2 * Copyright (c) 2008,2010 Damien Bergamini <damien.bergamini@free.fr>
3 * ported to FreeBSD by Akinori Furukoshi <moonlightakkiy@yahoo.ca>
4 * USB Consulting, Hans Petter Selasky <hselasky@freebsd.org>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/cdefs.h>
20 __FBSDID("$FreeBSD$");
23 * Ralink Technology RT2700U/RT2800U/RT3000U chipset driver.
24 * http://www.ralinktech.com/
27 #include <sys/param.h>
28 #include <sys/sockio.h>
29 #include <sys/sysctl.h>
31 #include <sys/mutex.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
36 #include <sys/malloc.h>
37 #include <sys/module.h>
39 #include <sys/endian.h>
40 #include <sys/linker.h>
41 #include <sys/firmware.h>
44 #include <machine/bus.h>
45 #include <machine/resource.h>
50 #include <net/if_arp.h>
51 #include <net/ethernet.h>
52 #include <net/if_dl.h>
53 #include <net/if_media.h>
54 #include <net/if_types.h>
56 #include <netinet/in.h>
57 #include <netinet/in_systm.h>
58 #include <netinet/in_var.h>
59 #include <netinet/if_ether.h>
60 #include <netinet/ip.h>
62 #include <net80211/ieee80211_var.h>
63 #include <net80211/ieee80211_regdomain.h>
64 #include <net80211/ieee80211_radiotap.h>
65 #include <net80211/ieee80211_ratectl.h>
67 #include <dev/usb/usb.h>
68 #include <dev/usb/usbdi.h>
71 #define USB_DEBUG_VAR run_debug
72 #include <dev/usb/usb_debug.h>
74 #include "if_runreg.h"
75 #include "if_runvar.h"
77 #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
85 SYSCTL_NODE(_hw_usb, OID_AUTO, run, CTLFLAG_RW, 0, "USB run");
86 SYSCTL_INT(_hw_usb_run, OID_AUTO, debug, CTLFLAG_RW, &run_debug, 0,
90 #define IEEE80211_HAS_ADDR4(wh) \
91 (((wh)->i_fc[1] & IEEE80211_FC1_DIR_MASK) == IEEE80211_FC1_DIR_DSTODS)
94 * Because of LOR in run_key_delete(), use atomic instead.
95 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
97 #define RUN_CMDQ_GET(c) (atomic_fetchadd_32((c), 1) & RUN_CMDQ_MASQ)
99 static const struct usb_device_id run_devs[] = {
100 { USB_VP(USB_VENDOR_ABOCOM, USB_PRODUCT_ABOCOM_RT2770) },
101 { USB_VP(USB_VENDOR_ABOCOM, USB_PRODUCT_ABOCOM_RT2870) },
102 { USB_VP(USB_VENDOR_ABOCOM, USB_PRODUCT_ABOCOM_RT3070) },
103 { USB_VP(USB_VENDOR_ABOCOM, USB_PRODUCT_ABOCOM_RT3071) },
104 { USB_VP(USB_VENDOR_ABOCOM, USB_PRODUCT_ABOCOM_RT3072) },
105 { USB_VP(USB_VENDOR_ABOCOM2, USB_PRODUCT_ABOCOM2_RT2870_1) },
106 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT2770) },
107 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT2870_1) },
108 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT2870_2) },
109 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT2870_3) },
110 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT2870_4) },
111 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT2870_5) },
112 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT3070) },
113 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT3070_1) },
114 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT3070_2) },
115 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT3070_3) },
116 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT3070_4) },
117 { USB_VP(USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_RT3070_5) },
118 { USB_VP(USB_VENDOR_AIRTIES, USB_PRODUCT_AIRTIES_RT3070) },
119 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT2070) },
120 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT2770) },
121 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT2870) },
122 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT3070) },
123 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT3071) },
124 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT3072) },
125 { USB_VP(USB_VENDOR_ALLWIN, USB_PRODUCT_ALLWIN_RT3572) },
126 { USB_VP(USB_VENDOR_AMIGO, USB_PRODUCT_AMIGO_RT2870_1) },
127 { USB_VP(USB_VENDOR_AMIGO, USB_PRODUCT_AMIGO_RT2870_2) },
128 { USB_VP(USB_VENDOR_AMIT, USB_PRODUCT_AMIT_CGWLUSB2GNR) },
129 { USB_VP(USB_VENDOR_AMIT, USB_PRODUCT_AMIT_RT2870_1) },
130 { USB_VP(USB_VENDOR_AMIT2, USB_PRODUCT_AMIT2_RT2870) },
131 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_RT2870_1) },
132 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_RT2870_2) },
133 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_RT2870_3) },
134 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_RT2870_4) },
135 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_RT2870_5) },
136 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_USBN13) },
137 { USB_VP(USB_VENDOR_ASUS, USB_PRODUCT_ASUS_RT3070_1) },
138 { USB_VP(USB_VENDOR_ASUS2, USB_PRODUCT_ASUS2_USBN11) },
139 { USB_VP(USB_VENDOR_AZUREWAVE, USB_PRODUCT_AZUREWAVE_RT2870_1) },
140 { USB_VP(USB_VENDOR_AZUREWAVE, USB_PRODUCT_AZUREWAVE_RT2870_2) },
141 { USB_VP(USB_VENDOR_AZUREWAVE, USB_PRODUCT_AZUREWAVE_RT3070_1) },
142 { USB_VP(USB_VENDOR_AZUREWAVE, USB_PRODUCT_AZUREWAVE_RT3070_2) },
143 { USB_VP(USB_VENDOR_AZUREWAVE, USB_PRODUCT_AZUREWAVE_RT3070_3) },
144 { USB_VP(USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D8053V3) },
145 { USB_VP(USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D8055) },
146 { USB_VP(USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F6D4050V1) },
147 { USB_VP(USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_RT2870_1) },
148 { USB_VP(USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_RT2870_2) },
149 { USB_VP(USB_VENDOR_CISCOLINKSYS2, USB_PRODUCT_CISCOLINKSYS2_RT3070) },
150 { USB_VP(USB_VENDOR_CISCOLINKSYS3, USB_PRODUCT_CISCOLINKSYS2_RT3070) },
151 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_1) },
152 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_2) },
153 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_3) },
154 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_4) },
155 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_5) },
156 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_6) },
157 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_7) },
158 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT2870_8) },
159 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT3070_1) },
160 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_RT3070_2) },
161 { USB_VP(USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_VIGORN61) },
162 { USB_VP(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_CGWLUSB300GNM) },
163 { USB_VP(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_RT2870_1) },
164 { USB_VP(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_RT2870_2) },
165 { USB_VP(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_RT2870_3) },
166 { USB_VP(USB_VENDOR_COREGA, USB_PRODUCT_COREGA_RT3070) },
167 { USB_VP(USB_VENDOR_CYBERTAN, USB_PRODUCT_CYBERTAN_RT2870) },
168 { USB_VP(USB_VENDOR_DLINK, USB_PRODUCT_DLINK_RT2870) },
169 { USB_VP(USB_VENDOR_DLINK, USB_PRODUCT_DLINK_RT3072) },
170 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DWA130) },
171 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT2870_1) },
172 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT2870_2) },
173 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3070_1) },
174 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3070_2) },
175 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3070_3) },
176 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3070_4) },
177 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3070_5) },
178 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3072) },
179 { USB_VP(USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_RT3072_1) },
180 { USB_VP(USB_VENDOR_EDIMAX, USB_PRODUCT_EDIMAX_EW7717) },
181 { USB_VP(USB_VENDOR_EDIMAX, USB_PRODUCT_EDIMAX_EW7718) },
182 { USB_VP(USB_VENDOR_EDIMAX, USB_PRODUCT_EDIMAX_RT2870_1) },
183 { USB_VP(USB_VENDOR_ENCORE, USB_PRODUCT_ENCORE_RT3070_1) },
184 { USB_VP(USB_VENDOR_ENCORE, USB_PRODUCT_ENCORE_RT3070_2) },
185 { USB_VP(USB_VENDOR_ENCORE, USB_PRODUCT_ENCORE_RT3070_3) },
186 { USB_VP(USB_VENDOR_GIGABYTE, USB_PRODUCT_GIGABYTE_GNWB31N) },
187 { USB_VP(USB_VENDOR_GIGABYTE, USB_PRODUCT_GIGABYTE_GNWB32L) },
188 { USB_VP(USB_VENDOR_GIGABYTE, USB_PRODUCT_GIGABYTE_RT2870_1) },
189 { USB_VP(USB_VENDOR_GIGASET, USB_PRODUCT_GIGASET_RT3070_1) },
190 { USB_VP(USB_VENDOR_GIGASET, USB_PRODUCT_GIGASET_RT3070_2) },
191 { USB_VP(USB_VENDOR_GUILLEMOT, USB_PRODUCT_GUILLEMOT_HWNU300) },
192 { USB_VP(USB_VENDOR_HAWKING, USB_PRODUCT_HAWKING_HWUN2) },
193 { USB_VP(USB_VENDOR_HAWKING, USB_PRODUCT_HAWKING_RT2870_1) },
194 { USB_VP(USB_VENDOR_HAWKING, USB_PRODUCT_HAWKING_RT2870_2) },
195 { USB_VP(USB_VENDOR_HAWKING, USB_PRODUCT_HAWKING_RT3070) },
196 { USB_VP(USB_VENDOR_IODATA, USB_PRODUCT_IODATA_RT3072_1) },
197 { USB_VP(USB_VENDOR_IODATA, USB_PRODUCT_IODATA_RT3072_2) },
198 { USB_VP(USB_VENDOR_IODATA, USB_PRODUCT_IODATA_RT3072_3) },
199 { USB_VP(USB_VENDOR_IODATA, USB_PRODUCT_IODATA_RT3072_4) },
200 { USB_VP(USB_VENDOR_LINKSYS4, USB_PRODUCT_LINKSYS4_RT3070) },
201 { USB_VP(USB_VENDOR_LINKSYS4, USB_PRODUCT_LINKSYS4_WUSB100) },
202 { USB_VP(USB_VENDOR_LINKSYS4, USB_PRODUCT_LINKSYS4_WUSB54GCV3) },
203 { USB_VP(USB_VENDOR_LINKSYS4, USB_PRODUCT_LINKSYS4_WUSB600N) },
204 { USB_VP(USB_VENDOR_LINKSYS4, USB_PRODUCT_LINKSYS4_WUSB600NV2) },
205 { USB_VP(USB_VENDOR_LOGITEC, USB_PRODUCT_LOGITEC_RT2870_1) },
206 { USB_VP(USB_VENDOR_LOGITEC, USB_PRODUCT_LOGITEC_RT2870_2) },
207 { USB_VP(USB_VENDOR_LOGITEC, USB_PRODUCT_LOGITEC_RT2870_3) },
208 { USB_VP(USB_VENDOR_MELCO, USB_PRODUCT_MELCO_RT2870_1) },
209 { USB_VP(USB_VENDOR_MELCO, USB_PRODUCT_MELCO_RT2870_2) },
210 { USB_VP(USB_VENDOR_MELCO, USB_PRODUCT_MELCO_WLIUCAG300N) },
211 { USB_VP(USB_VENDOR_MELCO, USB_PRODUCT_MELCO_WLIUCG300N) },
212 { USB_VP(USB_VENDOR_MELCO, USB_PRODUCT_MELCO_WLIUCGN) },
213 { USB_VP(USB_VENDOR_MOTOROLA4, USB_PRODUCT_MOTOROLA4_RT2770) },
214 { USB_VP(USB_VENDOR_MOTOROLA4, USB_PRODUCT_MOTOROLA4_RT3070) },
215 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_1) },
216 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_2) },
217 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_3) },
218 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_4) },
219 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_5) },
220 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_6) },
221 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_7) },
222 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_8) },
223 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_9) },
224 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_10) },
225 { USB_VP(USB_VENDOR_MSI, USB_PRODUCT_MSI_RT3070_11) },
226 { USB_VP(USB_VENDOR_OVISLINK, USB_PRODUCT_OVISLINK_RT3072) },
227 { USB_VP(USB_VENDOR_PARA, USB_PRODUCT_PARA_RT3070) },
228 { USB_VP(USB_VENDOR_PEGATRON, USB_PRODUCT_PEGATRON_RT2870) },
229 { USB_VP(USB_VENDOR_PEGATRON, USB_PRODUCT_PEGATRON_RT3070) },
230 { USB_VP(USB_VENDOR_PEGATRON, USB_PRODUCT_PEGATRON_RT3070_2) },
231 { USB_VP(USB_VENDOR_PEGATRON, USB_PRODUCT_PEGATRON_RT3070_3) },
232 { USB_VP(USB_VENDOR_PHILIPS, USB_PRODUCT_PHILIPS_RT2870) },
233 { USB_VP(USB_VENDOR_PLANEX2, USB_PRODUCT_PLANEX2_GWUS300MINIS) },
234 { USB_VP(USB_VENDOR_PLANEX2, USB_PRODUCT_PLANEX2_GWUSMICRON) },
235 { USB_VP(USB_VENDOR_PLANEX2, USB_PRODUCT_PLANEX2_RT2870) },
236 { USB_VP(USB_VENDOR_PLANEX2, USB_PRODUCT_PLANEX2_RT3070) },
237 { USB_VP(USB_VENDOR_QCOM, USB_PRODUCT_QCOM_RT2870) },
238 { USB_VP(USB_VENDOR_QUANTA, USB_PRODUCT_QUANTA_RT3070) },
239 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT2070) },
240 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT2770) },
241 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT2870) },
242 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT3070) },
243 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT3071) },
244 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT3072) },
245 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT3370) },
246 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT3572) },
247 { USB_VP(USB_VENDOR_RALINK, USB_PRODUCT_RALINK_RT8070) },
248 { USB_VP(USB_VENDOR_SAMSUNG2, USB_PRODUCT_SAMSUNG2_RT2870_1) },
249 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT2870_1) },
250 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT2870_2) },
251 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT2870_3) },
252 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT2870_4) },
253 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3070) },
254 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3071) },
255 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3072_1) },
256 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3072_2) },
257 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3072_3) },
258 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3072_4) },
259 { USB_VP(USB_VENDOR_SENAO, USB_PRODUCT_SENAO_RT3072_5) },
260 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT2770) },
261 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT2870_1) },
262 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT2870_2) },
263 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT2870_3) },
264 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT2870_4) },
265 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3070) },
266 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3070_2) },
267 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3070_3) },
268 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3070_4) },
269 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3071) },
270 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3072_1) },
271 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3072_2) },
272 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3072_3) },
273 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3072_4) },
274 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3072_5) },
275 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_RT3072_6) },
276 { USB_VP(USB_VENDOR_SITECOMEU, USB_PRODUCT_SITECOMEU_WL608) },
277 { USB_VP(USB_VENDOR_SPARKLAN, USB_PRODUCT_SPARKLAN_RT2870_1) },
278 { USB_VP(USB_VENDOR_SPARKLAN, USB_PRODUCT_SPARKLAN_RT3070) },
279 { USB_VP(USB_VENDOR_SWEEX2, USB_PRODUCT_SWEEX2_LW153) },
280 { USB_VP(USB_VENDOR_SWEEX2, USB_PRODUCT_SWEEX2_LW303) },
281 { USB_VP(USB_VENDOR_SWEEX2, USB_PRODUCT_SWEEX2_LW313) },
282 { USB_VP(USB_VENDOR_TOSHIBA, USB_PRODUCT_TOSHIBA_RT3070) },
283 { USB_VP(USB_VENDOR_UMEDIA, USB_PRODUCT_UMEDIA_RT2870_1) },
284 { USB_VP(USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_RT2870_1) },
285 { USB_VP(USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_RT2870_2) },
286 { USB_VP(USB_VENDOR_ZINWELL, USB_PRODUCT_ZINWELL_RT2870_1) },
287 { USB_VP(USB_VENDOR_ZINWELL, USB_PRODUCT_ZINWELL_RT2870_2) },
288 { USB_VP(USB_VENDOR_ZINWELL, USB_PRODUCT_ZINWELL_RT3070) },
289 { USB_VP(USB_VENDOR_ZINWELL, USB_PRODUCT_ZINWELL_RT3072_1) },
290 { USB_VP(USB_VENDOR_ZINWELL, USB_PRODUCT_ZINWELL_RT3072_2) },
291 { USB_VP(USB_VENDOR_ZYXEL, USB_PRODUCT_ZYXEL_RT2870_1) },
292 { USB_VP(USB_VENDOR_ZYXEL, USB_PRODUCT_ZYXEL_RT2870_2) },
295 MODULE_DEPEND(run, wlan, 1, 1, 1);
296 MODULE_DEPEND(run, usb, 1, 1, 1);
297 MODULE_DEPEND(run, firmware, 1, 1, 1);
299 static device_probe_t run_match;
300 static device_attach_t run_attach;
301 static device_detach_t run_detach;
303 static usb_callback_t run_bulk_rx_callback;
304 static usb_callback_t run_bulk_tx_callback0;
305 static usb_callback_t run_bulk_tx_callback1;
306 static usb_callback_t run_bulk_tx_callback2;
307 static usb_callback_t run_bulk_tx_callback3;
308 static usb_callback_t run_bulk_tx_callback4;
309 static usb_callback_t run_bulk_tx_callback5;
311 static void run_bulk_tx_callbackN(struct usb_xfer *xfer,
312 usb_error_t error, unsigned int index);
313 static struct ieee80211vap *run_vap_create(struct ieee80211com *,
314 const char name[IFNAMSIZ], int unit, int opmode, int flags,
315 const uint8_t bssid[IEEE80211_ADDR_LEN], const uint8_t
316 mac[IEEE80211_ADDR_LEN]);
317 static void run_vap_delete(struct ieee80211vap *);
318 static void run_cmdq_cb(void *, int);
319 static void run_setup_tx_list(struct run_softc *,
320 struct run_endpoint_queue *);
321 static void run_unsetup_tx_list(struct run_softc *,
322 struct run_endpoint_queue *);
323 static int run_load_microcode(struct run_softc *);
324 static int run_reset(struct run_softc *);
325 static usb_error_t run_do_request(struct run_softc *,
326 struct usb_device_request *, void *);
327 static int run_read(struct run_softc *, uint16_t, uint32_t *);
328 static int run_read_region_1(struct run_softc *, uint16_t, uint8_t *, int);
329 static int run_write_2(struct run_softc *, uint16_t, uint16_t);
330 static int run_write(struct run_softc *, uint16_t, uint32_t);
331 static int run_write_region_1(struct run_softc *, uint16_t,
332 const uint8_t *, int);
333 static int run_set_region_4(struct run_softc *, uint16_t, uint32_t, int);
334 static int run_efuse_read_2(struct run_softc *, uint16_t, uint16_t *);
335 static int run_eeprom_read_2(struct run_softc *, uint16_t, uint16_t *);
336 static int run_rt2870_rf_write(struct run_softc *, uint8_t, uint32_t);
337 static int run_rt3070_rf_read(struct run_softc *, uint8_t, uint8_t *);
338 static int run_rt3070_rf_write(struct run_softc *, uint8_t, uint8_t);
339 static int run_bbp_read(struct run_softc *, uint8_t, uint8_t *);
340 static int run_bbp_write(struct run_softc *, uint8_t, uint8_t);
341 static int run_mcu_cmd(struct run_softc *, uint8_t, uint16_t);
342 static const char *run_get_rf(int);
343 static int run_read_eeprom(struct run_softc *);
344 static struct ieee80211_node *run_node_alloc(struct ieee80211vap *,
345 const uint8_t mac[IEEE80211_ADDR_LEN]);
346 static int run_media_change(struct ifnet *);
347 static int run_newstate(struct ieee80211vap *, enum ieee80211_state, int);
348 static int run_wme_update(struct ieee80211com *);
349 static void run_wme_update_cb(void *);
350 static void run_key_update_begin(struct ieee80211vap *);
351 static void run_key_update_end(struct ieee80211vap *);
352 static void run_key_set_cb(void *);
353 static int run_key_set(struct ieee80211vap *, struct ieee80211_key *,
354 const uint8_t mac[IEEE80211_ADDR_LEN]);
355 static void run_key_delete_cb(void *);
356 static int run_key_delete(struct ieee80211vap *, struct ieee80211_key *);
357 static void run_ratectl_to(void *);
358 static void run_ratectl_cb(void *, int);
