3 * Dr. Duncan McLennan Barclay, dmlb@ragnet.demon.co.uk.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the author nor the names of any co-contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY DUNCAN BARCLAY AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL DUNCAN BARCLAY OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * $FreeBSD: src/sys/dev/ray/if_ray.c,v 1.47.2.4 2001/08/14 22:54:05 dmlb Exp $
32 * $DragonFly: src/sys/dev/netif/ray/Attic/if_ray.c,v 1.6 2003/11/15 21:05:41 dillon Exp $
36 /* $NetBSD: if_ray.c,v 1.12 2000/02/07 09:36:27 augustss Exp $ */
38 * Copyright (c) 2000 Christian E. Hopps
39 * All rights reserved.
41 * Redistribution and use in source and binary forms, with or without
42 * modification, are permitted provided that the following conditions
44 * 1. Redistributions of source code must retain the above copyright
45 * notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 * notice, this list of conditions and the following disclaimer in the
48 * documentation and/or other materials provided with the distribution.
49 * 3. Neither the name of the author nor the names of any co-contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
53 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
70 * This card is unusual in that it uses both common and attribute
71 * memory whilst working. It should use common memory and an IO port.
73 * The bus resource allocations need to work around the brain deadness
74 * of pccardd (where it reads the CIS for common memory, sets it all
75 * up and then throws it all away assuming the card is an ed
76 * driver...). Note that this could be dangerous (because it doesn't
77 * interact with pccardd) if you use other memory mapped cards in the
78 * same pccard slot as currently old mappings are not cleaned up very well
79 * by the bus_release_resource methods or pccardd.
81 * There is no support for running this driver on 4.0.
83 * Ad-hoc and infra-structure modes
84 * ================================
86 * The driver supports ad-hoc mode for V4 firmware and infrastructure
87 * mode for V5 firmware. V5 firmware in ad-hoc mode is untested and should
90 * The Linux driver also seems to have the capability to act as an AP.
91 * I wonder what facilities the "AP" can provide within a driver? We can
92 * probably use the BRIDGE code to form an ESS but I don't think
93 * power saving etc. is easy.
96 * Packet framing/encapsulation/translation
97 * ========================================
99 * Currently we support the Webgear encapsulation:
100 * 802.11 header <net/if_ieee80211.h>struct ieee80211_frame
101 * 802.3 header <net/ethernet.h>struct ether_header
104 * and RFC1042 encapsulation of IP datagrams (translation):
105 * 802.11 header <net/if_ieee80211.h>struct ieee80211_frame
111 * Framing should be selected via if_media stuff or link types but
112 * is currently hardcoded to:
120 * 802.11 provides two authentication mechanisms. The first is a very
121 * simple host based mechanism (like xhost) called Open System and the
122 * second is a more complex challenge/response called Shared Key built
125 * This driver only supports Open System and does not implement any
126 * host based control lists. In otherwords authentication is always
127 * granted to hosts wanting to authenticate with this station. This is
128 * the only sensible behaviour as the Open System mechanism uses MAC
129 * addresses to identify hosts. Send me patches if you need it!
133 * ***check all XXX_INFRA code - reassoc not done well at all!
134 * ***watchdog to catch screwed up removals?
135 * ***error handling of RAY_COM_RUNQ
136 * ***error handling of ECF command completions
137 * ***can't seem to create a n/w that Win95 wants to see.
138 * ***remove panic in ray_com_ecf by re-quing or timeout
139 * ***use new ioctl stuff - probably need to change RAY_COM_FCHKRUNNING things?
140 * consider user doing:
141 * ifconfig ray0 192.168.200.38 -bssid "freed"
142 * ifconfig ray0 192.168.200.38 -bssid "fred"
143 * here the second one would be missed in this code
144 * check that v5 needs timeouts on ecf commands
145 * write up driver structure in comments above
146 * UPDATE_PARAMS seems to return via an interrupt - maybe the timeout
147 * is needed for wrong values?
148 * proper setting of mib_hop_seq_len with country code for v4 firmware
149 * best done with raycontrol?
150 * countrycode setting is broken I think
151 * userupdate should trap and do via startjoin etc.
152 * fragmentation when rx level drops?
153 * v5 might not need download
154 * defaults are as documented apart from hop_seq_length
155 * settings are sane for ad-hoc not infra
158 * most state is implied by the sequence of commands in the runq
159 * but in fact any of the rx and tx path that uses variables
160 * in the sc_c are potentially going to get screwed?
163 * proper handling of the basic rate set - see the manual
164 * all ray_sj, ray_assoc sequencues need a "nicer" solution as we
165 * remember association and authentication
166 * need to consider WEP
167 * acting as ap - should be able to get working from the manual
168 * need to finish RAY_ECMD_REJOIN_DONE
169 * finish authenitcation code, it doesn't handle errors/timeouts/
173 * promisc in here too? - done
174 * should be able to update the parameters before we download to the
175 * device. This means we must attach a desired struct to the
176 * runq entry and maybe have another big case statement to
177 * move these desired into current when not running.
178 * init must then use the current settings (pre-loaded
179 * in attach now!) and pass to download. But we can't access
180 * current nw params outside of the runq - ahhh
181 * differeniate between parameters set in attach and init
182 * sc_station_addr in here too (for changing mac address)
183 * move desired into the command structure?
184 * take downloaded MIB from a complete nw_param?
