Merge from vendor branch OPENSSL:
[dragonfly.git] / sys / dev / netif / ray / if_ray.c
CommitLineData
984263bc
MD
1/*
2 * Copyright (C) 2000
3 * Dr. Duncan McLennan Barclay, dmlb@ragnet.demon.co.uk.
4 *
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the author nor the names of any co-contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY DUNCAN BARCLAY AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL DUNCAN BARCLAY OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * $FreeBSD: src/sys/dev/ray/if_ray.c,v 1.47.2.4 2001/08/14 22:54:05 dmlb Exp $
03df8a20 32 * $DragonFly: src/sys/dev/netif/ray/Attic/if_ray.c,v 1.23 2005/06/20 15:10:41 joerg Exp $
984263bc
MD
33 *
34 */
35
36/* $NetBSD: if_ray.c,v 1.12 2000/02/07 09:36:27 augustss Exp $ */
37/*
38 * Copyright (c) 2000 Christian E. Hopps
39 * All rights reserved.
40 *
41 * Redistribution and use in source and binary forms, with or without
42 * modification, are permitted provided that the following conditions
43 * are met:
44 * 1. Redistributions of source code must retain the above copyright
45 * notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 * notice, this list of conditions and the following disclaimer in the
48 * documentation and/or other materials provided with the distribution.
49 * 3. Neither the name of the author nor the names of any co-contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 */
65
66/*
67 * Card configuration
68 * ==================
69 *
70 * This card is unusual in that it uses both common and attribute
71 * memory whilst working. It should use common memory and an IO port.
72 *
73 * The bus resource allocations need to work around the brain deadness
74 * of pccardd (where it reads the CIS for common memory, sets it all
75 * up and then throws it all away assuming the card is an ed
76 * driver...). Note that this could be dangerous (because it doesn't
77 * interact with pccardd) if you use other memory mapped cards in the
78 * same pccard slot as currently old mappings are not cleaned up very well
79 * by the bus_release_resource methods or pccardd.
80 *
81 * There is no support for running this driver on 4.0.
82 *
83 * Ad-hoc and infra-structure modes
84 * ================================
85 *
86 * The driver supports ad-hoc mode for V4 firmware and infrastructure
87 * mode for V5 firmware. V5 firmware in ad-hoc mode is untested and should
88 * work.
89 *
90 * The Linux driver also seems to have the capability to act as an AP.
91 * I wonder what facilities the "AP" can provide within a driver? We can
92 * probably use the BRIDGE code to form an ESS but I don't think
93 * power saving etc. is easy.
94 *
95 *
96 * Packet framing/encapsulation/translation
97 * ========================================
98 *
99 * Currently we support the Webgear encapsulation:
100 * 802.11 header <net/if_ieee80211.h>struct ieee80211_frame
101 * 802.3 header <net/ethernet.h>struct ether_header
102 * IP/ARP payload
103 *
104 * and RFC1042 encapsulation of IP datagrams (translation):
105 * 802.11 header <net/if_ieee80211.h>struct ieee80211_frame
106 * 802.2 LLC header
107 * 802.2 SNAP header
108 * 802.3 Ethertype
109 * IP/ARP payload
110 *
111 * Framing should be selected via if_media stuff or link types but
112 * is currently hardcoded to:
113 * V4 encapsulation
114 * V5 translation
115 *
116 *
117 * Authentication
118 * ==============
119 *
120 * 802.11 provides two authentication mechanisms. The first is a very
121 * simple host based mechanism (like xhost) called Open System and the
122 * second is a more complex challenge/response called Shared Key built
123 * ontop of WEP.
124 *
125 * This driver only supports Open System and does not implement any
126 * host based control lists. In otherwords authentication is always
127 * granted to hosts wanting to authenticate with this station. This is
128 * the only sensible behaviour as the Open System mechanism uses MAC
129 * addresses to identify hosts. Send me patches if you need it!
130 */
131
132/*
133 * ***check all XXX_INFRA code - reassoc not done well at all!
134 * ***watchdog to catch screwed up removals?
135 * ***error handling of RAY_COM_RUNQ
136 * ***error handling of ECF command completions
137 * ***can't seem to create a n/w that Win95 wants to see.
138 * ***remove panic in ray_com_ecf by re-quing or timeout
139 * ***use new ioctl stuff - probably need to change RAY_COM_FCHKRUNNING things?
140 * consider user doing:
141 * ifconfig ray0 192.168.200.38 -bssid "freed"
142 * ifconfig ray0 192.168.200.38 -bssid "fred"
143 * here the second one would be missed in this code
144 * check that v5 needs timeouts on ecf commands
145 * write up driver structure in comments above
146 * UPDATE_PARAMS seems to return via an interrupt - maybe the timeout
147 * is needed for wrong values?
148 * proper setting of mib_hop_seq_len with country code for v4 firmware
149 * best done with raycontrol?
150 * countrycode setting is broken I think
151 * userupdate should trap and do via startjoin etc.
152 * fragmentation when rx level drops?
153 * v5 might not need download
154 * defaults are as documented apart from hop_seq_length
155 * settings are sane for ad-hoc not infra
156 *
157 * driver state
158 * most state is implied by the sequence of commands in the runq
159 * but in fact any of the rx and tx path that uses variables
160 * in the sc_c are potentially going to get screwed?
161 *
162 * infra mode stuff
163 * proper handling of the basic rate set - see the manual
164 * all ray_sj, ray_assoc sequencues need a "nicer" solution as we
165 * remember association and authentication
166 * need to consider WEP
167 * acting as ap - should be able to get working from the manual
168 * need to finish RAY_ECMD_REJOIN_DONE
169 * finish authenitcation code, it doesn't handle errors/timeouts/
170 * REJOIN etc.
171 *
172 * ray_nw_param
173 * promisc in here too? - done
174 * should be able to update the parameters before we download to the
175 * device. This means we must attach a desired struct to the
176 * runq entry and maybe have another big case statement to
177 * move these desired into current when not running.
178 * init must then use the current settings (pre-loaded
179 * in attach now!) and pass to download. But we can't access
180 * current nw params outside of the runq - ahhh
181 * differeniate between parameters set in attach and init
182 * sc_station_addr in here too (for changing mac address)
183 * move desired into the command structure?
184 * take downloaded MIB from a complete nw_param?
185 * longer term need to attach a desired nw params to the runq entry
186 *
187 *
188 * RAY_COM_RUNQ errors
189 *
190 * if sleeping in ccs_alloc with eintr/erestart/enxio/enodev
191 * erestart try again from the top
192 * XXX do not malloc more comqs
193 * XXX ccs allocation hard
194 * eintr clean up and return
195 * enxio clean up and return - done in macro
196 *
197 * if sleeping in runq_arr itself with eintr/erestart/enxio/enodev
198 * erestart try again from the top
199 * XXX do not malloc more comqs
200 * XXX ccs allocation hard
201 * XXX reinsert comqs at head of list
202 * eintr clean up and return
203 * enxio clean up and return - done in macro
204 */
205
206#define XXX 0
207#define XXX_ACTING_AP 0
208#define XXX_INFRA 0
209#define RAY_DEBUG ( \
210 /* RAY_DBG_AUTH | */ \
211 /* RAY_DBG_SUBR | */ \
212 /* RAY_DBG_BOOTPARAM | */ \
213 /* RAY_DBG_STARTJOIN | */ \
214 /* RAY_DBG_CCS | */ \
215 /* RAY_DBG_IOCTL | */ \
216 /* RAY_DBG_MBUF | */ \
217 /* RAY_DBG_RX | */ \
218 /* RAY_DBG_CM | */ \
219 /* RAY_DBG_COM | */ \
220 /* RAY_DBG_STOP | */ \
221 /* RAY_DBG_CTL | */ \
222 /* RAY_DBG_MGT | */ \
223 /* RAY_DBG_TX | */ \
224 /* RAY_DBG_DCOM | */ \
225 0 \
226 )
227
228/*
229 * XXX build options - move to LINT
230 */
231#define RAY_CM_RID 0 /* pccardd abuses windows 0 and 1 */
232#define RAY_AM_RID 3 /* pccardd abuses windows 0 and 1 */
233#define RAY_COM_TIMEOUT (hz/2) /* Timeout for CCS commands */
234#define RAY_TX_TIMEOUT (hz/2) /* Timeout for rescheduling TX */
235#define RAY_ECF_SPIN_DELAY 1000 /* Wait 1ms before checking ECF ready */
236#define RAY_ECF_SPIN_TRIES 10 /* Wait this many times for ECF ready */
237/*
238 * XXX build options - move to LINT
239 */
240
241#ifndef RAY_DEBUG
242#define RAY_DEBUG 0x0000
243#endif /* RAY_DEBUG */
244
245#include <sys/param.h>
246#include <sys/systm.h>
247#include <sys/malloc.h>
248#include <sys/kernel.h>
90101155 249#include <sys/thread2.h>
984263bc
MD
250
251#include <machine/bus.h>
252#include <machine/resource.h>
253#include <machine/clock.h>
254#include <sys/bus.h>
255#include <sys/rman.h>
256
257#include <sys/mbuf.h>
258#include <sys/socket.h>
259#include <sys/sockio.h>
260
261#include <net/bpf.h>
262#include <net/ethernet.h>
263#include <net/if.h>
751c3dcc 264#include <net/ifq_var.h>
984263bc
MD
265#include <net/if_arp.h>
266#include <net/if_dl.h>
984263bc
MD
267#include <net/if_llc.h>
268
273af899
JS
269#include <netproto/802_11/ieee80211.h>
270#include <netproto/802_11/ieee80211_ioctl.h>
271
984263bc
MD
272#include <machine/limits.h>
273
1f2de5d4 274#include <bus/pccard/pccardvar.h>
984263bc
MD
275#include "card_if.h"
276
1f2de5d4
MD
277#include "if_rayreg.h"
278#include "if_raymib.h"
279#include "if_raydbg.h"
280#include "if_rayvar.h"
984263bc
MD
281
282/*
283 * Prototyping
284 */
285static int ray_attach (device_t);
286static int ray_ccs_alloc (struct ray_softc *sc, size_t *ccsp, char *wmesg);
287static void ray_ccs_fill (struct ray_softc *sc, size_t ccs, u_int cmd);
288static void ray_ccs_free (struct ray_softc *sc, size_t ccs);
289static int ray_ccs_tx (struct ray_softc *sc, size_t *ccsp, size_t *bufpp);
290static void ray_com_ecf (struct ray_softc *sc, struct ray_comq_entry *com);
291static void ray_com_ecf_done (struct ray_softc *sc);
292static void ray_com_ecf_timo (void *xsc);
293static struct ray_comq_entry *
294 ray_com_init (struct ray_comq_entry *com, ray_comqfn_t function, int flags, char *mesg);
295static struct ray_comq_entry *
296 ray_com_malloc (ray_comqfn_t function, int flags, char *mesg);
297static void ray_com_runq (struct ray_softc *sc);
298static int ray_com_runq_add (struct ray_softc *sc, struct ray_comq_entry *com[], int ncom, char *wmesg);
299static void ray_com_runq_done (struct ray_softc *sc);
300static int ray_detach (device_t);
301static void ray_init (void *xsc);
302static int ray_init_user (struct ray_softc *sc);
303static void ray_init_assoc (struct ray_softc *sc, struct ray_comq_entry *com);
304static void ray_init_assoc_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
305static void ray_init_auth (struct ray_softc *sc, struct ray_comq_entry *com);
306static int ray_init_auth_send (struct ray_softc *sc, u_int8_t *dst, int sequence);
307static void ray_init_auth_done (struct ray_softc *sc, u_int8_t status);
308static void ray_init_download (struct ray_softc *sc, struct ray_comq_entry *com);
309static void ray_init_download_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
310static void ray_init_download_v4 (struct ray_softc *sc, struct ray_comq_entry *com);
311static void ray_init_download_v5 (struct ray_softc *sc, struct ray_comq_entry *com);
312static void ray_init_mcast (struct ray_softc *sc, struct ray_comq_entry *com);
313static void ray_init_sj (struct ray_softc *sc, struct ray_comq_entry *com);
314static void ray_init_sj_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
315static void ray_intr (void *xsc);
316static void ray_intr_ccs (struct ray_softc *sc, u_int8_t cmd, u_int8_t status, size_t ccs);
317static void ray_intr_rcs (struct ray_softc *sc, u_int8_t cmd, size_t ccs);
318static void ray_intr_updt_errcntrs (struct ray_softc *sc);
bd4539cc 319static int ray_ioctl (struct ifnet *ifp, u_long command, caddr_t data, struct ucred *cr);
984263bc
MD
320static void ray_mcast (struct ray_softc *sc, struct ray_comq_entry *com);
321static void ray_mcast_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
322static int ray_mcast_user (struct ray_softc *sc);
323static int ray_probe (device_t);
324static void ray_promisc (struct ray_softc *sc, struct ray_comq_entry *com);
325static void ray_repparams (struct ray_softc *sc, struct ray_comq_entry *com);
326static void ray_repparams_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
327static int ray_repparams_user (struct ray_softc *sc, struct ray_param_req *pr);
328static int ray_repstats_user (struct ray_softc *sc, struct ray_stats_req *sr);
329static int ray_res_alloc_am (struct ray_softc *sc);
330static int ray_res_alloc_cm (struct ray_softc *sc);
331static int ray_res_alloc_irq (struct ray_softc *sc);
332static void ray_res_release (struct ray_softc *sc);
333static void ray_rx (struct ray_softc *sc, size_t rcs);
334static void ray_rx_ctl (struct ray_softc *sc, struct mbuf *m0);
335static void ray_rx_data (struct ray_softc *sc, struct mbuf *m0, u_int8_t siglev, u_int8_t antenna);
336static void ray_rx_mgt (struct ray_softc *sc, struct mbuf *m0);
337static void ray_rx_mgt_auth (struct ray_softc *sc, struct mbuf *m0);
338static void ray_rx_mgt_beacon (struct ray_softc *sc, struct mbuf *m0);
339static void ray_rx_mgt_info (struct ray_softc *sc, struct mbuf *m0, struct ieee80211_information *elements);
340static void ray_rx_update_cache (struct ray_softc *sc, u_int8_t *src, u_int8_t siglev, u_int8_t antenna);
341static void ray_stop (struct ray_softc *sc, struct ray_comq_entry *com);
342static int ray_stop_user (struct ray_softc *sc);
343static void ray_tx (struct ifnet *ifp);
344static void ray_tx_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
345static void ray_tx_timo (void *xsc);
346static int ray_tx_send (struct ray_softc *sc, size_t ccs, int pktlen, u_int8_t *dst);
347static size_t ray_tx_wrhdr (struct ray_softc *sc, size_t bufp, u_int8_t type, u_int8_t fc1, u_int8_t *addr1, u_int8_t *addr2, u_int8_t *addr3);
348static void ray_upparams (struct ray_softc *sc, struct ray_comq_entry *com);
349static void ray_upparams_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
350static int ray_upparams_user (struct ray_softc *sc, struct ray_param_req *pr);
351static void ray_watchdog (struct ifnet *ifp);
352static u_int8_t ray_tx_best_antenna (struct ray_softc *sc, u_int8_t *dst);
353
354#if RAY_DEBUG & RAY_DBG_COM
355static void ray_com_ecf_check (struct ray_softc *sc, size_t ccs, char *mesg);
356#endif /* RAY_DEBUG & RAY_DBG_COM */
357#if RAY_DEBUG & RAY_DBG_MBUF
358static void ray_dump_mbuf (struct ray_softc *sc, struct mbuf *m, char *s);
359#endif /* RAY_DEBUG & RAY_DBG_MBUF */
360
361/*
362 * PC-Card (PCMCIA) driver definition
363 */
364static device_method_t ray_methods[] = {
365 /* Device interface */
366 DEVMETHOD(device_probe, ray_probe),
367 DEVMETHOD(device_attach, ray_attach),
368 DEVMETHOD(device_detach, ray_detach),
369
370 { 0, 0 }
371};
372
373static driver_t ray_driver = {
374 "ray",
375 ray_methods,
376 sizeof(struct ray_softc)
377};
378
379static devclass_t ray_devclass;
380
32832096
MD
381DECLARE_DUMMY_MODULE(if_ray);
382DRIVER_MODULE(if_ray, pccard, ray_driver, ray_devclass, 0, 0);
984263bc
MD
383
384/*
385 * Probe for the card by checking its startup results.
386 *
387 * Fixup any bugs/quirks for different firmware.
388 */
389static int
390ray_probe(device_t dev)
391{
392 struct ray_softc *sc = device_get_softc(dev);
393 struct ray_ecf_startup_v5 *ep = &sc->sc_ecf_startup;
394 int error;
395
396 sc->dev = dev;
397 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
398
399 /*
400 * Read startup results from the card.
401 */
402 error = ray_res_alloc_cm(sc);
403 if (error)
404 return (error);
405 error = ray_res_alloc_am(sc);
406 if (error) {
407 ray_res_release(sc);
408 return (error);
409 }
410 RAY_MAP_CM(sc);
411 SRAM_READ_REGION(sc, RAY_ECF_TO_HOST_BASE, ep,
412 sizeof(sc->sc_ecf_startup));
413 ray_res_release(sc);
414
415 /*
416 * Check the card is okay and work out what version we are using.
417 */
418 if (ep->e_status != RAY_ECFS_CARD_OK) {
419 RAY_PRINTF(sc, "card failed self test 0x%b",
420 ep->e_status, RAY_ECFS_PRINTFB);
421 return (ENXIO);
422 }
423 if (sc->sc_version != RAY_ECFS_BUILD_4 &&
424 sc->sc_version != RAY_ECFS_BUILD_5) {
425 RAY_PRINTF(sc, "unsupported firmware version 0x%0x",
426 ep->e_fw_build_string);
427 return (ENXIO);
428 }
429 RAY_DPRINTF(sc, RAY_DBG_BOOTPARAM, "found a card");
430 sc->sc_gone = 0;
431
432 /*
433 * Fixup tib size to be correct - on build 4 it is garbage
434 */
435 if (sc->sc_version == RAY_ECFS_BUILD_4 && sc->sc_tibsize == 0x55)
436 sc->sc_tibsize = sizeof(struct ray_tx_tib);
437
438 return (0);
439}
440
441/*
442 * Attach the card into the kernel
443 */
444static int
445ray_attach(device_t dev)
446{
447 struct ray_softc *sc = device_get_softc(dev);
448 struct ray_ecf_startup_v5 *ep = &sc->sc_ecf_startup;
449 struct ifnet *ifp = &sc->arpcom.ac_if;
450 size_t ccs;
451 int i, error;
452
453 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
454
455 if ((sc == NULL) || (sc->sc_gone))
456 return (ENXIO);
457
458 /*
459 * Grab the resources I need
460 */
461 error = ray_res_alloc_cm(sc);
462 if (error)
463 return (error);
464 error = ray_res_alloc_am(sc);
465 if (error) {
466 ray_res_release(sc);
467 return (error);
468 }
469 error = ray_res_alloc_irq(sc);
470 if (error) {
471 ray_res_release(sc);
472 return (error);
473 }
474
475 /*
476 * Reset any pending interrupts
477 */
478 RAY_HCS_CLEAR_INTR(sc);
479
480 /*
481 * Set the parameters that will survive stop/init and
482 * reset a few things on the card.