359 static void run_drain_fifo(void *);
360 static void run_iter_func(void *, struct ieee80211_node *);
361 static void run_newassoc_cb(void *);
362 static void run_newassoc(struct ieee80211_node *, int);
363 static void run_rx_frame(struct run_softc *, struct mbuf *, uint32_t);
364 static void run_tx_free(struct run_endpoint_queue *pq,
365 struct run_tx_data *, int);
366 static void run_set_tx_desc(struct run_softc *, struct run_tx_data *);
367 static int run_tx(struct run_softc *, struct mbuf *,
368 struct ieee80211_node *);
369 static int run_tx_mgt(struct run_softc *, struct mbuf *,
370 struct ieee80211_node *);
371 static int run_sendprot(struct run_softc *, const struct mbuf *,
372 struct ieee80211_node *, int, int);
373 static int run_tx_param(struct run_softc *, struct mbuf *,
374 struct ieee80211_node *,
375 const struct ieee80211_bpf_params *);
376 static int run_raw_xmit(struct ieee80211_node *, struct mbuf *,
377 const struct ieee80211_bpf_params *);
378 static void run_start(struct ifnet *);
379 static int run_ioctl(struct ifnet *, u_long, caddr_t);
380 static void run_set_agc(struct run_softc *, uint8_t);
381 static void run_select_chan_group(struct run_softc *, int);
382 static void run_set_rx_antenna(struct run_softc *, int);
383 static void run_rt2870_set_chan(struct run_softc *, u_int);
384 static void run_rt3070_set_chan(struct run_softc *, u_int);
385 static void run_rt3572_set_chan(struct run_softc *, u_int);
386 static int run_set_chan(struct run_softc *, struct ieee80211_channel *);
387 static void run_set_channel(struct ieee80211com *);
388 static void run_scan_start(struct ieee80211com *);
389 static void run_scan_end(struct ieee80211com *);
390 static void run_update_beacon(struct ieee80211vap *, int);
391 static void run_update_beacon_cb(void *);
392 static void run_updateprot(struct ieee80211com *);
393 static void run_usb_timeout_cb(void *);
394 static void run_reset_livelock(struct run_softc *);
395 static void run_enable_tsf_sync(struct run_softc *);
396 static void run_enable_mrr(struct run_softc *);
397 static void run_set_txpreamble(struct run_softc *);
398 static void run_set_basicrates(struct run_softc *);
399 static void run_set_leds(struct run_softc *, uint16_t);
400 static void run_set_bssid(struct run_softc *, const uint8_t *);
401 static void run_set_macaddr(struct run_softc *, const uint8_t *);
402 static void run_updateslot(struct ifnet *);
403 static void run_update_mcast(struct ifnet *);
404 static int8_t run_rssi2dbm(struct run_softc *, uint8_t, uint8_t);
405 static void run_update_promisc_locked(struct ifnet *);
406 static void run_update_promisc(struct ifnet *);
407 static int run_bbp_init(struct run_softc *);
408 static int run_rt3070_rf_init(struct run_softc *);
409 static int run_rt3070_filter_calib(struct run_softc *, uint8_t, uint8_t,
411 static void run_rt3070_rf_setup(struct run_softc *);
412 static int run_txrx_enable(struct run_softc *);
413 static void run_init(void *);
414 static void run_init_locked(struct run_softc *);
415 static void run_stop(void *);
416 static void run_delay(struct run_softc *, unsigned int);
418 static const struct {
421 } rt2870_def_mac[] = {
425 static const struct {
428 } rt2860_def_bbp[] = {
432 static const struct rfprog {
434 uint32_t r1, r2, r3, r4;
435 } rt2860_rf2850[] = {
445 static const struct {
448 } rt3070_def_rf[] = {
450 },rt3572_def_rf[] = {
454 static const struct usb_config run_config[RUN_N_XFER] = {
457 .endpoint = UE_ADDR_ANY,
459 .direction = UE_DIR_OUT,
460 .bufsize = RUN_MAX_TXSZ,
461 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
462 .callback = run_bulk_tx_callback0,
463 .timeout = 5000, /* ms */
467 .endpoint = UE_ADDR_ANY,
468 .direction = UE_DIR_OUT,
470 .bufsize = RUN_MAX_TXSZ,
471 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
472 .callback = run_bulk_tx_callback1,
473 .timeout = 5000, /* ms */
477 .endpoint = UE_ADDR_ANY,
478 .direction = UE_DIR_OUT,
480 .bufsize = RUN_MAX_TXSZ,
481 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
482 .callback = run_bulk_tx_callback2,
483 .timeout = 5000, /* ms */
487 .endpoint = UE_ADDR_ANY,
488 .direction = UE_DIR_OUT,
490 .bufsize = RUN_MAX_TXSZ,
491 .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
492 .callback = run_bulk_tx_callback3,
493 .timeout = 5000, /* ms */
495 [RUN_BULK_TX_HCCA] = {
497 .endpoint = UE_ADDR_ANY,
498 .direction = UE_DIR_OUT,
500 .bufsize = RUN_MAX_TXSZ,
501 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
502 .callback = run_bulk_tx_callback4,
503 .timeout = 5000, /* ms */
505 [RUN_BULK_TX_PRIO] = {
507 .endpoint = UE_ADDR_ANY,
508 .direction = UE_DIR_OUT,
510 .bufsize = RUN_MAX_TXSZ,
511 .flags = {.pipe_bof = 1,.force_short_xfer = 1,.no_pipe_ok = 1,},
512 .callback = run_bulk_tx_callback5,
513 .timeout = 5000, /* ms */
517 .endpoint = UE_ADDR_ANY,
518 .direction = UE_DIR_IN,
519 .bufsize = RUN_MAX_RXSZ,
520 .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
521 .callback = run_bulk_rx_callback,
526 run_match(device_t self)
528 struct usb_attach_arg *uaa = device_get_ivars(self);
530 if (uaa->usb_mode != USB_MODE_HOST)
532 if (uaa->info.bConfigIndex != 0)
534 if (uaa->info.bIfaceIndex != RT2860_IFACE_INDEX)
537 return (usbd_lookup_id_by_uaa(run_devs, sizeof(run_devs), uaa));
541 run_attach(device_t self)
543 struct run_softc *sc = device_get_softc(self);
544 struct usb_attach_arg *uaa = device_get_ivars(self);
545 struct ieee80211com *ic;
548 int i, ntries, error;
549 uint8_t iface_index, bands;
551 device_set_usb_desc(self);
552 sc->sc_udev = uaa->device;
555 mtx_init(&sc->sc_mtx, device_get_nameunit(sc->sc_dev),
556 MTX_NETWORK_LOCK, MTX_DEF);
558 iface_index = RT2860_IFACE_INDEX;
560 error = usbd_transfer_setup(uaa->device, &iface_index,
561 sc->sc_xfer, run_config, RUN_N_XFER, sc, &sc->sc_mtx);
563 device_printf(self, "could not allocate USB transfers, "
564 "err=%s\n", usbd_errstr(error));
570 /* wait for the chip to settle */
571 for (ntries = 0; ntries < 100; ntries++) {
572 if (run_read(sc, RT2860_ASIC_VER_ID, &ver) != 0){
576 if (ver != 0 && ver != 0xffffffff)
581 device_printf(sc->sc_dev,
582 "timeout waiting for NIC to initialize\n");
586 sc->mac_ver = ver >> 16;
587 sc->mac_rev = ver & 0xffff;
589 /* retrieve RF rev. no and various other things from EEPROM */
592 device_printf(sc->sc_dev,
593 "MAC/BBP RT%04X (rev 0x%04X), RF %s (MIMO %dT%dR), address %s\n",
594 sc->mac_ver, sc->mac_rev, run_get_rf(sc->rf_rev),
595 sc->ntxchains, sc->nrxchains, ether_sprintf(sc->sc_bssid));
597 if ((error = run_load_microcode(sc)) != 0) {
598 device_printf(sc->sc_dev, "could not load 8051 microcode\n");
605 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
607 device_printf(sc->sc_dev, "can not if_alloc()\n");
613 if_initname(ifp, "run", device_get_unit(sc->sc_dev));
614 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
615 ifp->if_init = run_init;
616 ifp->if_ioctl = run_ioctl;
617 ifp->if_start = run_start;
618 IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN);
619 ifp->if_snd.ifq_drv_maxlen = IFQ_MAXLEN;
620 IFQ_SET_READY(&ifp->if_snd);
623 ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
624 ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
626 /* set device capabilities */
628 IEEE80211_C_STA | /* station mode supported */
629 IEEE80211_C_MONITOR | /* monitor mode supported */
632 IEEE80211_C_WDS | /* 4-address traffic works */
634 IEEE80211_C_SHPREAMBLE | /* short preamble supported */
635 IEEE80211_C_SHSLOT | /* short slot time supported */
636 IEEE80211_C_WME | /* WME */
637 IEEE80211_C_WPA; /* WPA1|WPA2(RSN) */
640 IEEE80211_CRYPTO_WEP |
641 IEEE80211_CRYPTO_AES_CCM |
642 IEEE80211_CRYPTO_TKIPMIC |
643 IEEE80211_CRYPTO_TKIP;
645 ic->ic_flags |= IEEE80211_F_DATAPAD;
646 ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
649 setbit(&bands, IEEE80211_MODE_11B);
650 setbit(&bands, IEEE80211_MODE_11G);
651 ieee80211_init_channels(ic, NULL, &bands);
654 * Do this by own because h/w supports
655 * more channels than ieee80211_init_channels()
657 if (sc->rf_rev == RT2860_RF_2750 ||
658 sc->rf_rev == RT2860_RF_2850 ||
659 sc->rf_rev == RT3070_RF_3052) {
660 /* set supported .11a rates */
661 for (i = 14; i < nitems(rt2860_rf2850); i++) {
662 uint8_t chan = rt2860_rf2850[i].chan;
663 ic->ic_channels[ic->ic_nchans].ic_freq =
664 ieee80211_ieee2mhz(chan, IEEE80211_CHAN_A);
665 ic->ic_channels[ic->ic_nchans].ic_ieee = chan;
666 ic->ic_channels[ic->ic_nchans].ic_flags = IEEE80211_CHAN_A;
667 ic->ic_channels[ic->ic_nchans].ic_extieee = 0;
672 ieee80211_ifattach(ic, sc->sc_bssid);
674 ic->ic_scan_start = run_scan_start;
675 ic->ic_scan_end = run_scan_end;
676 ic->ic_set_channel = run_set_channel;
677 ic->ic_node_alloc = run_node_alloc;
678 ic->ic_newassoc = run_newassoc;
679 //ic->ic_updateslot = run_updateslot;
680 ic->ic_update_mcast = run_update_mcast;
681 ic->ic_wme.wme_update = run_wme_update;
682 ic->ic_raw_xmit = run_raw_xmit;
683 ic->ic_update_promisc = run_update_promisc;
685 ic->ic_vap_create = run_vap_create;
686 ic->ic_vap_delete = run_vap_delete;
688 ieee80211_radiotap_attach(ic,
689 &sc->sc_txtap.wt_ihdr, sizeof(sc->sc_txtap),
690 RUN_TX_RADIOTAP_PRESENT,
691 &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
692 RUN_RX_RADIOTAP_PRESENT);
694 TASK_INIT(&sc->cmdq_task, 0, run_cmdq_cb, sc);
695 TASK_INIT(&sc->ratectl_task, 0, run_ratectl_cb, sc);
696 callout_init((struct callout *)&sc->ratectl_ch, 1);
699 ieee80211_announce(ic);
709 run_detach(device_t self)
711 struct run_softc *sc = device_get_softc(self);
712 struct ifnet *ifp = sc->sc_ifp;
713 struct ieee80211com *ic;
716 /* stop all USB transfers */
717 usbd_transfer_unsetup(sc->sc_xfer, RUN_N_XFER);
720 /* free TX list, if any */
721 for (i = 0; i != RUN_EP_QUEUES; i++)
722 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
728 usb_callout_drain(&sc->ratectl_ch);
729 ieee80211_draintask(ic, &sc->cmdq_task);
730 ieee80211_draintask(ic, &sc->ratectl_task);
731 ieee80211_ifdetach(ic);
735 mtx_destroy(&sc->sc_mtx);
740 static struct ieee80211vap *
741 run_vap_create(struct ieee80211com *ic,
742 const char name[IFNAMSIZ], int unit, int opmode, int flags,
743 const uint8_t bssid[IEEE80211_ADDR_LEN],
744 const uint8_t mac[IEEE80211_ADDR_LEN])
746 struct ifnet *ifp = ic->ic_ifp;
747 struct run_softc *sc = ifp->if_softc;
749 struct ieee80211vap *vap;
752 if(sc->rvp_cnt >= RUN_VAP_MAX){
753 if_printf(ifp, "number of VAPs maxed out\n");
758 case IEEE80211_M_STA:
759 /* enable s/w bmiss handling for sta mode */
760 flags |= IEEE80211_CLONE_NOBEACONS;
762 case IEEE80211_M_IBSS:
763 case IEEE80211_M_MONITOR:
764 case IEEE80211_M_HOSTAP:
765 case IEEE80211_M_MBSS:
766 /* other than WDS vaps, only one at a time */
767 if (!TAILQ_EMPTY(&ic->ic_vaps))
770 case IEEE80211_M_WDS:
771 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next){
772 if(vap->iv_opmode != IEEE80211_M_HOSTAP)
774 /* WDS vap's always share the local mac address. */
775 flags &= ~IEEE80211_CLONE_BSSID;
779 if_printf(ifp, "wds only supported in ap mode\n");
784 if_printf(ifp, "unknown opmode %d\n", opmode);
788 rvp = (struct run_vap *) malloc(sizeof(struct run_vap),
789 M_80211_VAP, M_NOWAIT | M_ZERO);
793 ieee80211_vap_setup(ic, vap, name, unit, opmode, flags, bssid, mac);
795 vap->iv_key_update_begin = run_key_update_begin;
796 vap->iv_key_update_end = run_key_update_end;
797 vap->iv_update_beacon = run_update_beacon;
798 vap->iv_max_aid = RT2870_WCID_MAX;
800 * To delete the right key from h/w, we need wcid.
801 * Luckily, there is unused space in ieee80211_key{}, wk_pad,
802 * and matching wcid will be written into there. So, cast
803 * some spells to remove 'const' from ieee80211_key{}
805 vap->iv_key_delete = (void *)run_key_delete;
806 vap->iv_key_set = (void *)run_key_set;
808 /* override state transition machine */
809 rvp->newstate = vap->iv_newstate;
810 vap->iv_newstate = run_newstate;
812 ieee80211_ratectl_init(vap);
813 ieee80211_ratectl_setinterval(vap, 1000 /* 1 sec */);
816 ieee80211_vap_attach(vap, run_media_change, ieee80211_media_status);
818 /* make sure id is always unique */
819 for(i = 0; i < RUN_VAP_MAX; i++){
820 if((sc->rvp_bmap & 1 << i) == 0){
821 sc->rvp_bmap |= 1 << i;
826 if(sc->rvp_cnt++ == 0)
827 ic->ic_opmode = opmode;
829 DPRINTF("rvp_id=%d bmap=%x rvp_cnt=%d\n",
830 rvp->rvp_id, sc->rvp_bmap, sc->rvp_cnt);
836 run_vap_delete(struct ieee80211vap *vap)
838 struct run_vap *rvp = RUN_VAP(vap);
840 struct ieee80211com *ic;
841 struct run_softc *sc;
854 rvp_id = rvp->rvp_id;
855 sc->ratectl_run &= ~(1 << rvp_id);
856 sc->rvp_bmap &= ~(1 << rvp_id);
857 run_set_region_4(sc, RT2860_SKEY(rvp_id, 0), 0, 128);
858 run_set_region_4(sc, RT2860_BCN_BASE(rvp_id), 0, 512);
861 DPRINTF("vap=%p rvp_id=%d bmap=%x rvp_cnt=%d\n",
862 vap, rvp_id, sc->rvp_bmap, sc->rvp_cnt);
866 ieee80211_ratectl_deinit(vap);
867 ieee80211_vap_detach(vap);
868 free(rvp, M_80211_VAP);
872 * There are numbers of functions need to be called in context thread.
873 * Rather than creating taskqueue event for each of those functions,
874 * here is all-for-one taskqueue callback function. This function
875 * gurantees deferred functions are executed in the same order they
877 * '& RUN_CMDQ_MASQ' is to loop cmdq[].
880 run_cmdq_cb(void *arg, int pending)
882 struct run_softc *sc = arg;
885 /* call cmdq[].func locked */
887 for(i = sc->cmdq_exec; sc->cmdq[i].func && pending;
888 i = sc->cmdq_exec, pending--){
889 DPRINTFN(6, "cmdq_exec=%d pending=%d\n", i, pending);
890 if(sc->cmdq_run == RUN_CMDQ_GO){
892 * If arg0 is NULL, callback func needs more
893 * than one arg. So, pass ptr to cmdq struct.
896 sc->cmdq[i].func(sc->cmdq[i].arg0);
898 sc->cmdq[i].func(&sc->cmdq[i]);
900 sc->cmdq[i].arg0 = NULL;
901 sc->cmdq[i].func = NULL;
903 sc->cmdq_exec &= RUN_CMDQ_MASQ;
909 run_setup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
911 struct run_tx_data *data;
913 memset(pq, 0, sizeof(*pq));
915 STAILQ_INIT(&pq->tx_qh);
916 STAILQ_INIT(&pq->tx_fh);
918 for (data = &pq->tx_data[0];
919 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++) {
921 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
923 pq->tx_nfree = RUN_TX_RING_COUNT;
927 run_unsetup_tx_list(struct run_softc *sc, struct run_endpoint_queue *pq)
929 struct run_tx_data *data;
931 /* make sure any subsequent use of the queues will fail */
933 STAILQ_INIT(&pq->tx_fh);
934 STAILQ_INIT(&pq->tx_qh);
936 /* free up all node references and mbufs */
937 for (data = &pq->tx_data[0];
938 data < &pq->tx_data[RUN_TX_RING_COUNT]; data++){
939 if (data->m != NULL) {
943 if (data->ni != NULL) {
944 ieee80211_free_node(data->ni);
951 run_load_microcode(struct run_softc *sc)
953 usb_device_request_t req;
954 const struct firmware *fw;
958 const uint64_t *temp;
962 fw = firmware_get("runfw");
965 device_printf(sc->sc_dev,
966 "failed loadfirmware of file %s\n", "runfw");
970 if (fw->datasize != 8192) {
971 device_printf(sc->sc_dev,
972 "invalid firmware size (should be 8KB)\n");
978 * RT3071/RT3072 use a different firmware
979 * run-rt2870 (8KB) contains both,
980 * first half (4KB) is for rt2870,
981 * last half is for rt3071.
984 if ((sc->mac_ver) != 0x2860 &&
985 (sc->mac_ver) != 0x2872 &&
986 (sc->mac_ver) != 0x3070){
990 /* cheap sanity check */
993 if(bytes != be64toh(0xffffff0210280210)) {
994 device_printf(sc->sc_dev, "firmware checksum failed\n");
999 run_read(sc, RT2860_ASIC_VER_ID, &tmp);
1000 /* write microcode image */
1001 run_write_region_1(sc, RT2870_FW_BASE, base, 4096);
1002 run_write(sc, RT2860_H2M_MAILBOX_CID, 0xffffffff);
1003 run_write(sc, RT2860_H2M_MAILBOX_STATUS, 0xffffffff);
1005 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1006 req.bRequest = RT2870_RESET;
1007 USETW(req.wValue, 8);
1008 USETW(req.wIndex, 0);
1009 USETW(req.wLength, 0);
1010 if ((error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL)) != 0) {
1011 device_printf(sc->sc_dev, "firmware reset failed\n");
1017 run_write(sc, RT2860_H2M_MAILBOX, 0);
1018 if ((error = run_mcu_cmd(sc, RT2860_MCU_CMD_RFRESET, 0)) != 0)
1021 /* wait until microcontroller is ready */
1022 for (ntries = 0; ntries < 1000; ntries++) {
1023 if ((error = run_read(sc, RT2860_SYS_CTRL, &tmp)) != 0) {
1026 if (tmp & RT2860_MCU_READY)
1030 if (ntries == 1000) {
1031 device_printf(sc->sc_dev,
1032 "timeout waiting for MCU to initialize\n");
1036 device_printf(sc->sc_dev, "firmware %s loaded\n",
1037 (base == fw->data) ? "RT2870" : "RT3071");
1040 firmware_put(fw, FIRMWARE_UNLOAD);
1045 run_reset(struct run_softc *sc)
1047 usb_device_request_t req;
1049 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1050 req.bRequest = RT2870_RESET;
1051 USETW(req.wValue, 1);
1052 USETW(req.wIndex, 0);
1053 USETW(req.wLength, 0);
1054 return usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, NULL);
1058 run_do_request(struct run_softc *sc,
1059 struct usb_device_request *req, void *data)
1064 RUN_LOCK_ASSERT(sc, MA_OWNED);
1067 err = usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
1068 req, data, 0, NULL, 250 /* ms */);
1071 DPRINTFN(1, "Control request failed, %s (retrying)\n",
1079 run_read(struct run_softc *sc, uint16_t reg, uint32_t *val)
1084 error = run_read_region_1(sc, reg, (uint8_t *)&tmp, sizeof tmp);
1086 *val = le32toh(tmp);
1093 run_read_region_1(struct run_softc *sc, uint16_t reg, uint8_t *buf, int len)
1095 usb_device_request_t req;
1097 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1098 req.bRequest = RT2870_READ_REGION_1;
1099 USETW(req.wValue, 0);
1100 USETW(req.wIndex, reg);
1101 USETW(req.wLength, len);
1103 return run_do_request(sc, &req, buf);
1107 run_write_2(struct run_softc *sc, uint16_t reg, uint16_t val)
1109 usb_device_request_t req;
1111 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1112 req.bRequest = RT2870_WRITE_2;
1113 USETW(req.wValue, val);
1114 USETW(req.wIndex, reg);
1115 USETW(req.wLength, 0);
1117 return run_do_request(sc, &req, NULL);
1121 run_write(struct run_softc *sc, uint16_t reg, uint32_t val)
1125 if ((error = run_write_2(sc, reg, val & 0xffff)) == 0)
1126 error = run_write_2(sc, reg + 2, val >> 16);
1131 run_write_region_1(struct run_softc *sc, uint16_t reg, const uint8_t *buf,
1137 * NB: the WRITE_REGION_1 command is not stable on RT2860.