185 * longer term need to attach a desired nw params to the runq entry
188 * RAY_COM_RUNQ errors
190 * if sleeping in ccs_alloc with eintr/erestart/enxio/enodev
191 * erestart try again from the top
192 * XXX do not malloc more comqs
193 * XXX ccs allocation hard
194 * eintr clean up and return
195 * enxio clean up and return - done in macro
197 * if sleeping in runq_arr itself with eintr/erestart/enxio/enodev
198 * erestart try again from the top
199 * XXX do not malloc more comqs
200 * XXX ccs allocation hard
201 * XXX reinsert comqs at head of list
202 * eintr clean up and return
203 * enxio clean up and return - done in macro
207 #define XXX_ACTING_AP 0
209 #define RAY_DEBUG ( \
210 /* RAY_DBG_AUTH | */ \
211 /* RAY_DBG_SUBR | */ \
212 /* RAY_DBG_BOOTPARAM | */ \
213 /* RAY_DBG_STARTJOIN | */ \
214 /* RAY_DBG_CCS | */ \
215 /* RAY_DBG_IOCTL | */ \
216 /* RAY_DBG_MBUF | */ \
219 /* RAY_DBG_COM | */ \
220 /* RAY_DBG_STOP | */ \
221 /* RAY_DBG_CTL | */ \
222 /* RAY_DBG_MGT | */ \
224 /* RAY_DBG_DCOM | */ \
229 * XXX build options - move to LINT
231 #define RAY_CM_RID 0 /* pccardd abuses windows 0 and 1 */
232 #define RAY_AM_RID 3 /* pccardd abuses windows 0 and 1 */
233 #define RAY_COM_TIMEOUT (hz/2) /* Timeout for CCS commands */
234 #define RAY_TX_TIMEOUT (hz/2) /* Timeout for rescheduling TX */
235 #define RAY_ECF_SPIN_DELAY 1000 /* Wait 1ms before checking ECF ready */
236 #define RAY_ECF_SPIN_TRIES 10 /* Wait this many times for ECF ready */
238 * XXX build options - move to LINT
242 #define RAY_DEBUG 0x0000
243 #endif /* RAY_DEBUG */
245 #include <sys/param.h>
246 #include <sys/systm.h>
247 #include <sys/malloc.h>
248 #include <sys/kernel.h>
250 #include <machine/bus.h>
251 #include <machine/resource.h>
252 #include <machine/clock.h>
254 #include <sys/rman.h>
256 #include <sys/mbuf.h>
257 #include <sys/socket.h>
258 #include <sys/sockio.h>
261 #include <net/ethernet.h>
263 #include <net/if_arp.h>
264 #include <net/if_dl.h>
265 #include <net/if_ieee80211.h>
266 #include <net/if_llc.h>
268 #include <machine/limits.h>
270 #include <bus/pccard/pccardvar.h>
273 #include "if_rayreg.h"
274 #include "if_raymib.h"
275 #include "if_raydbg.h"
276 #include "if_rayvar.h"
281 static int ray_attach (device_t);
282 static int ray_ccs_alloc (struct ray_softc *sc, size_t *ccsp, char *wmesg);
283 static void ray_ccs_fill (struct ray_softc *sc, size_t ccs, u_int cmd);
284 static void ray_ccs_free (struct ray_softc *sc, size_t ccs);
285 static int ray_ccs_tx (struct ray_softc *sc, size_t *ccsp, size_t *bufpp);
286 static void ray_com_ecf (struct ray_softc *sc, struct ray_comq_entry *com);
287 static void ray_com_ecf_done (struct ray_softc *sc);
288 static void ray_com_ecf_timo (void *xsc);
289 static struct ray_comq_entry *
290 ray_com_init (struct ray_comq_entry *com, ray_comqfn_t function, int flags, char *mesg);
291 static struct ray_comq_entry *
292 ray_com_malloc (ray_comqfn_t function, int flags, char *mesg);
293 static void ray_com_runq (struct ray_softc *sc);
294 static int ray_com_runq_add (struct ray_softc *sc, struct ray_comq_entry *com[], int ncom, char *wmesg);
295 static void ray_com_runq_done (struct ray_softc *sc);
296 static int ray_detach (device_t);
297 static void ray_init (void *xsc);
298 static int ray_init_user (struct ray_softc *sc);
299 static void ray_init_assoc (struct ray_softc *sc, struct ray_comq_entry *com);
300 static void ray_init_assoc_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
301 static void ray_init_auth (struct ray_softc *sc, struct ray_comq_entry *com);
302 static int ray_init_auth_send (struct ray_softc *sc, u_int8_t *dst, int sequence);
303 static void ray_init_auth_done (struct ray_softc *sc, u_int8_t status);
304 static void ray_init_download (struct ray_softc *sc, struct ray_comq_entry *com);
305 static void ray_init_download_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
306 static void ray_init_download_v4 (struct ray_softc *sc, struct ray_comq_entry *com);
307 static void ray_init_download_v5 (struct ray_softc *sc, struct ray_comq_entry *com);
308 static void ray_init_mcast (struct ray_softc *sc, struct ray_comq_entry *com);
309 static void ray_init_sj (struct ray_softc *sc, struct ray_comq_entry *com);
310 static void ray_init_sj_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
311 static void ray_intr (void *xsc);
312 static void ray_intr_ccs (struct ray_softc *sc, u_int8_t cmd, u_int8_t status, size_t ccs);
313 static void ray_intr_rcs (struct ray_softc *sc, u_int8_t cmd, size_t ccs);
314 static void ray_intr_updt_errcntrs (struct ray_softc *sc);
315 static int ray_ioctl (struct ifnet *ifp, u_long command, caddr_t data);
316 static void ray_mcast (struct ray_softc *sc, struct ray_comq_entry *com);