483 *
484 * Do not update these in ray_init_download's parameter setup
485 *
486 * XXX see the ray_init_download section for stuff to move
487 */
488 RAY_MAP_CM(sc);
489 bzero(&sc->sc_d, sizeof(struct ray_nw_param));
490 bzero(&sc->sc_c, sizeof(struct ray_nw_param));
491
492 /* Clear statistics counters */
493 sc->sc_rxoverflow = 0;
494 sc->sc_rxcksum = 0;
495 sc->sc_rxhcksum = 0;
496 sc->sc_rxnoise = 0;
497
498 /* Clear signal and antenna cache */
499 bzero(sc->sc_siglevs, sizeof(sc->sc_siglevs));
500
501 /* Set all ccs to be free */
502 bzero(sc->sc_ccsinuse, sizeof(sc->sc_ccsinuse));
503 ccs = RAY_CCS_ADDRESS(0);
504 for (i = 0; i < RAY_CCS_LAST; ccs += RAY_CCS_SIZE, i++)
505 RAY_CCS_FREE(sc, ccs);
506
507 /*
508 * Initialise the network interface structure
509 */
cdb7d804 510 if_initname(ifp, "ray", device_get_unit(dev));
984263bc 511 ifp->if_softc = sc;
984263bc
MD
512 ifp->if_timer = 0;
513 ifp->if_flags = (IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST);
514 ifp->if_hdrlen = sizeof(struct ieee80211_frame) +
515 sizeof(struct ether_header);
516 ifp->if_baudrate = 1000000; /* Is this baud or bps ;-) */
984263bc
MD
517 ifp->if_start = ray_tx;
518 ifp->if_ioctl = ray_ioctl;
519 ifp->if_watchdog = ray_watchdog;
520 ifp->if_init = ray_init;
751c3dcc
JS
521 ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
522 ifq_set_ready(&ifp->if_snd);
984263bc 523
984263bc
MD
524 /*
525 * Initialise the timers and driver
526 */
b3a81bea
JS
527 callout_init(&sc->com_timer);
528 callout_init(&sc->tx_timer);
984263bc
MD
529 TAILQ_INIT(&sc->sc_comq);
530
b3a81bea
JS
531 ether_ifattach(ifp, ep->e_station_addr);
532
984263bc
MD
533 /*
534 * Print out some useful information
535 */
536 if (bootverbose || (RAY_DEBUG & RAY_DBG_BOOTPARAM)) {
537 RAY_PRINTF(sc, "start up results");
538 if (sc->sc_version == RAY_ECFS_BUILD_4)
539 printf(". Firmware version 4\n");
540 else
541 printf(". Firmware version 5\n");
542 printf(". Status 0x%b\n", ep->e_status, RAY_ECFS_PRINTFB);
984263bc
MD
543 if (sc->sc_version == RAY_ECFS_BUILD_4) {
544 printf(". Program checksum %0x\n", ep->e_resv0);
545 printf(". CIS checksum %0x\n", ep->e_rates[0]);
546 } else {
547 printf(". (reserved word) %0x\n", ep->e_resv0);
548 printf(". Supported rates %8D\n", ep->e_rates, ":");
549 }
550 printf(". Japan call sign %12D\n", ep->e_japan_callsign, ":");
551 if (sc->sc_version == RAY_ECFS_BUILD_5) {
552 printf(". Program checksum %0x\n", ep->e_prg_cksum);
553 printf(". CIS checksum %0x\n", ep->e_cis_cksum);
554 printf(". Firmware version %0x\n",
555 ep->e_fw_build_string);
556 printf(". Firmware revision %0x\n", ep->e_fw_build);
557 printf(". (reserved word) %0x\n", ep->e_fw_resv);
558 printf(". ASIC version %0x\n", ep->e_asic_version);
559 printf(". TIB size %0x\n", ep->e_tibsize);
560 }
561 }
562
563 return (0);
564}
565
566/*
567 * Detach the card
568 *
569 * This is usually called when the card is ejected, but
570 * can be caused by a modunload of a controller driver.
571 * The idea is to reset the driver's view of the device
572 * and ensure that any driver entry points such as
573 * read and write do not hang.
574 */
575static int
576ray_detach(device_t dev)
577{
578 struct ray_softc *sc = device_get_softc(dev);
579 struct ifnet *ifp = &sc->arpcom.ac_if;
580 struct ray_comq_entry *com;
984263bc 581
90101155 582 crit_enter();
984263bc
MD
583
584 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STOP, "");
585
586 if ((sc == NULL) || (sc->sc_gone))
587 return (0);
588
589 /*
590 * Mark as not running and detach the interface.
591 *
592 * N.B. if_detach can trigger ioctls so we do it first and
593 * then clean the runq.
594 */
595 sc->sc_gone = 1;
596 sc->sc_c.np_havenet = 0;
597 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
0a8b5977 598 ether_ifdetach(ifp);
984263bc
MD
599
600 /*
601 * Stop the runq and wake up anyone sleeping for us.
602 */
b3a81bea
JS
603 callout_stop(&sc->com_timer);
604 callout_stop(&sc->tx_timer);
984263bc
MD
605 com = TAILQ_FIRST(&sc->sc_comq);
606 for (com = TAILQ_FIRST(&sc->sc_comq); com != NULL;
607 com = TAILQ_NEXT(com, c_chain)) {
608 com->c_flags |= RAY_COM_FDETACHED;
609 com->c_retval = 0;
610 RAY_DPRINTF(sc, RAY_DBG_STOP, "looking at com %p %b",
611 com, com->c_flags, RAY_COM_FLAGS_PRINTFB);
612 if (com->c_flags & RAY_COM_FWOK) {
613 RAY_DPRINTF(sc, RAY_DBG_STOP, "waking com %p", com);
614 wakeup(com->c_wakeup);
615 }
616 }
617
618 /*
619 * Release resources
620 */
621 ray_res_release(sc);
622 RAY_DPRINTF(sc, RAY_DBG_STOP, "unloading complete");
623
90101155 624 crit_exit();
984263bc
MD
625
626 return (0);
627}
628
629/*
630 * Network ioctl request.
631 */
632static int
bd4539cc
JH
633ray_ioctl(register struct ifnet *ifp, u_long command, caddr_t data,
634 struct ucred *cr)
984263bc
MD
635{
636 struct ray_softc *sc = ifp->if_softc;
637 struct ray_param_req pr;
638 struct ray_stats_req sr;
639 struct ifreq *ifr = (struct ifreq *)data;
90101155 640 int error, error2;
984263bc
MD
641
642 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_IOCTL, "");
643
644 if ((sc == NULL) || (sc->sc_gone))
645 return (ENXIO);
646
647 error = error2 = 0;
90101155
JS
648
649 crit_enter();
984263bc
MD
650
651 switch (command) {
984263bc
MD
652 case SIOCSIFFLAGS:
653 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "SIFFLAGS 0x%0x", ifp->if_flags);
654 /*
655 * If the interface is marked up we call ray_init_user.
656 * This will deal with mcast and promisc flags as well as
657 * initialising the hardware if it needs it.
658 */
659 if (ifp->if_flags & IFF_UP)
660 error = ray_init_user(sc);
661 else
662 error = ray_stop_user(sc);
663 break;
664
665 case SIOCADDMULTI:
666 case SIOCDELMULTI:
667 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "ADDMULTI/DELMULTI");
668 error = ray_mcast_user(sc);
669 break;
670
671 case SIOCSRAYPARAM:
672 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "SRAYPARAM");
673 if ((error = copyin(ifr->ifr_data, &pr, sizeof(pr))))
674 break;
675 error = ray_upparams_user(sc, &pr);
676 error2 = copyout(&pr, ifr->ifr_data, sizeof(pr));
677 error = error2 ? error2 : error;
678 break;
679
680 case SIOCGRAYPARAM:
681 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GRAYPARAM");
682 if ((error = copyin(ifr->ifr_data, &pr, sizeof(pr))))
683 break;
684 error = ray_repparams_user(sc, &pr);
685 error2 = copyout(&pr, ifr->ifr_data, sizeof(pr));
686 error = error2 ? error2 : error;
687 break;
688
689 case SIOCGRAYSTATS:
690 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GRAYSTATS");
691 error = ray_repstats_user(sc, &sr);
692 error2 = copyout(&sr, ifr->ifr_data, sizeof(sr));
693 error = error2 ? error2 : error;
694 break;
695
696 case SIOCGRAYSIGLEV:
697 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GRAYSIGLEV");
698 error = copyout(sc->sc_siglevs, ifr->ifr_data,
699 sizeof(sc->sc_siglevs));
700 break;
701
702 case SIOCGIFFLAGS:
703 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFFLAGS");
704 error = EINVAL;
705 break;
706
707 case SIOCGIFMETRIC:
708 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFMETRIC");
709 error = EINVAL;
710 break;
711
712 case SIOCGIFMTU:
713 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFMTU");
714 error = EINVAL;
715 break;
716
717 case SIOCGIFPHYS:
718 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFPYHS");
719 error = EINVAL;
720 break;
721
722 case SIOCSIFMEDIA:
723 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "SIFMEDIA");
724 error = EINVAL;
725 break;
726
727 case SIOCGIFMEDIA:
728 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFMEDIA");
729 error = EINVAL;
730 break;
731
732 default:
4cde4dd5
JS
733 error = ether_ioctl(ifp, command, data);
734 break;
984263bc
MD
735 }
736
90101155 737 crit_exit();
984263bc
MD
738
739 return (error);
740}
741
742/*
743 * Ethernet layer entry to ray_init - discard errors
744 */
745static void
746ray_init(void *xsc)
747{
748 struct ray_softc *sc = (struct ray_softc *)xsc;
749
750 ray_init_user(sc);
751}
752
753/*
754 * User land entry to network initialisation and changes in interface flags.
755 *
756 * We do a very little work here, just creating runq entries to
757 * processes the actions needed to cope with interface flags. We do it
758 * this way in case there are runq entries outstanding from earlier
759 * ioctls that modify the interface flags.
760 *
761 * Returns values are either 0 for success, a varity of resource allocation
762 * failures or errors in the command sent to the card.
763 *
764 * Note, IFF_RUNNING is eventually set by init_sj_done or init_assoc_done
765 */
766static int
767ray_init_user(struct ray_softc *sc)
768{
769 struct ray_comq_entry *com[6];
770 int error, ncom;
771
772 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
773
774 /*
775 * Create the following runq entries to bring the card up.
776 *
777 * init_download - download the network to the card
778 * init_mcast - reset multicast list
779 * init_sj - find or start a BSS
780 * init_auth - authenticate with a ESSID if needed
781 * init_assoc - associate with a ESSID if needed
782 *
783 * They are only actually executed if the card is not running.
784 * We may enter this routine from a simple change of IP
785 * address and do not need to get the card to do these things.
786 * However, we cannot perform the check here as there may be
787 * commands in the runq that change the IFF_RUNNING state of
788 * the interface.
789 */
790 ncom = 0;
791 com[ncom++] = RAY_COM_MALLOC(ray_init_download, RAY_COM_FCHKRUNNING);
792 com[ncom++] = RAY_COM_MALLOC(ray_init_mcast, RAY_COM_FCHKRUNNING);
793 com[ncom++] = RAY_COM_MALLOC(ray_init_sj, RAY_COM_FCHKRUNNING);
794 com[ncom++] = RAY_COM_MALLOC(ray_init_auth, RAY_COM_FCHKRUNNING);
795 com[ncom++] = RAY_COM_MALLOC(ray_init_assoc, RAY_COM_FCHKRUNNING);
796
797 /*
798 * Create runq entries to process flags
799 *
800 * promisc - set/reset PROMISC and ALLMULTI flags
801 *
802 * They are only actually executed if the card is running
803 */
804 com[ncom++] = RAY_COM_MALLOC(ray_promisc, 0);
805
806 RAY_COM_RUNQ(sc, com, ncom, "rayinit", error);
807
808 /* XXX no real error processing from anything yet! */
809
810 RAY_COM_FREE(com, ncom);
811
812 return (error);
813}
814
815/*
816 * Runq entry for resetting driver and downloading start up structures to card
817 */
818static void
819ray_init_download(struct ray_softc *sc, struct ray_comq_entry *com)
820{
821 struct ifnet *ifp = &sc->arpcom.ac_if;
822
823 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
824
825 /* If the card already running we might not need to download */
826 RAY_COM_CHKRUNNING(sc, com, ifp);
827
828 /*
829 * Reset instance variables
830 *
831 * The first set are network parameters that are read back when
832 * the card starts or joins the network.
833 *
834 * The second set are network parameters that are downloaded to
835 * the card.
836 *
837 * The third set are driver parameters.
838 *
839 * All of the variables in these sets can be updated by the
840 * card or ioctls.
841 *
842 * XXX see the ray_attach section for stuff to move
843 */
844 sc->sc_d.np_upd_param = 0;
845 bzero(sc->sc_d.np_bss_id, ETHER_ADDR_LEN);
846 sc->sc_d.np_inited = 0;
847 sc->sc_d.np_def_txrate = RAY_MIB_BASIC_RATE_SET_DEFAULT;
848 sc->sc_d.np_encrypt = 0;
849
850 bzero(sc->sc_d.np_ssid, IEEE80211_NWID_LEN);
851 if (sc->sc_version == RAY_ECFS_BUILD_4) {
852 sc->sc_d.np_net_type = RAY_MIB_NET_TYPE_V4;
853 strncpy(sc->sc_d.np_ssid, RAY_MIB_SSID_V4, IEEE80211_NWID_LEN);
854 sc->sc_d.np_ap_status = RAY_MIB_AP_STATUS_V4;
855 sc->sc_d.np_framing = RAY_FRAMING_ENCAPSULATION;
856 } else {
857 sc->sc_d.np_net_type = RAY_MIB_NET_TYPE_V5;
858 strncpy(sc->sc_d.np_ssid, RAY_MIB_SSID_V5, IEEE80211_NWID_LEN);
859 sc->sc_d.np_ap_status = RAY_MIB_AP_STATUS_V5;
860 sc->sc_d.np_framing = RAY_FRAMING_TRANSLATION;
861 }
862 sc->sc_d.np_priv_start = RAY_MIB_PRIVACY_MUST_START_DEFAULT;
863 sc->sc_d.np_priv_join = RAY_MIB_PRIVACY_CAN_JOIN_DEFAULT;
864 sc->sc_d.np_promisc = !!(ifp->if_flags & (IFF_PROMISC | IFF_ALLMULTI));
865
866/* XXX this is a hack whilst I transition the code. The instance
867 * XXX variables above should be set somewhere else. This is needed for
868 * XXX start_join */
869bcopy(&sc->sc_d, &com->c_desired, sizeof(struct ray_nw_param));
870
871 /*
872 * Download the right firmware defaults
873 */
874 if (sc->sc_version == RAY_ECFS_BUILD_4)
875 ray_init_download_v4(sc, com);
876 else
877 ray_init_download_v5(sc, com);
878
879 /*
880 * Kick the card
881 */
882 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_DOWNLOAD_PARAMS);
883 ray_com_ecf(sc, com);
884}
885
886#define PUT2(p, v) \
887 do { (p)[0] = ((v >> 8) & 0xff); (p)[1] = (v & 0xff); } while(0)
888/*
889 * Firmware version 4 defaults - see if_raymib.h for details
890 */
891static void
892ray_init_download_v4(struct ray_softc *sc, struct ray_comq_entry *com)
893{
894 struct ray_mib_4 ray_mib_4_default;
895
896 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
897 RAY_MAP_CM(sc);
898
dae8fa2c 899#define MIB4(m) ray_mib_4_default.m
984263bc
MD
900
901 MIB4(mib_net_type) = com->c_desired.np_net_type;
902 MIB4(mib_ap_status) = com->c_desired.np_ap_status;
903 bcopy(com->c_desired.np_ssid, MIB4(mib_ssid), IEEE80211_NWID_LEN);
904 MIB4(mib_scan_mode) = RAY_MIB_SCAN_MODE_V4;
905 MIB4(mib_apm_mode) = RAY_MIB_APM_MODE_V4;
906 bcopy(sc->sc_station_addr, MIB4(mib_mac_addr), ETHER_ADDR_LEN);
907 PUT2(MIB4(mib_frag_thresh), RAY_MIB_FRAG_THRESH_V4);
908 PUT2(MIB4(mib_dwell_time), RAY_MIB_DWELL_TIME_V4);
909 PUT2(MIB4(mib_beacon_period), RAY_MIB_BEACON_PERIOD_V4);
910 MIB4(mib_dtim_interval) = RAY_MIB_DTIM_INTERVAL_V4;
911 MIB4(mib_max_retry) = RAY_MIB_MAX_RETRY_V4;
912 MIB4(mib_ack_timo) = RAY_MIB_ACK_TIMO_V4;
913 MIB4(mib_sifs) = RAY_MIB_SIFS_V4;
914 MIB4(mib_difs) = RAY_MIB_DIFS_V4;
915 MIB4(mib_pifs) = RAY_MIB_PIFS_V4;
916 PUT2(MIB4(mib_rts_thresh), RAY_MIB_RTS_THRESH_V4);
917 PUT2(MIB4(mib_scan_dwell), RAY_MIB_SCAN_DWELL_V4);
918 PUT2(MIB4(mib_scan_max_dwell), RAY_MIB_SCAN_MAX_DWELL_V4);
919 MIB4(mib_assoc_timo) = RAY_MIB_ASSOC_TIMO_V4;
920 MIB4(mib_adhoc_scan_cycle) = RAY_MIB_ADHOC_SCAN_CYCLE_V4;
921 MIB4(mib_infra_scan_cycle) = RAY_MIB_INFRA_SCAN_CYCLE_V4;
922 MIB4(mib_infra_super_scan_cycle)
923 = RAY_MIB_INFRA_SUPER_SCAN_CYCLE_V4;
924 MIB4(mib_promisc) = com->c_desired.np_promisc;
925 PUT2(MIB4(mib_uniq_word), RAY_MIB_UNIQ_WORD_V4);
926 MIB4(mib_slot_time) = RAY_MIB_SLOT_TIME_V4;
927 MIB4(mib_roam_low_snr_thresh) = RAY_MIB_ROAM_LOW_SNR_THRESH_V4;
928 MIB4(mib_low_snr_count) = RAY_MIB_LOW_SNR_COUNT_V4;
929 MIB4(mib_infra_missed_beacon_count)
930 = RAY_MIB_INFRA_MISSED_BEACON_COUNT_V4;
931 MIB4(mib_adhoc_missed_beacon_count)
932 = RAY_MIB_ADHOC_MISSED_BEACON_COUNT_V4;
933 MIB4(mib_country_code) = RAY_MIB_COUNTRY_CODE_V4;
934 MIB4(mib_hop_seq) = RAY_MIB_HOP_SEQ_V4;
935 MIB4(mib_hop_seq_len) = RAY_MIB_HOP_SEQ_LEN_V4;
