projects / dragonfly.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | history | HEAD
wlan - Update ath, sync rev 1.276@FreeBSD
[dragonfly.git] / sys / dev / netif / ath / ath / if_ath.c
CommitLineData
86877dfb
RP		 1/*-
2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
193b341d
SZ		 3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer,
10 * without modification.
11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any
13 * redistribution must be conditioned upon including a substantially
14 * similar Disclaimer requirement for further binary redistribution.
193b341d
SZ		 15 *
16 * NO WARRANTY
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY
20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY,
22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
27 * THE POSSIBILITY OF SUCH DAMAGES.
28 *
86877dfb 29 * $FreeBSD: head/sys/dev/ath/if_ath.c 203751 2010-02-10 11:12:39Z rpaulo $");
193b341d
SZ		 30 */
31
32/*
33 * Driver for the Atheros Wireless LAN controller.
34 *
35 * This software is derived from work of Atsushi Onoe; his contribution
36 * is greatly appreciated.
37 */
38
86877dfb 39#include "opt_inet.h"
193b341d 40#include "opt_ath.h"
86877dfb 41#include "opt_wlan.h"
193b341d
SZ		 42
43#include <sys/param.h>
44#include <sys/systm.h>
45#include <sys/sysctl.h>
46#include <sys/mbuf.h>
47#include <sys/malloc.h>
86877dfb
RP		 48#include <sys/lock.h>
49#include <sys/mutex.h>
193b341d
SZ		 50#include <sys/kernel.h>
51#include <sys/socket.h>
52#include <sys/sockio.h>
53#include <sys/errno.h>
54#include <sys/callout.h>
55#include <sys/bus.h>
56#include <sys/endian.h>
57#include <sys/kthread.h>
86877dfb
RP		 58#include <sys/taskqueue.h>
59#include <sys/priv.h>
60
193b341d
SZ		 61#include <net/if.h>
62#include <net/if_dl.h>
63#include <net/if_media.h>
64#include <net/if_types.h>
65#include <net/if_arp.h>
193b341d
SZ		 66#include <net/if_llc.h>
67#include <net/ifq_var.h>
68
69#include <netproto/802_11/ieee80211_var.h>
86877dfb
RP		 70#include <netproto/802_11/ieee80211_regdomain.h>
71#ifdef IEEE80211_SUPPORT_SUPERG
72#include <netproto/802_11/ieee80211_superg.h>
73#endif
74#ifdef IEEE80211_SUPPORT_TDMA
75#include <netproto/802_11/ieee80211_tdma.h>
76#endif
193b341d
SZ		 77
78#include <net/bpf.h>
79
86877dfb
RP		 80#ifdef INET
81#include <netinet/in.h>
82#include <netinet/if_ether.h>
8982d733 83#endif
193b341d
SZ		 84
85#include <dev/netif/ath/ath/if_athvar.h>
3f720b20 86#include <dev/netif/ath/hal/ath_hal/ah_devid.h> /* XXX for softled */
193b341d 87
86877dfb
RP		 88#ifdef ATH_TX99_DIAG
89#include <dev/netif/ath_tx99/ath_tx99.h>
90#endif
91
92/*
93 * ATH_BCBUF determines the number of vap's that can transmit
94 * beacons and also (currently) the number of vap's that can
95 * have unique mac addresses/bssid. When staggering beacons
96 * 4 is probably a good max as otherwise the beacons become
97 * very closely spaced and there is limited time for cab q traffic
98 * to go out. You can burst beacons instead but that is not good
99 * for stations in power save and at some point you really want
100 * another radio (and channel).
101 *
102 * The limit on the number of mac addresses is tied to our use of
103 * the U/L bit and tracking addresses in a byte; it would be
104 * worthwhile to allow more for applications like proxy sta.
105 */
106CTASSERT(ATH_BCBUF <= 8);
107
193b341d
SZ		 108/* unaligned little endian access */
109#define LE_READ_2(p) \
86877dfb
RP		 110 ((u_int16_t) \
111 ((((u_int8_t *)(p))[0] ) | (((u_int8_t *)(p))[1] << 8)))
193b341d 112#define LE_READ_4(p) \
86877dfb
RP		 113 ((u_int32_t) \
114 ((((u_int8_t *)(p))[0] ) | (((u_int8_t *)(p))[1] << 8) | \
115 (((u_int8_t *)(p))[2] << 16) | (((u_int8_t *)(p))[3] << 24)))
116
117static struct ieee80211vap *ath_vap_create(struct ieee80211com *,
118 const char name[IFNAMSIZ], int unit, int opmode,
119 int flags, const uint8_t bssid[IEEE80211_ADDR_LEN],
120 const uint8_t mac[IEEE80211_ADDR_LEN]);
121static void ath_vap_delete(struct ieee80211vap *);
193b341d 122static void ath_init(void *);
86877dfb 123static void ath_stop_locked(struct ifnet *);
193b341d
SZ		 124static void ath_stop(struct ifnet *);
125static void ath_start(struct ifnet *);
126static int ath_reset(struct ifnet *);
86877dfb 127static int ath_reset_vap(struct ieee80211vap *, u_long);
193b341d 128static int ath_media_change(struct ifnet *);
a311f6cd 129static void ath_watchdog_callout(void *);
193b341d 130static int ath_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
86877dfb
RP		 131static void ath_fatal_proc(void *, int);
132static void ath_bmiss_vap(struct ieee80211vap *);
a311f6cd 133static void ath_bmiss_task(void *, int);
86877dfb
RP		 134static int ath_keyset(struct ath_softc *, const struct ieee80211_key *,
135 struct ieee80211_node *);
136static int ath_key_alloc(struct ieee80211vap *,
137 struct ieee80211_key *,
193b341d 138 ieee80211_keyix *, ieee80211_keyix *);
86877dfb 139static int ath_key_delete(struct ieee80211vap *,
193b341d 140 const struct ieee80211_key *);
86877dfb
RP		 141static int ath_key_set(struct ieee80211vap *, const struct ieee80211_key *,
142 const u_int8_t mac[IEEE80211_ADDR_LEN]);
143static void ath_key_update_begin(struct ieee80211vap *);
144static void ath_key_update_end(struct ieee80211vap *);
145static void ath_update_mcast(struct ifnet *);
146static void ath_update_promisc(struct ifnet *);
193b341d
SZ		 147static void ath_mode_init(struct ath_softc *);
148static void ath_setslottime(struct ath_softc *);
149static void ath_updateslot(struct ifnet *);
150static int ath_beaconq_setup(struct ath_hal *);
151static int ath_beacon_alloc(struct ath_softc *, struct ieee80211_node *);
86877dfb 152static void ath_beacon_update(struct ieee80211vap *, int item);
193b341d 153static void ath_beacon_setup(struct ath_softc *, struct ath_buf *);
86877dfb
RP		 154static void ath_beacon_proc(void *, int);
155static struct ath_buf *ath_beacon_generate(struct ath_softc *,
156 struct ieee80211vap *);
a311f6cd 157static void ath_bstuck_task(void *, int);
86877dfb 158static void ath_beacon_return(struct ath_softc *, struct ath_buf *);
193b341d 159static void ath_beacon_free(struct ath_softc *);
86877dfb 160static void ath_beacon_config(struct ath_softc *, struct ieee80211vap *);
193b341d
SZ		 161static void ath_descdma_cleanup(struct ath_softc *sc,
162 struct ath_descdma *, ath_bufhead *);
163static int ath_desc_alloc(struct ath_softc *);
164static void ath_desc_free(struct ath_softc *);
86877dfb
RP		 165static struct ieee80211_node *ath_node_alloc(struct ieee80211vap *,
166 const uint8_t [IEEE80211_ADDR_LEN]);
193b341d 167static void ath_node_free(struct ieee80211_node *);
86877dfb
RP		 168static void ath_node_getsignal(const struct ieee80211_node *,
169 int8_t *, int8_t *);
193b341d 170static int ath_rxbuf_init(struct ath_softc *, struct ath_buf *);
86877dfb
RP		 171static void ath_recv_mgmt(struct ieee80211_node *ni, struct mbuf *m,
172 int subtype, int rssi, int nf);
193b341d 173static void ath_setdefantenna(struct ath_softc *, u_int);
a311f6cd 174static void ath_rx_task(void *, int);
ed33fa9f 175static void ath_txq_init(struct ath_softc *sc, struct ath_txq *, int);
193b341d
SZ		 176static struct ath_txq *ath_txq_setup(struct ath_softc*, int qtype, int subtype);
177static int ath_tx_setup(struct ath_softc *, int, int);
178static int ath_wme_update(struct ieee80211com *);
179static void ath_tx_cleanupq(struct ath_softc *, struct ath_txq *);
180static void ath_tx_cleanup(struct ath_softc *);
86877dfb 181static void ath_freetx(struct mbuf *);
193b341d
SZ		 182static int ath_tx_start(struct ath_softc *, struct ieee80211_node *,
183 struct ath_buf *, struct mbuf *);
a311f6cd
MD		 184static void ath_tx_task_q0(void *, int);
185static void ath_tx_task_q0123(void *, int);
186static void ath_tx_task(void *, int);
86877dfb 187static void ath_tx_draintxq(struct ath_softc *, struct ath_txq *);
193b341d
SZ		 188static int ath_chan_set(struct ath_softc *, struct ieee80211_channel *);
189static void ath_draintxq(struct ath_softc *);
190static void ath_stoprecv(struct ath_softc *);
191static int ath_startrecv(struct ath_softc *);
192static void ath_chan_change(struct ath_softc *, struct ieee80211_channel *);
86877dfb
RP		 193static void ath_scan_start(struct ieee80211com *);
194static void ath_scan_end(struct ieee80211com *);
195static void ath_set_channel(struct ieee80211com *);
a311f6cd 196static void ath_calibrate_callout(void *);
86877dfb 197static int ath_newstate(struct ieee80211vap *, enum ieee80211_state, int);
193b341d
SZ		 198static void ath_setup_stationkey(struct ieee80211_node *);
199static void ath_newassoc(struct ieee80211_node *, int);
86877dfb
RP		 200static int ath_setregdomain(struct ieee80211com *,
201 struct ieee80211_regdomain *, int,
202 struct ieee80211_channel []);
203static void ath_getradiocaps(struct ieee80211com *, int, int *,
204 struct ieee80211_channel []);
205static int ath_getchannels(struct ath_softc *);
193b341d 206static void ath_led_event(struct ath_softc *, int);
193b341d
SZ		 207
208static int ath_rate_setup(struct ath_softc *, u_int mode);
209static void ath_setcurmode(struct ath_softc *, enum ieee80211_phymode);
210
211static void ath_sysctlattach(struct ath_softc *);
86877dfb
RP		 212static int ath_raw_xmit(struct ieee80211_node *,
213 struct mbuf *, const struct ieee80211_bpf_params *);
193b341d
SZ		 214static void ath_announce(struct ath_softc *);
215
86877dfb
RP		 216#ifdef IEEE80211_SUPPORT_TDMA
217static void ath_tdma_settimers(struct ath_softc *sc, u_int32_t nexttbtt,
218 u_int32_t bintval);
219static void ath_tdma_bintvalsetup(struct ath_softc *sc,
220 const struct ieee80211_tdma_state *tdma);
221static void ath_tdma_config(struct ath_softc *sc, struct ieee80211vap *vap);
222static void ath_tdma_update(struct ieee80211_node *ni,
223 const struct ieee80211_tdma_param *tdma, int);
224static void ath_tdma_beacon_send(struct ath_softc *sc,
225 struct ieee80211vap *vap);
226
227static __inline void
228ath_hal_setcca(struct ath_hal *ah, int ena)
229{
230 /*
231 * NB: fill me in; this is not provided by default because disabling
232 * CCA in most locales violates regulatory.
233 */
234}
235
236static __inline int
237ath_hal_getcca(struct ath_hal *ah)
238{
239 u_int32_t diag;
240 if (ath_hal_getcapability(ah, HAL_CAP_DIAG, 0, &diag) != HAL_OK)
241 return 1;
242 return ((diag & 0x500000) == 0);
243}
244
245#define TDMA_EP_MULTIPLIER (1<<10) /* pow2 to optimize out * and / */
246#define TDMA_LPF_LEN 6
247#define TDMA_DUMMY_MARKER 0x127
248#define TDMA_EP_MUL(x, mul) ((x) * (mul))
249#define TDMA_IN(x) (TDMA_EP_MUL((x), TDMA_EP_MULTIPLIER))
250#define TDMA_LPF(x, y, len) \
251 ((x != TDMA_DUMMY_MARKER) ? (((x) * ((len)-1) + (y)) / (len)) : (y))
252#define TDMA_SAMPLE(x, y) do { \
253 x = TDMA_LPF((x), TDMA_IN(y), TDMA_LPF_LEN); \
254} while (0)
255#define TDMA_EP_RND(x,mul) \
256 ((((x)%(mul)) >= ((mul)/2)) ? ((x) + ((mul) - 1)) / (mul) : (x)/(mul))
257#define TDMA_AVG(x) TDMA_EP_RND(x, TDMA_EP_MULTIPLIER)
258#endif /* IEEE80211_SUPPORT_TDMA */
193b341d
SZ		 259
260SYSCTL_DECL(_hw_ath);
261
262/* XXX validate sysctl values */
86877dfb
RP		 263static int ath_longcalinterval = 30; /* long cals every 30 secs */
264SYSCTL_INT(_hw_ath, OID_AUTO, longcal, CTLFLAG_RW, &ath_longcalinterval,
265 0, "long chip calibration interval (secs)");
266static int ath_shortcalinterval = 100; /* short cals every 100 ms */
267SYSCTL_INT(_hw_ath, OID_AUTO, shortcal, CTLFLAG_RW, &ath_shortcalinterval,
268 0, "short chip calibration interval (msecs)");
269static int ath_resetcalinterval = 20*60; /* reset cal state 20 mins */
270SYSCTL_INT(_hw_ath, OID_AUTO, resetcal, CTLFLAG_RW, &ath_resetcalinterval,
271 0, "reset chip calibration results (secs)");
193b341d
SZ		 272
273static int ath_rxbuf = ATH_RXBUF; /* # rx buffers to allocate */
86877dfb 274SYSCTL_INT(_hw_ath, OID_AUTO, rxbuf, CTLFLAG_RW, &ath_rxbuf,
193b341d
SZ		 275 0, "rx buffers allocated");
276TUNABLE_INT("hw.ath.rxbuf", &ath_rxbuf);
277static int ath_txbuf = ATH_TXBUF; /* # tx buffers to allocate */
86877dfb 278SYSCTL_INT(_hw_ath, OID_AUTO, txbuf, CTLFLAG_RW, &ath_txbuf,
193b341d
SZ		 279 0, "tx buffers allocated");
280TUNABLE_INT("hw.ath.txbuf", &ath_txbuf);
281
86877dfb
RP		 282static int ath_bstuck_threshold = 4; /* max missed beacons */
283SYSCTL_INT(_hw_ath, OID_AUTO, bstuck, CTLFLAG_RW, &ath_bstuck_threshold,
284 0, "max missed beacon xmits before chip reset");
285
193b341d 286#ifdef ATH_DEBUG
193b341d
SZ		 287enum {
288 ATH_DEBUG_XMIT = 0x00000001, /* basic xmit operation */
289 ATH_DEBUG_XMIT_DESC = 0x00000002, /* xmit descriptors */
290 ATH_DEBUG_RECV = 0x00000004, /* basic recv operation */
291 ATH_DEBUG_RECV_DESC = 0x00000008, /* recv descriptors */
292 ATH_DEBUG_RATE = 0x00000010, /* rate control */
293 ATH_DEBUG_RESET = 0x00000020, /* reset processing */
294 ATH_DEBUG_MODE = 0x00000040, /* mode init/setup */
295 ATH_DEBUG_BEACON = 0x00000080, /* beacon handling */
296 ATH_DEBUG_WATCHDOG = 0x00000100, /* watchdog timeout */
297 ATH_DEBUG_INTR = 0x00001000, /* ISR */
298 ATH_DEBUG_TX_PROC = 0x00002000, /* tx ISR proc */
299 ATH_DEBUG_RX_PROC = 0x00004000, /* rx ISR proc */
300 ATH_DEBUG_BEACON_PROC = 0x00008000, /* beacon ISR proc */
301 ATH_DEBUG_CALIBRATE = 0x00010000, /* periodic calibration */
302 ATH_DEBUG_KEYCACHE = 0x00020000, /* key cache management */
303 ATH_DEBUG_STATE = 0x00040000, /* 802.11 state transitions */
304 ATH_DEBUG_NODE = 0x00080000, /* node management */
305 ATH_DEBUG_LED = 0x00100000, /* led management */
306 ATH_DEBUG_FF = 0x00200000, /* fast frames */
307 ATH_DEBUG_DFS = 0x00400000, /* DFS processing */
86877dfb
RP		 308 ATH_DEBUG_TDMA = 0x00800000, /* TDMA processing */
309 ATH_DEBUG_TDMA_TIMER = 0x01000000, /* TDMA timer processing */
310 ATH_DEBUG_REGDOMAIN = 0x02000000, /* regulatory processing */
193b341d
SZ		 311 ATH_DEBUG_FATAL = 0x80000000, /* fatal errors */
312 ATH_DEBUG_ANY = 0xffffffff
313};
86877dfb
RP		 314static int ath_debug = 0;
315SYSCTL_INT(_hw_ath, OID_AUTO, debug, CTLFLAG_RW, &ath_debug,
316 0, "control debugging printfs");
317TUNABLE_INT("hw.ath.debug", &ath_debug);
318
193b341d
SZ		 319#define IFF_DUMPPKTS(sc, m) \
320 ((sc->sc_debug & (m)) || \
86877dfb 321 (sc->sc_ifp->if_flags & (IFF_DEBUG|IFF_LINK2)) == (IFF_DEBUG|IFF_LINK2))
193b341d
SZ		 322#define DPRINTF(sc, m, fmt, ...) do { \
323 if (sc->sc_debug & (m)) \
2508f206 324 kprintf(fmt, __VA_ARGS__); \
193b341d
SZ		 325} while (0)
326#define KEYPRINTF(sc, ix, hk, mac) do { \
327 if (sc->sc_debug & ATH_DEBUG_KEYCACHE) \
8982d733 328 ath_keyprint(sc, __func__, ix, hk, mac); \
193b341d 329} while (0)
86877dfb
RP		 330static void ath_printrxbuf(struct ath_softc *, const struct ath_buf *bf,
331 u_int ix, int);
332static void ath_printtxbuf(struct ath_softc *, const struct ath_buf *bf,
333 u_int qnum, u_int ix, int done);
193b341d
SZ		 334#else
335#define IFF_DUMPPKTS(sc, m) \
86877dfb 336 ((sc->sc_ifp->if_flags & (IFF_DEBUG|IFF_LINK2)) == (IFF_DEBUG|IFF_LINK2))
193b341d
SZ		 337#define DPRINTF(sc, m, fmt, ...) do { \
338 (void) sc; \
339} while (0)
340#define KEYPRINTF(sc, k, ix, mac) do { \
341 (void) sc; \
342} while (0)
343#endif
344
345MALLOC_DEFINE(M_ATHDEV, "athdev", "ath driver dma buffers");
346
347int
86877dfb 348ath_attach(u_int16_t devid, struct ath_softc *sc)
193b341d 349{
86877dfb
RP		 350 struct ifnet *ifp;
351 struct ieee80211com *ic;
193b341d
SZ		 352 struct ath_hal *ah = NULL;
353 HAL_STATUS status;
354 int error = 0, i;
86877dfb
RP		 355 u_int wmodes;
356 uint8_t macaddr[IEEE80211_ADDR_LEN];
193b341d
SZ		 357
358 DPRINTF(sc, ATH_DEBUG_ANY, "%s: devid 0x%x\n", __func__, devid);
359
86877dfb
RP		 360 ifp = sc->sc_ifp = if_alloc(IFT_IEEE80211);
361 if (ifp == NULL) {
362 device_printf(sc->sc_dev, "can not if_alloc()\n");
363 error = ENOSPC;
364 goto bad;
365 }
366 ic = ifp->if_l2com;
367
193b341d
SZ		 368 /* set these up early for if_printf use */
369 if_initname(ifp, device_get_name(sc->sc_dev),
86877dfb 370 device_get_unit(sc->sc_dev));
193b341d 371
09da298d
AHJ		 372 /* prepare sysctl tree for use in sub modules */
373 sysctl_ctx_init(&sc->sc_sysctl_ctx);
374 sc->sc_sysctl_tree = SYSCTL_ADD_NODE(&sc->sc_sysctl_ctx,
375 SYSCTL_STATIC_CHILDREN(_hw),
376 OID_AUTO,
377 device_get_nameunit(sc->sc_dev),
378 CTLFLAG_RD, 0, "");
379
193b341d
SZ		 380 ah = ath_hal_attach(devid, sc, sc->sc_st, sc->sc_sh, &status);
381 if (ah == NULL) {
382 if_printf(ifp, "unable to attach hardware; HAL status %u\n",
383 status);
384 error = ENXIO;
86877dfb 385 goto bad;
193b341d
SZ		 386 }
387 sc->sc_ah = ah;
193b341d 388 sc->sc_invalid = 0; /* ready to go, enable interrupt handling */
86877dfb
RP		 389#ifdef ATH_DEBUG
390 sc->sc_debug = ath_debug;
391#endif
193b341d
SZ		 392
393 /*
394 * Check if the MAC has multi-rate retry support.