317 static void ray_mcast_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
318 static int ray_mcast_user (struct ray_softc *sc);
319 static int ray_probe (device_t);
320 static void ray_promisc (struct ray_softc *sc, struct ray_comq_entry *com);
321 static void ray_repparams (struct ray_softc *sc, struct ray_comq_entry *com);
322 static void ray_repparams_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
323 static int ray_repparams_user (struct ray_softc *sc, struct ray_param_req *pr);
324 static int ray_repstats_user (struct ray_softc *sc, struct ray_stats_req *sr);
325 static int ray_res_alloc_am (struct ray_softc *sc);
326 static int ray_res_alloc_cm (struct ray_softc *sc);
327 static int ray_res_alloc_irq (struct ray_softc *sc);
328 static void ray_res_release (struct ray_softc *sc);
329 static void ray_rx (struct ray_softc *sc, size_t rcs);
330 static void ray_rx_ctl (struct ray_softc *sc, struct mbuf *m0);
331 static void ray_rx_data (struct ray_softc *sc, struct mbuf *m0, u_int8_t siglev, u_int8_t antenna);
332 static void ray_rx_mgt (struct ray_softc *sc, struct mbuf *m0);
333 static void ray_rx_mgt_auth (struct ray_softc *sc, struct mbuf *m0);
334 static void ray_rx_mgt_beacon (struct ray_softc *sc, struct mbuf *m0);
335 static void ray_rx_mgt_info (struct ray_softc *sc, struct mbuf *m0, struct ieee80211_information *elements);
336 static void ray_rx_update_cache (struct ray_softc *sc, u_int8_t *src, u_int8_t siglev, u_int8_t antenna);
337 static void ray_stop (struct ray_softc *sc, struct ray_comq_entry *com);
338 static int ray_stop_user (struct ray_softc *sc);
339 static void ray_tx (struct ifnet *ifp);
340 static void ray_tx_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
341 static void ray_tx_timo (void *xsc);
342 static int ray_tx_send (struct ray_softc *sc, size_t ccs, int pktlen, u_int8_t *dst);
343 static size_t ray_tx_wrhdr (struct ray_softc *sc, size_t bufp, u_int8_t type, u_int8_t fc1, u_int8_t *addr1, u_int8_t *addr2, u_int8_t *addr3);
344 static void ray_upparams (struct ray_softc *sc, struct ray_comq_entry *com);
345 static void ray_upparams_done (struct ray_softc *sc, u_int8_t status, size_t ccs);
346 static int ray_upparams_user (struct ray_softc *sc, struct ray_param_req *pr);
347 static void ray_watchdog (struct ifnet *ifp);
348 static u_int8_t ray_tx_best_antenna (struct ray_softc *sc, u_int8_t *dst);
350 #if RAY_DEBUG & RAY_DBG_COM
351 static void ray_com_ecf_check (struct ray_softc *sc, size_t ccs, char *mesg);
352 #endif /* RAY_DEBUG & RAY_DBG_COM */
353 #if RAY_DEBUG & RAY_DBG_MBUF
354 static void ray_dump_mbuf (struct ray_softc *sc, struct mbuf *m, char *s);
355 #endif /* RAY_DEBUG & RAY_DBG_MBUF */
358 * PC-Card (PCMCIA) driver definition
360 static device_method_t ray_methods[] = {
361 /* Device interface */
362 DEVMETHOD(device_probe, ray_probe),
363 DEVMETHOD(device_attach, ray_attach),
364 DEVMETHOD(device_detach, ray_detach),
369 static driver_t ray_driver = {
372 sizeof(struct ray_softc)
375 static devclass_t ray_devclass;
377 DRIVER_MODULE(ray, pccard, ray_driver, ray_devclass, 0, 0);
380 * Probe for the card by checking its startup results.
382 * Fixup any bugs/quirks for different firmware.
385 ray_probe(device_t dev)
387 struct ray_softc *sc = device_get_softc(dev);
388 struct ray_ecf_startup_v5 *ep = &sc->sc_ecf_startup;
392 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
395 * Read startup results from the card.
397 error = ray_res_alloc_cm(sc);
400 error = ray_res_alloc_am(sc);
406 SRAM_READ_REGION(sc, RAY_ECF_TO_HOST_BASE, ep,
407 sizeof(sc->sc_ecf_startup));
411 * Check the card is okay and work out what version we are using.
413 if (ep->e_status != RAY_ECFS_CARD_OK) {
414 RAY_PRINTF(sc, "card failed self test 0x%b",
415 ep->e_status, RAY_ECFS_PRINTFB);
418 if (sc->sc_version != RAY_ECFS_BUILD_4 &&
419 sc->sc_version != RAY_ECFS_BUILD_5) {
420 RAY_PRINTF(sc, "unsupported firmware version 0x%0x",
421 ep->e_fw_build_string);
424 RAY_DPRINTF(sc, RAY_DBG_BOOTPARAM, "found a card");
428 * Fixup tib size to be correct - on build 4 it is garbage
430 if (sc->sc_version == RAY_ECFS_BUILD_4 && sc->sc_tibsize == 0x55)
431 sc->sc_tibsize = sizeof(struct ray_tx_tib);
437 * Attach the card into the kernel
440 ray_attach(device_t dev)
442 struct ray_softc *sc = device_get_softc(dev);
443 struct ray_ecf_startup_v5 *ep = &sc->sc_ecf_startup;
444 struct ifnet *ifp = &sc->arpcom.ac_if;
448 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
450 if ((sc == NULL) || (sc->sc_gone))
454 * Grab the resources I need
456 error = ray_res_alloc_cm(sc);
459 error = ray_res_alloc_am(sc);
464 error = ray_res_alloc_irq(sc);
471 * Reset any pending interrupts
473 RAY_HCS_CLEAR_INTR(sc);
476 * Set the parameters that will survive stop/init and
477 * reset a few things on the card.