1138 * We thus issue multiple WRITE_2 commands instead.
1140 KASSERT((len & 1) == 0, ("run_write_region_1: Data too long.\n"));
1141 for (i = 0; i < len && error == 0; i += 2)
1142 error = run_write_2(sc, reg + i, buf[i] | buf[i + 1] << 8);
1145 usb_device_request_t req;
1147 req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1148 req.bRequest = RT2870_WRITE_REGION_1;
1149 USETW(req.wValue, 0);
1150 USETW(req.wIndex, reg);
1151 USETW(req.wLength, len);
1152 return run_do_request(sc, &req, buf);
1157 run_set_region_4(struct run_softc *sc, uint16_t reg, uint32_t val, int len)
1161 KASSERT((len & 3) == 0, ("run_set_region_4: Invalid data length.\n"));
1162 for (i = 0; i < len && error == 0; i += 4)
1163 error = run_write(sc, reg + i, val);
1167 /* Read 16-bit from eFUSE ROM (RT3070 only.) */
1169 run_efuse_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1175 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1180 * Read one 16-byte block into registers EFUSE_DATA[0-3]:
1186 tmp &= ~(RT3070_EFSROM_MODE_MASK | RT3070_EFSROM_AIN_MASK);
1187 tmp |= (addr & ~0xf) << RT3070_EFSROM_AIN_SHIFT | RT3070_EFSROM_KICK;
1188 run_write(sc, RT3070_EFUSE_CTRL, tmp);
1189 for (ntries = 0; ntries < 100; ntries++) {
1190 if ((error = run_read(sc, RT3070_EFUSE_CTRL, &tmp)) != 0)
1192 if (!(tmp & RT3070_EFSROM_KICK))
1199 if ((tmp & RT3070_EFUSE_AOUT_MASK) == RT3070_EFUSE_AOUT_MASK) {
1200 *val = 0xffff; /* address not found */
1203 /* determine to which 32-bit register our 16-bit word belongs */
1204 reg = RT3070_EFUSE_DATA3 - (addr & 0xc);
1205 if ((error = run_read(sc, reg, &tmp)) != 0)
1208 *val = (addr & 2) ? tmp >> 16 : tmp & 0xffff;
1213 run_eeprom_read_2(struct run_softc *sc, uint16_t addr, uint16_t *val)
1215 usb_device_request_t req;
1220 req.bmRequestType = UT_READ_VENDOR_DEVICE;
1221 req.bRequest = RT2870_EEPROM_READ;
1222 USETW(req.wValue, 0);
1223 USETW(req.wIndex, addr);
1224 USETW(req.wLength, sizeof tmp);
1226 error = usbd_do_request(sc->sc_udev, &sc->sc_mtx, &req, &tmp);
1228 *val = le16toh(tmp);
1235 run_srom_read(struct run_softc *sc, uint16_t addr, uint16_t *val)
1237 /* either eFUSE ROM or EEPROM */
1238 return sc->sc_srom_read(sc, addr, val);
1242 run_rt2870_rf_write(struct run_softc *sc, uint8_t reg, uint32_t val)
1247 for (ntries = 0; ntries < 10; ntries++) {
1248 if ((error = run_read(sc, RT2860_RF_CSR_CFG0, &tmp)) != 0)
1250 if (!(tmp & RT2860_RF_REG_CTRL))
1256 /* RF registers are 24-bit on the RT2860 */
1257 tmp = RT2860_RF_REG_CTRL | 24 << RT2860_RF_REG_WIDTH_SHIFT |
1258 (val & 0x3fffff) << 2 | (reg & 3);
1259 return run_write(sc, RT2860_RF_CSR_CFG0, tmp);
1263 run_rt3070_rf_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1268 for (ntries = 0; ntries < 100; ntries++) {
1269 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1271 if (!(tmp & RT3070_RF_KICK))
1277 tmp = RT3070_RF_KICK | reg << 8;
1278 if ((error = run_write(sc, RT3070_RF_CSR_CFG, tmp)) != 0)
1281 for (ntries = 0; ntries < 100; ntries++) {
1282 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1284 if (!(tmp & RT3070_RF_KICK))
1295 run_rt3070_rf_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1300 for (ntries = 0; ntries < 10; ntries++) {
1301 if ((error = run_read(sc, RT3070_RF_CSR_CFG, &tmp)) != 0)
1303 if (!(tmp & RT3070_RF_KICK))
1309 tmp = RT3070_RF_WRITE | RT3070_RF_KICK | reg << 8 | val;
1310 return run_write(sc, RT3070_RF_CSR_CFG, tmp);
1314 run_bbp_read(struct run_softc *sc, uint8_t reg, uint8_t *val)
1319 for (ntries = 0; ntries < 10; ntries++) {
1320 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1322 if (!(tmp & RT2860_BBP_CSR_KICK))
1328 tmp = RT2860_BBP_CSR_READ | RT2860_BBP_CSR_KICK | reg << 8;
1329 if ((error = run_write(sc, RT2860_BBP_CSR_CFG, tmp)) != 0)
1332 for (ntries = 0; ntries < 10; ntries++) {
1333 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1335 if (!(tmp & RT2860_BBP_CSR_KICK))
1346 run_bbp_write(struct run_softc *sc, uint8_t reg, uint8_t val)
1351 for (ntries = 0; ntries < 10; ntries++) {
1352 if ((error = run_read(sc, RT2860_BBP_CSR_CFG, &tmp)) != 0)
1354 if (!(tmp & RT2860_BBP_CSR_KICK))
1360 tmp = RT2860_BBP_CSR_KICK | reg << 8 | val;
1361 return run_write(sc, RT2860_BBP_CSR_CFG, tmp);
1365 * Send a command to the 8051 microcontroller unit.
1368 run_mcu_cmd(struct run_softc *sc, uint8_t cmd, uint16_t arg)
1373 for (ntries = 0; ntries < 100; ntries++) {
1374 if ((error = run_read(sc, RT2860_H2M_MAILBOX, &tmp)) != 0)
1376 if (!(tmp & RT2860_H2M_BUSY))
1382 tmp = RT2860_H2M_BUSY | RT2860_TOKEN_NO_INTR << 16 | arg;
1383 if ((error = run_write(sc, RT2860_H2M_MAILBOX, tmp)) == 0)
1384 error = run_write(sc, RT2860_HOST_CMD, cmd);
1389 * Add `delta' (signed) to each 4-bit sub-word of a 32-bit word.
1390 * Used to adjust per-rate Tx power registers.
1392 static __inline uint32_t
1393 b4inc(uint32_t b32, int8_t delta)
1397 for (i = 0; i < 8; i++) {
1404 b32 = b32 >> 4 | b4 << 28;
1413 case RT2860_RF_2820: return "RT2820";
1414 case RT2860_RF_2850: return "RT2850";
1415 case RT2860_RF_2720: return "RT2720";
1416 case RT2860_RF_2750: return "RT2750";
1417 case RT3070_RF_3020: return "RT3020";
1418 case RT3070_RF_2020: return "RT2020";
1419 case RT3070_RF_3021: return "RT3021";
1420 case RT3070_RF_3022: return "RT3022";
1421 case RT3070_RF_3052: return "RT3052";
1427 run_read_eeprom(struct run_softc *sc)
1429 int8_t delta_2ghz, delta_5ghz;
1434 /* check whether the ROM is eFUSE ROM or EEPROM */
1435 sc->sc_srom_read = run_eeprom_read_2;
1436 if (sc->mac_ver >= 0x3070) {
1437 run_read(sc, RT3070_EFUSE_CTRL, &tmp);
1438 DPRINTF("EFUSE_CTRL=0x%08x\n", tmp);
1439 if (tmp & RT3070_SEL_EFUSE)
1440 sc->sc_srom_read = run_efuse_read_2;
1443 /* read ROM version */
1444 run_srom_read(sc, RT2860_EEPROM_VERSION, &val);
1445 DPRINTF("EEPROM rev=%d, FAE=%d\n", val & 0xff, val >> 8);
1447 /* read MAC address */
1448 run_srom_read(sc, RT2860_EEPROM_MAC01, &val);
1449 sc->sc_bssid[0] = val & 0xff;
1450 sc->sc_bssid[1] = val >> 8;
1451 run_srom_read(sc, RT2860_EEPROM_MAC23, &val);
1452 sc->sc_bssid[2] = val & 0xff;
1453 sc->sc_bssid[3] = val >> 8;
1454 run_srom_read(sc, RT2860_EEPROM_MAC45, &val);
1455 sc->sc_bssid[4] = val & 0xff;
1456 sc->sc_bssid[5] = val >> 8;
1458 /* read vender BBP settings */
1459 for (i = 0; i < 10; i++) {
1460 run_srom_read(sc, RT2860_EEPROM_BBP_BASE + i, &val);
1461 sc->bbp[i].val = val & 0xff;
1462 sc->bbp[i].reg = val >> 8;
1463 DPRINTF("BBP%d=0x%02x\n", sc->bbp[i].reg, sc->bbp[i].val);
1465 if (sc->mac_ver >= 0x3071) {
1466 /* read vendor RF settings */
1467 for (i = 0; i < 10; i++) {
1468 run_srom_read(sc, RT3071_EEPROM_RF_BASE + i, &val);
1469 sc->rf[i].val = val & 0xff;
1470 sc->rf[i].reg = val >> 8;
1471 DPRINTF("RF%d=0x%02x\n", sc->rf[i].reg,
1476 /* read RF frequency offset from EEPROM */
1477 run_srom_read(sc, RT2860_EEPROM_FREQ_LEDS, &val);
1478 sc->freq = ((val & 0xff) != 0xff) ? val & 0xff : 0;
1479 DPRINTF("EEPROM freq offset %d\n", sc->freq & 0xff);
1481 if (val >> 8 != 0xff) {
1482 /* read LEDs operating mode */
1483 sc->leds = val >> 8;
1484 run_srom_read(sc, RT2860_EEPROM_LED1, &sc->led[0]);
1485 run_srom_read(sc, RT2860_EEPROM_LED2, &sc->led[1]);
1486 run_srom_read(sc, RT2860_EEPROM_LED3, &sc->led[2]);
1488 /* broken EEPROM, use default settings */
1490 sc->led[0] = 0x5555;
1491 sc->led[1] = 0x2221;
1492 sc->led[2] = 0x5627; /* differs from RT2860 */
1494 DPRINTF("EEPROM LED mode=0x%02x, LEDs=0x%04x/0x%04x/0x%04x\n",
1495 sc->leds, sc->led[0], sc->led[1], sc->led[2]);
1497 /* read RF information */
1498 run_srom_read(sc, RT2860_EEPROM_ANTENNA, &val);
1499 if (val == 0xffff) {
1500 DPRINTF("invalid EEPROM antenna info, using default\n");
1501 if (sc->mac_ver == 0x3572) {
1502 /* default to RF3052 2T2R */
1503 sc->rf_rev = RT3070_RF_3052;
1506 } else if (sc->mac_ver >= 0x3070) {
1507 /* default to RF3020 1T1R */
1508 sc->rf_rev = RT3070_RF_3020;
1512 /* default to RF2820 1T2R */
1513 sc->rf_rev = RT2860_RF_2820;
1518 sc->rf_rev = (val >> 8) & 0xf;
1519 sc->ntxchains = (val >> 4) & 0xf;
1520 sc->nrxchains = val & 0xf;
1522 DPRINTF("EEPROM RF rev=0x%02x chains=%dT%dR\n",
1523 sc->rf_rev, sc->ntxchains, sc->nrxchains);
1525 /* check if RF supports automatic Tx access gain control */
1526 run_srom_read(sc, RT2860_EEPROM_CONFIG, &val);
1527 DPRINTF("EEPROM CFG 0x%04x\n", val);
1528 /* check if driver should patch the DAC issue */
1529 if ((val >> 8) != 0xff)
1530 sc->patch_dac = (val >> 15) & 1;
1531 if ((val & 0xff) != 0xff) {
1532 sc->ext_5ghz_lna = (val >> 3) & 1;
1533 sc->ext_2ghz_lna = (val >> 2) & 1;
1534 /* check if RF supports automatic Tx access gain control */
1535 sc->calib_2ghz = sc->calib_5ghz = (val >> 1) & 1;
1536 /* check if we have a hardware radio switch */
1537 sc->rfswitch = val & 1;
1540 /* read power settings for 2GHz channels */
1541 for (i = 0; i < 14; i += 2) {
1542 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE1 + i / 2, &val);
1543 sc->txpow1[i + 0] = (int8_t)(val & 0xff);
1544 sc->txpow1[i + 1] = (int8_t)(val >> 8);
1546 run_srom_read(sc, RT2860_EEPROM_PWR2GHZ_BASE2 + i / 2, &val);
1547 sc->txpow2[i + 0] = (int8_t)(val & 0xff);
1548 sc->txpow2[i + 1] = (int8_t)(val >> 8);
1550 /* fix broken Tx power entries */
1551 for (i = 0; i < 14; i++) {
1552 if (sc->txpow1[i] < 0 || sc->txpow1[i] > 31)
1554 if (sc->txpow2[i] < 0 || sc->txpow2[i] > 31)
1556 DPRINTF("chan %d: power1=%d, power2=%d\n",
1557 rt2860_rf2850[i].chan, sc->txpow1[i], sc->txpow2[i]);
1559 /* read power settings for 5GHz channels */
1560 for (i = 0; i < 40; i += 2) {
1561 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE1 + i / 2, &val);
1562 sc->txpow1[i + 14] = (int8_t)(val & 0xff);
1563 sc->txpow1[i + 15] = (int8_t)(val >> 8);
1565 run_srom_read(sc, RT2860_EEPROM_PWR5GHZ_BASE2 + i / 2, &val);
1566 sc->txpow2[i + 14] = (int8_t)(val & 0xff);
1567 sc->txpow2[i + 15] = (int8_t)(val >> 8);
1569 /* fix broken Tx power entries */
1570 for (i = 0; i < 40; i++) {
1571 if (sc->txpow1[14 + i] < -7 || sc->txpow1[14 + i] > 15)
1572 sc->txpow1[14 + i] = 5;
1573 if (sc->txpow2[14 + i] < -7 || sc->txpow2[14 + i] > 15)
1574 sc->txpow2[14 + i] = 5;
1575 DPRINTF("chan %d: power1=%d, power2=%d\n",
1576 rt2860_rf2850[14 + i].chan, sc->txpow1[14 + i],
1577 sc->txpow2[14 + i]);
1580 /* read Tx power compensation for each Tx rate */
1581 run_srom_read(sc, RT2860_EEPROM_DELTAPWR, &val);
1582 delta_2ghz = delta_5ghz = 0;
1583 if ((val & 0xff) != 0xff && (val & 0x80)) {
1584 delta_2ghz = val & 0xf;
1585 if (!(val & 0x40)) /* negative number */
1586 delta_2ghz = -delta_2ghz;
1589 if ((val & 0xff) != 0xff && (val & 0x80)) {
1590 delta_5ghz = val & 0xf;
1591 if (!(val & 0x40)) /* negative number */
1592 delta_5ghz = -delta_5ghz;
1594 DPRINTF("power compensation=%d (2GHz), %d (5GHz)\n",
1595 delta_2ghz, delta_5ghz);
1597 for (ridx = 0; ridx < 5; ridx++) {
1600 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2, &val);
1602 run_srom_read(sc, RT2860_EEPROM_RPWR + ridx * 2 + 1, &val);
1603 reg |= (uint32_t)val << 16;
1605 sc->txpow20mhz[ridx] = reg;
1606 sc->txpow40mhz_2ghz[ridx] = b4inc(reg, delta_2ghz);
1607 sc->txpow40mhz_5ghz[ridx] = b4inc(reg, delta_5ghz);
1609 DPRINTF("ridx %d: power 20MHz=0x%08x, 40MHz/2GHz=0x%08x, "
1610 "40MHz/5GHz=0x%08x\n", ridx, sc->txpow20mhz[ridx],
1611 sc->txpow40mhz_2ghz[ridx], sc->txpow40mhz_5ghz[ridx]);
1614 /* read RSSI offsets and LNA gains from EEPROM */
1615 run_srom_read(sc, RT2860_EEPROM_RSSI1_2GHZ, &val);
1616 sc->rssi_2ghz[0] = val & 0xff; /* Ant A */
1617 sc->rssi_2ghz[1] = val >> 8; /* Ant B */
1618 run_srom_read(sc, RT2860_EEPROM_RSSI2_2GHZ, &val);
1619 if (sc->mac_ver >= 0x3070) {
1621 * On RT3070 chips (limited to 2 Rx chains), this ROM
1622 * field contains the Tx mixer gain for the 2GHz band.
1624 if ((val & 0xff) != 0xff)
1625 sc->txmixgain_2ghz = val & 0x7;
1626 DPRINTF("tx mixer gain=%u (2GHz)\n", sc->txmixgain_2ghz);
1628 sc->rssi_2ghz[2] = val & 0xff; /* Ant C */
1629 sc->lna[2] = val >> 8; /* channel group 2 */
1631 run_srom_read(sc, RT2860_EEPROM_RSSI1_5GHZ, &val);
1632 sc->rssi_5ghz[0] = val & 0xff; /* Ant A */
1633 sc->rssi_5ghz[1] = val >> 8; /* Ant B */
1634 run_srom_read(sc, RT2860_EEPROM_RSSI2_5GHZ, &val);
1635 if (sc->mac_ver == 0x3572) {
1637 * On RT3572 chips (limited to 2 Rx chains), this ROM
1638 * field contains the Tx mixer gain for the 5GHz band.
1640 if ((val & 0xff) != 0xff)
1641 sc->txmixgain_5ghz = val & 0x7;
1642 DPRINTF("tx mixer gain=%u (5GHz)\n", sc->txmixgain_5ghz);
1644 sc->rssi_5ghz[2] = val & 0xff; /* Ant C */
1645 sc->lna[3] = val >> 8; /* channel group 3 */
1647 run_srom_read(sc, RT2860_EEPROM_LNA, &val);
1648 sc->lna[0] = val & 0xff; /* channel group 0 */
1649 sc->lna[1] = val >> 8; /* channel group 1 */
1651 /* fix broken 5GHz LNA entries */
1652 if (sc->lna[2] == 0 || sc->lna[2] == 0xff) {
1653 DPRINTF("invalid LNA for channel group %d\n", 2);
1654 sc->lna[2] = sc->lna[1];
1656 if (sc->lna[3] == 0 || sc->lna[3] == 0xff) {
1657 DPRINTF("invalid LNA for channel group %d\n", 3);
1658 sc->lna[3] = sc->lna[1];
1661 /* fix broken RSSI offset entries */
1662 for (ant = 0; ant < 3; ant++) {
1663 if (sc->rssi_2ghz[ant] < -10 || sc->rssi_2ghz[ant] > 10) {
1664 DPRINTF("invalid RSSI%d offset: %d (2GHz)\n",
1665 ant + 1, sc->rssi_2ghz[ant]);
1666 sc->rssi_2ghz[ant] = 0;
1668 if (sc->rssi_5ghz[ant] < -10 || sc->rssi_5ghz[ant] > 10) {
1669 DPRINTF("invalid RSSI%d offset: %d (5GHz)\n",
1670 ant + 1, sc->rssi_5ghz[ant]);
1671 sc->rssi_5ghz[ant] = 0;
1677 struct ieee80211_node *
1678 run_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
1680 return malloc(sizeof (struct run_node), M_DEVBUF, M_NOWAIT | M_ZERO);
1684 run_media_change(struct ifnet *ifp)
1686 struct ieee80211vap *vap = ifp->if_softc;
1687 struct ieee80211com *ic = vap->iv_ic;
1688 const struct ieee80211_txparam *tp;
1689 struct run_softc *sc = ic->ic_ifp->if_softc;
1690 struct run_node *rn = (void *)vap->iv_bss;
1696 error = ieee80211_media_change(ifp);
1697 if (error != ENETRESET){
1702 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1703 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE) {
1704 rate = ic->ic_sup_rates[ic->ic_curmode].