395 * We do this by trying to setup a fake extended
396 * descriptor. MAC's that don't have support will
397 * return false w/o doing anything. MAC's that do
398 * support it will return true w/o doing anything.
399 */
400 sc->sc_mrretry = ath_hal_setupxtxdesc(ah, NULL, 0,0, 0,0, 0,0);
401
402 /*
403 * Check if the device has hardware counters for PHY
404 * errors. If so we need to enable the MIB interrupt
405 * so we can act on stat triggers.
406 */
407 if (ath_hal_hwphycounters(ah))
408 sc->sc_needmib = 1;
409
410 /*
411 * Get the hardware key cache size.
412 */
413 sc->sc_keymax = ath_hal_keycachesize(ah);
414 if (sc->sc_keymax > ATH_KEYMAX) {
415 if_printf(ifp, "Warning, using only %u of %u key cache slots\n",
416 ATH_KEYMAX, sc->sc_keymax);
417 sc->sc_keymax = ATH_KEYMAX;
418 }
419 /*
420 * Reset the key cache since some parts do not
421 * reset the contents on initial power up.
422 */
423 for (i = 0; i < sc->sc_keymax; i++)
424 ath_hal_keyreset(ah, i);
193b341d
SZ		 425
426 /*
86877dfb 427 * Collect the default channel list.
193b341d 428 */
86877dfb
RP		 429 error = ath_getchannels(sc);
430 if (error != 0)
431 goto bad;
193b341d
SZ		 432
433 /*
434 * Setup rate tables for all potential media types.
435 */
436 ath_rate_setup(sc, IEEE80211_MODE_11A);
437 ath_rate_setup(sc, IEEE80211_MODE_11B);
438 ath_rate_setup(sc, IEEE80211_MODE_11G);
439 ath_rate_setup(sc, IEEE80211_MODE_TURBO_A);
440 ath_rate_setup(sc, IEEE80211_MODE_TURBO_G);
86877dfb
RP		 441 ath_rate_setup(sc, IEEE80211_MODE_STURBO_A);
442 ath_rate_setup(sc, IEEE80211_MODE_11NA);
443 ath_rate_setup(sc, IEEE80211_MODE_11NG);
444 ath_rate_setup(sc, IEEE80211_MODE_HALF);
445 ath_rate_setup(sc, IEEE80211_MODE_QUARTER);
193b341d
SZ		 446
447 /* NB: setup here so ath_rate_update is happy */
448 ath_setcurmode(sc, IEEE80211_MODE_11A);
449
450 /*
451 * Allocate tx+rx descriptors and populate the lists.
452 */
a311f6cd
MD		 453 wlan_assert_serialized();
454 wlan_serialize_exit();
193b341d 455 error = ath_desc_alloc(sc);
a311f6cd 456 wlan_serialize_enter();
86877dfb 457 if (error != 0) {
193b341d 458 if_printf(ifp, "failed to allocate descriptors: %d\n", error);
86877dfb 459 goto bad;
193b341d 460 }
193b341d 461 callout_init(&sc->sc_cal_ch);
86877dfb
RP		 462 callout_init(&sc->sc_wd_ch);
463
a3062ee4 464 sc->sc_tq = taskqueue_create("ath_taskq", M_INTWAIT,
86877dfb
RP		 465 taskqueue_thread_enqueue, &sc->sc_tq);
466 taskqueue_start_threads(&sc->sc_tq, 1, TDPRI_KERN_DAEMON, -1,
467 "%s taskq", ifp->if_xname);
468
a311f6cd
MD		 469 TASK_INIT(&sc->sc_rxtask, 0, ath_rx_task, sc);
470 TASK_INIT(&sc->sc_bmisstask, 0, ath_bmiss_task, sc);
471 TASK_INIT(&sc->sc_bstucktask,0, ath_bstuck_task, sc);
193b341d
SZ		 472
473 /*
474 * Allocate hardware transmit queues: one queue for
475 * beacon frames and one data queue for each QoS
476 * priority. Note that the hal handles reseting
477 * these queues at the needed time.
478 *
479 * XXX PS-Poll
480 */
481 sc->sc_bhalq = ath_beaconq_setup(ah);
86877dfb 482 if (sc->sc_bhalq == (u_int) -1) {
193b341d
SZ		 483 if_printf(ifp, "unable to setup a beacon xmit queue!\n");
484 error = EIO;
86877dfb 485 goto bad2;
193b341d 486 }
193b341d
SZ		 487 sc->sc_cabq = ath_txq_setup(sc, HAL_TX_QUEUE_CAB, 0);
488 if (sc->sc_cabq == NULL) {
489 if_printf(ifp, "unable to setup CAB xmit queue!\n");
490 error = EIO;
86877dfb 491 goto bad2;
193b341d 492 }
193b341d
SZ		 493 /* NB: insure BK queue is the lowest priority h/w queue */
494 if (!ath_tx_setup(sc, WME_AC_BK, HAL_WME_AC_BK)) {
495 if_printf(ifp, "unable to setup xmit queue for %s traffic!\n",
496 ieee80211_wme_acnames[WME_AC_BK]);
497 error = EIO;
86877dfb 498 goto bad2;
193b341d
SZ		 499 }
500 if (!ath_tx_setup(sc, WME_AC_BE, HAL_WME_AC_BE) ||
501 !ath_tx_setup(sc, WME_AC_VI, HAL_WME_AC_VI) ||
502 !ath_tx_setup(sc, WME_AC_VO, HAL_WME_AC_VO)) {
86877dfb 503 /*
193b341d
SZ		 504 * Not enough hardware tx queues to properly do WME;
505 * just punt and assign them all to the same h/w queue.
506 * We could do a better job of this if, for example,
507 * we allocate queues when we switch from station to
508 * AP mode.
509 */
510 if (sc->sc_ac2q[WME_AC_VI] != NULL)
511 ath_tx_cleanupq(sc, sc->sc_ac2q[WME_AC_VI]);
512 if (sc->sc_ac2q[WME_AC_BE] != NULL)
513 ath_tx_cleanupq(sc, sc->sc_ac2q[WME_AC_BE]);
514 sc->sc_ac2q[WME_AC_BE] = sc->sc_ac2q[WME_AC_BK];
515 sc->sc_ac2q[WME_AC_VI] = sc->sc_ac2q[WME_AC_BK];
516 sc->sc_ac2q[WME_AC_VO] = sc->sc_ac2q[WME_AC_BK];
517 }
518
86877dfb 519 /*
193b341d
SZ		 520 * Special case certain configurations. Note the
521 * CAB queue is handled by these specially so don't
522 * include them when checking the txq setup mask.
523 */
524 switch (sc->sc_txqsetup &~ (1<<sc->sc_cabq->axq_qnum)) {
525 case 0x01:
a311f6cd 526 TASK_INIT(&sc->sc_txtask, 0, ath_tx_task_q0, sc);
193b341d
SZ		 527 break;
528 case 0x0f:
a311f6cd 529 TASK_INIT(&sc->sc_txtask, 0, ath_tx_task_q0123, sc);
193b341d
SZ		 530 break;
531 default:
a311f6cd 532 TASK_INIT(&sc->sc_txtask, 0, ath_tx_task, sc);
193b341d
SZ		 533 break;
534 }
535
536 /*
537 * Setup rate control. Some rate control modules
538 * call back to change the anntena state so expose
539 * the necessary entry points.
540 * XXX maybe belongs in struct ath_ratectrl?
541 */
542 sc->sc_setdefantenna = ath_setdefantenna;
543 sc->sc_rc = ath_rate_attach(sc);
544 if (sc->sc_rc == NULL) {
545 error = EIO;
86877dfb 546 goto bad2;
193b341d
SZ		 547 }
548
549 sc->sc_blinking = 0;
550 sc->sc_ledstate = 1;
551 sc->sc_ledon = 0; /* low true */
86877dfb
RP		 552 sc->sc_ledidle = (2700*hz)/1000; /* 2.7sec */
553 callout_init_mp(&sc->sc_ledtimer);
193b341d
SZ		 554 /*
555 * Auto-enable soft led processing for IBM cards and for
556 * 5211 minipci cards. Users can also manually enable/disable
557 * support with a sysctl.
558 */
559 sc->sc_softled = (devid == AR5212_DEVID_IBM || devid == AR5211_DEVID);
560 if (sc->sc_softled) {
86877dfb
RP		 561 ath_hal_gpioCfgOutput(ah, sc->sc_ledpin,
562 HAL_GPIO_MUX_MAC_NETWORK_LED);
193b341d
SZ		 563 ath_hal_gpioset(ah, sc->sc_ledpin, !sc->sc_ledon);
564 }
565
566 ifp->if_softc = sc;
567 ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST;
568 ifp->if_start = ath_start;
193b341d
SZ		 569 ifp->if_ioctl = ath_ioctl;
570 ifp->if_init = ath_init;
571 ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
572 ifq_set_ready(&ifp->if_snd);
573
86877dfb 574 ic->ic_ifp = ifp;
193b341d
SZ		 575 /* XXX not right but it's not used anywhere important */
576 ic->ic_phytype = IEEE80211_T_OFDM;
577 ic->ic_opmode = IEEE80211_M_STA;
578 ic->ic_caps =
86877dfb
RP		 579 IEEE80211_C_STA /* station mode */
580 | IEEE80211_C_IBSS /* ibss, nee adhoc, mode */
193b341d
SZ		 581 | IEEE80211_C_HOSTAP /* hostap mode */
582 | IEEE80211_C_MONITOR /* monitor mode */
583 | IEEE80211_C_AHDEMO /* adhoc demo mode */
86877dfb
RP		 584 | IEEE80211_C_WDS /* 4-address traffic works */
585 | IEEE80211_C_MBSS /* mesh point link mode */
193b341d
SZ		 586 | IEEE80211_C_SHPREAMBLE /* short preamble supported */
587 | IEEE80211_C_SHSLOT /* short slot time supported */
588 | IEEE80211_C_WPA /* capable of WPA1+WPA2 */
86877dfb
RP		 589 | IEEE80211_C_BGSCAN /* capable of bg scanning */
590 | IEEE80211_C_TXFRAG /* handle tx frags */
193b341d
SZ		 591 ;
592 /*
593 * Query the hal to figure out h/w crypto support.
594 */
595 if (ath_hal_ciphersupported(ah, HAL_CIPHER_WEP))
86877dfb 596 ic->ic_cryptocaps |= IEEE80211_CRYPTO_WEP;
193b341d 597 if (ath_hal_ciphersupported(ah, HAL_CIPHER_AES_OCB))
86877dfb 598 ic->ic_cryptocaps |= IEEE80211_CRYPTO_AES_OCB;
193b341d 599 if (ath_hal_ciphersupported(ah, HAL_CIPHER_AES_CCM))
86877dfb 600 ic->ic_cryptocaps |= IEEE80211_CRYPTO_AES_CCM;
193b341d 601 if (ath_hal_ciphersupported(ah, HAL_CIPHER_CKIP))
86877dfb 602 ic->ic_cryptocaps |= IEEE80211_CRYPTO_CKIP;
193b341d 603 if (ath_hal_ciphersupported(ah, HAL_CIPHER_TKIP)) {
86877dfb 604 ic->ic_cryptocaps |= IEEE80211_CRYPTO_TKIP;
193b341d
SZ		 605 /*
606 * Check if h/w does the MIC and/or whether the
607 * separate key cache entries are required to
608 * handle both tx+rx MIC keys.
609 */
610 if (ath_hal_ciphersupported(ah, HAL_CIPHER_MIC))
86877dfb 611 ic->ic_cryptocaps |= IEEE80211_CRYPTO_TKIPMIC;
8982d733
SZ		 612 /*
613 * If the h/w supports storing tx+rx MIC keys
614 * in one cache slot automatically enable use.
615 */
616 if (ath_hal_hastkipsplit(ah) ||
617 !ath_hal_settkipsplit(ah, AH_FALSE))
193b341d 618 sc->sc_splitmic = 1;
86877dfb
RP		 619 /*
620 * If the h/w can do TKIP MIC together with WME then
621 * we use it; otherwise we force the MIC to be done
622 * in software by the net80211 layer.
623 */
624 if (ath_hal_haswmetkipmic(ah))
625 sc->sc_wmetkipmic = 1;
193b341d
SZ		 626 }
627 sc->sc_hasclrkey = ath_hal_ciphersupported(ah, HAL_CIPHER_CLR);
86877dfb
RP		 628 /*
629 * Check for multicast key search support.
630 */
631 if (ath_hal_hasmcastkeysearch(sc->sc_ah) &&
632 !ath_hal_getmcastkeysearch(sc->sc_ah)) {
633 ath_hal_setmcastkeysearch(sc->sc_ah, 1);
634 }
193b341d 635 sc->sc_mcastkey = ath_hal_getmcastkeysearch(ah);
86877dfb 636 /*
8982d733
SZ		 637 * Mark key cache slots associated with global keys
638 * as in use. If we knew TKIP was not to be used we
639 * could leave the +32, +64, and +32+64 slots free.
640 */
641 for (i = 0; i < IEEE80211_WEP_NKID; i++) {
642 setbit(sc->sc_keymap, i);
643 setbit(sc->sc_keymap, i+64);
644 if (sc->sc_splitmic) {
645 setbit(sc->sc_keymap, i+32);
646 setbit(sc->sc_keymap, i+32+64);
647 }
648 }
193b341d
SZ		 649 /*
650 * TPC support can be done either with a global cap or
651 * per-packet support. The latter is not available on
652 * all parts. We're a bit pedantic here as all parts
653 * support a global cap.
654 */
655 if (ath_hal_hastpc(ah) || ath_hal_hastxpowlimit(ah))
656 ic->ic_caps |= IEEE80211_C_TXPMGT;
657
658 /*
659 * Mark WME capability only if we have sufficient
660 * hardware queues to do proper priority scheduling.
661 */
662 if (sc->sc_ac2q[WME_AC_BE] != sc->sc_ac2q[WME_AC_BK])
663 ic->ic_caps |= IEEE80211_C_WME;
664 /*
665 * Check for misc other capabilities.
666 */
667 if (ath_hal_hasbursting(ah))
668 ic->ic_caps |= IEEE80211_C_BURST;
86877dfb
RP		 669 sc->sc_hasbmask = ath_hal_hasbssidmask(ah);
670 sc->sc_hasbmatch = ath_hal_hasbssidmatch(ah);
671 sc->sc_hastsfadd = ath_hal_hastsfadjust(ah);
672 if (ath_hal_hasfastframes(ah))
673 ic->ic_caps |= IEEE80211_C_FF;
674 wmodes = ath_hal_getwirelessmodes(ah);
675 if (wmodes & (HAL_MODE_108G|HAL_MODE_TURBO))
676 ic->ic_caps |= IEEE80211_C_TURBOP;
677#ifdef IEEE80211_SUPPORT_TDMA
678 if (ath_hal_macversion(ah) > 0x78) {
679 ic->ic_caps |= IEEE80211_C_TDMA; /* capable of TDMA */
680 ic->ic_tdma_update = ath_tdma_update;
681 }
682#endif
193b341d
SZ		 683 /*
684 * Indicate we need the 802.11 header padded to a
685 * 32-bit boundary for 4-address and QoS frames.
686 */
687 ic->ic_flags |= IEEE80211_F_DATAPAD;
688
689 /*
690 * Query the hal about antenna support.
691 */
692 sc->sc_defant = ath_hal_getdefantenna(ah);
693
694 /*
695 * Not all chips have the VEOL support we want to
696 * use with IBSS beacons; check here for it.
697 */
698 sc->sc_hasveol = ath_hal_hasveol(ah);
699
700 /* get mac address from hardware */
86877dfb
RP		 701 ath_hal_getmac(ah, macaddr);
702 if (sc->sc_hasbmask)
703 ath_hal_getbssidmask(ah, sc->sc_hwbssidmask);
193b341d 704
86877dfb
RP		 705 /* NB: used to size node table key mapping array */
706 ic->ic_max_keyix = sc->sc_keymax;
193b341d 707 /* call MI attach routine. */
86877dfb
RP		 708 ieee80211_ifattach(ic, macaddr);
709 ic->ic_setregdomain = ath_setregdomain;
710 ic->ic_getradiocaps = ath_getradiocaps;
711 sc->sc_opmode = HAL_M_STA;
712
193b341d 713 /* override default methods */
86877dfb
RP		 714 ic->ic_newassoc = ath_newassoc;
715 ic->ic_updateslot = ath_updateslot;
716 ic->ic_wme.wme_update = ath_wme_update;
717 ic->ic_vap_create = ath_vap_create;
718 ic->ic_vap_delete = ath_vap_delete;
719 ic->ic_raw_xmit = ath_raw_xmit;
720 ic->ic_update_mcast = ath_update_mcast;
721 ic->ic_update_promisc = ath_update_promisc;
193b341d
SZ		 722 ic->ic_node_alloc = ath_node_alloc;
723 sc->sc_node_free = ic->ic_node_free;
724 ic->ic_node_free = ath_node_free;
86877dfb
RP		 725 ic->ic_node_getsignal = ath_node_getsignal;
726 ic->ic_scan_start = ath_scan_start;
727 ic->ic_scan_end = ath_scan_end;
728 ic->ic_set_channel = ath_set_channel;
729
730 ieee80211_radiotap_attach(ic,
731 &sc->sc_tx_th.wt_ihdr, sizeof(sc->sc_tx_th),
732 ATH_TX_RADIOTAP_PRESENT,
733 &sc->sc_rx_th.wr_ihdr, sizeof(sc->sc_rx_th),
734 ATH_RX_RADIOTAP_PRESENT);
735
193b341d
SZ		 736 /*
737 * Setup dynamic sysctl's now that country code and
738 * regdomain are available from the hal.
739 */
740 ath_sysctlattach(sc);
741
193b341d
SZ		 742 if (bootverbose)
743 ieee80211_announce(ic);
744 ath_announce(sc);
193b341d 745 return 0;
86877dfb
RP		 746bad2:
747 ath_tx_cleanup(sc);
748 ath_desc_free(sc);
749bad:
750 if (ah)
751 ath_hal_detach(ah);
752 if (ifp != NULL)
753 if_free(ifp);
754 sc->sc_invalid = 1;
193b341d
SZ		 755 return error;
756}
757
758int
759ath_detach(struct ath_softc *sc)
760{
86877dfb 761 struct ifnet *ifp = sc->sc_ifp;
193b341d
SZ		 762
763 DPRINTF(sc, ATH_DEBUG_ANY, "%s: if_flags %x\n",
764 __func__, ifp->if_flags);
765
766 /*
767 * NB: the order of these is important:
86877dfb 768 * o stop the chip so no more interrupts will fire
193b341d
SZ		 769 * o call the 802.11 layer before detaching the hal to
770 * insure callbacks into the driver to delete global
771 * key cache entries can be handled
86877dfb 772 * o free the taskqueue which drains any pending tasks
193b341d
SZ		 773 * o reclaim the tx queue data structures after calling
774 * the 802.11 layer as we'll get called back to reclaim
775 * node state and potentially want to use them
776 * o to cleanup the tx queues the hal is called, so detach
777 * it last
778 * Other than that, it's straightforward...
779 */
86877dfb
RP		 780 ath_stop(ifp);
781 ieee80211_ifdetach(ifp->if_l2com);
782 taskqueue_free(sc->sc_tq);
783#ifdef ATH_TX99_DIAG
784 if (sc->sc_tx99 != NULL)
785 sc->sc_tx99->detach(sc->sc_tx99);
786#endif
787 ath_rate_detach(sc->sc_rc);
788 ath_desc_free(sc);
789 ath_tx_cleanup(sc);
790 ath_hal_detach(sc->sc_ah); /* NB: sets chip in full sleep */
09da298d
AHJ		 791 if (sc->sc_sysctl_tree) {
792 sysctl_ctx_free(&sc->sc_sysctl_ctx);
793 sc->sc_sysctl_tree = NULL;
794 }
86877dfb 795 if_free(ifp);
193b341d 796
86877dfb
RP		 797 return 0;
798}
193b341d 799
86877dfb
RP		 800/*
801 * MAC address handling for multiple BSS on the same radio.