479 * Do not update these in ray_init_download's parameter setup
481 * XXX see the ray_init_download section for stuff to move
484 bzero(&sc->sc_d, sizeof(struct ray_nw_param));
485 bzero(&sc->sc_c, sizeof(struct ray_nw_param));
487 /* Clear statistics counters */
488 sc->sc_rxoverflow = 0;
493 /* Clear signal and antenna cache */
494 bzero(sc->sc_siglevs, sizeof(sc->sc_siglevs));
496 /* Set all ccs to be free */
497 bzero(sc->sc_ccsinuse, sizeof(sc->sc_ccsinuse));
498 ccs = RAY_CCS_ADDRESS(0);
499 for (i = 0; i < RAY_CCS_LAST; ccs += RAY_CCS_SIZE, i++)
500 RAY_CCS_FREE(sc, ccs);
503 * Initialise the network interface structure
505 bcopy((char *)&ep->e_station_addr,
506 (char *)&sc->arpcom.ac_enaddr, ETHER_ADDR_LEN);
508 ifp->if_name = "ray";
509 ifp->if_unit = device_get_unit(dev);
511 ifp->if_flags = (IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST);
512 ifp->if_hdrlen = sizeof(struct ieee80211_frame) +
513 sizeof(struct ether_header);
514 ifp->if_baudrate = 1000000; /* Is this baud or bps ;-) */
515 ifp->if_output = ether_output;
516 ifp->if_start = ray_tx;
517 ifp->if_ioctl = ray_ioctl;
518 ifp->if_watchdog = ray_watchdog;
519 ifp->if_init = ray_init;
520 ifp->if_snd.ifq_maxlen = IFQ_MAXLEN;
522 ether_ifattach(ifp, ETHER_BPF_SUPPORTED);
525 * Initialise the timers and driver
527 callout_handle_init(&sc->com_timerh);
528 callout_handle_init(&sc->tx_timerh);
529 TAILQ_INIT(&sc->sc_comq);
532 * Print out some useful information
534 if (bootverbose || (RAY_DEBUG & RAY_DBG_BOOTPARAM)) {
535 RAY_PRINTF(sc, "start up results");
536 if (sc->sc_version == RAY_ECFS_BUILD_4)
537 printf(". Firmware version 4\n");
539 printf(". Firmware version 5\n");
540 printf(". Status 0x%b\n", ep->e_status, RAY_ECFS_PRINTFB);
541 printf(". Ether address %6D\n", ep->e_station_addr, ":");
542 if (sc->sc_version == RAY_ECFS_BUILD_4) {
543 printf(". Program checksum %0x\n", ep->e_resv0);
544 printf(". CIS checksum %0x\n", ep->e_rates[0]);
546 printf(". (reserved word) %0x\n", ep->e_resv0);
547 printf(". Supported rates %8D\n", ep->e_rates, ":");
549 printf(". Japan call sign %12D\n", ep->e_japan_callsign, ":");
550 if (sc->sc_version == RAY_ECFS_BUILD_5) {
551 printf(". Program checksum %0x\n", ep->e_prg_cksum);
552 printf(". CIS checksum %0x\n", ep->e_cis_cksum);
553 printf(". Firmware version %0x\n",
554 ep->e_fw_build_string);
555 printf(". Firmware revision %0x\n", ep->e_fw_build);
556 printf(". (reserved word) %0x\n", ep->e_fw_resv);
557 printf(". ASIC version %0x\n", ep->e_asic_version);
558 printf(". TIB size %0x\n", ep->e_tibsize);
568 * This is usually called when the card is ejected, but
569 * can be caused by a modunload of a controller driver.
570 * The idea is to reset the driver's view of the device
571 * and ensure that any driver entry points such as
572 * read and write do not hang.
575 ray_detach(device_t dev)
577 struct ray_softc *sc = device_get_softc(dev);
578 struct ifnet *ifp = &sc->arpcom.ac_if;
579 struct ray_comq_entry *com;
584 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STOP, "");
586 if ((sc == NULL) || (sc->sc_gone))
590 * Mark as not running and detach the interface.
592 * N.B. if_detach can trigger ioctls so we do it first and
593 * then clean the runq.
596 sc->sc_c.np_havenet = 0;
597 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
598 ether_ifdetach(ifp, ETHER_BPF_SUPPORTED);
601 * Stop the runq and wake up anyone sleeping for us.
603 untimeout(ray_com_ecf_timo, sc, sc->com_timerh);
604 untimeout(ray_tx_timo, sc, sc->tx_timerh);
605 com = TAILQ_FIRST(&sc->sc_comq);
606 for (com = TAILQ_FIRST(&sc->sc_comq); com != NULL;
607 com = TAILQ_NEXT(com, c_chain)) {
608 com->c_flags |= RAY_COM_FDETACHED;
610 RAY_DPRINTF(sc, RAY_DBG_STOP, "looking at com %p %b",
611 com, com->c_flags, RAY_COM_FLAGS_PRINTFB);
612 if (com->c_flags & RAY_COM_FWOK) {
613 RAY_DPRINTF(sc, RAY_DBG_STOP, "waking com %p", com);
614 wakeup(com->c_wakeup);
622 RAY_DPRINTF(sc, RAY_DBG_STOP, "unloading complete");
630 * Network ioctl request.
