QoS.
35 * The rx data ring consists of 32 dma buffers. Two registers are used to
36 * indicate where in the ring the driver and the firmware are up to. The
37 * driver sets the initial read index (reg1) and the initial write index (reg2),
38 * the firmware updates the read index (reg1) on rx of a packet and fires an
39 * interrupt. The driver then processes the buffers starting at reg1 indicating
40 * to the firmware which buffers have been accessed by updating reg2. At the
41 * same time allocating new memory for the processed buffer.
43 * A similar thing happens with the tx rings. The difference is the firmware
44 * stop processing buffers once the queue is full and until confirmation
45 * of a successful transmition (tx_done) has occurred.
47 * The command ring operates in the same manner as the tx queues.
49 * All communication direct to the card (ie eeprom) is classed as Stage1
52 * All communication via the firmware to the card is classed as State2.
53 * The firmware consists of 2 parts. A bootstrap firmware and a runtime
54 * firmware. The bootstrap firmware and runtime firmware are loaded
55 * from host memory via dma to the card then told to execute. From this point
56 * on the majority of communications between the driver and the card goes
63 #include <sys/param.h>
64 #include <sys/sysctl.h>
65 #include <sys/sockio.h>
67 #include <sys/kernel.h>
68 #include <sys/socket.h>
69 #include <sys/systm.h>
70 #include <sys/malloc.h>
71 #include <sys/queue.h>
72 #include <sys/taskqueue.h>
73 #include <sys/module.h>
75 #include <sys/endian.h>
76 #include <sys/linker.h>
77 #include <sys/firmware.h>
79 #include <machine/bus.h>
80 #include <machine/resource.h>
83 #include <dev/pci/pcireg.h>
84 #include <dev/pci/pcivar.h>
88 #include <net/if_var.h>
89 #include <net/if_arp.h>
90 #include <net/ethernet.h>
91 #include <net/if_dl.h>
92 #include <net/if_media.h>
93 #include <net/if_types.h>
95 #include <netinet/in.h>
96 #include <netinet/in_systm.h>
97 #include <netinet/in_var.h>
98 #include <netinet/if_ether.h>
99 #include <netinet/ip.h>
101 #include <net80211/ieee80211_var.h>
102 #include <net80211/ieee80211_radiotap.h>
103 #include <net80211/ieee80211_regdomain.h>
104 #include <net80211/ieee80211_ratectl.h>
106 #include <dev/wpi/if_wpireg.h>
107 #include <dev/wpi/if_wpivar.h>
108 #include <dev/wpi/if_wpi_debug.h>
117 static const struct wpi_ident wpi_ident_table[] = {
118 /* The below entries support ABG regardless of the subid */
119 { 0x8086, 0x4222, 0x0, "Intel(R) PRO/Wireless 3945ABG" },
120 { 0x8086, 0x4227, 0x0, "Intel(R) PRO/Wireless 3945ABG" },
121 /* The below entries only support BG */
122 { 0x8086, 0x4222, 0x1005, "Intel(R) PRO/Wireless 3945BG" },
123 { 0x8086, 0x4222, 0x1034, "Intel(R) PRO/Wireless 3945BG" },
124 { 0x8086, 0x4227, 0x1014, "Intel(R) PRO/Wireless 3945BG" },
125 { 0x8086, 0x4222, 0x1044, "Intel(R) PRO/Wireless 3945BG" },
129 static int wpi_probe(device_t);
130 static int wpi_attach(device_t);
131 static void wpi_radiotap_attach(struct wpi_softc *);
132 static void wpi_sysctlattach(struct wpi_softc *);
133 static void wpi_init_beacon(struct wpi_vap *);
134 static struct ieee80211vap *wpi_vap_create(struct ieee80211com *,
135 const char [IFNAMSIZ], int, enum ieee80211_opmode, int,
136 const uint8_t [IEEE80211_ADDR_LEN],
137 const uint8_t [IEEE80211_ADDR_LEN]);
138 static void wpi_vap_delete(struct ieee80211vap *);
139 static int wpi_detach(device_t);
140 static int wpi_shutdown(device_t);
141 static int wpi_suspend(device_t);
142 static int wpi_resume(device_t);
143 static int wpi_nic_lock(struct wpi_softc *);
144 static int wpi_read_prom_data(struct wpi_softc *, uint32_t, void *, int);
145 static void wpi_dma_map_addr(void *, bus_dma_segment_t *, int, int);
146 static int wpi_dma_contig_alloc(struct wpi_softc *, struct wpi_dma_info *,
147 void **, bus_size_t, bus_size_t);
148 static void wpi_dma_contig_free(struct wpi_dma_info *);
149 static int wpi_alloc_shared(struct wpi_softc *);
150 static void wpi_free_shared(struct wpi_softc *);
151 static int wpi_alloc_fwmem(struct wpi_softc *);
152 static void wpi_free_fwmem(struct wpi_softc *);
153 static int wpi_alloc_rx_ring(struct wpi_softc *);
154 static void wpi_update_rx_ring(struct wpi_softc *);
155 static void wpi_update_rx_ring_ps(struct wpi_softc *);
156 static void wpi_reset_rx_ring(struct wpi_softc *);
157 static void wpi_free_rx_ring(struct wpi_softc *);
158 static int wpi_alloc_tx_ring(struct wpi_softc *, struct wpi_tx_ring *,
160 static void wpi_update_tx_ring(struct wpi_softc *, struct wpi_tx_ring *);
161 static void wpi_update_tx_ring_ps(struct wpi_softc *,
162 struct wpi_tx_ring *);
163 static void wpi_reset_tx_ring(struct wpi_softc *, struct wpi_tx_ring *);
164 static void wpi_free_tx_ring(struct wpi_softc *, struct wpi_tx_ring *);
165 static int wpi_read_eeprom(struct wpi_softc *,
166 uint8_t macaddr[IEEE80211_ADDR_LEN]);
167 static uint32_t wpi_eeprom_channel_flags(struct wpi_eeprom_chan *);
168 static void wpi_read_eeprom_band(struct wpi_softc *, int);
169 static int wpi_read_eeprom_channels(struct wpi_softc *, int);
170 static struct wpi_eeprom_chan *wpi_find_eeprom_channel(struct wpi_softc *,
171 struct ieee80211_channel *);
172 static int wpi_setregdomain(struct ieee80211com *,
173 struct ieee80211_regdomain *, int,
174 struct ieee80211_channel[]);
175 static int wpi_read_eeprom_group(struct wpi_softc *, int);
176 static int wpi_add_node_entry_adhoc(struct wpi_softc *);
177 static struct ieee80211_node *wpi_node_alloc(struct ieee80211vap *,
178 const uint8_t mac[IEEE80211_ADDR_LEN]);
179 static void wpi_node_free(struct ieee80211_node *);
180 static void wpi_recv_mgmt(struct ieee80211_node *, struct mbuf *, int, int,
182 static void wpi_restore_node(void *, struct ieee80211_node *);
183 static void wpi_restore_node_table(struct wpi_softc *, struct wpi_vap *);
184 static int wpi_newstate(struct ieee80211vap *, enum ieee80211_state, int);
185 static void wpi_calib_timeout(void *);
186 static void wpi_rx_done(struct wpi_softc *, struct wpi_rx_desc *,
187 struct wpi_rx_data *);
188 static void wpi_rx_statistics(struct wpi_softc *, struct wpi_rx_desc *,
189 struct wpi_rx_data *);
190 static void wpi_tx_done(struct wpi_softc *, struct wpi_rx_desc *);
191 static void wpi_cmd_done(struct wpi_softc *, struct wpi_rx_desc *);
192 static void wpi_notif_intr(struct wpi_softc *);
193 static void wpi_wakeup_intr(struct wpi_softc *);
195 static void wpi_debug_registers(struct wpi_softc *);
197 static void wpi_fatal_intr(struct wpi_softc *);
198 static void wpi_intr(void *);
199 static int wpi_cmd2(struct wpi_softc *, struct wpi_buf *);
200 static int wpi_tx_data(struct wpi_softc *, struct mbuf *,
201 struct ieee80211_node *);
202 static int wpi_tx_data_raw(struct wpi_softc *, struct mbuf *,
203 struct ieee80211_node *,
204 const struct ieee80211_bpf_params *);
205 static int wpi_raw_xmit(struct ieee80211_node *, struct mbuf *,
206 const struct ieee80211_bpf_params *);
207 static void wpi_start(struct ifnet *);
208 static void wpi_start_task(void *, int);
209 static void wpi_watchdog_rfkill(void *);
210 static void wpi_scan_timeout(void *);
211 static void wpi_tx_timeout(void *);
212 static int wpi_ioctl(struct ifnet *, u_long, caddr_t);
213 static int wpi_cmd(struct wpi_softc *, int, const void *, size_t, int);
214 static int wpi_mrr_setup(struct wpi_softc *);
215 static int wpi_add_node(struct wpi_softc *, struct ieee80211_node *);
216 static int wpi_add_broadcast_node(struct wpi_softc *, int);
217 static int wpi_add_ibss_node(struct wpi_softc *, struct ieee80211_node *);
218 static void wpi_del_node(struct wpi_softc *, struct ieee80211_node *);
219 static int wpi_updateedca(struct ieee80211com *);
220 static void wpi_set_promisc(struct wpi_softc *);
221 static void wpi_update_promisc(struct ifnet *);
222 static void wpi_update_mcast(struct ifnet *);
223 static void wpi_set_led(struct wpi_softc *, uint8_t, uint8_t, uint8_t);
224 static int wpi_set_timing(struct wpi_softc *, struct ieee80211_node *);
225 static void wpi_power_calibration(struct wpi_softc *);
226 static int wpi_set_txpower(struct wpi_softc *, int);
227 static int wpi_get_power_index(struct wpi_softc *,
228 struct wpi_power_group *, uint8_t, int, int);
229 static int wpi_set_pslevel(struct wpi_softc *, uint8_t, int, int);
230 static int wpi_send_btcoex(struct wpi_softc *);
231 static int wpi_send_rxon(struct wpi_softc *, int, int);
232 static int wpi_config(struct wpi_softc *);
233 static uint16_t wpi_get_active_dwell_time(struct wpi_softc *,
234 struct ieee80211_channel *, uint8_t);
235 static uint16_t wpi_limit_dwell(struct wpi_softc *, uint16_t);
236 static uint16_t wpi_get_passive_dwell_time(struct wpi_softc *,
237 struct ieee80211_channel *);
238 static uint32_t wpi_get_scan_pause_time(uint32_t, uint16_t);
239 static int wpi_scan(struct wpi_softc *, struct ieee80211_channel *);
240 static int wpi_auth(struct wpi_softc *, struct ieee80211vap *);
241 static int wpi_config_beacon(struct wpi_vap *);
242 static int wpi_setup_beacon(struct wpi_softc *, struct ieee80211_node *);
243 static void wpi_update_beacon(struct ieee80211vap *, int);
244 static void wpi_newassoc(struct ieee80211_node *, int);
245 static int wpi_run(struct wpi_softc *, struct ieee80211vap *);
246 static int wpi_load_key(struct ieee80211_node *,
247 const struct ieee80211_key *);
248 static void wpi_load_key_cb(void *, struct ieee80211_node *);
249 static int wpi_set_global_keys(struct ieee80211_node *);
250 static int wpi_del_key(struct ieee80211_node *,
251 const struct ieee80211_key *);
252 static void wpi_del_key_cb(void *, struct ieee80211_node *);
253 static int wpi_process_key(struct ieee80211vap *,
254 const struct ieee80211_key *, int);
255 static int wpi_key_set(struct ieee80211vap *,
256 const struct ieee80211_key *,
257 const uint8_t mac[IEEE80211_ADDR_LEN]);
258 static int wpi_key_delete(struct ieee80211vap *,
259 const struct ieee80211_key *);
260 static int wpi_post_alive(struct wpi_softc *);
261 static int wpi_load_bootcode(struct wpi_softc *, const uint8_t *, int);
262 static int wpi_load_firmware(struct wpi_softc *);
263 static int wpi_read_firmware(struct wpi_softc *);
264 static void wpi_unload_firmware(struct wpi_softc *);
265 static int wpi_clock_wait(struct wpi_softc *);
266 static int wpi_apm_init(struct wpi_softc *);
267 static void wpi_apm_stop_master(struct wpi_softc *);
268 static void wpi_apm_stop(struct wpi_softc *);
269 static void wpi_nic_config(struct wpi_softc *);
270 static int wpi_hw_init(struct wpi_softc *);
271 static void wpi_hw_stop(struct wpi_softc *);
272 static void wpi_radio_on(void *, int);
273 static void wpi_radio_off(void *, int);
274 static void wpi_init(void *);
275 static void wpi_stop_locked(struct wpi_softc *);
276 static void wpi_stop(struct wpi_softc *);
277 static void wpi_scan_start(struct ieee80211com *);
278 static void wpi_scan_end(struct ieee80211com *);
279 static void wpi_set_channel(struct ieee80211com *);
280 static void wpi_scan_curchan(struct ieee80211_scan_state *, unsigned long);
281 static void wpi_scan_mindwell(struct ieee80211_scan_state *);
282 static void wpi_hw_reset(void *, int);
284 static device_method_t wpi_methods[] = {
285 /* Device interface */
286 DEVMETHOD(device_probe, wpi_probe),
287 DEVMETHOD(device_attach, wpi_attach),
288 DEVMETHOD(device_detach, wpi_detach),
289 DEVMETHOD(device_shutdown, wpi_shutdown),
290 DEVMETHOD(device_suspend, wpi_suspend),
291 DEVMETHOD(device_resume, wpi_resume),
296 static driver_t wpi_driver = {
299 sizeof (struct wpi_softc)
301 static devclass_t wpi_devclass;
303 DRIVER_MODULE(wpi, pci, wpi_driver, wpi_devclass, NULL, NULL);
305 MODULE_VERSION(wpi, 1);
307 MODULE_DEPEND(wpi, pci, 1, 1, 1);
308 MODULE_DEPEND(wpi, wlan, 1, 1, 1);
309 MODULE_DEPEND(wpi, firmware, 1, 1, 1);
312 wpi_probe(device_t dev)
314 const struct wpi_ident *ident;
316 for (ident = wpi_ident_table; ident->name != NULL; ident++) {
317 if (pci_get_vendor(dev) == ident->vendor &&
318 pci_get_device(dev) == ident->device) {
319 device_set_desc(dev, ident->name);
320 return (BUS_PROBE_DEFAULT);
327 wpi_attach(device_t dev)
329 struct wpi_softc *sc = (struct wpi_softc *)device_get_softc(dev);
330 struct ieee80211com *ic;
335 const struct wpi_ident *ident;
337 uint8_t macaddr[IEEE80211_ADDR_LEN];
342 error = resource_int_value(device_get_name(sc->sc_dev),
343 device_get_unit(sc->sc_dev), "debug", &(sc->sc_debug));
350 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
353 * Get the offset of the PCI Express Capability Structure in PCI
354 * Configuration Space.
356 error = pci_find_cap(dev, PCIY_EXPRESS, &sc->sc_cap_off);
358 device_printf(dev, "PCIe capability structure not found!\n");
363 * Some card's only support 802.11b/g not a, check to see if
364 * this is one such card. A 0x0 in the subdevice table indicates
365 * the entire subdevice range is to be ignored.
368 for (ident = wpi_ident_table; ident->name != NULL; ident++) {
369 if (ident->subdevice &&
370 pci_get_subdevice(dev) == ident->subdevice) {
377 /* Clear device-specific "PCI retry timeout" register (41h). */
378 pci_write_config(dev, 0x41, 0, 1);
380 /* Enable bus-mastering. */
381 pci_enable_busmaster(dev);
384 sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &rid,
386 if (sc->mem == NULL) {
387 device_printf(dev, "can't map mem space\n");
390 sc->sc_st = rman_get_bustag(sc->mem);
391 sc->sc_sh = rman_get_bushandle(sc->mem);
395 if (pci_alloc_msi(dev, &i) == 0)
397 /* Install interrupt handler. */
398 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &rid, RF_ACTIVE |
399 (rid != 0 ? 0 : RF_SHAREABLE));
400 if (sc->irq == NULL) {
401 device_printf(dev, "can't map interrupt\n");
407 WPI_TX_LOCK_INIT(sc);
408 WPI_RXON_LOCK_INIT(sc);
409 WPI_NT_LOCK_INIT(sc);
410 WPI_TXQ_LOCK_INIT(sc);
411 WPI_TXQ_STATE_LOCK_INIT(sc);
413 /* Allocate DMA memory for firmware transfers. */
414 if ((error = wpi_alloc_fwmem(sc)) != 0) {
416 "could not allocate memory for firmware, error %d\n",
421 /* Allocate shared page. */
422 if ((error = wpi_alloc_shared(sc)) != 0) {
423 device_printf(dev, "could not allocate shared page\n");
427 /* Allocate TX rings - 4 for QoS purposes, 1 for commands. */
428 for (i = 0; i < WPI_NTXQUEUES; i++) {
429 if ((error = wpi_alloc_tx_ring(sc, &sc->txq[i], i)) != 0) {
431 "could not allocate TX ring %d, error %d\n", i,
437 /* Allocate RX ring. */
438 if ((error = wpi_alloc_rx_ring(sc)) != 0) {
439 device_printf(dev, "could not allocate RX ring, error %d\n",
444 /* Clear pending interrupts. */
445 WPI_WRITE(sc, WPI_INT, 0xffffffff);
447 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
449 device_printf(dev, "can not allocate ifnet structure\n");
455 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
456 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
458 /* Set device capabilities. */
460 IEEE80211_C_STA /* station mode supported */
461 | IEEE80211_C_IBSS /* IBSS mode supported */
462 | IEEE80211_C_HOSTAP /* Host access point mode */
463 | IEEE80211_C_MONITOR /* monitor mode supported */
464 | IEEE80211_C_AHDEMO /* adhoc demo mode */
465 | IEEE80211_C_BGSCAN /* capable of bg scanning */
466 | IEEE80211_C_TXPMGT /* tx power management */
467 | IEEE80211_C_SHSLOT /* short slot time supported */
468 | IEEE80211_C_WPA /* 802.11i */
469 | IEEE80211_C_SHPREAMBLE /* short preamble supported */
470 | IEEE80211_C_WME /* 802.11e */
471 | IEEE80211_C_PMGT /* Station-side power mgmt */
475 IEEE80211_CRYPTO_AES_CCM;
478 * Read in the eeprom and also setup the channels for
479 * net80211. We don't set the rates as net80211 does this for us
481 if ((error = wpi_read_eeprom(sc, macaddr)) != 0) {
482 device_printf(dev, "could not read EEPROM, error %d\n",
489 device_printf(sc->sc_dev, "Regulatory Domain: %.4s\n",
491 device_printf(sc->sc_dev, "Hardware Type: %c\n",
492 sc->type > 1 ? 'B': '?');
493 device_printf(sc->sc_dev, "Hardware Revision: %c\n",
494 ((sc->rev & 0xf0) == 0xd0) ? 'D': '?');
495 device_printf(sc->sc_dev, "SKU %s support 802.11a\n",
496 supportsa ? "does" : "does not");
498 /* XXX hw_config uses the PCIDEV for the Hardware rev. Must
499 check what sc->rev really represents - benjsc 20070615 */
503 if_initname(ifp, device_get_name(dev), device_get_unit(dev));
505 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
506 ifp->if_init = wpi_init;
507 ifp->if_ioctl = wpi_ioctl;
508 ifp->if_start = wpi_start;
509 IFQ_SET_MAXLEN(&ifp->if_snd, ifqmaxlen);
510 ifp->if_snd.ifq_drv_maxlen = ifqmaxlen;
511 IFQ_SET_READY(&ifp->if_snd);
513 ieee80211_ifattach(ic, macaddr);
514 ic->ic_vap_create = wpi_vap_create;
515 ic->ic_vap_delete = wpi_vap_delete;
516 ic->ic_raw_xmit = wpi_raw_xmit;
517 ic->ic_node_alloc = wpi_node_alloc;
518 sc->sc_node_free = ic->ic_node_free;
519 ic->ic_node_free = wpi_node_free;
520 ic->ic_wme.wme_update = wpi_updateedca;
521 ic->ic_update_promisc = wpi_update_promisc;
522 ic->ic_update_mcast = wpi_update_mcast;
523 ic->ic_newassoc = wpi_newassoc;
524 ic->ic_scan_start = wpi_scan_start;
525 ic->ic_scan_end = wpi_scan_end;
526 ic->ic_set_channel = wpi_set_channel;
527 ic->ic_scan_curchan = wpi_scan_curchan;
528 ic->ic_scan_mindwell = wpi_scan_mindwell;
529 ic->ic_setregdomain = wpi_setregdomain;
531 sc->sc_update_rx_ring = wpi_update_rx_ring;
532 sc->sc_update_tx_ring = wpi_update_tx_ring;
534 wpi_radiotap_attach(sc);
536 callout_init_mtx(&sc->calib_to, &sc->rxon_mtx, 0);
537 callout_init_mtx(&sc->scan_timeout, &sc->rxon_mtx, 0);
538 callout_init_mtx(&sc->tx_timeout, &sc->txq_state_mtx, 0);
539 callout_init_mtx(&sc->watchdog_rfkill, &sc->sc_mtx, 0);
540 TASK_INIT(&sc->sc_reinittask, 0, wpi_hw_reset, sc);
541 TASK_INIT(&sc->sc_radiooff_task, 0, wpi_radio_off, sc);
542 TASK_INIT(&sc->sc_radioon_task, 0, wpi_radio_on, sc);
543 TASK_INIT(&sc->sc_start_task, 0, wpi_start_task, sc);
545 sc->sc_tq = taskqueue_create("wpi_taskq", M_WAITOK,
546 taskqueue_thread_enqueue, &sc->sc_tq);
547 error = taskqueue_start_threads(&sc->sc_tq, 1, 0, "wpi_taskq");
549 device_printf(dev, "can't start threads, error %d\n", error);
553 wpi_sysctlattach(sc);
556 * Hook our interrupt after all initialization is complete.