802 * The first vap uses the MAC address from the EEPROM. For
803 * subsequent vap's we set the U/L bit (bit 1) in the MAC
804 * address and use the next six bits as an index.
805 */
806static void
807assign_address(struct ath_softc *sc, uint8_t mac[IEEE80211_ADDR_LEN], int clone)
808{
809 int i;
193b341d 810
86877dfb
RP		 811 if (clone && sc->sc_hasbmask) {
812 /* NB: we only do this if h/w supports multiple bssid */
813 for (i = 0; i < 8; i++)
814 if ((sc->sc_bssidmask & (1<<i)) == 0)
815 break;
816 if (i != 0)
817 mac[0] |= (i << 2)|0x2;
818 } else
819 i = 0;
820 sc->sc_bssidmask |= 1<<i;
821 sc->sc_hwbssidmask[0] &= ~mac[0];
822 if (i == 0)
823 sc->sc_nbssid0++;
824}
825
826static void
827reclaim_address(struct ath_softc *sc, const uint8_t mac[IEEE80211_ADDR_LEN])
828{
829 int i = mac[0] >> 2;
830 uint8_t mask;
831
832 if (i != 0 || --sc->sc_nbssid0 == 0) {
833 sc->sc_bssidmask &= ~(1<<i);
834 /* recalculate bssid mask from remaining addresses */
835 mask = 0xff;
836 for (i = 1; i < 8; i++)
837 if (sc->sc_bssidmask & (1<<i))
838 mask &= ~((i<<2)|0x2);
839 sc->sc_hwbssidmask[0] |= mask;
840 }
841}
193b341d 842
86877dfb
RP		 843/*
844 * Assign a beacon xmit slot. We try to space out
845 * assignments so when beacons are staggered the
846 * traffic coming out of the cab q has maximal time
847 * to go out before the next beacon is scheduled.
848 */
849static int
850assign_bslot(struct ath_softc *sc)
851{
852 u_int slot, free;
853
854 free = 0;
855 for (slot = 0; slot < ATH_BCBUF; slot++)
856 if (sc->sc_bslot[slot] == NULL) {
857 if (sc->sc_bslot[(slot+1)%ATH_BCBUF] == NULL &&
858 sc->sc_bslot[(slot-1)%ATH_BCBUF] == NULL)
859 return slot;
860 free = slot;
861 /* NB: keep looking for a double slot */
862 }
863 return free;
864}
193b341d 865
86877dfb
RP		 866static struct ieee80211vap *
867ath_vap_create(struct ieee80211com *ic,
868 const char name[IFNAMSIZ], int unit, int opmode, int flags,
869 const uint8_t bssid[IEEE80211_ADDR_LEN],
870 const uint8_t mac0[IEEE80211_ADDR_LEN])
871{
872 struct ath_softc *sc = ic->ic_ifp->if_softc;
873 struct ath_vap *avp;
874 struct ieee80211vap *vap;
875 uint8_t mac[IEEE80211_ADDR_LEN];
876 int ic_opmode, needbeacon, error;
877
878 avp = (struct ath_vap *) kmalloc(sizeof(struct ath_vap),
879 M_80211_VAP, M_WAITOK | M_ZERO);
880 needbeacon = 0;
881 IEEE80211_ADDR_COPY(mac, mac0);
882
86877dfb
RP		 883 ic_opmode = opmode; /* default to opmode of new vap */
884 switch (opmode) {
885 case IEEE80211_M_STA:
886 if (sc->sc_nstavaps != 0) { /* XXX only 1 for now */
887 device_printf(sc->sc_dev, "only 1 sta vap supported\n");
888 goto bad;
889 }
890 if (sc->sc_nvaps) {
891 /*
892 * With multiple vaps we must fall back
893 * to s/w beacon miss handling.
894 */
895 flags |= IEEE80211_CLONE_NOBEACONS;
896 }
897 if (flags & IEEE80211_CLONE_NOBEACONS) {
898 /*
899 * Station mode w/o beacons are implemented w/ AP mode.
900 */
901 ic_opmode = IEEE80211_M_HOSTAP;
902 }
903 break;
904 case IEEE80211_M_IBSS:
905 if (sc->sc_nvaps != 0) { /* XXX only 1 for now */
906 device_printf(sc->sc_dev,
907 "only 1 ibss vap supported\n");
908 goto bad;
909 }
910 needbeacon = 1;
911 break;
912 case IEEE80211_M_AHDEMO:
913#ifdef IEEE80211_SUPPORT_TDMA
914 if (flags & IEEE80211_CLONE_TDMA) {
915 if (sc->sc_nvaps != 0) {
916 device_printf(sc->sc_dev,
917 "only 1 tdma vap supported\n");
918 goto bad;
919 }
920 needbeacon = 1;
921 flags |= IEEE80211_CLONE_NOBEACONS;
922 }
923 /* fall thru... */
924#endif
925 case IEEE80211_M_MONITOR:
926 if (sc->sc_nvaps != 0 && ic->ic_opmode != opmode) {
927 /*
928 * Adopt existing mode. Adding a monitor or ahdemo
929 * vap to an existing configuration is of dubious
930 * value but should be ok.
931 */
932 /* XXX not right for monitor mode */
933 ic_opmode = ic->ic_opmode;
934 }
935 break;
936 case IEEE80211_M_HOSTAP:
937 case IEEE80211_M_MBSS:
938 needbeacon = 1;
939 break;
940 case IEEE80211_M_WDS:
941 if (sc->sc_nvaps != 0 && ic->ic_opmode == IEEE80211_M_STA) {
942 device_printf(sc->sc_dev,
943 "wds not supported in sta mode\n");
944 goto bad;
945 }
946 /*
947 * Silently remove any request for a unique
948 * bssid; WDS vap's always share the local
949 * mac address.
950 */
951 flags &= ~IEEE80211_CLONE_BSSID;
952 if (sc->sc_nvaps == 0)
953 ic_opmode = IEEE80211_M_HOSTAP;
954 else
955 ic_opmode = ic->ic_opmode;
956 break;
957 default:
958 device_printf(sc->sc_dev, "unknown opmode %d\n", opmode);
959 goto bad;
960 }
961 /*
962 * Check that a beacon buffer is available; the code below assumes it.
963 */
964 if (needbeacon & STAILQ_EMPTY(&sc->sc_bbuf)) {
965 device_printf(sc->sc_dev, "no beacon buffer available\n");
966 goto bad;
193b341d
SZ		 967 }
968
86877dfb
RP		 969 /* STA, AHDEMO? */
970 if (opmode == IEEE80211_M_HOSTAP || opmode == IEEE80211_M_MBSS) {
971 assign_address(sc, mac, flags & IEEE80211_CLONE_BSSID);
972 ath_hal_setbssidmask(sc->sc_ah, sc->sc_hwbssidmask);
973 }
974
975 vap = &avp->av_vap;
976 /* XXX can't hold mutex across if_alloc */
86877dfb
RP		 977 error = ieee80211_vap_setup(ic, vap, name, unit, opmode, flags,
978 bssid, mac);
86877dfb
RP		 979 if (error != 0) {
980 device_printf(sc->sc_dev, "%s: error %d creating vap\n",
981 __func__, error);
982 goto bad2;
983 }
984
985 /* h/w crypto support */
986 vap->iv_key_alloc = ath_key_alloc;
987 vap->iv_key_delete = ath_key_delete;
988 vap->iv_key_set = ath_key_set;
989 vap->iv_key_update_begin = ath_key_update_begin;
990 vap->iv_key_update_end = ath_key_update_end;
991
992 /* override various methods */
993 avp->av_recv_mgmt = vap->iv_recv_mgmt;
994 vap->iv_recv_mgmt = ath_recv_mgmt;
995 vap->iv_reset = ath_reset_vap;
996 vap->iv_update_beacon = ath_beacon_update;
997 avp->av_newstate = vap->iv_newstate;
998 vap->iv_newstate = ath_newstate;
999 avp->av_bmiss = vap->iv_bmiss;
1000 vap->iv_bmiss = ath_bmiss_vap;
1001
1002 avp->av_bslot = -1;
1003 if (needbeacon) {
1004 /*
1005 * Allocate beacon state and setup the q for buffered
1006 * multicast frames. We know a beacon buffer is
1007 * available because we checked above.
1008 */
1009 avp->av_bcbuf = STAILQ_FIRST(&sc->sc_bbuf);
1010 STAILQ_REMOVE_HEAD(&sc->sc_bbuf, bf_list);
1011 if (opmode != IEEE80211_M_IBSS || !sc->sc_hasveol) {
1012 /*
1013 * Assign the vap to a beacon xmit slot. As above
1014 * this cannot fail to find a free one.
1015 */
1016 avp->av_bslot = assign_bslot(sc);
1017 KASSERT(sc->sc_bslot[avp->av_bslot] == NULL,
1018 ("beacon slot %u not empty", avp->av_bslot));
1019 sc->sc_bslot[avp->av_bslot] = vap;
1020 sc->sc_nbcnvaps++;
1021 }
1022 if (sc->sc_hastsfadd && sc->sc_nbcnvaps > 0) {
1023 /*
1024 * Multple vaps are to transmit beacons and we
1025 * have h/w support for TSF adjusting; enable
1026 * use of staggered beacons.
1027 */
1028 sc->sc_stagbeacons = 1;
1029 }
1030 ath_txq_init(sc, &avp->av_mcastq, ATH_TXQ_SWQ);
1031 }
193b341d 1032
86877dfb
RP		 1033 ic->ic_opmode = ic_opmode;
1034 if (opmode != IEEE80211_M_WDS) {
1035 sc->sc_nvaps++;
1036 if (opmode == IEEE80211_M_STA)
1037 sc->sc_nstavaps++;
1038 if (opmode == IEEE80211_M_MBSS)
1039 sc->sc_nmeshvaps++;
1040 }
1041 switch (ic_opmode) {
1042 case IEEE80211_M_IBSS:
1043 sc->sc_opmode = HAL_M_IBSS;
1044 break;
1045 case IEEE80211_M_STA:
1046 sc->sc_opmode = HAL_M_STA;
1047 break;
1048 case IEEE80211_M_AHDEMO:
1049#ifdef IEEE80211_SUPPORT_TDMA
1050 if (vap->iv_caps & IEEE80211_C_TDMA) {
1051 sc->sc_tdma = 1;
1052 /* NB: disable tsf adjust */
1053 sc->sc_stagbeacons = 0;
1054 }
1055 /*
1056 * NB: adhoc demo mode is a pseudo mode; to the hal it's
1057 * just ap mode.
1058 */
1059 /* fall thru... */
1060#endif
1061 case IEEE80211_M_HOSTAP:
1062 case IEEE80211_M_MBSS:
1063 sc->sc_opmode = HAL_M_HOSTAP;
1064 break;
1065 case IEEE80211_M_MONITOR:
1066 sc->sc_opmode = HAL_M_MONITOR;
1067 break;
1068 default:
1069 /* XXX should not happen */
1070 break;
1071 }
1072 if (sc->sc_hastsfadd) {
1073 /*
1074 * Configure whether or not TSF adjust should be done.
1075 */
1076 ath_hal_settsfadjust(sc->sc_ah, sc->sc_stagbeacons);
1077 }
1078 if (flags & IEEE80211_CLONE_NOBEACONS) {
1079 /*
1080 * Enable s/w beacon miss handling.
1081 */
1082 sc->sc_swbmiss = 1;
1083 }
193b341d 1084
86877dfb
RP		 1085 /* complete setup */
1086 ieee80211_vap_attach(vap, ath_media_change, ieee80211_media_status);
1087 return vap;
1088bad2:
1089 reclaim_address(sc, mac);
1090 ath_hal_setbssidmask(sc->sc_ah, sc->sc_hwbssidmask);
1091bad:
1092 kfree(avp, M_80211_VAP);
86877dfb
RP		 1093 return NULL;
1094}
193b341d 1095
86877dfb
RP		 1096static void
1097ath_vap_delete(struct ieee80211vap *vap)
1098{
1099 struct ieee80211com *ic = vap->iv_ic;
1100 struct ifnet *ifp = ic->ic_ifp;
1101 struct ath_softc *sc = ifp->if_softc;
1102 struct ath_hal *ah = sc->sc_ah;
1103 struct ath_vap *avp = ATH_VAP(vap);
193b341d 1104
86877dfb
RP		 1105 if (ifp->if_flags & IFF_RUNNING) {
1106 /*
1107 * Quiesce the hardware while we remove the vap. In
1108 * particular we need to reclaim all references to
1109 * the vap state by any frames pending on the tx queues.
1110 */
1111 ath_hal_intrset(ah, 0); /* disable interrupts */
1112 ath_draintxq(sc); /* stop xmit side */
1113 ath_stoprecv(sc); /* stop recv side */
193b341d
SZ		 1114 }
1115
86877dfb 1116 ieee80211_vap_detach(vap);
86877dfb
RP		 1117 /*
1118 * Reclaim beacon state. Note this must be done before
1119 * the vap instance is reclaimed as we may have a reference
1120 * to it in the buffer for the beacon frame.
1121 */
1122 if (avp->av_bcbuf != NULL) {
1123 if (avp->av_bslot != -1) {
1124 sc->sc_bslot[avp->av_bslot] = NULL;
1125 sc->sc_nbcnvaps--;
1126 }
1127 ath_beacon_return(sc, avp->av_bcbuf);
1128 avp->av_bcbuf = NULL;
1129 if (sc->sc_nbcnvaps == 0) {
1130 sc->sc_stagbeacons = 0;
1131 if (sc->sc_hastsfadd)
1132 ath_hal_settsfadjust(sc->sc_ah, 0);
1133 }
1134 /*
1135 * Reclaim any pending mcast frames for the vap.
1136 */
1137 ath_tx_draintxq(sc, &avp->av_mcastq);
86877dfb
RP		 1138 }
1139 /*
1140 * Update bookkeeping.
1141 */
1142 if (vap->iv_opmode == IEEE80211_M_STA) {
1143 sc->sc_nstavaps--;
1144 if (sc->sc_nstavaps == 0 && sc->sc_swbmiss)
1145 sc->sc_swbmiss = 0;
1146 } else if (vap->iv_opmode == IEEE80211_M_HOSTAP ||
1147 vap->iv_opmode == IEEE80211_M_MBSS) {
1148 reclaim_address(sc, vap->iv_myaddr);
1149 ath_hal_setbssidmask(ah, sc->sc_hwbssidmask);
1150 if (vap->iv_opmode == IEEE80211_M_MBSS)
1151 sc->sc_nmeshvaps--;
1152 }
1153 if (vap->iv_opmode != IEEE80211_M_WDS)
1154 sc->sc_nvaps--;
1155#ifdef IEEE80211_SUPPORT_TDMA
1156 /* TDMA operation ceases when the last vap is destroyed */
1157 if (sc->sc_tdma && sc->sc_nvaps == 0) {
1158 sc->sc_tdma = 0;
1159 sc->sc_swbmiss = 0;
1160 }
1161#endif
86877dfb 1162 kfree(avp, M_80211_VAP);
193b341d 1163
86877dfb
RP		 1164 if (ifp->if_flags & IFF_RUNNING) {
1165 /*
1166 * Restart rx+tx machines if still running (RUNNING will
1167 * be reset if we just destroyed the last vap).
1168 */
1169 if (ath_startrecv(sc) != 0)
1170 if_printf(ifp, "%s: unable to restart recv logic\n",
1171 __func__);
1172 if (sc->sc_beacons) { /* restart beacons */
1173#ifdef IEEE80211_SUPPORT_TDMA
1174 if (sc->sc_tdma)
1175 ath_tdma_config(sc, NULL);
1176 else
1177#endif
1178 ath_beacon_config(sc, NULL);
1179 }
1180 ath_hal_intrset(ah, sc->sc_imask);
1181 }
193b341d
SZ		 1182}
1183
1184void
1185ath_suspend(struct ath_softc *sc)
1186{
86877dfb
RP		 1187 struct ifnet *ifp = sc->sc_ifp;
1188 struct ieee80211com *ic = ifp->if_l2com;
193b341d
SZ		 1189
1190 DPRINTF(sc, ATH_DEBUG_ANY, "%s: if_flags %x\n",
1191 __func__, ifp->if_flags);
193b341d 1192
86877dfb
RP		 1193 sc->sc_resume_up = (ifp->if_flags & IFF_UP) != 0;
1194 if (ic->ic_opmode == IEEE80211_M_STA)
1195 ath_stop(ifp);
1196 else
1197 ieee80211_suspend_all(ic);
1198 /*
1199 * NB: don't worry about putting the chip in low power
1200 * mode; pci will power off our socket on suspend and
1201 * CardBus detaches the device.
1202 */
1203}
1204
1205/*
1206 * Reset the key cache since some parts do not reset the
1207 * contents on resume. First we clear all entries, then
1208 * re-load keys that the 802.11 layer assumes are setup
1209 * in h/w.
1210 */
1211static void
1212ath_reset_keycache(struct ath_softc *sc)
1213{
1214 struct ifnet *ifp = sc->sc_ifp;
1215 struct ieee80211com *ic = ifp->if_l2com;
1216 struct ath_hal *ah = sc->sc_ah;
1217 int i;
1218
1219 for (i = 0; i < sc->sc_keymax; i++)
1220 ath_hal_keyreset(ah, i);
1221 ieee80211_crypto_reload_keys(ic);
193b341d
SZ		 1222}
1223
1224void
1225ath_resume(struct ath_softc *sc)
1226{
86877dfb
RP		 1227 struct ifnet *ifp = sc->sc_ifp;
1228 struct ieee80211com *ic = ifp->if_l2com;
1229 struct ath_hal *ah = sc->sc_ah;
1230 HAL_STATUS status;
193b341d
SZ		 1231
1232 DPRINTF(sc, ATH_DEBUG_ANY, "%s: if_flags %x\n",
1233 __func__, ifp->if_flags);
1234
86877dfb
RP		 1235 /*
1236 * Must reset the chip before we reload the
1237 * keycache as we were powered down on suspend.
1238 */
1239 ath_hal_reset(ah, sc->sc_opmode,
1240 sc->sc_curchan != NULL ? sc->sc_curchan : ic->ic_curchan,
1241 AH_FALSE, &status);
1242 ath_reset_keycache(sc);
1243 if (sc->sc_resume_up) {
1244 if (ic->ic_opmode == IEEE80211_M_STA) {
1245 ath_init(sc);
1246 /*
1247 * Program the beacon registers using the last rx'd
1248 * beacon frame and enable sync on the next beacon
1249 * we see. This should handle the case where we
1250 * wakeup and find the same AP and also the case where
1251 * we wakeup and need to roam. For the latter we
1252 * should get bmiss events that trigger a roam.
1253 */
1254 ath_beacon_config(sc, NULL);
1255 sc->sc_syncbeacon = 1;
1256 } else
1257 ieee80211_resume_all(ic);
193b341d
SZ		 1258 }
1259 if (sc->sc_softled) {
86877dfb
RP		 1260 ath_hal_gpioCfgOutput(ah, sc->sc_ledpin,
1261 HAL_GPIO_MUX_MAC_NETWORK_LED);
1262 ath_hal_gpioset(ah, sc->sc_ledpin, !sc->sc_ledon);
193b341d 1263 }
193b341d
SZ		 1264}
1265
1266void
1267ath_shutdown(struct ath_softc *sc)
1268{
86877dfb 1269 struct ifnet *ifp = sc->sc_ifp;
193b341d
SZ		 1270
1271 DPRINTF(sc, ATH_DEBUG_ANY, "%s: if_flags %x\n",
1272 __func__, ifp->if_flags);
193b341d 1273
86877dfb
RP		 1274 ath_stop(ifp);
1275 /* NB: no point powering down chip as we're about to reboot */
193b341d
SZ		 1276}
1277
1278/*
1279 * Interrupt handler. Most of the actual processing is deferred.
1280 */
1281void
1282ath_intr(void *arg)
1283{
1284 struct ath_softc *sc = arg;
86877dfb 1285 struct ifnet *ifp = sc->sc_ifp;
193b341d
SZ		 1286 struct ath_hal *ah = sc->sc_ah;
1287 HAL_INT status;
0c208ba4 1288 HAL_INT ostatus;
193b341d
SZ		 1289
1290 if (sc->sc_invalid) {
1291 /*
1292 * The hardware is not ready/present, don't touch anything.
1293 * Note this can happen early on if the IRQ is shared.