633 ray_ioctl(register struct ifnet *ifp, u_long command, caddr_t data)
635 struct ray_softc *sc = ifp->if_softc;
636 struct ray_param_req pr;
637 struct ray_stats_req sr;
638 struct ifreq *ifr = (struct ifreq *)data;
639 int s, error, error2;
641 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_IOCTL, "");
643 if ((sc == NULL) || (sc->sc_gone))
654 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFADDR/SIFMTU");
655 error = ether_ioctl(ifp, command, data);
656 /* XXX SIFADDR used to fall through to SIOCSIFFLAGS */
660 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "SIFFLAGS 0x%0x", ifp->if_flags);
662 * If the interface is marked up we call ray_init_user.
663 * This will deal with mcast and promisc flags as well as
664 * initialising the hardware if it needs it.
666 if (ifp->if_flags & IFF_UP)
667 error = ray_init_user(sc);
669 error = ray_stop_user(sc);
674 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "ADDMULTI/DELMULTI");
675 error = ray_mcast_user(sc);
679 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "SRAYPARAM");
680 if ((error = copyin(ifr->ifr_data, &pr, sizeof(pr))))
682 error = ray_upparams_user(sc, &pr);
683 error2 = copyout(&pr, ifr->ifr_data, sizeof(pr));
684 error = error2 ? error2 : error;
688 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GRAYPARAM");
689 if ((error = copyin(ifr->ifr_data, &pr, sizeof(pr))))
691 error = ray_repparams_user(sc, &pr);
692 error2 = copyout(&pr, ifr->ifr_data, sizeof(pr));
693 error = error2 ? error2 : error;
697 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GRAYSTATS");
698 error = ray_repstats_user(sc, &sr);
699 error2 = copyout(&sr, ifr->ifr_data, sizeof(sr));
700 error = error2 ? error2 : error;
704 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GRAYSIGLEV");
705 error = copyout(sc->sc_siglevs, ifr->ifr_data,
706 sizeof(sc->sc_siglevs));
710 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFFLAGS");
715 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFMETRIC");
720 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFMTU");
725 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFPYHS");
730 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "SIFMEDIA");
735 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "GIFMEDIA");
750 * Ethernet layer entry to ray_init - discard errors
755 struct ray_softc *sc = (struct ray_softc *)xsc;
761 * User land entry to network initialisation and changes in interface flags.
763 * We do a very little work here, just creating runq entries to
764 * processes the actions needed to cope with interface flags. We do it
765 * this way in case there are runq entries outstanding from earlier
766 * ioctls that modify the interface flags.
768 * Returns values are either 0 for success, a varity of resource allocation
769 * failures or errors in the command sent to the card.
771 * Note, IFF_RUNNING is eventually set by init_sj_done or init_assoc_done
774 ray_init_user(struct ray_softc *sc)
776 struct ray_comq_entry *com[6];
779 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
782 * Create the following runq entries to bring the card up.
784 * init_download - download the network to the card
785 * init_mcast - reset multicast list
786 * init_sj - find or start a BSS
787 * init_auth - authenticate with a ESSID if needed
788 * init_assoc - associate with a ESSID if needed
790 * They are only actually executed if the card is not running.
791 * We may enter this routine from a simple change of IP
792 * address and do not need to get the card to do these things.
793 * However, we cannot perform the check here as there may be
794 * commands in the runq that change the IFF_RUNNING state of
798 com[ncom++] = RAY_COM_MALLOC(ray_init_download, RAY_COM_FCHKRUNNING);
799 com[ncom++] = RAY_COM_MALLOC(ray_init_mcast, RAY_COM_FCHKRUNNING);
800 com[ncom++] = RAY_COM_MALLOC(ray_init_sj, RAY_COM_FCHKRUNNING);
801 com[ncom++] = RAY_COM_MALLOC(ray_init_auth, RAY_COM_FCHKRUNNING);
802 com[ncom++] = RAY_COM_MALLOC(ray_init_assoc, RAY_COM_FCHKRUNNING);
805 * Create runq entries to process flags
807 * promisc - set/reset PROMISC and ALLMULTI flags
809 * They are only actually executed if the card is running
811 com[ncom++] = RAY_COM_MALLOC(ray_promisc, 0);
813 RAY_COM_RUNQ(sc, com, ncom, "rayinit", error);
815 /* XXX no real error processing from anything yet! */
817 RAY_COM_FREE(com, ncom);
823 * Runq entry for resetting driver and downloading start up structures to card
826 ray_init_download(struct ray_softc *sc, struct ray_comq_entry *com)
828 struct ifnet *ifp = &sc->arpcom.ac_if;
830 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
832 /* If the card already running we might not need to download */
833 RAY_COM_CHKRUNNING(sc, com, ifp);
836 * Reset instance variables
838 * The first set are network parameters that are read back when
839 * the card starts or joins the network.
841 * The second set are network parameters that are downloaded to
844 * The third set are driver parameters.