558 error = bus_setup_intr(dev, sc->irq, INTR_TYPE_NET | INTR_MPSAFE,
559 NULL, wpi_intr, sc, &sc->sc_ih);
561 device_printf(dev, "can't establish interrupt, error %d\n",
567 ieee80211_announce(ic);
570 if (sc->sc_debug & WPI_DEBUG_HW)
571 ieee80211_announce_channels(ic);
574 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
577 fail: wpi_detach(dev);
578 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
583 * Attach the interface to 802.11 radiotap.
586 wpi_radiotap_attach(struct wpi_softc *sc)
588 struct ifnet *ifp = sc->sc_ifp;
589 struct ieee80211com *ic = ifp->if_l2com;
590 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
591 ieee80211_radiotap_attach(ic,
592 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
593 WPI_TX_RADIOTAP_PRESENT,
594 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
595 WPI_RX_RADIOTAP_PRESENT);
596 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
600 wpi_sysctlattach(struct wpi_softc *sc)
603 struct sysctl_ctx_list *ctx = device_get_sysctl_ctx(sc->sc_dev);
604 struct sysctl_oid *tree = device_get_sysctl_tree(sc->sc_dev);
606 SYSCTL_ADD_INT(ctx, SYSCTL_CHILDREN(tree), OID_AUTO,
607 "debug", CTLFLAG_RW, &sc->sc_debug, sc->sc_debug,
608 "control debugging printfs");
613 wpi_init_beacon(struct wpi_vap *wvp)
615 struct wpi_buf *bcn = &wvp->wv_bcbuf;
616 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data;
618 cmd->id = WPI_ID_BROADCAST;
619 cmd->ofdm_mask = 0xff;
620 cmd->cck_mask = 0x0f;
621 cmd->lifetime = htole32(WPI_LIFETIME_INFINITE);
624 * XXX WPI_TX_AUTO_SEQ seems to be ignored - workaround this issue
625 * XXX by using WPI_TX_NEED_ACK instead (with some side effects).
627 cmd->flags = htole32(WPI_TX_NEED_ACK | WPI_TX_INSERT_TSTAMP);
629 bcn->code = WPI_CMD_SET_BEACON;
630 bcn->ac = WPI_CMD_QUEUE_NUM;
631 bcn->size = sizeof(struct wpi_cmd_beacon);
634 static struct ieee80211vap *
635 wpi_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
636 enum ieee80211_opmode opmode, int flags,
637 const uint8_t bssid[IEEE80211_ADDR_LEN],
638 const uint8_t mac[IEEE80211_ADDR_LEN])
641 struct ieee80211vap *vap;
643 if (!TAILQ_EMPTY(&ic->ic_vaps)) /* only one at a time */
646 wvp = (struct wpi_vap *) malloc(sizeof(struct wpi_vap),
647 M_80211_VAP, M_NOWAIT | M_ZERO);
651 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
653 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) {
654 WPI_VAP_LOCK_INIT(wvp);
655 wpi_init_beacon(wvp);
658 /* Override with driver methods. */
659 vap->iv_key_set = wpi_key_set;
660 vap->iv_key_delete = wpi_key_delete;
661 wvp->wv_recv_mgmt = vap->iv_recv_mgmt;
662 vap->iv_recv_mgmt = wpi_recv_mgmt;
663 wvp->wv_newstate = vap->iv_newstate;
664 vap->iv_newstate = wpi_newstate;
665 vap->iv_update_beacon = wpi_update_beacon;
666 vap->iv_max_aid = WPI_ID_IBSS_MAX - WPI_ID_IBSS_MIN + 1;
668 ieee80211_ratectl_init(vap);
669 /* Complete setup. */
670 ieee80211_vap_attach(vap, ieee80211_media_change,
671 ieee80211_media_status);
672 ic->ic_opmode = opmode;
677 wpi_vap_delete(struct ieee80211vap *vap)
679 struct wpi_vap *wvp = WPI_VAP(vap);
680 struct wpi_buf *bcn = &wvp->wv_bcbuf;
681 enum ieee80211_opmode opmode = vap->iv_opmode;
683 ieee80211_ratectl_deinit(vap);
684 ieee80211_vap_detach(vap);
686 if (opmode == IEEE80211_M_IBSS || opmode == IEEE80211_M_HOSTAP) {
690 WPI_VAP_LOCK_DESTROY(wvp);
693 free(wvp, M_80211_VAP);
697 wpi_detach(device_t dev)
699 struct wpi_softc *sc = device_get_softc(dev);
700 struct ifnet *ifp = sc->sc_ifp;
701 struct ieee80211com *ic;
704 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
709 ieee80211_draintask(ic, &sc->sc_radioon_task);
710 ieee80211_draintask(ic, &sc->sc_start_task);
714 taskqueue_drain_all(sc->sc_tq);
715 taskqueue_free(sc->sc_tq);
717 callout_drain(&sc->watchdog_rfkill);
718 callout_drain(&sc->tx_timeout);
719 callout_drain(&sc->scan_timeout);
720 callout_drain(&sc->calib_to);
721 ieee80211_ifdetach(ic);
724 /* Uninstall interrupt handler. */
725 if (sc->irq != NULL) {
726 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
727 bus_release_resource(dev, SYS_RES_IRQ, rman_get_rid(sc->irq),
729 pci_release_msi(dev);
732 if (sc->txq[0].data_dmat) {
733 /* Free DMA resources. */
734 for (qid = 0; qid < WPI_NTXQUEUES; qid++)
735 wpi_free_tx_ring(sc, &sc->txq[qid]);
737 wpi_free_rx_ring(sc);
745 bus_release_resource(dev, SYS_RES_MEMORY,
746 rman_get_rid(sc->mem), sc->mem);
751 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
752 WPI_TXQ_STATE_LOCK_DESTROY(sc);
753 WPI_TXQ_LOCK_DESTROY(sc);
754 WPI_NT_LOCK_DESTROY(sc);
755 WPI_RXON_LOCK_DESTROY(sc);
756 WPI_TX_LOCK_DESTROY(sc);
757 WPI_LOCK_DESTROY(sc);
762 wpi_shutdown(device_t dev)
764 struct wpi_softc *sc = device_get_softc(dev);
771 wpi_suspend(device_t dev)
773 struct wpi_softc *sc = device_get_softc(dev);
774 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
776 ieee80211_suspend_all(ic);
781 wpi_resume(device_t dev)
783 struct wpi_softc *sc = device_get_softc(dev);
784 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
786 /* Clear device-specific "PCI retry timeout" register (41h). */
787 pci_write_config(dev, 0x41, 0, 1);
789 ieee80211_resume_all(ic);
794 * Grab exclusive access to NIC memory.
797 wpi_nic_lock(struct wpi_softc *sc)
801 /* Request exclusive access to NIC. */
802 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
804 /* Spin until we actually get the lock. */
805 for (ntries = 0; ntries < 1000; ntries++) {
806 if ((WPI_READ(sc, WPI_GP_CNTRL) &
807 (WPI_GP_CNTRL_MAC_ACCESS_ENA | WPI_GP_CNTRL_SLEEP)) ==
808 WPI_GP_CNTRL_MAC_ACCESS_ENA)
813 device_printf(sc->sc_dev, "could not lock memory\n");
819 * Release lock on NIC memory.
822 wpi_nic_unlock(struct wpi_softc *sc)
824 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
827 static __inline uint32_t
828 wpi_prph_read(struct wpi_softc *sc, uint32_t addr)
830 WPI_WRITE(sc, WPI_PRPH_RADDR, WPI_PRPH_DWORD | addr);
831 WPI_BARRIER_READ_WRITE(sc);
832 return WPI_READ(sc, WPI_PRPH_RDATA);
836 wpi_prph_write(struct wpi_softc *sc, uint32_t addr, uint32_t data)
838 WPI_WRITE(sc, WPI_PRPH_WADDR, WPI_PRPH_DWORD | addr);
839 WPI_BARRIER_WRITE(sc);
840 WPI_WRITE(sc, WPI_PRPH_WDATA, data);
844 wpi_prph_setbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask)
846 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) | mask);
850 wpi_prph_clrbits(struct wpi_softc *sc, uint32_t addr, uint32_t mask)
852 wpi_prph_write(sc, addr, wpi_prph_read(sc, addr) & ~mask);
856 wpi_prph_write_region_4(struct wpi_softc *sc, uint32_t addr,
857 const uint32_t *data, int count)
859 for (; count > 0; count--, data++, addr += 4)
860 wpi_prph_write(sc, addr, *data);
863 static __inline uint32_t
864 wpi_mem_read(struct wpi_softc *sc, uint32_t addr)
866 WPI_WRITE(sc, WPI_MEM_RADDR, addr);
867 WPI_BARRIER_READ_WRITE(sc);
868 return WPI_READ(sc, WPI_MEM_RDATA);
872 wpi_mem_read_region_4(struct wpi_softc *sc, uint32_t addr, uint32_t *data,
875 for (; count > 0; count--, addr += 4)
876 *data++ = wpi_mem_read(sc, addr);
880 wpi_read_prom_data(struct wpi_softc *sc, uint32_t addr, void *data, int count)
886 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
888 if ((error = wpi_nic_lock(sc)) != 0)
891 for (; count > 0; count -= 2, addr++) {
892 WPI_WRITE(sc, WPI_EEPROM, addr << 2);
893 for (ntries = 0; ntries < 10; ntries++) {
894 val = WPI_READ(sc, WPI_EEPROM);
895 if (val & WPI_EEPROM_READ_VALID)
900 device_printf(sc->sc_dev,
901 "timeout reading ROM at 0x%x\n", addr);
911 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
917 wpi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
921 KASSERT(nsegs == 1, ("too many DMA segments, %d should be 1", nsegs));
922 *(bus_addr_t *)arg = segs[0].ds_addr;
926 * Allocates a contiguous block of dma memory of the requested size and
930 wpi_dma_contig_alloc(struct wpi_softc *sc, struct wpi_dma_info *dma,
931 void **kvap, bus_size_t size, bus_size_t alignment)
938 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), alignment,
939 0, BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, size,
940 1, size, BUS_DMA_NOWAIT, NULL, NULL, &dma->tag);
944 error = bus_dmamem_alloc(dma->tag, (void **)&dma->vaddr,
945 BUS_DMA_NOWAIT | BUS_DMA_ZERO | BUS_DMA_COHERENT, &dma->map);
949 error = bus_dmamap_load(dma->tag, dma->map, dma->vaddr, size,
950 wpi_dma_map_addr, &dma->paddr, BUS_DMA_NOWAIT);
954 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
961 fail: wpi_dma_contig_free(dma);
966 wpi_dma_contig_free(struct wpi_dma_info *dma)
968 if (dma->vaddr != NULL) {
969 bus_dmamap_sync(dma->tag, dma->map,
970 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
971 bus_dmamap_unload(dma->tag, dma->map);
972 bus_dmamem_free(dma->tag, dma->vaddr, dma->map);
975 if (dma->tag != NULL) {
976 bus_dma_tag_destroy(dma->tag);
982 * Allocate a shared page between host and NIC.
985 wpi_alloc_shared(struct wpi_softc *sc)
987 /* Shared buffer must be aligned on a 4KB boundary. */
988 return wpi_dma_contig_alloc(sc, &sc->shared_dma,
989 (void **)&sc->shared, sizeof (struct wpi_shared), 4096);
993 wpi_free_shared(struct wpi_softc *sc)
995 wpi_dma_contig_free(&sc->shared_dma);
999 * Allocate DMA-safe memory for firmware transfer.
1002 wpi_alloc_fwmem(struct wpi_softc *sc)
1004 /* Must be aligned on a 16-byte boundary. */
1005 return wpi_dma_contig_alloc(sc, &sc->fw_dma, NULL,
1006 WPI_FW_TEXT_MAXSZ + WPI_FW_DATA_MAXSZ, 16);
1010 wpi_free_fwmem(struct wpi_softc *sc)
1012 wpi_dma_contig_free(&sc->fw_dma);
1016 wpi_alloc_rx_ring(struct wpi_softc *sc)
1018 struct wpi_rx_ring *ring = &sc->rxq;
1025 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
1027 /* Allocate RX descriptors (16KB aligned.) */
1028 size = WPI_RX_RING_COUNT * sizeof (uint32_t);
1029 error = wpi_dma_contig_alloc(sc, &ring->desc_dma,
1030 (void **)&ring->desc, size, WPI_RING_DMA_ALIGN);
1032 device_printf(sc->sc_dev,
1033 "%s: could not allocate RX ring DMA memory, error %d\n",
1038 /* Create RX buffer DMA tag. */
1039 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
1040 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL,
1041 MJUMPAGESIZE, 1, MJUMPAGESIZE, BUS_DMA_NOWAIT, NULL, NULL,
1044 device_printf(sc->sc_dev,
1045 "%s: could not create RX buf DMA tag, error %d\n",
1051 * Allocate and map RX buffers.
1053 for (i = 0; i < WPI_RX_RING_COUNT; i++) {
1054 struct wpi_rx_data *data = &ring->data[i];
1057 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1059 device_printf(sc->sc_dev,
1060 "%s: could not create RX buf DMA map, error %d\n",
1065 data->m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE);
1066 if (data->m == NULL) {
1067 device_printf(sc->sc_dev,
1068 "%s: could not allocate RX mbuf\n", __func__);
1073 error = bus_dmamap_load(ring->data_dmat, data->map,
1074 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr,
1075 &paddr, BUS_DMA_NOWAIT);
1076 if (error != 0 && error != EFBIG) {
1077 device_printf(sc->sc_dev,
1078 "%s: can't map mbuf (error %d)\n", __func__,
1083 /* Set physical address of RX buffer. */
1084 ring->desc[i] = htole32(paddr);
1087 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1088 BUS_DMASYNC_PREWRITE);
1090 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
1094 fail: wpi_free_rx_ring(sc);
1096 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
1102 wpi_update_rx_ring(struct wpi_softc *sc)
1104 WPI_WRITE(sc, WPI_FH_RX_WPTR, sc->rxq.cur & ~7);
1108 wpi_update_rx_ring_ps(struct wpi_softc *sc)
1110 struct wpi_rx_ring *ring = &sc->rxq;
1112 if (ring->update != 0) {
1113 /* Wait for INT_WAKEUP event. */
1117 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
1118 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_SLEEP) {
1119 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s: wakeup request\n",
1123 wpi_update_rx_ring(sc);
1124 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
1129 wpi_reset_rx_ring(struct wpi_softc *sc)
1131 struct wpi_rx_ring *ring = &sc->rxq;
1134 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
1136 if (wpi_nic_lock(sc) == 0) {
1137 WPI_WRITE(sc, WPI_FH_RX_CONFIG, 0);
1138 for (ntries = 0; ntries < 1000; ntries++) {
1139 if (WPI_READ(sc, WPI_FH_RX_STATUS) &
1140 WPI_FH_RX_STATUS_IDLE)
1152 wpi_free_rx_ring(struct wpi_softc *sc)
1154 struct wpi_rx_ring *ring = &sc->rxq;
1157 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
1159 wpi_dma_contig_free(&ring->desc_dma);
1161 for (i = 0; i < WPI_RX_RING_COUNT; i++) {
1162 struct wpi_rx_data *data = &ring->data[i];
1164 if (data->m != NULL) {
1165 bus_dmamap_sync(ring->data_dmat, data->map,
1166 BUS_DMASYNC_POSTREAD);
1167 bus_dmamap_unload(ring->data_dmat, data->map);
1171 if (data->map != NULL)
1172 bus_dmamap_destroy(ring->data_dmat, data->map);
1174 if (ring->data_dmat != NULL) {
1175 bus_dma_tag_destroy(ring->data_dmat);
1176 ring->data_dmat = NULL;
1181 wpi_alloc_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring, int qid)
1192 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
1194 /* Allocate TX descriptors (16KB aligned.) */
1195 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_desc);
1196 error = wpi_dma_contig_alloc(sc, &ring->desc_dma, (void **)&ring->desc,
1197 size, WPI_RING_DMA_ALIGN);
1199 device_printf(sc->sc_dev,
1200 "%s: could not allocate TX ring DMA memory, error %d\n",
1205 /* Update shared area with ring physical address. */
1206 sc->shared->txbase[qid] = htole32(ring->desc_dma.paddr);
1207 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map,
1208 BUS_DMASYNC_PREWRITE);
1211 * We only use rings 0 through 4 (4 EDCA + cmd) so there is no need
1212 * to allocate commands space for other rings.
1213 * XXX Do we really need to allocate descriptors for other rings?
1215 if (qid > WPI_CMD_QUEUE_NUM) {
1216 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
1220 size = WPI_TX_RING_COUNT * sizeof (struct wpi_tx_cmd);
1221 error = wpi_dma_contig_alloc(sc, &ring->cmd_dma, (void **)&ring->cmd,
1224 device_printf(sc->sc_dev,
1225 "%s: could not allocate TX cmd DMA memory, error %d\n",
1230 error = bus_dma_tag_create(bus_get_dma_tag(sc->sc_dev), 1, 0,
1231 BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES,
1232 WPI_MAX_SCATTER - 1, MCLBYTES, BUS_DMA_NOWAIT, NULL, NULL,
1235 device_printf(sc->sc_dev,
1236 "%s: could not create TX buf DMA tag, error %d\n",
1241 paddr = ring->cmd_dma.paddr;
1242 for (i = 0; i < WPI_TX_RING_COUNT; i++) {
1243 struct wpi_tx_data *data = &ring->data[i];
1245 data->cmd_paddr = paddr;
1246 paddr += sizeof (struct wpi_tx_cmd);
1248 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
1250 device_printf(sc->sc_dev,
1251 "%s: could not create TX buf DMA map, error %d\n",
1257 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
1261 fail: wpi_free_tx_ring(sc, ring);
1262 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
1267 wpi_update_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring)
1269 WPI_WRITE(sc, WPI_HBUS_TARG_WRPTR, ring->qid << 8 | ring->cur);
1273 wpi_update_tx_ring_ps(struct wpi_softc *sc, struct wpi_tx_ring *ring)
1276 if (ring->update != 0) {
1277 /* Wait for INT_WAKEUP event. */
1281 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
1282 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_SLEEP) {
1283 DPRINTF(sc, WPI_DEBUG_PWRSAVE, "%s (%d): requesting wakeup\n",
1284 __func__, ring->qid);
1287 wpi_update_tx_ring(sc, ring);
1288 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
1293 wpi_reset_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring)
1297 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
1299 for (i = 0; i < WPI_TX_RING_COUNT; i++) {
1300 struct wpi_tx_data *data = &ring->data[i];
1302 if (data->m != NULL) {
1303 bus_dmamap_sync(ring->data_dmat, data->map,
1304 BUS_DMASYNC_POSTWRITE);
1305 bus_dmamap_unload(ring->data_dmat, data->map);
1309 if (data->ni != NULL) {
1310 ieee80211_free_node(data->ni);
1314 /* Clear TX descriptors. */
1315 memset(ring->desc, 0, ring->desc_dma.size);
1316 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
1317 BUS_DMASYNC_PREWRITE);
1318 sc->qfullmsk &= ~(1 << ring->qid);
1325 wpi_free_tx_ring(struct wpi_softc *sc, struct wpi_tx_ring *ring)
1329 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
1331 wpi_dma_contig_free(&ring->desc_dma);
1332 wpi_dma_contig_free(&ring->cmd_dma);
1334 for (i = 0; i < WPI_TX_RING_COUNT; i++) {
1335 struct wpi_tx_data *data = &ring->data[i];
1337 if (data->m != NULL) {
1338 bus_dmamap_sync(ring->data_dmat, data->map,
1339 BUS_DMASYNC_POSTWRITE);
1340 bus_dmamap_unload(ring->data_dmat, data->map);
1343 if (data->map != NULL)
1344 bus_dmamap_destroy(ring->data_dmat, data->map);
1346 if (ring->data_dmat != NULL) {
1347 bus_dma_tag_destroy(ring->data_dmat);
1348 ring->data_dmat = NULL;
1353 * Extract various information from EEPROM.
1356 wpi_read_eeprom(struct wpi_softc *sc, uint8_t macaddr[IEEE80211_ADDR_LEN])
1358 #define WPI_CHK(res) do { \
1359 if ((error = res) != 0) \
1364 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
1366 /* Adapter has to be powered on for EEPROM access to work. */
1367 if ((error = wpi_apm_init(sc)) != 0) {
1368 device_printf(sc->sc_dev,
1369 "%s: could not power ON adapter, error %d\n", __func__,
1374 if ((WPI_READ(sc, WPI_EEPROM_GP) & 0x6) == 0) {
1375 device_printf(sc->sc_dev, "bad EEPROM signature\n");
1379 /* Clear HW ownership of EEPROM. */
1380 WPI_CLRBITS(sc, WPI_EEPROM_GP, WPI_EEPROM_GP_IF_OWNER);
1382 /* Read the hardware capabilities, revision and SKU type. */
1383 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_SKU_CAP, &sc->cap,
1385 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_REVISION, &sc->rev,
1387 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_TYPE, &sc->type,
1390 sc->rev = le16toh(sc->rev);
1391 DPRINTF(sc, WPI_DEBUG_EEPROM, "cap=%x rev=%x type=%x\n", sc->cap,
1394 /* Read the regulatory domain (4 ASCII characters.) */
1395 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_DOMAIN, sc->domain,
1396 sizeof(sc->domain)));
1398 /* Read MAC address. */
1399 WPI_CHK(wpi_read_prom_data(sc, WPI_EEPROM_MAC, macaddr,
1400 IEEE80211_ADDR_LEN));
1402 /* Read the list of authorized channels. */
1403 for (i = 0; i < WPI_CHAN_BANDS_COUNT; i++)
1404 WPI_CHK(wpi_read_eeprom_channels(sc, i));
1406 /* Read the list of TX power groups. */
1407 for (i = 0; i < WPI_POWER_GROUPS_COUNT; i++)
1408 WPI_CHK(wpi_read_eeprom_group(sc, i));
1410 fail: wpi_apm_stop(sc); /* Power OFF adapter. */
1412 DPRINTF(sc, WPI_DEBUG_TRACE, error ? TRACE_STR_END_ERR : TRACE_STR_END,
1420 * Translate EEPROM flags to net80211.