1294 */
1295 DPRINTF(sc, ATH_DEBUG_ANY, "%s: invalid; ignored\n", __func__);
1296 return;
1297 }
0c208ba4 1298
193b341d
SZ		 1299 if (!ath_hal_intrpend(ah)) /* shared irq, not for us */
1300 return;
86877dfb
RP		 1301 if ((ifp->if_flags & IFF_UP) == 0 ||
1302 (ifp->if_flags & IFF_RUNNING) == 0) {
1303 HAL_INT status;
1304
193b341d
SZ		 1305 DPRINTF(sc, ATH_DEBUG_ANY, "%s: if_flags 0x%x\n",
1306 __func__, ifp->if_flags);
1307 ath_hal_getisr(ah, &status); /* clear ISR */
1308 ath_hal_intrset(ah, 0); /* disable further intr's */
1309 return;
1310 }
1311 /*
1312 * Figure out the reason(s) for the interrupt. Note
1313 * that the hal returns a pseudo-ISR that may include
1314 * bits we haven't explicitly enabled so we mask the
1315 * value to insure we only process bits we requested.
1316 */
0c208ba4
MD		 1317 ath_hal_getisr(ah, &ostatus); /* NB: clears ISR too */
1318 DPRINTF(sc, ATH_DEBUG_INTR, "%s: status 0x%x\n", __func__, ostatus);
1319 status = ostatus & sc->sc_imask; /* discard unasked for bits */
193b341d 1320 if (status & HAL_INT_FATAL) {
193b341d
SZ		 1321 sc->sc_stats.ast_hardware++;
1322 ath_hal_intrset(ah, 0); /* disable intr's until reset */
86877dfb 1323 ath_fatal_proc(sc, 0);
193b341d
SZ		 1324 } else {
1325 if (status & HAL_INT_SWBA) {
1326 /*
1327 * Software beacon alert--time to send a beacon.
1328 * Handle beacon transmission directly; deferring
1329 * this is too slow to meet timing constraints
1330 * under load.
1331 */
86877dfb
RP		 1332#ifdef IEEE80211_SUPPORT_TDMA
1333 if (sc->sc_tdma) {
1334 if (sc->sc_tdmaswba == 0) {
1335 struct ieee80211com *ic = ifp->if_l2com;
1336 struct ieee80211vap *vap =
1337 TAILQ_FIRST(&ic->ic_vaps);
1338 ath_tdma_beacon_send(sc, vap);
1339 sc->sc_tdmaswba =
1340 vap->iv_tdma->tdma_bintval;
1341 } else
1342 sc->sc_tdmaswba--;
1343 } else
1344#endif
1345 {
1346 ath_beacon_proc(sc, 0);
1347#ifdef IEEE80211_SUPPORT_SUPERG
1348 /*
1349 * Schedule the rx taskq in case there's no
1350 * traffic so any frames held on the staging
1351 * queue are aged and potentially flushed.
1352 */
1353 taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask);
1354#endif
1355 }
193b341d 1356 }
0c208ba4
MD		 1357
1358 /*
1359 * NB: The hardware should re-read the link when the RXE
1360 * bit is written, but it doesn't work at least on
1361 * older chipsets.
1362 */
193b341d 1363 if (status & HAL_INT_RXEOL) {
193b341d
SZ		 1364 sc->sc_stats.ast_rxeol++;
1365 sc->sc_rxlink = NULL;
1366 }
0c208ba4 1367
193b341d
SZ		 1368 if (status & HAL_INT_TXURN) {
1369 sc->sc_stats.ast_txurn++;
1370 /* bump tx trigger level */
1371 ath_hal_updatetxtriglevel(ah, AH_TRUE);
1372 }
0c208ba4 1373
193b341d 1374 if (status & HAL_INT_RX)
86877dfb 1375 taskqueue_enqueue(sc->sc_tq, &sc->sc_rxtask);
0c208ba4 1376
193b341d 1377 if (status & HAL_INT_TX)
86877dfb 1378 taskqueue_enqueue(sc->sc_tq, &sc->sc_txtask);
0c208ba4 1379
193b341d
SZ		 1380 if (status & HAL_INT_BMISS) {
1381 sc->sc_stats.ast_bmiss++;
86877dfb 1382 taskqueue_enqueue(sc->sc_tq, &sc->sc_bmisstask);
193b341d 1383 }
0c208ba4 1384
193b341d
SZ		 1385 if (status & HAL_INT_MIB) {
1386 sc->sc_stats.ast_mib++;
1387 /*
1388 * Disable interrupts until we service the MIB
1389 * interrupt; otherwise it will continue to fire.
1390 */
1391 ath_hal_intrset(ah, 0);
1392 /*
1393 * Let the hal handle the event. We assume it will
1394 * clear whatever condition caused the interrupt.
1395 */
1396 ath_hal_mibevent(ah, &sc->sc_halstats);
1397 ath_hal_intrset(ah, sc->sc_imask);
1398 }
0c208ba4 1399
86877dfb
RP		 1400 if (status & HAL_INT_RXORN) {
1401 /* NB: hal marks HAL_INT_FATAL when RXORN is fatal */
1402 sc->sc_stats.ast_rxorn++;
1403 }
193b341d
SZ		 1404 }
1405}
1406
1407static void
86877dfb 1408ath_fatal_proc(void *arg, int pending)
193b341d 1409{
86877dfb
RP		 1410 struct ath_softc *sc = arg;
1411 struct ifnet *ifp = sc->sc_ifp;
1412 u_int32_t *state;
1413 u_int32_t len;
1414 void *sp;
193b341d
SZ		 1415
1416 if_printf(ifp, "hardware error; resetting\n");
ed33fa9f
SW		 1417 /*
1418 * Fatal errors are unrecoverable. Typically these
1419 * are caused by DMA errors. Collect h/w state from
1420 * the hal so we can diagnose what's going on.
1421 */
86877dfb
RP		 1422 if (ath_hal_getfatalstate(sc->sc_ah, &sp, &len)) {
1423 KASSERT(len >= 6*sizeof(u_int32_t), ("len %u bytes", len));
1424 state = sp;
ed33fa9f
SW		 1425 if_printf(ifp, "0x%08x 0x%08x 0x%08x, 0x%08x 0x%08x 0x%08x\n",
1426 state[0], state[1] , state[2], state[3],
1427 state[4], state[5]);
1428 }
193b341d
SZ		 1429 ath_reset(ifp);
1430}
1431
1432static void
86877dfb 1433ath_bmiss_vap(struct ieee80211vap *vap)
193b341d 1434{
86877dfb
RP		 1435 /*
1436 * Workaround phantom bmiss interrupts by sanity-checking
1437 * the time of our last rx'd frame. If it is within the
1438 * beacon miss interval then ignore the interrupt. If it's
1439 * truly a bmiss we'll get another interrupt soon and that'll
1440 * be dispatched up for processing. Note this applies only
1441 * for h/w beacon miss events.
1442 */
1443 if ((vap->iv_flags_ext & IEEE80211_FEXT_SWBMISS) == 0) {
1444 struct ifnet *ifp = vap->iv_ic->ic_ifp;
1445 struct ath_softc *sc = ifp->if_softc;
1446 u_int64_t lastrx = sc->sc_lastrx;
1447 u_int64_t tsf = ath_hal_gettsf64(sc->sc_ah);
193b341d 1448 u_int bmisstimeout =
86877dfb 1449 vap->iv_bmissthreshold * vap->iv_bss->ni_intval * 1024;
193b341d
SZ		 1450
1451 DPRINTF(sc, ATH_DEBUG_BEACON,
1452 "%s: tsf %llu lastrx %lld (%llu) bmiss %u\n",
1453 __func__, (unsigned long long) tsf,
1454 (unsigned long long)(tsf - lastrx),
1455 (unsigned long long) lastrx, bmisstimeout);
86877dfb
RP		 1456
1457 if (tsf - lastrx <= bmisstimeout) {
193b341d 1458 sc->sc_stats.ast_bmiss_phantom++;
86877dfb
RP		 1459 return;
1460 }
193b341d 1461 }
86877dfb
RP		 1462 ATH_VAP(vap)->av_bmiss(vap);
1463}
1464
1465static int
1466ath_hal_gethangstate(struct ath_hal *ah, uint32_t mask, uint32_t *hangs)
1467{
1468 uint32_t rsize;
1469 void *sp;
1470
1471 if (!ath_hal_getdiagstate(ah, 32, &mask, sizeof(mask), &sp, &rsize))
1472 return 0;
1473 KASSERT(rsize == sizeof(uint32_t), ("resultsize %u", rsize));
1474 *hangs = *(uint32_t *)sp;
1475 return 1;
193b341d
SZ		 1476}
1477
86877dfb 1478static void
a311f6cd 1479ath_bmiss_task(void *arg, int pending)
193b341d 1480{
86877dfb
RP		 1481 struct ath_softc *sc = arg;
1482 struct ifnet *ifp = sc->sc_ifp;
1483 uint32_t hangs;
193b341d 1484
a311f6cd 1485 wlan_serialize_enter();
86877dfb
RP		 1486 DPRINTF(sc, ATH_DEBUG_ANY, "%s: pending %u\n", __func__, pending);
1487
1488 if (ath_hal_gethangstate(sc->sc_ah, 0xff, &hangs) && hangs != 0) {
1489 if_printf(ifp, "bb hang detected (0x%x), reseting\n", hangs);
1490 ath_reset(ifp);
a311f6cd 1491 } else {
86877dfb 1492 ieee80211_beacon_miss(ifp->if_l2com);
a311f6cd
MD		 1493 }
1494 wlan_serialize_exit();
86877dfb
RP		 1495}
1496
1497/*
1498 * Handle TKIP MIC setup to deal hardware that doesn't do MIC
1499 * calcs together with WME. If necessary disable the crypto
1500 * hardware and mark the 802.11 state so keys will be setup
1501 * with the MIC work done in software.
1502 */
1503static void
1504ath_settkipmic(struct ath_softc *sc)
1505{
1506 struct ifnet *ifp = sc->sc_ifp;
1507 struct ieee80211com *ic = ifp->if_l2com;
1508
1509 if ((ic->ic_cryptocaps & IEEE80211_CRYPTO_TKIP) && !sc->sc_wmetkipmic) {
1510 if (ic->ic_flags & IEEE80211_F_WME) {
1511 ath_hal_settkipmic(sc->sc_ah, AH_FALSE);
1512 ic->ic_cryptocaps &= ~IEEE80211_CRYPTO_TKIPMIC;
1513 } else {
1514 ath_hal_settkipmic(sc->sc_ah, AH_TRUE);
1515 ic->ic_cryptocaps |= IEEE80211_CRYPTO_TKIPMIC;
1516 }
1517 }
193b341d
SZ		 1518}
1519
193b341d
SZ		 1520static void
1521ath_init(void *arg)
1522{
86877dfb
RP		 1523 struct ath_softc *sc = (struct ath_softc *) arg;
1524 struct ifnet *ifp = sc->sc_ifp;
1525 struct ieee80211com *ic = ifp->if_l2com;
193b341d
SZ		 1526 struct ath_hal *ah = sc->sc_ah;
1527 HAL_STATUS status;
1528
193b341d
SZ		 1529 DPRINTF(sc, ATH_DEBUG_ANY, "%s: if_flags 0x%x\n",
1530 __func__, ifp->if_flags);
1531
1532 /*
1533 * Stop anything previously setup. This is safe
1534 * whether this is the first time through or not.
1535 */
86877dfb 1536 ath_stop_locked(ifp);
193b341d
SZ		 1537
1538 /*
1539 * The basic interface to setting the hardware in a good
1540 * state is ``reset''. On return the hardware is known to
1541 * be powered up and with interrupts disabled. This must
1542 * be followed by initialization of the appropriate bits
1543 * and then setup of the interrupt mask.
1544 */
86877dfb
RP		 1545 ath_settkipmic(sc);
1546 if (!ath_hal_reset(ah, sc->sc_opmode, ic->ic_curchan, AH_FALSE, &status)) {
193b341d
SZ		 1547 if_printf(ifp, "unable to reset hardware; hal status %u\n",
1548 status);
1549 return;
1550 }
86877dfb 1551 ath_chan_change(sc, ic->ic_curchan);
193b341d
SZ		 1552
1553 /*
193b341d
SZ		 1554 * Likewise this is set during reset so update
1555 * state cached in the driver.
1556 */
1557 sc->sc_diversity = ath_hal_getdiversity(ah);
86877dfb
RP		 1558 sc->sc_lastlongcal = 0;
1559 sc->sc_resetcal = 1;
1560 sc->sc_lastcalreset = 0;
193b341d
SZ		 1561
1562 /*
1563 * Setup the hardware after reset: the key cache
1564 * is filled as needed and the receive engine is
1565 * set going. Frame transmit is handled entirely
1566 * in the frame output path; there's nothing to do
1567 * here except setup the interrupt mask.
1568 */
1569 if (ath_startrecv(sc) != 0) {
1570 if_printf(ifp, "unable to start recv logic\n");
1571 return;
1572 }
1573
1574 /*
1575 * Enable interrupts.
1576 */
1577 sc->sc_imask = HAL_INT_RX | HAL_INT_TX
1578 | HAL_INT_RXEOL | HAL_INT_RXORN
1579 | HAL_INT_FATAL | HAL_INT_GLOBAL;
1580 /*
1581 * Enable MIB interrupts when there are hardware phy counters.
1582 * Note we only do this (at the moment) for station mode.
1583 */
1584 if (sc->sc_needmib && ic->ic_opmode == IEEE80211_M_STA)
1585 sc->sc_imask |= HAL_INT_MIB;
193b341d
SZ		 1586
1587 ifp->if_flags |= IFF_RUNNING;
a311f6cd 1588 callout_reset(&sc->sc_wd_ch, hz, ath_watchdog_callout, sc);
86877dfb 1589 ath_hal_intrset(ah, sc->sc_imask);
193b341d 1590
86877dfb
RP		 1591
1592#ifdef ATH_TX99_DIAG
1593 if (sc->sc_tx99 != NULL)
1594 sc->sc_tx99->start(sc->sc_tx99);
1595 else
1596#endif
1597 ieee80211_start_all(ic); /* start all vap's */
193b341d
SZ		 1598}
1599
1600static void
86877dfb 1601ath_stop_locked(struct ifnet *ifp)
193b341d
SZ		 1602{
1603 struct ath_softc *sc = ifp->if_softc;
193b341d
SZ		 1604 struct ath_hal *ah = sc->sc_ah;
1605
193b341d
SZ		 1606 DPRINTF(sc, ATH_DEBUG_ANY, "%s: invalid %u if_flags 0x%x\n",
1607 __func__, sc->sc_invalid, ifp->if_flags);
1608
1609 if (ifp->if_flags & IFF_RUNNING) {
1610 /*
1611 * Shutdown the hardware and driver:
1612 * reset 802.11 state machine
1613 * turn off timers
1614 * disable interrupts
1615 * turn off the radio
1616 * clear transmit machinery
1617 * clear receive machinery
1618 * drain and release tx queues
1619 * reclaim beacon resources
1620 * power down hardware
1621 *
1622 * Note that some of this work is not possible if the
1623 * hardware is gone (invalid).
1624 */
86877dfb
RP		 1625#ifdef ATH_TX99_DIAG
1626 if (sc->sc_tx99 != NULL)
1627 sc->sc_tx99->stop(sc->sc_tx99);
1628#endif
1629 callout_stop(&sc->sc_wd_ch);
1630 sc->sc_wd_timer = 0;
193b341d 1631 ifp->if_flags &= ~IFF_RUNNING;
193b341d
SZ		 1632 if (!sc->sc_invalid) {
1633 if (sc->sc_softled) {
1634 callout_stop(&sc->sc_ledtimer);
1635 ath_hal_gpioset(ah, sc->sc_ledpin,
1636 !sc->sc_ledon);
1637 sc->sc_blinking = 0;
1638 }
1639 ath_hal_intrset(ah, 0);
1640 }
1641 ath_draintxq(sc);
1642 if (!sc->sc_invalid) {
1643 ath_stoprecv(sc);
1644 ath_hal_phydisable(ah);
1645 } else
1646 sc->sc_rxlink = NULL;
86877dfb 1647 ath_beacon_free(sc); /* XXX not needed */
193b341d
SZ		 1648 }
1649}
1650
1651static void
1652ath_stop(struct ifnet *ifp)
1653{
a311f6cd 1654 struct ath_softc *sc __unused = ifp->if_softc;
193b341d 1655
86877dfb 1656 ath_stop_locked(ifp);
193b341d
SZ		 1657}
1658
1659/*
1660 * Reset the hardware w/o losing operational state. This is
1661 * basically a more efficient way of doing ath_stop, ath_init,
1662 * followed by state transitions to the current 802.11
1663 * operational state. Used to recover from various errors and
1664 * to reset or reload hardware state.
1665 */
1666static int
1667ath_reset(struct ifnet *ifp)
1668{
1669 struct ath_softc *sc = ifp->if_softc;
86877dfb 1670 struct ieee80211com *ic = ifp->if_l2com;
193b341d 1671 struct ath_hal *ah = sc->sc_ah;
193b341d
SZ		 1672 HAL_STATUS status;
1673
79e6fd00 1674 kprintf("ath_reset\n");
193b341d
SZ		 1675 ath_hal_intrset(ah, 0); /* disable interrupts */
1676 ath_draintxq(sc); /* stop xmit side */
1677 ath_stoprecv(sc); /* stop recv side */
86877dfb 1678 ath_settkipmic(sc); /* configure TKIP MIC handling */
193b341d 1679 /* NB: indicate channel change so we do a full reset */
86877dfb 1680 if (!ath_hal_reset(ah, sc->sc_opmode, ic->ic_curchan, AH_TRUE, &status))
193b341d
SZ		 1681 if_printf(ifp, "%s: unable to reset hardware; hal status %u\n",
1682 __func__, status);
193b341d 1683 sc->sc_diversity = ath_hal_getdiversity(ah);
86877dfb
RP		 1684 if (ath_startrecv(sc) != 0) /* restart recv */
1685 if_printf(ifp, "%s: unable to start recv logic\n", __func__);
193b341d
SZ		 1686 /*
1687 * We may be doing a reset in response to an ioctl
1688 * that changes the channel so update any state that
1689 * might change as a result.
1690 */
86877dfb
RP		 1691 ath_chan_change(sc, ic->ic_curchan);
1692 if (sc->sc_beacons) { /* restart beacons */
1693#ifdef IEEE80211_SUPPORT_TDMA
1694 if (sc->sc_tdma)
1695 ath_tdma_config(sc, NULL);
1696 else
1697#endif
1698 ath_beacon_config(sc, NULL);
1699 }
193b341d
SZ		 1700 ath_hal_intrset(ah, sc->sc_imask);
1701
86877dfb 1702 ath_start(ifp); /* restart xmit */
193b341d
SZ		 1703 return 0;
1704}
1705
86877dfb
RP		 1706static int
1707ath_reset_vap(struct ieee80211vap *vap, u_long cmd)
193b341d 1708{
86877dfb
RP		 1709 struct ieee80211com *ic = vap->iv_ic;
1710 struct ifnet *ifp = ic->ic_ifp;
193b341d
SZ		 1711 struct ath_softc *sc = ifp->if_softc;
1712 struct ath_hal *ah = sc->sc_ah;
86877dfb
RP		 1713
1714 switch (cmd) {
1715 case IEEE80211_IOC_TXPOWER:
1716 /*
1717 * If per-packet TPC is enabled, then we have nothing
1718 * to do; otherwise we need to force the global limit.
1719 * All this can happen directly; no need to reset.
1720 */
1721 if (!ath_hal_gettpc(ah))
1722 ath_hal_settxpowlimit(ah, ic->ic_txpowlimit);
1723 return 0;
1724 }
1725 return ath_reset(ifp);
1726}
1727
1728static struct ath_buf *
1729_ath_getbuf_locked(struct ath_softc *sc)
1730{
1731 struct ath_buf *bf;
1732
86877dfb
RP		 1733 bf = STAILQ_FIRST(&sc->sc_txbuf);
1734 if (bf != NULL && (bf->bf_flags & ATH_BUF_BUSY) == 0)
1735 STAILQ_REMOVE_HEAD(&sc->sc_txbuf, bf_list);
1736 else
1737 bf = NULL;
1738 if (bf == NULL) {
0c208ba4 1739 kprintf("ath: ran out of descriptors\n");
86877dfb
RP		 1740 DPRINTF(sc, ATH_DEBUG_XMIT, "%s: %s\n", __func__,
1741 STAILQ_FIRST(&sc->sc_txbuf) == NULL ?
1742 "out of xmit buffers" : "xmit buffer busy");
1743 }
1744 return bf;
1745}
1746
1747static struct ath_buf *
1748ath_getbuf(struct ath_softc *sc)
1749{
193b341d 1750 struct ath_buf *bf;
86877dfb 1751
86877dfb
RP		 1752 bf = _ath_getbuf_locked(sc);
1753 if (bf == NULL) {
1754 struct ifnet *ifp = sc->sc_ifp;
1755
1756 DPRINTF(sc, ATH_DEBUG_XMIT, "%s: stop queue\n", __func__);
1757 sc->sc_stats.ast_tx_qstop++;
1758 ifp->if_flags |= IFF_OACTIVE;
1759 }
86877dfb
RP		 1760 return bf;
1761}
1762
1763/*
1764 * Cleanup driver resources when we run out of buffers
1765 * while processing fragments; return the tx buffers
1766 * allocated and drop node references.