936 MIB4(mib_cw_max) = RAY_MIB_CW_MAX_V4;
937 MIB4(mib_cw_min) = RAY_MIB_CW_MIN_V4;
938 MIB4(mib_noise_filter_gain) = RAY_MIB_NOISE_FILTER_GAIN_DEFAULT;
939 MIB4(mib_noise_limit_offset) = RAY_MIB_NOISE_LIMIT_OFFSET_DEFAULT;
940 MIB4(mib_rssi_thresh_offset) = RAY_MIB_RSSI_THRESH_OFFSET_DEFAULT;
941 MIB4(mib_busy_thresh_offset) = RAY_MIB_BUSY_THRESH_OFFSET_DEFAULT;
942 MIB4(mib_sync_thresh) = RAY_MIB_SYNC_THRESH_DEFAULT;
943 MIB4(mib_test_mode) = RAY_MIB_TEST_MODE_DEFAULT;
944 MIB4(mib_test_min_chan) = RAY_MIB_TEST_MIN_CHAN_DEFAULT;
945 MIB4(mib_test_max_chan) = RAY_MIB_TEST_MAX_CHAN_DEFAULT;
946#undef MIB4
947
948 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE,
949 &ray_mib_4_default, sizeof(ray_mib_4_default));
950}
951
952/*
953 * Firmware version 5 defaults - see if_raymib.h for details
954 */
955static void
956ray_init_download_v5(struct ray_softc *sc, struct ray_comq_entry *com)
957{
958 struct ray_mib_5 ray_mib_5_default;
959
960 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
961 RAY_MAP_CM(sc);
962
dae8fa2c 963#define MIB5(m) ray_mib_5_default.m
984263bc
MD
964 MIB5(mib_net_type) = com->c_desired.np_net_type;
965 MIB5(mib_ap_status) = com->c_desired.np_ap_status;
966 bcopy(com->c_desired.np_ssid, MIB5(mib_ssid), IEEE80211_NWID_LEN);
967 MIB5(mib_scan_mode) = RAY_MIB_SCAN_MODE_V5;
968 MIB5(mib_apm_mode) = RAY_MIB_APM_MODE_V5;
969 bcopy(sc->sc_station_addr, MIB5(mib_mac_addr), ETHER_ADDR_LEN);
970 PUT2(MIB5(mib_frag_thresh), RAY_MIB_FRAG_THRESH_V5);
971 PUT2(MIB5(mib_dwell_time), RAY_MIB_DWELL_TIME_V5);
972 PUT2(MIB5(mib_beacon_period), RAY_MIB_BEACON_PERIOD_V5);
973 MIB5(mib_dtim_interval) = RAY_MIB_DTIM_INTERVAL_V5;
974 MIB5(mib_max_retry) = RAY_MIB_MAX_RETRY_V5;
975 MIB5(mib_ack_timo) = RAY_MIB_ACK_TIMO_V5;
976 MIB5(mib_sifs) = RAY_MIB_SIFS_V5;
977 MIB5(mib_difs) = RAY_MIB_DIFS_V5;
978 MIB5(mib_pifs) = RAY_MIB_PIFS_V5;
979 PUT2(MIB5(mib_rts_thresh), RAY_MIB_RTS_THRESH_V5);
980 PUT2(MIB5(mib_scan_dwell), RAY_MIB_SCAN_DWELL_V5);
981 PUT2(MIB5(mib_scan_max_dwell), RAY_MIB_SCAN_MAX_DWELL_V5);
982 MIB5(mib_assoc_timo) = RAY_MIB_ASSOC_TIMO_V5;
983 MIB5(mib_adhoc_scan_cycle) = RAY_MIB_ADHOC_SCAN_CYCLE_V5;
984 MIB5(mib_infra_scan_cycle) = RAY_MIB_INFRA_SCAN_CYCLE_V5;
985 MIB5(mib_infra_super_scan_cycle)
986 = RAY_MIB_INFRA_SUPER_SCAN_CYCLE_V5;
987 MIB5(mib_promisc) = com->c_desired.np_promisc;
988 PUT2(MIB5(mib_uniq_word), RAY_MIB_UNIQ_WORD_V5);
989 MIB5(mib_slot_time) = RAY_MIB_SLOT_TIME_V5;
990 MIB5(mib_roam_low_snr_thresh) = RAY_MIB_ROAM_LOW_SNR_THRESH_V5;
991 MIB5(mib_low_snr_count) = RAY_MIB_LOW_SNR_COUNT_V5;
992 MIB5(mib_infra_missed_beacon_count)
993 = RAY_MIB_INFRA_MISSED_BEACON_COUNT_V5;
994 MIB5(mib_adhoc_missed_beacon_count)
995 = RAY_MIB_ADHOC_MISSED_BEACON_COUNT_V5;
996 MIB5(mib_country_code) = RAY_MIB_COUNTRY_CODE_V5;
997 MIB5(mib_hop_seq) = RAY_MIB_HOP_SEQ_V5;
998 MIB5(mib_hop_seq_len) = RAY_MIB_HOP_SEQ_LEN_V5;
999 PUT2(MIB5(mib_cw_max), RAY_MIB_CW_MAX_V5);
1000 PUT2(MIB5(mib_cw_min), RAY_MIB_CW_MIN_V5);
1001 MIB5(mib_noise_filter_gain) = RAY_MIB_NOISE_FILTER_GAIN_DEFAULT;
1002 MIB5(mib_noise_limit_offset) = RAY_MIB_NOISE_LIMIT_OFFSET_DEFAULT;
1003 MIB5(mib_rssi_thresh_offset) = RAY_MIB_RSSI_THRESH_OFFSET_DEFAULT;
1004 MIB5(mib_busy_thresh_offset) = RAY_MIB_BUSY_THRESH_OFFSET_DEFAULT;
1005 MIB5(mib_sync_thresh) = RAY_MIB_SYNC_THRESH_DEFAULT;
1006 MIB5(mib_test_mode) = RAY_MIB_TEST_MODE_DEFAULT;
1007 MIB5(mib_test_min_chan) = RAY_MIB_TEST_MIN_CHAN_DEFAULT;
1008 MIB5(mib_test_max_chan) = RAY_MIB_TEST_MAX_CHAN_DEFAULT;
1009 MIB5(mib_allow_probe_resp) = RAY_MIB_ALLOW_PROBE_RESP_DEFAULT;
1010 MIB5(mib_privacy_must_start) = com->c_desired.np_priv_start;
1011 MIB5(mib_privacy_can_join) = com->c_desired.np_priv_join;
1012 MIB5(mib_basic_rate_set[0]) = com->c_desired.np_def_txrate;
1013#undef MIB5
1014
1015 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE,
1016 &ray_mib_5_default, sizeof(ray_mib_5_default));
1017}
1018#undef PUT2
1019
1020/*
1021 * Download completion routine
1022 */
1023static void
1024ray_init_download_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1025{
1026 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1027 RAY_COM_CHECK(sc, ccs);
1028
1029 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
1030
1031 ray_com_ecf_done(sc);
1032}
1033
1034/*
1035 * Runq entry to empty the multicast filter list
1036 */
1037static void
1038ray_init_mcast(struct ray_softc *sc, struct ray_comq_entry *com)
1039{
1040 struct ifnet *ifp = &sc->arpcom.ac_if;
1041
1042 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1043 RAY_MAP_CM(sc);
1044
1045 /* If the card already running we might not need to reset the list */
1046 RAY_COM_CHKRUNNING(sc, com, ifp);
1047
1048 /*
1049 * Kick the card
1050 */
1051 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_MCAST);
1052 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_update_mcast, c_nmcast, 0);
1053
1054 ray_com_ecf(sc, com);
1055}
1056
1057/*
1058 * Runq entry to starting or joining a network
1059 */
1060static void
1061ray_init_sj(struct ray_softc *sc, struct ray_comq_entry *com)
1062{
1063 struct ifnet *ifp = &sc->arpcom.ac_if;
1064 struct ray_net_params np;
1065 int update;
1066
1067 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1068 RAY_MAP_CM(sc);
1069
1070 /* If the card already running we might not need to start the n/w */
1071 RAY_COM_CHKRUNNING(sc, com, ifp);
1072
1073 /*
1074 * Set up the right start or join command and determine
1075 * whether we should tell the card about a change in operating
1076 * parameters.
1077 */
1078 sc->sc_c.np_havenet = 0;
1079 if (sc->sc_d.np_net_type == RAY_MIB_NET_TYPE_ADHOC)
1080 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_START_NET);
1081 else
1082 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_JOIN_NET);
1083
1084 update = 0;
1085 if (sc->sc_c.np_net_type != sc->sc_d.np_net_type)
1086 update++;
1087 if (bcmp(sc->sc_c.np_ssid, sc->sc_d.np_ssid, IEEE80211_NWID_LEN))
1088 update++;
1089 if (sc->sc_c.np_priv_join != sc->sc_d.np_priv_join)
1090 update++;
1091 if (sc->sc_c.np_priv_start != sc->sc_d.np_priv_start)
1092 update++;
1093 RAY_DPRINTF(sc, RAY_DBG_STARTJOIN,
1094 "%s updating nw params", update?"is":"not");
1095 if (update) {
1096 bzero(&np, sizeof(np));
1097 np.p_net_type = sc->sc_d.np_net_type;
1098 bcopy(sc->sc_d.np_ssid, np.p_ssid, IEEE80211_NWID_LEN);
1099 np.p_privacy_must_start = sc->sc_d.np_priv_start;
1100 np.p_privacy_can_join = sc->sc_d.np_priv_join;
1101 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE, &np, sizeof(np));
1102 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_net, c_upd_param, 1);
1103 } else
1104 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_net, c_upd_param, 0);
1105
1106 /*
1107 * Kick the card
1108 */
1109 ray_com_ecf(sc, com);
1110}
1111
1112/*
1113 * Complete start command or intermediate step in assoc command
1114 */
1115static void
1116ray_init_sj_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1117{
1118 struct ifnet *ifp = &sc->arpcom.ac_if;
1119
1120 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1121 RAY_MAP_CM(sc);
1122 RAY_COM_CHECK(sc, ccs);
1123
1124 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
1125
1126 /*
1127 * Read back network parameters that the ECF sets
1128 */
1129 SRAM_READ_REGION(sc, ccs, &sc->sc_c.p_1, sizeof(struct ray_cmd_net));
1130
1131 /* Adjust values for buggy firmware */
1132 if (sc->sc_c.np_inited == 0x55)
1133 sc->sc_c.np_inited = 0;
1134 if (sc->sc_c.np_def_txrate == 0x55)
1135 sc->sc_c.np_def_txrate = sc->sc_d.np_def_txrate;
1136 if (sc->sc_c.np_encrypt == 0x55)
1137 sc->sc_c.np_encrypt = sc->sc_d.np_encrypt;
1138
1139 /*
1140 * Update our local state if we updated the network parameters
1141 * when the START_NET or JOIN_NET was issued.
1142 */
1143 if (sc->sc_c.np_upd_param) {
1144 RAY_DPRINTF(sc, RAY_DBG_STARTJOIN, "updated parameters");
1145 SRAM_READ_REGION(sc, RAY_HOST_TO_ECF_BASE,
1146 &sc->sc_c.p_2, sizeof(struct ray_net_params));
1147 }
1148
1149 /*
1150 * Hurrah! The network is now active.
1151 *
1152 * Clearing IFF_OACTIVE will ensure that the system will send us
1153 * packets. Just before we return from the interrupt context
1154 * we check to see if packets have been queued.
1155 */
1156 if (SRAM_READ_FIELD_1(sc, ccs, ray_cmd, c_cmd) == RAY_CMD_START_NET) {
1157 sc->sc_c.np_havenet = 1;
1158 sc->sc_c.np_framing = sc->sc_d.np_framing;
1159 ifp->if_flags |= IFF_RUNNING;
1160 ifp->if_flags &= ~IFF_OACTIVE;
1161 }
1162
1163 ray_com_ecf_done(sc);
1164}
1165
1166/*
1167 * Runq entry to authenticate with an access point or another station
1168 */
1169static void
1170ray_init_auth(struct ray_softc *sc, struct ray_comq_entry *com)
1171{
1172 struct ifnet *ifp = &sc->arpcom.ac_if;
1173
1174 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN | RAY_DBG_AUTH, "");
1175
1176 /* If card already running we might not need to authenticate */
1177 RAY_COM_CHKRUNNING(sc, com, ifp);
1178
1179 /*
1180 * XXX Don't do anything if we are not in a managed network
1181 *
1182 * XXX V4 adhoc does not need this, V5 adhoc unknown
1183 */
1184 if (sc->sc_c.np_net_type != RAY_MIB_NET_TYPE_INFRA) {
1185 ray_com_runq_done(sc);
1186 return;
1187 }
1188
1189/*
1190 * XXX_AUTH need to think of run queue when doing auths from request i.e. would
1191 * XXX_AUTH need to have auth at top of runq?
1192 * XXX_AUTH ditto for sending any auth response packets...what about timeouts?
1193 */
1194
1195 /*
1196 * Kick the card
1197 */
1198/* XXX_AUTH check exit status and retry or fail as we can't associate without this */
1199 ray_init_auth_send(sc, sc->sc_c.np_bss_id, IEEE80211_AUTH_OPEN_REQUEST);
1200}
1201
1202/*
1203 * Build and send an authentication packet
1204 *
1205 * If an error occurs, returns 1 else returns 0.
1206 */
1207static int
1208ray_init_auth_send(struct ray_softc *sc, u_int8_t *dst, int sequence)
1209{
1210 size_t ccs, bufp;
1211 int pktlen = 0;
1212
1213 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN | RAY_DBG_AUTH, "");
1214
1215 /* Get a control block */
1216 if (ray_ccs_tx(sc, &ccs, &bufp)) {
1217 RAY_RECERR(sc, "could not obtain a ccs");
1218 return (1);
1219 }
1220
1221 /* Fill the header in */
1222 bufp = ray_tx_wrhdr(sc, bufp,
1223 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_AUTH,
1224 IEEE80211_FC1_DIR_NODS,
1225 dst,
1226 sc->arpcom.ac_enaddr,
1227 sc->sc_c.np_bss_id);
1228
1229 /* Add algorithm number */
1230 SRAM_WRITE_1(sc, bufp + pktlen++, IEEE80211_AUTH_ALG_OPEN);
1231 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1232
1233 /* Add sequence number */
1234 SRAM_WRITE_1(sc, bufp + pktlen++, sequence);
1235 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1236
1237 /* Add status code */
1238 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1239 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1240 pktlen += sizeof(struct ieee80211_frame);
1241
1242 return (ray_tx_send(sc, ccs, pktlen, dst));
1243}
1244
1245/*
1246 * Complete authentication runq
1247 */
1248static void
1249ray_init_auth_done(struct ray_softc *sc, u_int8_t status)
1250{
1251 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN | RAY_DBG_AUTH, "");
1252
1253 if (status != IEEE80211_STATUS_SUCCESS)
1254 RAY_RECERR(sc, "authentication failed with status %d", status);
1255/*
1256 * XXX_AUTH retry? if not just recall ray_init_auth_send and dont clear runq?
1257 * XXX_AUTH association requires that authenitcation is successful
1258 * XXX_AUTH before we associate, and the runq is the only way to halt the
1259 * XXX_AUTH progress of associate.
1260 * XXX_AUTH In this case I might not need the RAY_AUTH_NEEDED state
1261 */
1262 ray_com_runq_done(sc);
1263}
1264
1265/*
1266 * Runq entry to starting an association with an access point
1267 */
1268static void
1269ray_init_assoc(struct ray_softc *sc, struct ray_comq_entry *com)
1270{
1271 struct ifnet *ifp = &sc->arpcom.ac_if;
1272
1273 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1274
1275 /* If the card already running we might not need to associate */
1276 RAY_COM_CHKRUNNING(sc, com, ifp);
1277
1278 /*
1279 * Don't do anything if we are not in a managed network
1280 */
1281 if (sc->sc_c.np_net_type != RAY_MIB_NET_TYPE_INFRA) {
1282 ray_com_runq_done(sc);
1283 return;
1284 }
1285
1286 /*
1287 * Kick the card
1288 */
1289 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_START_ASSOC);
1290 ray_com_ecf(sc, com);
1291}
1292
1293/*
1294 * Complete association
1295 */
1296static void
1297ray_init_assoc_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1298{
1299 struct ifnet *ifp = &sc->arpcom.ac_if;
1300
1301 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1302 RAY_COM_CHECK(sc, ccs);
1303
1304 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
1305
1306 /*
1307 * Hurrah! The network is now active.
1308 *
1309 * Clearing IFF_OACTIVE will ensure that the system will send us
1310 * packets. Just before we return from the interrupt context
1311 * we check to see if packets have been queued.
1312 */
1313 sc->sc_c.np_havenet = 1;
1314 sc->sc_c.np_framing = sc->sc_d.np_framing;
1315 ifp->if_flags |= IFF_RUNNING;
1316 ifp->if_flags &= ~IFF_OACTIVE;
1317
1318 ray_com_ecf_done(sc);
1319}
1320
1321/*
1322 * Network stop.
1323 *
1324 * Inhibit card - if we can't prevent reception then do not worry;
1325 * stopping a NIC only guarantees no TX.
1326 *
1327 * The change to the interface flags is done via the runq so that any
1328 * existing commands can execute normally.
1329 */
1330static int
1331ray_stop_user(struct ray_softc *sc)
1332{
1333 struct ray_comq_entry *com[1];
1334 int error, ncom;
1335
1336 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STOP, "");
1337
1338 /*
1339 * Schedule the real stop routine
1340 */
1341 ncom = 0;
1342 com[ncom++] = RAY_COM_MALLOC(ray_stop, 0);
1343
1344 RAY_COM_RUNQ(sc, com, ncom, "raystop", error);
1345
1346 /* XXX no real error processing from anything yet! */
1347
1348 RAY_COM_FREE(com, ncom);
1349
1350 return (error);
1351}
1352
1353/*
1354 * Runq entry for stopping the interface activity
1355 */
1356static void
1357ray_stop(struct ray_softc *sc, struct ray_comq_entry *com)
1358{
1359 struct ifnet *ifp = &sc->arpcom.ac_if;
984263bc
MD
1360
1361 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STOP, "");
1362
1363 /*
1364 * Mark as not running and drain output queue
1365 */
1366 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
1367 ifp->if_timer = 0;
751c3dcc 1368 ifq_purge(&ifp->if_snd);
984263bc
MD
1369 ray_com_runq_done(sc);
1370}
1371
1372static void
1373ray_watchdog(struct ifnet *ifp)
1374{
1375 struct ray_softc *sc = ifp->if_softc;
1376
1377 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
1378 RAY_MAP_CM(sc);
1379
1380 if ((sc == NULL) || (sc->sc_gone))
1381 return;
1382
1383 RAY_PRINTF(sc, "watchdog timeout");
1384}
1385
1386/*
1387 * Transmit packet handling
1388 */
1389
1390/*
1391 * Send a packet.