1423 wpi_eeprom_channel_flags(struct wpi_eeprom_chan *channel)
1428 if ((channel->flags & WPI_EEPROM_CHAN_ACTIVE) == 0)
1429 nflags |= IEEE80211_CHAN_PASSIVE;
1430 if ((channel->flags & WPI_EEPROM_CHAN_IBSS) == 0)
1431 nflags |= IEEE80211_CHAN_NOADHOC;
1432 if (channel->flags & WPI_EEPROM_CHAN_RADAR) {
1433 nflags |= IEEE80211_CHAN_DFS;
1434 /* XXX apparently IBSS may still be marked */
1435 nflags |= IEEE80211_CHAN_NOADHOC;
1438 /* XXX HOSTAP uses WPI_MODE_IBSS */
1439 if (nflags & IEEE80211_CHAN_NOADHOC)
1440 nflags |= IEEE80211_CHAN_NOHOSTAP;
1446 wpi_read_eeprom_band(struct wpi_softc *sc, int n)
1448 struct ifnet *ifp = sc->sc_ifp;
1449 struct ieee80211com *ic = ifp->if_l2com;
1450 struct wpi_eeprom_chan *channels = sc->eeprom_channels[n];
1451 const struct wpi_chan_band *band = &wpi_bands[n];
1452 struct ieee80211_channel *c;
1456 for (i = 0; i < band->nchan; i++) {
1457 if (!(channels[i].flags & WPI_EEPROM_CHAN_VALID)) {
1458 DPRINTF(sc, WPI_DEBUG_EEPROM,
1459 "Channel Not Valid: %d, band %d\n",
1464 chan = band->chan[i];
1465 nflags = wpi_eeprom_channel_flags(&channels[i]);
1467 c = &ic->ic_channels[ic->ic_nchans++];
1469 c->ic_maxregpower = channels[i].maxpwr;
1470 c->ic_maxpower = 2*c->ic_maxregpower;
1472 if (n == 0) { /* 2GHz band */
1473 c->ic_freq = ieee80211_ieee2mhz(chan,
1476 /* G =>'s B is supported */
1477 c->ic_flags = IEEE80211_CHAN_B | nflags;
1478 c = &ic->ic_channels[ic->ic_nchans++];
1480 c->ic_flags = IEEE80211_CHAN_G | nflags;
1481 } else { /* 5GHz band */
1482 c->ic_freq = ieee80211_ieee2mhz(chan,
1485 c->ic_flags = IEEE80211_CHAN_A | nflags;
1488 /* Save maximum allowed TX power for this channel. */
1489 sc->maxpwr[chan] = channels[i].maxpwr;
1491 DPRINTF(sc, WPI_DEBUG_EEPROM,
1492 "adding chan %d (%dMHz) flags=0x%x maxpwr=%d passive=%d,"
1493 " offset %d\n", chan, c->ic_freq,
1494 channels[i].flags, sc->maxpwr[chan],
1495 IEEE80211_IS_CHAN_PASSIVE(c), ic->ic_nchans);
1500 * Read the eeprom to find out what channels are valid for the given
1501 * band and update net80211 with what we find.
1504 wpi_read_eeprom_channels(struct wpi_softc *sc, int n)
1506 struct ifnet *ifp = sc->sc_ifp;
1507 struct ieee80211com *ic = ifp->if_l2com;
1508 const struct wpi_chan_band *band = &wpi_bands[n];
1511 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
1513 error = wpi_read_prom_data(sc, band->addr, &sc->eeprom_channels[n],
1514 band->nchan * sizeof (struct wpi_eeprom_chan));
1516 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
1520 wpi_read_eeprom_band(sc, n);
1522 ieee80211_sort_channels(ic->ic_channels, ic->ic_nchans);
1524 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
1529 static struct wpi_eeprom_chan *
1530 wpi_find_eeprom_channel(struct wpi_softc *sc, struct ieee80211_channel *c)
1534 for (j = 0; j < WPI_CHAN_BANDS_COUNT; j++)
1535 for (i = 0; i < wpi_bands[j].nchan; i++)
1536 if (wpi_bands[j].chan[i] == c->ic_ieee)
1537 return &sc->eeprom_channels[j][i];
1543 * Enforce flags read from EEPROM.
1546 wpi_setregdomain(struct ieee80211com *ic, struct ieee80211_regdomain *rd,
1547 int nchan, struct ieee80211_channel chans[])
1549 struct ifnet *ifp = ic->ic_ifp;
1550 struct wpi_softc *sc = ifp->if_softc;
1553 for (i = 0; i < nchan; i++) {
1554 struct ieee80211_channel *c = &chans[i];
1555 struct wpi_eeprom_chan *channel;
1557 channel = wpi_find_eeprom_channel(sc, c);
1558 if (channel == NULL) {
1559 if_printf(ic->ic_ifp,
1560 "%s: invalid channel %u freq %u/0x%x\n",
1561 __func__, c->ic_ieee, c->ic_freq, c->ic_flags);
1564 c->ic_flags |= wpi_eeprom_channel_flags(channel);
1571 wpi_read_eeprom_group(struct wpi_softc *sc, int n)
1573 struct wpi_power_group *group = &sc->groups[n];
1574 struct wpi_eeprom_group rgroup;
1577 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
1579 if ((error = wpi_read_prom_data(sc, WPI_EEPROM_POWER_GRP + n * 32,
1580 &rgroup, sizeof rgroup)) != 0) {
1581 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
1585 /* Save TX power group information. */
1586 group->chan = rgroup.chan;
1587 group->maxpwr = rgroup.maxpwr;
1588 /* Retrieve temperature at which the samples were taken. */
1589 group->temp = (int16_t)le16toh(rgroup.temp);
1591 DPRINTF(sc, WPI_DEBUG_EEPROM,
1592 "power group %d: chan=%d maxpwr=%d temp=%d\n", n, group->chan,
1593 group->maxpwr, group->temp);
1595 for (i = 0; i < WPI_SAMPLES_COUNT; i++) {
1596 group->samples[i].index = rgroup.samples[i].index;
1597 group->samples[i].power = rgroup.samples[i].power;
1599 DPRINTF(sc, WPI_DEBUG_EEPROM,
1600 "\tsample %d: index=%d power=%d\n", i,
1601 group->samples[i].index, group->samples[i].power);
1604 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
1610 wpi_add_node_entry_adhoc(struct wpi_softc *sc)
1612 int newid = WPI_ID_IBSS_MIN;
1614 for (; newid <= WPI_ID_IBSS_MAX; newid++) {
1615 if ((sc->nodesmsk & (1 << newid)) == 0) {
1616 sc->nodesmsk |= 1 << newid;
1621 return WPI_ID_UNDEFINED;
1625 wpi_add_node_entry_sta(struct wpi_softc *sc)
1627 sc->nodesmsk |= 1 << WPI_ID_BSS;
1633 wpi_check_node_entry(struct wpi_softc *sc, uint8_t id)
1635 if (id == WPI_ID_UNDEFINED)
1638 return (sc->nodesmsk >> id) & 1;
1641 static __inline void
1642 wpi_clear_node_table(struct wpi_softc *sc)
1647 static __inline void
1648 wpi_del_node_entry(struct wpi_softc *sc, uint8_t id)
1650 sc->nodesmsk &= ~(1 << id);
1653 static struct ieee80211_node *
1654 wpi_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1656 struct wpi_node *wn;
1658 wn = malloc(sizeof (struct wpi_node), M_80211_NODE,
1664 wn->id = WPI_ID_UNDEFINED;
1670 wpi_node_free(struct ieee80211_node *ni)
1672 struct ieee80211com *ic = ni->ni_ic;
1673 struct wpi_softc *sc = ic->ic_ifp->if_softc;
1674 struct wpi_node *wn = WPI_NODE(ni);
1676 if (wn->id != WPI_ID_UNDEFINED) {
1678 if (wpi_check_node_entry(sc, wn->id)) {
1679 wpi_del_node_entry(sc, wn->id);
1680 wpi_del_node(sc, ni);
1685 sc->sc_node_free(ni);
1689 wpi_check_bss_filter(struct wpi_softc *sc)
1691 return (sc->rxon.filter & htole32(WPI_FILTER_BSS)) != 0;
1695 wpi_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m, int subtype, int rssi,
1698 struct ieee80211vap *vap = ni->ni_vap;
1699 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc;
1700 struct wpi_vap *wvp = WPI_VAP(vap);
1701 uint64_t ni_tstamp, rx_tstamp;
1703 wvp->wv_recv_mgmt(ni, m, subtype, rssi, nf);
1705 if (vap->iv_opmode == IEEE80211_M_IBSS &&
1706 vap->iv_state == IEEE80211_S_RUN &&
1707 (subtype == IEEE80211_FC0_SUBTYPE_BEACON ||
1708 subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)) {
1709 ni_tstamp = le64toh(ni->ni_tstamp.tsf);
1710 rx_tstamp = le64toh(sc->rx_tstamp);
1712 if (ni_tstamp >= rx_tstamp) {
1713 DPRINTF(sc, WPI_DEBUG_STATE,
1714 "ibss merge, tsf %ju tstamp %ju\n",
1715 (uintmax_t)rx_tstamp, (uintmax_t)ni_tstamp);
1716 (void) ieee80211_ibss_merge(ni);
1722 wpi_restore_node(void *arg, struct ieee80211_node *ni)
1724 struct wpi_softc *sc = arg;
1725 struct wpi_node *wn = WPI_NODE(ni);
1729 if (wn->id != WPI_ID_UNDEFINED) {
1730 wn->id = WPI_ID_UNDEFINED;
1731 if ((error = wpi_add_ibss_node(sc, ni)) != 0) {
1732 device_printf(sc->sc_dev,
1733 "%s: could not add IBSS node, error %d\n",
1741 wpi_restore_node_table(struct wpi_softc *sc, struct wpi_vap *wvp)
1743 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
1745 /* Set group keys once. */
1750 ieee80211_iterate_nodes(&ic->ic_sta, wpi_restore_node, sc);
1751 ieee80211_crypto_reload_keys(ic);
1755 * Called by net80211 when ever there is a change to 80211 state machine
1758 wpi_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1760 struct wpi_vap *wvp = WPI_VAP(vap);
1761 struct ieee80211com *ic = vap->iv_ic;
1762 struct ifnet *ifp = ic->ic_ifp;
1763 struct wpi_softc *sc = ifp->if_softc;
1766 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
1768 DPRINTF(sc, WPI_DEBUG_STATE, "%s: %s -> %s\n", __func__,
1769 ieee80211_state_name[vap->iv_state],
1770 ieee80211_state_name[nstate]);
1772 if (vap->iv_state == IEEE80211_S_RUN && nstate < IEEE80211_S_RUN) {
1773 if ((error = wpi_set_pslevel(sc, 0, 0, 1)) != 0) {
1774 device_printf(sc->sc_dev,
1775 "%s: could not set power saving level\n",
1780 wpi_set_led(sc, WPI_LED_LINK, 1, 0);
1784 case IEEE80211_S_SCAN:
1786 if (wpi_check_bss_filter(sc) != 0) {
1787 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS);
1788 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) {
1789 device_printf(sc->sc_dev,
1790 "%s: could not send RXON\n", __func__);
1793 WPI_RXON_UNLOCK(sc);
1796 case IEEE80211_S_ASSOC:
1797 if (vap->iv_state != IEEE80211_S_RUN)
1800 case IEEE80211_S_AUTH:
1802 * NB: do not optimize AUTH -> AUTH state transmission -
1803 * this will break powersave with non-QoS AP!
1807 * The node must be registered in the firmware before auth.
1808 * Also the associd must be cleared on RUN -> ASSOC
1811 if ((error = wpi_auth(sc, vap)) != 0) {
1812 device_printf(sc->sc_dev,
1813 "%s: could not move to AUTH state, error %d\n",
1818 case IEEE80211_S_RUN:
1820 * RUN -> RUN transition:
1821 * STA mode: Just restart the timers.
1822 * IBSS mode: Process IBSS merge.
1824 if (vap->iv_state == IEEE80211_S_RUN) {
1825 if (vap->iv_opmode != IEEE80211_M_IBSS) {
1827 wpi_calib_timeout(sc);
1828 WPI_RXON_UNLOCK(sc);
1832 * Drop the BSS_FILTER bit
1833 * (there is no another way to change bssid).
1836 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS);
1837 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) {
1838 device_printf(sc->sc_dev,
1839 "%s: could not send RXON\n",
1842 WPI_RXON_UNLOCK(sc);
1844 /* Restore all what was lost. */
1845 wpi_restore_node_table(sc, wvp);
1847 /* XXX set conditionally? */
1853 * !RUN -> RUN requires setting the association id
1854 * which is done with a firmware cmd. We also defer
1855 * starting the timers until that work is done.
1857 if ((error = wpi_run(sc, vap)) != 0) {
1858 device_printf(sc->sc_dev,
1859 "%s: could not move to RUN state\n", __func__);
1867 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
1871 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
1873 return wvp->wv_newstate(vap, nstate, arg);
1877 wpi_calib_timeout(void *arg)
1879 struct wpi_softc *sc = arg;
1881 if (wpi_check_bss_filter(sc) == 0)
1884 wpi_power_calibration(sc);
1886 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc);
1889 static __inline uint8_t
1890 rate2plcp(const uint8_t rate)
1893 case 12: return 0xd;
1894 case 18: return 0xf;
1895 case 24: return 0x5;
1896 case 36: return 0x7;
1897 case 48: return 0x9;
1898 case 72: return 0xb;
1899 case 96: return 0x1;
1900 case 108: return 0x3;
1904 case 22: return 110;
1909 static __inline uint8_t
1910 plcp2rate(const uint8_t plcp)
1913 case 0xd: return 12;
1914 case 0xf: return 18;
1915 case 0x5: return 24;
1916 case 0x7: return 36;
1917 case 0x9: return 48;
1918 case 0xb: return 72;
1919 case 0x1: return 96;
1920 case 0x3: return 108;
1924 case 110: return 22;
1929 /* Quickly determine if a given rate is CCK or OFDM. */
1930 #define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22)
1933 wpi_rx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc,
1934 struct wpi_rx_data *data)
1936 struct ifnet *ifp = sc->sc_ifp;
1937 struct ieee80211com *ic = ifp->if_l2com;
1938 struct wpi_rx_ring *ring = &sc->rxq;
1939 struct wpi_rx_stat *stat;
1940 struct wpi_rx_head *head;
1941 struct wpi_rx_tail *tail;
1942 struct ieee80211_frame *wh;
1943 struct ieee80211_node *ni;
1944 struct mbuf *m, *m1;
1950 stat = (struct wpi_rx_stat *)(desc + 1);
1952 if (stat->len > WPI_STAT_MAXLEN) {
1953 device_printf(sc->sc_dev, "invalid RX statistic header\n");
1957 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTREAD);
1958 head = (struct wpi_rx_head *)((caddr_t)(stat + 1) + stat->len);
1959 len = le16toh(head->len);
1960 tail = (struct wpi_rx_tail *)((caddr_t)(head + 1) + len);
1961 flags = le32toh(tail->flags);
1963 DPRINTF(sc, WPI_DEBUG_RECV, "%s: idx %d len %d stat len %u rssi %d"
1964 " rate %x chan %d tstamp %ju\n", __func__, ring->cur,
1965 le32toh(desc->len), len, (int8_t)stat->rssi,
1966 head->plcp, head->chan, (uintmax_t)le64toh(tail->tstamp));
1968 /* Discard frames with a bad FCS early. */
1969 if ((flags & WPI_RX_NOERROR) != WPI_RX_NOERROR) {
1970 DPRINTF(sc, WPI_DEBUG_RECV, "%s: RX flags error %x\n",
1974 /* Discard frames that are too short. */
1975 if (len < sizeof (*wh)) {
1976 DPRINTF(sc, WPI_DEBUG_RECV, "%s: frame too short: %d\n",
1981 m1 = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE);
1983 DPRINTF(sc, WPI_DEBUG_ANY, "%s: no mbuf to restock ring\n",
1987 bus_dmamap_unload(ring->data_dmat, data->map);
1989 error = bus_dmamap_load(ring->data_dmat, data->map, mtod(m1, void *),
1990 MJUMPAGESIZE, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT);
1991 if (error != 0 && error != EFBIG) {
1992 device_printf(sc->sc_dev,
1993 "%s: bus_dmamap_load failed, error %d\n", __func__, error);
1996 /* Try to reload the old mbuf. */
1997 error = bus_dmamap_load(ring->data_dmat, data->map,
1998 mtod(data->m, void *), MJUMPAGESIZE, wpi_dma_map_addr,
1999 &paddr, BUS_DMA_NOWAIT);
2000 if (error != 0 && error != EFBIG) {
2001 panic("%s: could not load old RX mbuf", __func__);
2003 /* Physical address may have changed. */
2004 ring->desc[ring->cur] = htole32(paddr);
2005 bus_dmamap_sync(ring->data_dmat, ring->desc_dma.map,
2006 BUS_DMASYNC_PREWRITE);
2012 /* Update RX descriptor. */
2013 ring->desc[ring->cur] = htole32(paddr);
2014 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2015 BUS_DMASYNC_PREWRITE);
2017 /* Finalize mbuf. */
2018 m->m_pkthdr.rcvif = ifp;
2019 m->m_data = (caddr_t)(head + 1);
2020 m->m_pkthdr.len = m->m_len = len;
2022 /* Grab a reference to the source node. */
2023 wh = mtod(m, struct ieee80211_frame *);
2025 if ((wh->i_fc[1] & IEEE80211_FC1_PROTECTED) &&
2026 (flags & WPI_RX_CIPHER_MASK) == WPI_RX_CIPHER_CCMP) {
2027 /* Check whether decryption was successful or not. */
2028 if ((flags & WPI_RX_DECRYPT_MASK) != WPI_RX_DECRYPT_OK) {
2029 DPRINTF(sc, WPI_DEBUG_RECV,
2030 "CCMP decryption failed 0x%x\n", flags);
2033 m->m_flags |= M_WEP;
2036 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
2037 sc->rx_tstamp = tail->tstamp;
2039 if (ieee80211_radiotap_active(ic)) {
2040 struct wpi_rx_radiotap_header *tap = &sc->sc_rxtap;
2043 if (head->flags & htole16(WPI_STAT_FLAG_SHPREAMBLE))
2044 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2045 tap->wr_dbm_antsignal = (int8_t)(stat->rssi + WPI_RSSI_OFFSET);
2046 tap->wr_dbm_antnoise = WPI_RSSI_OFFSET;
2047 tap->wr_tsft = tail->tstamp;
2048 tap->wr_antenna = (le16toh(head->flags) >> 4) & 0xf;
2049 tap->wr_rate = plcp2rate(head->plcp);
2054 /* Send the frame to the 802.11 layer. */
2056 (void)ieee80211_input(ni, m, stat->rssi, WPI_RSSI_OFFSET);
2057 /* Node is no longer needed. */
2058 ieee80211_free_node(ni);
2060 (void)ieee80211_input_all(ic, m, stat->rssi, WPI_RSSI_OFFSET);
2068 fail1: if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
2072 wpi_rx_statistics(struct wpi_softc *sc, struct wpi_rx_desc *desc,
2073 struct wpi_rx_data *data)
2079 wpi_tx_done(struct wpi_softc *sc, struct wpi_rx_desc *desc)
2081 struct ifnet *ifp = sc->sc_ifp;
2082 struct wpi_tx_ring *ring = &sc->txq[desc->qid & 0x3];
2083 struct wpi_tx_data *data = &ring->data[desc->idx];
2084 struct wpi_tx_stat *stat = (struct wpi_tx_stat *)(desc + 1);
2086 struct ieee80211_node *ni;
2087 struct ieee80211vap *vap;
2088 struct ieee80211com *ic;
2089 uint32_t status = le32toh(stat->status);
2090 int ackfailcnt = stat->ackfailcnt / WPI_NTRIES_DEFAULT;
2092 KASSERT(data->ni != NULL, ("no node"));
2093 KASSERT(data->m != NULL, ("no mbuf"));
2095 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
2097 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: "
2098 "qid %d idx %d retries %d btkillcnt %d rate %x duration %d "
2099 "status %x\n", __func__, desc->qid, desc->idx, stat->ackfailcnt,
2100 stat->btkillcnt, stat->rate, le32toh(stat->duration), status);
2102 /* Unmap and free mbuf. */
2103 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_POSTWRITE);
2104 bus_dmamap_unload(ring->data_dmat, data->map);
2105 m = data->m, data->m = NULL;
2106 ni = data->ni, data->ni = NULL;
2111 * Update rate control statistics for the node.