1705 rs_rates[tp->ucastrate] & IEEE80211_RATE_VAL;
1706 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
1707 if (rt2860_rates[ridx].rate == rate)
1709 rn->fix_ridx = ridx;
1710 DPRINTF("rate=%d, fix_ridx=%d\n", rate, rn->fix_ridx);
1714 if ((ifp->if_flags & IFF_UP) &&
1715 (ifp->if_drv_flags & IFF_DRV_RUNNING)){
1716 run_init_locked(sc);
1726 run_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
1728 const struct ieee80211_txparam *tp;
1729 struct ieee80211com *ic = vap->iv_ic;
1730 struct run_softc *sc = ic->ic_ifp->if_softc;
1731 struct run_vap *rvp = RUN_VAP(vap);
1732 enum ieee80211_state ostate;
1733 struct ieee80211_node *ni;
1737 uint8_t restart_ratectl = 0;
1738 uint8_t bid = 1 << rvp->rvp_id;
1740 ostate = vap->iv_state;
1741 DPRINTF("%s -> %s\n",
1742 ieee80211_state_name[ostate],
1743 ieee80211_state_name[nstate]);
1745 IEEE80211_UNLOCK(ic);
1748 ratectl = sc->ratectl_run; /* remember current state */
1749 sc->ratectl_run = RUN_RATECTL_OFF;
1750 usb_callout_stop(&sc->ratectl_ch);
1752 if (ostate == IEEE80211_S_RUN) {
1753 /* turn link LED off */
1754 run_set_leds(sc, RT2860_LED_RADIO);
1758 case IEEE80211_S_INIT:
1759 restart_ratectl = 1;
1761 if (ostate != IEEE80211_S_RUN)
1765 sc->runbmap &= ~bid;
1767 /* abort TSF synchronization if there is no vap running */
1768 if(--sc->running == 0){
1769 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
1770 run_write(sc, RT2860_BCN_TIME_CFG,
1771 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
1772 RT2860_TBTT_TIMER_EN));
1777 case IEEE80211_S_RUN:
1779 if(!(sc->runbmap & bid)){
1781 restart_ratectl = 1;
1785 switch(vap->iv_opmode){
1786 case IEEE80211_M_HOSTAP:
1787 case IEEE80211_M_MBSS:
1788 sc->ap_running |= bid;
1789 ic->ic_opmode = vap->iv_opmode;
1790 run_update_beacon_cb(vap);
1792 case IEEE80211_M_IBSS:
1793 sc->adhoc_running |= bid;
1795 ic->ic_opmode = vap->iv_opmode;
1796 run_update_beacon_cb(vap);
1798 case IEEE80211_M_STA:
1799 sc->sta_running |= bid;
1800 if(!sc->ap_running && !sc->adhoc_running)
1801 ic->ic_opmode = vap->iv_opmode;
1803 /* read statistic counters (clear on read) */
1804 run_read_region_1(sc, RT2860_TX_STA_CNT0,
1805 (uint8_t *)sta, sizeof sta);
1809 ic->ic_opmode = vap->iv_opmode;
1813 if (vap->iv_opmode != IEEE80211_M_MONITOR) {
1814 run_updateslot(ic->ic_ifp);
1816 run_set_txpreamble(sc);
1817 run_set_basicrates(sc);
1818 IEEE80211_ADDR_COPY(sc->sc_bssid, ni->ni_bssid);
1819 run_set_bssid(sc, ni->ni_bssid);
1820 run_enable_tsf_sync(sc);
1822 /* enable automatic rate adaptation */
1823 tp = &vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)];
1824 if (tp->ucastrate == IEEE80211_FIXED_RATE_NONE)
1828 /* turn link LED on */
1829 run_set_leds(sc, RT2860_LED_RADIO |
1830 (IEEE80211_IS_CHAN_2GHZ(ic->ic_curchan) ?
1831 RT2860_LED_LINK_2GHZ : RT2860_LED_LINK_5GHZ));
1835 DPRINTFN(6, "undefined case\n");
1839 /* restart amrr for running VAPs */
1840 if((sc->ratectl_run = ratectl) && restart_ratectl)
1841 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
1846 return(rvp->newstate(vap, nstate, arg));
1851 run_wme_update_cb(void *arg)
1853 struct ieee80211com *ic = arg;
1854 struct run_softc *sc = ic->ic_ifp->if_softc;
1855 struct ieee80211_wme_state *wmesp = &ic->ic_wme;
1858 RUN_LOCK_ASSERT(sc, MA_OWNED);
1860 /* update MAC TX configuration registers */
1861 for (aci = 0; aci < WME_NUM_AC; aci++) {
1862 error = run_write(sc, RT2860_EDCA_AC_CFG(aci),
1863 wmesp->wme_params[aci].wmep_logcwmax << 16 |
1864 wmesp->wme_params[aci].wmep_logcwmin << 12 |
1865 wmesp->wme_params[aci].wmep_aifsn << 8 |
1866 wmesp->wme_params[aci].wmep_txopLimit);
1870 /* update SCH/DMA registers too */
1871 error = run_write(sc, RT2860_WMM_AIFSN_CFG,
1872 wmesp->wme_params[WME_AC_VO].wmep_aifsn << 12 |
1873 wmesp->wme_params[WME_AC_VI].wmep_aifsn << 8 |
1874 wmesp->wme_params[WME_AC_BK].wmep_aifsn << 4 |
1875 wmesp->wme_params[WME_AC_BE].wmep_aifsn);
1877 error = run_write(sc, RT2860_WMM_CWMIN_CFG,
1878 wmesp->wme_params[WME_AC_VO].wmep_logcwmin << 12 |
1879 wmesp->wme_params[WME_AC_VI].wmep_logcwmin << 8 |
1880 wmesp->wme_params[WME_AC_BK].wmep_logcwmin << 4 |
1881 wmesp->wme_params[WME_AC_BE].wmep_logcwmin);
1883 error = run_write(sc, RT2860_WMM_CWMAX_CFG,
1884 wmesp->wme_params[WME_AC_VO].wmep_logcwmax << 12 |
1885 wmesp->wme_params[WME_AC_VI].wmep_logcwmax << 8 |
1886 wmesp->wme_params[WME_AC_BK].wmep_logcwmax << 4 |
1887 wmesp->wme_params[WME_AC_BE].wmep_logcwmax);
1889 error = run_write(sc, RT2860_WMM_TXOP0_CFG,
1890 wmesp->wme_params[WME_AC_BK].wmep_txopLimit << 16 |
1891 wmesp->wme_params[WME_AC_BE].wmep_txopLimit);
1893 error = run_write(sc, RT2860_WMM_TXOP1_CFG,
1894 wmesp->wme_params[WME_AC_VO].wmep_txopLimit << 16 |
1895 wmesp->wme_params[WME_AC_VI].wmep_txopLimit);
1899 DPRINTF("WME update failed\n");
1905 run_wme_update(struct ieee80211com *ic)
1907 struct run_softc *sc = ic->ic_ifp->if_softc;
1909 /* sometime called wothout lock */
1910 if(mtx_owned(&ic->ic_comlock.mtx)){
1911 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
1912 DPRINTF("cmdq_store=%d\n", i);
1913 sc->cmdq[i].func = run_wme_update_cb;
1914 sc->cmdq[i].arg0 = ic;
1915 ieee80211_runtask(ic, &sc->cmdq_task);
1920 run_wme_update_cb(ic);
1923 /* return whatever, upper layer desn't care anyway */
1928 run_key_update_begin(struct ieee80211vap *vap)
1931 * To avoid out-of-order events, both run_key_set() and
1932 * _delete() are deferred and handled by run_cmdq_cb().
1933 * So, there is nothing we need to do here.
1938 run_key_update_end(struct ieee80211vap *vap)
1944 run_key_set_cb(void *arg)
1946 struct run_cmdq *cmdq = arg;
1947 struct ieee80211vap *vap = cmdq->arg1;
1948 struct ieee80211_key *k = cmdq->k;
1949 struct ieee80211com *ic = vap->iv_ic;
1950 struct run_softc *sc = ic->ic_ifp->if_softc;
1951 struct ieee80211_node *ni;
1953 uint16_t base, associd;
1954 uint8_t mode, wcid, txmic, rxmic, iv[8];
1956 RUN_LOCK_ASSERT(sc, MA_OWNED);
1958 if(vap->iv_opmode == IEEE80211_M_HOSTAP){
1959 ni = ieee80211_find_vap_node(&ic->ic_sta, vap, cmdq->mac);
1967 associd = (ni != NULL) ? ni->ni_associd : 0;
1969 /* map net80211 cipher to RT2860 security mode */
1970 switch (k->wk_cipher->ic_cipher) {
1971 case IEEE80211_CIPHER_WEP:
1972 if(k->wk_keylen < 8)
1973 mode = RT2860_MODE_WEP40;
1975 mode = RT2860_MODE_WEP104;
1977 case IEEE80211_CIPHER_TKIP:
1978 mode = RT2860_MODE_TKIP;
1980 case IEEE80211_CIPHER_AES_CCM:
1981 mode = RT2860_MODE_AES_CCMP;
1984 DPRINTF("undefined case\n");
1988 DPRINTFN(1, "associd=%x, keyix=%d, mode=%x, type=%s, tx=%s, rx=%s\n",
1989 associd, k->wk_keyix, mode,
1990 (k->wk_flags & IEEE80211_KEY_GROUP) ? "group" : "pairwise",
1991 (k->wk_flags & IEEE80211_KEY_XMIT) ? "on" : "off",
1992 (k->wk_flags & IEEE80211_KEY_RECV) ? "on" : "off");
1994 if (k->wk_flags & IEEE80211_KEY_GROUP) {
1995 wcid = 0; /* NB: update WCID0 for group keys */
1996 base = RT2860_SKEY(RUN_VAP(vap)->rvp_id, k->wk_keyix);
1998 wcid = RUN_AID2WCID(associd);
1999 base = RT2860_PKEY(wcid);
2002 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2003 if(run_write_region_1(sc, base, k->wk_key, 16))
2005 if(run_write_region_1(sc, base + 16, &k->wk_key[txmic], 8)) /* wk_txmic */
2007 if(run_write_region_1(sc, base + 24, &k->wk_key[rxmic], 8)) /* wk_rxmic */
2010 /* roundup len to 16-bit: XXX fix write_region_1() instead */
2011 if(run_write_region_1(sc, base, k->wk_key, (k->wk_keylen + 1) & ~1))
2015 if (!(k->wk_flags & IEEE80211_KEY_GROUP) ||
2016 (k->wk_flags & (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV))) {
2017 /* set initial packet number in IV+EIV */
2018 if (k->wk_cipher == IEEE80211_CIPHER_WEP){
2019 memset(iv, 0, sizeof iv);
2020 iv[3] = vap->iv_def_txkey << 6;
2022 if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP) {
2023 iv[0] = k->wk_keytsc >> 8;
2024 iv[1] = (iv[0] | 0x20) & 0x7f;
2025 iv[2] = k->wk_keytsc;
2027 iv[0] = k->wk_keytsc;
2028 iv[1] = k->wk_keytsc >> 8;
2031 iv[3] = k->wk_keyix << 6 | IEEE80211_WEP_EXTIV;
2032 iv[4] = k->wk_keytsc >> 16;
2033 iv[5] = k->wk_keytsc >> 24;
2034 iv[6] = k->wk_keytsc >> 32;
2035 iv[7] = k->wk_keytsc >> 40;
2037 if(run_write_region_1(sc, RT2860_IVEIV(wcid), iv, 8))
2041 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2042 /* install group key */
2043 if(run_read(sc, RT2860_SKEY_MODE_0_7, &attr))
2045 attr &= ~(0xf << (k->wk_keyix * 4));
2046 attr |= mode << (k->wk_keyix * 4);
2047 if(run_write(sc, RT2860_SKEY_MODE_0_7, attr))
2050 /* install pairwise key */
2051 if(run_read(sc, RT2860_WCID_ATTR(wcid), &attr))
2053 attr = (attr & ~0xf) | (mode << 1) | RT2860_RX_PKEY_EN;
2054 if(run_write(sc, RT2860_WCID_ATTR(wcid), attr))
2058 /* TODO create a pass-thru key entry? */
2060 /* need wcid to delete the right key later */
2065 * Don't have to be deferred, but in order to keep order of
2066 * execution, i.e. with run_key_delete(), defer this and let
2067 * run_cmdq_cb() maintain the order.
2072 run_key_set(struct ieee80211vap *vap, struct ieee80211_key *k,
2073 const uint8_t mac[IEEE80211_ADDR_LEN])
2075 struct ieee80211com *ic = vap->iv_ic;
2076 struct run_softc *sc = ic->ic_ifp->if_softc;
2079 i = RUN_CMDQ_GET(&sc->cmdq_store);
2080 DPRINTF("cmdq_store=%d\n", i);
2081 sc->cmdq[i].func = run_key_set_cb;
2082 sc->cmdq[i].arg0 = NULL;
2083 sc->cmdq[i].arg1 = vap;
2085 IEEE80211_ADDR_COPY(sc->cmdq[i].mac, mac);
2086 ieee80211_runtask(ic, &sc->cmdq_task);
2092 * If wlan is destroyed without being brought down i.e. without
2093 * wlan down or wpa_cli terminate, this function is called after
2094 * vap is gone. Don't refer it.
2097 run_key_delete_cb(void *arg)
2099 struct run_cmdq *cmdq = arg;
2100 struct run_softc *sc = cmdq->arg1;
2101 struct ieee80211_key *k = &cmdq->key;
2105 RUN_LOCK_ASSERT(sc, MA_OWNED);
2107 if (k->wk_flags & IEEE80211_KEY_GROUP) {
2108 /* remove group key */
2109 DPRINTF("removing group key\n");
2110 run_read(sc, RT2860_SKEY_MODE_0_7, &attr);
2111 attr &= ~(0xf << (k->wk_keyix * 4));
2112 run_write(sc, RT2860_SKEY_MODE_0_7, attr);
2114 /* remove pairwise key */
2115 DPRINTF("removing key for wcid %x\n", k->wk_pad);
2116 /* matching wcid was written to wk_pad in run_key_set() */
2118 run_read(sc, RT2860_WCID_ATTR(wcid), &attr);
2120 run_write(sc, RT2860_WCID_ATTR(wcid), attr);
2121 run_set_region_4(sc, RT2860_WCID_ENTRY(wcid), 0, 8);
2131 run_key_delete(struct ieee80211vap *vap, struct ieee80211_key *k)
2133 struct ieee80211com *ic = vap->iv_ic;
2134 struct run_softc *sc = ic->ic_ifp->if_softc;
2135 struct ieee80211_key *k0;
2139 * When called back, key might be gone. So, make a copy
2140 * of some values need to delete keys before deferring.
2141 * But, because of LOR with node lock, cannot use lock here.
2142 * So, use atomic instead.
2144 i = RUN_CMDQ_GET(&sc->cmdq_store);
2145 DPRINTF("cmdq_store=%d\n", i);
2146 sc->cmdq[i].func = run_key_delete_cb;
2147 sc->cmdq[i].arg0 = NULL;
2148 sc->cmdq[i].arg1 = sc;
2149 k0 = &sc->cmdq[i].key;
2150 k0->wk_flags = k->wk_flags;
2151 k0->wk_keyix = k->wk_keyix;
2152 /* matching wcid was written to wk_pad in run_key_set() */
2153 k0->wk_pad = k->wk_pad;
2154 ieee80211_runtask(ic, &sc->cmdq_task);
2155 return (1); /* return fake success */
2160 run_ratectl_to(void *arg)
2162 struct run_softc *sc = arg;
2164 /* do it in a process context, so it can go sleep */
2165 ieee80211_runtask(sc->sc_ifp->if_l2com, &sc->ratectl_task);
2166 /* next timeout will be rescheduled in the callback task */
2171 run_ratectl_cb(void *arg, int pending)
2173 struct run_softc *sc = arg;
2174 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2175 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
2180 if(sc->rvp_cnt <= 1 && vap->iv_opmode == IEEE80211_M_STA)
2181 run_iter_func(sc, vap->iv_bss);
2184 * run_reset_livelock() doesn't do anything with AMRR,
2185 * but Ralink wants us to call it every 1 sec. So, we
2186 * piggyback here rather than creating another callout.
2187 * Livelock may occur only in HOSTAP or IBSS mode
2188 * (when h/w is sending beacons).
2191 run_reset_livelock(sc);
2192 /* just in case, there are some stats to drain */
2195 ieee80211_iterate_nodes(&ic->ic_sta, run_iter_func, sc);
2198 if(sc->ratectl_run != RUN_RATECTL_OFF)
2199 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2203 run_drain_fifo(void *arg)
2205 struct run_softc *sc = arg;
2206 struct ifnet *ifp = sc->sc_ifp;
2207 struct ieee80211_node *ni = sc->sc_ni[0]; /* make compiler happy */
2210 uint8_t wcid, mcs, pid;
2212 RUN_LOCK_ASSERT(sc, MA_OWNED);
2215 /* drain Tx status FIFO (maxsize = 16) */
2216 run_read(sc, RT2860_TX_STAT_FIFO, &stat);
2217 DPRINTFN(4, "tx stat 0x%08x\n", stat);
2218 if(!(stat & RT2860_TXQ_VLD))
2221 wcid = (stat >> RT2860_TXQ_WCID_SHIFT) & 0xff;
2223 /* if no ACK was requested, no feedback is available */
2224 if (!(stat & RT2860_TXQ_ACKREQ) || wcid > RT2870_WCID_MAX ||
2228 ni = sc->sc_ni[wcid];
2229 if(ni->ni_rctls == NULL)
2232 /* update per-STA AMRR stats */
2233 if (stat & RT2860_TXQ_OK) {
2235 * Check if there were retries, ie if the Tx
2236 * success rate is different from the requested
2237 * rate. Note that it works only because we do
2238 * not allow rate fallback from OFDM to CCK.
2240 mcs = (stat >> RT2860_TXQ_MCS_SHIFT) & 0x7f;
2241 pid = (stat >> RT2860_TXQ_PID_SHIFT) & 0xf;
2244 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
2245 IEEE80211_RATECTL_TX_SUCCESS,
2249 ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
2250 IEEE80211_RATECTL_TX_FAILURE,
2255 DPRINTFN(3, "count=%d\n", sc->fifo_cnt);
2261 run_iter_func(void *arg, struct ieee80211_node *ni)
2263 struct run_softc *sc = arg;
2264 struct ieee80211vap *vap = ni->ni_vap;
2265 struct ieee80211com *ic = ni->ni_ic;
2266 struct ifnet *ifp = ic->ic_ifp;
2267 struct run_node *rn = (void *)ni;
2269 int txcnt = 0, success = 0, retrycnt = 0;
2272 if(sc->rvp_cnt <= 1 && (vap->iv_opmode == IEEE80211_M_IBSS ||
2273 vap->iv_opmode == IEEE80211_M_STA)){
2276 /* read statistic counters (clear on read) and update AMRR state */
2277 error = run_read_region_1(sc, RT2860_TX_STA_CNT0, (uint8_t *)sta,
2282 DPRINTFN(3, "retrycnt=%d txcnt=%d failcnt=%d\n",
2283 le32toh(sta[1]) >> 16, le32toh(sta[1]) & 0xffff,
2284 le32toh(sta[0]) & 0xffff);
2286 /* count failed TX as errors */
2287 ifp->if_oerrors += le32toh(sta[0]) & 0xffff;
2290 (le32toh(sta[0]) & 0xffff) + /* failed TX count */
2291 (le32toh(sta[1]) >> 16); /* TX retransmission count */
2295 (le32toh(sta[1]) & 0xffff); /* successful TX count */
2298 (le32toh(sta[1]) >> 16) +
2299 (le32toh(sta[1]) & 0xffff);
2301 ieee80211_ratectl_tx_update(vap, ni, &txcnt, &success,
2307 rn->amrr_ridx = ieee80211_ratectl_rate(ni, NULL, 0);
2308 DPRINTFN(3, "ridx=%d\n", rn->amrr_ridx);
2312 run_newassoc_cb(void *arg)
2314 struct run_cmdq *cmdq = arg;
2315 struct ieee80211_node *ni = cmdq->arg1;
2316 struct run_softc *sc = ni->ni_vap->iv_ic->ic_ifp->if_softc;
2317 uint8_t wcid = cmdq->wcid;
2319 RUN_LOCK_ASSERT(sc, MA_OWNED);
2321 run_write_region_1(sc, RT2860_WCID_ENTRY(wcid),
2322 ni->ni_macaddr, IEEE80211_ADDR_LEN);
2326 run_newassoc(struct ieee80211_node *ni, int isnew)
2328 struct run_node *rn = (void *)ni;
2329 struct ieee80211_rateset *rs = &ni->ni_rates;
2330 struct ieee80211vap *vap = ni->ni_vap;
2331 struct ieee80211com *ic = vap->iv_ic;
2332 struct run_softc *sc = ic->ic_ifp->if_softc;
2335 uint8_t wcid = RUN_AID2WCID(ni->ni_associd);
2338 if(wcid > RT2870_WCID_MAX){
2339 device_printf(sc->sc_dev, "wcid=%d out of range\n", wcid);
2343 /* only interested in true associations */
2344 if (isnew && ni->ni_associd != 0){
2347 * This function could is called though timeout function.