1392 *
90101155
JS
1393 * We make one assumptions here:
1394 * - That the IFF_OACTIVE flag is checked before this code is called
1395 * (i.e. that the output part of the interface is idle)
984263bc
MD
1396 *
1397 * A simple one packet at a time TX routine is used - we don't bother
1398 * chaining TX buffers. Performance is sufficient to max out the
1399 * wireless link on a P75.
1400 *
1401 * AST J30 Windows 95A (100MHz Pentium) to
1402 * Libretto 50CT FreeBSD-3.1 (75MHz Pentium) 167.37kB/s
1403 * Nonname box FreeBSD-3.4 (233MHz AMD K6) 161.82kB/s
1404 *
1405 * Libretto 50CT FreeBSD-3.1 (75MHz Pentium) to
1406 * AST J30 Windows 95A (100MHz Pentium) 167.37kB/s
1407 * Nonname box FreeBSD-3.4 (233MHz AMD K6) 161.38kB/s
1408 *
1409 * Given that 160kB/s is saturating the 2Mb/s wireless link we
1410 * are about there.
1411 *
1412 * In short I'm happy that the added complexity of chaining TX
1413 * packets together isn't worth it for my machines.
1414 */
1415static void
1416ray_tx(struct ifnet *ifp)
1417{
1418 struct ray_softc *sc = ifp->if_softc;
1419 struct mbuf *m0, *m;
1420 struct ether_header *eh;
1421 struct llc *llc;
1422 size_t ccs, bufp;
1423 int pktlen, len;
1424
1425 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1426 RAY_MAP_CM(sc);
1427
1428 /*
1429 * Some simple checks first - some are overkill
1430 */
1431 if ((sc == NULL) || (sc->sc_gone))
1432 return;
1433 if (!(ifp->if_flags & IFF_RUNNING)) {
1434 RAY_RECERR(sc, "cannot transmit - not running");
1435 return;
1436 }
1437 if (!sc->sc_c.np_havenet) {
1438 RAY_RECERR(sc, "cannot transmit - no network");
1439 return;
1440 }
1441 if (!RAY_ECF_READY(sc)) {
1442 /* Can't assume that the ECF is busy because of this driver */
b3a81bea
JS
1443 if (!callout_active(&sc->tx_timer)) {
1444 callout_reset(&sc->tx_timer, RAY_TX_TIMEOUT,
1445 ray_tx_timo, sc);
984263bc 1446 return;
b3a81bea 1447 }
984263bc 1448 } else
b3a81bea 1449 callout_stop(&sc->tx_timer);
984263bc
MD
1450
1451 /*
1452 * We find a ccs before we process the mbuf so that we are sure it
1453 * is worthwhile processing the packet. All errors in the mbuf
1454 * processing are either errors in the mbuf or gross configuration
1455 * errors and the packet wouldn't get through anyway.
1456 */
1457 if (ray_ccs_tx(sc, &ccs, &bufp)) {
1458 ifp->if_flags |= IFF_OACTIVE;
1459 return;
1460 }
1461
1462 /*
1463 * Get the mbuf and process it - we have to remember to free the
1464 * ccs if there are any errors.
1465 */
751c3dcc 1466 m0 = ifq_dequeue(&ifp->if_snd);
984263bc
MD
1467 if (m0 == NULL) {
1468 RAY_CCS_FREE(sc, ccs);
1469 return;
1470 }
1471
1472 pktlen = m0->m_pkthdr.len;
1473 if (pktlen > ETHER_MAX_LEN - ETHER_CRC_LEN) {
1474 RAY_RECERR(sc, "mbuf too long %d", pktlen);
1475 RAY_CCS_FREE(sc, ccs);
1476 ifp->if_oerrors++;
1477 m_freem(m0);
1478 return;
1479 }
1480
1481 m0 = m_pullup(m0, sizeof(struct ether_header));
1482 if (m0 == NULL) {
1483 RAY_RECERR(sc, "could not pullup ether");
1484 RAY_CCS_FREE(sc, ccs);
1485 ifp->if_oerrors++;
1486 return;
1487 }
1488 eh = mtod(m0, struct ether_header *);
1489
1490 /*
1491 * Write the 802.11 header according to network type etc.
1492 */
1493 if (sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_ADHOC)
1494 bufp = ray_tx_wrhdr(sc, bufp,
1495 IEEE80211_FC0_TYPE_DATA,
1496 IEEE80211_FC1_DIR_NODS,
1497 eh->ether_dhost,
1498 eh->ether_shost,
1499 sc->sc_c.np_bss_id);
1500 else
1501 if (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_TERMINAL)
1502 bufp = ray_tx_wrhdr(sc, bufp,
1503 IEEE80211_FC0_TYPE_DATA,
1504 IEEE80211_FC1_DIR_TODS,
1505 sc->sc_c.np_bss_id,
1506 eh->ether_shost,
1507 eh->ether_dhost);
1508 else
1509 bufp = ray_tx_wrhdr(sc, bufp,
1510 IEEE80211_FC0_TYPE_DATA,
1511 IEEE80211_FC1_DIR_FROMDS,
1512 eh->ether_dhost,
1513 sc->sc_c.np_bss_id,
1514 eh->ether_shost);
1515
1516 /*
1517 * Framing
1518 *
1519 * Add to the mbuf.
1520 */
1521 switch (sc->sc_c.np_framing) {
1522
1523 case RAY_FRAMING_ENCAPSULATION:
1524 /* Nice and easy - nothing! (just add an 802.11 header) */
1525 break;
1526
1527 case RAY_FRAMING_TRANSLATION:
1528 /*
1529 * Drop the first address in the ethernet header and
1530 * write an LLC and SNAP header over the second.
1531 */
1532 m_adj(m0, ETHER_ADDR_LEN);
1533 if (m0 == NULL) {
1534 RAY_RECERR(sc, "could not get space for 802.2 header");
1535 RAY_CCS_FREE(sc, ccs);
1536 ifp->if_oerrors++;
1537 return;
1538 }
1539 llc = mtod(m0, struct llc *);
1540 llc->llc_dsap = LLC_SNAP_LSAP;
1541 llc->llc_ssap = LLC_SNAP_LSAP;
1542 llc->llc_control = LLC_UI;
1543 llc->llc_un.type_snap.org_code[0] = 0;
1544 llc->llc_un.type_snap.org_code[1] = 0;
1545 llc->llc_un.type_snap.org_code[2] = 0;
1546 break;
1547
1548 default:
1549 RAY_RECERR(sc, "unknown framing type %d", sc->sc_c.np_framing);
1550 RAY_CCS_FREE(sc, ccs);
1551 ifp->if_oerrors++;
1552 m_freem(m0);
1553 return;
1554
1555 }
1556 if (m0 == NULL) {
1557 RAY_RECERR(sc, "could not frame packet");
1558 RAY_CCS_FREE(sc, ccs);
1559 ifp->if_oerrors++;
1560 return;
1561 }
1562 RAY_MBUF_DUMP(sc, RAY_DBG_TX, m0, "framed packet");
1563
1564 /*
1565 * Copy the mbuf to the buffer in common memory
1566 *
1567 * We drop and don't bother wrapping as Ethernet packets are 1518
1568 * bytes, we checked the mbuf earlier, and our TX buffers are 2048
1569 * bytes. We don't have 530 bytes of headers etc. so something
1570 * must be fubar.
1571 */
1572 pktlen = sizeof(struct ieee80211_frame);
1573 for (m = m0; m != NULL; m = m->m_next) {
1574 pktlen += m->m_len;
1575 if ((len = m->m_len) == 0)
1576 continue;
1577 if ((bufp + len) < RAY_TX_END)
1578 SRAM_WRITE_REGION(sc, bufp, mtod(m, u_int8_t *), len);
1579 else {
1580 RAY_RECERR(sc, "tx buffer overflow");
1581 RAY_CCS_FREE(sc, ccs);
1582 ifp->if_oerrors++;
1583 m_freem(m0);
1584 return;
1585 }
1586 bufp += len;
1587 }
1588
1589 /*
1590 * Send it off
1591 */
1592 if (ray_tx_send(sc, ccs, pktlen, eh->ether_dhost))
1593 ifp->if_oerrors++;
1594 else
1595 ifp->if_opackets++;
1596 m_freem(m0);
1597}
1598
1599/*
1600 * Start timeout routine.
1601 *
1602 * Used when card was busy but we needed to send a packet.
1603 */
1604static void
1605ray_tx_timo(void *xsc)
1606{
1607 struct ray_softc *sc = (struct ray_softc *)xsc;
1608 struct ifnet *ifp = &sc->arpcom.ac_if;
984263bc
MD
1609
1610 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
1611
751c3dcc 1612 if ((ifp->if_flags & IFF_OACTIVE) == 0 && !ifq_is_empty(&ifp->if_snd)) {
90101155 1613 crit_enter();
984263bc 1614 ray_tx(ifp);
90101155 1615 crit_exit();
984263bc
MD
1616 }
1617}
1618
1619/*
1620 * Write an 802.11 header into the Tx buffer space and return the
1621 * adjusted buffer pointer.
1622 */
1623static size_t
1624ray_tx_wrhdr(struct ray_softc *sc, size_t bufp, u_int8_t type, u_int8_t fc1, u_int8_t *addr1, u_int8_t *addr2, u_int8_t *addr3)
1625{
1626 struct ieee80211_frame header;
1627
1628 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1629 RAY_MAP_CM(sc);
1630
1631 bzero(&header, sizeof(struct ieee80211_frame));
1632 header.i_fc[0] = (IEEE80211_FC0_VERSION_0 | type);
1633 header.i_fc[1] = fc1;
1634 bcopy(addr1, header.i_addr1, ETHER_ADDR_LEN);
1635 bcopy(addr2, header.i_addr2, ETHER_ADDR_LEN);
1636 bcopy(addr3, header.i_addr3, ETHER_ADDR_LEN);
1637
1638 SRAM_WRITE_REGION(sc, bufp, (u_int8_t *)&header,
1639 sizeof(struct ieee80211_frame));
1640
1641 return (bufp + sizeof(struct ieee80211_frame));
1642}
1643
1644/*
1645 * Fill in a few loose ends and kick the card to send the packet
1646 *
1647 * Returns 0 on success, 1 on failure
1648 */
1649static int
1650ray_tx_send(struct ray_softc *sc, size_t ccs, int pktlen, u_int8_t *dst)
1651{
1652 int i = 0;
1653
1654 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1655 RAY_MAP_CM(sc);
1656
1657 while (!RAY_ECF_READY(sc)) {
1658 DELAY(RAY_ECF_SPIN_DELAY);
1659 if (++i > RAY_ECF_SPIN_TRIES) {
1660 RAY_RECERR(sc, "ECF busy, dropping packet");
1661 RAY_CCS_FREE(sc, ccs);
1662 return (1);
1663 }
1664 }
1665 if (i != 0)
1666 RAY_RECERR(sc, "spun %d times", i);
1667
1668 SRAM_WRITE_FIELD_2(sc, ccs, ray_cmd_tx, c_len, pktlen);
1669 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_antenna,
1670 ray_tx_best_antenna(sc, dst));
1671 SRAM_WRITE_1(sc, RAY_SCB_CCSI, RAY_CCS_INDEX(ccs));
1672 RAY_ECF_START_CMD(sc);
1673
1674 return (0);
1675}
1676
1677/*
1678 * Determine best antenna to use from rx level and antenna cache
1679 */
1680static u_int8_t
1681ray_tx_best_antenna(struct ray_softc *sc, u_int8_t *dst)
1682{
1683 struct ray_siglev *sl;
1684 int i;
1685 u_int8_t antenna;
1686
1687 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1688
1689 if (sc->sc_version == RAY_ECFS_BUILD_4)
1690 return (0);
1691
1692 /* try to find host */
1693 for (i = 0; i < RAY_NSIGLEVRECS; i++) {
1694 sl = &sc->sc_siglevs[i];
1695 if (bcmp(sl->rsl_host, dst, ETHER_ADDR_LEN) == 0)
1696 goto found;
1697 }
1698 /* not found, return default setting */
1699 return (0);
1700
1701found:
1702 /* This is a simple thresholding scheme that takes the mean
1703 * of the best antenna history. This is okay but as it is a
1704 * filter, it adds a bit of lag in situations where the
1705 * best antenna swaps from one side to the other slowly. Don't know
1706 * how likely this is given the horrible fading though.
1707 */
1708 antenna = 0;
1709 for (i = 0; i < RAY_NANTENNA; i++) {
1710 antenna += sl->rsl_antennas[i];
1711 }
1712
1713 return (antenna > (RAY_NANTENNA >> 1));
1714}
1715
1716/*
1717 * Transmit now complete so clear ccs and network flags.
1718 */
1719static void
1720ray_tx_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1721{
1722 struct ifnet *ifp = &sc->arpcom.ac_if;
1723
1724 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1725
1726 RAY_CCSERR(sc, status, if_oerrors);
1727
1728 RAY_CCS_FREE(sc, ccs);
1729 ifp->if_timer = 0;
1730 if (ifp->if_flags & IFF_OACTIVE)
1731 ifp->if_flags &= ~IFF_OACTIVE;
1732}
1733
1734/*
1735 * Receiver packet handling
1736 */
1737
1738/*
1739 * Receive a packet from the card
1740 */
1741static void
1742ray_rx(struct ray_softc *sc, size_t rcs)
1743{
1744 struct ieee80211_frame *header;
1745 struct ifnet *ifp = &sc->arpcom.ac_if;
1746 struct mbuf *m0;
1747 size_t pktlen, fraglen, readlen, tmplen;
1748 size_t bufp, ebufp;
1749 u_int8_t siglev, antenna;
1750 u_int first, ni, i;
1751 u_int8_t *mp;
1752
1753 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
1754 RAY_MAP_CM(sc);
1755
1756 RAY_DPRINTF(sc, RAY_DBG_CCS, "using rcs 0x%x", rcs);
1757
1758 m0 = NULL;
1759 readlen = 0;
1760
1761 /*
1762 * Get first part of packet and the length. Do some sanity checks
1763 * and get a mbuf.
1764 */
1765 first = RAY_CCS_INDEX(rcs);
1766 pktlen = SRAM_READ_FIELD_2(sc, rcs, ray_cmd_rx, c_pktlen);
1767 siglev = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_siglev);
1768 antenna = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_antenna);
1769
1770 if ((pktlen > MCLBYTES) || (pktlen < sizeof(struct ieee80211_frame))) {
1771 RAY_RECERR(sc, "packet too big or too small");
1772 ifp->if_ierrors++;
1773 goto skip_read;
1774 }
1775
74f1caca 1776 MGETHDR(m0, MB_DONTWAIT, MT_DATA);
984263bc
MD
1777 if (m0 == NULL) {
1778 RAY_RECERR(sc, "MGETHDR failed");
1779 ifp->if_ierrors++;
1780 goto skip_read;
1781 }
1782 if (pktlen > MHLEN) {
74f1caca 1783 MCLGET(m0, MB_DONTWAIT);
984263bc
MD
1784 if (!(m0->m_flags & M_EXT)) {
1785 RAY_RECERR(sc, "MCLGET failed");
1786 ifp->if_ierrors++;
1787 m_freem(m0);
1788 m0 = NULL;
1789 goto skip_read;
1790 }
1791 }
1792 m0->m_pkthdr.rcvif = ifp;
1793 m0->m_pkthdr.len = pktlen;
1794 m0->m_len = pktlen;
1795 mp = mtod(m0, u_int8_t *);
1796
1797 /*
1798 * Walk the fragment chain to build the complete packet.
1799 *
1800 * The use of two index variables removes a race with the
1801 * hardware. If one index were used the clearing of the CCS would
1802 * happen before reading the next pointer and the hardware can get in.
1803 * Not my idea but verbatim from the NetBSD driver.
1804 */
1805 i = ni = first;
1806 while ((i = ni) && (i != RAY_CCS_LINK_NULL)) {
1807 rcs = RAY_CCS_ADDRESS(i);
1808 ni = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_nextfrag);
1809 bufp = SRAM_READ_FIELD_2(sc, rcs, ray_cmd_rx, c_bufp);
1810 fraglen = SRAM_READ_FIELD_2(sc, rcs, ray_cmd_rx, c_len);
1811 if (fraglen + readlen > pktlen) {
1812 RAY_RECERR(sc, "bad length current 0x%x pktlen 0x%x",
1813 fraglen + readlen, pktlen);
1814 ifp->if_ierrors++;
1815 m_freem(m0);
1816 m0 = NULL;
1817 goto skip_read;
1818 }
1819 if ((i < RAY_RCS_FIRST) || (i > RAY_RCS_LAST)) {
1820 RAY_RECERR(sc, "bad rcs index 0x%x", i);
1821 ifp->if_ierrors++;
1822 m_freem(m0);
1823 m0 = NULL;
1824 goto skip_read;
1825 }
1826
1827 ebufp = bufp + fraglen;
1828 if (ebufp <= RAY_RX_END)
1829 SRAM_READ_REGION(sc, bufp, mp, fraglen);
1830 else {
1831 SRAM_READ_REGION(sc, bufp, mp,
1832 (tmplen = RAY_RX_END - bufp));
1833 SRAM_READ_REGION(sc, RAY_RX_BASE, mp + tmplen,
1834 ebufp - RAY_RX_END);
1835 }
1836 mp += fraglen;
1837 readlen += fraglen;
1838 }
1839
1840skip_read:
1841
1842 /*
1843 * Walk the chain again to free the rcss.
1844 */
1845 i = ni = first;
1846 while ((i = ni) && (i != RAY_CCS_LINK_NULL)) {
1847 rcs = RAY_CCS_ADDRESS(i);
1848 ni = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_nextfrag);
1849 RAY_CCS_FREE(sc, rcs);
1850 }
1851
1852 if (m0 == NULL)
1853 return;
1854
1855 /*
1856 * Check the 802.11 packet type and hand off to
1857 * appropriate functions.