1767 */
1768static void
1769ath_txfrag_cleanup(struct ath_softc *sc,
1770 ath_bufhead *frags, struct ieee80211_node *ni)
1771{
1772 struct ath_buf *bf, *next;
1773
86877dfb
RP		 1774 STAILQ_FOREACH_MUTABLE(bf, frags, bf_list, next) {
1775 /* NB: bf assumed clean */
1776 STAILQ_REMOVE_HEAD(frags, bf_list);
1777 STAILQ_INSERT_HEAD(&sc->sc_txbuf, bf, bf_list);
1778 ieee80211_node_decref(ni);
1779 }
1780}
1781
1782/*
1783 * Setup xmit of a fragmented frame. Allocate a buffer
1784 * for each frag and bump the node reference count to
1785 * reflect the held reference to be setup by ath_tx_start.
1786 */
1787static int
1788ath_txfrag_setup(struct ath_softc *sc, ath_bufhead *frags,
1789 struct mbuf *m0, struct ieee80211_node *ni)
1790{
193b341d 1791 struct mbuf *m;
86877dfb 1792 struct ath_buf *bf;
193b341d 1793
86877dfb
RP		 1794 for (m = m0->m_nextpkt; m != NULL; m = m->m_nextpkt) {
1795 bf = _ath_getbuf_locked(sc);
1796 if (bf == NULL) { /* out of buffers, cleanup */
1797 ath_txfrag_cleanup(sc, frags, ni);
1798 break;
1799 }
1800 ieee80211_node_incref(ni);
1801 STAILQ_INSERT_TAIL(frags, bf, bf_list);
9db4b353
SZ		 1802 }
1803
86877dfb
RP		 1804 return !STAILQ_EMPTY(frags);
1805}
1806
1807static void
1808ath_start(struct ifnet *ifp)
1809{
1810 struct ath_softc *sc = ifp->if_softc;
1811 struct ieee80211_node *ni;
1812 struct ath_buf *bf;
1813 struct mbuf *m, *next;
1814 ath_bufhead frags;
193b341d 1815
2508f206
RP		 1816 if ((ifp->if_flags & IFF_RUNNING) == 0 || sc->sc_invalid) {
1817 ifq_purge(&ifp->if_snd);
86877dfb 1818 return;
2508f206 1819 }
193b341d
SZ		 1820 for (;;) {
1821 /*
1822 * Grab a TX buffer and associated resources.
1823 */
86877dfb
RP		 1824 bf = ath_getbuf(sc);
1825 if (bf == NULL)
1826 break;
1827
1828 IF_DEQUEUE(&ifp->if_snd, m);
1829 if (m == NULL) {
86877dfb 1830 STAILQ_INSERT_HEAD(&sc->sc_txbuf, bf, bf_list);
193b341d
SZ		 1831 break;
1832 }
86877dfb 1833 ni = (struct ieee80211_node *) m->m_pkthdr.rcvif;
193b341d 1834 /*
86877dfb
RP		 1835 * Check for fragmentation. If this frame
1836 * has been broken up verify we have enough
1837 * buffers to send all the fragments so all
1838 * go out or none...
193b341d 1839 */
86877dfb
RP		 1840 STAILQ_INIT(&frags);
1841 if ((m->m_flags & M_FRAG) &&
1842 !ath_txfrag_setup(sc, &frags, m, ni)) {
1843 DPRINTF(sc, ATH_DEBUG_XMIT,
1844 "%s: out of txfrag buffers\n", __func__);
1845 sc->sc_stats.ast_tx_nofrag++;
1846 ifp->if_oerrors++;
1847 ath_freetx(m);
1848 goto bad;
193b341d 1849 }
86877dfb
RP		 1850 ifp->if_opackets++;
1851 nextfrag:
1852 /*
1853 * Pass the frame to the h/w for transmission.
1854 * Fragmented frames have each frag chained together
1855 * with m_nextpkt. We know there are sufficient ath_buf's
1856 * to send all the frags because of work done by
1857 * ath_txfrag_setup. We leave m_nextpkt set while
1858 * calling ath_tx_start so it can use it to extend the
1859 * the tx duration to cover the subsequent frag and
1860 * so it can reclaim all the mbufs in case of an error;
1861 * ath_tx_start clears m_nextpkt once it commits to
1862 * handing the frame to the hardware.
1863 */
1864 next = m->m_nextpkt;
193b341d 1865 if (ath_tx_start(sc, ni, bf, m)) {
86877dfb 1866 bad:
193b341d 1867 ifp->if_oerrors++;
86877dfb
RP		 1868 reclaim:
1869 bf->bf_m = NULL;
1870 bf->bf_node = NULL;
86877dfb
RP		 1871 STAILQ_INSERT_HEAD(&sc->sc_txbuf, bf, bf_list);
1872 ath_txfrag_cleanup(sc, &frags, ni);
193b341d
SZ		 1873 if (ni != NULL)
1874 ieee80211_free_node(ni);
1875 continue;
1876 }
86877dfb
RP		 1877 if (next != NULL) {
1878 /*
1879 * Beware of state changing between frags.
1880 * XXX check sta power-save state?
1881 */
1882 if (ni->ni_vap->iv_state != IEEE80211_S_RUN) {
1883 DPRINTF(sc, ATH_DEBUG_XMIT,
1884 "%s: flush fragmented packet, state %s\n",
1885 __func__,
1886 ieee80211_state_name[ni->ni_vap->iv_state]);
1887 ath_freetx(next);
1888 goto reclaim;
1889 }
1890 m = next;
1891 bf = STAILQ_FIRST(&frags);
1892 KASSERT(bf != NULL, ("no buf for txfrag"));
1893 STAILQ_REMOVE_HEAD(&frags, bf_list);
1894 goto nextfrag;
1895 }
193b341d 1896
86877dfb 1897 sc->sc_wd_timer = 5;
193b341d
SZ		 1898 }
1899}
1900
1901static int
1902ath_media_change(struct ifnet *ifp)
1903{
86877dfb
RP		 1904 int error = ieee80211_media_change(ifp);
1905 /* NB: only the fixed rate can change and that doesn't need a reset */
1906 return (error == ENETRESET ? 0 : error);
193b341d
SZ		 1907}
1908
1909#ifdef ATH_DEBUG
1910static void
8982d733 1911ath_keyprint(struct ath_softc *sc, const char *tag, u_int ix,
86877dfb 1912 const HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
193b341d
SZ		 1913{
1914 static const char *ciphers[] = {
1915 "WEP",
1916 "AES-OCB",
1917 "AES-CCM",
1918 "CKIP",
1919 "TKIP",
1920 "CLR",
1921 };
1922 int i, n;
1923
2508f206 1924 kprintf("%s: [%02u] %-7s ", tag, ix, ciphers[hk->kv_type]);
193b341d 1925 for (i = 0, n = hk->kv_len; i < n; i++)
2508f206 1926 kprintf("%02x", hk->kv_val[i]);
638601ca 1927 kprintf(" mac %6D", mac, ":");
193b341d 1928 if (hk->kv_type == HAL_CIPHER_TKIP) {
2508f206 1929 kprintf(" %s ", sc->sc_splitmic ? "mic" : "rxmic");
193b341d 1930 for (i = 0; i < sizeof(hk->kv_mic); i++)
2508f206 1931 kprintf("%02x", hk->kv_mic[i]);
8982d733 1932 if (!sc->sc_splitmic) {
2508f206 1933 kprintf(" txmic ");
8982d733 1934 for (i = 0; i < sizeof(hk->kv_txmic); i++)
2508f206 1935 kprintf("%02x", hk->kv_txmic[i]);
8982d733 1936 }
193b341d 1937 }
2508f206 1938 kprintf("\n");
193b341d
SZ		 1939}
1940#endif
1941
1942/*
1943 * Set a TKIP key into the hardware. This handles the
1944 * potential distribution of key state to multiple key
1945 * cache slots for TKIP.
1946 */
1947static int
1948ath_keyset_tkip(struct ath_softc *sc, const struct ieee80211_key *k,
86877dfb 1949 HAL_KEYVAL *hk, const u_int8_t mac[IEEE80211_ADDR_LEN])
193b341d
SZ		 1950{
1951#define IEEE80211_KEY_XR (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV)
86877dfb 1952 static const u_int8_t zerobssid[IEEE80211_ADDR_LEN];
193b341d
SZ		 1953 struct ath_hal *ah = sc->sc_ah;
1954
1955 KASSERT(k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP,
1956 ("got a non-TKIP key, cipher %u", k->wk_cipher->ic_cipher));
193b341d 1957 if ((k->wk_flags & IEEE80211_KEY_XR) == IEEE80211_KEY_XR) {
8982d733
SZ		 1958 if (sc->sc_splitmic) {
1959 /*
1960 * TX key goes at first index, RX key at the rx index.
1961 * The hal handles the MIC keys at index+64.
1962 */
1963 memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_mic));
1964 KEYPRINTF(sc, k->wk_keyix, hk, zerobssid);
1965 if (!ath_hal_keyset(ah, k->wk_keyix, hk, zerobssid))
1966 return 0;
1967
1968 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
1969 KEYPRINTF(sc, k->wk_keyix+32, hk, mac);
1970 /* XXX delete tx key on failure? */
1971 return ath_hal_keyset(ah, k->wk_keyix+32, hk, mac);
1972 } else {
1973 /*
1974 * Room for both TX+RX MIC keys in one key cache
1975 * slot, just set key at the first index; the hal
86877dfb 1976 * will handle the rest.
8982d733
SZ		 1977 */
1978 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
8982d733 1979 memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
8982d733
SZ		 1980 KEYPRINTF(sc, k->wk_keyix, hk, mac);
1981 return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
1982 }
86877dfb
RP		 1983 } else if (k->wk_flags & IEEE80211_KEY_XMIT) {
1984 if (sc->sc_splitmic) {
1985 /*
1986 * NB: must pass MIC key in expected location when
1987 * the keycache only holds one MIC key per entry.
1988 */
1989 memcpy(hk->kv_mic, k->wk_txmic, sizeof(hk->kv_txmic));
1990 } else
1991 memcpy(hk->kv_txmic, k->wk_txmic, sizeof(hk->kv_txmic));
1992 KEYPRINTF(sc, k->wk_keyix, hk, mac);
1993 return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
1994 } else if (k->wk_flags & IEEE80211_KEY_RECV) {
1995 memcpy(hk->kv_mic, k->wk_rxmic, sizeof(hk->kv_mic));
193b341d
SZ		 1996 KEYPRINTF(sc, k->wk_keyix, hk, mac);
1997 return ath_hal_keyset(ah, k->wk_keyix, hk, mac);
1998 }
1999 return 0;
2000#undef IEEE80211_KEY_XR
2001}
2002
2003/*
2004 * Set a net80211 key into the hardware. This handles the
2005 * potential distribution of key state to multiple key
2006 * cache slots for TKIP with hardware MIC support.
2007 */
2008static int
2009ath_keyset(struct ath_softc *sc, const struct ieee80211_key *k,
193b341d
SZ		 2010 struct ieee80211_node *bss)
2011{
2012#define N(a) (sizeof(a)/sizeof(a[0]))
86877dfb 2013 static const u_int8_t ciphermap[] = {
193b341d
SZ		 2014 HAL_CIPHER_WEP, /* IEEE80211_CIPHER_WEP */
2015 HAL_CIPHER_TKIP, /* IEEE80211_CIPHER_TKIP */
2016 HAL_CIPHER_AES_OCB, /* IEEE80211_CIPHER_AES_OCB */
2017 HAL_CIPHER_AES_CCM, /* IEEE80211_CIPHER_AES_CCM */
86877dfb 2018 (u_int8_t) -1, /* 4 is not allocated */
193b341d
SZ		 2019 HAL_CIPHER_CKIP, /* IEEE80211_CIPHER_CKIP */
2020 HAL_CIPHER_CLR, /* IEEE80211_CIPHER_NONE */
2021 };
2022 struct ath_hal *ah = sc->sc_ah;
2023 const struct ieee80211_cipher *cip = k->wk_cipher;
86877dfb
RP		 2024 u_int8_t gmac[IEEE80211_ADDR_LEN];
2025 const u_int8_t *mac;
193b341d
SZ		 2026 HAL_KEYVAL hk;
2027
2028 memset(&hk, 0, sizeof(hk));
2029 /*
2030 * Software crypto uses a "clear key" so non-crypto
2031 * state kept in the key cache are maintained and
2032 * so that rx frames have an entry to match.
2033 */
2034 if ((k->wk_flags & IEEE80211_KEY_SWCRYPT) == 0) {
2035 KASSERT(cip->ic_cipher < N(ciphermap),
2036 ("invalid cipher type %u", cip->ic_cipher));
2037 hk.kv_type = ciphermap[cip->ic_cipher];
2038 hk.kv_len = k->wk_keylen;
2039 memcpy(hk.kv_val, k->wk_key, k->wk_keylen);
2040 } else
2041 hk.kv_type = HAL_CIPHER_CLR;
2042
2043 if ((k->wk_flags & IEEE80211_KEY_GROUP) && sc->sc_mcastkey) {
2044 /*
2045 * Group keys on hardware that supports multicast frame
86877dfb 2046 * key search use a MAC that is the sender's address with
193b341d
SZ		 2047 * the high bit set instead of the app-specified address.
2048 */
2049 IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr);
2050 gmac[0] |= 0x80;
2051 mac = gmac;
2052 } else
86877dfb 2053 mac = k->wk_macaddr;
193b341d
SZ		 2054
2055 if (hk.kv_type == HAL_CIPHER_TKIP &&
8982d733 2056 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
193b341d
SZ		 2057 return ath_keyset_tkip(sc, k, &hk, mac);
2058 } else {
2059 KEYPRINTF(sc, k->wk_keyix, &hk, mac);
2060 return ath_hal_keyset(ah, k->wk_keyix, &hk, mac);
2061 }
2062#undef N
2063}
2064
2065/*
2066 * Allocate tx/rx key slots for TKIP. We allocate two slots for
2067 * each key, one for decrypt/encrypt and the other for the MIC.
2068 */
86877dfb 2069static u_int16_t
193b341d
SZ		 2070key_alloc_2pair(struct ath_softc *sc,
2071 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
2072{
2073#define N(a) (sizeof(a)/sizeof(a[0]))
2074 u_int i, keyix;
2075
2076 KASSERT(sc->sc_splitmic, ("key cache !split"));
2077 /* XXX could optimize */
2078 for (i = 0; i < N(sc->sc_keymap)/4; i++) {
86877dfb 2079 u_int8_t b = sc->sc_keymap[i];
193b341d
SZ		 2080 if (b != 0xff) {
2081 /*
2082 * One or more slots in this byte are free.
2083 */
2084 keyix = i*NBBY;
2085 while (b & 1) {
2086 again:
2087 keyix++;
2088 b >>= 1;
2089 }
2090 /* XXX IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV */
2091 if (isset(sc->sc_keymap, keyix+32) ||
2092 isset(sc->sc_keymap, keyix+64) ||
2093 isset(sc->sc_keymap, keyix+32+64)) {
2094 /* full pair unavailable */
2095 /* XXX statistic */
2096 if (keyix == (i+1)*NBBY) {
2097 /* no slots were appropriate, advance */
2098 continue;
2099 }
2100 goto again;
2101 }
2102 setbit(sc->sc_keymap, keyix);
2103 setbit(sc->sc_keymap, keyix+64);
2104 setbit(sc->sc_keymap, keyix+32);
2105 setbit(sc->sc_keymap, keyix+32+64);
2106 DPRINTF(sc, ATH_DEBUG_KEYCACHE,
2107 "%s: key pair %u,%u %u,%u\n",
2108 __func__, keyix, keyix+64,
2109 keyix+32, keyix+32+64);
2110 *txkeyix = keyix;
2111 *rxkeyix = keyix+32;
2112 return 1;
2113 }
2114 }
2115 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
2116 return 0;
2117#undef N
2118}
2119
2120/*
8982d733
SZ		 2121 * Allocate tx/rx key slots for TKIP. We allocate two slots for
2122 * each key, one for decrypt/encrypt and the other for the MIC.
2123 */
86877dfb 2124static u_int16_t
8982d733
SZ		 2125key_alloc_pair(struct ath_softc *sc,
2126 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
2127{
2128#define N(a) (sizeof(a)/sizeof(a[0]))
2129 u_int i, keyix;
2130
2131 KASSERT(!sc->sc_splitmic, ("key cache split"));
2132 /* XXX could optimize */
2133 for (i = 0; i < N(sc->sc_keymap)/4; i++) {
86877dfb 2134 u_int8_t b = sc->sc_keymap[i];
8982d733
SZ		 2135 if (b != 0xff) {
2136 /*
2137 * One or more slots in this byte are free.
2138 */
2139 keyix = i*NBBY;
2140 while (b & 1) {
2141 again:
2142 keyix++;
2143 b >>= 1;
2144 }
2145 if (isset(sc->sc_keymap, keyix+64)) {
2146 /* full pair unavailable */
2147 /* XXX statistic */
2148 if (keyix == (i+1)*NBBY) {
2149 /* no slots were appropriate, advance */
2150 continue;
2151 }
2152 goto again;
2153 }
2154 setbit(sc->sc_keymap, keyix);
2155 setbit(sc->sc_keymap, keyix+64);
2156 DPRINTF(sc, ATH_DEBUG_KEYCACHE,
2157 "%s: key pair %u,%u\n",
2158 __func__, keyix, keyix+64);
2159 *txkeyix = *rxkeyix = keyix;
2160 return 1;
2161 }
2162 }
2163 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of pair space\n", __func__);
2164 return 0;
2165#undef N
2166}
2167
2168/*
193b341d
SZ		 2169 * Allocate a single key cache slot.
2170 */
2171static int
2172key_alloc_single(struct ath_softc *sc,
2173 ieee80211_keyix *txkeyix, ieee80211_keyix *rxkeyix)
2174{
2175#define N(a) (sizeof(a)/sizeof(a[0]))
2176 u_int i, keyix;
2177
2178 /* XXX try i,i+32,i+64,i+32+64 to minimize key pair conflicts */
2179 for (i = 0; i < N(sc->sc_keymap); i++) {
86877dfb 2180 u_int8_t b = sc->sc_keymap[i];
193b341d
SZ		 2181 if (b != 0xff) {
2182 /*
2183 * One or more slots are free.
2184 */
2185 keyix = i*NBBY;
2186 while (b & 1)
2187 keyix++, b >>= 1;
2188 setbit(sc->sc_keymap, keyix);
2189 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: key %u\n",
2190 __func__, keyix);
2191 *txkeyix = *rxkeyix = keyix;
2192 return 1;
2193 }
2194 }
2195 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: out of space\n", __func__);
2196 return 0;
2197#undef N
2198}
2199
2200/*
2201 * Allocate one or more key cache slots for a uniacst key. The
2202 * key itself is needed only to identify the cipher. For hardware
2203 * TKIP with split cipher+MIC keys we allocate two key cache slot
2204 * pairs so that we can setup separate TX and RX MIC keys. Note
2205 * that the MIC key for a TKIP key at slot i is assumed by the
2206 * hardware to be at slot i+64. This limits TKIP keys to the first
2207 * 64 entries.
2208 */
2209static int
86877dfb 2210ath_key_alloc(struct ieee80211vap *vap, struct ieee80211_key *k,
193b341d
SZ		 2211 ieee80211_keyix *keyix, ieee80211_keyix *rxkeyix)
2212{
86877dfb 2213 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
193b341d
SZ		 2214
2215 /*
2216 * Group key allocation must be handled specially for
2217 * parts that do not support multicast key cache search
2218 * functionality. For those parts the key id must match
2219 * the h/w key index so lookups find the right key. On
2220 * parts w/ the key search facility we install the sender's
2221 * mac address (with the high bit set) and let the hardware
2222 * find the key w/o using the key id. This is preferred as
2223 * it permits us to support multiple users for adhoc and/or
2224 * multi-station operation.
2225 */
86877dfb
RP		 2226 if (k->wk_keyix != IEEE80211_KEYIX_NONE) {
2227 /*
2228 * Only global keys should have key index assigned.