2350 uint32_t cnt = RUN_CMDQ_GET(&sc->cmdq_store);
2351 DPRINTF("cmdq_store=%d\n", cnt);
2352 sc->cmdq[cnt].func = run_newassoc_cb;
2353 sc->cmdq[cnt].arg0 = NULL;
2354 sc->cmdq[cnt].arg1 = ni;
2355 sc->cmdq[cnt].wcid = wcid;
2356 ieee80211_runtask(ic, &sc->cmdq_task);
2359 DPRINTF("new assoc isnew=%d associd=%x addr=%s\n",
2360 isnew, ni->ni_associd, ether_sprintf(ni->ni_macaddr));
2362 ieee80211_ratectl_node_init(ni);
2363 sc->sc_ni[wcid] = ni;
2365 for (i = 0; i < rs->rs_nrates; i++) {
2366 rate = rs->rs_rates[i] & IEEE80211_RATE_VAL;
2367 /* convert 802.11 rate to hardware rate index */
2368 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2369 if (rt2860_rates[ridx].rate == rate)
2372 /* determine rate of control response frames */
2373 for (j = i; j >= 0; j--) {
2374 if ((rs->rs_rates[j] & IEEE80211_RATE_BASIC) &&
2375 rt2860_rates[rn->ridx[i]].phy ==
2376 rt2860_rates[rn->ridx[j]].phy)
2380 rn->ctl_ridx[i] = rn->ridx[j];
2382 /* no basic rate found, use mandatory one */
2383 rn->ctl_ridx[i] = rt2860_rates[ridx].ctl_ridx;
2385 DPRINTF("rate=0x%02x ridx=%d ctl_ridx=%d\n",
2386 rs->rs_rates[i], rn->ridx[i], rn->ctl_ridx[i]);
2388 rate = vap->iv_txparms[ieee80211_chan2mode(ic->ic_curchan)].mgmtrate;
2389 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
2390 if (rt2860_rates[ridx].rate == rate)
2392 rn->mgt_ridx = ridx;
2393 DPRINTF("rate=%d, mgmt_ridx=%d\n", rate, rn->mgt_ridx);
2395 usb_callout_reset(&sc->ratectl_ch, hz, run_ratectl_to, sc);
2399 * Return the Rx chain with the highest RSSI for a given frame.
2401 static __inline uint8_t
2402 run_maxrssi_chain(struct run_softc *sc, const struct rt2860_rxwi *rxwi)
2404 uint8_t rxchain = 0;
2406 if (sc->nrxchains > 1) {
2407 if (rxwi->rssi[1] > rxwi->rssi[rxchain])
2409 if (sc->nrxchains > 2)
2410 if (rxwi->rssi[2] > rxwi->rssi[rxchain])
2417 run_rx_frame(struct run_softc *sc, struct mbuf *m, uint32_t dmalen)
2419 struct ifnet *ifp = sc->sc_ifp;
2420 struct ieee80211com *ic = ifp->if_l2com;
2421 struct ieee80211_frame *wh;
2422 struct ieee80211_node *ni;
2423 struct rt2870_rxd *rxd;
2424 struct rt2860_rxwi *rxwi;
2430 rxwi = mtod(m, struct rt2860_rxwi *);
2431 len = le16toh(rxwi->len) & 0xfff;
2432 if (__predict_false(len > dmalen)) {
2435 DPRINTF("bad RXWI length %u > %u\n", len, dmalen);
2438 /* Rx descriptor is located at the end */
2439 rxd = (struct rt2870_rxd *)(mtod(m, caddr_t) + dmalen);
2440 flags = le32toh(rxd->flags);
2442 if (__predict_false(flags & (RT2860_RX_CRCERR | RT2860_RX_ICVERR))) {
2445 DPRINTF("%s error.\n", (flags & RT2860_RX_CRCERR)?"CRC":"ICV");
2449 m->m_data += sizeof(struct rt2860_rxwi);
2450 m->m_pkthdr.len = m->m_len -= sizeof(struct rt2860_rxwi);
2452 wh = mtod(m, struct ieee80211_frame *);
2454 if (wh->i_fc[1] & IEEE80211_FC1_WEP){
2455 wh->i_fc[1] &= ~IEEE80211_FC1_WEP;
2456 m->m_flags |= M_WEP;
2459 if (flags & RT2860_RX_L2PAD){
2460 DPRINTFN(8, "received RT2860_RX_L2PAD frame\n");
2464 ni = ieee80211_find_rxnode(ic,
2465 mtod(m, struct ieee80211_frame_min *));
2467 if (__predict_false(flags & RT2860_RX_MICERR)) {
2468 /* report MIC failures to net80211 for TKIP */
2470 ieee80211_notify_michael_failure(ni->ni_vap, wh, rxwi->keyidx);
2473 DPRINTF("MIC error. Someone is lying.\n");
2477 ant = run_maxrssi_chain(sc, rxwi);
2478 rssi = rxwi->rssi[ant];
2479 nf = run_rssi2dbm(sc, rssi, ant);
2481 m->m_pkthdr.rcvif = ifp;
2482 m->m_pkthdr.len = m->m_len = len;
2485 (void)ieee80211_input(ni, m, rssi, nf);
2486 ieee80211_free_node(ni);
2488 (void)ieee80211_input_all(ic, m, rssi, nf);
2491 if(__predict_false(ieee80211_radiotap_active(ic))){
2492 struct run_rx_radiotap_header *tap = &sc->sc_rxtap;
2495 tap->wr_chan_freq = htole16(ic->ic_bsschan->ic_freq);
2496 tap->wr_chan_flags = htole16(ic->ic_bsschan->ic_flags);
2497 tap->wr_antsignal = rssi;
2498 tap->wr_antenna = ant;
2499 tap->wr_dbm_antsignal = run_rssi2dbm(sc, rssi, ant);
2500 tap->wr_rate = 2; /* in case it can't be found below */
2501 phy = le16toh(rxwi->phy);
2502 switch (phy & RT2860_PHY_MODE) {
2503 case RT2860_PHY_CCK:
2504 switch ((phy & RT2860_PHY_MCS) & ~RT2860_PHY_SHPRE) {
2505 case 0: tap->wr_rate = 2; break;
2506 case 1: tap->wr_rate = 4; break;
2507 case 2: tap->wr_rate = 11; break;
2508 case 3: tap->wr_rate = 22; break;
2510 if (phy & RT2860_PHY_SHPRE)
2511 tap->wr_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2513 case RT2860_PHY_OFDM:
2514 switch (phy & RT2860_PHY_MCS) {
2515 case 0: tap->wr_rate = 12; break;
2516 case 1: tap->wr_rate = 18; break;
2517 case 2: tap->wr_rate = 24; break;
2518 case 3: tap->wr_rate = 36; break;
2519 case 4: tap->wr_rate = 48; break;
2520 case 5: tap->wr_rate = 72; break;
2521 case 6: tap->wr_rate = 96; break;
2522 case 7: tap->wr_rate = 108; break;
2530 run_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
2532 struct run_softc *sc = usbd_xfer_softc(xfer);
2533 struct ifnet *ifp = sc->sc_ifp;
2534 struct mbuf *m = NULL;
2539 usbd_xfer_status(xfer, &xferlen, NULL, NULL, NULL);
2541 switch (USB_GET_STATE(xfer)) {
2542 case USB_ST_TRANSFERRED:
2544 DPRINTFN(15, "rx done, actlen=%d\n", xferlen);
2546 if (xferlen < sizeof (uint32_t) +
2547 sizeof (struct rt2860_rxwi) + sizeof (struct rt2870_rxd)) {
2548 DPRINTF("xfer too short %d\n", xferlen);
2558 if (sc->rx_m == NULL) {
2559 sc->rx_m = m_getjcl(M_DONTWAIT, MT_DATA, M_PKTHDR,
2560 MJUMPAGESIZE /* xfer can be bigger than MCLBYTES */);
2562 if (sc->rx_m == NULL) {
2563 DPRINTF("could not allocate mbuf - idle with stall\n");
2565 usbd_xfer_set_stall(xfer);
2566 usbd_xfer_set_frames(xfer, 0);
2569 * Directly loading a mbuf cluster into DMA to
2570 * save some data copying. This works because
2571 * there is only one cluster.
2573 usbd_xfer_set_frame_data(xfer, 0,
2574 mtod(sc->rx_m, caddr_t), RUN_MAX_RXSZ);
2575 usbd_xfer_set_frames(xfer, 1);
2577 usbd_transfer_submit(xfer);
2580 default: /* Error */
2581 if (error != USB_ERR_CANCELLED) {
2582 /* try to clear stall first */
2583 usbd_xfer_set_stall(xfer);
2585 if (error == USB_ERR_TIMEOUT)
2586 device_printf(sc->sc_dev, "device timeout\n");
2592 if(sc->rx_m != NULL){
2602 /* inputting all the frames must be last */
2606 m->m_pkthdr.len = m->m_len = xferlen;
2608 /* HW can aggregate multiple 802.11 frames in a single USB xfer */
2610 dmalen = le32toh(*mtod(m, uint32_t *)) & 0xffff;
2612 if ((dmalen == 0) || ((dmalen & 3) != 0)) {
2613 DPRINTF("bad DMA length %u\n", dmalen);
2616 if ((dmalen + 8) > xferlen) {
2617 DPRINTF("bad DMA length %u > %d\n",
2618 dmalen + 8, xferlen);
2622 /* If it is the last one or a single frame, we won't copy. */
2623 if((xferlen -= dmalen + 8) <= 8){
2624 /* trim 32-bit DMA-len header */
2626 m->m_pkthdr.len = m->m_len -= 4;
2627 run_rx_frame(sc, m, dmalen);
2631 /* copy aggregated frames to another mbuf */
2632 m0 = m_getcl(M_DONTWAIT, MT_DATA, M_PKTHDR);
2633 if (__predict_false(m0 == NULL)) {
2634 DPRINTF("could not allocate mbuf\n");
2638 m_copydata(m, 4 /* skip 32-bit DMA-len header */,
2639 dmalen + sizeof(struct rt2870_rxd), mtod(m0, caddr_t));
2640 m0->m_pkthdr.len = m0->m_len =
2641 dmalen + sizeof(struct rt2870_rxd);
2642 run_rx_frame(sc, m0, dmalen);
2644 /* update data ptr */
2645 m->m_data += dmalen + 8;
2646 m->m_pkthdr.len = m->m_len -= dmalen + 8;
2653 run_tx_free(struct run_endpoint_queue *pq,
2654 struct run_tx_data *data, int txerr)
2656 if (data->m != NULL) {
2657 if (data->m->m_flags & M_TXCB)
2658 ieee80211_process_callback(data->ni, data->m,
2659 txerr ? ETIMEDOUT : 0);
2663 if(data->ni == NULL) {
2664 DPRINTF("no node\n");
2666 ieee80211_free_node(data->ni);
2671 STAILQ_INSERT_TAIL(&pq->tx_fh, data, next);
2676 run_bulk_tx_callbackN(struct usb_xfer *xfer, usb_error_t error, unsigned int index)
2678 struct run_softc *sc = usbd_xfer_softc(xfer);
2679 struct ifnet *ifp = sc->sc_ifp;
2680 struct ieee80211com *ic = ifp->if_l2com;
2681 struct run_tx_data *data;
2682 struct ieee80211vap *vap = NULL;
2683 struct usb_page_cache *pc;
2684 struct run_endpoint_queue *pq = &sc->sc_epq[index];
2686 usb_frlength_t size;
2691 usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
2693 switch (USB_GET_STATE(xfer)){
2694 case USB_ST_TRANSFERRED:
2695 DPRINTFN(11, "transfer complete: %d "
2696 "bytes @ index %d\n", actlen, index);
2698 data = usbd_xfer_get_priv(xfer);
2700 run_tx_free(pq, data, 0);
2701 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
2703 usbd_xfer_set_priv(xfer, NULL);
2710 data = STAILQ_FIRST(&pq->tx_qh);
2714 STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
2717 if (m->m_pkthdr.len > RUN_MAX_TXSZ) {
2718 DPRINTF("data overflow, %u bytes\n",
2723 run_tx_free(pq, data, 1);
2728 pc = usbd_xfer_get_frame(xfer, 0);
2729 size = sizeof(data->desc);
2730 usbd_copy_in(pc, 0, &data->desc, size);
2731 usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
2733 vap = data->ni->ni_vap;
2734 if (ieee80211_radiotap_active_vap(vap)) {
2735 struct run_tx_radiotap_header *tap = &sc->sc_txtap;
2736 struct rt2860_txwi *txwi =
2737 (struct rt2860_txwi *)(&data->desc + sizeof(struct rt2870_txd));
2740 tap->wt_rate = rt2860_rates[data->ridx].rate;
2741 tap->wt_chan_freq = htole16(vap->iv_bss->ni_chan->ic_freq);
2742 tap->wt_chan_flags = htole16(vap->iv_bss->ni_chan->ic_flags);
2743 tap->wt_hwqueue = index;
2744 if (le16toh(txwi->phy) & RT2860_PHY_SHPRE)
2745 tap->wt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
2747 ieee80211_radiotap_tx(vap, m);
2750 /* align end on a 4-bytes boundary */
2751 len = (size + IEEE80211_CRC_LEN + m->m_pkthdr.len + 3) & ~3;
2753 DPRINTFN(11, "sending frame len=%u xferlen=%u @ index %d\n",
2754 m->m_pkthdr.len, len, index);
2756 usbd_xfer_set_frame_len(xfer, 0, len);
2757 usbd_xfer_set_priv(xfer, data);
2759 usbd_transfer_submit(xfer);
2768 DPRINTF("USB transfer error, %s\n",
2769 usbd_errstr(error));
2771 data = usbd_xfer_get_priv(xfer);
2776 if(data->ni != NULL)
2777 vap = data->ni->ni_vap;
2778 run_tx_free(pq, data, error);
2779 usbd_xfer_set_priv(xfer, NULL);
2782 vap = TAILQ_FIRST(&ic->ic_vaps);
2784 if (error != USB_ERR_CANCELLED) {
2785 if (error == USB_ERR_TIMEOUT) {
2786 device_printf(sc->sc_dev, "device timeout\n");
2787 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
2788 DPRINTF("cmdq_store=%d\n", i);
2789 sc->cmdq[i].func = run_usb_timeout_cb;
2790 sc->cmdq[i].arg0 = vap;
2791 ieee80211_runtask(ic, &sc->cmdq_task);
2795 * Try to clear stall first, also if other
2796 * errors occur, hence clearing stall
2797 * introduces a 50 ms delay:
2799 usbd_xfer_set_stall(xfer);
2807 run_bulk_tx_callback0(struct usb_xfer *xfer, usb_error_t error)
2809 run_bulk_tx_callbackN(xfer, error, 0);
2813 run_bulk_tx_callback1(struct usb_xfer *xfer, usb_error_t error)
2815 run_bulk_tx_callbackN(xfer, error, 1);
2819 run_bulk_tx_callback2(struct usb_xfer *xfer, usb_error_t error)
2821 run_bulk_tx_callbackN(xfer, error, 2);
2825 run_bulk_tx_callback3(struct usb_xfer *xfer, usb_error_t error)
2827 run_bulk_tx_callbackN(xfer, error, 3);
2831 run_bulk_tx_callback4(struct usb_xfer *xfer, usb_error_t error)
2833 run_bulk_tx_callbackN(xfer, error, 4);
2837 run_bulk_tx_callback5(struct usb_xfer *xfer, usb_error_t error)
2839 run_bulk_tx_callbackN(xfer, error, 5);
2843 run_set_tx_desc(struct run_softc *sc, struct run_tx_data *data)
2845 struct mbuf *m = data->m;
2846 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2847 struct ieee80211vap *vap = data->ni->ni_vap;
2848 struct ieee80211_frame *wh;
2849 struct rt2870_txd *txd;
2850 struct rt2860_txwi *txwi;
2853 uint8_t ridx = data->ridx;
2856 /* get MCS code from rate index */
2857 mcs = rt2860_rates[ridx].mcs;
2859 xferlen = sizeof(*txwi) + m->m_pkthdr.len;
2861 /* roundup to 32-bit alignment */
2862 xferlen = (xferlen + 3) & ~3;
2864 txd = (struct rt2870_txd *)&data->desc;
2865 txd->len = htole16(xferlen);
2867 wh = mtod(m, struct ieee80211_frame *);
2870 * Ether both are true or both are false, the header
2871 * are nicely aligned to 32-bit. So, no L2 padding.
2873 if(IEEE80211_HAS_ADDR4(wh) == IEEE80211_QOS_HAS_SEQ(wh))
2878 /* setup TX Wireless Information */
2879 txwi = (struct rt2860_txwi *)(txd + 1);
2880 txwi->len = htole16(m->m_pkthdr.len - pad);
2881 if (rt2860_rates[ridx].phy == IEEE80211_T_DS) {
2882 txwi->phy = htole16(RT2860_PHY_CCK);
2883 if (ridx != RT2860_RIDX_CCK1 &&
2884 (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
2885 mcs |= RT2860_PHY_SHPRE;
2887 txwi->phy = htole16(RT2860_PHY_OFDM);
2888 txwi->phy |= htole16(mcs);
2890 /* check if RTS/CTS or CTS-to-self protection is required */
2891 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
2892 (m->m_pkthdr.len + IEEE80211_CRC_LEN > vap->iv_rtsthreshold ||
2893 ((ic->ic_flags & IEEE80211_F_USEPROT) &&
2894 rt2860_rates[ridx].phy == IEEE80211_T_OFDM)))
2895 txwi->txop |= RT2860_TX_TXOP_HT;
2897 txwi->txop |= RT2860_TX_TXOP_BACKOFF;
2900 /* This function must be called locked */
2902 run_tx(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
2904 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2905 struct ieee80211vap *vap = ni->ni_vap;
2906 struct ieee80211_frame *wh;
2907 struct ieee80211_channel *chan;
2908 const struct ieee80211_txparam *tp;
2909 struct run_node *rn = (void *)ni;
2910 struct run_tx_data *data;
2911 struct rt2870_txd *txd;
2912 struct rt2860_txwi *txwi;
2924 RUN_LOCK_ASSERT(sc, MA_OWNED);
2926 wh = mtod(m, struct ieee80211_frame *);
2928 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
2931 * There are 7 bulk endpoints: 1 for RX
2932 * and 6 for TX (4 EDCAs + HCCA + Prio).
2933 * Update 03-14-2009: some devices like the Planex GW-US300MiniS
2934 * seem to have only 4 TX bulk endpoints (Fukaumi Naoki).