2113 if (status & WPI_TX_STATUS_FAIL) {
2114 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
2115 ieee80211_ratectl_tx_complete(vap, ni,
2116 IEEE80211_RATECTL_TX_FAILURE, &ackfailcnt, NULL);
2118 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
2119 ieee80211_ratectl_tx_complete(vap, ni,
2120 IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
2123 ieee80211_tx_complete(ni, m, (status & WPI_TX_STATUS_FAIL) != 0);
2125 WPI_TXQ_STATE_LOCK(sc);
2127 if (ring->queued > 0) {
2128 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc);
2130 if (sc->qfullmsk != 0 &&
2131 ring->queued < WPI_TX_RING_LOMARK) {
2132 sc->qfullmsk &= ~(1 << ring->qid);
2133 IF_LOCK(&ifp->if_snd);
2134 if (sc->qfullmsk == 0 &&
2135 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
2136 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2137 IF_UNLOCK(&ifp->if_snd);
2138 ieee80211_runtask(ic, &sc->sc_start_task);
2140 IF_UNLOCK(&ifp->if_snd);
2143 callout_stop(&sc->tx_timeout);
2144 WPI_TXQ_STATE_UNLOCK(sc);
2146 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
2150 * Process a "command done" firmware notification. This is where we wakeup
2151 * processes waiting for a synchronous command completion.
2154 wpi_cmd_done(struct wpi_softc *sc, struct wpi_rx_desc *desc)
2156 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM];
2157 struct wpi_tx_data *data;
2159 DPRINTF(sc, WPI_DEBUG_CMD, "cmd notification qid %x idx %d flags %x "
2160 "type %s len %d\n", desc->qid, desc->idx,
2161 desc->flags, wpi_cmd_str(desc->type),
2162 le32toh(desc->len));
2164 if ((desc->qid & WPI_RX_DESC_QID_MSK) != WPI_CMD_QUEUE_NUM)
2165 return; /* Not a command ack. */
2167 KASSERT(ring->queued == 0, ("ring->queued must be 0"));
2169 data = &ring->data[desc->idx];
2171 /* If the command was mapped in an mbuf, free it. */
2172 if (data->m != NULL) {
2173 bus_dmamap_sync(ring->data_dmat, data->map,
2174 BUS_DMASYNC_POSTWRITE);
2175 bus_dmamap_unload(ring->data_dmat, data->map);
2180 wakeup(&ring->cmd[desc->idx]);
2182 if (desc->type == WPI_CMD_SET_POWER_MODE) {
2184 if (sc->sc_flags & WPI_PS_PATH) {
2185 sc->sc_update_rx_ring = wpi_update_rx_ring_ps;
2186 sc->sc_update_tx_ring = wpi_update_tx_ring_ps;
2188 sc->sc_update_rx_ring = wpi_update_rx_ring;
2189 sc->sc_update_tx_ring = wpi_update_tx_ring;
2196 wpi_notif_intr(struct wpi_softc *sc)
2198 struct ifnet *ifp = sc->sc_ifp;
2199 struct ieee80211com *ic = ifp->if_l2com;
2200 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2203 bus_dmamap_sync(sc->shared_dma.tag, sc->shared_dma.map,
2204 BUS_DMASYNC_POSTREAD);
2206 hw = le32toh(sc->shared->next) & 0xfff;
2207 hw = (hw == 0) ? WPI_RX_RING_COUNT - 1 : hw - 1;
2209 while (sc->rxq.cur != hw) {
2210 sc->rxq.cur = (sc->rxq.cur + 1) % WPI_RX_RING_COUNT;
2212 struct wpi_rx_data *data = &sc->rxq.data[sc->rxq.cur];
2213 struct wpi_rx_desc *desc;
2215 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2216 BUS_DMASYNC_POSTREAD);
2217 desc = mtod(data->m, struct wpi_rx_desc *);
2219 DPRINTF(sc, WPI_DEBUG_NOTIFY,
2220 "%s: cur=%d; qid %x idx %d flags %x type %d(%s) len %d\n",
2221 __func__, sc->rxq.cur, desc->qid, desc->idx, desc->flags,
2222 desc->type, wpi_cmd_str(desc->type), le32toh(desc->len));
2224 if (!(desc->qid & WPI_UNSOLICITED_RX_NOTIF)) {
2225 /* Reply to a command. */
2226 wpi_cmd_done(sc, desc);
2229 switch (desc->type) {
2231 /* An 802.11 frame has been received. */
2232 wpi_rx_done(sc, desc, data);
2234 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
2235 /* wpi_stop() was called. */
2242 /* An 802.11 frame has been transmitted. */
2243 wpi_tx_done(sc, desc);
2246 case WPI_RX_STATISTICS:
2247 case WPI_BEACON_STATISTICS:
2248 wpi_rx_statistics(sc, desc, data);
2251 case WPI_BEACON_MISSED:
2253 struct wpi_beacon_missed *miss =
2254 (struct wpi_beacon_missed *)(desc + 1);
2255 uint32_t expected, misses, received, threshold;
2257 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2258 BUS_DMASYNC_POSTREAD);
2260 misses = le32toh(miss->consecutive);
2261 expected = le32toh(miss->expected);
2262 received = le32toh(miss->received);
2263 threshold = MAX(2, vap->iv_bmissthreshold);
2265 DPRINTF(sc, WPI_DEBUG_BMISS,
2266 "%s: beacons missed %u(%u) (received %u/%u)\n",
2267 __func__, misses, le32toh(miss->total), received,
2270 if (misses >= threshold ||
2271 (received == 0 && expected >= threshold)) {
2273 if (callout_pending(&sc->scan_timeout)) {
2274 wpi_cmd(sc, WPI_CMD_SCAN_ABORT, NULL,
2277 WPI_RXON_UNLOCK(sc);
2278 if (vap->iv_state == IEEE80211_S_RUN &&
2279 (ic->ic_flags & IEEE80211_F_SCAN) == 0)
2280 ieee80211_beacon_miss(ic);
2286 case WPI_BEACON_SENT:
2288 struct wpi_tx_stat *stat =
2289 (struct wpi_tx_stat *)(desc + 1);
2290 uint64_t *tsf = (uint64_t *)(stat + 1);
2291 uint32_t *mode = (uint32_t *)(tsf + 1);
2293 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2294 BUS_DMASYNC_POSTREAD);
2296 DPRINTF(sc, WPI_DEBUG_BEACON,
2297 "beacon sent: rts %u, ack %u, btkill %u, rate %u, "
2298 "duration %u, status %x, tsf %ju, mode %x\n",
2299 stat->rtsfailcnt, stat->ackfailcnt,
2300 stat->btkillcnt, stat->rate, le32toh(stat->duration),
2301 le32toh(stat->status), *tsf, *mode);
2308 struct wpi_ucode_info *uc =
2309 (struct wpi_ucode_info *)(desc + 1);
2311 /* The microcontroller is ready. */
2312 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2313 BUS_DMASYNC_POSTREAD);
2314 DPRINTF(sc, WPI_DEBUG_RESET,
2315 "microcode alive notification version=%d.%d "
2316 "subtype=%x alive=%x\n", uc->major, uc->minor,
2317 uc->subtype, le32toh(uc->valid));
2319 if (le32toh(uc->valid) != 1) {
2320 device_printf(sc->sc_dev,
2321 "microcontroller initialization failed\n");
2322 wpi_stop_locked(sc);
2324 /* Save the address of the error log in SRAM. */
2325 sc->errptr = le32toh(uc->errptr);
2328 case WPI_STATE_CHANGED:
2330 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2331 BUS_DMASYNC_POSTREAD);
2333 uint32_t *status = (uint32_t *)(desc + 1);
2335 DPRINTF(sc, WPI_DEBUG_STATE, "state changed to %x\n",
2338 if (le32toh(*status) & 1) {
2340 wpi_clear_node_table(sc);
2342 taskqueue_enqueue(sc->sc_tq,
2343 &sc->sc_radiooff_task);
2349 case WPI_START_SCAN:
2351 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2352 BUS_DMASYNC_POSTREAD);
2354 struct wpi_start_scan *scan =
2355 (struct wpi_start_scan *)(desc + 1);
2356 DPRINTF(sc, WPI_DEBUG_SCAN,
2357 "%s: scanning channel %d status %x\n",
2358 __func__, scan->chan, le32toh(scan->status));
2365 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
2366 BUS_DMASYNC_POSTREAD);
2368 struct wpi_stop_scan *scan =
2369 (struct wpi_stop_scan *)(desc + 1);
2371 DPRINTF(sc, WPI_DEBUG_SCAN,
2372 "scan finished nchan=%d status=%d chan=%d\n",
2373 scan->nchan, scan->status, scan->chan);
2376 callout_stop(&sc->scan_timeout);
2377 WPI_RXON_UNLOCK(sc);
2378 if (scan->status == WPI_SCAN_ABORTED)
2379 ieee80211_cancel_scan(vap);
2381 ieee80211_scan_next(vap);
2386 if (sc->rxq.cur % 8 == 0) {
2387 /* Tell the firmware what we have processed. */
2388 sc->sc_update_rx_ring(sc);
2394 * Process an INT_WAKEUP interrupt raised when the microcontroller wakes up
2395 * from power-down sleep mode.
2398 wpi_wakeup_intr(struct wpi_softc *sc)
2402 DPRINTF(sc, WPI_DEBUG_PWRSAVE,
2403 "%s: ucode wakeup from power-down sleep\n", __func__);
2405 /* Wakeup RX and TX rings. */
2406 if (sc->rxq.update) {
2408 wpi_update_rx_ring(sc);
2411 for (qid = 0; qid < WPI_DRV_NTXQUEUES; qid++) {
2412 struct wpi_tx_ring *ring = &sc->txq[qid];
2416 wpi_update_tx_ring(sc, ring);
2419 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_MAC_ACCESS_REQ);
2424 * This function prints firmware registers
2428 wpi_debug_registers(struct wpi_softc *sc)
2431 static const uint32_t csr_tbl[] = {
2448 static const uint32_t prph_tbl[] = {
2455 DPRINTF(sc, WPI_DEBUG_REGISTER,"%s","\n");
2457 for (i = 0; i < nitems(csr_tbl); i++) {
2458 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ",
2459 wpi_get_csr_string(csr_tbl[i]), WPI_READ(sc, csr_tbl[i]));
2461 if ((i + 1) % 2 == 0)
2462 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n");
2464 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n\n");
2466 if (wpi_nic_lock(sc) == 0) {
2467 for (i = 0; i < nitems(prph_tbl); i++) {
2468 DPRINTF(sc, WPI_DEBUG_REGISTER, " %-18s: 0x%08x ",
2469 wpi_get_prph_string(prph_tbl[i]),
2470 wpi_prph_read(sc, prph_tbl[i]));
2472 if ((i + 1) % 2 == 0)
2473 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n");
2475 DPRINTF(sc, WPI_DEBUG_REGISTER, "\n");
2478 DPRINTF(sc, WPI_DEBUG_REGISTER,
2479 "Cannot access internal registers.\n");
2485 * Dump the error log of the firmware when a firmware panic occurs. Although
2486 * we can't debug the firmware because it is neither open source nor free, it
2487 * can help us to identify certain classes of problems.
2490 wpi_fatal_intr(struct wpi_softc *sc)
2492 struct wpi_fw_dump dump;
2493 uint32_t i, offset, count;
2495 /* Check that the error log address is valid. */
2496 if (sc->errptr < WPI_FW_DATA_BASE ||
2497 sc->errptr + sizeof (dump) >
2498 WPI_FW_DATA_BASE + WPI_FW_DATA_MAXSZ) {
2499 printf("%s: bad firmware error log address 0x%08x\n", __func__,
2503 if (wpi_nic_lock(sc) != 0) {
2504 printf("%s: could not read firmware error log\n", __func__);
2507 /* Read number of entries in the log. */
2508 count = wpi_mem_read(sc, sc->errptr);
2509 if (count == 0 || count * sizeof (dump) > WPI_FW_DATA_MAXSZ) {
2510 printf("%s: invalid count field (count = %u)\n", __func__,
2515 /* Skip "count" field. */
2516 offset = sc->errptr + sizeof (uint32_t);
2517 printf("firmware error log (count = %u):\n", count);
2518 for (i = 0; i < count; i++) {
2519 wpi_mem_read_region_4(sc, offset, (uint32_t *)&dump,
2520 sizeof (dump) / sizeof (uint32_t));
2522 printf(" error type = \"%s\" (0x%08X)\n",
2523 (dump.desc < nitems(wpi_fw_errmsg)) ?
2524 wpi_fw_errmsg[dump.desc] : "UNKNOWN",
2526 printf(" error data = 0x%08X\n",
2528 printf(" branch link = 0x%08X%08X\n",
2529 dump.blink[0], dump.blink[1]);
2530 printf(" interrupt link = 0x%08X%08X\n",
2531 dump.ilink[0], dump.ilink[1]);
2532 printf(" time = %u\n", dump.time);
2534 offset += sizeof (dump);
2537 /* Dump driver status (TX and RX rings) while we're here. */
2538 printf("driver status:\n");
2540 for (i = 0; i < WPI_DRV_NTXQUEUES; i++) {
2541 struct wpi_tx_ring *ring = &sc->txq[i];
2542 printf(" tx ring %2d: qid=%-2d cur=%-3d queued=%-3d\n",
2543 i, ring->qid, ring->cur, ring->queued);
2546 printf(" rx ring: cur=%d\n", sc->rxq.cur);
2552 struct wpi_softc *sc = arg;
2553 struct ifnet *ifp = sc->sc_ifp;
2558 /* Disable interrupts. */
2559 WPI_WRITE(sc, WPI_INT_MASK, 0);
2561 r1 = WPI_READ(sc, WPI_INT);
2563 if (r1 == 0xffffffff || (r1 & 0xfffffff0) == 0xa5a5a5a0)
2564 goto end; /* Hardware gone! */
2566 r2 = WPI_READ(sc, WPI_FH_INT);
2568 DPRINTF(sc, WPI_DEBUG_INTR, "%s: reg1=0x%08x reg2=0x%08x\n", __func__,
2571 if (r1 == 0 && r2 == 0)
2572 goto done; /* Interrupt not for us. */
2574 /* Acknowledge interrupts. */
2575 WPI_WRITE(sc, WPI_INT, r1);
2576 WPI_WRITE(sc, WPI_FH_INT, r2);
2578 if (r1 & (WPI_INT_SW_ERR | WPI_INT_HW_ERR)) {
2579 device_printf(sc->sc_dev, "fatal firmware error\n");
2581 wpi_debug_registers(sc);
2584 DPRINTF(sc, WPI_DEBUG_HW,
2585 "(%s)\n", (r1 & WPI_INT_SW_ERR) ? "(Software Error)" :
2586 "(Hardware Error)");
2587 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask);
2591 if ((r1 & (WPI_INT_FH_RX | WPI_INT_SW_RX)) ||
2592 (r2 & WPI_FH_INT_RX))
2595 if (r1 & WPI_INT_ALIVE)
2596 wakeup(sc); /* Firmware is alive. */
2598 if (r1 & WPI_INT_WAKEUP)
2599 wpi_wakeup_intr(sc);
2602 /* Re-enable interrupts. */
2603 if (ifp->if_flags & IFF_UP)
2604 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF);
2606 end: WPI_UNLOCK(sc);
2610 wpi_cmd2(struct wpi_softc *sc, struct wpi_buf *buf)
2612 struct ifnet *ifp = sc->sc_ifp;
2613 struct ieee80211_frame *wh;
2614 struct wpi_tx_cmd *cmd;
2615 struct wpi_tx_data *data;
2616 struct wpi_tx_desc *desc;
2617 struct wpi_tx_ring *ring;
2619 bus_dma_segment_t *seg, segs[WPI_MAX_SCATTER];
2620 int error, i, hdrlen, nsegs, totlen, pad;
2624 KASSERT(buf->size <= sizeof(buf->data), ("buffer overflow"));
2626 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
2628 if (sc->txq_active == 0) {
2629 /* wpi_stop() was called */
2634 wh = mtod(buf->m, struct ieee80211_frame *);
2635 hdrlen = ieee80211_anyhdrsize(wh);
2636 totlen = buf->m->m_pkthdr.len;
2639 /* First segment length must be a multiple of 4. */
2640 pad = 4 - (hdrlen & 3);
2644 ring = &sc->txq[buf->ac];
2645 desc = &ring->desc[ring->cur];
2646 data = &ring->data[ring->cur];
2648 /* Prepare TX firmware command. */
2649 cmd = &ring->cmd[ring->cur];
2650 cmd->code = buf->code;
2652 cmd->qid = ring->qid;
2653 cmd->idx = ring->cur;
2655 memcpy(cmd->data, buf->data, buf->size);
2657 /* Save and trim IEEE802.11 header. */
2658 memcpy((uint8_t *)(cmd->data + buf->size), wh, hdrlen);
2659 m_adj(buf->m, hdrlen);
2661 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map, buf->m,
2662 segs, &nsegs, BUS_DMA_NOWAIT);
2663 if (error != 0 && error != EFBIG) {
2664 device_printf(sc->sc_dev,
2665 "%s: can't map mbuf (error %d)\n", __func__, error);
2669 /* Too many DMA segments, linearize mbuf. */
2670 m1 = m_collapse(buf->m, M_NOWAIT, WPI_MAX_SCATTER - 1);
2672 device_printf(sc->sc_dev,
2673 "%s: could not defrag mbuf\n", __func__);
2679 error = bus_dmamap_load_mbuf_sg(ring->data_dmat, data->map,
2680 buf->m, segs, &nsegs, BUS_DMA_NOWAIT);
2682 device_printf(sc->sc_dev,
2683 "%s: can't map mbuf (error %d)\n", __func__,
2689 KASSERT(nsegs < WPI_MAX_SCATTER,
2690 ("too many DMA segments, nsegs (%d) should be less than %d",
2691 nsegs, WPI_MAX_SCATTER));
2696 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: qid %d idx %d len %d nsegs %d\n",
2697 __func__, ring->qid, ring->cur, totlen, nsegs);
2699 /* Fill TX descriptor. */
2700 desc->nsegs = WPI_PAD32(totlen + pad) << 4 | (1 + nsegs);
2701 /* First DMA segment is used by the TX command. */
2702 desc->segs[0].addr = htole32(data->cmd_paddr);
2703 desc->segs[0].len = htole32(4 + buf->size + hdrlen + pad);
2704 /* Other DMA segments are for data payload. */
2706 for (i = 1; i <= nsegs; i++) {
2707 desc->segs[i].addr = htole32(seg->ds_addr);
2708 desc->segs[i].len = htole32(seg->ds_len);
2712 bus_dmamap_sync(ring->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
2713 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
2714 BUS_DMASYNC_PREWRITE);
2715 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
2716 BUS_DMASYNC_PREWRITE);
2719 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT;
2720 sc->sc_update_tx_ring(sc, ring);
2722 if (ring->qid < WPI_CMD_QUEUE_NUM) {
2723 /* Mark TX ring as full if we reach a certain threshold. */
2724 WPI_TXQ_STATE_LOCK(sc);
2725 if (++ring->queued > WPI_TX_RING_HIMARK) {
2726 sc->qfullmsk |= 1 << ring->qid;
2728 IF_LOCK(&ifp->if_snd);
2729 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
2730 IF_UNLOCK(&ifp->if_snd);
2733 callout_reset(&sc->tx_timeout, 5*hz, wpi_tx_timeout, sc);
2734 WPI_TXQ_STATE_UNLOCK(sc);
2737 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
2743 fail: m_freem(buf->m);
2745 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
2753 * Construct the data packet for a transmit buffer.
2756 wpi_tx_data(struct wpi_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
2758 const struct ieee80211_txparam *tp;
2759 struct ieee80211vap *vap = ni->ni_vap;
2760 struct ieee80211com *ic = ni->ni_ic;
2761 struct wpi_node *wn = WPI_NODE(ni);
2762 struct ieee80211_channel *chan;
2763 struct ieee80211_frame *wh;
2764 struct ieee80211_key *k = NULL;
2765 struct wpi_buf tx_data;
2766 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data;
2770 int ac, error, swcrypt, rate, ismcast, totlen;
2772 wh = mtod(m, struct ieee80211_frame *);
2773 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2774 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1);
2776 /* Select EDCA Access Category and TX ring for this frame. */
2777 if (IEEE80211_QOS_HAS_SEQ(wh)) {
2778 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
2779 tid = qos & IEEE80211_QOS_TID;
2784 ac = M_WME_GETAC(m);
2786 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC) ?