846 * All of the variables in these sets can be updated by the
849 * XXX see the ray_attach section for stuff to move
851 sc->sc_d.np_upd_param = 0;
852 bzero(sc->sc_d.np_bss_id, ETHER_ADDR_LEN);
853 sc->sc_d.np_inited = 0;
854 sc->sc_d.np_def_txrate = RAY_MIB_BASIC_RATE_SET_DEFAULT;
855 sc->sc_d.np_encrypt = 0;
857 bzero(sc->sc_d.np_ssid, IEEE80211_NWID_LEN);
858 if (sc->sc_version == RAY_ECFS_BUILD_4) {
859 sc->sc_d.np_net_type = RAY_MIB_NET_TYPE_V4;
860 strncpy(sc->sc_d.np_ssid, RAY_MIB_SSID_V4, IEEE80211_NWID_LEN);
861 sc->sc_d.np_ap_status = RAY_MIB_AP_STATUS_V4;
862 sc->sc_d.np_framing = RAY_FRAMING_ENCAPSULATION;
864 sc->sc_d.np_net_type = RAY_MIB_NET_TYPE_V5;
865 strncpy(sc->sc_d.np_ssid, RAY_MIB_SSID_V5, IEEE80211_NWID_LEN);
866 sc->sc_d.np_ap_status = RAY_MIB_AP_STATUS_V5;
867 sc->sc_d.np_framing = RAY_FRAMING_TRANSLATION;
869 sc->sc_d.np_priv_start = RAY_MIB_PRIVACY_MUST_START_DEFAULT;
870 sc->sc_d.np_priv_join = RAY_MIB_PRIVACY_CAN_JOIN_DEFAULT;
871 sc->sc_d.np_promisc = !!(ifp->if_flags & (IFF_PROMISC | IFF_ALLMULTI));
873 /* XXX this is a hack whilst I transition the code. The instance
874 * XXX variables above should be set somewhere else. This is needed for
876 bcopy(&sc->sc_d, &com->c_desired, sizeof(struct ray_nw_param));
879 * Download the right firmware defaults
881 if (sc->sc_version == RAY_ECFS_BUILD_4)
882 ray_init_download_v4(sc, com);
884 ray_init_download_v5(sc, com);
889 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_DOWNLOAD_PARAMS);
890 ray_com_ecf(sc, com);
894 do { (p)[0] = ((v >> 8) & 0xff); (p)[1] = (v & 0xff); } while(0)
896 * Firmware version 4 defaults - see if_raymib.h for details
899 ray_init_download_v4(struct ray_softc *sc, struct ray_comq_entry *com)
901 struct ray_mib_4 ray_mib_4_default;
903 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
906 #define MIB4(m) ray_mib_4_default.m
908 MIB4(mib_net_type) = com->c_desired.np_net_type;
909 MIB4(mib_ap_status) = com->c_desired.np_ap_status;
910 bcopy(com->c_desired.np_ssid, MIB4(mib_ssid), IEEE80211_NWID_LEN);
911 MIB4(mib_scan_mode) = RAY_MIB_SCAN_MODE_V4;
912 MIB4(mib_apm_mode) = RAY_MIB_APM_MODE_V4;
913 bcopy(sc->sc_station_addr, MIB4(mib_mac_addr), ETHER_ADDR_LEN);
914 PUT2(MIB4(mib_frag_thresh), RAY_MIB_FRAG_THRESH_V4);
915 PUT2(MIB4(mib_dwell_time), RAY_MIB_DWELL_TIME_V4);
916 PUT2(MIB4(mib_beacon_period), RAY_MIB_BEACON_PERIOD_V4);
917 MIB4(mib_dtim_interval) = RAY_MIB_DTIM_INTERVAL_V4;
918 MIB4(mib_max_retry) = RAY_MIB_MAX_RETRY_V4;
919 MIB4(mib_ack_timo) = RAY_MIB_ACK_TIMO_V4;
920 MIB4(mib_sifs) = RAY_MIB_SIFS_V4;
921 MIB4(mib_difs) = RAY_MIB_DIFS_V4;
922 MIB4(mib_pifs) = RAY_MIB_PIFS_V4;
923 PUT2(MIB4(mib_rts_thresh), RAY_MIB_RTS_THRESH_V4);
924 PUT2(MIB4(mib_scan_dwell), RAY_MIB_SCAN_DWELL_V4);
925 PUT2(MIB4(mib_scan_max_dwell), RAY_MIB_SCAN_MAX_DWELL_V4);
926 MIB4(mib_assoc_timo) = RAY_MIB_ASSOC_TIMO_V4;
927 MIB4(mib_adhoc_scan_cycle) = RAY_MIB_ADHOC_SCAN_CYCLE_V4;
928 MIB4(mib_infra_scan_cycle) = RAY_MIB_INFRA_SCAN_CYCLE_V4;
929 MIB4(mib_infra_super_scan_cycle)
930 = RAY_MIB_INFRA_SUPER_SCAN_CYCLE_V4;
931 MIB4(mib_promisc) = com->c_desired.np_promisc;
932 PUT2(MIB4(mib_uniq_word), RAY_MIB_UNIQ_WORD_V4);
933 MIB4(mib_slot_time) = RAY_MIB_SLOT_TIME_V4;
934 MIB4(mib_roam_low_snr_thresh) = RAY_MIB_ROAM_LOW_SNR_THRESH_V4;
935 MIB4(mib_low_snr_count) = RAY_MIB_LOW_SNR_COUNT_V4;
936 MIB4(mib_infra_missed_beacon_count)
937 = RAY_MIB_INFRA_MISSED_BEACON_COUNT_V4;
938 MIB4(mib_adhoc_missed_beacon_count)
939 = RAY_MIB_ADHOC_MISSED_BEACON_COUNT_V4;
940 MIB4(mib_country_code) = RAY_MIB_COUNTRY_CODE_V4;
941 MIB4(mib_hop_seq) = RAY_MIB_HOP_SEQ_V4;
942 MIB4(mib_hop_seq_len) = RAY_MIB_HOP_SEQ_LEN_V4;
943 MIB4(mib_cw_max) = RAY_MIB_CW_MAX_V4;
944 MIB4(mib_cw_min) = RAY_MIB_CW_MIN_V4;
945 MIB4(mib_noise_filter_gain) = RAY_MIB_NOISE_FILTER_GAIN_DEFAULT;
946 MIB4(mib_noise_limit_offset) = RAY_MIB_NOISE_LIMIT_OFFSET_DEFAULT;
947 MIB4(mib_rssi_thresh_offset) = RAY_MIB_RSSI_THRESH_OFFSET_DEFAULT;