2936 if ((hasqos = IEEE80211_QOS_HAS_SEQ(wh))) {
2939 if(IEEE80211_HAS_ADDR4(wh))
2940 frm = ((struct ieee80211_qosframe_addr4 *)wh)->i_qos;
2942 frm =((struct ieee80211_qosframe *)wh)->i_qos;
2944 qos = le16toh(*(const uint16_t *)frm);
2945 tid = qos & IEEE80211_QOS_TID;
2946 qid = TID_TO_WME_AC(tid);
2952 qflags = (qid < 4) ? RT2860_TX_QSEL_EDCA : RT2860_TX_QSEL_HCCA;
2954 DPRINTFN(8, "qos %d\tqid %d\ttid %d\tqflags %x\n",
2955 qos, qid, tid, qflags);
2957 chan = (ni->ni_chan != IEEE80211_CHAN_ANYC)?ni->ni_chan:ic->ic_curchan;
2958 tp = &vap->iv_txparms[ieee80211_chan2mode(chan)];
2960 /* pickup a rate index */
2961 if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
2962 type != IEEE80211_FC0_TYPE_DATA) {
2963 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
2964 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
2965 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
2967 if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
2968 ridx = rn->fix_ridx;
2970 ridx = rn->amrr_ridx;
2971 ctl_ridx = rt2860_rates[ridx].ctl_ridx;
2974 if (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
2975 (!hasqos || (qos & IEEE80211_QOS_ACKPOLICY) !=
2976 IEEE80211_QOS_ACKPOLICY_NOACK)) {
2977 xflags = RT2860_TX_ACK;
2978 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
2979 dur = rt2860_rates[ctl_ridx].sp_ack_dur;
2981 dur = rt2860_rates[ctl_ridx].lp_ack_dur;
2982 *(uint16_t *)wh->i_dur = htole16(dur);
2985 /* reserve slots for mgmt packets, just in case */
2986 if (sc->sc_epq[qid].tx_nfree < 3) {
2987 DPRINTFN(10, "tx ring %d is full\n", qid);
2991 data = STAILQ_FIRST(&sc->sc_epq[qid].tx_fh);
2992 STAILQ_REMOVE_HEAD(&sc->sc_epq[qid].tx_fh, next);
2993 sc->sc_epq[qid].tx_nfree--;
2995 txd = (struct rt2870_txd *)&data->desc;
2996 txd->flags = qflags;
2997 txwi = (struct rt2860_txwi *)(txd + 1);
2998 txwi->xflags = xflags;
2999 txwi->wcid = (type == IEEE80211_FC0_TYPE_DATA) ?
3000 RUN_AID2WCID(ni->ni_associd) : 0xff;
3001 /* clear leftover garbage bits */
3009 run_set_tx_desc(sc, data);
3012 * The chip keeps track of 2 kind of Tx stats,
3013 * * TX_STAT_FIFO, for per WCID stats, and
3014 * * TX_STA_CNT0 for all-TX-in-one stats.
3016 * To use FIFO stats, we need to store MCS into the driver-private
3017 * PacketID field. So that, we can tell whose stats when we read them.
3018 * We add 1 to the MCS because setting the PacketID field to 0 means
3019 * that we don't want feedback in TX_STAT_FIFO.
3020 * And, that's what we want for STA mode, since TX_STA_CNT0 does the job.
3022 * FIFO stats doesn't count Tx with WCID 0xff, so we do this in run_tx().
3024 if(sc->rvp_cnt > 1 || vap->iv_opmode == IEEE80211_M_HOSTAP ||
3025 vap->iv_opmode == IEEE80211_M_MBSS){
3026 uint16_t pid = (rt2860_rates[ridx].mcs + 1) & 0xf;
3027 txwi->len |= htole16(pid << RT2860_TX_PID_SHIFT);
3030 * Unlike PCI based devices, we don't get any interrupt from
3031 * USB devices, so we simulate FIFO-is-full interrupt here.
3032 * Ralink recomends to drain FIFO stats every 100 ms, but 16 slots
3033 * quickly get fulled. To prevent overflow, increment a counter on
3034 * every FIFO stat request, so we know how many slots are left.
3035 * We do this only in HOSTAP or multiple vap mode since FIFO stats
3036 * are used only in those modes.
3037 * We just drain stats. AMRR gets updated every 1 sec by
3038 * run_ratectl_cb() via callout.
3039 * Call it early. Otherwise overflow.
3041 if(sc->fifo_cnt++ == 10){
3043 * With multiple vaps or if_bridge, if_start() is called
3044 * with a non-sleepable lock, tcpinp. So, need to defer.
3046 uint32_t i = RUN_CMDQ_GET(&sc->cmdq_store);
3047 DPRINTFN(6, "cmdq_store=%d\n", i);
3048 sc->cmdq[i].func = run_drain_fifo;
3049 sc->cmdq[i].arg0 = sc;
3050 ieee80211_runtask(ic, &sc->cmdq_task);
3054 STAILQ_INSERT_TAIL(&sc->sc_epq[qid].tx_qh, data, next);
3056 usbd_transfer_start(sc->sc_xfer[qid]);
3058 DPRINTFN(8, "sending data frame len=%d rate=%d qid=%d\n", m->m_pkthdr.len +
3059 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)),
3060 rt2860_rates[ridx].rate, qid);
3066 run_tx_mgt(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni)
3068 struct ifnet *ifp = sc->sc_ifp;
3069 struct ieee80211com *ic = ifp->if_l2com;
3070 struct run_node *rn = (void *)ni;
3071 struct run_tx_data *data;
3072 struct ieee80211_frame *wh;
3073 struct rt2870_txd *txd;
3074 struct rt2860_txwi *txwi;
3076 uint8_t ridx = rn->mgt_ridx;
3081 RUN_LOCK_ASSERT(sc, MA_OWNED);
3083 wh = mtod(m, struct ieee80211_frame *);
3085 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3087 /* tell hardware to add timestamp for probe responses */
3089 (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
3090 (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
3091 wflags |= RT2860_TX_TS;
3092 else if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
3093 xflags |= RT2860_TX_ACK;
3095 dur = ieee80211_ack_duration(ic->ic_rt, rt2860_rates[ridx].rate,
3096 ic->ic_flags & IEEE80211_F_SHPREAMBLE);
3097 *(uint16_t *)wh->i_dur = htole16(dur);
3100 if (sc->sc_epq[0].tx_nfree == 0) {
3101 /* let caller free mbuf */
3102 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3105 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3106 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3107 sc->sc_epq[0].tx_nfree--;
3109 txd = (struct rt2870_txd *)&data->desc;
3110 txd->flags = RT2860_TX_QSEL_EDCA;
3111 txwi = (struct rt2860_txwi *)(txd + 1);
3113 txwi->flags = wflags;
3114 txwi->xflags = xflags;
3115 txwi->txop = 0; /* clear leftover garbage bits */
3121 run_set_tx_desc(sc, data);
3123 DPRINTFN(10, "sending mgt frame len=%d rate=%d\n", m->m_pkthdr.len +
3124 (int)(sizeof (struct rt2870_txd) + sizeof (struct rt2860_rxwi)),
3125 rt2860_rates[ridx].rate);
3127 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3129 usbd_transfer_start(sc->sc_xfer[0]);
3135 run_sendprot(struct run_softc *sc,
3136 const struct mbuf *m, struct ieee80211_node *ni, int prot, int rate)
3138 struct ieee80211com *ic = ni->ni_ic;
3139 struct ieee80211_frame *wh;
3140 struct run_tx_data *data;
3141 struct rt2870_txd *txd;
3142 struct rt2860_txwi *txwi;
3154 RUN_LOCK_ASSERT(sc, MA_OWNED);
3156 KASSERT(prot == IEEE80211_PROT_RTSCTS || prot == IEEE80211_PROT_CTSONLY,
3157 ("protection %d", prot));
3159 wh = mtod(m, struct ieee80211_frame *);
3160 pktlen = m->m_pkthdr.len + IEEE80211_CRC_LEN;
3161 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3163 protrate = ieee80211_ctl_rate(ic->ic_rt, rate);
3164 ackrate = ieee80211_ack_rate(ic->ic_rt, rate);
3166 isshort = (ic->ic_flags & IEEE80211_F_SHPREAMBLE) != 0;
3167 dur = ieee80211_compute_duration(ic->ic_rt, pktlen, rate, isshort);
3168 + ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3169 wflags = RT2860_TX_FRAG;
3171 /* check that there are free slots before allocating the mbuf */
3172 if (sc->sc_epq[0].tx_nfree == 0) {
3173 /* let caller free mbuf */
3174 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3178 if (prot == IEEE80211_PROT_RTSCTS) {
3179 /* NB: CTS is the same size as an ACK */
3180 dur += ieee80211_ack_duration(ic->ic_rt, rate, isshort);
3181 xflags |= RT2860_TX_ACK;
3182 mprot = ieee80211_alloc_rts(ic, wh->i_addr1, wh->i_addr2, dur);
3184 mprot = ieee80211_alloc_cts(ic, ni->ni_vap->iv_myaddr, dur);
3186 if (mprot == NULL) {
3187 sc->sc_ifp->if_oerrors++;
3188 DPRINTF("could not allocate mbuf\n");
3192 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3193 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3194 sc->sc_epq[0].tx_nfree--;
3196 txd = (struct rt2870_txd *)&data->desc;
3197 txd->flags = RT2860_TX_QSEL_EDCA;
3198 txwi = (struct rt2860_txwi *)(txd + 1);
3200 txwi->flags = wflags;
3201 txwi->xflags = xflags;
3202 txwi->txop = 0; /* clear leftover garbage bits */
3205 data->ni = ieee80211_ref_node(ni);
3207 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3208 if (rt2860_rates[ridx].rate == protrate)
3212 run_set_tx_desc(sc, data);
3214 DPRINTFN(1, "sending prot len=%u rate=%u\n",
3215 m->m_pkthdr.len, rate);
3217 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3219 usbd_transfer_start(sc->sc_xfer[0]);
3225 run_tx_param(struct run_softc *sc, struct mbuf *m, struct ieee80211_node *ni,
3226 const struct ieee80211_bpf_params *params)
3228 struct ieee80211com *ic = ni->ni_ic;
3229 struct ieee80211_frame *wh;
3230 struct run_tx_data *data;
3231 struct rt2870_txd *txd;
3232 struct rt2860_txwi *txwi;
3236 uint8_t opflags = 0;
3240 RUN_LOCK_ASSERT(sc, MA_OWNED);
3242 KASSERT(params != NULL, ("no raw xmit params"));
3244 wh = mtod(m, struct ieee80211_frame *);
3245 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
3247 rate = params->ibp_rate0;
3248 if (!ieee80211_isratevalid(ic->ic_rt, rate)) {
3249 /* let caller free mbuf */
3253 if ((params->ibp_flags & IEEE80211_BPF_NOACK) == 0)
3254 xflags |= RT2860_TX_ACK;
3255 if (params->ibp_flags & (IEEE80211_BPF_RTS|IEEE80211_BPF_CTS)) {
3256 error = run_sendprot(sc, m, ni,
3257 params->ibp_flags & IEEE80211_BPF_RTS ?
3258 IEEE80211_PROT_RTSCTS : IEEE80211_PROT_CTSONLY,
3261 /* let caller free mbuf */
3264 opflags |= /*XXX RT2573_TX_LONG_RETRY |*/ RT2860_TX_TXOP_SIFS;
3267 if (sc->sc_epq[0].tx_nfree == 0) {
3268 /* let caller free mbuf */
3269 sc->sc_ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3270 DPRINTF("sending raw frame, but tx ring is full\n");
3273 data = STAILQ_FIRST(&sc->sc_epq[0].tx_fh);
3274 STAILQ_REMOVE_HEAD(&sc->sc_epq[0].tx_fh, next);
3275 sc->sc_epq[0].tx_nfree--;
3277 txd = (struct rt2870_txd *)&data->desc;
3278 txd->flags = RT2860_TX_QSEL_EDCA;
3279 txwi = (struct rt2860_txwi *)(txd + 1);
3281 txwi->xflags = xflags;
3282 txwi->txop = opflags;
3283 txwi->flags = 0; /* clear leftover garbage bits */
3287 for (ridx = 0; ridx < RT2860_RIDX_MAX; ridx++)
3288 if (rt2860_rates[ridx].rate == rate)
3292 run_set_tx_desc(sc, data);
3294 DPRINTFN(10, "sending raw frame len=%u rate=%u\n",
3295 m->m_pkthdr.len, rate);
3297 STAILQ_INSERT_TAIL(&sc->sc_epq[0].tx_qh, data, next);
3299 usbd_transfer_start(sc->sc_xfer[0]);
3305 run_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
3306 const struct ieee80211_bpf_params *params)
3308 struct ifnet *ifp = ni->ni_ic->ic_ifp;
3309 struct run_softc *sc = ifp->if_softc;
3314 /* prevent management frames from being sent if we're not ready */
3315 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)) {
3320 if (params == NULL) {
3322 if ((error = run_tx_mgt(sc, m, ni)) != 0){
3324 DPRINTF("mgt tx failed\n");
3328 /* tx raw packet with param */
3329 if ((error = run_tx_param(sc, m, ni, params)) != 0){
3331 DPRINTF("tx with param failed\n");
3344 ieee80211_free_node(ni);
3351 run_start(struct ifnet *ifp)
3353 struct run_softc *sc = ifp->if_softc;
3354 struct ieee80211_node *ni;
3359 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0) {
3365 /* send data frames */
3366 IFQ_DRV_DEQUEUE(&ifp->if_snd, m);
3370 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
3371 if (run_tx(sc, m, ni) != 0) {
3372 IFQ_DRV_PREPEND(&ifp->if_snd, m);
3373 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
3382 run_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
3384 struct run_softc *sc = ifp->if_softc;
3385 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3386 struct ifreq *ifr = (struct ifreq *) data;
3393 if (ifp->if_flags & IFF_UP) {
3394 if (!(ifp->if_drv_flags & IFF_DRV_RUNNING)){
3396 run_init_locked(sc);
3398 run_update_promisc_locked(ifp);
3400 if(ifp->if_drv_flags & IFF_DRV_RUNNING &&
3401 (ic->ic_nrunning == 0 || sc->rvp_cnt <= 1)){
3407 ieee80211_start_all(ic);
3410 error = ifmedia_ioctl(ifp, ifr, &ic->ic_media, cmd);
3413 error = ether_ioctl(ifp, cmd, data);
3424 run_set_agc(struct run_softc *sc, uint8_t agc)
3428 if (sc->mac_ver == 0x3572) {
3429 run_bbp_read(sc, 27, &bbp);
3431 run_bbp_write(sc, 27, bbp | 0 << 5); /* select Rx0 */
3432 run_bbp_write(sc, 66, agc);
3433 run_bbp_write(sc, 27, bbp | 1 << 5); /* select Rx1 */
3434 run_bbp_write(sc, 66, agc);
3436 run_bbp_write(sc, 66, agc);
3440 run_select_chan_group(struct run_softc *sc, int group)
3445 run_bbp_write(sc, 62, 0x37 - sc->lna[group]);
3446 run_bbp_write(sc, 63, 0x37 - sc->lna[group]);
3447 run_bbp_write(sc, 64, 0x37 - sc->lna[group]);
3448 run_bbp_write(sc, 86, 0x00);
3451 if (sc->ext_2ghz_lna) {
3452 run_bbp_write(sc, 82, 0x62);
3453 run_bbp_write(sc, 75, 0x46);
3455 run_bbp_write(sc, 82, 0x84);
3456 run_bbp_write(sc, 75, 0x50);
3459 if (sc->mac_ver == 0x3572)
3460 run_bbp_write(sc, 82, 0x94);
3462 run_bbp_write(sc, 82, 0xf2);
3463 if (sc->ext_5ghz_lna)
3464 run_bbp_write(sc, 75, 0x46);
3466 run_bbp_write(sc, 75, 0x50);
3469 run_read(sc, RT2860_TX_BAND_CFG, &tmp);
3470 tmp &= ~(RT2860_5G_BAND_SEL_N | RT2860_5G_BAND_SEL_P);
3471 tmp |= (group == 0) ? RT2860_5G_BAND_SEL_N : RT2860_5G_BAND_SEL_P;
3472 run_write(sc, RT2860_TX_BAND_CFG, tmp);
3474 /* enable appropriate Power Amplifiers and Low Noise Amplifiers */
3475 tmp = RT2860_RFTR_EN | RT2860_TRSW_EN | RT2860_LNA_PE0_EN;
3476 if (sc->nrxchains > 1)
3477 tmp |= RT2860_LNA_PE1_EN;
3478 if (group == 0) { /* 2GHz */
3479 tmp |= RT2860_PA_PE_G0_EN;
3480 if (sc->ntxchains > 1)
3481 tmp |= RT2860_PA_PE_G1_EN;
3483 tmp |= RT2860_PA_PE_A0_EN;
3484 if (sc->ntxchains > 1)
3485 tmp |= RT2860_PA_PE_A1_EN;
3487 if (sc->mac_ver == 0x3572) {
3488 run_rt3070_rf_write(sc, 8, 0x00);
3489 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3490 run_rt3070_rf_write(sc, 8, 0x80);
3492 run_write(sc, RT2860_TX_PIN_CFG, tmp);
3494 /* set initial AGC value */
3495 if (group == 0) { /* 2GHz band */
3496 if (sc->mac_ver >= 0x3070)
3497 agc = 0x1c + sc->lna[0] * 2;
3499 agc = 0x2e + sc->lna[0];
3500 } else { /* 5GHz band */
3501 if (sc->mac_ver == 0x3572)
3502 agc = 0x22 + (sc->lna[group] * 5) / 3;
3504 agc = 0x32 + (sc->lna[group] * 5) / 3;
3506 run_set_agc(sc, agc);
3510 run_rt2870_set_chan(struct run_softc *sc, uint32_t chan)
3512 const struct rfprog *rfprog = rt2860_rf2850;
3513 uint32_t r2, r3, r4;
3514 int8_t txpow1, txpow2;
3517 /* find the settings for this channel (we know it exists) */
3518 for (i = 0; rfprog[i].chan != chan; i++);
3521 if (sc->ntxchains == 1)
3522 r2 |= 1 << 12; /* 1T: disable Tx chain 2 */
3523 if (sc->nrxchains == 1)
3524 r2 |= 1 << 15 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
3525 else if (sc->nrxchains == 2)
3526 r2 |= 1 << 4; /* 2R: disable Rx chain 3 */
3528 /* use Tx power values from EEPROM */
3529 txpow1 = sc->txpow1[i];
3530 txpow2 = sc->txpow2[i];
3533 txpow1 = txpow1 << 1 | 1;
3535 txpow1 = (7 + txpow1) << 1;
3537 txpow2 = txpow2 << 1 | 1;
3539 txpow2 = (7 + txpow2) << 1;
3541 r3 = rfprog[i].r3 | txpow1 << 7;
3542 r4 = rfprog[i].r4 | sc->freq << 13 | txpow2 << 4;
3544 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1);
3545 run_rt2870_rf_write(sc, RT2860_RF2, r2);
3546 run_rt2870_rf_write(sc, RT2860_RF3, r3);
3547 run_rt2870_rf_write(sc, RT2860_RF4, r4);
3551 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1);
3552 run_rt2870_rf_write(sc, RT2860_RF2, r2);
3553 run_rt2870_rf_write(sc, RT2860_RF3, r3 | 1);
3554 run_rt2870_rf_write(sc, RT2860_RF4, r4);
3558 run_rt2870_rf_write(sc, RT2860_RF1, rfprog[i].r1);
3559 run_rt2870_rf_write(sc, RT2860_RF2, r2);
3560 run_rt2870_rf_write(sc, RT2860_RF3, r3);
3561 run_rt2870_rf_write(sc, RT2860_RF4, r4);
3565 run_rt3070_set_chan(struct run_softc *sc, uint32_t chan)
3567 int8_t txpow1, txpow2;