2787 ni->ni_chan : ic->ic_curchan;
2788 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
2790 /* Choose a TX rate index. */
2791 if (type == IEEE80211_FC0_TYPE_MGT)
2792 rate = tp->mgmtrate;
2794 rate = tp->mcastrate;
2795 else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
2796 rate = tp->ucastrate;
2797 else if (m->m_flags & M_EAPOL)
2798 rate = tp->mgmtrate;
2800 /* XXX pass pktlen */
2801 (void) ieee80211_ratectl_rate(ni, NULL, 0);
2802 rate = ni->ni_txrate;
2805 /* Encrypt the frame if need be. */
2806 if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
2807 /* Retrieve key for TX. */
2808 k = ieee80211_crypto_encap(ni, m);
2813 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT;
2815 /* 802.11 header may have moved. */
2816 wh = mtod(m, struct ieee80211_frame *);
2818 totlen = m->m_pkthdr.len;
2820 if (ieee80211_radiotap_active_vap(vap)) {
2821 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap;
2824 tap->wt_rate = rate;
2826 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
2828 ieee80211_radiotap_tx(vap, m);
2833 /* Unicast frame, check if an ACK is expected. */
2834 if (!qos || (qos & IEEE80211_QOS_ACKPOLICY) !=
2835 IEEE80211_QOS_ACKPOLICY_NOACK)
2836 flags |= WPI_TX_NEED_ACK;
2839 if (!IEEE80211_QOS_HAS_SEQ(wh))
2840 flags |= WPI_TX_AUTO_SEQ;
2841 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG)
2842 flags |= WPI_TX_MORE_FRAG; /* Cannot happen yet. */
2844 /* Check if frame must be protected using RTS/CTS or CTS-to-self. */
2846 /* NB: Group frames are sent using CCK in 802.11b/g. */
2847 if (totlen + IEEE80211_CRC_LEN > vap->iv_rtsthreshold) {
2848 flags |= WPI_TX_NEED_RTS;
2849 } else if ((ic->ic_flags & IEEE80211_F_USEPROT) &&
2850 WPI_RATE_IS_OFDM(rate)) {
2851 if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
2852 flags |= WPI_TX_NEED_CTS;
2853 else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
2854 flags |= WPI_TX_NEED_RTS;
2857 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS))
2858 flags |= WPI_TX_FULL_TXOP;
2861 memset(tx, 0, sizeof (struct wpi_cmd_data));
2862 if (type == IEEE80211_FC0_TYPE_MGT) {
2863 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
2865 /* Tell HW to set timestamp in probe responses. */
2866 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
2867 flags |= WPI_TX_INSERT_TSTAMP;
2868 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
2869 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
2870 tx->timeout = htole16(3);
2872 tx->timeout = htole16(2);
2875 if (ismcast || type != IEEE80211_FC0_TYPE_DATA)
2876 tx->id = WPI_ID_BROADCAST;
2878 if (wn->id == WPI_ID_UNDEFINED) {
2879 device_printf(sc->sc_dev,
2880 "%s: undefined node id\n", __func__);
2888 if (k != NULL && !swcrypt) {
2889 switch (k->wk_cipher->ic_cipher) {
2890 case IEEE80211_CIPHER_AES_CCM:
2891 tx->security = WPI_CIPHER_CCMP;
2898 memcpy(tx->key, k->wk_key, k->wk_keylen);
2901 tx->len = htole16(totlen);
2902 tx->flags = htole32(flags);
2903 tx->plcp = rate2plcp(rate);
2905 tx->lifetime = htole32(WPI_LIFETIME_INFINITE);
2906 tx->ofdm_mask = 0xff;
2907 tx->cck_mask = 0x0f;
2909 tx->data_ntries = tp->maxretry;
2913 tx_data.size = sizeof(struct wpi_cmd_data);
2914 tx_data.code = WPI_CMD_TX_DATA;
2917 return wpi_cmd2(sc, &tx_data);
2924 wpi_tx_data_raw(struct wpi_softc *sc, struct mbuf *m,
2925 struct ieee80211_node *ni, const struct ieee80211_bpf_params *params)
2927 struct ieee80211vap *vap = ni->ni_vap;
2928 struct ieee80211_key *k = NULL;
2929 struct ieee80211_frame *wh;
2930 struct wpi_buf tx_data;
2931 struct wpi_cmd_data *tx = (struct wpi_cmd_data *)&tx_data.data;
2934 int ac, rate, swcrypt, totlen;
2936 wh = mtod(m, struct ieee80211_frame *);
2937 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2939 ac = params->ibp_pri & 3;
2941 /* Choose a TX rate index. */
2942 rate = params->ibp_rate0;
2945 if (!IEEE80211_QOS_HAS_SEQ(wh))
2946 flags |= WPI_TX_AUTO_SEQ;
2947 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
2948 flags |= WPI_TX_NEED_ACK;
2949 if (params->ibp_flags & IEEE80211_BPF_RTS)
2950 flags |= WPI_TX_NEED_RTS;
2951 if (params->ibp_flags & IEEE80211_BPF_CTS)
2952 flags |= WPI_TX_NEED_CTS;
2953 if (flags & (WPI_TX_NEED_RTS | WPI_TX_NEED_CTS))
2954 flags |= WPI_TX_FULL_TXOP;
2956 /* Encrypt the frame if need be. */
2957 if (params->ibp_flags & IEEE80211_BPF_CRYPTO) {
2958 /* Retrieve key for TX. */
2959 k = ieee80211_crypto_encap(ni, m);
2964 swcrypt = k->wk_flags & IEEE80211_KEY_SWCRYPT;
2966 /* 802.11 header may have moved. */
2967 wh = mtod(m, struct ieee80211_frame *);
2969 totlen = m->m_pkthdr.len;
2971 if (ieee80211_radiotap_active_vap(vap)) {
2972 struct wpi_tx_radiotap_header *tap = &sc->sc_txtap;
2975 tap->wt_rate = rate;
2976 if (params->ibp_flags & IEEE80211_BPF_CRYPTO)
2977 tap->wt_flags |= IEEE80211_RADIOTAP_F_WEP;
2979 ieee80211_radiotap_tx(vap, m);
2982 memset(tx, 0, sizeof (struct wpi_cmd_data));
2983 if (type == IEEE80211_FC0_TYPE_MGT) {
2984 uint8_t subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
2986 /* Tell HW to set timestamp in probe responses. */
2987 if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
2988 flags |= WPI_TX_INSERT_TSTAMP;
2989 if (subtype == IEEE80211_FC0_SUBTYPE_ASSOC_REQ ||
2990 subtype == IEEE80211_FC0_SUBTYPE_REASSOC_REQ)
2991 tx->timeout = htole16(3);
2993 tx->timeout = htole16(2);
2996 if (k != NULL && !swcrypt) {
2997 switch (k->wk_cipher->ic_cipher) {
2998 case IEEE80211_CIPHER_AES_CCM:
2999 tx->security = WPI_CIPHER_CCMP;
3006 memcpy(tx->key, k->wk_key, k->wk_keylen);
3009 tx->len = htole16(totlen);
3010 tx->flags = htole32(flags);
3011 tx->plcp = rate2plcp(rate);
3012 tx->id = WPI_ID_BROADCAST;
3013 tx->lifetime = htole32(WPI_LIFETIME_INFINITE);
3014 tx->rts_ntries = params->ibp_try1;
3015 tx->data_ntries = params->ibp_try0;
3019 tx_data.size = sizeof(struct wpi_cmd_data);
3020 tx_data.code = WPI_CMD_TX_DATA;
3023 return wpi_cmd2(sc, &tx_data);
3027 wpi_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3028 const struct ieee80211_bpf_params *params)
3030 struct ieee80211com *ic = ni->ni_ic;
3031 struct ifnet *ifp = ic->ic_ifp;
3032 struct wpi_softc *sc = ifp->if_softc;
3035 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
3037 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3038 ieee80211_free_node(ni);
3044 if (params == NULL) {
3046 * Legacy path; interpret frame contents to decide
3047 * precisely how to send the frame.
3049 error = wpi_tx_data(sc, m, ni);
3052 * Caller supplied explicit parameters to use in
3053 * sending the frame.
3055 error = wpi_tx_data_raw(sc, m, ni, params);
3060 /* NB: m is reclaimed on tx failure */
3061 ieee80211_free_node(ni);
3062 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3064 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
3069 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
3075 * Process data waiting to be sent on the IFNET output queue
3078 wpi_start(struct ifnet *ifp)
3080 struct wpi_softc *sc = ifp->if_softc;
3081 struct ieee80211_node *ni;
3085 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: called\n", __func__);
3088 IF_LOCK(&ifp->if_snd);
3089 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
3090 (ifp->if_drv_flags & IFF_DRV_OACTIVE)) {
3091 IF_UNLOCK(&ifp->if_snd);
3094 IF_UNLOCK(&ifp->if_snd);
3096 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3099 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3100 if (wpi_tx_data(sc, m, ni) != 0) {
3101 ieee80211_free_node(ni);
3102 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3106 DPRINTF(sc, WPI_DEBUG_XMIT, "%s: done\n", __func__);
3111 wpi_start_task(void *arg0, int pending)
3113 struct wpi_softc *sc = arg0;
3114 struct ifnet *ifp = sc->sc_ifp;
3120 wpi_watchdog_rfkill(void *arg)
3122 struct wpi_softc *sc = arg;
3123 struct ifnet *ifp = sc->sc_ifp;
3124 struct ieee80211com *ic = ifp->if_l2com;
3126 DPRINTF(sc, WPI_DEBUG_WATCHDOG, "RFkill Watchdog: tick\n");
3128 /* No need to lock firmware memory. */
3129 if ((wpi_prph_read(sc, WPI_APMG_RFKILL) & 0x1) == 0) {
3130 /* Radio kill switch is still off. */
3131 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill,
3134 ieee80211_runtask(ic, &sc->sc_radioon_task);
3138 wpi_scan_timeout(void *arg)
3140 struct wpi_softc *sc = arg;
3141 struct ifnet *ifp = sc->sc_ifp;
3143 if_printf(ifp, "scan timeout\n");
3144 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask);
3148 wpi_tx_timeout(void *arg)
3150 struct wpi_softc *sc = arg;
3151 struct ifnet *ifp = sc->sc_ifp;
3153 if_printf(ifp, "device timeout\n");
3154 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
3155 taskqueue_enqueue(sc->sc_tq, &sc->sc_reinittask);
3159 wpi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3161 struct wpi_softc *sc = ifp->if_softc;
3162 struct ieee80211com *ic = ifp->if_l2com;
3163 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3164 struct ifreq *ifr = (struct ifreq *) data;
3169 error = ether_ioctl(ifp, cmd, data);
3172 if (ifp->if_flags & IFF_UP) {
3175 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 &&
3177 ieee80211_stop(vap);
3178 } else if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
3182 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3192 * Send a command to the firmware.
3195 wpi_cmd(struct wpi_softc *sc, int code, const void *buf, size_t size,
3198 struct wpi_tx_ring *ring = &sc->txq[WPI_CMD_QUEUE_NUM];
3199 struct wpi_tx_desc *desc;
3200 struct wpi_tx_data *data;
3201 struct wpi_tx_cmd *cmd;
3208 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
3210 if (sc->txq_active == 0) {
3211 /* wpi_stop() was called */
3217 WPI_LOCK_ASSERT(sc);
3219 DPRINTF(sc, WPI_DEBUG_CMD, "%s: cmd %s size %zu async %d\n",
3220 __func__, wpi_cmd_str(code), size, async);
3222 desc = &ring->desc[ring->cur];
3223 data = &ring->data[ring->cur];
3226 if (size > sizeof cmd->data) {
3227 /* Command is too large to fit in a descriptor. */
3228 if (totlen > MCLBYTES) {
3232 m = m_getjcl(M_NOWAIT, MT_DATA, M_PKTHDR, MJUMPAGESIZE);
3237 cmd = mtod(m, struct wpi_tx_cmd *);
3238 error = bus_dmamap_load(ring->data_dmat, data->map, cmd,
3239 totlen, wpi_dma_map_addr, &paddr, BUS_DMA_NOWAIT);
3246 cmd = &ring->cmd[ring->cur];
3247 paddr = data->cmd_paddr;
3252 cmd->qid = ring->qid;
3253 cmd->idx = ring->cur;
3254 memcpy(cmd->data, buf, size);
3256 desc->nsegs = 1 + (WPI_PAD32(size) << 4);
3257 desc->segs[0].addr = htole32(paddr);
3258 desc->segs[0].len = htole32(totlen);
3260 if (size > sizeof cmd->data) {
3261 bus_dmamap_sync(ring->data_dmat, data->map,
3262 BUS_DMASYNC_PREWRITE);
3264 bus_dmamap_sync(ring->data_dmat, ring->cmd_dma.map,
3265 BUS_DMASYNC_PREWRITE);
3267 bus_dmamap_sync(ring->desc_dma.tag, ring->desc_dma.map,
3268 BUS_DMASYNC_PREWRITE);
3270 /* Kick command ring. */
3271 ring->cur = (ring->cur + 1) % WPI_TX_RING_COUNT;
3272 sc->sc_update_tx_ring(sc, ring);
3274 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
3281 return mtx_sleep(cmd, &sc->sc_mtx, PCATCH, "wpicmd", hz);
3283 fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
3291 * Configure HW multi-rate retries.
3294 wpi_mrr_setup(struct wpi_softc *sc)
3296 struct ifnet *ifp = sc->sc_ifp;
3297 struct ieee80211com *ic = ifp->if_l2com;
3298 struct wpi_mrr_setup mrr;
3301 /* CCK rates (not used with 802.11a). */
3302 for (i = WPI_RIDX_CCK1; i <= WPI_RIDX_CCK11; i++) {
3303 mrr.rates[i].flags = 0;
3304 mrr.rates[i].plcp = wpi_ridx_to_plcp[i];
3305 /* Fallback to the immediate lower CCK rate (if any.) */
3307 (i == WPI_RIDX_CCK1) ? WPI_RIDX_CCK1 : i - 1;
3308 /* Try twice at this rate before falling back to "next". */
3309 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT;
3311 /* OFDM rates (not used with 802.11b). */
3312 for (i = WPI_RIDX_OFDM6; i <= WPI_RIDX_OFDM54; i++) {
3313 mrr.rates[i].flags = 0;
3314 mrr.rates[i].plcp = wpi_ridx_to_plcp[i];
3315 /* Fallback to the immediate lower rate (if any.) */
3316 /* We allow fallback from OFDM/6 to CCK/2 in 11b/g mode. */
3317 mrr.rates[i].next = (i == WPI_RIDX_OFDM6) ?
3318 ((ic->ic_curmode == IEEE80211_MODE_11A) ?
3319 WPI_RIDX_OFDM6 : WPI_RIDX_CCK2) :
3321 /* Try twice at this rate before falling back to "next". */
3322 mrr.rates[i].ntries = WPI_NTRIES_DEFAULT;
3324 /* Setup MRR for control frames. */
3325 mrr.which = htole32(WPI_MRR_CTL);
3326 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0);
3328 device_printf(sc->sc_dev,
3329 "could not setup MRR for control frames\n");
3332 /* Setup MRR for data frames. */
3333 mrr.which = htole32(WPI_MRR_DATA);
3334 error = wpi_cmd(sc, WPI_CMD_MRR_SETUP, &mrr, sizeof mrr, 0);
3336 device_printf(sc->sc_dev,
3337 "could not setup MRR for data frames\n");
3344 wpi_add_node(struct wpi_softc *sc, struct ieee80211_node *ni)
3346 struct ieee80211com *ic = ni->ni_ic;
3347 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap);
3348 struct wpi_node *wn = WPI_NODE(ni);
3349 struct wpi_node_info node;
3352 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3354 if (wn->id == WPI_ID_UNDEFINED)
3357 memset(&node, 0, sizeof node);
3358 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr);
3360 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3361 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1];
3362 node.action = htole32(WPI_ACTION_SET_RATE);
3363 node.antenna = WPI_ANTENNA_BOTH;
3365 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding node %d (%s)\n", __func__,
3366 wn->id, ether_sprintf(ni->ni_macaddr));
3368 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
3370 device_printf(sc->sc_dev,
3371 "%s: wpi_cmd() call failed with error code %d\n", __func__,
3376 if (wvp->wv_gtk != 0) {
3377 error = wpi_set_global_keys(ni);
3379 device_printf(sc->sc_dev,
3380 "%s: error while setting global keys\n", __func__);
3389 * Broadcast node is used to send group-addressed and management frames.
3392 wpi_add_broadcast_node(struct wpi_softc *sc, int async)
3394 struct ifnet *ifp = sc->sc_ifp;
3395 struct ieee80211com *ic = ifp->if_l2com;
3396 struct wpi_node_info node;
3398 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3400 memset(&node, 0, sizeof node);
3401 IEEE80211_ADDR_COPY(node.macaddr, ifp->if_broadcastaddr);
3402 node.id = WPI_ID_BROADCAST;
3403 node.plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3404 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1];
3405 node.action = htole32(WPI_ACTION_SET_RATE);
3406 node.antenna = WPI_ANTENNA_BOTH;
3408 DPRINTF(sc, WPI_DEBUG_NODE, "%s: adding broadcast node\n", __func__);
3410 return wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, async);
3414 wpi_add_sta_node(struct wpi_softc *sc, struct ieee80211_node *ni)
3416 struct wpi_node *wn = WPI_NODE(ni);
3419 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3421 wn->id = wpi_add_node_entry_sta(sc);
3423 if ((error = wpi_add_node(sc, ni)) != 0) {
3424 wpi_del_node_entry(sc, wn->id);
3425 wn->id = WPI_ID_UNDEFINED;
3433 wpi_add_ibss_node(struct wpi_softc *sc, struct ieee80211_node *ni)
3435 struct wpi_node *wn = WPI_NODE(ni);
3438 KASSERT(wn->id == WPI_ID_UNDEFINED,
3439 ("the node %d was added before", wn->id));
3441 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3443 if ((wn->id = wpi_add_node_entry_adhoc(sc)) == WPI_ID_UNDEFINED) {
3444 device_printf(sc->sc_dev, "%s: h/w table is full\n", __func__);
3448 if ((error = wpi_add_node(sc, ni)) != 0) {
3449 wpi_del_node_entry(sc, wn->id);
3450 wn->id = WPI_ID_UNDEFINED;
3458 wpi_del_node(struct wpi_softc *sc, struct ieee80211_node *ni)
3460 struct wpi_node *wn = WPI_NODE(ni);
3461 struct wpi_cmd_del_node node;
3464 KASSERT(wn->id != WPI_ID_UNDEFINED, ("undefined node id passed"));
3466 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3468 memset(&node, 0, sizeof node);
3469 IEEE80211_ADDR_COPY(node.macaddr, ni->ni_macaddr);
3472 DPRINTF(sc, WPI_DEBUG_NODE, "%s: deleting node %d (%s)\n", __func__,
3473 wn->id, ether_sprintf(ni->ni_macaddr));
3475 error = wpi_cmd(sc, WPI_CMD_DEL_NODE, &node, sizeof node, 1);
3477 device_printf(sc->sc_dev,
3478 "%s: could not delete node %u, error %d\n", __func__,
3484 wpi_updateedca(struct ieee80211com *ic)
3486 #define WPI_EXP2(x) ((1 << (x)) - 1) /* CWmin = 2^ECWmin - 1 */
3487 struct wpi_softc *sc = ic->ic_ifp->if_softc;
3488 struct wpi_edca_params cmd;
3491 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
3493 memset(&cmd, 0, sizeof cmd);
3494 cmd.flags = htole32(WPI_EDCA_UPDATE);
3495 for (aci = 0; aci < WME_NUM_AC; aci++) {
3496 const struct wmeParams *ac =
3497 &ic->ic_wme.wme_chanParams.cap_wmeParams[aci];
3498 cmd.ac[aci].aifsn = ac->wmep_aifsn;
3499 cmd.ac[aci].cwmin = htole16(WPI_EXP2(ac->wmep_logcwmin));
3500 cmd.ac[aci].cwmax = htole16(WPI_EXP2(ac->wmep_logcwmax));
3501 cmd.ac[aci].txoplimit =
3502 htole16(IEEE80211_TXOP_TO_US(ac->wmep_txopLimit));
3504 DPRINTF(sc, WPI_DEBUG_EDCA,
3505 "setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d "
3506 "txoplimit=%d\n", aci, cmd.ac[aci].aifsn,
3507 cmd.ac[aci].cwmin, cmd.ac[aci].cwmax,
3508 cmd.ac[aci].txoplimit);
3510 error = wpi_cmd(sc, WPI_CMD_EDCA_PARAMS, &cmd, sizeof cmd, 1);
3512 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
3519 wpi_set_promisc(struct wpi_softc *sc)
3521 struct ifnet *ifp = sc->sc_ifp;
3522 struct ieee80211com *ic = ifp->if_l2com;
3523 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3524 uint32_t promisc_filter;
3526 promisc_filter = WPI_FILTER_CTL;
3527 if (vap != NULL && vap->iv_opmode != IEEE80211_M_HOSTAP)
3528 promisc_filter |= WPI_FILTER_PROMISC;
3530 if (ifp->if_flags & IFF_PROMISC)
3531 sc->rxon.filter |= htole32(promisc_filter);
3533 sc->rxon.filter &= ~htole32(promisc_filter);
3537 wpi_update_promisc(struct ifnet *ifp)
3539 struct wpi_softc *sc = ifp->if_softc;
3542 wpi_set_promisc(sc);
3544 if (wpi_send_rxon(sc, 1, 1) != 0) {
3545 device_printf(sc->sc_dev, "%s: could not send RXON\n",
3548 WPI_RXON_UNLOCK(sc);
3552 wpi_update_mcast(struct ifnet *ifp)
3558 wpi_set_led(struct wpi_softc *sc, uint8_t which, uint8_t off, uint8_t on)
3560 struct wpi_cmd_led led;
3562 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3565 led.unit = htole32(100000); /* on/off in unit of 100ms */
3568 (void)wpi_cmd(sc, WPI_CMD_SET_LED, &led, sizeof led, 1);
3572 wpi_set_timing(struct wpi_softc *sc, struct ieee80211_node *ni)
3574 struct wpi_cmd_timing cmd;
3577 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3579 memset(&cmd, 0, sizeof cmd);
3580 memcpy(&cmd.tstamp, ni->ni_tstamp.data, sizeof (uint64_t));
3581 cmd.bintval = htole16(ni->ni_intval);
3582 cmd.lintval = htole16(10);
3584 /* Compute remaining time until next beacon. */
3585 val = (uint64_t)ni->ni_intval * IEEE80211_DUR_TU;
3586 mod = le64toh(cmd.tstamp) % val;
3587 cmd.binitval = htole32((uint32_t)(val - mod));
3589 DPRINTF(sc, WPI_DEBUG_RESET, "timing bintval=%u tstamp=%ju, init=%u\n",
3590 ni->ni_intval, le64toh(cmd.tstamp), (uint32_t)(val - mod));
3592 return wpi_cmd(sc, WPI_CMD_TIMING, &cmd, sizeof cmd, 1);
3596 * This function is called periodically (every 60 seconds) to adjust output
3597 * power to temperature changes.