2229 */
2230 if (!(&vap->iv_nw_keys[0] <= k &&
2231 k < &vap->iv_nw_keys[IEEE80211_WEP_NKID])) {
193b341d
SZ		 2232 /* should not happen */
2233 DPRINTF(sc, ATH_DEBUG_KEYCACHE,
2234 "%s: bogus group key\n", __func__);
2235 return 0;
2236 }
86877dfb
RP		 2237 if (vap->iv_opmode != IEEE80211_M_HOSTAP ||
2238 !(k->wk_flags & IEEE80211_KEY_GROUP) ||
2239 !sc->sc_mcastkey) {
2240 /*
2241 * XXX we pre-allocate the global keys so
2242 * have no way to check if they've already
2243 * been allocated.
2244 */
2245 *keyix = *rxkeyix = k - vap->iv_nw_keys;
2246 return 1;
2247 }
193b341d 2248 /*
86877dfb 2249 * Group key and device supports multicast key search.
193b341d 2250 */
86877dfb 2251 k->wk_keyix = IEEE80211_KEYIX_NONE;
193b341d
SZ		 2252 }
2253
2254 /*
2255 * We allocate two pair for TKIP when using the h/w to do
2256 * the MIC. For everything else, including software crypto,
2257 * we allocate a single entry. Note that s/w crypto requires
2258 * a pass-through slot on the 5211 and 5212. The 5210 does
2259 * not support pass-through cache entries and we map all
2260 * those requests to slot 0.
2261 */
2262 if (k->wk_flags & IEEE80211_KEY_SWCRYPT) {
2263 return key_alloc_single(sc, keyix, rxkeyix);
2264 } else if (k->wk_cipher->ic_cipher == IEEE80211_CIPHER_TKIP &&
8982d733
SZ		 2265 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
2266 if (sc->sc_splitmic)
2267 return key_alloc_2pair(sc, keyix, rxkeyix);
2268 else
2269 return key_alloc_pair(sc, keyix, rxkeyix);
193b341d
SZ		 2270 } else {
2271 return key_alloc_single(sc, keyix, rxkeyix);
2272 }
2273}
2274
2275/*
2276 * Delete an entry in the key cache allocated by ath_key_alloc.
2277 */
2278static int
86877dfb 2279ath_key_delete(struct ieee80211vap *vap, const struct ieee80211_key *k)
193b341d 2280{
86877dfb 2281 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
193b341d
SZ		 2282 struct ath_hal *ah = sc->sc_ah;
2283 const struct ieee80211_cipher *cip = k->wk_cipher;
2284 u_int keyix = k->wk_keyix;
2285
2286 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s: delete key %u\n", __func__, keyix);
2287
2288 ath_hal_keyreset(ah, keyix);
2289 /*
2290 * Handle split tx/rx keying required for TKIP with h/w MIC.
2291 */
2292 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
2293 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && sc->sc_splitmic)
2294 ath_hal_keyreset(ah, keyix+32); /* RX key */
2295 if (keyix >= IEEE80211_WEP_NKID) {
2296 /*
2297 * Don't touch keymap entries for global keys so
2298 * they are never considered for dynamic allocation.
2299 */
2300 clrbit(sc->sc_keymap, keyix);
2301 if (cip->ic_cipher == IEEE80211_CIPHER_TKIP &&
8982d733 2302 (k->wk_flags & IEEE80211_KEY_SWMIC) == 0) {
193b341d 2303 clrbit(sc->sc_keymap, keyix+64); /* TX key MIC */
8982d733
SZ		 2304 if (sc->sc_splitmic) {
2305 /* +32 for RX key, +32+64 for RX key MIC */
2306 clrbit(sc->sc_keymap, keyix+32);
2307 clrbit(sc->sc_keymap, keyix+32+64);
2308 }
193b341d
SZ		 2309 }
2310 }
2311 return 1;
2312}
2313
2314/*
2315 * Set the key cache contents for the specified key. Key cache
2316 * slot(s) must already have been allocated by ath_key_alloc.
2317 */
2318static int
86877dfb
RP		 2319ath_key_set(struct ieee80211vap *vap, const struct ieee80211_key *k,
2320 const u_int8_t mac[IEEE80211_ADDR_LEN])
193b341d 2321{
86877dfb 2322 struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
193b341d 2323
86877dfb 2324 return ath_keyset(sc, k, vap->iv_bss);
193b341d
SZ		 2325}
2326
2327/*
2328 * Block/unblock tx+rx processing while a key change is done.
2329 * We assume the caller serializes key management operations
2330 * so we only need to worry about synchronization with other
2331 * uses that originate in the driver.
2332 */
2333static void
86877dfb 2334ath_key_update_begin(struct ieee80211vap *vap)
193b341d 2335{
86877dfb 2336 struct ifnet *ifp = vap->iv_ic->ic_ifp;
193b341d
SZ		 2337 struct ath_softc *sc = ifp->if_softc;
2338
2339 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s:\n", __func__);
86877dfb 2340 taskqueue_block(sc->sc_tq);
193b341d
SZ		 2341}
2342
2343static void
86877dfb 2344ath_key_update_end(struct ieee80211vap *vap)
193b341d 2345{
86877dfb 2346 struct ifnet *ifp = vap->iv_ic->ic_ifp;
193b341d
SZ		 2347 struct ath_softc *sc = ifp->if_softc;
2348
2349 DPRINTF(sc, ATH_DEBUG_KEYCACHE, "%s:\n", __func__);
86877dfb 2350 taskqueue_unblock(sc->sc_tq);
193b341d
SZ		 2351}
2352
2353/*
2354 * Calculate the receive filter according to the
2355 * operating mode and state:
2356 *
2357 * o always accept unicast, broadcast, and multicast traffic
86877dfb
RP		 2358 * o accept PHY error frames when hardware doesn't have MIB support
2359 * to count and we need them for ANI (sta mode only until recently)
2360 * and we are not scanning (ANI is disabled)
2361 * NB: older hal's add rx filter bits out of sight and we need to
2362 * blindly preserve them
193b341d 2363 * o probe request frames are accepted only when operating in
86877dfb
RP		 2364 * hostap, adhoc, mesh, or monitor modes
2365 * o enable promiscuous mode
2366 * - when in monitor mode
2367 * - if interface marked PROMISC (assumes bridge setting is filtered)
193b341d 2368 * o accept beacons:
193b341d
SZ		 2369 * - when operating in station mode for collecting rssi data when
2370 * the station is otherwise quiet, or
86877dfb
RP		 2371 * - when operating in adhoc mode so the 802.11 layer creates
2372 * node table entries for peers,
193b341d 2373 * - when scanning
86877dfb
RP		 2374 * - when doing s/w beacon miss (e.g. for ap+sta)
2375 * - when operating in ap mode in 11g to detect overlapping bss that
2376 * require protection
2377 * - when operating in mesh mode to detect neighbors
ed33fa9f
SW		 2378 * o accept control frames:
2379 * - when in monitor mode
86877dfb
RP		 2380 * XXX BAR frames for 11n
2381 * XXX HT protection for 11n
193b341d 2382 */
86877dfb
RP		 2383static u_int32_t
2384ath_calcrxfilter(struct ath_softc *sc)
193b341d 2385{
86877dfb
RP		 2386 struct ifnet *ifp = sc->sc_ifp;
2387 struct ieee80211com *ic = ifp->if_l2com;
2388 u_int32_t rfilt;
193b341d 2389
86877dfb
RP		 2390 rfilt = HAL_RX_FILTER_UCAST | HAL_RX_FILTER_BCAST | HAL_RX_FILTER_MCAST;
2391 if (!sc->sc_needmib && !sc->sc_scanning)
2392 rfilt |= HAL_RX_FILTER_PHYERR;
193b341d
SZ		 2393 if (ic->ic_opmode != IEEE80211_M_STA)
2394 rfilt |= HAL_RX_FILTER_PROBEREQ;
86877dfb
RP		 2395 /* XXX ic->ic_monvaps != 0? */
2396 if (ic->ic_opmode == IEEE80211_M_MONITOR || (ifp->if_flags & IFF_PROMISC))
193b341d
SZ		 2397 rfilt |= HAL_RX_FILTER_PROM;
2398 if (ic->ic_opmode == IEEE80211_M_STA ||
2399 ic->ic_opmode == IEEE80211_M_IBSS ||
86877dfb
RP		 2400 sc->sc_swbmiss || sc->sc_scanning)
2401 rfilt |= HAL_RX_FILTER_BEACON;
2402 /*
2403 * NB: We don't recalculate the rx filter when
2404 * ic_protmode changes; otherwise we could do
2405 * this only when ic_protmode != NONE.
2406 */
2407 if (ic->ic_opmode == IEEE80211_M_HOSTAP &&
2408 IEEE80211_IS_CHAN_ANYG(ic->ic_curchan))
2409 rfilt |= HAL_RX_FILTER_BEACON;
2410 if (sc->sc_nmeshvaps) {
193b341d 2411 rfilt |= HAL_RX_FILTER_BEACON;
86877dfb
RP		 2412 if (sc->sc_hasbmatch)
2413 rfilt |= HAL_RX_FILTER_BSSID;
2414 else
2415 rfilt |= HAL_RX_FILTER_PROM;
2416 }
ed33fa9f
SW		 2417 if (ic->ic_opmode == IEEE80211_M_MONITOR)
2418 rfilt |= HAL_RX_FILTER_CONTROL;
86877dfb
RP		 2419 DPRINTF(sc, ATH_DEBUG_MODE, "%s: RX filter 0x%x, %s if_flags 0x%x\n",
2420 __func__, rfilt, ieee80211_opmode_name[ic->ic_opmode], ifp->if_flags);
193b341d 2421 return rfilt;
193b341d
SZ		 2422}
2423
2424static void
86877dfb 2425ath_update_promisc(struct ifnet *ifp)
193b341d 2426{
86877dfb
RP		 2427 struct ath_softc *sc = ifp->if_softc;
2428 u_int32_t rfilt;
193b341d
SZ		 2429
2430 /* configure rx filter */
86877dfb
RP		 2431 rfilt = ath_calcrxfilter(sc);
2432 ath_hal_setrxfilter(sc->sc_ah, rfilt);
193b341d 2433
86877dfb
RP		 2434 DPRINTF(sc, ATH_DEBUG_MODE, "%s: RX filter 0x%x\n", __func__, rfilt);
2435}
193b341d 2436
86877dfb
RP		 2437static void
2438ath_update_mcast(struct ifnet *ifp)
2439{
2440 struct ath_softc *sc = ifp->if_softc;
2441 u_int32_t mfilt[2];
193b341d
SZ		 2442
2443 /* calculate and install multicast filter */
2444 if ((ifp->if_flags & IFF_ALLMULTI) == 0) {
86877dfb
RP		 2445 struct ifmultiaddr *ifma;
2446 /*
2447 * Merge multicast addresses to form the hardware filter.
2448 */
193b341d 2449 mfilt[0] = mfilt[1] = 0;
86877dfb
RP		 2450#ifdef __FreeBSD__
2451 if_maddr_rlock(ifp); /* XXX need some fiddling to remove? */
2452#endif
441d34b2 2453 TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
193b341d 2454 caddr_t dl;
86877dfb
RP		 2455 u_int32_t val;
2456 u_int8_t pos;
193b341d
SZ		 2457
2458 /* calculate XOR of eight 6bit values */
86877dfb 2459 dl = LLADDR((struct sockaddr_dl *) ifma->ifma_addr);
193b341d
SZ		 2460 val = LE_READ_4(dl + 0);
2461 pos = (val >> 18) ^ (val >> 12) ^ (val >> 6) ^ val;
2462 val = LE_READ_4(dl + 3);
2463 pos ^= (val >> 18) ^ (val >> 12) ^ (val >> 6) ^ val;
2464 pos &= 0x3f;
2465 mfilt[pos / 32] |= (1 << (pos % 32));
2466 }
86877dfb
RP		 2467#ifdef __FreeBSD__
2468 if_maddr_runlock(ifp);
2469#endif
2470 } else
193b341d 2471 mfilt[0] = mfilt[1] = ~0;
86877dfb
RP		 2472 ath_hal_setmcastfilter(sc->sc_ah, mfilt[0], mfilt[1]);
2473 DPRINTF(sc, ATH_DEBUG_MODE, "%s: MC filter %08x:%08x\n",
2474 __func__, mfilt[0], mfilt[1]);
2475}
2476
2477static void
2478ath_mode_init(struct ath_softc *sc)
2479{
2480 struct ifnet *ifp = sc->sc_ifp;
2481 struct ath_hal *ah = sc->sc_ah;
2482 u_int32_t rfilt;
2483
2484 /* configure rx filter */
2485 rfilt = ath_calcrxfilter(sc);
2486 ath_hal_setrxfilter(ah, rfilt);
2487
2488 /* configure operational mode */
2489 ath_hal_setopmode(ah);
2490
2491 /* handle any link-level address change */
2492 ath_hal_setmac(ah, IF_LLADDR(ifp));
2493
2494 /* calculate and install multicast filter */
2495 ath_update_mcast(ifp);
193b341d
SZ		 2496}
2497
2498/*
2499 * Set the slot time based on the current setting.
2500 */
2501static void
2502ath_setslottime(struct ath_softc *sc)
2503{
86877dfb 2504 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
193b341d 2505 struct ath_hal *ah = sc->sc_ah;
86877dfb
RP		 2506 u_int usec;
2507
2508 if (IEEE80211_IS_CHAN_HALF(ic->ic_curchan))
2509 usec = 13;
2510 else if (IEEE80211_IS_CHAN_QUARTER(ic->ic_curchan))
2511 usec = 21;
2512 else if (IEEE80211_IS_CHAN_ANYG(ic->ic_curchan)) {
2513 /* honor short/long slot time only in 11g */
2514 /* XXX shouldn't honor on pure g or turbo g channel */
2515 if (ic->ic_flags & IEEE80211_F_SHSLOT)
2516 usec = HAL_SLOT_TIME_9;
2517 else
2518 usec = HAL_SLOT_TIME_20;
2519 } else
2520 usec = HAL_SLOT_TIME_9;
193b341d 2521
86877dfb
RP		 2522 DPRINTF(sc, ATH_DEBUG_RESET,
2523 "%s: chan %u MHz flags 0x%x %s slot, %u usec\n",
2524 __func__, ic->ic_curchan->ic_freq, ic->ic_curchan->ic_flags,
2525 ic->ic_flags & IEEE80211_F_SHSLOT ? "short" : "long", usec);
2526
2527 ath_hal_setslottime(ah, usec);
193b341d
SZ		 2528 sc->sc_updateslot = OK;
2529}
2530
2531/*
2532 * Callback from the 802.11 layer to update the
2533 * slot time based on the current setting.
2534 */
2535static void
2536ath_updateslot(struct ifnet *ifp)
2537{
2538 struct ath_softc *sc = ifp->if_softc;
86877dfb 2539 struct ieee80211com *ic = ifp->if_l2com;
193b341d
SZ		 2540
2541 /*
2542 * When not coordinating the BSS, change the hardware
2543 * immediately. For other operation we defer the change
2544 * until beacon updates have propagated to the stations.
2545 */
86877dfb
RP		 2546 if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
2547 ic->ic_opmode == IEEE80211_M_MBSS)
193b341d
SZ		 2548 sc->sc_updateslot = UPDATE;
2549 else
2550 ath_setslottime(sc);
2551}
2552
2553/*
2554 * Setup a h/w transmit queue for beacons.
2555 */
2556static int
2557ath_beaconq_setup(struct ath_hal *ah)
2558{
2559 HAL_TXQ_INFO qi;
2560
2561 memset(&qi, 0, sizeof(qi));
2562 qi.tqi_aifs = HAL_TXQ_USEDEFAULT;
2563 qi.tqi_cwmin = HAL_TXQ_USEDEFAULT;
2564 qi.tqi_cwmax = HAL_TXQ_USEDEFAULT;
2565 /* NB: for dynamic turbo, don't enable any other interrupts */
2566 qi.tqi_qflags = HAL_TXQ_TXDESCINT_ENABLE;
2567 return ath_hal_setuptxqueue(ah, HAL_TX_QUEUE_BEACON, &qi);
2568}
2569
2570/*
2571 * Setup the transmit queue parameters for the beacon queue.
2572 */
2573static int
2574ath_beaconq_config(struct ath_softc *sc)
2575{
2576#define ATH_EXPONENT_TO_VALUE(v) ((1<<(v))-1)
86877dfb 2577 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
193b341d
SZ		 2578 struct ath_hal *ah = sc->sc_ah;
2579 HAL_TXQ_INFO qi;
2580
2581 ath_hal_gettxqueueprops(ah, sc->sc_bhalq, &qi);
86877dfb
RP		 2582 if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
2583 ic->ic_opmode == IEEE80211_M_MBSS) {
193b341d
SZ		 2584 /*
2585 * Always burst out beacon and CAB traffic.
2586 */
2587 qi.tqi_aifs = ATH_BEACON_AIFS_DEFAULT;
2588 qi.tqi_cwmin = ATH_BEACON_CWMIN_DEFAULT;
2589 qi.tqi_cwmax = ATH_BEACON_CWMAX_DEFAULT;
2590 } else {
2591 struct wmeParams *wmep =
2592 &ic->ic_wme.wme_chanParams.cap_wmeParams[WME_AC_BE];
2593 /*
2594 * Adhoc mode; important thing is to use 2x cwmin.
2595 */
2596 qi.tqi_aifs = wmep->wmep_aifsn;
2597 qi.tqi_cwmin = 2*ATH_EXPONENT_TO_VALUE(wmep->wmep_logcwmin);
2598 qi.tqi_cwmax = ATH_EXPONENT_TO_VALUE(wmep->wmep_logcwmax);
2599 }
2600
2601 if (!ath_hal_settxqueueprops(ah, sc->sc_bhalq, &qi)) {
2602 device_printf(sc->sc_dev, "unable to update parameters for "
2603 "beacon hardware queue!\n");
2604 return 0;
2605 } else {
2606 ath_hal_resettxqueue(ah, sc->sc_bhalq); /* push to h/w */
2607 return 1;
2608 }
2609#undef ATH_EXPONENT_TO_VALUE
2610}
2611
2612/*
2613 * Allocate and setup an initial beacon frame.
2614 */
2615static int
2616ath_beacon_alloc(struct ath_softc *sc, struct ieee80211_node *ni)
2617{
86877dfb
RP		 2618 struct ieee80211vap *vap = ni->ni_vap;
2619 struct ath_vap *avp = ATH_VAP(vap);
193b341d
SZ		 2620 struct ath_buf *bf;
2621 struct mbuf *m;
2622 int error;
2623
86877dfb
RP		 2624 bf = avp->av_bcbuf;
2625 if (bf->bf_m != NULL) {
2626 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
2627 m_freem(bf->bf_m);
2628 bf->bf_m = NULL;
2629 }
2630 if (bf->bf_node != NULL) {
2631 ieee80211_free_node(bf->bf_node);
2632 bf->bf_node = NULL;
193b341d 2633 }
86877dfb 2634
193b341d
SZ		 2635 /*
2636 * NB: the beacon data buffer must be 32-bit aligned;
2637 * we assume the mbuf routines will return us something
2638 * with this alignment (perhaps should assert).
2639 */
86877dfb 2640 m = ieee80211_beacon_alloc(ni, &avp->av_boff);
193b341d 2641 if (m == NULL) {
86877dfb 2642 device_printf(sc->sc_dev, "%s: cannot get mbuf\n", __func__);
193b341d
SZ		 2643 sc->sc_stats.ast_be_nombuf++;
2644 return ENOMEM;
2645 }
04522223
RP		 2646 error = bus_dmamap_load_mbuf_segment(sc->sc_dmat, bf->bf_dmamap, m,
2647 bf->bf_segs, 1, &bf->bf_nseg,
86877dfb
RP		 2648 BUS_DMA_NOWAIT);
2649 if (error != 0) {
2650 device_printf(sc->sc_dev,
04522223 2651 "%s: cannot map mbuf, bus_dmamap_load_mbuf_segment returns %d\n",
86877dfb 2652 __func__, error);
193b341d 2653 m_freem(m);
86877dfb 2654 return error;
193b341d 2655 }
86877dfb
RP		 2656
2657 /*
2658 * Calculate a TSF adjustment factor required for staggered
2659 * beacons. Note that we assume the format of the beacon
2660 * frame leaves the tstamp field immediately following the
2661 * header.
2662 */
2663 if (sc->sc_stagbeacons && avp->av_bslot > 0) {
2664 uint64_t tsfadjust;
2665 struct ieee80211_frame *wh;
2666
2667 /*
2668 * The beacon interval is in TU's; the TSF is in usecs.
2669 * We figure out how many TU's to add to align the timestamp
2670 * then convert to TSF units and handle byte swapping before
2671 * inserting it in the frame. The hardware will then add this
2672 * each time a beacon frame is sent. Note that we align vap's
2673 * 1..N and leave vap 0 untouched. This means vap 0 has a
2674 * timestamp in one beacon interval while the others get a
2675 * timstamp aligned to the next interval.