3571 /* RT3070 is 2GHz only */
3572 KASSERT(chan >= 1 && chan <= 14, ("wrong channel selected\n"));
3574 /* find the settings for this channel (we know it exists) */
3575 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
3577 /* use Tx power values from EEPROM */
3578 txpow1 = sc->txpow1[i];
3579 txpow2 = sc->txpow2[i];
3581 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
3582 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
3583 run_rt3070_rf_read(sc, 6, &rf);
3584 rf = (rf & ~0x03) | rt3070_freqs[i].r;
3585 run_rt3070_rf_write(sc, 6, rf);
3588 run_rt3070_rf_read(sc, 12, &rf);
3589 rf = (rf & ~0x1f) | txpow1;
3590 run_rt3070_rf_write(sc, 12, rf);
3593 run_rt3070_rf_read(sc, 13, &rf);
3594 rf = (rf & ~0x1f) | txpow2;
3595 run_rt3070_rf_write(sc, 13, rf);
3597 run_rt3070_rf_read(sc, 1, &rf);
3599 if (sc->ntxchains == 1)
3600 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
3601 else if (sc->ntxchains == 2)
3602 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
3603 if (sc->nrxchains == 1)
3604 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
3605 else if (sc->nrxchains == 2)
3606 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
3607 run_rt3070_rf_write(sc, 1, rf);
3610 run_rt3070_rf_read(sc, 23, &rf);
3611 rf = (rf & ~0x7f) | sc->freq;
3612 run_rt3070_rf_write(sc, 23, rf);
3614 /* program RF filter */
3615 run_rt3070_rf_read(sc, 24, &rf); /* Tx */
3616 rf = (rf & ~0x3f) | sc->rf24_20mhz;
3617 run_rt3070_rf_write(sc, 24, rf);
3618 run_rt3070_rf_read(sc, 31, &rf); /* Rx */
3619 rf = (rf & ~0x3f) | sc->rf24_20mhz;
3620 run_rt3070_rf_write(sc, 31, rf);
3622 /* enable RF tuning */
3623 run_rt3070_rf_read(sc, 7, &rf);
3624 run_rt3070_rf_write(sc, 7, rf | 0x01);
3628 run_rt3572_set_chan(struct run_softc *sc, u_int chan)
3630 int8_t txpow1, txpow2;
3635 /* find the settings for this channel (we know it exists) */
3636 for (i = 0; rt2860_rf2850[i].chan != chan; i++);
3638 /* use Tx power values from EEPROM */
3639 txpow1 = sc->txpow1[i];
3640 txpow2 = sc->txpow2[i];
3643 run_bbp_write(sc, 25, sc->bbp25);
3644 run_bbp_write(sc, 26, sc->bbp26);
3646 /* enable IQ phase correction */
3647 run_bbp_write(sc, 25, 0x09);
3648 run_bbp_write(sc, 26, 0xff);
3651 run_rt3070_rf_write(sc, 2, rt3070_freqs[i].n);
3652 run_rt3070_rf_write(sc, 3, rt3070_freqs[i].k);
3653 run_rt3070_rf_read(sc, 6, &rf);
3654 rf = (rf & ~0x0f) | rt3070_freqs[i].r;
3655 rf |= (chan <= 14) ? 0x08 : 0x04;
3656 run_rt3070_rf_write(sc, 6, rf);
3659 run_rt3070_rf_read(sc, 5, &rf);
3660 rf &= ~(0x08 | 0x04);
3661 rf |= (chan <= 14) ? 0x04 : 0x08;
3662 run_rt3070_rf_write(sc, 5, rf);
3664 /* set Tx power for chain 0 */
3668 rf = 0xe0 | (txpow1 & 0xc) << 1 | (txpow1 & 0x3);
3669 run_rt3070_rf_write(sc, 12, rf);
3671 /* set Tx power for chain 1 */
3675 rf = 0xe0 | (txpow2 & 0xc) << 1 | (txpow2 & 0x3);
3676 run_rt3070_rf_write(sc, 13, rf);
3678 /* set Tx/Rx streams */
3679 run_rt3070_rf_read(sc, 1, &rf);
3681 if (sc->ntxchains == 1)
3682 rf |= 1 << 7 | 1 << 5; /* 1T: disable Tx chains 2 & 3 */
3683 else if (sc->ntxchains == 2)
3684 rf |= 1 << 7; /* 2T: disable Tx chain 3 */
3685 if (sc->nrxchains == 1)
3686 rf |= 1 << 6 | 1 << 4; /* 1R: disable Rx chains 2 & 3 */
3687 else if (sc->nrxchains == 2)
3688 rf |= 1 << 6; /* 2R: disable Rx chain 3 */
3689 run_rt3070_rf_write(sc, 1, rf);
3692 run_rt3070_rf_read(sc, 23, &rf);
3693 rf = (rf & ~0x7f) | sc->freq;
3694 run_rt3070_rf_write(sc, 23, rf);
3696 /* program RF filter */
3697 rf = sc->rf24_20mhz;
3698 run_rt3070_rf_write(sc, 24, rf); /* Tx */
3699 run_rt3070_rf_write(sc, 31, rf); /* Rx */
3701 /* enable RF tuning */
3702 run_rt3070_rf_read(sc, 7, &rf);
3703 rf = (chan <= 14) ? 0xd8 : ((rf & ~0xc8) | 0x14);
3704 run_rt3070_rf_write(sc, 7, rf);
3707 rf = (chan <= 14) ? 0xc3 : 0xc0;
3708 run_rt3070_rf_write(sc, 9, rf);
3710 /* set loop filter 1 */
3711 run_rt3070_rf_write(sc, 10, 0xf1);
3712 /* set loop filter 2 */
3713 run_rt3070_rf_write(sc, 11, (chan <= 14) ? 0xb9 : 0x00);
3716 run_rt3070_rf_write(sc, 15, (chan <= 14) ? 0x53 : 0x43);
3719 rf = 0x48 | sc->txmixgain_2ghz;
3721 rf = 0x78 | sc->txmixgain_5ghz;
3722 run_rt3070_rf_write(sc, 16, rf);
3725 run_rt3070_rf_write(sc, 17, 0x23);
3729 else if (chan <= 64)
3731 else if (chan <= 128)
3735 run_rt3070_rf_write(sc, 19, rf);
3740 else if (chan <= 64)
3742 else if (chan <= 128)
3746 run_rt3070_rf_write(sc, 20, rf);
3751 else if (chan <= 64)
3755 run_rt3070_rf_write(sc, 25, rf);
3758 run_rt3070_rf_write(sc, 26, (chan <= 14) ? 0x85 : 0x87);
3760 run_rt3070_rf_write(sc, 27, (chan <= 14) ? 0x00 : 0x01);
3762 run_rt3070_rf_write(sc, 29, (chan <= 14) ? 0x9b : 0x9f);
3764 run_read(sc, RT2860_GPIO_CTRL, &tmp);
3768 run_write(sc, RT2860_GPIO_CTRL, tmp);
3770 /* enable RF tuning */
3771 run_rt3070_rf_read(sc, 7, &rf);
3772 run_rt3070_rf_write(sc, 7, rf | 0x01);
3778 run_set_rx_antenna(struct run_softc *sc, int aux)
3783 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 0);
3784 run_read(sc, RT2860_GPIO_CTRL, &tmp);
3785 run_write(sc, RT2860_GPIO_CTRL, (tmp & ~0x0808) | 0x08);
3787 run_mcu_cmd(sc, RT2860_MCU_CMD_ANTSEL, 1);
3788 run_read(sc, RT2860_GPIO_CTRL, &tmp);
3789 run_write(sc, RT2860_GPIO_CTRL, tmp & ~0x0808);
3794 run_set_chan(struct run_softc *sc, struct ieee80211_channel *c)
3796 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3797 uint32_t chan, group;
3799 chan = ieee80211_chan2ieee(ic, c);
3800 if (chan == 0 || chan == IEEE80211_CHAN_ANY)
3803 if (sc->mac_ver == 0x3572)
3804 run_rt3572_set_chan(sc, chan);
3805 else if (sc->mac_ver >= 0x3070)
3806 run_rt3070_set_chan(sc, chan);
3808 run_rt2870_set_chan(sc, chan);
3810 /* determine channel group */
3813 else if (chan <= 64)
3815 else if (chan <= 128)
3820 /* XXX necessary only when group has changed! */
3821 run_select_chan_group(sc, group);
3829 run_set_channel(struct ieee80211com *ic)
3831 struct run_softc *sc = ic->ic_ifp->if_softc;
3834 run_set_chan(sc, ic->ic_curchan);
3841 run_scan_start(struct ieee80211com *ic)
3843 struct run_softc *sc = ic->ic_ifp->if_softc;
3848 /* abort TSF synchronization */
3849 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
3850 run_write(sc, RT2860_BCN_TIME_CFG,
3851 tmp & ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
3852 RT2860_TBTT_TIMER_EN));
3853 run_set_bssid(sc, sc->sc_ifp->if_broadcastaddr);
3861 run_scan_end(struct ieee80211com *ic)
3863 struct run_softc *sc = ic->ic_ifp->if_softc;
3867 run_enable_tsf_sync(sc);
3868 /* XXX keep local copy */
3869 run_set_bssid(sc, sc->sc_bssid);
3877 * Could be called from ieee80211_node_timeout()
3878 * (non-sleepable thread)
3881 run_update_beacon(struct ieee80211vap *vap, int item)
3883 struct ieee80211com *ic = vap->iv_ic;
3884 struct run_softc *sc = ic->ic_ifp->if_softc;
3887 i = RUN_CMDQ_GET(&sc->cmdq_store);
3888 DPRINTF("cmdq_store=%d\n", i);
3889 sc->cmdq[i].func = run_update_beacon_cb;
3890 sc->cmdq[i].arg0 = vap;
3891 ieee80211_runtask(ic, &sc->cmdq_task);
3897 run_update_beacon_cb(void *arg)
3899 struct ieee80211vap *vap = arg;
3900 struct ieee80211com *ic = vap->iv_ic;
3901 struct run_softc *sc = ic->ic_ifp->if_softc;
3902 struct rt2860_txwi txwi;
3906 if(vap->iv_bss->ni_chan == IEEE80211_CHAN_ANYC)
3909 if ((m = ieee80211_beacon_alloc(vap->iv_bss, &RUN_VAP(vap)->bo)) == NULL)
3912 memset(&txwi, 0, sizeof txwi);
3914 txwi.len = htole16(m->m_pkthdr.len);
3915 /* send beacons at the lowest available rate */
3916 ridx = (ic->ic_curmode == IEEE80211_MODE_11A) ?
3917 RT2860_RIDX_OFDM6 : RT2860_RIDX_CCK1;
3918 txwi.phy = htole16(rt2860_rates[ridx].mcs);
3919 if (rt2860_rates[ridx].phy == IEEE80211_T_OFDM)
3920 txwi.phy |= htole16(RT2860_PHY_OFDM);
3921 txwi.txop = RT2860_TX_TXOP_HT;
3922 txwi.flags = RT2860_TX_TS;
3924 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id),
3925 (uint8_t *)&txwi, sizeof txwi);
3926 run_write_region_1(sc, RT2860_BCN_BASE(RUN_VAP(vap)->rvp_id) + sizeof txwi,
3927 mtod(m, uint8_t *), (m->m_pkthdr.len + 1) & ~1); /* roundup len */
3935 run_updateprot(struct ieee80211com *ic)
3937 struct run_softc *sc = ic->ic_ifp->if_softc;
3940 tmp = RT2860_RTSTH_EN | RT2860_PROT_NAV_SHORT | RT2860_TXOP_ALLOW_ALL;
3941 /* setup protection frame rate (MCS code) */
3942 tmp |= (ic->ic_curmode == IEEE80211_MODE_11A) ?
3943 rt2860_rates[RT2860_RIDX_OFDM6].mcs :
3944 rt2860_rates[RT2860_RIDX_CCK11].mcs;
3946 /* CCK frames don't require protection */
3947 run_write(sc, RT2860_CCK_PROT_CFG, tmp);
3948 if (ic->ic_flags & IEEE80211_F_USEPROT) {
3949 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
3950 tmp |= RT2860_PROT_CTRL_RTS_CTS;
3951 else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
3952 tmp |= RT2860_PROT_CTRL_CTS;
3954 run_write(sc, RT2860_OFDM_PROT_CFG, tmp);
3958 run_usb_timeout_cb(void *arg)
3960 struct ieee80211vap *vap = arg;
3961 struct run_softc *sc = vap->iv_ic->ic_ifp->if_softc;
3963 RUN_LOCK_ASSERT(sc, MA_OWNED);
3965 if(vap->iv_state == IEEE80211_S_RUN &&
3966 vap->iv_opmode != IEEE80211_M_STA)
3967 run_reset_livelock(sc);
3968 else if(vap->iv_state == IEEE80211_S_SCAN){
3969 DPRINTF("timeout caused by scan\n");
3971 ieee80211_cancel_scan(vap);
3973 DPRINTF("timeout by unknown cause\n");
3977 run_reset_livelock(struct run_softc *sc)
3981 RUN_LOCK_ASSERT(sc, MA_OWNED);
3984 * In IBSS or HostAP modes (when the hardware sends beacons), the MAC
3985 * can run into a livelock and start sending CTS-to-self frames like
3986 * crazy if protection is enabled. Reset MAC/BBP for a while
3988 run_read(sc, RT2860_DEBUG, &tmp);
3989 DPRINTFN(3, "debug reg %08x\n", tmp);
3990 if((tmp & (1 << 29)) && (tmp & (1 << 7 | 1 << 5))){
3991 DPRINTF("CTS-to-self livelock detected\n");
3992 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_SRST);
3994 run_write(sc, RT2860_MAC_SYS_CTRL,
3995 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4000 run_update_promisc_locked(struct ifnet *ifp)
4002 struct run_softc *sc = ifp->if_softc;
4005 run_read(sc, RT2860_RX_FILTR_CFG, &tmp);
4007 tmp |= RT2860_DROP_UC_NOME;
4008 if (ifp->if_flags & IFF_PROMISC)
4009 tmp &= ~RT2860_DROP_UC_NOME;
4011 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
4013 DPRINTF("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
4014 "entering" : "leaving");
4018 run_update_promisc(struct ifnet *ifp)
4020 struct run_softc *sc = ifp->if_softc;
4022 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0)
4026 run_update_promisc_locked(ifp);
4031 run_enable_tsf_sync(struct run_softc *sc)
4033 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4034 struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
4037 DPRINTF("rvp_id=%d ic_opmode=%d\n", RUN_VAP(vap)->rvp_id, ic->ic_opmode);
4039 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4041 tmp |= vap->iv_bss->ni_intval * 16;
4042 tmp |= RT2860_TSF_TIMER_EN | RT2860_TBTT_TIMER_EN;
4044 if (ic->ic_opmode == IEEE80211_M_STA) {
4046 * Local TSF is always updated with remote TSF on beacon
4049 tmp |= 1 << RT2860_TSF_SYNC_MODE_SHIFT;
4050 } else if (ic->ic_opmode == IEEE80211_M_IBSS) {
4051 tmp |= RT2860_BCN_TX_EN;
4053 * Local TSF is updated with remote TSF on beacon reception
4054 * only if the remote TSF is greater than local TSF.
4056 tmp |= 2 << RT2860_TSF_SYNC_MODE_SHIFT;
4057 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
4058 ic->ic_opmode == IEEE80211_M_MBSS) {
4059 tmp |= RT2860_BCN_TX_EN;
4060 /* SYNC with nobody */
4061 tmp |= 3 << RT2860_TSF_SYNC_MODE_SHIFT;
4063 DPRINTF("Enabling TSF failed. undefined opmode\n");
4067 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
4071 run_enable_mrr(struct run_softc *sc)
4073 #define CCK(mcs) (mcs)
4074 #define OFDM(mcs) (1 << 3 | (mcs))
4075 run_write(sc, RT2860_LG_FBK_CFG0,
4076 OFDM(6) << 28 | /* 54->48 */
4077 OFDM(5) << 24 | /* 48->36 */
4078 OFDM(4) << 20 | /* 36->24 */
4079 OFDM(3) << 16 | /* 24->18 */
4080 OFDM(2) << 12 | /* 18->12 */
4081 OFDM(1) << 8 | /* 12-> 9 */
4082 OFDM(0) << 4 | /* 9-> 6 */
4083 OFDM(0)); /* 6-> 6 */
4085 run_write(sc, RT2860_LG_FBK_CFG1,
4086 CCK(2) << 12 | /* 11->5.5 */
4087 CCK(1) << 8 | /* 5.5-> 2 */
4088 CCK(0) << 4 | /* 2-> 1 */
4089 CCK(0)); /* 1-> 1 */
4095 run_set_txpreamble(struct run_softc *sc)
4097 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4100 run_read(sc, RT2860_AUTO_RSP_CFG, &tmp);
4101 if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
4102 tmp |= RT2860_CCK_SHORT_EN;
4104 tmp &= ~RT2860_CCK_SHORT_EN;
4105 run_write(sc, RT2860_AUTO_RSP_CFG, tmp);
4109 run_set_basicrates(struct run_softc *sc)
4111 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4113 /* set basic rates mask */
4114 if (ic->ic_curmode == IEEE80211_MODE_11B)
4115 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x003);
4116 else if (ic->ic_curmode == IEEE80211_MODE_11A)
4117 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x150);
4119 run_write(sc, RT2860_LEGACY_BASIC_RATE, 0x15f);
4123 run_set_leds(struct run_softc *sc, uint16_t which)
4125 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LEDS,
4126 which | (sc->leds & 0x7f));
4130 run_set_bssid(struct run_softc *sc, const uint8_t *bssid)
4132 run_write(sc, RT2860_MAC_BSSID_DW0,
4133 bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
4134 run_write(sc, RT2860_MAC_BSSID_DW1,
4135 bssid[4] | bssid[5] << 8);
4139 run_set_macaddr(struct run_softc *sc, const uint8_t *addr)
4141 run_write(sc, RT2860_MAC_ADDR_DW0,
4142 addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
4143 run_write(sc, RT2860_MAC_ADDR_DW1,
4144 addr[4] | addr[5] << 8 | 0xff << 16);
4149 run_updateslot(struct ifnet *ifp)
4151 struct run_softc *sc = ifp->if_softc;
4152 struct ieee80211com *ic = ifp->if_l2com;
4155 run_read(sc, RT2860_BKOFF_SLOT_CFG, &tmp);
4157 tmp |= (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
4158 run_write(sc, RT2860_BKOFF_SLOT_CFG, tmp);
4162 run_update_mcast(struct ifnet *ifp)
4164 /* h/w filter supports getting everything or nothing */
4165 ifp->if_flags |= IFF_ALLMULTI;
4169 run_rssi2dbm(struct run_softc *sc, uint8_t rssi, uint8_t rxchain)
4171 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4172 struct ieee80211_channel *c = ic->ic_curchan;
4175 if (IEEE80211_IS_CHAN_5GHZ(c)) {
4176 uint32_t chan = ieee80211_chan2ieee(ic, c);
4177 delta = sc->rssi_5ghz[rxchain];
4179 /* determine channel group */
4181 delta -= sc->lna[1];
4182 else if (chan <= 128)
4183 delta -= sc->lna[2];
4185 delta -= sc->lna[3];
4187 delta = sc->rssi_2ghz[rxchain] - sc->lna[0];
4189 return -12 - delta - rssi;
4193 run_bbp_init(struct run_softc *sc)
4195 int i, error, ntries;
4198 /* wait for BBP to wake up */
4199 for (ntries = 0; ntries < 20; ntries++) {
4200 if ((error = run_bbp_read(sc, 0, &bbp0)) != 0)
4202 if (bbp0 != 0 && bbp0 != 0xff)
4208 /* initialize BBP registers to default values */
4209 for (i = 0; i < nitems(rt2860_def_bbp); i++) {
4210 run_bbp_write(sc, rt2860_def_bbp[i].reg,
4211 rt2860_def_bbp[i].val);
4214 /* fix BBP84 for RT2860E */
4215 if (sc->mac_ver == 0x2860 && sc->mac_rev != 0x0101)
4216 run_bbp_write(sc, 84, 0x19);
4218 if (sc->mac_ver >= 0x3070) {
4219 run_bbp_write(sc, 79, 0x13);
4220 run_bbp_write(sc, 80, 0x05);
4221 run_bbp_write(sc, 81, 0x33);
4222 } else if (sc->mac_ver == 0x2860 && sc->mac_rev == 0x0100) {
4223 run_bbp_write(sc, 69, 0x16);
4224 run_bbp_write(sc, 73, 0x12);
4230 run_rt3070_rf_init(struct run_softc *sc)
4233 uint8_t rf, target, bbp4;