1858 */
1859 header = mtod(m0, struct ieee80211_frame *);
1860 if ((header->i_fc[0] & IEEE80211_FC0_VERSION_MASK)
1861 != IEEE80211_FC0_VERSION_0) {
1862 RAY_RECERR(sc, "header not version 0 fc0 0x%x",
1863 header->i_fc[0]);
1864 ifp->if_ierrors++;
1865 m_freem(m0);
1866 return;
1867 }
1868 switch (header->i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
1869
1870 case IEEE80211_FC0_TYPE_DATA:
1871 ray_rx_data(sc, m0, siglev, antenna);
1872 break;
1873
1874 case IEEE80211_FC0_TYPE_MGT:
1875 ray_rx_mgt(sc, m0);
1876 break;
1877
1878 case IEEE80211_FC0_TYPE_CTL:
1879 ray_rx_ctl(sc, m0);
1880 break;
1881
1882 default:
1883 RAY_RECERR(sc, "unknown packet fc0 0x%x", header->i_fc[0]);
1884 ifp->if_ierrors++;
1885 m_freem(m0);
1886 }
1887}
1888
1889/*
1890 * Deal with DATA packet types
1891 */
1892static void
1893ray_rx_data(struct ray_softc *sc, struct mbuf *m0, u_int8_t siglev, u_int8_t antenna)
1894{
1895 struct ifnet *ifp = &sc->arpcom.ac_if;
1896 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
1897 struct ether_header *eh;
1898 struct llc *llc;
1899 u_int8_t *sa = NULL, *da = NULL, *ra = NULL, *ta = NULL;
1900 int trim = 0;
1901
1902 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_RX, "");
1903
1904 /*
1905 * Check the the data packet subtype, some packets have
1906 * nothing in them so we will drop them here.
1907 */
1908 switch (header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) {
1909
1910 case IEEE80211_FC0_SUBTYPE_DATA:
1911 case IEEE80211_FC0_SUBTYPE_CF_ACK:
1912 case IEEE80211_FC0_SUBTYPE_CF_POLL:
1913 case IEEE80211_FC0_SUBTYPE_CF_ACPL:
1914 RAY_DPRINTF(sc, RAY_DBG_RX, "DATA packet");
1915 break;
1916
1917 case IEEE80211_FC0_SUBTYPE_NODATA:
1918 case IEEE80211_FC0_SUBTYPE_CFACK:
1919 case IEEE80211_FC0_SUBTYPE_CFPOLL:
1920 case IEEE80211_FC0_SUBTYPE_CF_ACK_CF_ACK:
1921 RAY_DPRINTF(sc, RAY_DBG_RX, "NULL packet");
1922 m_freem(m0);
1923 return;
1924 break;
1925
1926 default:
1927 RAY_RECERR(sc, "reserved DATA packet subtype 0x%x",
1928 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
1929 ifp->if_ierrors++;
1930 m_freem(m0);
1931 return;
1932 }
1933
1934 /*
1935 * Parse the To DS and From DS fields to determine the length
1936 * of the 802.11 header for use later on.
1937 *
1938 * Additionally, furtle out the right destination and
1939 * source MAC addresses for the packet. Packets may come via
1940 * APs so the MAC addresses of the immediate node may be
1941 * different from the node that actually sent us the packet.
1942 *
1943 * da destination address of final recipient
1944 * sa source address of orginator
1945 * ra receiver address of immediate recipient
1946 * ta transmitter address of immediate orginator
1947 *
1948 * Address matching is performed on da or sa with the AP or
1949 * BSSID in ra and ta.
1950 */
1951 RAY_MBUF_DUMP(sc, RAY_DBG_RX, m0, "(1) packet before framing");
1952 switch (header->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
1953
1954 case IEEE80211_FC1_DIR_NODS:
1955 da = ra = header->i_addr1;
1956 sa = ta = header->i_addr2;
1957 trim = sizeof(struct ieee80211_frame);
1958 RAY_DPRINTF(sc, RAY_DBG_RX, "from %6D to %6D",
1959 sa, ":", da, ":");
1960 break;
1961
1962 case IEEE80211_FC1_DIR_FROMDS:
1963 da = ra = header->i_addr1;
1964 ta = header->i_addr2;
1965 sa = header->i_addr3;
1966 trim = sizeof(struct ieee80211_frame);
1967 RAY_DPRINTF(sc, RAY_DBG_RX, "ap %6D from %6D to %6D",
1968 ta, ":", sa, ":", da, ":");
1969 break;
1970
1971 case IEEE80211_FC1_DIR_TODS:
1972 ra = header->i_addr1;
1973 sa = ta = header->i_addr2;
1974 da = header->i_addr3;
1975 trim = sizeof(struct ieee80211_frame);
1976 RAY_DPRINTF(sc, RAY_DBG_RX, "from %6D to %6D ap %6D",
1977 sa, ":", da, ":", ra, ":");
1978 break;
1979
1980 case IEEE80211_FC1_DIR_DSTODS:
1981 ra = header->i_addr1;
1982 ta = header->i_addr2;
1983 da = header->i_addr3;
1984 sa = (u_int8_t *)header+1;
1985 trim = sizeof(struct ieee80211_frame) + ETHER_ADDR_LEN;
1986 RAY_DPRINTF(sc, RAY_DBG_RX, "from %6D to %6D ap %6D to %6D",
1987 sa, ":", da, ":", ta, ":", ra, ":");
1988 break;
1989 }
1990
1991 /*
1992 * Framing
1993 *
1994 * Each case must leave an Ethernet header and adjust trim.
1995 */
1996 switch (sc->sc_c.np_framing) {
1997
1998 case RAY_FRAMING_ENCAPSULATION:
1999 /* A NOP as the Ethernet header is in the packet */
2000 break;
2001
2002 case RAY_FRAMING_TRANSLATION:
2003 /* Check that we have an LLC and SNAP sequence */
2004 llc = (struct llc *)((u_int8_t *)header + trim);
2005 if (llc->llc_dsap == LLC_SNAP_LSAP &&
2006 llc->llc_ssap == LLC_SNAP_LSAP &&
2007 llc->llc_control == LLC_UI &&
2008 llc->llc_un.type_snap.org_code[0] == 0 &&
2009 llc->llc_un.type_snap.org_code[1] == 0 &&
2010 llc->llc_un.type_snap.org_code[2] == 0) {
2011 /*
2012 * This is not magic. RFC1042 header is 8
2013 * bytes, with the last two bytes being the
2014 * ether type. So all we need is another
2015 * ETHER_ADDR_LEN bytes to write the
2016 * destination into.
2017 */
2018 trim -= ETHER_ADDR_LEN;
2019 eh = (struct ether_header *)((u_int8_t *)header + trim);
2020
2021 /*
2022 * Copy carefully to avoid mashing the MAC
2023 * addresses. The address layout in the .11 header
2024 * does make sense, honest, but it is a pain.
2025 *
2026 * NODS da sa no risk
2027 * FROMDS da ta sa sa then da
2028 * DSTODS ra ta da sa sa then da
2029 * TODS ra sa da da then sa
2030 */
2031 if (sa > da) {
2032 /* Copy sa first */
2033 bcopy(sa, eh->ether_shost, ETHER_ADDR_LEN);
2034 bcopy(da, eh->ether_dhost, ETHER_ADDR_LEN);
2035 } else {
2036 /* Copy da first */
2037 bcopy(da, eh->ether_dhost, ETHER_ADDR_LEN);
2038 bcopy(sa, eh->ether_shost, ETHER_ADDR_LEN);
2039 }
2040
2041 } else {
2042
2043 /* Assume RAY_FRAMING_ENCAPSULATION */
2044 RAY_RECERR(sc,
2045 "got encapsulated packet but in translation mode");
2046
2047 }
2048 break;
2049
2050 default:
2051 RAY_RECERR(sc, "unknown framing type %d", sc->sc_c.np_framing);
2052 ifp->if_ierrors++;
2053 m_freem(m0);
2054 return;
2055 }
2056 RAY_MBUF_DUMP(sc, RAY_DBG_RX, m0, "(2) packet after framing");
2057
2058 /*
2059 * Finally, do a bit of house keeping before sending the packet
2060 * up the stack.
2061 */
2062 m_adj(m0, trim);
2063 RAY_MBUF_DUMP(sc, RAY_DBG_RX, m0, "(3) packet after trimming");
2064 ifp->if_ipackets++;
2065 ray_rx_update_cache(sc, header->i_addr2, siglev, antenna);
3013ac0e 2066 (*ifp->if_input)(ifp, m0);
984263bc
MD
2067}
2068
2069/*
2070 * Deal with MGT packet types
2071 */
2072static void
2073ray_rx_mgt(struct ray_softc *sc, struct mbuf *m0)
2074{
2075 struct ifnet *ifp = &sc->arpcom.ac_if;
2076 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2077
2078 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_MGT, "");
2079
2080 if ((header->i_fc[1] & IEEE80211_FC1_DIR_MASK) !=
2081 IEEE80211_FC1_DIR_NODS) {
2082 RAY_RECERR(sc, "MGT TODS/FROMDS wrong fc1 0x%x",
2083 header->i_fc[1] & IEEE80211_FC1_DIR_MASK);
2084 ifp->if_ierrors++;
2085 m_freem(m0);
2086 return;
2087 }
2088
2089 /*
2090 * Check the the mgt packet subtype, some packets should be
2091 * dropped depending on the mode the station is in. See pg
2092 * 52(60) of docs
2093 *
2094 * P - proccess, J - Junk, E - ECF deals with, I - Illegal
2095 * ECF Proccesses
2096 * AHDOC procces or junk
2097 * INFRA STA process or junk
2098 * INFRA AP process or jumk
2099 *
2100 * +PPP IEEE80211_FC0_SUBTYPE_BEACON
2101 * +EEE IEEE80211_FC0_SUBTYPE_PROBE_REQ
2102 * +EEE IEEE80211_FC0_SUBTYPE_PROBE_RESP
2103 * PPP IEEE80211_FC0_SUBTYPE_AUTH
2104 * PPP IEEE80211_FC0_SUBTYPE_DEAUTH
2105 * JJP IEEE80211_FC0_SUBTYPE_ASSOC_REQ
2106 * JPJ IEEE80211_FC0_SUBTYPE_ASSOC_RESP
2107 * JPP IEEE80211_FC0_SUBTYPE_DISASSOC
2108 * JJP IEEE80211_FC0_SUBTYPE_REASSOC_REQ
2109 * JPJ IEEE80211_FC0_SUBTYPE_REASSOC_RESP
2110 * +EEE IEEE80211_FC0_SUBTYPE_ATIM
2111 */
2112 RAY_MBUF_DUMP(sc, RAY_DBG_MGT, m0, "MGT packet");
2113 switch (header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) {
2114
2115 case IEEE80211_FC0_SUBTYPE_BEACON:
2116 RAY_DPRINTF(sc, RAY_DBG_MGT, "BEACON MGT packet");
2117 ray_rx_mgt_beacon(sc, m0);
2118 break;
2119
2120 case IEEE80211_FC0_SUBTYPE_AUTH:
2121 RAY_DPRINTF(sc, RAY_DBG_MGT, "AUTH MGT packet");
2122 ray_rx_mgt_auth(sc, m0);
2123 break;
2124
2125 case IEEE80211_FC0_SUBTYPE_DEAUTH:
2126 RAY_DPRINTF(sc, RAY_DBG_MGT, "DEAUTH MGT packet");
2127 /* XXX ray_rx_mgt_deauth(sc, m0); */
2128 break;
2129
2130 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
2131 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
2132 RAY_DPRINTF(sc, RAY_DBG_MGT, "(RE)ASSOC_REQ MGT packet");
2133 if ((sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_INFRA) &&
2134 (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_AP))
2135 RAY_RECERR(sc, "can't be an AP yet"); /* XXX_ACTING_AP */
2136 break;
2137
2138 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
2139 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
2140 RAY_DPRINTF(sc, RAY_DBG_MGT, "(RE)ASSOC_RESP MGT packet");
2141 if ((sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_INFRA) &&
2142 (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_TERMINAL))
2143 RAY_RECERR(sc, "can't be in INFRA yet"); /* XXX_INFRA */
2144 break;
2145
2146 case IEEE80211_FC0_SUBTYPE_DISASSOC:
2147 RAY_DPRINTF(sc, RAY_DBG_MGT, "DISASSOC MGT packet");
2148 if (sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_INFRA)
2149 RAY_RECERR(sc, "can't be in INFRA yet"); /* XXX_INFRA */
2150 break;
2151
2152 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
2153 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
2154 case IEEE80211_FC0_SUBTYPE_ATIM:
2155 RAY_RECERR(sc, "unexpected MGT packet subtype 0x%0x",
2156 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2157 ifp->if_ierrors++;
2158 break;
2159
2160 default:
2161 RAY_RECERR(sc, "reserved MGT packet subtype 0x%x",
2162 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2163 ifp->if_ierrors++;
2164 }
2165
2166 m_freem(m0);
2167}
2168
2169/*
2170 * Deal with BEACON management packet types
2171 * XXX furtle anything interesting out
2172 * XXX Note that there are rules governing what beacons to read
2173 * XXX see 8802 S7.2.3, S11.1.2.3
2174 * XXX is this actually useful?
2175 */
2176static void
2177ray_rx_mgt_beacon(struct ray_softc *sc, struct mbuf *m0)
2178{
2179 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2180 ieee80211_mgt_beacon_t beacon = (u_int8_t *)(header+1);
2181 struct ieee80211_information elements;
2182
2183 u_int64_t *timestamp;
2184
2185 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_MGT, "");
2186
2187 timestamp = (u_int64_t *)beacon;
2188
2189RAY_DPRINTF(sc, RAY_DBG_MGT, "timestamp\t0x%x", *timestamp);
2190RAY_DPRINTF(sc, RAY_DBG_MGT, "interval\t\t0x%x", IEEE80211_BEACON_INTERVAL(beacon));
2191RAY_DPRINTF(sc, RAY_DBG_MGT, "capability\t0x%x", IEEE80211_BEACON_CAPABILITY(beacon));
2192
2193 ray_rx_mgt_info(sc, m0, &elements);
2194
2195}
2196
2197static void
2198ray_rx_mgt_info(struct ray_softc *sc, struct mbuf *m0, struct ieee80211_information *elements)
2199{
2200 struct ifnet *ifp = &sc->arpcom.ac_if;
2201 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2202 ieee80211_mgt_beacon_t beacon = (u_int8_t *)(header+1);
2203 ieee80211_mgt_beacon_t bp, be;
2204 int len;
2205
2206 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_MGT, "");
2207
2208 bp = beacon + 12;
2209 be = mtod(m0, u_int8_t *) + m0->m_len;
2210
2211 while (bp < be) {
2212 len = *(bp + 1);
2213 RAY_DPRINTF(sc, RAY_DBG_MGT, "id 0x%02x length %d", *bp, len);
2214
2215 switch (*bp) {
2216
2217 case IEEE80211_ELEMID_SSID:
2218 if (len > IEEE80211_NWID_LEN) {
2219 RAY_RECERR(sc, "bad SSD length: %d from %6D",
2220 len, header->i_addr2, ":");
2221 }
2222 strncpy(elements->ssid, bp + 2, len);
2223 elements->ssid[len] = 0;
2224 RAY_DPRINTF(sc, RAY_DBG_MGT,
2225 "beacon ssid %s", elements->ssid);
2226 break;
2227
2228 case IEEE80211_ELEMID_RATES:
2229 RAY_DPRINTF(sc, RAY_DBG_MGT, "rates");
2230 break;
2231
2232 case IEEE80211_ELEMID_FHPARMS:
2233 elements->fh.dwell = bp[2] + (bp[3] << 8);
2234 elements->fh.set = bp[4];
2235 elements->fh.pattern = bp[5];
2236 elements->fh.index = bp[6];
2237 RAY_DPRINTF(sc, RAY_DBG_MGT,
2238 "fhparams dwell\t0x%04x", elements->fh.dwell);
2239 RAY_DPRINTF(sc, RAY_DBG_MGT,
2240 "fhparams set\t0x%02x", elements->fh.set);
2241 RAY_DPRINTF(sc, RAY_DBG_MGT,
2242 "fhparams pattern\t0x%02x", elements->fh.pattern);
2243 RAY_DPRINTF(sc, RAY_DBG_MGT,
2244 "fhparams index\t0x%02x", elements->fh.index);
2245 break;
2246
2247 case IEEE80211_ELEMID_DSPARMS:
2248 RAY_RECERR(sc, "got direct sequence params!");
2249 break;
2250
2251 case IEEE80211_ELEMID_CFPARMS:
2252 RAY_DPRINTF(sc, RAY_DBG_MGT, "cfparams");
2253 break;
2254
2255 case IEEE80211_ELEMID_TIM:
2256 elements->tim.count = bp[2];
2257 elements->tim.period = bp[3];
2258 elements->tim.bitctl = bp[4];
2259 RAY_DPRINTF(sc, RAY_DBG_MGT,
2260 "tim count\t0x%02x", elements->tim.count);
2261 RAY_DPRINTF(sc, RAY_DBG_MGT,
2262 "tim period\t0x%02x", elements->tim.period);
2263 RAY_DPRINTF(sc, RAY_DBG_MGT,
2264 "tim bitctl\t0x%02x", elements->tim.bitctl);
2265#if RAY_DEBUG & RAY_DBG_MGT
2266 {
2267 int i;
2268 for (i = 5; i < len + 1; i++)
2269 RAY_DPRINTF(sc, RAY_DBG_MGT,
2270 "tim pvt[%03d]\t0x%02x", i-5, bp[i]);
2271 }
6b08710e 2272#endif
984263bc
MD
2273 break;
2274
2275 case IEEE80211_ELEMID_IBSSPARMS:
2276 elements->ibss.atim = bp[2] + (bp[3] << 8);
2277 RAY_DPRINTF(sc, RAY_DBG_MGT,
2278 "ibssparams atim\t0x%02x", elements->ibss.atim);
2279 break;
2280
2281 case IEEE80211_ELEMID_CHALLENGE:
2282 RAY_DPRINTF(sc, RAY_DBG_MGT, "challenge");
2283 break;
2284
2285 default:
2286 RAY_RECERR(sc, "reserved MGT element id 0x%x", *bp);
2287 ifp->if_ierrors++;break;
2288 }
2289 bp += bp[1] + 2;
2290 }
2291}
2292
2293/*
2294 * Deal with AUTH management packet types
2295 */
2296static void
2297ray_rx_mgt_auth(struct ray_softc *sc, struct mbuf *m0)
2298{
2299 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2300 ieee80211_mgt_auth_t auth = (u_int8_t *)(header+1);
2301
2302 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_AUTH, "");
2303
2304 switch (IEEE80211_AUTH_ALGORITHM(auth)) {
2305
2306 case IEEE80211_AUTH_ALG_OPEN:
2307 RAY_DPRINTF(sc, RAY_DBG_AUTH,
2308 "open system authentication sequence number %d",
2309 IEEE80211_AUTH_TRANSACTION(auth));
2310 if (IEEE80211_AUTH_TRANSACTION(auth) ==
2311 IEEE80211_AUTH_OPEN_REQUEST) {
2312
2313/* XXX_AUTH use ray_init_auth_send */
2314
2315 } else if (IEEE80211_AUTH_TRANSACTION(auth) ==
2316 IEEE80211_AUTH_OPEN_RESPONSE)
2317 ray_init_auth_done(sc, IEEE80211_AUTH_STATUS(auth));
2318 break;
2319
2320 case IEEE80211_AUTH_ALG_SHARED:
2321 RAY_RECERR(sc,
2322 "shared key authentication sequence number %d",
2323 IEEE80211_AUTH_TRANSACTION(auth));
2324 break;
2325
2326 default:
2327 RAY_RECERR(sc,
2328 "reserved authentication subtype 0x%04hx",
2329 IEEE80211_AUTH_ALGORITHM(auth));
2330 break;
2331 }
2332}
2333
2334/*
2335 * Deal with CTL packet types
2336 */
2337static void
2338ray_rx_ctl(struct ray_softc *sc, struct mbuf *m0)
2339{
2340 struct ifnet *ifp = &sc->arpcom.ac_if;
2341 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2342
2343 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CTL, "");
2344
2345 if ((header->i_fc[1] & IEEE80211_FC1_DIR_MASK) !=
2346 IEEE80211_FC1_DIR_NODS) {
2347 RAY_RECERR(sc, "CTL TODS/FROMDS wrong fc1 0x%x",
2348 header->i_fc[1] & IEEE80211_FC1_DIR_MASK);
2349 ifp->if_ierrors++;
2350 m_freem(m0);
2351 return;
2352 }
2353
2354 /*
2355 * Check the the ctl packet subtype, some packets should be
2356 * dropped depending on the mode the station is in. The ECF
2357 * should deal with everything but the power save poll to an
2358 * AP. See pg 52(60) of docs.