948 MIB4(mib_busy_thresh_offset) = RAY_MIB_BUSY_THRESH_OFFSET_DEFAULT;
949 MIB4(mib_sync_thresh) = RAY_MIB_SYNC_THRESH_DEFAULT;
950 MIB4(mib_test_mode) = RAY_MIB_TEST_MODE_DEFAULT;
951 MIB4(mib_test_min_chan) = RAY_MIB_TEST_MIN_CHAN_DEFAULT;
952 MIB4(mib_test_max_chan) = RAY_MIB_TEST_MAX_CHAN_DEFAULT;
955 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE,
956 &ray_mib_4_default, sizeof(ray_mib_4_default));
960 * Firmware version 5 defaults - see if_raymib.h for details
963 ray_init_download_v5(struct ray_softc *sc, struct ray_comq_entry *com)
965 struct ray_mib_5 ray_mib_5_default;
967 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
970 #define MIB5(m) ray_mib_5_default.m
971 MIB5(mib_net_type) = com->c_desired.np_net_type;
972 MIB5(mib_ap_status) = com->c_desired.np_ap_status;
973 bcopy(com->c_desired.np_ssid, MIB5(mib_ssid), IEEE80211_NWID_LEN);
974 MIB5(mib_scan_mode) = RAY_MIB_SCAN_MODE_V5;
975 MIB5(mib_apm_mode) = RAY_MIB_APM_MODE_V5;
976 bcopy(sc->sc_station_addr, MIB5(mib_mac_addr), ETHER_ADDR_LEN);
977 PUT2(MIB5(mib_frag_thresh), RAY_MIB_FRAG_THRESH_V5);
978 PUT2(MIB5(mib_dwell_time), RAY_MIB_DWELL_TIME_V5);
979 PUT2(MIB5(mib_beacon_period), RAY_MIB_BEACON_PERIOD_V5);
980 MIB5(mib_dtim_interval) = RAY_MIB_DTIM_INTERVAL_V5;
981 MIB5(mib_max_retry) = RAY_MIB_MAX_RETRY_V5;
982 MIB5(mib_ack_timo) = RAY_MIB_ACK_TIMO_V5;
983 MIB5(mib_sifs) = RAY_MIB_SIFS_V5;
984 MIB5(mib_difs) = RAY_MIB_DIFS_V5;
985 MIB5(mib_pifs) = RAY_MIB_PIFS_V5;
986 PUT2(MIB5(mib_rts_thresh), RAY_MIB_RTS_THRESH_V5);
987 PUT2(MIB5(mib_scan_dwell), RAY_MIB_SCAN_DWELL_V5);
988 PUT2(MIB5(mib_scan_max_dwell), RAY_MIB_SCAN_MAX_DWELL_V5);
989 MIB5(mib_assoc_timo) = RAY_MIB_ASSOC_TIMO_V5;
990 MIB5(mib_adhoc_scan_cycle) = RAY_MIB_ADHOC_SCAN_CYCLE_V5;
991 MIB5(mib_infra_scan_cycle) = RAY_MIB_INFRA_SCAN_CYCLE_V5;
992 MIB5(mib_infra_super_scan_cycle)
993 = RAY_MIB_INFRA_SUPER_SCAN_CYCLE_V5;
994 MIB5(mib_promisc) = com->c_desired.np_promisc;
995 PUT2(MIB5(mib_uniq_word), RAY_MIB_UNIQ_WORD_V5);
996 MIB5(mib_slot_time) = RAY_MIB_SLOT_TIME_V5;
997 MIB5(mib_roam_low_snr_thresh) = RAY_MIB_ROAM_LOW_SNR_THRESH_V5;
998 MIB5(mib_low_snr_count) = RAY_MIB_LOW_SNR_COUNT_V5;
999 MIB5(mib_infra_missed_beacon_count)
1000 = RAY_MIB_INFRA_MISSED_BEACON_COUNT_V5;
1001 MIB5(mib_adhoc_missed_beacon_count)
1002 = RAY_MIB_ADHOC_MISSED_BEACON_COUNT_V5;
1003 MIB5(mib_country_code) = RAY_MIB_COUNTRY_CODE_V5;
1004 MIB5(mib_hop_seq) = RAY_MIB_HOP_SEQ_V5;
1005 MIB5(mib_hop_seq_len) = RAY_MIB_HOP_SEQ_LEN_V5;
1006 PUT2(MIB5(mib_cw_max), RAY_MIB_CW_MAX_V5);
1007 PUT2(MIB5(mib_cw_min), RAY_MIB_CW_MIN_V5);
1008 MIB5(mib_noise_filter_gain) = RAY_MIB_NOISE_FILTER_GAIN_DEFAULT;
1009 MIB5(mib_noise_limit_offset) = RAY_MIB_NOISE_LIMIT_OFFSET_DEFAULT;
1010 MIB5(mib_rssi_thresh_offset) = RAY_MIB_RSSI_THRESH_OFFSET_DEFAULT;
1011 MIB5(mib_busy_thresh_offset) = RAY_MIB_BUSY_THRESH_OFFSET_DEFAULT;
1012 MIB5(mib_sync_thresh) = RAY_MIB_SYNC_THRESH_DEFAULT;
1013 MIB5(mib_test_mode) = RAY_MIB_TEST_MODE_DEFAULT;
1014 MIB5(mib_test_min_chan) = RAY_MIB_TEST_MIN_CHAN_DEFAULT;
1015 MIB5(mib_test_max_chan) = RAY_MIB_TEST_MAX_CHAN_DEFAULT;
1016 MIB5(mib_allow_probe_resp) = RAY_MIB_ALLOW_PROBE_RESP_DEFAULT;
1017 MIB5(mib_privacy_must_start) = com->c_desired.np_priv_start;
1018 MIB5(mib_privacy_can_join) = com->c_desired.np_priv_join;
1019 MIB5(mib_basic_rate_set[0]) = com->c_desired.np_def_txrate;
1022 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE,
1023 &ray_mib_5_default, sizeof(ray_mib_5_default));
1028 * Download completion routine
1031 ray_init_download_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1033 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1034 RAY_COM_CHECK(sc, ccs);
1036 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
1038 ray_com_ecf_done(sc);
1042 * Runq entry to empty the multicast filter list
1045 ray_init_mcast(struct ray_softc *sc, struct ray_comq_entry *com)
1047 struct ifnet *ifp = &sc->arpcom.ac_if;