4236 run_rt3070_rf_read(sc, 30, &rf);
4237 /* toggle RF R30 bit 7 */
4238 run_rt3070_rf_write(sc, 30, rf | 0x80);
4240 run_rt3070_rf_write(sc, 30, rf & ~0x80);
4242 /* initialize RF registers to default value */
4243 if (sc->mac_ver == 0x3572) {
4244 for (i = 0; i < nitems(rt3572_def_rf); i++) {
4245 run_rt3070_rf_write(sc, rt3572_def_rf[i].reg,
4246 rt3572_def_rf[i].val);
4249 for (i = 0; i < nitems(rt3070_def_rf); i++) {
4250 run_rt3070_rf_write(sc, rt3070_def_rf[i].reg,
4251 rt3070_def_rf[i].val);
4255 if (sc->mac_ver == 0x3070) {
4256 /* change voltage from 1.2V to 1.35V for RT3070 */
4257 run_read(sc, RT3070_LDO_CFG0, &tmp);
4258 tmp = (tmp & ~0x0f000000) | 0x0d000000;
4259 run_write(sc, RT3070_LDO_CFG0, tmp);
4261 } else if (sc->mac_ver == 0x3071) {
4262 run_rt3070_rf_read(sc, 6, &rf);
4263 run_rt3070_rf_write(sc, 6, rf | 0x40);
4264 run_rt3070_rf_write(sc, 31, 0x14);
4266 run_read(sc, RT3070_LDO_CFG0, &tmp);
4268 if (sc->mac_rev < 0x0211)
4269 tmp |= 0x0d000000; /* 1.3V */
4271 tmp |= 0x01000000; /* 1.2V */
4272 run_write(sc, RT3070_LDO_CFG0, tmp);
4274 /* patch LNA_PE_G1 */
4275 run_read(sc, RT3070_GPIO_SWITCH, &tmp);
4276 run_write(sc, RT3070_GPIO_SWITCH, tmp & ~0x20);
4278 } else if(sc->mac_ver == 0x3572){
4279 run_rt3070_rf_read(sc, 6, &rf);
4280 run_rt3070_rf_write(sc, 6, rf | 0x40);
4282 /* increase voltage from 1.2V to 1.35V */
4283 run_read(sc, RT3070_LDO_CFG0, &tmp);
4284 tmp = (tmp & ~0x1f000000) | 0x0d000000;
4285 run_write(sc, RT3070_LDO_CFG0, tmp);
4287 if (sc->mac_rev < 0x0211 || !sc->patch_dac){
4288 run_delay(sc, 1); /* wait for 1msec */
4289 /* decrease voltage back to 1.2V */
4290 tmp = (tmp & ~0x1f000000) | 0x01000000;
4291 run_write(sc, RT3070_LDO_CFG0, tmp);
4295 /* select 20MHz bandwidth */
4296 run_rt3070_rf_read(sc, 31, &rf);
4297 run_rt3070_rf_write(sc, 31, rf & ~0x20);
4299 /* calibrate filter for 20MHz bandwidth */
4300 sc->rf24_20mhz = 0x1f; /* default value */
4301 target = (sc->mac_ver < 0x3071) ? 0x16 : 0x13;
4302 run_rt3070_filter_calib(sc, 0x07, target, &sc->rf24_20mhz);
4304 /* select 40MHz bandwidth */
4305 run_bbp_read(sc, 4, &bbp4);
4306 run_bbp_write(sc, 4, (bbp4 & ~0x08) | 0x10);
4307 run_rt3070_rf_read(sc, 31, &rf);
4308 run_rt3070_rf_write(sc, 31, rf | 0x20);
4310 /* calibrate filter for 40MHz bandwidth */
4311 sc->rf24_40mhz = 0x2f; /* default value */
4312 target = (sc->mac_ver < 0x3071) ? 0x19 : 0x15;
4313 run_rt3070_filter_calib(sc, 0x27, target, &sc->rf24_40mhz);
4315 /* go back to 20MHz bandwidth */
4316 run_bbp_read(sc, 4, &bbp4);
4317 run_bbp_write(sc, 4, bbp4 & ~0x18);
4319 if (sc->mac_ver == 0x3572) {
4320 /* save default BBP registers 25 and 26 values */
4321 run_bbp_read(sc, 25, &sc->bbp25);
4322 run_bbp_read(sc, 26, &sc->bbp26);
4323 } else if (sc->mac_rev < 0x0211)
4324 run_rt3070_rf_write(sc, 27, 0x03);
4326 run_read(sc, RT3070_OPT_14, &tmp);
4327 run_write(sc, RT3070_OPT_14, tmp | 1);
4329 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
4330 run_rt3070_rf_read(sc, 17, &rf);
4331 rf &= ~RT3070_TX_LO1;
4332 if ((sc->mac_ver == 0x3070 ||
4333 (sc->mac_ver == 0x3071 && sc->mac_rev >= 0x0211)) &&
4335 rf |= 0x20; /* fix for long range Rx issue */
4336 if (sc->txmixgain_2ghz >= 1)
4337 rf = (rf & ~0x7) | sc->txmixgain_2ghz;
4338 run_rt3070_rf_write(sc, 17, rf);
4341 if (sc->mac_rev == 0x3071) {
4342 run_rt3070_rf_read(sc, 1, &rf);
4343 rf &= ~(RT3070_RX0_PD | RT3070_TX0_PD);
4344 rf |= RT3070_RF_BLOCK | RT3070_RX1_PD | RT3070_TX1_PD;
4345 run_rt3070_rf_write(sc, 1, rf);
4347 run_rt3070_rf_read(sc, 15, &rf);
4348 run_rt3070_rf_write(sc, 15, rf & ~RT3070_TX_LO2);
4350 run_rt3070_rf_read(sc, 20, &rf);
4351 run_rt3070_rf_write(sc, 20, rf & ~RT3070_RX_LO1);
4353 run_rt3070_rf_read(sc, 21, &rf);
4354 run_rt3070_rf_write(sc, 21, rf & ~RT3070_RX_LO2);
4357 if (sc->mac_ver == 0x3070 || sc->mac_ver == 0x3071) {
4358 /* fix Tx to Rx IQ glitch by raising RF voltage */
4359 run_rt3070_rf_read(sc, 27, &rf);
4361 if (sc->mac_rev < 0x0211)
4363 run_rt3070_rf_write(sc, 27, rf);
4369 run_rt3070_filter_calib(struct run_softc *sc, uint8_t init, uint8_t target,
4373 uint8_t bbp55_pb, bbp55_sb, delta;
4376 /* program filter */
4377 run_rt3070_rf_read(sc, 24, &rf24);
4378 rf24 = (rf24 & 0xc0) | init; /* initial filter value */
4379 run_rt3070_rf_write(sc, 24, rf24);
4381 /* enable baseband loopback mode */
4382 run_rt3070_rf_read(sc, 22, &rf22);
4383 run_rt3070_rf_write(sc, 22, rf22 | 0x01);
4385 /* set power and frequency of passband test tone */
4386 run_bbp_write(sc, 24, 0x00);
4387 for (ntries = 0; ntries < 100; ntries++) {
4388 /* transmit test tone */
4389 run_bbp_write(sc, 25, 0x90);
4391 /* read received power */
4392 run_bbp_read(sc, 55, &bbp55_pb);
4399 /* set power and frequency of stopband test tone */
4400 run_bbp_write(sc, 24, 0x06);
4401 for (ntries = 0; ntries < 100; ntries++) {
4402 /* transmit test tone */
4403 run_bbp_write(sc, 25, 0x90);
4405 /* read received power */
4406 run_bbp_read(sc, 55, &bbp55_sb);
4408 delta = bbp55_pb - bbp55_sb;
4412 /* reprogram filter */
4414 run_rt3070_rf_write(sc, 24, rf24);
4418 rf24--; /* backtrack */
4420 run_rt3070_rf_write(sc, 24, rf24);
4423 /* restore initial state */
4424 run_bbp_write(sc, 24, 0x00);
4426 /* disable baseband loopback mode */
4427 run_rt3070_rf_read(sc, 22, &rf22);
4428 run_rt3070_rf_write(sc, 22, rf22 & ~0x01);
4434 run_rt3070_rf_setup(struct run_softc *sc)
4439 if (sc->mac_ver == 0x3572) {
4440 /* enable DC filter */
4441 if (sc->mac_rev >= 0x0201)
4442 run_bbp_write(sc, 103, 0xc0);
4444 run_bbp_read(sc, 138, &bbp);
4445 if (sc->ntxchains == 1)
4446 bbp |= 0x20; /* turn off DAC1 */
4447 if (sc->nrxchains == 1)
4448 bbp &= ~0x02; /* turn off ADC1 */
4449 run_bbp_write(sc, 138, bbp);
4451 if (sc->mac_rev >= 0x0211) {
4452 /* improve power consumption */
4453 run_bbp_read(sc, 31, &bbp);
4454 run_bbp_write(sc, 31, bbp & ~0x03);
4457 run_rt3070_rf_read(sc, 16, &rf);
4458 rf = (rf & ~0x07) | sc->txmixgain_2ghz;
4459 run_rt3070_rf_write(sc, 16, rf);
4461 } else if (sc->mac_ver == 0x3071) {
4462 /* enable DC filter */
4463 if (sc->mac_rev >= 0x0201)
4464 run_bbp_write(sc, 103, 0xc0);
4466 run_bbp_read(sc, 138, &bbp);
4467 if (sc->ntxchains == 1)
4468 bbp |= 0x20; /* turn off DAC1 */
4469 if (sc->nrxchains == 1)
4470 bbp &= ~0x02; /* turn off ADC1 */
4471 run_bbp_write(sc, 138, bbp);
4473 if (sc->mac_rev >= 0x0211) {
4474 /* improve power consumption */
4475 run_bbp_read(sc, 31, &bbp);
4476 run_bbp_write(sc, 31, bbp & ~0x03);
4479 run_write(sc, RT2860_TX_SW_CFG1, 0);
4480 if (sc->mac_rev < 0x0211) {
4481 run_write(sc, RT2860_TX_SW_CFG2,
4482 sc->patch_dac ? 0x2c : 0x0f);
4484 run_write(sc, RT2860_TX_SW_CFG2, 0);
4486 } else if (sc->mac_ver == 0x3070) {
4487 if (sc->mac_rev >= 0x0201) {
4488 /* enable DC filter */
4489 run_bbp_write(sc, 103, 0xc0);
4491 /* improve power consumption */
4492 run_bbp_read(sc, 31, &bbp);
4493 run_bbp_write(sc, 31, bbp & ~0x03);
4496 if (sc->mac_rev < 0x0211) {
4497 run_write(sc, RT2860_TX_SW_CFG1, 0);
4498 run_write(sc, RT2860_TX_SW_CFG2, 0x2c);
4500 run_write(sc, RT2860_TX_SW_CFG2, 0);
4503 /* initialize RF registers from ROM for >=RT3071*/
4504 if (sc->mac_ver >= 0x3071) {
4505 for (i = 0; i < 10; i++) {
4506 if (sc->rf[i].reg == 0 || sc->rf[i].reg == 0xff)
4508 run_rt3070_rf_write(sc, sc->rf[i].reg, sc->rf[i].val);
4514 run_txrx_enable(struct run_softc *sc)
4516 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
4520 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_MAC_TX_EN);
4521 for (ntries = 0; ntries < 200; ntries++) {
4522 if ((error = run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp)) != 0)
4524 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
4533 tmp |= RT2860_RX_DMA_EN | RT2860_TX_DMA_EN | RT2860_TX_WB_DDONE;
4534 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
4536 /* enable Rx bulk aggregation (set timeout and limit) */
4537 tmp = RT2860_USB_TX_EN | RT2860_USB_RX_EN | RT2860_USB_RX_AGG_EN |
4538 RT2860_USB_RX_AGG_TO(128) | RT2860_USB_RX_AGG_LMT(2);
4539 run_write(sc, RT2860_USB_DMA_CFG, tmp);
4542 tmp = RT2860_DROP_CRC_ERR | RT2860_DROP_PHY_ERR;
4543 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
4544 tmp |= RT2860_DROP_UC_NOME | RT2860_DROP_DUPL |
4545 RT2860_DROP_CTS | RT2860_DROP_BA | RT2860_DROP_ACK |
4546 RT2860_DROP_VER_ERR | RT2860_DROP_CTRL_RSV |
4547 RT2860_DROP_CFACK | RT2860_DROP_CFEND;
4548 if (ic->ic_opmode == IEEE80211_M_STA)
4549 tmp |= RT2860_DROP_RTS | RT2860_DROP_PSPOLL;
4551 run_write(sc, RT2860_RX_FILTR_CFG, tmp);
4553 run_write(sc, RT2860_MAC_SYS_CTRL,
4554 RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4560 run_init_locked(struct run_softc *sc)
4562 struct ifnet *ifp = sc->sc_ifp;
4563 struct ieee80211com *ic = ifp->if_l2com;
4570 if(ic->ic_nrunning > 1)
4575 for (ntries = 0; ntries < 100; ntries++) {
4576 if (run_read(sc, RT2860_ASIC_VER_ID, &tmp) != 0)
4578 if (tmp != 0 && tmp != 0xffffffff)
4585 for (i = 0; i != RUN_EP_QUEUES; i++)
4586 run_setup_tx_list(sc, &sc->sc_epq[i]);
4588 run_set_macaddr(sc, IF_LLADDR(ifp));
4590 for (ntries = 0; ntries < 100; ntries++) {
4591 if (run_read(sc, RT2860_WPDMA_GLO_CFG, &tmp) != 0)
4593 if ((tmp & (RT2860_TX_DMA_BUSY | RT2860_RX_DMA_BUSY)) == 0)
4597 if (ntries == 100) {
4598 device_printf(sc->sc_dev, "timeout waiting for DMA engine\n");
4602 tmp |= RT2860_TX_WB_DDONE;
4603 run_write(sc, RT2860_WPDMA_GLO_CFG, tmp);
4605 /* turn off PME_OEN to solve high-current issue */
4606 run_read(sc, RT2860_SYS_CTRL, &tmp);
4607 run_write(sc, RT2860_SYS_CTRL, tmp & ~RT2860_PME_OEN);
4609 run_write(sc, RT2860_MAC_SYS_CTRL,
4610 RT2860_BBP_HRST | RT2860_MAC_SRST);
4611 run_write(sc, RT2860_USB_DMA_CFG, 0);
4613 if (run_reset(sc) != 0) {
4614 device_printf(sc->sc_dev, "could not reset chipset\n");
4618 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
4620 /* init Tx power for all Tx rates (from EEPROM) */
4621 for (ridx = 0; ridx < 5; ridx++) {
4622 if (sc->txpow20mhz[ridx] == 0xffffffff)
4624 run_write(sc, RT2860_TX_PWR_CFG(ridx), sc->txpow20mhz[ridx]);
4627 for (i = 0; i < nitems(rt2870_def_mac); i++)
4628 run_write(sc, rt2870_def_mac[i].reg, rt2870_def_mac[i].val);
4629 run_write(sc, RT2860_WMM_AIFSN_CFG, 0x00002273);
4630 run_write(sc, RT2860_WMM_CWMIN_CFG, 0x00002344);
4631 run_write(sc, RT2860_WMM_CWMAX_CFG, 0x000034aa);
4633 if (sc->mac_ver >= 0x3070) {
4634 /* set delay of PA_PE assertion to 1us (unit of 0.25us) */
4635 run_write(sc, RT2860_TX_SW_CFG0,
4636 4 << RT2860_DLY_PAPE_EN_SHIFT);
4639 /* wait while MAC is busy */
4640 for (ntries = 0; ntries < 100; ntries++) {
4641 if (run_read(sc, RT2860_MAC_STATUS_REG, &tmp) != 0)
4643 if (!(tmp & (RT2860_RX_STATUS_BUSY | RT2860_TX_STATUS_BUSY)))
4650 /* clear Host to MCU mailbox */
4651 run_write(sc, RT2860_H2M_BBPAGENT, 0);
4652 run_write(sc, RT2860_H2M_MAILBOX, 0);
4655 if (run_bbp_init(sc) != 0) {
4656 device_printf(sc->sc_dev, "could not initialize BBP\n");
4660 /* abort TSF synchronization */
4661 run_read(sc, RT2860_BCN_TIME_CFG, &tmp);
4662 tmp &= ~(RT2860_BCN_TX_EN | RT2860_TSF_TIMER_EN |
4663 RT2860_TBTT_TIMER_EN);
4664 run_write(sc, RT2860_BCN_TIME_CFG, tmp);
4666 /* clear RX WCID search table */
4667 run_set_region_4(sc, RT2860_WCID_ENTRY(0), 0, 512);
4668 /* clear WCID attribute table */
4669 run_set_region_4(sc, RT2860_WCID_ATTR(0), 0, 8 * 32);
4670 /* clear shared key table */
4671 run_set_region_4(sc, RT2860_SKEY(0, 0), 0, 8 * 32);
4672 /* clear shared key mode */
4673 run_set_region_4(sc, RT2860_SKEY_MODE_0_7, 0, 4);
4675 run_read(sc, RT2860_US_CYC_CNT, &tmp);
4676 tmp = (tmp & ~0xff) | 0x1e;
4677 run_write(sc, RT2860_US_CYC_CNT, tmp);
4679 if (sc->mac_rev != 0x0101)
4680 run_write(sc, RT2860_TXOP_CTRL_CFG, 0x0000583f);
4682 run_write(sc, RT2860_WMM_TXOP0_CFG, 0);
4683 run_write(sc, RT2860_WMM_TXOP1_CFG, 48 << 16 | 96);
4685 /* write vendor-specific BBP values (from EEPROM) */
4686 for (i = 0; i < 10; i++) {
4687 if (sc->bbp[i].reg == 0 || sc->bbp[i].reg == 0xff)
4689 run_bbp_write(sc, sc->bbp[i].reg, sc->bbp[i].val);
4692 /* select Main antenna for 1T1R devices */
4693 if (sc->rf_rev == RT3070_RF_3020)
4694 run_set_rx_antenna(sc, 0);
4696 /* send LEDs operating mode to microcontroller */
4697 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED1, sc->led[0]);
4698 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED2, sc->led[1]);
4699 (void)run_mcu_cmd(sc, RT2860_MCU_CMD_LED3, sc->led[2]);
4701 if (sc->mac_ver >= 0x3070)
4702 run_rt3070_rf_init(sc);
4704 /* disable non-existing Rx chains */
4705 run_bbp_read(sc, 3, &bbp3);
4706 bbp3 &= ~(1 << 3 | 1 << 4);
4707 if (sc->nrxchains == 2)
4709 else if (sc->nrxchains == 3)
4711 run_bbp_write(sc, 3, bbp3);
4713 /* disable non-existing Tx chains */
4714 run_bbp_read(sc, 1, &bbp1);
4715 if (sc->ntxchains == 1)
4716 bbp1 &= ~(1 << 3 | 1 << 4);
4717 run_bbp_write(sc, 1, bbp1);
4719 if (sc->mac_ver >= 0x3070)
4720 run_rt3070_rf_setup(sc);
4722 /* select default channel */
4723 run_set_chan(sc, ic->ic_curchan);
4725 /* setup initial protection mode */
4728 /* turn radio LED on */
4729 run_set_leds(sc, RT2860_LED_RADIO);
4731 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
4732 ifp->if_drv_flags |= IFF_DRV_RUNNING;
4733 sc->cmdq_run = RUN_CMDQ_GO;
4735 for(i = 0; i != RUN_N_XFER; i++)
4736 usbd_xfer_set_stall(sc->sc_xfer[i]);
4738 usbd_transfer_start(sc->sc_xfer[RUN_BULK_RX]);
4740 if (run_txrx_enable(sc) != 0)
4752 struct run_softc *sc = arg;
4753 struct ifnet *ifp = sc->sc_ifp;
4754 struct ieee80211com *ic = ifp->if_l2com;
4757 run_init_locked(sc);
4760 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
4761 ieee80211_start_all(ic);
4767 struct run_softc *sc = (struct run_softc *)arg;
4768 struct ifnet *ifp = sc->sc_ifp;
4773 RUN_LOCK_ASSERT(sc, MA_OWNED);
4775 if (ifp->if_drv_flags & IFF_DRV_RUNNING)
4776 run_set_leds(sc, 0); /* turn all LEDs off */
4778 ifp->if_drv_flags &= ~(IFF_DRV_RUNNING | IFF_DRV_OACTIVE);
4780 sc->ratectl_run = RUN_RATECTL_OFF;
4781 sc->cmdq_run = RUN_CMDQ_ABORT;
4785 for(i = 0; i < RUN_N_XFER; i++)
4786 usbd_transfer_drain(sc->sc_xfer[i]);
4790 if(sc->rx_m != NULL){
4796 run_read(sc, RT2860_MAC_SYS_CTRL, &tmp);
4797 tmp &= ~(RT2860_MAC_RX_EN | RT2860_MAC_TX_EN);
4798 run_write(sc, RT2860_MAC_SYS_CTRL, tmp);
4800 /* wait for pending Tx to complete */
4801 for (ntries = 0; ntries < 100; ntries++) {
4802 if (run_read(sc, RT2860_TXRXQ_PCNT, &tmp) != 0){
4803 DPRINTF("Cannot read Tx queue count\n");
4806 if ((tmp & RT2860_TX2Q_PCNT_MASK) == 0){
4807 DPRINTF("All Tx cleared\n");
4813 DPRINTF("There are still pending Tx\n");
4815 run_write(sc, RT2860_USB_DMA_CFG, 0);
4817 run_write(sc, RT2860_MAC_SYS_CTRL, RT2860_BBP_HRST | RT2860_MAC_SRST);
4818 run_write(sc, RT2860_MAC_SYS_CTRL, 0);
4820 for (i = 0; i != RUN_EP_QUEUES; i++)
4821 run_unsetup_tx_list(sc, &sc->sc_epq[i]);
4827 run_delay(struct run_softc *sc, unsigned int ms)
4829 usb_pause_mtx(mtx_owned(&sc->sc_mtx) ?
4830 &sc->sc_mtx : NULL, USB_MS_TO_TICKS(ms));
4833 static device_method_t run_methods[] = {
4834 /* Device interface */
4835 DEVMETHOD(device_probe, run_match),
4836 DEVMETHOD(device_attach, run_attach),
4837 DEVMETHOD(device_detach, run_detach),
4842 static driver_t run_driver = {
4845 sizeof(struct run_softc)
4848 static devclass_t run_devclass;
4850 DRIVER_MODULE(run, uhub, run_driver, run_devclass, NULL, 0);
projects / FreeBSD / releng / 8.1.git / blob