2359 */
2360 RAY_MBUF_DUMP(sc, RAY_DBG_CTL, m0, "CTL packet");
2361 switch (header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) {
2362
2363 case IEEE80211_FC0_SUBTYPE_PS_POLL:
2364 RAY_DPRINTF(sc, RAY_DBG_CTL, "PS_POLL CTL packet");
2365 if ((sc->sc_d.np_net_type == RAY_MIB_NET_TYPE_INFRA) &&
2366 (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_AP))
2367 RAY_RECERR(sc, "can't be an AP yet"); /* XXX_ACTING_AP */
2368 break;
2369
2370 case IEEE80211_FC0_SUBTYPE_RTS:
2371 case IEEE80211_FC0_SUBTYPE_CTS:
2372 case IEEE80211_FC0_SUBTYPE_ACK:
2373 case IEEE80211_FC0_SUBTYPE_CF_END:
2374 case IEEE80211_FC0_SUBTYPE_CF_END_ACK:
2375 RAY_RECERR(sc, "unexpected CTL packet subtype 0x%0x",
2376 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2377 ifp->if_ierrors++;
2378 break;
2379
2380 default:
2381 RAY_RECERR(sc, "reserved CTL packet subtype 0x%x",
2382 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2383 ifp->if_ierrors++;
2384 }
2385
2386 m_freem(m0);
2387}
2388
2389/*
2390 * Update rx level and antenna cache
2391 */
2392static void
2393ray_rx_update_cache(struct ray_softc *sc, u_int8_t *src, u_int8_t siglev, u_int8_t antenna)
2394{
2395 struct timeval mint;
2396 struct ray_siglev *sl;
2397 int i, mini;
2398
2399 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2400
2401 /* Try to find host */
2402 for (i = 0; i < RAY_NSIGLEVRECS; i++) {
2403 sl = &sc->sc_siglevs[i];
2404 if (bcmp(sl->rsl_host, src, ETHER_ADDR_LEN) == 0)
2405 goto found;
2406 }
2407 /* Not found, find oldest slot */
2408 mini = 0;
2409 mint.tv_sec = LONG_MAX;
2410 mint.tv_usec = 0;
2411 for (i = 0; i < RAY_NSIGLEVRECS; i++) {
2412 sl = &sc->sc_siglevs[i];
2413 if (timevalcmp(&sl->rsl_time, &mint, <)) {
2414 mini = i;
2415 mint = sl->rsl_time;
2416 }
2417 }
2418 sl = &sc->sc_siglevs[mini];
2419 bzero(sl->rsl_siglevs, RAY_NSIGLEV);
2420 bzero(sl->rsl_antennas, RAY_NANTENNA);
2421 bcopy(src, sl->rsl_host, ETHER_ADDR_LEN);
2422
2423found:
2424 microtime(&sl->rsl_time);
2425 bcopy(sl->rsl_siglevs, &sl->rsl_siglevs[1], RAY_NSIGLEV-1);
2426 sl->rsl_siglevs[0] = siglev;
2427 if (sc->sc_version != RAY_ECFS_BUILD_4) {
2428 bcopy(sl->rsl_antennas, &sl->rsl_antennas[1], RAY_NANTENNA-1);
2429 sl->rsl_antennas[0] = antenna;
2430 }
2431}
2432
2433/*
2434 * Interrupt handling
2435 */
2436
2437/*
2438 * Process an interrupt
2439 */
2440static void
2441ray_intr(void *xsc)
2442{
2443 struct ray_softc *sc = (struct ray_softc *)xsc;
2444 struct ifnet *ifp = &sc->arpcom.ac_if;
2445 size_t ccs;
2446 u_int8_t cmd, status;
2447 int ccsi;
2448
2449 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2450 RAY_MAP_CM(sc);
2451
2452 if ((sc == NULL) || (sc->sc_gone))
2453 return;
2454
2455 /*
2456 * Check that the interrupt was for us, if so get the rcs/ccs
2457 * and vector on the command contained within it.
2458 */
2459 if (RAY_HCS_INTR(sc)) {
2460 ccsi = SRAM_READ_1(sc, RAY_SCB_RCSI);
2461 ccs = RAY_CCS_ADDRESS(ccsi);
2462 cmd = SRAM_READ_FIELD_1(sc, ccs, ray_cmd, c_cmd);
2463 status = SRAM_READ_FIELD_1(sc, ccs, ray_cmd, c_status);
2464 if (ccsi <= RAY_CCS_LAST)
2465 ray_intr_ccs(sc, cmd, status, ccs);
2466 else if (ccsi <= RAY_RCS_LAST)
2467 ray_intr_rcs(sc, cmd, ccs);
2468 else
2469 RAY_RECERR(sc, "bad ccs index 0x%x", ccsi);
2470 RAY_HCS_CLEAR_INTR(sc);
2471 }
2472
2473 /* Send any packets lying around and update error counters */
751c3dcc 2474 if ((ifp->if_flags & IFF_OACTIVE) == 0 && !ifq_is_empty(&ifp->if_snd))
984263bc
MD
2475 ray_tx(ifp);
2476 if ((++sc->sc_checkcounters % 32) == 0)
2477 ray_intr_updt_errcntrs(sc);
2478}
2479
2480/*
2481 * Read the error counters.
2482 */
2483static void
2484ray_intr_updt_errcntrs(struct ray_softc *sc)
2485{
2486 size_t csc;
2487
2488 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2489 RAY_MAP_CM(sc);
2490
2491 /*
2492 * The card implements the following protocol to keep the
2493 * values from being changed while read: It checks the `own'
2494 * bit and if zero writes the current internal counter value,
2495 * it then sets the `own' bit to 1. If the `own' bit was 1 it
2496 * incremenets its internal counter. The user thus reads the
2497 * counter if the `own' bit is one and then sets the own bit
2498 * to 0.
2499 */
2500 csc = RAY_STATUS_BASE;
2501 if (SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_mrxo_own)) {
2502 sc->sc_rxoverflow +=
2503 SRAM_READ_FIELD_2(sc, csc, ray_csc, csc_mrx_overflow);
2504 SRAM_WRITE_FIELD_1(sc, csc, ray_csc, csc_mrxo_own, 0);
2505 }
2506 if (SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_mrxc_own)) {
2507 sc->sc_rxcksum +=
2508 SRAM_READ_FIELD_2(sc, csc, ray_csc, csc_mrx_overflow);
2509 SRAM_WRITE_FIELD_1(sc, csc, ray_csc, csc_mrxc_own, 0);
2510 }
2511 if (SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_rxhc_own)) {
2512 sc->sc_rxhcksum +=
2513 SRAM_READ_FIELD_2(sc, csc, ray_csc, csc_rx_hcksum);
2514 SRAM_WRITE_FIELD_1(sc, csc, ray_csc, csc_rxhc_own, 0);
2515 }
2516 sc->sc_rxnoise = SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_rx_noise);
2517}
2518
2519/*
2520 * Process CCS command completion
2521 */
2522static void
2523ray_intr_ccs(struct ray_softc *sc, u_int8_t cmd, u_int8_t status, size_t ccs)
2524{
2525 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2526
2527 switch (cmd) {
2528
2529 case RAY_CMD_DOWNLOAD_PARAMS:
2530 RAY_DPRINTF(sc, RAY_DBG_COM, "START_PARAMS");
2531 ray_init_download_done(sc, status, ccs);
2532 break;
2533
2534 case RAY_CMD_UPDATE_PARAMS:
2535 RAY_DPRINTF(sc, RAY_DBG_COM, "UPDATE_PARAMS");
2536 ray_upparams_done(sc, status, ccs);
2537 break;
2538
2539 case RAY_CMD_REPORT_PARAMS:
2540 RAY_DPRINTF(sc, RAY_DBG_COM, "REPORT_PARAMS");
2541 ray_repparams_done(sc, status, ccs);
2542 break;
2543
2544 case RAY_CMD_UPDATE_MCAST:
2545 RAY_DPRINTF(sc, RAY_DBG_COM, "UPDATE_MCAST");
2546 ray_mcast_done(sc, status, ccs);
2547 break;
2548
2549 case RAY_CMD_START_NET:
2550 case RAY_CMD_JOIN_NET:
2551 RAY_DPRINTF(sc, RAY_DBG_COM, "START|JOIN_NET");
2552 ray_init_sj_done(sc, status, ccs);
2553 break;
2554
2555 case RAY_CMD_TX_REQ:
2556 RAY_DPRINTF(sc, RAY_DBG_COM, "TX_REQ");
2557 ray_tx_done(sc, status, ccs);
2558 break;
2559
2560 case RAY_CMD_START_ASSOC:
2561 RAY_DPRINTF(sc, RAY_DBG_COM, "START_ASSOC");
2562 ray_init_assoc_done(sc, status, ccs);
2563 break;
2564
2565 case RAY_CMD_UPDATE_APM:
2566 RAY_RECERR(sc, "unexpected UPDATE_APM");
2567 break;
2568
2569 case RAY_CMD_TEST_MEM:
2570 RAY_RECERR(sc, "unexpected TEST_MEM");
2571 break;
2572
2573 case RAY_CMD_SHUTDOWN:
2574 RAY_RECERR(sc, "unexpected SHUTDOWN");
2575 break;
2576
2577 case RAY_CMD_DUMP_MEM:
2578 RAY_RECERR(sc, "unexpected DUMP_MEM");
2579 break;
2580
2581 case RAY_CMD_START_TIMER:
2582 RAY_RECERR(sc, "unexpected START_TIMER");
2583 break;
2584
2585 default:
2586 RAY_RECERR(sc, "unknown command 0x%x", cmd);
2587 break;
2588 }
2589}
2590
2591/*
2592 * Process ECF command request
2593 */
2594static void
2595ray_intr_rcs(struct ray_softc *sc, u_int8_t cmd, size_t rcs)
2596{
2597 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2598
2599 switch (cmd) {
2600
2601 case RAY_ECMD_RX_DONE:
2602 RAY_DPRINTF(sc, RAY_DBG_RX, "RX_DONE");
2603 ray_rx(sc, rcs);
2604 break;
2605
2606 case RAY_ECMD_REJOIN_DONE:
2607 RAY_DPRINTF(sc, RAY_DBG_RX, "REJOIN_DONE");
2608 sc->sc_c.np_havenet = 1; /* XXX Should not be here but in function */
2609 break;
2610
2611 case RAY_ECMD_ROAM_START:
2612 RAY_DPRINTF(sc, RAY_DBG_RX, "ROAM_START");
2613 sc->sc_c.np_havenet = 0; /* XXX Should not be here but in function */
2614 break;
2615
2616 case RAY_ECMD_JAPAN_CALL_SIGNAL:
2617 RAY_RECERR(sc, "unexpected JAPAN_CALL_SIGNAL");
2618 break;
2619
2620 default:
2621 RAY_RECERR(sc, "unknown command 0x%x", cmd);
2622 break;
2623 }
2624
2625 RAY_CCS_FREE(sc, rcs);
2626}
2627
2628/*
2629 * User land entry to multicast list changes
2630 */
2631static int
2632ray_mcast_user(struct ray_softc *sc)
2633{
2634 struct ray_comq_entry *com[2];
2635 int error, ncom;
2636
2637 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2638
2639 /*
2640 * Do all checking in the runq to preserve ordering.
2641 *
2642 * We run promisc to pick up changes to the ALL_MULTI
2643 * interface flag.
2644 */
2645 ncom = 0;
2646 com[ncom++] = RAY_COM_MALLOC(ray_mcast, 0);
2647 com[ncom++] = RAY_COM_MALLOC(ray_promisc, 0);
2648
2649 RAY_COM_RUNQ(sc, com, ncom, "raymcast", error);
2650
2651 /* XXX no real error processing from anything yet! */
2652
2653 RAY_COM_FREE(com, ncom);
2654
2655 return (error);
2656}
2657
2658/*
2659 * Runq entry to setting the multicast filter list
2660 *
2661 * MUST always be followed by a call to ray_promisc to pick up changes
2662 * to promisc flag
2663 */
2664static void
2665ray_mcast(struct ray_softc *sc, struct ray_comq_entry *com)
2666{
2667 struct ifnet *ifp = &sc->arpcom.ac_if;
2668 struct ifmultiaddr *ifma;
2669 size_t bufp;
2670 int count = 0;
2671
2672 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2673 RAY_MAP_CM(sc);
2674
2675 /*
2676 * If card is not running we don't need to update this.
2677 */
2678 if (!(ifp->if_flags & IFF_RUNNING)) {
2679 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "not running");
2680 ray_com_runq_done(sc);
2681 return;
2682 }
2683
2684 /*
2685 * The multicast list is only 16 items long so use promiscuous
2686 * mode and don't bother updating the multicast list.
2687 */
03df8a20 2688 LIST_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link)
984263bc
MD
2689 count++;
2690 if (count == 0) {
2691 ray_com_runq_done(sc);
2692 return;
2693 } else if (count > 16) {
2694 ifp->if_flags |= IFF_ALLMULTI;
2695 ray_com_runq_done(sc);
2696 return;
2697 } else if (ifp->if_flags & IFF_ALLMULTI)
2698 ifp->if_flags &= ~IFF_ALLMULTI;
2699
2700 /*
2701 * Kick the card
2702 */
2703 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_MCAST);
2704 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
2705 ray_cmd_update_mcast, c_nmcast, count);
2706 bufp = RAY_HOST_TO_ECF_BASE;
03df8a20 2707 LIST_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
984263bc
MD
2708 SRAM_WRITE_REGION(
2709 sc,
2710 bufp,
2711 LLADDR((struct sockaddr_dl *)ifma->ifma_addr),
2712 ETHER_ADDR_LEN
2713 );
2714 bufp += ETHER_ADDR_LEN;
2715 }
2716
2717 ray_com_ecf(sc, com);
2718}
2719
2720/*
2721 * Complete the multicast filter list update
2722 */
2723static void
2724ray_mcast_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
2725{
2726 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
2727 RAY_COM_CHECK(sc, ccs);
2728
2729 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
2730
2731 ray_com_ecf_done(sc);
2732}
2733
2734/*
2735 * Runq entry to set/reset promiscuous mode
2736 */
2737static void
2738ray_promisc(struct ray_softc *sc, struct ray_comq_entry *com)
2739{
2740 struct ifnet *ifp = &sc->arpcom.ac_if;
2741
2742 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2743 RAY_MAP_CM(sc);
2744
2745 /*
2746 * If card not running or we already have the right flags
2747 * we don't need to update this
2748 */
2749 sc->sc_d.np_promisc = !!(ifp->if_flags & (IFF_PROMISC | IFF_ALLMULTI));
2750 if (!(ifp->if_flags & IFF_RUNNING) ||
2751 (sc->sc_c.np_promisc == sc->sc_d.np_promisc)) {
2752 ray_com_runq_done(sc);
2753 return;
2754 }
2755
2756 /*
2757 * Kick the card
2758 */
2759 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_PARAMS);
2760 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
2761 ray_cmd_update, c_paramid, RAY_MIB_PROMISC);
2762 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_update, c_nparam, 1);
2763 SRAM_WRITE_1(sc, RAY_HOST_TO_ECF_BASE, sc->sc_d.np_promisc);
2764
2765 ray_com_ecf(sc, com);
2766}
2767
2768/*
2769 * User land entry to parameter reporting
2770 *
2771 * As we by pass the runq to report current parameters this function
2772 * only provides a snap shot of the driver's state.