2676 */
2677 tsfadjust = ni->ni_intval *
2678 (ATH_BCBUF - avp->av_bslot) / ATH_BCBUF;
2679 tsfadjust = htole64(tsfadjust << 10); /* TU -> TSF */
2680
2681 DPRINTF(sc, ATH_DEBUG_BEACON,
2682 "%s: %s beacons bslot %d intval %u tsfadjust %llu\n",
2683 __func__, sc->sc_stagbeacons ? "stagger" : "burst",
2684 avp->av_bslot, ni->ni_intval,
2685 (long long unsigned) le64toh(tsfadjust));
2686
2687 wh = mtod(m, struct ieee80211_frame *);
2688 memcpy(&wh[1], &tsfadjust, sizeof(tsfadjust));
2689 }
2690 bf->bf_m = m;
2691 bf->bf_node = ieee80211_ref_node(ni);
2692
2693 return 0;
193b341d
SZ		 2694}
2695
2696/*
2697 * Setup the beacon frame for transmit.
2698 */
2699static void
2700ath_beacon_setup(struct ath_softc *sc, struct ath_buf *bf)
2701{
2702#define USE_SHPREAMBLE(_ic) \
2703 (((_ic)->ic_flags & (IEEE80211_F_SHPREAMBLE | IEEE80211_F_USEBARKER))\
2704 == IEEE80211_F_SHPREAMBLE)
2705 struct ieee80211_node *ni = bf->bf_node;
2706 struct ieee80211com *ic = ni->ni_ic;
2707 struct mbuf *m = bf->bf_m;
2708 struct ath_hal *ah = sc->sc_ah;
2709 struct ath_desc *ds;
2710 int flags, antenna;
2711 const HAL_RATE_TABLE *rt;
86877dfb 2712 u_int8_t rix, rate;
193b341d 2713
ed33fa9f 2714 DPRINTF(sc, ATH_DEBUG_BEACON_PROC, "%s: m %p len %u\n",
193b341d
SZ		 2715 __func__, m, m->m_len);
2716
2717 /* setup descriptors */
2718 ds = bf->bf_desc;
2719
2720 flags = HAL_TXDESC_NOACK;
2721 if (ic->ic_opmode == IEEE80211_M_IBSS && sc->sc_hasveol) {
2722 ds->ds_link = bf->bf_daddr; /* self-linked */
2723 flags |= HAL_TXDESC_VEOL;
2724 /*
2725 * Let hardware handle antenna switching.
2726 */
2727 antenna = sc->sc_txantenna;
2728 } else {
2729 ds->ds_link = 0;
2730 /*
2731 * Switch antenna every 4 beacons.
2732 * XXX assumes two antenna
2733 */
86877dfb
RP		 2734 if (sc->sc_txantenna != 0)
2735 antenna = sc->sc_txantenna;
2736 else if (sc->sc_stagbeacons && sc->sc_nbcnvaps != 0)
2737 antenna = ((sc->sc_stats.ast_be_xmit / sc->sc_nbcnvaps) & 4 ? 2 : 1);
2738 else
2739 antenna = (sc->sc_stats.ast_be_xmit & 4 ? 2 : 1);
193b341d
SZ		 2740 }
2741
2742 KASSERT(bf->bf_nseg == 1,
2743 ("multi-segment beacon frame; nseg %u", bf->bf_nseg));
2744 ds->ds_data = bf->bf_segs[0].ds_addr;
2745 /*
2746 * Calculate rate code.
2747 * XXX everything at min xmit rate
2748 */
86877dfb 2749 rix = 0;
193b341d
SZ		 2750 rt = sc->sc_currates;
2751 rate = rt->info[rix].rateCode;
2752 if (USE_SHPREAMBLE(ic))
2753 rate |= rt->info[rix].shortPreamble;
2754 ath_hal_setuptxdesc(ah, ds
2755 , m->m_len + IEEE80211_CRC_LEN /* frame length */
2756 , sizeof(struct ieee80211_frame)/* header length */
2757 , HAL_PKT_TYPE_BEACON /* Atheros packet type */
2758 , ni->ni_txpower /* txpower XXX */
2759 , rate, 1 /* series 0 rate/tries */
2760 , HAL_TXKEYIX_INVALID /* no encryption */
2761 , antenna /* antenna mode */
2762 , flags /* no ack, veol for beacons */
2763 , 0 /* rts/cts rate */
2764 , 0 /* rts/cts duration */
2765 );
2766 /* NB: beacon's BufLen must be a multiple of 4 bytes */
2767 ath_hal_filltxdesc(ah, ds
2768 , roundup(m->m_len, 4) /* buffer length */
2769 , AH_TRUE /* first segment */
2770 , AH_TRUE /* last segment */
2771 , ds /* first descriptor */
2772 );
86877dfb
RP		 2773#if 0
2774 ath_desc_swap(ds);
2775#endif
193b341d
SZ		 2776#undef USE_SHPREAMBLE
2777}
2778
86877dfb
RP		 2779static void
2780ath_beacon_update(struct ieee80211vap *vap, int item)
2781{
2782 struct ieee80211_beacon_offsets *bo = &ATH_VAP(vap)->av_boff;
2783
2784 setbit(bo->bo_flags, item);
2785}
2786
193b341d 2787/*
ed33fa9f
SW		 2788 * Append the contents of src to dst; both queues
2789 * are assumed to be locked.
2790 */
2791static void
2792ath_txqmove(struct ath_txq *dst, struct ath_txq *src)
2793{
2794 STAILQ_CONCAT(&dst->axq_q, &src->axq_q);
0c208ba4
MD		 2795 if (src->axq_depth)
2796 dst->axq_link = src->axq_link;
ed33fa9f
SW		 2797 src->axq_link = NULL;
2798 dst->axq_depth += src->axq_depth;
2799 src->axq_depth = 0;
2800}
2801
2802/*
193b341d
SZ		 2803 * Transmit a beacon frame at SWBA. Dynamic updates to the
2804 * frame contents are done as needed and the slot time is
2805 * also adjusted based on current state.
2806 */
2807static void
86877dfb 2808ath_beacon_proc(void *arg, int pending)
193b341d 2809{
86877dfb 2810 struct ath_softc *sc = arg;
193b341d 2811 struct ath_hal *ah = sc->sc_ah;
86877dfb
RP		 2812 struct ieee80211vap *vap;
2813 struct ath_buf *bf;
2814 int slot, otherant;
2815 uint32_t bfaddr;
193b341d 2816
86877dfb
RP		 2817 DPRINTF(sc, ATH_DEBUG_BEACON_PROC, "%s: pending %u\n",
2818 __func__, pending);
193b341d
SZ		 2819 /*
2820 * Check if the previous beacon has gone out. If
8982d733
SZ		 2821 * not don't try to post another, skip this period
2822 * and wait for the next. Missed beacons indicate
2823 * a problem and should not occur. If we miss too
2824 * many consecutive beacons reset the device.
193b341d
SZ		 2825 */
2826 if (ath_hal_numtxpending(ah, sc->sc_bhalq) != 0) {
2827 sc->sc_bmisscount++;
ed33fa9f 2828 DPRINTF(sc, ATH_DEBUG_BEACON,
193b341d
SZ		 2829 "%s: missed %u consecutive beacons\n",
2830 __func__, sc->sc_bmisscount);
86877dfb
RP		 2831 if (sc->sc_bmisscount >= ath_bstuck_threshold)
2832 taskqueue_enqueue(sc->sc_tq, &sc->sc_bstucktask);
193b341d
SZ		 2833 return;
2834 }
2835 if (sc->sc_bmisscount != 0) {
2836 DPRINTF(sc, ATH_DEBUG_BEACON,
2837 "%s: resume beacon xmit after %u misses\n",
2838 __func__, sc->sc_bmisscount);
2839 sc->sc_bmisscount = 0;
2840 }
2841
0c208ba4
MD		 2842 /*
2843 * Stop any current dma before messing with the beacon linkages.
2844 */
2845 if (!ath_hal_stoptxdma(ah, sc->sc_bhalq)) {
2846 DPRINTF(sc, ATH_DEBUG_ANY,
2847 "%s: beacon queue %u did not stop?\n",
2848 __func__, sc->sc_bhalq);
2849 }
2850
86877dfb
RP		 2851 if (sc->sc_stagbeacons) { /* staggered beacons */
2852 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
2853 uint32_t tsftu;
193b341d 2854
86877dfb
RP		 2855 tsftu = ath_hal_gettsf32(ah) >> 10;
2856 /* XXX lintval */
2857 slot = ((tsftu % ic->ic_lintval) * ATH_BCBUF) / ic->ic_lintval;
2858 vap = sc->sc_bslot[(slot+1) % ATH_BCBUF];
2859 bfaddr = 0;
2860 if (vap != NULL && vap->iv_state >= IEEE80211_S_RUN) {
2861 bf = ath_beacon_generate(sc, vap);
2862 if (bf != NULL)
2863 bfaddr = bf->bf_daddr;
2864 }
2865 } else { /* burst'd beacons */
2866 uint32_t *bflink = &bfaddr;
2867
2868 for (slot = 0; slot < ATH_BCBUF; slot++) {
2869 vap = sc->sc_bslot[slot];
2870 if (vap != NULL && vap->iv_state >= IEEE80211_S_RUN) {
2871 bf = ath_beacon_generate(sc, vap);
2872 if (bf != NULL) {
2873 *bflink = bf->bf_daddr;
2874 bflink = &bf->bf_desc->ds_link;
2875 }
2876 }
2877 }
2878 *bflink = 0; /* terminate list */
ed33fa9f
SW		 2879 }
2880
193b341d
SZ		 2881 /*
2882 * Handle slot time change when a non-ERP station joins/leaves
2883 * an 11g network. The 802.11 layer notifies us via callback,
2884 * we mark updateslot, then wait one beacon before effecting
2885 * the change. This gives associated stations at least one
2886 * beacon interval to note the state change.
2887 */
2888 /* XXX locking */
86877dfb 2889 if (sc->sc_updateslot == UPDATE) {
193b341d 2890 sc->sc_updateslot = COMMIT; /* commit next beacon */
86877dfb
RP		 2891 sc->sc_slotupdate = slot;
2892 } else if (sc->sc_updateslot == COMMIT && sc->sc_slotupdate == slot)
193b341d
SZ		 2893 ath_setslottime(sc); /* commit change to h/w */
2894
2895 /*
2896 * Check recent per-antenna transmit statistics and flip
2897 * the default antenna if noticeably more frames went out
2898 * on the non-default antenna.
2899 * XXX assumes 2 anntenae
2900 */
86877dfb
RP		 2901 if (!sc->sc_diversity && (!sc->sc_stagbeacons || slot == 0)) {
2902 otherant = sc->sc_defant & 1 ? 2 : 1;
2903 if (sc->sc_ant_tx[otherant] > sc->sc_ant_tx[sc->sc_defant] + 2)
2904 ath_setdefantenna(sc, otherant);
2905 sc->sc_ant_tx[1] = sc->sc_ant_tx[2] = 0;
2906 }
193b341d 2907
86877dfb 2908 if (bfaddr != 0) {
86877dfb
RP		 2909 /* NB: cabq traffic should already be queued and primed */
2910 ath_hal_puttxbuf(ah, sc->sc_bhalq, bfaddr);
86877dfb 2911 sc->sc_stats.ast_be_xmit++;
0c208ba4 2912 ath_hal_txstart(ah, sc->sc_bhalq);
86877dfb 2913 }
0c208ba4 2914 /* else no beacon will be generated */
86877dfb
RP		 2915}
2916
2917static struct ath_buf *
2918ath_beacon_generate(struct ath_softc *sc, struct ieee80211vap *vap)
2919{
2920 struct ath_vap *avp = ATH_VAP(vap);
2921 struct ath_txq *cabq = sc->sc_cabq;
2922 struct ath_buf *bf;
2923 struct mbuf *m;
2924 int nmcastq, error;
2925
2926 KASSERT(vap->iv_state >= IEEE80211_S_RUN,
2927 ("not running, state %d", vap->iv_state));
2928 KASSERT(avp->av_bcbuf != NULL, ("no beacon buffer"));
193b341d
SZ		 2929
2930 /*
86877dfb
RP		 2931 * Update dynamic beacon contents. If this returns
2932 * non-zero then we need to remap the memory because
2933 * the beacon frame changed size (probably because
2934 * of the TIM bitmap).
193b341d 2935 */
86877dfb
RP		 2936 bf = avp->av_bcbuf;
2937 m = bf->bf_m;
2938 nmcastq = avp->av_mcastq.axq_depth;
2939 if (ieee80211_beacon_update(bf->bf_node, &avp->av_boff, m, nmcastq)) {
2940 /* XXX too conservative? */
2941 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
04522223
RP		 2942 error = bus_dmamap_load_mbuf_segment(sc->sc_dmat, bf->bf_dmamap, m,
2943 bf->bf_segs, 1, &bf->bf_nseg,
86877dfb
RP		 2944 BUS_DMA_NOWAIT);
2945 if (error != 0) {
2946 if_printf(vap->iv_ifp,
04522223 2947 "%s: bus_dmamap_load_mbuf_segment failed, error %u\n",
86877dfb
RP		 2948 __func__, error);
2949 return NULL;
2950 }
2951 }
2952 if ((avp->av_boff.bo_tim[4] & 1) && cabq->axq_depth) {
2953 DPRINTF(sc, ATH_DEBUG_BEACON,
2954 "%s: cabq did not drain, mcastq %u cabq %u\n",
2955 __func__, nmcastq, cabq->axq_depth);
2956 sc->sc_stats.ast_cabq_busy++;
2957 if (sc->sc_nvaps > 1 && sc->sc_stagbeacons) {
2958 /*
2959 * CABQ traffic from a previous vap is still pending.
2960 * We must drain the q before this beacon frame goes
2961 * out as otherwise this vap's stations will get cab
2962 * frames from a different vap.
2963 * XXX could be slow causing us to miss DBA
2964 */
2965 ath_tx_draintxq(sc, cabq);
2966 }
193b341d 2967 }
86877dfb 2968 ath_beacon_setup(sc, bf);
193b341d
SZ		 2969 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE);
2970
2971 /*
2972 * Enable the CAB queue before the beacon queue to
2973 * insure cab frames are triggered by this beacon.
2974 */
86877dfb
RP		 2975 if (avp->av_boff.bo_tim[4] & 1) {
2976 struct ath_hal *ah = sc->sc_ah;
2977
8982d733 2978 /* NB: only at DTIM */
ed33fa9f
SW		 2979 if (nmcastq) {
2980 struct ath_buf *bfm;
0c208ba4 2981 int qbusy;
ed33fa9f
SW		 2982
2983 /*
2984 * Move frames from the s/w mcast q to the h/w cab q.
86877dfb 2985 * XXX MORE_DATA bit
ed33fa9f 2986 */
86877dfb 2987 bfm = STAILQ_FIRST(&avp->av_mcastq.axq_q);
0c208ba4
MD		 2988 qbusy = ath_hal_txqenabled(ah, cabq->axq_qnum);
2989 if (qbusy == 0) {
2990 if (cabq->axq_link != NULL) {
2991 cpu_sfence();
2992 *cabq->axq_link = bfm->bf_daddr;
2993 cabq->axq_flags |= ATH_TXQ_PUTPENDING;
2994 } else {
2995 cpu_sfence();
2996 ath_hal_puttxbuf(ah, cabq->axq_qnum,
2997 bfm->bf_daddr);
2998 }
2999 } else {
3000 if (cabq->axq_link != NULL) {
3001 cpu_sfence();
3002 *cabq->axq_link = bfm->bf_daddr;
3003 }
3004 cabq->axq_flags |= ATH_TXQ_PUTPENDING;
3005 }
86877dfb 3006 ath_txqmove(cabq, &avp->av_mcastq);
ed33fa9f
SW		 3007
3008 sc->sc_stats.ast_cabq_xmit += nmcastq;
3009 }
3010 /* NB: gated by beacon so safe to start here */
3011 ath_hal_txstart(ah, cabq->axq_qnum);
86877dfb
RP		 3012 }
3013 return bf;
3014}
3015
3016static void
3017ath_beacon_start_adhoc(struct ath_softc *sc, struct ieee80211vap *vap)
3018{
3019 struct ath_vap *avp = ATH_VAP(vap);
3020 struct ath_hal *ah = sc->sc_ah;
3021 struct ath_buf *bf;
3022 struct mbuf *m;
3023 int error;
3024
3025 KASSERT(avp->av_bcbuf != NULL, ("no beacon buffer"));
3026
3027 /*
3028 * Update dynamic beacon contents. If this returns
3029 * non-zero then we need to remap the memory because
3030 * the beacon frame changed size (probably because
3031 * of the TIM bitmap).
3032 */
3033 bf = avp->av_bcbuf;
3034 m = bf->bf_m;
3035 if (ieee80211_beacon_update(bf->bf_node, &avp->av_boff, m, 0)) {
3036 /* XXX too conservative? */
3037 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
04522223
RP		 3038 error = bus_dmamap_load_mbuf_segment(sc->sc_dmat, bf->bf_dmamap, m,
3039 bf->bf_segs, 1, &bf->bf_nseg,
86877dfb
RP		 3040 BUS_DMA_NOWAIT);
3041 if (error != 0) {
3042 if_printf(vap->iv_ifp,
04522223 3043 "%s: bus_dmamap_load_mbuf_segment failed, error %u\n",
86877dfb
RP		 3044 __func__, error);
3045 return;
3046 }
ed33fa9f 3047 }
86877dfb
RP		 3048 ath_beacon_setup(sc, bf);
3049 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE);
3050
3051 /* NB: caller is known to have already stopped tx dma */
193b341d
SZ		 3052 ath_hal_puttxbuf(ah, sc->sc_bhalq, bf->bf_daddr);
3053 ath_hal_txstart(ah, sc->sc_bhalq);
193b341d
SZ		 3054}
3055
3056/*
3057 * Reset the hardware after detecting beacons have stopped.
3058 */
3059static void
a311f6cd 3060ath_bstuck_task(void *arg, int pending)
193b341d 3061{
86877dfb
RP		 3062 struct ath_softc *sc = arg;
3063 struct ifnet *ifp = sc->sc_ifp;
193b341d 3064
a311f6cd 3065 wlan_serialize_enter();
193b341d 3066 if_printf(ifp, "stuck beacon; resetting (bmiss count %u)\n",
a311f6cd 3067 sc->sc_bmisscount);
86877dfb 3068 sc->sc_stats.ast_bstuck++;
193b341d 3069 ath_reset(ifp);
a311f6cd 3070 wlan_serialize_exit();
193b341d
SZ		 3071}
3072
3073/*
86877dfb
RP		 3074 * Reclaim beacon resources and return buffer to the pool.
3075 */
3076static void
3077ath_beacon_return(struct ath_softc *sc, struct ath_buf *bf)
3078{
3079
3080 if (bf->bf_m != NULL) {
3081 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
3082 m_freem(bf->bf_m);
3083 bf->bf_m = NULL;
3084 }
3085 if (bf->bf_node != NULL) {
3086 ieee80211_free_node(bf->bf_node);
3087 bf->bf_node = NULL;
3088 }
3089 STAILQ_INSERT_TAIL(&sc->sc_bbuf, bf, bf_list);
3090}
3091
3092/*
193b341d
SZ		 3093 * Reclaim beacon resources.
3094 */
3095static void
3096ath_beacon_free(struct ath_softc *sc)
3097{
3098 struct ath_buf *bf;
3099
193b341d
SZ		 3100 STAILQ_FOREACH(bf, &sc->sc_bbuf, bf_list) {
3101 if (bf->bf_m != NULL) {
3102 bus_dmamap_unload(sc->sc_dmat, bf->bf_dmamap);
3103 m_freem(bf->bf_m);
3104 bf->bf_m = NULL;
3105 }
3106 if (bf->bf_node != NULL) {
3107 ieee80211_free_node(bf->bf_node);
3108 bf->bf_node = NULL;
3109 }
3110 }
3111}
3112
3113/*
3114 * Configure the beacon and sleep timers.
3115 *
3116 * When operating as an AP this resets the TSF and sets
3117 * up the hardware to notify us when we need to issue beacons.
3118 *
3119 * When operating in station mode this sets up the beacon
3120 * timers according to the timestamp of the last received
3121 * beacon and the current TSF, configures PCF and DTIM
3122 * handling, programs the sleep registers so the hardware
3123 * will wakeup in time to receive beacons, and configures
3124 * the beacon miss handling so we'll receive a BMISS
3125 * interrupt when we stop seeing beacons from the AP
3126 * we've associated with.