3600 wpi_power_calibration(struct wpi_softc *sc)
3604 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
3606 /* Update sensor data. */
3607 temp = (int)WPI_READ(sc, WPI_UCODE_GP2);
3608 DPRINTF(sc, WPI_DEBUG_TEMP, "Temp in calibration is: %d\n", temp);
3610 /* Sanity-check read value. */
3611 if (temp < -260 || temp > 25) {
3612 /* This can't be correct, ignore. */
3613 DPRINTF(sc, WPI_DEBUG_TEMP,
3614 "out-of-range temperature reported: %d\n", temp);
3618 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d->%d\n", sc->temp, temp);
3620 /* Adjust Tx power if need be. */
3621 if (abs(temp - sc->temp) <= 6)
3626 if (wpi_set_txpower(sc, 1) != 0) {
3627 /* just warn, too bad for the automatic calibration... */
3628 device_printf(sc->sc_dev,"could not adjust Tx power\n");
3633 * Set TX power for current channel.
3636 wpi_set_txpower(struct wpi_softc *sc, int async)
3638 struct wpi_power_group *group;
3639 struct wpi_cmd_txpower cmd;
3641 int idx, is_chan_5ghz, i;
3643 /* Retrieve current channel from last RXON. */
3644 chan = sc->rxon.chan;
3645 is_chan_5ghz = (sc->rxon.flags & htole32(WPI_RXON_24GHZ)) == 0;
3647 /* Find the TX power group to which this channel belongs. */
3649 for (group = &sc->groups[1]; group < &sc->groups[4]; group++)
3650 if (chan <= group->chan)
3653 group = &sc->groups[0];
3655 memset(&cmd, 0, sizeof cmd);
3656 cmd.band = is_chan_5ghz ? WPI_BAND_5GHZ : WPI_BAND_2GHZ;
3657 cmd.chan = htole16(chan);
3659 /* Set TX power for all OFDM and CCK rates. */
3660 for (i = 0; i <= WPI_RIDX_MAX ; i++) {
3661 /* Retrieve TX power for this channel/rate. */
3662 idx = wpi_get_power_index(sc, group, chan, is_chan_5ghz, i);
3664 cmd.rates[i].plcp = wpi_ridx_to_plcp[i];
3667 cmd.rates[i].rf_gain = wpi_rf_gain_5ghz[idx];
3668 cmd.rates[i].dsp_gain = wpi_dsp_gain_5ghz[idx];
3670 cmd.rates[i].rf_gain = wpi_rf_gain_2ghz[idx];
3671 cmd.rates[i].dsp_gain = wpi_dsp_gain_2ghz[idx];
3673 DPRINTF(sc, WPI_DEBUG_TEMP,
3674 "chan %d/ridx %d: power index %d\n", chan, i, idx);
3677 return wpi_cmd(sc, WPI_CMD_TXPOWER, &cmd, sizeof cmd, async);
3681 * Determine Tx power index for a given channel/rate combination.
3682 * This takes into account the regulatory information from EEPROM and the
3683 * current temperature.
3686 wpi_get_power_index(struct wpi_softc *sc, struct wpi_power_group *group,
3687 uint8_t chan, int is_chan_5ghz, int ridx)
3689 /* Fixed-point arithmetic division using a n-bit fractional part. */
3690 #define fdivround(a, b, n) \
3691 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n))
3693 /* Linear interpolation. */
3694 #define interpolate(x, x1, y1, x2, y2, n) \
3695 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n))
3697 struct wpi_power_sample *sample;
3700 /* Default TX power is group maximum TX power minus 3dB. */
3701 pwr = group->maxpwr / 2;
3703 /* Decrease TX power for highest OFDM rates to reduce distortion. */
3705 case WPI_RIDX_OFDM36:
3706 pwr -= is_chan_5ghz ? 5 : 0;
3708 case WPI_RIDX_OFDM48:
3709 pwr -= is_chan_5ghz ? 10 : 7;
3711 case WPI_RIDX_OFDM54:
3712 pwr -= is_chan_5ghz ? 12 : 9;
3716 /* Never exceed the channel maximum allowed TX power. */
3717 pwr = min(pwr, sc->maxpwr[chan]);
3719 /* Retrieve TX power index into gain tables from samples. */
3720 for (sample = group->samples; sample < &group->samples[3]; sample++)
3721 if (pwr > sample[1].power)
3723 /* Fixed-point linear interpolation using a 19-bit fractional part. */
3724 idx = interpolate(pwr, sample[0].power, sample[0].index,
3725 sample[1].power, sample[1].index, 19);
3728 * Adjust power index based on current temperature:
3729 * - if cooler than factory-calibrated: decrease output power
3730 * - if warmer than factory-calibrated: increase output power
3732 idx -= (sc->temp - group->temp) * 11 / 100;
3734 /* Decrease TX power for CCK rates (-5dB). */
3735 if (ridx >= WPI_RIDX_CCK1)
3738 /* Make sure idx stays in a valid range. */
3741 if (idx > WPI_MAX_PWR_INDEX)
3742 return WPI_MAX_PWR_INDEX;
3750 * Set STA mode power saving level (between 0 and 5).
3751 * Level 0 is CAM (Continuously Aware Mode), 5 is for maximum power saving.
3754 wpi_set_pslevel(struct wpi_softc *sc, uint8_t dtim, int level, int async)
3756 struct wpi_pmgt_cmd cmd;
3757 const struct wpi_pmgt *pmgt;
3758 uint32_t max, skip_dtim;
3762 DPRINTF(sc, WPI_DEBUG_PWRSAVE,
3763 "%s: dtim=%d, level=%d, async=%d\n",
3764 __func__, dtim, level, async);
3766 /* Select which PS parameters to use. */
3768 pmgt = &wpi_pmgt[0][level];
3770 pmgt = &wpi_pmgt[1][level];
3772 memset(&cmd, 0, sizeof cmd);
3774 if (level != 0) { /* not CAM */
3775 cmd.flags |= htole16(WPI_PS_ALLOW_SLEEP);
3776 sc->sc_flags |= WPI_PS_PATH;
3778 sc->sc_flags &= ~WPI_PS_PATH;
3780 /* Retrieve PCIe Active State Power Management (ASPM). */
3781 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1);
3782 if (!(reg & 0x1)) /* L0s Entry disabled. */
3783 cmd.flags |= htole16(WPI_PS_PCI_PMGT);
3785 cmd.rxtimeout = htole32(pmgt->rxtimeout * IEEE80211_DUR_TU);
3786 cmd.txtimeout = htole32(pmgt->txtimeout * IEEE80211_DUR_TU);
3792 skip_dtim = pmgt->skip_dtim;
3794 if (skip_dtim != 0) {
3795 cmd.flags |= htole16(WPI_PS_SLEEP_OVER_DTIM);
3796 max = pmgt->intval[4];
3797 if (max == (uint32_t)-1)
3798 max = dtim * (skip_dtim + 1);
3799 else if (max > dtim)
3800 max = (max / dtim) * dtim;
3804 for (i = 0; i < 5; i++)
3805 cmd.intval[i] = htole32(MIN(max, pmgt->intval[i]));
3807 return wpi_cmd(sc, WPI_CMD_SET_POWER_MODE, &cmd, sizeof cmd, async);
3811 wpi_send_btcoex(struct wpi_softc *sc)
3813 struct wpi_bluetooth cmd;
3815 memset(&cmd, 0, sizeof cmd);
3816 cmd.flags = WPI_BT_COEX_MODE_4WIRE;
3817 cmd.lead_time = WPI_BT_LEAD_TIME_DEF;
3818 cmd.max_kill = WPI_BT_MAX_KILL_DEF;
3819 DPRINTF(sc, WPI_DEBUG_RESET, "%s: configuring bluetooth coexistence\n",
3821 return wpi_cmd(sc, WPI_CMD_BT_COEX, &cmd, sizeof(cmd), 0);
3825 wpi_send_rxon(struct wpi_softc *sc, int assoc, int async)
3830 WPI_RXON_LOCK_ASSERT(sc);
3832 if (assoc && wpi_check_bss_filter(sc) != 0) {
3833 struct wpi_assoc rxon_assoc;
3835 rxon_assoc.flags = sc->rxon.flags;
3836 rxon_assoc.filter = sc->rxon.filter;
3837 rxon_assoc.ofdm_mask = sc->rxon.ofdm_mask;
3838 rxon_assoc.cck_mask = sc->rxon.cck_mask;
3839 rxon_assoc.reserved = 0;
3841 error = wpi_cmd(sc, WPI_CMD_RXON_ASSOC, &rxon_assoc,
3842 sizeof (struct wpi_assoc), async);
3844 device_printf(sc->sc_dev,
3845 "RXON_ASSOC command failed, error %d\n", error);
3851 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon,
3852 sizeof (struct wpi_rxon), async);
3854 wpi_clear_node_table(sc);
3857 error = wpi_cmd(sc, WPI_CMD_RXON, &sc->rxon,
3858 sizeof (struct wpi_rxon), async);
3860 wpi_clear_node_table(sc);
3864 device_printf(sc->sc_dev,
3865 "RXON command failed, error %d\n", error);
3869 /* Add broadcast node. */
3870 error = wpi_add_broadcast_node(sc, async);
3872 device_printf(sc->sc_dev,
3873 "could not add broadcast node, error %d\n", error);
3878 /* Configuration has changed, set Tx power accordingly. */
3879 if ((error = wpi_set_txpower(sc, async)) != 0) {
3880 device_printf(sc->sc_dev,
3881 "%s: could not set TX power, error %d\n", __func__, error);
3889 * Configure the card to listen to a particular channel, this transisions the
3890 * card in to being able to receive frames from remote devices.
3893 wpi_config(struct wpi_softc *sc)
3895 struct ifnet *ifp = sc->sc_ifp;
3896 struct ieee80211com *ic = ifp->if_l2com;
3897 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
3898 struct ieee80211_channel *c = ic->ic_curchan;
3901 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
3903 /* Set power saving level to CAM during initialization. */
3904 if ((error = wpi_set_pslevel(sc, 0, 0, 0)) != 0) {
3905 device_printf(sc->sc_dev,
3906 "%s: could not set power saving level\n", __func__);
3910 /* Configure bluetooth coexistence. */
3911 if ((error = wpi_send_btcoex(sc)) != 0) {
3912 device_printf(sc->sc_dev,
3913 "could not configure bluetooth coexistence\n");
3917 /* Configure adapter. */
3918 memset(&sc->rxon, 0, sizeof (struct wpi_rxon));
3919 IEEE80211_ADDR_COPY(sc->rxon.myaddr, vap->iv_myaddr);
3921 /* Set default channel. */
3922 sc->rxon.chan = ieee80211_chan2ieee(ic, c);
3923 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF);
3924 if (IEEE80211_IS_CHAN_2GHZ(c))
3925 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ);
3927 sc->rxon.filter = WPI_FILTER_MULTICAST;
3928 switch (ic->ic_opmode) {
3929 case IEEE80211_M_STA:
3930 sc->rxon.mode = WPI_MODE_STA;
3932 case IEEE80211_M_IBSS:
3933 sc->rxon.mode = WPI_MODE_IBSS;
3934 sc->rxon.filter |= WPI_FILTER_BEACON;
3936 case IEEE80211_M_HOSTAP:
3937 /* XXX workaround for beaconing */
3938 sc->rxon.mode = WPI_MODE_IBSS;
3939 sc->rxon.filter |= WPI_FILTER_ASSOC | WPI_FILTER_PROMISC;
3941 case IEEE80211_M_AHDEMO:
3942 sc->rxon.mode = WPI_MODE_HOSTAP;
3944 case IEEE80211_M_MONITOR:
3945 sc->rxon.mode = WPI_MODE_MONITOR;
3948 device_printf(sc->sc_dev, "unknown opmode %d\n",
3952 sc->rxon.filter = htole32(sc->rxon.filter);
3953 wpi_set_promisc(sc);
3954 sc->rxon.cck_mask = 0x0f; /* not yet negotiated */
3955 sc->rxon.ofdm_mask = 0xff; /* not yet negotiated */
3957 /* XXX Current configuration may be unusable. */
3958 if (IEEE80211_IS_CHAN_NOADHOC(c) && sc->rxon.mode == WPI_MODE_IBSS) {
3959 device_printf(sc->sc_dev,
3960 "%s: invalid channel (%d) selected for IBSS mode\n",
3961 __func__, ieee80211_chan2ieee(ic, c));
3965 if ((error = wpi_send_rxon(sc, 0, 0)) != 0) {
3966 device_printf(sc->sc_dev, "%s: could not send RXON\n",
3971 /* Setup rate scalling. */
3972 if ((error = wpi_mrr_setup(sc)) != 0) {
3973 device_printf(sc->sc_dev, "could not setup MRR, error %d\n",
3978 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
3984 wpi_get_active_dwell_time(struct wpi_softc *sc,
3985 struct ieee80211_channel *c, uint8_t n_probes)
3987 /* No channel? Default to 2GHz settings. */
3988 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c)) {
3989 return (WPI_ACTIVE_DWELL_TIME_2GHZ +
3990 WPI_ACTIVE_DWELL_FACTOR_2GHZ * (n_probes + 1));
3993 /* 5GHz dwell time. */
3994 return (WPI_ACTIVE_DWELL_TIME_5GHZ +
3995 WPI_ACTIVE_DWELL_FACTOR_5GHZ * (n_probes + 1));
3999 * Limit the total dwell time.
4001 * Returns the dwell time in milliseconds.
4004 wpi_limit_dwell(struct wpi_softc *sc, uint16_t dwell_time)
4006 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4007 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4010 /* bintval is in TU (1.024mS) */
4012 bintval = vap->iv_bss->ni_intval;
4015 * If it's non-zero, we should calculate the minimum of
4016 * it and the DWELL_BASE.
4018 * XXX Yes, the math should take into account that bintval
4019 * is 1.024mS, not 1mS..
4022 DPRINTF(sc, WPI_DEBUG_SCAN, "%s: bintval=%d\n", __func__,
4024 return (MIN(dwell_time, bintval - WPI_CHANNEL_TUNE_TIME * 2));
4027 /* No association context? Default. */
4032 wpi_get_passive_dwell_time(struct wpi_softc *sc, struct ieee80211_channel *c)
4036 if (c == NULL || IEEE80211_IS_CHAN_2GHZ(c))
4037 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_2GHZ;
4039 passive = WPI_PASSIVE_DWELL_BASE + WPI_PASSIVE_DWELL_TIME_5GHZ;
4041 /* Clamp to the beacon interval if we're associated. */
4042 return (wpi_limit_dwell(sc, passive));
4046 wpi_get_scan_pause_time(uint32_t time, uint16_t bintval)
4048 uint32_t mod = (time % bintval) * IEEE80211_DUR_TU;
4049 uint32_t nbeacons = time / bintval;
4051 if (mod > WPI_PAUSE_MAX_TIME)
4052 mod = WPI_PAUSE_MAX_TIME;
4054 return WPI_PAUSE_SCAN(nbeacons, mod);
4058 * Send a scan request to the firmware.
4061 wpi_scan(struct wpi_softc *sc, struct ieee80211_channel *c)
4063 struct ifnet *ifp = sc->sc_ifp;
4064 struct ieee80211com *ic = ifp->if_l2com;
4065 struct ieee80211_scan_state *ss = ic->ic_scan;
4066 struct ieee80211vap *vap = ss->ss_vap;
4067 struct wpi_scan_hdr *hdr;
4068 struct wpi_cmd_data *tx;
4069 struct wpi_scan_essid *essids;
4070 struct wpi_scan_chan *chan;
4071 struct ieee80211_frame *wh;
4072 struct ieee80211_rateset *rs;
4073 uint16_t dwell_active, dwell_passive;
4075 int bgscan, bintval, buflen, error, i, nssid;
4077 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
4080 * We are absolutely not allowed to send a scan command when another
4081 * scan command is pending.
4083 if (callout_pending(&sc->scan_timeout)) {
4084 device_printf(sc->sc_dev, "%s: called whilst scanning!\n",
4090 bgscan = wpi_check_bss_filter(sc);
4091 bintval = vap->iv_bss->ni_intval;
4093 bintval < WPI_QUIET_TIME_DEFAULT + WPI_CHANNEL_TUNE_TIME * 2) {
4098 buf = malloc(WPI_SCAN_MAXSZ, M_DEVBUF, M_NOWAIT | M_ZERO);
4100 device_printf(sc->sc_dev,
4101 "%s: could not allocate buffer for scan command\n",
4106 hdr = (struct wpi_scan_hdr *)buf;
4109 * Move to the next channel if no packets are received within 10 msecs
4110 * after sending the probe request.
4112 hdr->quiet_time = htole16(WPI_QUIET_TIME_DEFAULT);
4113 hdr->quiet_threshold = htole16(1);
4117 * Max needs to be greater than active and passive and quiet!
4118 * It's also in microseconds!
4120 hdr->max_svc = htole32(250 * IEEE80211_DUR_TU);
4121 hdr->pause_svc = htole32(wpi_get_scan_pause_time(100,
4125 hdr->filter = htole32(WPI_FILTER_MULTICAST | WPI_FILTER_BEACON);
4127 tx = (struct wpi_cmd_data *)(hdr + 1);
4128 tx->flags = htole32(WPI_TX_AUTO_SEQ);
4129 tx->id = WPI_ID_BROADCAST;
4130 tx->lifetime = htole32(WPI_LIFETIME_INFINITE);
4132 if (IEEE80211_IS_CHAN_5GHZ(c)) {
4133 /* Send probe requests at 6Mbps. */
4134 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_OFDM6];
4135 rs = &ic->ic_sup_rates[IEEE80211_MODE_11A];
4137 hdr->flags = htole32(WPI_RXON_24GHZ | WPI_RXON_AUTO);
4138 /* Send probe requests at 1Mbps. */
4139 tx->plcp = wpi_ridx_to_plcp[WPI_RIDX_CCK1];
4140 rs = &ic->ic_sup_rates[IEEE80211_MODE_11G];
4143 essids = (struct wpi_scan_essid *)(tx + 1);
4144 nssid = MIN(ss->ss_nssid, WPI_SCAN_MAX_ESSIDS);
4145 for (i = 0; i < nssid; i++) {
4146 essids[i].id = IEEE80211_ELEMID_SSID;
4147 essids[i].len = MIN(ss->ss_ssid[i].len, IEEE80211_NWID_LEN);
4148 memcpy(essids[i].data, ss->ss_ssid[i].ssid, essids[i].len);
4150 if (sc->sc_debug & WPI_DEBUG_SCAN) {
4151 printf("Scanning Essid: ");
4152 ieee80211_print_essid(essids[i].data, essids[i].len);
4159 * Build a probe request frame. Most of the following code is a
4160 * copy & paste of what is done in net80211.
4162 wh = (struct ieee80211_frame *)(essids + WPI_SCAN_MAX_ESSIDS);
4163 wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT |
4164 IEEE80211_FC0_SUBTYPE_PROBE_REQ;
4165 wh->i_fc[1] = IEEE80211_FC1_DIR_NODS;
4166 IEEE80211_ADDR_COPY(wh->i_addr1, ifp->if_broadcastaddr);
4167 IEEE80211_ADDR_COPY(wh->i_addr2, vap->iv_myaddr);
4168 IEEE80211_ADDR_COPY(wh->i_addr3, ifp->if_broadcastaddr);
4169 *(uint16_t *)&wh->i_dur[0] = 0; /* filled by h/w */
4170 *(uint16_t *)&wh->i_seq[0] = 0; /* filled by h/w */
4172 frm = (uint8_t *)(wh + 1);
4173 frm = ieee80211_add_ssid(frm, NULL, 0);
4174 frm = ieee80211_add_rates(frm, rs);
4175 if (rs->rs_nrates > IEEE80211_RATE_SIZE)
4176 frm = ieee80211_add_xrates(frm, rs);
4178 /* Set length of probe request. */
4179 tx->len = htole16(frm - (uint8_t *)wh);
4182 * Construct information about the channel that we
4183 * want to scan. The firmware expects this to be directly
4184 * after the scan probe request
4186 chan = (struct wpi_scan_chan *)frm;
4187 chan->chan = htole16(ieee80211_chan2ieee(ic, c));
4190 hdr->crc_threshold = WPI_SCAN_CRC_TH_DEFAULT;
4191 chan->flags |= WPI_CHAN_NPBREQS(nssid);
4193 hdr->crc_threshold = WPI_SCAN_CRC_TH_NEVER;
4195 if (!IEEE80211_IS_CHAN_PASSIVE(c))
4196 chan->flags |= WPI_CHAN_ACTIVE;
4199 * Calculate the active/passive dwell times.