2773 */
2774static int
2775ray_repparams_user(struct ray_softc *sc, struct ray_param_req *pr)
2776{
2777 struct ray_comq_entry *com[1];
2778 int error, ncom;
2779
2780 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2781
2782 /*
2783 * Test for illegal values or immediate responses
2784 */
2785 if (pr->r_paramid > RAY_MIB_MAX)
2786 return (EINVAL);
2787 if ((sc->sc_version == RAY_ECFS_BUILD_4) &&
2788 !(mib_info[pr->r_paramid][0] & RAY_V4))
2789 return (EINVAL);
2790 if ((sc->sc_version == RAY_ECFS_BUILD_5) &&
2791 !(mib_info[pr->r_paramid][0] & RAY_V5))
2792 return (EINVAL);
2793 if (pr->r_paramid > RAY_MIB_LASTUSER) {
2794 switch (pr->r_paramid) {
2795
2796 case RAY_MIB_VERSION:
2797 if (sc->sc_version == RAY_ECFS_BUILD_4)
2798 *pr->r_data = RAY_V4;
2799 else
2800 *pr->r_data = RAY_V5;
2801 break;
2802 case RAY_MIB_CUR_BSSID:
2803 bcopy(sc->sc_c.np_bss_id, pr->r_data, ETHER_ADDR_LEN);
2804 break;
2805 case RAY_MIB_CUR_INITED:
2806 *pr->r_data = sc->sc_c.np_inited;
2807 break;
2808 case RAY_MIB_CUR_DEF_TXRATE:
2809 *pr->r_data = sc->sc_c.np_def_txrate;
2810 break;
2811 case RAY_MIB_CUR_ENCRYPT:
2812 *pr->r_data = sc->sc_c.np_encrypt;
2813 break;
2814 case RAY_MIB_CUR_NET_TYPE:
2815 *pr->r_data = sc->sc_c.np_net_type;
2816 break;
2817 case RAY_MIB_CUR_SSID:
2818 bcopy(sc->sc_c.np_ssid, pr->r_data, IEEE80211_NWID_LEN);
2819 break;
2820 case RAY_MIB_CUR_PRIV_START:
2821 *pr->r_data = sc->sc_c.np_priv_start;
2822 break;
2823 case RAY_MIB_CUR_PRIV_JOIN:
2824 *pr->r_data = sc->sc_c.np_priv_join;
2825 break;
2826 case RAY_MIB_DES_BSSID:
2827 bcopy(sc->sc_d.np_bss_id, pr->r_data, ETHER_ADDR_LEN);
2828 break;
2829 case RAY_MIB_DES_INITED:
2830 *pr->r_data = sc->sc_d.np_inited;
2831 break;
2832 case RAY_MIB_DES_DEF_TXRATE:
2833 *pr->r_data = sc->sc_d.np_def_txrate;
2834 break;
2835 case RAY_MIB_DES_ENCRYPT:
2836 *pr->r_data = sc->sc_d.np_encrypt;
2837 break;
2838 case RAY_MIB_DES_NET_TYPE:
2839 *pr->r_data = sc->sc_d.np_net_type;
2840 break;
2841 case RAY_MIB_DES_SSID:
2842 bcopy(sc->sc_d.np_ssid, pr->r_data, IEEE80211_NWID_LEN);
2843 break;
2844 case RAY_MIB_DES_PRIV_START:
2845 *pr->r_data = sc->sc_d.np_priv_start;
2846 break;
2847 case RAY_MIB_DES_PRIV_JOIN:
2848 *pr->r_data = sc->sc_d.np_priv_join;
2849 break;
2850 case RAY_MIB_CUR_AP_STATUS:
2851 *pr->r_data = sc->sc_c.np_ap_status;
2852 break;
2853 case RAY_MIB_CUR_PROMISC:
2854 *pr->r_data = sc->sc_c.np_promisc;
2855 break;
2856 case RAY_MIB_DES_AP_STATUS:
2857 *pr->r_data = sc->sc_d.np_ap_status;
2858 break;
2859 case RAY_MIB_DES_PROMISC:
2860 *pr->r_data = sc->sc_d.np_promisc;
2861 break;
2862 case RAY_MIB_CUR_FRAMING:
2863 *pr->r_data = sc->sc_c.np_framing;
2864 break;
2865 case RAY_MIB_DES_FRAMING:
2866 *pr->r_data = sc->sc_d.np_framing;
2867 break;
2868
2869 default:
2870 return (EINVAL);
2871 break;
2872 }
2873 pr->r_failcause = 0;
2874 if (sc->sc_version == RAY_ECFS_BUILD_4)
2875 pr->r_len = mib_info[pr->r_paramid][RAY_MIB_INFO_SIZ4];
2876 else if (sc->sc_version == RAY_ECFS_BUILD_5)
2877 pr->r_len = mib_info[pr->r_paramid][RAY_MIB_INFO_SIZ5];
2878 return (0);
2879 }
2880
2881 pr->r_failcause = 0;
2882 ncom = 0;
2883 com[ncom++] = RAY_COM_MALLOC(ray_repparams, RAY_COM_FWOK);
2884 com[ncom-1]->c_pr = pr;
2885
2886 RAY_COM_RUNQ(sc, com, ncom, "rayrparm", error);
2887
2888 /* XXX no real error processing from anything yet! */
2889 if (!com[0]->c_retval && pr->r_failcause)
2890 error = EINVAL;
2891
2892 RAY_COM_FREE(com, ncom);
2893
2894 return (error);
2895}
2896
2897/*
2898 * Runq entry to read the required parameter
2899 *
2900 * The card and driver are happy for parameters to be read
2901 * whenever the card is plugged in
2902 */
2903static void
2904ray_repparams(struct ray_softc *sc, struct ray_comq_entry *com)
2905{
2906 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2907 RAY_MAP_CM(sc);
2908
2909 /*
2910 * Kick the card
2911 */
2912 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_REPORT_PARAMS);
2913 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
2914 ray_cmd_report, c_paramid, com->c_pr->r_paramid);
2915 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_report, c_nparam, 1);
2916
2917 ray_com_ecf(sc, com);
2918}
2919
2920/*
2921 * Complete the parameter reporting
2922 */
2923static void
2924ray_repparams_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
2925{
2926 struct ray_comq_entry *com;
2927
2928 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2929 RAY_MAP_CM(sc);
2930 RAY_COM_CHECK(sc, ccs);
2931
2932 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
2933
2934 com = TAILQ_FIRST(&sc->sc_comq);
2935 com->c_pr->r_failcause =
2936 SRAM_READ_FIELD_1(sc, ccs, ray_cmd_report, c_failcause);
2937 com->c_pr->r_len =
2938 SRAM_READ_FIELD_1(sc, ccs, ray_cmd_report, c_len);
2939 SRAM_READ_REGION(sc, RAY_ECF_TO_HOST_BASE,
2940 com->c_pr->r_data, com->c_pr->r_len);
2941
2942 ray_com_ecf_done(sc);
2943}
2944
2945/*
2946 * User land entry (and exit) to the error counters
2947 */
2948static int
2949ray_repstats_user(struct ray_softc *sc, struct ray_stats_req *sr)
2950{
2951 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2952
2953 sr->rxoverflow = sc->sc_rxoverflow;
2954 sr->rxcksum = sc->sc_rxcksum;
2955 sr->rxhcksum = sc->sc_rxhcksum;
2956 sr->rxnoise = sc->sc_rxnoise;
2957
2958 return (0);
2959}
2960
2961/*
2962 * User land entry to parameter update changes
2963 *
2964 * As a parameter change can cause the network parameters to be
2965 * invalid we have to re-start/join.
2966 */
2967static int
2968ray_upparams_user(struct ray_softc *sc, struct ray_param_req *pr)
2969{
2970 struct ray_comq_entry *com[4];
2971 int error, ncom, todo;
2972#define RAY_UPP_SJ 0x1
2973#define RAY_UPP_PARAMS 0x2
2974
2975 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2976
2977 /*
2978 * Check that the parameter is available based on firmware version
2979 */
2980 pr->r_failcause = 0;
2981 if (pr->r_paramid > RAY_MIB_LASTUSER)
2982 return (EINVAL);
2983 if ((sc->sc_version == RAY_ECFS_BUILD_4) &&
2984 !(mib_info[pr->r_paramid][0] & RAY_V4))
2985 return (EINVAL);
2986 if ((sc->sc_version == RAY_ECFS_BUILD_5) &&
2987 !(mib_info[pr->r_paramid][0] & RAY_V5))
2988 return (EINVAL);
2989
2990 /*
2991 * Handle certain parameters specially
2992 */
2993 todo = 0;
2994 switch (pr->r_paramid) {
2995 case RAY_MIB_NET_TYPE: /* Updated via START_NET JOIN_NET */
2996 sc->sc_d.np_net_type = *pr->r_data;
2997 todo |= RAY_UPP_SJ;
2998 break;
2999
3000 case RAY_MIB_SSID: /* Updated via START_NET JOIN_NET */
3001 bcopy(pr->r_data, sc->sc_d.np_ssid, IEEE80211_NWID_LEN);
3002 todo |= RAY_UPP_SJ;
3003 break;
3004
3005 case RAY_MIB_PRIVACY_MUST_START:/* Updated via START_NET */
3006 if (sc->sc_c.np_net_type != RAY_MIB_NET_TYPE_ADHOC)
3007 return (EINVAL);
3008 sc->sc_d.np_priv_start = *pr->r_data;
3009 todo |= RAY_UPP_SJ;
3010 break;
3011
3012 case RAY_MIB_PRIVACY_CAN_JOIN: /* Updated via START_NET JOIN_NET */
3013 sc->sc_d.np_priv_join = *pr->r_data;
3014 todo |= RAY_UPP_SJ;
3015 break;
3016
3017 case RAY_MIB_BASIC_RATE_SET:
3018 sc->sc_d.np_def_txrate = *pr->r_data;
3019 todo |= RAY_UPP_PARAMS;
3020 break;
3021
3022 case RAY_MIB_AP_STATUS: /* Unsupported */
3023 case RAY_MIB_MAC_ADDR: /* XXX Need interface up but could be done */
3024 case RAY_MIB_PROMISC: /* BPF */
3025 return (EINVAL);
3026 break;
3027
3028 default:
3029 todo |= RAY_UPP_PARAMS;
3030 todo |= RAY_UPP_SJ;
3031 break;
3032 }
3033
3034 /*
3035 * Generate the runq entries as needed
3036 */
3037 ncom = 0;
3038 if (todo & RAY_UPP_PARAMS) {
3039 com[ncom++] = RAY_COM_MALLOC(ray_upparams, 0);
3040 com[ncom-1]->c_pr = pr;
3041 }
3042 if (todo & RAY_UPP_SJ) {
3043 com[ncom++] = RAY_COM_MALLOC(ray_init_sj, 0);
3044 com[ncom++] = RAY_COM_MALLOC(ray_init_auth, 0);
3045 com[ncom++] = RAY_COM_MALLOC(ray_init_assoc, 0);
3046 }
3047
3048 RAY_COM_RUNQ(sc, com, ncom, "rayuparam", error);
3049
3050 /* XXX no real error processing from anything yet! */
3051 if (!com[0]->c_retval && pr->r_failcause)
3052 error = EINVAL;
3053
3054 RAY_COM_FREE(com, ncom);
3055
3056 return (error);
3057}
3058
3059/*
3060 * Runq entry to update a parameter
3061 *
3062 * The card and driver are happy for parameters to be updated
3063 * whenever the card is plugged in
3064 *
3065 * XXX the above is a little bit of a lie until _download is sorted out and we
3066 * XXX keep local copies of things
3067 */
3068static void
3069ray_upparams(struct ray_softc *sc, struct ray_comq_entry *com)
3070{
3071 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3072 RAY_MAP_CM(sc);
3073
3074 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_PARAMS);
3075
3076 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
3077 ray_cmd_update, c_paramid, com->c_pr->r_paramid);
3078 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_update, c_nparam, 1);
3079 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE,
3080 com->c_pr->r_data, com->c_pr->r_len);
3081
3082 ray_com_ecf(sc, com);
3083}
3084
3085/*
3086 * Complete the parameter update, note that promisc finishes up here too
3087 */
3088static void
3089ray_upparams_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
3090{
3091 struct ray_comq_entry *com;
3092
3093 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3094 RAY_MAP_CM(sc);
3095 RAY_COM_CHECK(sc, ccs);
3096
3097 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
3098
3099 com = TAILQ_FIRST(&sc->sc_comq);
3100
3101 switch (SRAM_READ_FIELD_1(sc, ccs, ray_cmd_update, c_paramid)) {
3102
3103 case RAY_MIB_PROMISC:
3104 sc->sc_c.np_promisc = SRAM_READ_1(sc, RAY_HOST_TO_ECF_BASE);
3105 RAY_DPRINTF(sc, RAY_DBG_IOCTL,
3106 "promisc value %d", sc->sc_c.np_promisc);
3107 break;
3108
3109 default:
3110 com->c_pr->r_failcause =
3111 SRAM_READ_FIELD_1(sc, ccs, ray_cmd_update, c_failcause);
3112 break;
3113
3114 }
3115
3116 ray_com_ecf_done(sc);
3117}
3118
3119/*
3120 * Command queuing and execution
3121 */
3122
3123/*
3124 * Set up a comq entry struct
3125 */
3126static struct ray_comq_entry *
3127ray_com_init(struct ray_comq_entry *com, ray_comqfn_t function, int flags, char *mesg)
3128{
3129 com->c_function = function;
3130 com->c_flags = flags;
3131 com->c_retval = 0;
3132 com->c_ccs = NULL;
3133 com->c_wakeup = NULL;
3134 com->c_pr = NULL;
3135 com->c_mesg = mesg;
3136
3137 return (com);
3138}
3139
3140/*
3141 * Malloc and set up a comq entry struct
3142 */
3143static struct ray_comq_entry *
3144ray_com_malloc(ray_comqfn_t function, int flags, char *mesg)
3145{
3146 struct ray_comq_entry *com;
3147
3148 MALLOC(com, struct ray_comq_entry *,
3149 sizeof(struct ray_comq_entry), M_RAYCOM, M_WAITOK);
3150
3151 return (ray_com_init(com, function, flags, mesg));
3152}
3153
3154/*
3155 * Add an array of commands to the runq, get some ccs's for them and
3156 * then run, waiting on the last command.
3157 *
3158 * We add the commands to the queue first to preserve ioctl ordering.
3159 *
3160 * On recoverable errors, this routine removes the entries from the
3161 * runq. A caller can requeue the commands (and still preserve its own
3162 * processes ioctl ordering) but doesn't have to. When the card is
3163 * detached we get out quickly to prevent panics and don't bother
3164 * about the runq.
3165 */
3166static int
3167ray_com_runq_add(struct ray_softc *sc, struct ray_comq_entry *com[], int ncom, char *wmesg)
3168{
3169 int i, error;
3170
3171 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3172
3173 error = 0;
3174 /*
3175 * Add the commands to the runq but don't let it run until
3176 * the ccs's are allocated successfully
3177 */
3178 com[0]->c_flags |= RAY_COM_FWAIT;
3179 for (i = 0; i < ncom; i++) {
3180 com[i]->c_wakeup = com[ncom-1];
3181 RAY_DPRINTF(sc, RAY_DBG_COM, "adding %p", com[i]);
3182 RAY_DCOM(sc, RAY_DBG_DCOM, com[i], "adding");
3183 TAILQ_INSERT_TAIL(&sc->sc_comq, com[i], c_chain);
3184 }
3185 com[ncom-1]->c_flags |= RAY_COM_FWOK;
3186
3187 /*
3188 * Allocate ccs's for each command.
3189 */
3190 for (i = 0; i < ncom; i++) {
3191 error = ray_ccs_alloc(sc, &com[i]->c_ccs, wmesg);
3192 if (error == ENXIO)
3193 return (ENXIO);
3194 else if (error)
3195 goto cleanup;
3196 }
3197
3198 /*
3199 * Allow the queue to run and sleep if needed.
3200 *
3201 * Iff the FDETACHED flag is set in the com entry we waited on
3202 * the driver is in a zombie state! The softc structure has been
3203 * freed by the generic bus detach methods - eek. We tread very
3204 * carefully!
3205 */
3206 com[0]->c_flags &= ~RAY_COM_FWAIT;
3207 ray_com_runq(sc);
3208 if (TAILQ_FIRST(&sc->sc_comq) != NULL) {
3209 RAY_DPRINTF(sc, RAY_DBG_COM, "sleeping");
377d4740 3210 error = tsleep(com[ncom-1], PCATCH, wmesg, 0);
984263bc
MD
3211 if (com[ncom-1]->c_flags & RAY_COM_FDETACHED)
3212 return (ENXIO);
3213 RAY_DPRINTF(sc, RAY_DBG_COM,
3214 "awakened, tsleep returned 0x%x", error);
3215 } else
3216 error = 0;
3217
3218cleanup:
3219 /*
3220 * Only clean the queue on real errors - we don't care about it
3221 * when we detach as the queue entries are freed by the callers.
3222 */
3223 if (error && (error != ENXIO))
3224 for (i = 0; i < ncom; i++)
3225 if (!(com[i]->c_flags & RAY_COM_FCOMPLETED)) {
3226 RAY_DPRINTF(sc, RAY_DBG_COM, "removing %p",
3227 com[i]);
3228 RAY_DCOM(sc, RAY_DBG_DCOM, com[i], "removing");
3229 TAILQ_REMOVE(&sc->sc_comq, com[i], c_chain);
3230 ray_ccs_free(sc, com[i]->c_ccs);
3231 com[i]->c_ccs = NULL;
3232 }
3233
3234 return (error);
3235}
3236
3237/*
3238 * Run the command at the head of the queue (if not already running)
3239 */
3240static void
3241ray_com_runq(struct ray_softc *sc)
3242{
3243 struct ray_comq_entry *com;
3244
3245 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3246
3247 com = TAILQ_FIRST(&sc->sc_comq);
3248 if ((com == NULL) ||
3249 (com->c_flags & RAY_COM_FRUNNING) ||
3250 (com->c_flags & RAY_COM_FWAIT) ||
3251 (com->c_flags & RAY_COM_FDETACHED))
3252 return;
3253
3254 com->c_flags |= RAY_COM_FRUNNING;
3255 RAY_DPRINTF(sc, RAY_DBG_COM, "running %p", com);
3256 RAY_DCOM(sc, RAY_DBG_DCOM, com, "running");
3257 com->c_function(sc, com);
3258}
3259
3260/*
3261 * Remove run command, free ccs and wakeup caller.
3262 *
3263 * Minimal checks are done here as we ensure that the com and command
3264 * handler were matched up earlier. Must be called at splnet or higher
3265 * so that entries on the command queue are correctly removed.
3266 *
3267 * Remove the com from the comq, and wakeup the caller if it requested
3268 * to be woken. This is used for ensuring a sequence of commands
3269 * completes. Finally, re-run the queue.
3270 */
3271static void
3272ray_com_runq_done(struct ray_softc *sc)
3273{
3274 struct ray_comq_entry *com;
3275
3276 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3277
3278 com = TAILQ_FIRST(&sc->sc_comq); /* XXX shall we check this as below */
3279 RAY_DPRINTF(sc, RAY_DBG_COM, "removing %p", com);
3280 RAY_DCOM(sc, RAY_DBG_DCOM, com, "removing");
3281 TAILQ_REMOVE(&sc->sc_comq, com, c_chain);
3282
3283 com->c_flags &= ~RAY_COM_FRUNNING;
3284 com->c_flags |= RAY_COM_FCOMPLETED;
3285 com->c_retval = 0;
3286 ray_ccs_free(sc, com->c_ccs);
3287 com->c_ccs = NULL;
3288
3289 if (com->c_flags & RAY_COM_FWOK)
3290 wakeup(com->c_wakeup);
3291
3292 ray_com_runq(sc);
3293
3294 /* XXX what about error on completion then? deal with when i fix
3295 * XXX the status checking
3296 *
3297 * XXX all the runq_done calls from IFF_RUNNING checks in runq
3298 * XXX routines should return EIO but shouldn't abort the runq
3299 */
3300}
3301
3302/*
3303 * Send a command to the ECF.
3304 */
3305static void
3306ray_com_ecf(struct ray_softc *sc, struct ray_comq_entry *com)
3307{
3308 int i = 0;
3309
3310 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3311 RAY_MAP_CM(sc);
3312
3313 while (!RAY_ECF_READY(sc)) {
3314 DELAY(RAY_ECF_SPIN_DELAY);
3315 if (++i > RAY_ECF_SPIN_TRIES)
3316 RAY_PANIC(sc, "spun too long");
3317 }
3318 if (i != 0)
3319 RAY_RECERR(sc, "spun %d times", i);
3320
3321 RAY_DPRINTF(sc, RAY_DBG_COM, "sending %p", com);
3322 RAY_DCOM(sc, RAY_DBG_DCOM, com, "sending");
3323 SRAM_WRITE_1(sc, RAY_SCB_CCSI, RAY_CCS_INDEX(com->c_ccs));
3324 RAY_ECF_START_CMD(sc);
3325
3326 if (RAY_COM_NEEDS_TIMO(
3327 SRAM_READ_FIELD_1(sc, com->c_ccs, ray_cmd, c_cmd))) {
3328 RAY_DPRINTF(sc, RAY_DBG_COM, "adding timeout");
b3a81bea
JS
3329 callout_reset(&sc->com_timer, RAY_COM_TIMEOUT,
3330 ray_com_ecf_timo, sc);
984263bc
MD
3331 }
3332}
3333
3334/*
3335 * Deal with commands that require a timeout to test completion.