3127 */
3128static void
86877dfb 3129ath_beacon_config(struct ath_softc *sc, struct ieee80211vap *vap)
193b341d
SZ		 3130{
3131#define TSF_TO_TU(_h,_l) \
86877dfb 3132 ((((u_int32_t)(_h)) << 22) | (((u_int32_t)(_l)) >> 10))
193b341d
SZ		 3133#define FUDGE 2
3134 struct ath_hal *ah = sc->sc_ah;
86877dfb
RP		 3135 struct ieee80211com *ic = sc->sc_ifp->if_l2com;
3136 struct ieee80211_node *ni;
3137 u_int32_t nexttbtt, intval, tsftu;
3138 u_int64_t tsf;
3139
3140 if (vap == NULL)
3141 vap = TAILQ_FIRST(&ic->ic_vaps); /* XXX */
3142 ni = vap->iv_bss;
193b341d
SZ		 3143
3144 /* extract tstamp from last beacon and convert to TU */
3145 nexttbtt = TSF_TO_TU(LE_READ_4(ni->ni_tstamp.data + 4),
3146 LE_READ_4(ni->ni_tstamp.data));
86877dfb
RP		 3147 if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
3148 ic->ic_opmode == IEEE80211_M_MBSS) {
3149 /*
3150 * For multi-bss ap/mesh support beacons are either staggered
3151 * evenly over N slots or burst together. For the former
3152 * arrange for the SWBA to be delivered for each slot.
3153 * Slots that are not occupied will generate nothing.
3154 */
3155 /* NB: the beacon interval is kept internally in TU's */
3156 intval = ni->ni_intval & HAL_BEACON_PERIOD;
3157 if (sc->sc_stagbeacons)
3158 intval /= ATH_BCBUF;
3159 } else {
3160 /* NB: the beacon interval is kept internally in TU's */
3161 intval = ni->ni_intval & HAL_BEACON_PERIOD;
3162 }
193b341d
SZ		 3163 if (nexttbtt == 0) /* e.g. for ap mode */
3164 nexttbtt = intval;
3165 else if (intval) /* NB: can be 0 for monitor mode */
3166 nexttbtt = roundup(nexttbtt, intval);
3167 DPRINTF(sc, ATH_DEBUG_BEACON, "%s: nexttbtt %u intval %u (%u)\n",
3168 __func__, nexttbtt, intval, ni->ni_intval);
86877dfb 3169 if (ic->ic_opmode == IEEE80211_M_STA && !sc->sc_swbmiss) {
193b341d
SZ		 3170 HAL_BEACON_STATE bs;
3171 int dtimperiod, dtimcount;
3172 int cfpperiod, cfpcount;
3173
3174 /*
3175 * Setup dtim and cfp parameters according to
3176 * last beacon we received (which may be none).
3177 */
3178 dtimperiod = ni->ni_dtim_period;
3179 if (dtimperiod <= 0) /* NB: 0 if not known */
3180 dtimperiod = 1;
3181 dtimcount = ni->ni_dtim_count;
3182 if (dtimcount >= dtimperiod) /* NB: sanity check */
3183 dtimcount = 0; /* XXX? */
3184 cfpperiod = 1; /* NB: no PCF support yet */
3185 cfpcount = 0;
3186 /*
3187 * Pull nexttbtt forward to reflect the current
3188 * TSF and calculate dtim+cfp state for the result.
3189 */
3190 tsf = ath_hal_gettsf64(ah);
3191 tsftu = TSF_TO_TU(tsf>>32, tsf) + FUDGE;
3192 do {
3193 nexttbtt += intval;
3194 if (--dtimcount < 0) {
3195 dtimcount = dtimperiod - 1;
3196 if (--cfpcount < 0)
3197 cfpcount = cfpperiod - 1;
3198 }
3199 } while (nexttbtt < tsftu);
3200 memset(&bs, 0, sizeof(bs));
3201 bs.bs_intval = intval;
3202 bs.bs_nexttbtt = nexttbtt;
3203 bs.bs_dtimperiod = dtimperiod*intval;
3204 bs.bs_nextdtim = bs.bs_nexttbtt + dtimcount*intval;
3205 bs.bs_cfpperiod = cfpperiod*bs.bs_dtimperiod;
3206 bs.bs_cfpnext = bs.bs_nextdtim + cfpcount*bs.bs_dtimperiod;
3207 bs.bs_cfpmaxduration = 0;
3208#if 0
3209 /*
3210 * The 802.11 layer records the offset to the DTIM
3211 * bitmap while receiving beacons; use it here to
3212 * enable h/w detection of our AID being marked in
3213 * the bitmap vector (to indicate frames for us are
3214 * pending at the AP).
3215 * XXX do DTIM handling in s/w to WAR old h/w bugs
3216 * XXX enable based on h/w rev for newer chips
3217 */
3218 bs.bs_timoffset = ni->ni_timoff;
3219#endif
3220 /*
3221 * Calculate the number of consecutive beacons to miss
86877dfb 3222 * before taking a BMISS interrupt.
193b341d
SZ		 3223 * Note that we clamp the result to at most 10 beacons.
3224 */
86877dfb 3225 bs.bs_bmissthreshold = vap->iv_bmissthreshold;
193b341d
SZ		 3226 if (bs.bs_bmissthreshold > 10)
3227 bs.bs_bmissthreshold = 10;
3228 else if (bs.bs_bmissthreshold <= 0)
3229 bs.bs_bmissthreshold = 1;
3230
3231 /*
3232 * Calculate sleep duration. The configuration is
3233 * given in ms. We insure a multiple of the beacon
3234 * period is used. Also, if the sleep duration is
3235 * greater than the DTIM period then it makes senses
3236 * to make it a multiple of that.
3237 *
3238 * XXX fixed at 100ms
3239 */
3240 bs.bs_sleepduration =
3241 roundup(IEEE80211_MS_TO_TU(100), bs.bs_intval);
3242 if (bs.bs_sleepduration > bs.bs_dtimperiod)
3243 bs.bs_sleepduration = roundup(bs.bs_sleepduration, bs.bs_dtimperiod);
3244
86877dfb 3245 DPRINTF(sc, ATH_DEBUG_BEACON,
193b341d
SZ		 3246 "%s: tsf %ju tsf:tu %u intval %u nexttbtt %u dtim %u nextdtim %u bmiss %u sleep %u cfp:period %u maxdur %u next %u timoffset %u\n"
3247 , __func__
3248 , tsf, tsftu
3249 , bs.bs_intval
3250 , bs.bs_nexttbtt
3251 , bs.bs_dtimperiod
3252 , bs.bs_nextdtim
3253 , bs.bs_bmissthreshold
3254 , bs.bs_sleepduration
3255 , bs.bs_cfpperiod
3256 , bs.bs_cfpmaxduration
3257 , bs.bs_cfpnext
3258 , bs.bs_timoffset
3259 );
3260 ath_hal_intrset(ah, 0);
3261 ath_hal_beacontimers(ah, &bs);
3262 sc->sc_imask |= HAL_INT_BMISS;
3263 ath_hal_intrset(ah, sc->sc_imask);
3264 } else {
3265 ath_hal_intrset(ah, 0);
3266 if (nexttbtt == intval)
3267 intval |= HAL_BEACON_RESET_TSF;
3268 if (ic->ic_opmode == IEEE80211_M_IBSS) {
3269 /*
3270 * In IBSS mode enable the beacon timers but only
3271 * enable SWBA interrupts if we need to manually
3272 * prepare beacon frames. Otherwise we use a
3273 * self-linked tx descriptor and let the hardware
3274 * deal with things.
3275 */
3276 intval |= HAL_BEACON_ENA;
3277 if (!sc->sc_hasveol)
3278 sc->sc_imask |= HAL_INT_SWBA;
3279 if ((intval & HAL_BEACON_RESET_TSF) == 0) {
3280 /*
3281 * Pull nexttbtt forward to reflect
3282 * the current TSF.
3283 */
3284 tsf = ath_hal_gettsf64(ah);
3285 tsftu = TSF_TO_TU(tsf>>32, tsf) + FUDGE;
3286 do {
3287 nexttbtt += intval;
3288 } while (nexttbtt < tsftu);
3289 }
3290 ath_beaconq_config(sc);
86877dfb
RP		 3291 } else if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
3292 ic->ic_opmode == IEEE80211_M_MBSS) {
193b341d 3293 /*
86877dfb
RP		 3294 * In AP/mesh mode we enable the beacon timers
3295 * and SWBA interrupts to prepare beacon frames.
193b341d
SZ		 3296 */
3297 intval |= HAL_BEACON_ENA;
3298 sc->sc_imask |= HAL_INT_SWBA; /* beacon prepare */
3299 ath_beaconq_config(sc);
3300 }
3301 ath_hal_beaconinit(ah, nexttbtt, intval);
3302 sc->sc_bmisscount = 0;
3303 ath_hal_intrset(ah, sc->sc_imask);
3304 /*
3305 * When using a self-linked beacon descriptor in
3306 * ibss mode load it once here.
3307 */
3308 if (ic->ic_opmode == IEEE80211_M_IBSS && sc->sc_hasveol)
86877dfb 3309 ath_beacon_start_adhoc(sc, vap);
193b341d
SZ		 3310 }
3311 sc->sc_syncbeacon = 0;
3312#undef FUDGE
3313#undef TSF_TO_TU
3314}
3315
3316static void
3317ath_load_cb(void *arg, bus_dma_segment_t *segs, int nsegs, int error)
3318{
3319 bus_addr_t *paddr = (bus_addr_t*) arg;
3320 KASSERT(error == 0, ("error %u on bus_dma callback", error));
3321 *paddr = segs->ds_addr;
3322}
3323
3324static int
86877dfb
RP		 3325ath_descdma_setup(struct ath_softc *sc,
3326 struct ath_descdma *dd, ath_bufhead *head,
3327 const char *name, int nbuf, int ndesc)
193b341d
SZ		 3328{
3329#define DS2PHYS(_dd, _ds) \
3330 ((_dd)->dd_desc_paddr + ((caddr_t)(_ds) - (caddr_t)(_dd)->dd_desc))
86877dfb 3331 struct ifnet *ifp = sc->sc_ifp;
193b341d
SZ		 3332 struct ath_desc *ds;
3333 struct ath_buf *bf;
3334 int i, bsize, error;
3335
3336 DPRINTF(sc, ATH_DEBUG_RESET, "%s: %s DMA: %u buffers %u desc/buf\n",
3337 __func__, name, nbuf, ndesc);
3338
3339 dd->dd_name = name;
3340 dd->dd_desc_len = sizeof(struct ath_desc) * nbuf * ndesc;
193b341d
SZ		 3341
3342 /*
3343 * Setup DMA descriptor area.
3344 */
86877dfb 3345 error = bus_dma_tag_create(dd->dd_dmat, /* parent */
193b341d
SZ		 3346 PAGE_SIZE, 0, /* alignment, bounds */
3347 BUS_SPACE_MAXADDR_32BIT, /* lowaddr */
3348 BUS_SPACE_MAXADDR, /* highaddr */
3349 NULL, NULL, /* filter, filterarg */
3350 dd->dd_desc_len, /* maxsize */
3351 1, /* nsegments */
ed33fa9f 3352 dd->dd_desc_len, /* maxsegsize */
193b341d
SZ		 3353 BUS_DMA_ALLOCNOW, /* flags */
3354 &dd->dd_dmat);
86877dfb 3355 if (error != 0) {
193b341d
SZ		 3356 if_printf(ifp, "cannot allocate %s DMA tag\n", dd->dd_name);
3357 return error;
3358 }
3359
3360 /* allocate descriptors */
86877dfb
RP		 3361 error = bus_dmamap_create(dd->dd_dmat, BUS_DMA_NOWAIT, &dd->dd_dmamap);
3362 if (error != 0) {
193b341d
SZ		 3363 if_printf(ifp, "unable to create dmamap for %s descriptors, "
3364 "error %u\n", dd->dd_name, error);
86877dfb 3365 goto fail0;
193b341d
SZ		 3366 }
3367
86877dfb
RP		 3368 error = bus_dmamem_alloc(dd->dd_dmat, (void**) &dd->dd_desc,
3369 BUS_DMA_NOWAIT | BUS_DMA_COHERENT,
3370 &dd->dd_dmamap);
3371 if (error != 0) {
193b341d
SZ		 3372 if_printf(ifp, "unable to alloc memory for %u %s descriptors, "
3373 "error %u\n", nbuf * ndesc, dd->dd_name, error);
86877dfb 3374 goto fail1;
193b341d
SZ		 3375 }
3376
3377 error = bus_dmamap_load(dd->dd_dmat, dd->dd_dmamap,
3378 dd->dd_desc, dd->dd_desc_len,
3379 ath_load_cb, &dd->dd_desc_paddr,
86877dfb
RP		 3380 BUS_DMA_NOWAIT);
3381 if (error != 0) {
193b341d
SZ		 3382 if_printf(ifp, "unable to map %s descriptors, error %u\n",
3383 dd->dd_name, error);
86877dfb 3384 goto fail2;
193b341d
SZ		 3385 }
3386
3387 ds = dd->dd_desc;
3388 DPRINTF(sc, ATH_DEBUG_RESET, "%s: %s DMA map: %p (%lu) -> %p (%lu)\n",
3389 __func__, dd->dd_name, ds, (u_long) dd->dd_desc_len,
3390 (caddr_t) dd->dd_desc_paddr, /*XXX*/ (u_long) dd->dd_desc_len);
3391
3392 /* allocate rx buffers */
3393 bsize = sizeof(struct ath_buf) * nbuf;
a3062ee4 3394 bf = kmalloc(bsize, M_ATHDEV, M_INTWAIT | M_ZERO);
86877dfb
RP		 3395 if (bf == NULL) {
3396 if_printf(ifp, "malloc of %s buffers failed, size %u\n",
3397 dd->dd_name, bsize);
3398 goto fail3;
3399 }
193b341d
SZ		 3400 dd->dd_bufptr = bf;
3401
86877dfb 3402 STAILQ_INIT(head);
193b341d
SZ		 3403 for (i = 0; i < nbuf; i++, bf++, ds += ndesc) {
3404 bf->bf_desc = ds;
3405 bf->bf_daddr = DS2PHYS(dd, ds);
86877dfb
RP		 3406 error = bus_dmamap_create(sc->sc_dmat, BUS_DMA_NOWAIT,
3407 &bf->bf_dmamap);
3408 if (error != 0) {
193b341d
SZ		 3409 if_printf(ifp, "unable to create dmamap for %s "
3410 "buffer %u, error %u\n", dd->dd_name, i, error);
3411 ath_descdma_cleanup(sc, dd, head);
3412 return error;
3413 }
3414 STAILQ_INSERT_TAIL(head, bf, bf_list);
3415 }
3416 return 0;
193b341d
SZ		 3417fail3:
3418 bus_dmamap_unload(dd->dd_dmat, dd->dd_dmamap);
3419fail2:
3420 bus_dmamem_free(dd->dd_dmat, dd->dd_desc, dd->dd_dmamap);
3421fail1:
3422 bus_dmamap_destroy(dd->dd_dmat, dd->dd_dmamap);
3423fail0:
3424 bus_dma_tag_destroy(dd->dd_dmat);
3425 memset(dd, 0, sizeof(*dd));
3426 return error;
193b341d
SZ		 3427#undef DS2PHYS
3428}
3429
3430static void
3431ath_descdma_cleanup(struct ath_softc *sc,
3432 struct ath_descdma *dd, ath_bufhead *head)
3433{
3434 struct ath_buf *bf;
3435 struct ieee80211_node *ni;
3436
86877dfb
RP		 3437 bus_dmamap_unload(dd->dd_dmat, dd->dd_dmamap);
3438 bus_dmamem_free(dd->dd_dmat, dd->dd_desc, dd->dd_dmamap);
3439 bus_dmamap_destroy(dd->dd_dmat, dd->dd_dmamap);
3440 bus_dma_tag_destroy(dd->dd_dmat);
193b341d
SZ		 3441
3442 STAILQ_FOREACH(bf, head, bf_list) {
3443 if (bf->bf_m) {
3444 m_freem(bf->bf_m);
3445 bf->bf_m = NULL;
3446 }
3447 if (bf->bf_dmamap != NULL) {
3448 bus_dmamap_destroy(sc->sc_dmat, bf->bf_dmamap);
3449 bf->bf_dmamap = NULL;
3450 }
3451 ni = bf->bf_node;
3452 bf->bf_node = NULL;
3453 if (ni != NULL) {
3454 /*
3455 * Reclaim node reference.
3456 */
3457 ieee80211_free_node(ni);
3458 }
3459 }
193b341d 3460
86877dfb
RP		 3461 STAILQ_INIT(head);
3462 kfree(dd->dd_bufptr, M_ATHDEV);
193b341d
SZ		 3463 memset(dd, 0, sizeof(*dd));
3464}
3465
3466static int
3467ath_desc_alloc(struct ath_softc *sc)
3468{
3469 int error;
3470
3471 error = ath_descdma_setup(sc, &sc->sc_rxdma, &sc->sc_rxbuf,
86877dfb
RP		 3472 "rx", ath_rxbuf, 1);
3473 if (error != 0)
193b341d
SZ		 3474 return error;
3475
3476 error = ath_descdma_setup(sc, &sc->sc_txdma, &sc->sc_txbuf,
86877dfb
RP		 3477 "tx", ath_txbuf, ATH_TXDESC);
3478 if (error != 0) {
3479 ath_descdma_cleanup(sc, &sc->sc_rxdma, &sc->sc_rxbuf);
193b341d 3480 return error;
86877dfb 3481 }
193b341d
SZ		 3482
3483 error = ath_descdma_setup(sc, &sc->sc_bdma, &sc->sc_bbuf,
86877dfb
RP		 3484 "beacon", ATH_BCBUF, 1);
3485 if (error != 0) {
3486 ath_descdma_cleanup(sc, &sc->sc_txdma, &sc->sc_txbuf);
3487 ath_descdma_cleanup(sc, &sc->sc_rxdma, &sc->sc_rxbuf);
193b341d 3488 return error;
86877dfb 3489 }
193b341d
SZ		 3490 return 0;
3491}
3492
3493static void
3494ath_desc_free(struct ath_softc *sc)
3495{
3496
86877dfb 3497 if (sc->sc_bdma.dd_desc_len != 0)
193b341d 3498 ath_descdma_cleanup(sc, &sc->sc_bdma, &sc->sc_bbuf);
86877dfb 3499 if (sc->sc_txdma.dd_desc_len != 0)
193b341d 3500 ath_descdma_cleanup(sc, &sc->sc_txdma, &sc->sc_txbuf);
86877dfb 3501 if (sc->sc_rxdma.dd_desc_len != 0)
193b341d 3502 ath_descdma_cleanup(sc, &sc->sc_rxdma, &sc->sc_rxbuf);
193b341d
SZ		 3503}
3504
3505static struct ieee80211_node *
86877dfb 3506ath_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
193b341d 3507{
86877dfb 3508 struct ieee80211com *ic = vap->iv_ic;
193b341d
SZ		 3509 struct ath_softc *sc = ic->ic_ifp->if_softc;
3510 const size_t space = sizeof(struct ath_node) + sc->sc_rc->arc_space;
3511 struct ath_node *an;
3512
a3062ee4 3513 an = kmalloc(space, M_80211_NODE, M_INTWAIT|M_ZERO);
193b341d
SZ		 3514 if (an == NULL) {
3515 /* XXX stat+msg */
3516 return NULL;
3517 }
193b341d
SZ		 3518 ath_rate_node_init(sc, an);
3519
3520 DPRINTF(sc, ATH_DEBUG_NODE, "%s: an %p\n", __func__, an);
3521 return &an->an_node;
3522}
3523
3524static void
3525ath_node_free(struct ieee80211_node *ni)
3526{
3527 struct ieee80211com *ic = ni->ni_ic;
3528 struct ath_softc *sc = ic->ic_ifp->if_softc;
3529
3530 DPRINTF(sc, ATH_DEBUG_NODE, "%s: ni %p\n", __func__, ni);
3531
3532 ath_rate_node_cleanup(sc, ATH_NODE(ni));
3533 sc->sc_node_free(ni);
3534}
3535
86877dfb
RP		 3536static void
3537ath_node_getsignal(const struct ieee80211_node *ni, int8_t *rssi, int8_t *noise)
193b341d 3538{
86877dfb
RP		 3539 struct ieee80211com *ic = ni->ni_ic;
3540 struct ath_softc *sc = ic->ic_ifp->if_softc;
3541 struct ath_hal *ah = sc->sc_ah;
193b341d 3542
86877dfb
RP		 3543 *rssi = ic->ic_node_getrssi(ni);
3544 if (ni->ni_chan != IEEE80211_CHAN_ANYC)
3545 *noise = ath_hal_getchannoise(ah, ni->ni_chan);
193b341d 3546 else
86877dfb 3547 *noise = -95; /* nominally correct */
193b341d
SZ		 3548}
3549
3550static int
3551ath_rxbuf_init(struct ath_softc *sc, struct ath_buf *bf)
3552{