4202 dwell_active = wpi_get_active_dwell_time(sc, c, nssid);
4203 dwell_passive = wpi_get_passive_dwell_time(sc, c);
4205 /* Make sure they're valid. */
4206 if (dwell_active > dwell_passive)
4207 dwell_active = dwell_passive;
4209 chan->active = htole16(dwell_active);
4210 chan->passive = htole16(dwell_passive);
4212 chan->dsp_gain = 0x6e; /* Default level */
4214 if (IEEE80211_IS_CHAN_5GHZ(c))
4215 chan->rf_gain = 0x3b;
4217 chan->rf_gain = 0x28;
4219 DPRINTF(sc, WPI_DEBUG_SCAN, "Scanning %u Passive: %d\n",
4220 chan->chan, IEEE80211_IS_CHAN_PASSIVE(c));
4224 if (hdr->nchan == 1 && sc->rxon.chan == chan->chan) {
4225 /* XXX Force probe request transmission. */
4226 memcpy(chan + 1, chan, sizeof (struct wpi_scan_chan));
4230 /* Reduce unnecessary delay. */
4232 chan->passive = chan->active = hdr->quiet_time;
4239 buflen = (uint8_t *)chan - buf;
4240 hdr->len = htole16(buflen);
4242 DPRINTF(sc, WPI_DEBUG_CMD, "sending scan command nchan=%d\n",
4244 error = wpi_cmd(sc, WPI_CMD_SCAN, buf, buflen, 1);
4245 free(buf, M_DEVBUF);
4250 callout_reset(&sc->scan_timeout, 5*hz, wpi_scan_timeout, sc);
4252 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
4256 fail: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
4262 wpi_auth(struct wpi_softc *sc, struct ieee80211vap *vap)
4264 struct ieee80211com *ic = vap->iv_ic;
4265 struct ieee80211_node *ni = vap->iv_bss;
4266 struct ieee80211_channel *c = ni->ni_chan;
4271 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
4273 /* Update adapter configuration. */
4274 sc->rxon.associd = 0;
4275 sc->rxon.filter &= ~htole32(WPI_FILTER_BSS);
4276 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid);
4277 sc->rxon.chan = ieee80211_chan2ieee(ic, c);
4278 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF);
4279 if (IEEE80211_IS_CHAN_2GHZ(c))
4280 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ);
4281 if (ic->ic_flags & IEEE80211_F_SHSLOT)
4282 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT);
4283 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
4284 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE);
4285 if (IEEE80211_IS_CHAN_A(c)) {
4286 sc->rxon.cck_mask = 0;
4287 sc->rxon.ofdm_mask = 0x15;
4288 } else if (IEEE80211_IS_CHAN_B(c)) {
4289 sc->rxon.cck_mask = 0x03;
4290 sc->rxon.ofdm_mask = 0;
4292 /* Assume 802.11b/g. */
4293 sc->rxon.cck_mask = 0x0f;
4294 sc->rxon.ofdm_mask = 0x15;
4297 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x cck %x ofdm %x\n",
4298 sc->rxon.chan, sc->rxon.flags, sc->rxon.cck_mask,
4299 sc->rxon.ofdm_mask);
4301 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) {
4302 device_printf(sc->sc_dev, "%s: could not send RXON\n",
4306 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
4308 WPI_RXON_UNLOCK(sc);
4314 wpi_config_beacon(struct wpi_vap *wvp)
4316 struct ieee80211com *ic = wvp->wv_vap.iv_ic;
4317 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff;
4318 struct wpi_buf *bcn = &wvp->wv_bcbuf;
4319 struct wpi_softc *sc = ic->ic_ifp->if_softc;
4320 struct wpi_cmd_beacon *cmd = (struct wpi_cmd_beacon *)&bcn->data;
4321 struct ieee80211_tim_ie *tie;
4326 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4328 WPI_VAP_LOCK_ASSERT(wvp);
4330 cmd->len = htole16(bcn->m->m_pkthdr.len);
4331 cmd->plcp = (ic->ic_curmode == IEEE80211_MODE_11A) ?
4332 wpi_ridx_to_plcp[WPI_RIDX_OFDM6] : wpi_ridx_to_plcp[WPI_RIDX_CCK1];
4334 /* XXX seems to be unused */
4335 if (*(bo->bo_tim) == IEEE80211_ELEMID_TIM) {
4336 tie = (struct ieee80211_tim_ie *) bo->bo_tim;
4337 ptr = mtod(bcn->m, uint8_t *);
4339 cmd->tim = htole16(bo->bo_tim - ptr);
4340 cmd->timsz = tie->tim_len;
4343 /* Necessary for recursion in ieee80211_beacon_update(). */
4345 bcn->m = m_dup(m, M_NOWAIT);
4346 if (bcn->m == NULL) {
4347 device_printf(sc->sc_dev,
4348 "%s: could not copy beacon frame\n", __func__);
4353 if ((error = wpi_cmd2(sc, bcn)) != 0) {
4354 device_printf(sc->sc_dev,
4355 "%s: could not update beacon frame, error %d", __func__,
4366 wpi_setup_beacon(struct wpi_softc *sc, struct ieee80211_node *ni)
4368 struct wpi_vap *wvp = WPI_VAP(ni->ni_vap);
4369 struct wpi_buf *bcn = &wvp->wv_bcbuf;
4370 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff;
4374 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4376 if (ni->ni_chan == IEEE80211_CHAN_ANYC)
4379 m = ieee80211_beacon_alloc(ni, bo);
4381 device_printf(sc->sc_dev,
4382 "%s: could not allocate beacon frame\n", __func__);
4392 error = wpi_config_beacon(wvp);
4393 WPI_VAP_UNLOCK(wvp);
4399 wpi_update_beacon(struct ieee80211vap *vap, int item)
4401 struct wpi_softc *sc = vap->iv_ic->ic_ifp->if_softc;
4402 struct wpi_vap *wvp = WPI_VAP(vap);
4403 struct wpi_buf *bcn = &wvp->wv_bcbuf;
4404 struct ieee80211_beacon_offsets *bo = &wvp->wv_boff;
4405 struct ieee80211_node *ni = vap->iv_bss;
4408 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
4411 if (bcn->m == NULL) {
4412 bcn->m = ieee80211_beacon_alloc(ni, bo);
4413 if (bcn->m == NULL) {
4414 device_printf(sc->sc_dev,
4415 "%s: could not allocate beacon frame\n", __func__);
4417 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR,
4420 WPI_VAP_UNLOCK(wvp);
4424 WPI_VAP_UNLOCK(wvp);
4426 if (item == IEEE80211_BEACON_TIM)
4427 mcast = 1; /* TODO */
4429 setbit(bo->bo_flags, item);
4430 ieee80211_beacon_update(ni, bo, bcn->m, mcast);
4433 wpi_config_beacon(wvp);
4434 WPI_VAP_UNLOCK(wvp);
4436 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
4440 wpi_newassoc(struct ieee80211_node *ni, int isnew)
4442 struct ieee80211vap *vap = ni->ni_vap;
4443 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc;
4444 struct wpi_node *wn = WPI_NODE(ni);
4449 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4451 if (vap->iv_opmode != IEEE80211_M_STA && wn->id == WPI_ID_UNDEFINED) {
4452 if ((error = wpi_add_ibss_node(sc, ni)) != 0) {
4453 device_printf(sc->sc_dev,
4454 "%s: could not add IBSS node, error %d\n",
4462 wpi_run(struct wpi_softc *sc, struct ieee80211vap *vap)
4464 struct ieee80211com *ic = vap->iv_ic;
4465 struct ieee80211_node *ni = vap->iv_bss;
4466 struct ieee80211_channel *c = ni->ni_chan;
4469 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
4471 if (vap->iv_opmode == IEEE80211_M_MONITOR) {
4472 /* Link LED blinks while monitoring. */
4473 wpi_set_led(sc, WPI_LED_LINK, 5, 5);
4477 /* XXX kernel panic workaround */
4478 if (c == IEEE80211_CHAN_ANYC) {
4479 device_printf(sc->sc_dev, "%s: incomplete configuration\n",
4484 if ((error = wpi_set_timing(sc, ni)) != 0) {
4485 device_printf(sc->sc_dev,
4486 "%s: could not set timing, error %d\n", __func__, error);
4490 /* Update adapter configuration. */
4492 IEEE80211_ADDR_COPY(sc->rxon.bssid, ni->ni_bssid);
4493 sc->rxon.associd = htole16(IEEE80211_NODE_AID(ni));
4494 sc->rxon.chan = ieee80211_chan2ieee(ic, c);
4495 sc->rxon.flags = htole32(WPI_RXON_TSF | WPI_RXON_CTS_TO_SELF);
4496 if (IEEE80211_IS_CHAN_2GHZ(c))
4497 sc->rxon.flags |= htole32(WPI_RXON_AUTO | WPI_RXON_24GHZ);
4498 if (ic->ic_flags & IEEE80211_F_SHSLOT)
4499 sc->rxon.flags |= htole32(WPI_RXON_SHSLOT);
4500 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
4501 sc->rxon.flags |= htole32(WPI_RXON_SHPREAMBLE);
4502 if (IEEE80211_IS_CHAN_A(c)) {
4503 sc->rxon.cck_mask = 0;
4504 sc->rxon.ofdm_mask = 0x15;
4505 } else if (IEEE80211_IS_CHAN_B(c)) {
4506 sc->rxon.cck_mask = 0x03;
4507 sc->rxon.ofdm_mask = 0;
4509 /* Assume 802.11b/g. */
4510 sc->rxon.cck_mask = 0x0f;
4511 sc->rxon.ofdm_mask = 0x15;
4513 sc->rxon.filter |= htole32(WPI_FILTER_BSS);
4515 DPRINTF(sc, WPI_DEBUG_STATE, "rxon chan %d flags %x\n",
4516 sc->rxon.chan, sc->rxon.flags);
4518 if ((error = wpi_send_rxon(sc, 0, 1)) != 0) {
4519 device_printf(sc->sc_dev, "%s: could not send RXON\n",
4524 /* Start periodic calibration timer. */
4525 callout_reset(&sc->calib_to, 60*hz, wpi_calib_timeout, sc);
4527 WPI_RXON_UNLOCK(sc);
4529 if (vap->iv_opmode == IEEE80211_M_IBSS ||
4530 vap->iv_opmode == IEEE80211_M_HOSTAP) {
4531 if ((error = wpi_setup_beacon(sc, ni)) != 0) {
4532 device_printf(sc->sc_dev,
4533 "%s: could not setup beacon, error %d\n", __func__,
4539 if (vap->iv_opmode == IEEE80211_M_STA) {
4542 error = wpi_add_sta_node(sc, ni);
4545 device_printf(sc->sc_dev,
4546 "%s: could not add BSS node, error %d\n", __func__,
4552 /* Link LED always on while associated. */
4553 wpi_set_led(sc, WPI_LED_LINK, 0, 1);
4555 /* Enable power-saving mode if requested by user. */
4556 if ((vap->iv_flags & IEEE80211_F_PMGTON) &&
4557 vap->iv_opmode != IEEE80211_M_IBSS)
4558 (void)wpi_set_pslevel(sc, 0, 3, 1);
4560 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
4566 wpi_load_key(struct ieee80211_node *ni, const struct ieee80211_key *k)
4568 const struct ieee80211_cipher *cip = k->wk_cipher;
4569 struct ieee80211vap *vap = ni->ni_vap;
4570 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc;
4571 struct wpi_node *wn = WPI_NODE(ni);
4572 struct wpi_node_info node;
4576 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4578 if (wpi_check_node_entry(sc, wn->id) == 0) {
4579 device_printf(sc->sc_dev, "%s: node does not exist\n",
4584 switch (cip->ic_cipher) {
4585 case IEEE80211_CIPHER_AES_CCM:
4586 kflags = WPI_KFLAG_CCMP;
4590 device_printf(sc->sc_dev, "%s: unknown cipher %d\n", __func__,
4595 kflags |= WPI_KFLAG_KID(k->wk_keyix);
4596 if (k->wk_flags & IEEE80211_KEY_GROUP)
4597 kflags |= WPI_KFLAG_MULTICAST;
4599 memset(&node, 0, sizeof node);
4601 node.control = WPI_NODE_UPDATE;
4602 node.flags = WPI_FLAG_KEY_SET;
4603 node.kflags = htole16(kflags);
4604 memcpy(node.key, k->wk_key, k->wk_keylen);
4606 DPRINTF(sc, WPI_DEBUG_KEY,
4607 "%s: setting %s key id %d for node %d (%s)\n", __func__,
4608 (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast", k->wk_keyix,
4609 node.id, ether_sprintf(ni->ni_macaddr));
4611 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
4613 device_printf(sc->sc_dev, "can't update node info, error %d\n",
4618 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k &&
4619 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) {
4620 kflags |= WPI_KFLAG_MULTICAST;
4621 node.kflags = htole16(kflags);
4630 wpi_load_key_cb(void *arg, struct ieee80211_node *ni)
4632 const struct ieee80211_key *k = arg;
4633 struct ieee80211vap *vap = ni->ni_vap;
4634 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc;
4635 struct wpi_node *wn = WPI_NODE(ni);
4638 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED)
4642 error = wpi_load_key(ni, k);
4646 device_printf(sc->sc_dev, "%s: error while setting key\n",
4652 wpi_set_global_keys(struct ieee80211_node *ni)
4654 struct ieee80211vap *vap = ni->ni_vap;
4655 struct ieee80211_key *wk = &vap->iv_nw_keys[0];
4658 for (; wk < &vap->iv_nw_keys[IEEE80211_WEP_NKID] && error; wk++)
4659 if (wk->wk_keyix != IEEE80211_KEYIX_NONE)
4660 error = wpi_load_key(ni, wk);
4666 wpi_del_key(struct ieee80211_node *ni, const struct ieee80211_key *k)
4668 struct ieee80211vap *vap = ni->ni_vap;
4669 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc;
4670 struct wpi_node *wn = WPI_NODE(ni);
4671 struct wpi_node_info node;
4675 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4677 if (wpi_check_node_entry(sc, wn->id) == 0) {
4678 DPRINTF(sc, WPI_DEBUG_KEY, "%s: node was removed\n", __func__);
4679 return 1; /* Nothing to do. */
4682 kflags = WPI_KFLAG_KID(k->wk_keyix);
4683 if (k->wk_flags & IEEE80211_KEY_GROUP)
4684 kflags |= WPI_KFLAG_MULTICAST;
4686 memset(&node, 0, sizeof node);
4688 node.control = WPI_NODE_UPDATE;
4689 node.flags = WPI_FLAG_KEY_SET;
4690 node.kflags = htole16(kflags);
4692 DPRINTF(sc, WPI_DEBUG_KEY, "%s: deleting %s key %d for node %d (%s)\n",
4693 __func__, (kflags & WPI_KFLAG_MULTICAST) ? "group" : "ucast",
4694 k->wk_keyix, node.id, ether_sprintf(ni->ni_macaddr));
4696 error = wpi_cmd(sc, WPI_CMD_ADD_NODE, &node, sizeof node, 1);
4698 device_printf(sc->sc_dev, "can't update node info, error %d\n",
4703 if (!(kflags & WPI_KFLAG_MULTICAST) && &vap->iv_nw_keys[0] <= k &&
4704 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) {
4705 kflags |= WPI_KFLAG_MULTICAST;
4706 node.kflags = htole16(kflags);
4715 wpi_del_key_cb(void *arg, struct ieee80211_node *ni)
4717 const struct ieee80211_key *k = arg;
4718 struct ieee80211vap *vap = ni->ni_vap;
4719 struct wpi_softc *sc = ni->ni_ic->ic_ifp->if_softc;
4720 struct wpi_node *wn = WPI_NODE(ni);
4723 if (vap->iv_bss == ni && wn->id == WPI_ID_UNDEFINED)
4727 error = wpi_del_key(ni, k);
4731 device_printf(sc->sc_dev, "%s: error while deleting key\n",
4737 wpi_process_key(struct ieee80211vap *vap, const struct ieee80211_key *k,
4740 struct ieee80211com *ic = vap->iv_ic;
4741 struct wpi_softc *sc = ic->ic_ifp->if_softc;
4742 struct wpi_vap *wvp = WPI_VAP(vap);
4743 struct ieee80211_node *ni;
4744 int error, ni_ref = 0;
4746 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4748 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
4753 if (!(k->wk_flags & IEEE80211_KEY_RECV)) {
4754 /* XMIT keys are handled in wpi_tx_data(). */
4758 /* Handle group keys. */
4759 if (&vap->iv_nw_keys[0] <= k &&
4760 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID]) {
4763 wvp->wv_gtk |= WPI_VAP_KEY(k->wk_keyix);
4765 wvp->wv_gtk &= ~WPI_VAP_KEY(k->wk_keyix);
4768 if (vap->iv_state == IEEE80211_S_RUN) {
4769 ieee80211_iterate_nodes(&ic->ic_sta,
4770 set ? wpi_load_key_cb : wpi_del_key_cb,
4771 __DECONST(void *, k));
4777 switch (vap->iv_opmode) {
4778 case IEEE80211_M_STA:
4782 case IEEE80211_M_IBSS:
4783 case IEEE80211_M_AHDEMO:
4784 case IEEE80211_M_HOSTAP:
4785 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, k->wk_macaddr);
4787 return 0; /* should not happen */
4793 device_printf(sc->sc_dev, "%s: unknown opmode %d\n", __func__,
4800 error = wpi_load_key(ni, k);
4802 error = wpi_del_key(ni, k);
4806 ieee80211_node_decref(ni);
4812 wpi_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k,
4813 const uint8_t mac[IEEE80211_ADDR_LEN])
4815 return wpi_process_key(vap, k, 1);
4819 wpi_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
4821 return wpi_process_key(vap, k, 0);
4825 * This function is called after the runtime firmware notifies us of its
4826 * readiness (called in a process context).
4829 wpi_post_alive(struct wpi_softc *sc)
4833 /* Check (again) that the radio is not disabled. */
4834 if ((error = wpi_nic_lock(sc)) != 0)
4837 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4839 /* NB: Runtime firmware must be up and running. */
4840 if (!(wpi_prph_read(sc, WPI_APMG_RFKILL) & 1)) {
4841 device_printf(sc->sc_dev,
4842 "RF switch: radio disabled (%s)\n", __func__);
4844 return EPERM; /* :-) */
4848 /* Wait for thermal sensor to calibrate. */
4849 for (ntries = 0; ntries < 1000; ntries++) {
4850 if ((sc->temp = (int)WPI_READ(sc, WPI_UCODE_GP2)) != 0)
4855 if (ntries == 1000) {
4856 device_printf(sc->sc_dev,
4857 "timeout waiting for thermal sensor calibration\n");
4861 DPRINTF(sc, WPI_DEBUG_TEMP, "temperature %d\n", sc->temp);
4866 * The firmware boot code is small and is intended to be copied directly into
4867 * the NIC internal memory (no DMA transfer).