3336 *
3337 * This routine is coded to only expect one outstanding request for the
3338 * timed out requests at a time, but thats all that can be outstanding
3339 * per hardware limitations and all that we issue anyway.
3340 *
3341 * We don't do any fancy testing of the command currently issued as we
3342 * know it must be a timeout based one...unless I've got this wrong!
3343 */
3344static void
3345ray_com_ecf_timo(void *xsc)
3346{
3347 struct ray_softc *sc = (struct ray_softc *)xsc;
3348 struct ray_comq_entry *com;
3349 u_int8_t cmd, status;
984263bc 3350
6b1c466c 3351 crit_enter();
984263bc
MD
3352
3353 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3354 RAY_MAP_CM(sc);
3355
3356 com = TAILQ_FIRST(&sc->sc_comq);
3357
3358 cmd = SRAM_READ_FIELD_1(sc, com->c_ccs, ray_cmd, c_cmd);
3359 status = SRAM_READ_FIELD_1(sc, com->c_ccs, ray_cmd, c_status);
3360 switch (status) {
3361
3362 case RAY_CCS_STATUS_COMPLETE:
3363 case RAY_CCS_STATUS_FREE: /* Buggy firmware */
3364 ray_intr_ccs(sc, cmd, status, com->c_ccs);
3365 break;
3366
3367 case RAY_CCS_STATUS_BUSY:
b3a81bea
JS
3368 callout_reset(&sc->com_timer, RAY_COM_TIMEOUT,
3369 ray_com_ecf_timo, sc);
984263bc
MD
3370 break;
3371
3372 default: /* Replicates NetBSD */
3373 if (sc->sc_ccsinuse[RAY_CCS_INDEX(com->c_ccs)] == 1) {
3374 /* give a chance for the interrupt to occur */
3375 sc->sc_ccsinuse[RAY_CCS_INDEX(com->c_ccs)] = 2;
b3a81bea
JS
3376 callout_reset(&sc->com_timer, RAY_COM_TIMEOUT,
3377 ray_com_ecf_timo, sc);
984263bc
MD
3378 } else
3379 ray_intr_ccs(sc, cmd, status, com->c_ccs);
3380 break;
3381
3382 }
3383
6b1c466c 3384 crit_exit();
984263bc
MD
3385}
3386
3387/*
3388 * Called when interrupt handler for the command has done all it
3389 * needs to. Will be called at splnet.
3390 */
3391static void
3392ray_com_ecf_done(struct ray_softc *sc)
3393{
3394 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3395
b3a81bea 3396 callout_stop(&sc->com_timer);
984263bc
MD
3397
3398 ray_com_runq_done(sc);
3399}
3400
3401#if RAY_DEBUG & RAY_DBG_COM
3402/*
3403 * Process completed ECF commands that probably came from the command queue
3404 *
3405 * This routine is called after vectoring the completed ECF command
3406 * to the appropriate _done routine. It helps check everything is okay.
3407 */
3408static void
3409ray_com_ecf_check(struct ray_softc *sc, size_t ccs, char *mesg)
3410{
3411 struct ray_comq_entry *com;
3412
3413 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "%s", mesg);
3414
3415 com = TAILQ_FIRST(&sc->sc_comq);
3416
3417 if (com == NULL)
3418 RAY_PANIC(sc, "no command queue");
3419 if (com->c_ccs != ccs)
3420 RAY_PANIC(sc, "ccs's don't match");
3421}
3422#endif /* RAY_DEBUG & RAY_DBG_COM */
3423
3424/*
3425 * CCS allocators
3426 */
3427
3428/*
3429 * Obtain a ccs for a commmand
3430 *
3431 * Returns 0 and in `ccsp' the bus offset of the free ccs. Will block
3432 * awaiting free ccs if needed - if the sleep is interrupted
3433 * EINTR/ERESTART is returned, if the card is ejected we return ENXIO.
3434 */
3435static int
3436ray_ccs_alloc(struct ray_softc *sc, size_t *ccsp, char *wmesg)
3437{
3438 size_t ccs;
3439 u_int i;
3440 int error;
3441
3442 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3443 RAY_MAP_CM(sc);
3444
3445 for (;;) {
3446 for (i = RAY_CCS_CMD_FIRST; i <= RAY_CCS_CMD_LAST; i++) {
3447 /* we probe here to make the card go */
3448 (void)SRAM_READ_FIELD_1(sc, RAY_CCS_ADDRESS(i), ray_cmd,
3449 c_status);
3450 if (!sc->sc_ccsinuse[i])
3451 break;
3452 }
3453 if (i > RAY_CCS_CMD_LAST) {
3454 RAY_DPRINTF(sc, RAY_DBG_CCS, "sleeping");
377d4740 3455 error = tsleep(ray_ccs_alloc, PCATCH, wmesg, 0);
984263bc
MD
3456 if ((sc == NULL) || (sc->sc_gone))
3457 return (ENXIO);
3458 RAY_DPRINTF(sc, RAY_DBG_CCS,
3459 "awakened, tsleep returned 0x%x", error);
3460 if (error)
3461 return (error);
3462 } else
3463 break;
3464 }
3465 RAY_DPRINTF(sc, RAY_DBG_CCS, "allocated 0x%02x", i);
3466 sc->sc_ccsinuse[i] = 1;
3467 ccs = RAY_CCS_ADDRESS(i);
3468 *ccsp = ccs;
3469
3470 return (0);
3471}
3472
3473/*
3474 * Fill the easy bits in of a pre-allocated CCS
3475 */
3476static void
3477ray_ccs_fill(struct ray_softc *sc, size_t ccs, u_int cmd)
3478{
3479 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3480 RAY_MAP_CM(sc);
3481
3482 if (ccs == NULL)
3483 RAY_PANIC(sc, "ccs not allocated");
3484
3485 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd, c_status, RAY_CCS_STATUS_BUSY);
3486 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd, c_cmd, cmd);
3487 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd, c_link, RAY_CCS_LINK_NULL);
3488}
3489
3490/*
3491 * Free up a ccs allocated via ray_ccs_alloc
3492 *
3493 * Return the old status. This routine is only used for ccs allocated via
3494 * ray_ccs_alloc (not tx, rx or ECF command requests).
3495 */
3496static void
3497ray_ccs_free(struct ray_softc *sc, size_t ccs)
3498{
3499 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3500 RAY_MAP_CM(sc);
3501
3502#if 1 | (RAY_DEBUG & RAY_DBG_CCS)
3503 if (!sc->sc_ccsinuse[RAY_CCS_INDEX(ccs)])
3504 RAY_RECERR(sc, "freeing free ccs 0x%02x", RAY_CCS_INDEX(ccs));
3505#endif /* RAY_DEBUG & RAY_DBG_CCS */
3506 if (!sc->sc_gone)
3507 RAY_CCS_FREE(sc, ccs);
3508 sc->sc_ccsinuse[RAY_CCS_INDEX(ccs)] = 0;
3509 RAY_DPRINTF(sc, RAY_DBG_CCS, "freed 0x%02x", RAY_CCS_INDEX(ccs));
3510 wakeup(ray_ccs_alloc);
3511}
3512
3513/*
3514 * Obtain a ccs and tx buffer to transmit with and fill them in.
3515 *
3516 * Returns 0 and in `ccsp' the bus offset of the free ccs. Will not block
3517 * and if none available and will returns EAGAIN.
3518 *
3519 * The caller must fill in the length later.
3520 * The caller must clear the ccs on errors.
3521 */
3522static int
3523ray_ccs_tx(struct ray_softc *sc, size_t *ccsp, size_t *bufpp)
3524{
3525 size_t ccs, bufp;
3526 int i;
3527 u_int8_t status;
3528
3529 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3530 RAY_MAP_CM(sc);
3531
3532 i = RAY_CCS_TX_FIRST;
3533 do {
3534 status = SRAM_READ_FIELD_1(sc, RAY_CCS_ADDRESS(i),
3535 ray_cmd, c_status);
3536 if (status == RAY_CCS_STATUS_FREE)
3537 break;
3538 i++;
3539 } while (i <= RAY_CCS_TX_LAST);
3540 if (i > RAY_CCS_TX_LAST) {
3541 return (EAGAIN);
3542 }
3543 RAY_DPRINTF(sc, RAY_DBG_CCS, "allocated 0x%02x", i);
3544
3545 /*
3546 * Reserve and fill the ccs - must do the length later.
3547 *
3548 * Even though build 4 and build 5 have different fields all these
3549 * are common apart from tx_rate. Neither the NetBSD driver or Linux
3550 * driver bother to overwrite this for build 4 cards.
3551 *
3552 * The start of the buffer must be aligned to a 256 byte boundary
3553 * (least significant byte of address = 0x00).
3554 */
3555 ccs = RAY_CCS_ADDRESS(i);
3556 bufp = RAY_TX_BASE + i * RAY_TX_BUF_SIZE;
3557 bufp += sc->sc_tibsize;
3558 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_status, RAY_CCS_STATUS_BUSY);
3559 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_cmd, RAY_CMD_TX_REQ);
3560 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_link, RAY_CCS_LINK_NULL);
3561 SRAM_WRITE_FIELD_2(sc, ccs, ray_cmd_tx, c_bufp, bufp);
3562 SRAM_WRITE_FIELD_1(sc,
3563 ccs, ray_cmd_tx, c_tx_rate, sc->sc_c.np_def_txrate);
3564 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_apm_mode, 0);
3565 bufp += sizeof(struct ray_tx_phy_header);
3566
3567 *ccsp = ccs;
3568 *bufpp = bufp;
3569 return (0);
3570}
3571
3572/*
3573 * Routines to obtain resources for the card
3574 */
3575
3576/*
3577 * Allocate the attribute memory on the card
3578 *
3579 * The attribute memory space is abused by these devices as IO space. As such
3580 * the OS card services don't have a chance of knowing that they need to keep
3581 * the attribute space mapped. We have to do it manually.
3582 */
3583static int
3584ray_res_alloc_am(struct ray_softc *sc)
3585{
3586 int error;
3587
3588 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CM, "");
3589
3590 sc->am_rid = RAY_AM_RID;
3591 sc->am_res = bus_alloc_resource(sc->dev, SYS_RES_MEMORY,
3592 &sc->am_rid, 0UL, ~0UL, 0x1000, RF_ACTIVE);
3593 if (!sc->am_res) {
3594 RAY_PRINTF(sc, "Cannot allocate attribute memory");
3595 return (ENOMEM);
3596 }
3597 error = CARD_SET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
76ded439 3598 sc->am_rid, 0, NULL);
984263bc
MD
3599 if (error) {
3600 RAY_PRINTF(sc, "CARD_SET_MEMORY_OFFSET returned 0x%0x", error);
3601 return (error);
3602 }
3603 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3604 SYS_RES_MEMORY, sc->am_rid, PCCARD_A_MEM_ATTR);
3605 if (error) {
3606 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3607 return (error);
3608 }
3609 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3610 SYS_RES_MEMORY, sc->am_rid, PCCARD_A_MEM_8BIT);
3611 if (error) {
3612 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3613 return (error);
3614 }
3615 sc->am_bsh = rman_get_bushandle(sc->am_res);
3616 sc->am_bst = rman_get_bustag(sc->am_res);
3617
3618#if RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM)
3619{
3620 u_long flags;
3621 u_int32_t offset;
3622 CARD_GET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3623 SYS_RES_MEMORY, sc->am_rid, &flags);
3624 CARD_GET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
3625 sc->am_rid, &offset);
3626 RAY_PRINTF(sc, "allocated attribute memory:\n"
3627 ". start 0x%0lx count 0x%0lx flags 0x%0lx offset 0x%0x",
3628 bus_get_resource_start(sc->dev, SYS_RES_MEMORY, sc->am_rid),
3629 bus_get_resource_count(sc->dev, SYS_RES_MEMORY, sc->am_rid),
3630 flags, offset);
3631}
3632#endif /* RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM) */
3633
3634 return (0);
3635}
3636
3637/*
3638 * Allocate the common memory on the card
3639 *
3640 * As this memory is described in the CIS, the OS card services should
3641 * have set the map up okay, but the card uses 8 bit RAM. This is not
3642 * described in the CIS.
3643 */
3644static int
3645ray_res_alloc_cm(struct ray_softc *sc)
3646{
3647 u_long start, count, end;
3648 int error;
3649
3650 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CM, "");
3651
3652 RAY_DPRINTF(sc,RAY_DBG_CM | RAY_DBG_BOOTPARAM,
3653 "cm start 0x%0lx count 0x%0lx",
3654 bus_get_resource_start(sc->dev, SYS_RES_MEMORY, RAY_CM_RID),
3655 bus_get_resource_count(sc->dev, SYS_RES_MEMORY, RAY_CM_RID));
3656
3657 sc->cm_rid = RAY_CM_RID;
3658 start = bus_get_resource_start(sc->dev, SYS_RES_MEMORY, sc->cm_rid);
3659 count = bus_get_resource_count(sc->dev, SYS_RES_MEMORY, sc->cm_rid);
3660 end = start + count - 1;
3661 sc->cm_res = bus_alloc_resource(sc->dev, SYS_RES_MEMORY,
3662 &sc->cm_rid, start, end, count, RF_ACTIVE);
3663 if (!sc->cm_res) {
3664 RAY_PRINTF(sc, "Cannot allocate common memory");
3665 return (ENOMEM);
3666 }
3667 error = CARD_SET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
76ded439 3668 sc->cm_rid, 0, NULL);
984263bc
MD
3669 if (error) {
3670 RAY_PRINTF(sc, "CARD_SET_MEMORY_OFFSET returned 0x%0x", error);
3671 return (error);
3672 }
3673 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3674 SYS_RES_MEMORY, sc->cm_rid, PCCARD_A_MEM_COM);
3675 if (error) {
3676 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3677 return (error);
3678 }
3679 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3680 SYS_RES_MEMORY, sc->cm_rid, PCCARD_A_MEM_8BIT);
3681 if (error) {
3682 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3683 return (error);
3684 }
3685 sc->cm_bsh = rman_get_bushandle(sc->cm_res);
3686 sc->cm_bst = rman_get_bustag(sc->cm_res);
3687
3688#if RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM)
3689{
3690 u_long flags;
3691 u_int32_t offset;
3692 CARD_GET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3693 SYS_RES_MEMORY, sc->cm_rid, &flags);
3694 CARD_GET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
3695 sc->cm_rid, &offset);
3696 RAY_PRINTF(sc, "allocated common memory:\n"
3697 ". start 0x%0lx count 0x%0lx flags 0x%0lx offset 0x%0x",
3698 bus_get_resource_start(sc->dev, SYS_RES_MEMORY, sc->cm_rid),
3699 bus_get_resource_count(sc->dev, SYS_RES_MEMORY, sc->cm_rid),
3700 flags, offset);
3701}
3702#endif /* RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM) */
3703
3704 return (0);
3705}
3706
3707/*
3708 * Get an irq and attach it to the bus
3709 */
3710static int
3711ray_res_alloc_irq(struct ray_softc *sc)
3712{
3713 int error;
3714
3715 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3716
3717 RAY_DPRINTF(sc,RAY_DBG_CM | RAY_DBG_BOOTPARAM,
3718 "irq start 0x%0lx count 0x%0lx",
3719 bus_get_resource_start(sc->dev, SYS_RES_IRQ, 0),
3720 bus_get_resource_count(sc->dev, SYS_RES_IRQ, 0));
3721
3722 sc->irq_rid = 0;
4e6d744d
JS
3723 sc->irq_res = bus_alloc_resource_any(sc->dev, SYS_RES_IRQ,
3724 &sc->irq_rid, RF_ACTIVE);
984263bc
MD
3725 if (!sc->irq_res) {
3726 RAY_PRINTF(sc, "Cannot allocate irq");
3727 return (ENOMEM);
3728 }
e9cb6d99
MD
3729 error = bus_setup_intr(sc->dev, sc->irq_res, INTR_TYPE_NET,
3730 ray_intr, sc, &sc->irq_handle, NULL);
3731 if (error) {
984263bc
MD
3732 RAY_PRINTF(sc, "Failed to setup irq");
3733 return (error);
3734 }
3735 RAY_DPRINTF(sc, RAY_DBG_CM | RAY_DBG_BOOTPARAM, "allocated irq:\n"
3736 ". start 0x%0lx count 0x%0lx",
3737 bus_get_resource_start(sc->dev, SYS_RES_IRQ, sc->irq_rid),
3738 bus_get_resource_count(sc->dev, SYS_RES_IRQ, sc->irq_rid));
3739
3740 return (0);
3741}
3742
3743/*
3744 * Release all of the card's resources
3745 */
3746static void
3747ray_res_release(struct ray_softc *sc)
3748{
3749 if (sc->irq_res != 0) {
3750 bus_teardown_intr(sc->dev, sc->irq_res, sc->irq_handle);
3751 bus_release_resource(sc->dev, SYS_RES_IRQ,
3752 sc->irq_rid, sc->irq_res);
3753 sc->irq_res = 0;
3754 }
3755 if (sc->am_res != 0) {
3756 bus_release_resource(sc->dev, SYS_RES_MEMORY,
3757 sc->am_rid, sc->am_res);
3758 sc->am_res = 0;
3759 }
3760 if (sc->cm_res != 0) {
3761 bus_release_resource(sc->dev, SYS_RES_MEMORY,
3762 sc->cm_rid, sc->cm_res);
3763 sc->cm_res = 0;
3764 }
3765}
3766
3767/*
3768 * mbuf dump
3769 */
3770#if RAY_DEBUG & RAY_DBG_MBUF
3771static void
3772ray_dump_mbuf(struct ray_softc *sc, struct mbuf *m, char *s)
3773{
3774 u_int8_t *d, *ed;
3775 u_int i;
3776 char p[17];
3777
3778 RAY_PRINTF(sc, "%s", s);
3779 RAY_PRINTF(sc, "\nm0->data\t0x%p\nm_pkthdr.len\t%d\nm_len\t%d",
3780 mtod(m, u_int8_t *), m->m_pkthdr.len, m->m_len);
3781 i = 0;
3782 bzero(p, 17);
3783 for (; m; m = m->m_next) {
3784 d = mtod(m, u_int8_t *);
3785 ed = d + m->m_len;
3786
3787 for (; d < ed; i++, d++) {
3788 if ((i % 16) == 0) {
3789 printf(" %s\n\t", p);
3790 } else if ((i % 8) == 0)
3791 printf(" ");
3792 printf(" %02x", *d);
3793 p[i % 16] = ((*d >= 0x20) && (*d < 0x80)) ? *d : '.';
3794 }
3795 }
3796 if ((i - 1) % 16)
3797 printf(" %s\n", p);
3798}
3799#endif /* RAY_DEBUG & RAY_DBG_MBUF */