4870 wpi_load_bootcode(struct wpi_softc *sc, const uint8_t *ucode, int size)
4874 DPRINTF(sc, WPI_DEBUG_HW, "Loading microcode size 0x%x\n", size);
4876 size /= sizeof (uint32_t);
4878 if ((error = wpi_nic_lock(sc)) != 0)
4881 /* Copy microcode image into NIC memory. */
4882 wpi_prph_write_region_4(sc, WPI_BSM_SRAM_BASE,
4883 (const uint32_t *)ucode, size);
4885 wpi_prph_write(sc, WPI_BSM_WR_MEM_SRC, 0);
4886 wpi_prph_write(sc, WPI_BSM_WR_MEM_DST, WPI_FW_TEXT_BASE);
4887 wpi_prph_write(sc, WPI_BSM_WR_DWCOUNT, size);
4889 /* Start boot load now. */
4890 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START);
4892 /* Wait for transfer to complete. */
4893 for (ntries = 0; ntries < 1000; ntries++) {
4894 uint32_t status = WPI_READ(sc, WPI_FH_TX_STATUS);
4895 DPRINTF(sc, WPI_DEBUG_HW,
4896 "firmware status=0x%x, val=0x%x, result=0x%x\n", status,
4897 WPI_FH_TX_STATUS_IDLE(6),
4898 status & WPI_FH_TX_STATUS_IDLE(6));
4899 if (status & WPI_FH_TX_STATUS_IDLE(6)) {
4900 DPRINTF(sc, WPI_DEBUG_HW,
4901 "Status Match! - ntries = %d\n", ntries);
4906 if (ntries == 1000) {
4907 device_printf(sc->sc_dev, "%s: could not load boot firmware\n",
4913 /* Enable boot after power up. */
4914 wpi_prph_write(sc, WPI_BSM_WR_CTRL, WPI_BSM_WR_CTRL_START_EN);
4921 wpi_load_firmware(struct wpi_softc *sc)
4923 struct wpi_fw_info *fw = &sc->fw;
4924 struct wpi_dma_info *dma = &sc->fw_dma;
4927 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4929 /* Copy initialization sections into pre-allocated DMA-safe memory. */
4930 memcpy(dma->vaddr, fw->init.data, fw->init.datasz);
4931 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
4932 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->init.text, fw->init.textsz);
4933 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
4935 /* Tell adapter where to find initialization sections. */
4936 if ((error = wpi_nic_lock(sc)) != 0)
4938 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr);
4939 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->init.datasz);
4940 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR,
4941 dma->paddr + WPI_FW_DATA_MAXSZ);
4942 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE, fw->init.textsz);
4945 /* Load firmware boot code. */
4946 error = wpi_load_bootcode(sc, fw->boot.text, fw->boot.textsz);
4948 device_printf(sc->sc_dev, "%s: could not load boot firmware\n",
4953 /* Now press "execute". */
4954 WPI_WRITE(sc, WPI_RESET, 0);
4956 /* Wait at most one second for first alive notification. */
4957 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) {
4958 device_printf(sc->sc_dev,
4959 "%s: timeout waiting for adapter to initialize, error %d\n",
4964 /* Copy runtime sections into pre-allocated DMA-safe memory. */
4965 memcpy(dma->vaddr, fw->main.data, fw->main.datasz);
4966 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
4967 memcpy(dma->vaddr + WPI_FW_DATA_MAXSZ, fw->main.text, fw->main.textsz);
4968 bus_dmamap_sync(dma->tag, dma->map, BUS_DMASYNC_PREWRITE);
4970 /* Tell adapter where to find runtime sections. */
4971 if ((error = wpi_nic_lock(sc)) != 0)
4973 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_ADDR, dma->paddr);
4974 wpi_prph_write(sc, WPI_BSM_DRAM_DATA_SIZE, fw->main.datasz);
4975 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_ADDR,
4976 dma->paddr + WPI_FW_DATA_MAXSZ);
4977 wpi_prph_write(sc, WPI_BSM_DRAM_TEXT_SIZE,
4978 WPI_FW_UPDATED | fw->main.textsz);
4985 wpi_read_firmware(struct wpi_softc *sc)
4987 const struct firmware *fp;
4988 struct wpi_fw_info *fw = &sc->fw;
4989 const struct wpi_firmware_hdr *hdr;
4992 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
4994 DPRINTF(sc, WPI_DEBUG_FIRMWARE,
4995 "Attempting Loading Firmware from %s module\n", WPI_FW_NAME);
4998 fp = firmware_get(WPI_FW_NAME);
5002 device_printf(sc->sc_dev,
5003 "could not load firmware image '%s'\n", WPI_FW_NAME);
5009 if (fp->datasize < sizeof (struct wpi_firmware_hdr)) {
5010 device_printf(sc->sc_dev,
5011 "firmware file too short: %zu bytes\n", fp->datasize);
5016 fw->size = fp->datasize;
5017 fw->data = (const uint8_t *)fp->data;
5019 /* Extract firmware header information. */
5020 hdr = (const struct wpi_firmware_hdr *)fw->data;
5022 /* | RUNTIME FIRMWARE | INIT FIRMWARE | BOOT FW |
5023 |HDR|<--TEXT-->|<--DATA-->|<--TEXT-->|<--DATA-->|<--TEXT-->| */
5025 fw->main.textsz = le32toh(hdr->rtextsz);
5026 fw->main.datasz = le32toh(hdr->rdatasz);
5027 fw->init.textsz = le32toh(hdr->itextsz);
5028 fw->init.datasz = le32toh(hdr->idatasz);
5029 fw->boot.textsz = le32toh(hdr->btextsz);
5030 fw->boot.datasz = 0;
5032 /* Sanity-check firmware header. */
5033 if (fw->main.textsz > WPI_FW_TEXT_MAXSZ ||
5034 fw->main.datasz > WPI_FW_DATA_MAXSZ ||
5035 fw->init.textsz > WPI_FW_TEXT_MAXSZ ||
5036 fw->init.datasz > WPI_FW_DATA_MAXSZ ||
5037 fw->boot.textsz > WPI_FW_BOOT_TEXT_MAXSZ ||
5038 (fw->boot.textsz & 3) != 0) {
5039 device_printf(sc->sc_dev, "invalid firmware header\n");
5044 /* Check that all firmware sections fit. */
5045 if (fw->size < sizeof (*hdr) + fw->main.textsz + fw->main.datasz +
5046 fw->init.textsz + fw->init.datasz + fw->boot.textsz) {
5047 device_printf(sc->sc_dev,
5048 "firmware file too short: %zu bytes\n", fw->size);
5053 /* Get pointers to firmware sections. */
5054 fw->main.text = (const uint8_t *)(hdr + 1);
5055 fw->main.data = fw->main.text + fw->main.textsz;
5056 fw->init.text = fw->main.data + fw->main.datasz;
5057 fw->init.data = fw->init.text + fw->init.textsz;
5058 fw->boot.text = fw->init.data + fw->init.datasz;
5060 DPRINTF(sc, WPI_DEBUG_FIRMWARE,
5061 "Firmware Version: Major %d, Minor %d, Driver %d, \n"
5062 "runtime (text: %u, data: %u) init (text: %u, data %u) "
5063 "boot (text %u)\n", hdr->major, hdr->minor, le32toh(hdr->driver),
5064 fw->main.textsz, fw->main.datasz,
5065 fw->init.textsz, fw->init.datasz, fw->boot.textsz);
5067 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.text %p\n", fw->main.text);
5068 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->main.data %p\n", fw->main.data);
5069 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.text %p\n", fw->init.text);
5070 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->init.data %p\n", fw->init.data);
5071 DPRINTF(sc, WPI_DEBUG_FIRMWARE, "fw->boot.text %p\n", fw->boot.text);
5075 fail: wpi_unload_firmware(sc);
5080 * Free the referenced firmware image
5083 wpi_unload_firmware(struct wpi_softc *sc)
5085 if (sc->fw_fp != NULL) {
5086 firmware_put(sc->fw_fp, FIRMWARE_UNLOAD);
5092 wpi_clock_wait(struct wpi_softc *sc)
5096 /* Set "initialization complete" bit. */
5097 WPI_SETBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE);
5099 /* Wait for clock stabilization. */
5100 for (ntries = 0; ntries < 2500; ntries++) {
5101 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_MAC_CLOCK_READY)
5105 device_printf(sc->sc_dev,
5106 "%s: timeout waiting for clock stabilization\n", __func__);
5112 wpi_apm_init(struct wpi_softc *sc)
5117 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
5119 /* Disable L0s exit timer (NMI bug workaround). */
5120 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_DIS_L0S_TIMER);
5121 /* Don't wait for ICH L0s (ICH bug workaround). */
5122 WPI_SETBITS(sc, WPI_GIO_CHICKEN, WPI_GIO_CHICKEN_L1A_NO_L0S_RX);
5124 /* Set FH wait threshold to max (HW bug under stress workaround). */
5125 WPI_SETBITS(sc, WPI_DBG_HPET_MEM, 0xffff0000);
5127 /* Retrieve PCIe Active State Power Management (ASPM). */
5128 reg = pci_read_config(sc->sc_dev, sc->sc_cap_off + 0x10, 1);
5129 /* Workaround for HW instability in PCIe L0->L0s->L1 transition. */
5130 if (reg & 0x02) /* L1 Entry enabled. */
5131 WPI_SETBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA);
5133 WPI_CLRBITS(sc, WPI_GIO, WPI_GIO_L0S_ENA);
5135 WPI_SETBITS(sc, WPI_ANA_PLL, WPI_ANA_PLL_INIT);
5137 /* Wait for clock stabilization before accessing prph. */
5138 if ((error = wpi_clock_wait(sc)) != 0)
5141 if ((error = wpi_nic_lock(sc)) != 0)
5144 wpi_prph_write(sc, WPI_APMG_CLK_DIS, 0x00000400);
5145 wpi_prph_clrbits(sc, WPI_APMG_PS, 0x00000200);
5147 /* Enable DMA and BSM (Bootstrap State Machine). */
5148 wpi_prph_write(sc, WPI_APMG_CLK_EN,
5149 WPI_APMG_CLK_CTRL_DMA_CLK_RQT | WPI_APMG_CLK_CTRL_BSM_CLK_RQT);
5151 /* Disable L1-Active. */
5152 wpi_prph_setbits(sc, WPI_APMG_PCI_STT, WPI_APMG_PCI_STT_L1A_DIS);
5159 wpi_apm_stop_master(struct wpi_softc *sc)
5163 /* Stop busmaster DMA activity. */
5164 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_STOP_MASTER);
5166 if ((WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_PS_MASK) ==
5167 WPI_GP_CNTRL_MAC_PS)
5168 return; /* Already asleep. */
5170 for (ntries = 0; ntries < 100; ntries++) {
5171 if (WPI_READ(sc, WPI_RESET) & WPI_RESET_MASTER_DISABLED)
5175 device_printf(sc->sc_dev, "%s: timeout waiting for master\n",
5180 wpi_apm_stop(struct wpi_softc *sc)
5182 wpi_apm_stop_master(sc);
5184 /* Reset the entire device. */
5185 WPI_SETBITS(sc, WPI_RESET, WPI_RESET_SW);
5187 /* Clear "initialization complete" bit. */
5188 WPI_CLRBITS(sc, WPI_GP_CNTRL, WPI_GP_CNTRL_INIT_DONE);
5192 wpi_nic_config(struct wpi_softc *sc)
5196 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
5198 /* voodoo from the Linux "driver".. */
5199 rev = pci_read_config(sc->sc_dev, PCIR_REVID, 1);
5200 if ((rev & 0xc0) == 0x40)
5201 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MB);
5202 else if (!(rev & 0x80))
5203 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_ALM_MM);
5205 if (sc->cap == 0x80)
5206 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_SKU_MRC);
5208 if ((sc->rev & 0xf0) == 0xd0)
5209 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D);
5211 WPI_CLRBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_REV_D);
5214 WPI_SETBITS(sc, WPI_HW_IF_CONFIG, WPI_HW_IF_CONFIG_TYPE_B);
5218 wpi_hw_init(struct wpi_softc *sc)
5220 int chnl, ntries, error;
5222 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
5224 /* Clear pending interrupts. */
5225 WPI_WRITE(sc, WPI_INT, 0xffffffff);
5227 if ((error = wpi_apm_init(sc)) != 0) {
5228 device_printf(sc->sc_dev,
5229 "%s: could not power ON adapter, error %d\n", __func__,
5234 /* Select VMAIN power source. */
5235 if ((error = wpi_nic_lock(sc)) != 0)
5237 wpi_prph_clrbits(sc, WPI_APMG_PS, WPI_APMG_PS_PWR_SRC_MASK);
5239 /* Spin until VMAIN gets selected. */
5240 for (ntries = 0; ntries < 5000; ntries++) {
5241 if (WPI_READ(sc, WPI_GPIO_IN) & WPI_GPIO_IN_VMAIN)
5245 if (ntries == 5000) {
5246 device_printf(sc->sc_dev, "timeout selecting power source\n");
5250 /* Perform adapter initialization. */
5253 /* Initialize RX ring. */
5254 if ((error = wpi_nic_lock(sc)) != 0)
5256 /* Set physical address of RX ring. */
5257 WPI_WRITE(sc, WPI_FH_RX_BASE, sc->rxq.desc_dma.paddr);
5258 /* Set physical address of RX read pointer. */
5259 WPI_WRITE(sc, WPI_FH_RX_RPTR_ADDR, sc->shared_dma.paddr +
5260 offsetof(struct wpi_shared, next));
5261 WPI_WRITE(sc, WPI_FH_RX_WPTR, 0);
5263 WPI_WRITE(sc, WPI_FH_RX_CONFIG,
5264 WPI_FH_RX_CONFIG_DMA_ENA |
5265 WPI_FH_RX_CONFIG_RDRBD_ENA |
5266 WPI_FH_RX_CONFIG_WRSTATUS_ENA |
5267 WPI_FH_RX_CONFIG_MAXFRAG |
5268 WPI_FH_RX_CONFIG_NRBD(WPI_RX_RING_COUNT_LOG) |
5269 WPI_FH_RX_CONFIG_IRQ_DST_HOST |
5270 WPI_FH_RX_CONFIG_IRQ_TIMEOUT(1));
5271 (void)WPI_READ(sc, WPI_FH_RSSR_TBL); /* barrier */
5273 WPI_WRITE(sc, WPI_FH_RX_WPTR, (WPI_RX_RING_COUNT - 1) & ~7);
5275 /* Initialize TX rings. */
5276 if ((error = wpi_nic_lock(sc)) != 0)
5278 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 2); /* bypass mode */
5279 wpi_prph_write(sc, WPI_ALM_SCHED_ARASTAT, 1); /* enable RA0 */
5280 /* Enable all 6 TX rings. */
5281 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0x3f);
5282 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE1, 0x10000);
5283 wpi_prph_write(sc, WPI_ALM_SCHED_SBYPASS_MODE2, 0x30002);
5284 wpi_prph_write(sc, WPI_ALM_SCHED_TXF4MF, 4);
5285 wpi_prph_write(sc, WPI_ALM_SCHED_TXF5MF, 5);
5286 /* Set physical address of TX rings. */
5287 WPI_WRITE(sc, WPI_FH_TX_BASE, sc->shared_dma.paddr);
5288 WPI_WRITE(sc, WPI_FH_MSG_CONFIG, 0xffff05a5);
5290 /* Enable all DMA channels. */
5291 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) {
5292 WPI_WRITE(sc, WPI_FH_CBBC_CTRL(chnl), 0);
5293 WPI_WRITE(sc, WPI_FH_CBBC_BASE(chnl), 0);
5294 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0x80200008);
5297 (void)WPI_READ(sc, WPI_FH_TX_BASE); /* barrier */
5299 /* Clear "radio off" and "commands blocked" bits. */
5300 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL);
5301 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_CMD_BLOCKED);
5303 /* Clear pending interrupts. */
5304 WPI_WRITE(sc, WPI_INT, 0xffffffff);
5305 /* Enable interrupts. */
5306 WPI_WRITE(sc, WPI_INT_MASK, WPI_INT_MASK_DEF);
5308 /* _Really_ make sure "radio off" bit is cleared! */
5309 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL);
5310 WPI_WRITE(sc, WPI_UCODE_GP1_CLR, WPI_UCODE_GP1_RFKILL);
5312 if ((error = wpi_load_firmware(sc)) != 0) {
5313 device_printf(sc->sc_dev,
5314 "%s: could not load firmware, error %d\n", __func__,
5318 /* Wait at most one second for firmware alive notification. */
5319 if ((error = mtx_sleep(sc, &sc->sc_mtx, PCATCH, "wpiinit", hz)) != 0) {
5320 device_printf(sc->sc_dev,
5321 "%s: timeout waiting for adapter to initialize, error %d\n",
5326 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
5328 /* Do post-firmware initialization. */
5329 return wpi_post_alive(sc);
5333 wpi_hw_stop(struct wpi_softc *sc)
5335 int chnl, qid, ntries;
5337 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
5339 if (WPI_READ(sc, WPI_UCODE_GP1) & WPI_UCODE_GP1_MAC_SLEEP)
5342 WPI_WRITE(sc, WPI_RESET, WPI_RESET_NEVO);
5344 /* Disable interrupts. */
5345 WPI_WRITE(sc, WPI_INT_MASK, 0);
5346 WPI_WRITE(sc, WPI_INT, 0xffffffff);
5347 WPI_WRITE(sc, WPI_FH_INT, 0xffffffff);
5349 /* Make sure we no longer hold the NIC lock. */
5352 if (wpi_nic_lock(sc) == 0) {
5353 /* Stop TX scheduler. */
5354 wpi_prph_write(sc, WPI_ALM_SCHED_MODE, 0);
5355 wpi_prph_write(sc, WPI_ALM_SCHED_TXFACT, 0);
5357 /* Stop all DMA channels. */
5358 for (chnl = 0; chnl < WPI_NDMACHNLS; chnl++) {
5359 WPI_WRITE(sc, WPI_FH_TX_CONFIG(chnl), 0);
5360 for (ntries = 0; ntries < 200; ntries++) {
5361 if (WPI_READ(sc, WPI_FH_TX_STATUS) &
5362 WPI_FH_TX_STATUS_IDLE(chnl))
5371 wpi_reset_rx_ring(sc);
5373 /* Reset all TX rings. */
5374 for (qid = 0; qid < WPI_NTXQUEUES; qid++)
5375 wpi_reset_tx_ring(sc, &sc->txq[qid]);
5377 if (wpi_nic_lock(sc) == 0) {
5378 wpi_prph_write(sc, WPI_APMG_CLK_DIS,
5379 WPI_APMG_CLK_CTRL_DMA_CLK_RQT);
5383 /* Power OFF adapter. */
5388 wpi_radio_on(void *arg0, int pending)
5390 struct wpi_softc *sc = arg0;
5391 struct ifnet *ifp = sc->sc_ifp;
5392 struct ieee80211com *ic = ifp->if_l2com;
5393 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5395 device_printf(sc->sc_dev, "RF switch: radio enabled\n");
5399 ieee80211_init(vap);
5402 if (WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL) {
5404 callout_stop(&sc->watchdog_rfkill);
5410 wpi_radio_off(void *arg0, int pending)
5412 struct wpi_softc *sc = arg0;
5413 struct ifnet *ifp = sc->sc_ifp;
5414 struct ieee80211com *ic = ifp->if_l2com;
5415 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5417 device_printf(sc->sc_dev, "RF switch: radio disabled\n");
5421 ieee80211_stop(vap);
5424 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill, sc);
5431 struct wpi_softc *sc = arg;
5432 struct ifnet *ifp = sc->sc_ifp;
5433 struct ieee80211com *ic = ifp->if_l2com;
5438 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_BEGIN, __func__);
5440 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) != 0)
5443 /* Check that the radio is not disabled by hardware switch. */
5444 if (!(WPI_READ(sc, WPI_GP_CNTRL) & WPI_GP_CNTRL_RFKILL)) {
5445 device_printf(sc->sc_dev,
5446 "RF switch: radio disabled (%s)\n", __func__);
5447 callout_reset(&sc->watchdog_rfkill, hz, wpi_watchdog_rfkill,
5452 /* Read firmware images from the filesystem. */
5453 if ((error = wpi_read_firmware(sc)) != 0) {
5454 device_printf(sc->sc_dev,
5455 "%s: could not read firmware, error %d\n", __func__,
5460 /* Initialize hardware and upload firmware. */
5461 error = wpi_hw_init(sc);
5462 wpi_unload_firmware(sc);
5464 device_printf(sc->sc_dev,
5465 "%s: could not initialize hardware, error %d\n", __func__,
5470 /* Configure adapter now that it is ready. */
5472 if ((error = wpi_config(sc)) != 0) {
5473 device_printf(sc->sc_dev,
5474 "%s: could not configure device, error %d\n", __func__,
5479 IF_LOCK(&ifp->if_snd);
5480 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
5481 ifp->if_drv_flags |= IFF_DRV_RUNNING;
5482 IF_UNLOCK(&ifp->if_snd);
5484 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END, __func__);
5488 ieee80211_start_all(ic);
5492 fail: wpi_stop_locked(sc);
5493 end: DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_END_ERR, __func__);
5498 wpi_stop_locked(struct wpi_softc *sc)
5500 struct ifnet *ifp = sc->sc_ifp;
5502 WPI_LOCK_ASSERT(sc);
5508 WPI_TXQ_STATE_LOCK(sc);
5509 callout_stop(&sc->tx_timeout);
5510 WPI_TXQ_STATE_UNLOCK(sc);
5513 callout_stop(&sc->scan_timeout);
5514 callout_stop(&sc->calib_to);
5515 WPI_RXON_UNLOCK(sc);
5517 IF_LOCK(&ifp->if_snd);
5518 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
5519 IF_UNLOCK(&ifp->if_snd);
5521 /* Power OFF hardware. */
5526 wpi_stop(struct wpi_softc *sc)
5529 wpi_stop_locked(sc);
5534 * Callback from net80211 to start a scan.
5537 wpi_scan_start(struct ieee80211com *ic)
5539 struct wpi_softc *sc = ic->ic_ifp->if_softc;
5541 wpi_set_led(sc, WPI_LED_LINK, 20, 2);
5545 * Callback from net80211 to terminate a scan.
5548 wpi_scan_end(struct ieee80211com *ic)
5550 struct ifnet *ifp = ic->ic_ifp;
5551 struct wpi_softc *sc = ifp->if_softc;
5552 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5554 if (vap->iv_state == IEEE80211_S_RUN)
5555 wpi_set_led(sc, WPI_LED_LINK, 0, 1);
5559 * Called by the net80211 framework to indicate to the driver
5560 * that the channel should be changed
5563 wpi_set_channel(struct ieee80211com *ic)
5565 const struct ieee80211_channel *c = ic->ic_curchan;
5566 struct ifnet *ifp = ic->ic_ifp;
5567 struct wpi_softc *sc = ifp->if_softc;
5570 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
5573 sc->sc_rxtap.wr_chan_freq = htole16(c->ic_freq);
5574 sc->sc_rxtap.wr_chan_flags = htole16(c->ic_flags);
5577 sc->sc_txtap.wt_chan_freq = htole16(c->ic_freq);
5578 sc->sc_txtap.wt_chan_flags = htole16(c->ic_flags);
5582 * Only need to set the channel in Monitor mode. AP scanning and auth
5583 * are already taken care of by their respective firmware commands.
5585 if (ic->ic_opmode == IEEE80211_M_MONITOR) {
5587 sc->rxon.chan = ieee80211_chan2ieee(ic, c);
5588 if (IEEE80211_IS_CHAN_2GHZ(c)) {
5589 sc->rxon.flags |= htole32(WPI_RXON_AUTO |
5592 sc->rxon.flags &= ~htole32(WPI_RXON_AUTO |
5595 if ((error = wpi_send_rxon(sc, 0, 1)) != 0)
5596 device_printf(sc->sc_dev,
5597 "%s: error %d setting channel\n", __func__,
5599 WPI_RXON_UNLOCK(sc);
5604 * Called by net80211 to indicate that we need to scan the current
5605 * channel. The channel is previously be set via the wpi_set_channel
5609 wpi_scan_curchan(struct ieee80211_scan_state *ss, unsigned long maxdwell)
5611 struct ieee80211vap *vap = ss->ss_vap;
5612 struct ieee80211com *ic = vap->iv_ic;
5613 struct wpi_softc *sc = ic->ic_ifp->if_softc;
5617 error = wpi_scan(sc, ic->ic_curchan);
5618 WPI_RXON_UNLOCK(sc);
5620 ieee80211_cancel_scan(vap);
5624 * Called by the net80211 framework to indicate
5625 * the minimum dwell time has been met, terminate the scan.
5626 * We don't actually terminate the scan as the firmware will notify
5627 * us when it's finished and we have no way to interrupt it.
5630 wpi_scan_mindwell(struct ieee80211_scan_state *ss)
5632 /* NB: don't try to abort scan; wait for firmware to finish */
5636 wpi_hw_reset(void *arg, int pending)
5638 struct wpi_softc *sc = arg;
5639 struct ifnet *ifp = sc->sc_ifp;
5640 struct ieee80211com *ic = ifp->if_l2com;
5641 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
5643 DPRINTF(sc, WPI_DEBUG_TRACE, TRACE_STR_DOING, __func__);
5645 if (vap != NULL && (ic->ic_flags & IEEE80211_F_SCAN))
5646 ieee80211_cancel_scan(vap);
5650 ieee80211_stop(vap);
5653 ieee80211_init(vap);
projects / FreeBSD / FreeBSD.git / blob