1049 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1052 /* If the card already running we might not need to reset the list */
1053 RAY_COM_CHKRUNNING(sc, com, ifp);
1058 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_MCAST);
1059 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_update_mcast, c_nmcast, 0);
1061 ray_com_ecf(sc, com);
1065 * Runq entry to starting or joining a network
1068 ray_init_sj(struct ray_softc *sc, struct ray_comq_entry *com)
1070 struct ifnet *ifp = &sc->arpcom.ac_if;
1071 struct ray_net_params np;
1074 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1077 /* If the card already running we might not need to start the n/w */
1078 RAY_COM_CHKRUNNING(sc, com, ifp);
1081 * Set up the right start or join command and determine
1082 * whether we should tell the card about a change in operating
1085 sc->sc_c.np_havenet = 0;
1086 if (sc->sc_d.np_net_type == RAY_MIB_NET_TYPE_ADHOC)
1087 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_START_NET);
1089 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_JOIN_NET);
1092 if (sc->sc_c.np_net_type != sc->sc_d.np_net_type)
1094 if (bcmp(sc->sc_c.np_ssid, sc->sc_d.np_ssid, IEEE80211_NWID_LEN))
1096 if (sc->sc_c.np_priv_join != sc->sc_d.np_priv_join)
1098 if (sc->sc_c.np_priv_start != sc->sc_d.np_priv_start)
1100 RAY_DPRINTF(sc, RAY_DBG_STARTJOIN,
1101 "%s updating nw params", update?"is":"not");
1103 bzero(&np, sizeof(np));
1104 np.p_net_type = sc->sc_d.np_net_type;
1105 bcopy(sc->sc_d.np_ssid, np.p_ssid, IEEE80211_NWID_LEN);
1106 np.p_privacy_must_start = sc->sc_d.np_priv_start;
1107 np.p_privacy_can_join = sc->sc_d.np_priv_join;
1108 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE, &np, sizeof(np));
1109 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_net, c_upd_param, 1);
1111 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_net, c_upd_param, 0);
1116 ray_com_ecf(sc, com);
1120 * Complete start command or intermediate step in assoc command
1123 ray_init_sj_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1125 struct ifnet *ifp = &sc->arpcom.ac_if;
1127 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1129 RAY_COM_CHECK(sc, ccs);
1131 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
1134 * Read back network parameters that the ECF sets
1136 SRAM_READ_REGION(sc, ccs, &sc->sc_c.p_1, sizeof(struct ray_cmd_net));
1138 /* Adjust values for buggy firmware */
1139 if (sc->sc_c.np_inited == 0x55)
1140 sc->sc_c.np_inited = 0;
1141 if (sc->sc_c.np_def_txrate == 0x55)
1142 sc->sc_c.np_def_txrate = sc->sc_d.np_def_txrate;
1143 if (sc->sc_c.np_encrypt == 0x55)
1144 sc->sc_c.np_encrypt = sc->sc_d.np_encrypt;
1147 * Update our local state if we updated the network parameters
1148 * when the START_NET or JOIN_NET was issued.
1150 if (sc->sc_c.np_upd_param) {
1151 RAY_DPRINTF(sc, RAY_DBG_STARTJOIN, "updated parameters");
1152 SRAM_READ_REGION(sc, RAY_HOST_TO_ECF_BASE,
1153 &sc->sc_c.p_2, sizeof(struct ray_net_params));
1157 * Hurrah! The network is now active.
1159 * Clearing IFF_OACTIVE will ensure that the system will send us
1160 * packets. Just before we return from the interrupt context
1161 * we check to see if packets have been queued.
1163 if (SRAM_READ_FIELD_1(sc, ccs, ray_cmd, c_cmd) == RAY_CMD_START_NET) {
1164 sc->sc_c.np_havenet = 1;
1165 sc->sc_c.np_framing = sc->sc_d.np_framing;
1166 ifp->if_flags |= IFF_RUNNING;
1167 ifp->if_flags &= ~IFF_OACTIVE;
1170 ray_com_ecf_done(sc);
1174 * Runq entry to authenticate with an access point or another station
1177 ray_init_auth(struct ray_softc *sc, struct ray_comq_entry *com)
1179 struct ifnet *ifp = &sc->arpcom.ac_if;
1181 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN | RAY_DBG_AUTH, "");
1183 /* If card already running we might not need to authenticate */
1184 RAY_COM_CHKRUNNING(sc, com, ifp);
1187 * XXX Don't do anything if we are not in a managed network
1189 * XXX V4 adhoc does not need this, V5 adhoc unknown
1191 if (sc->sc_c.np_net_type != RAY_MIB_NET_TYPE_INFRA) {
1192 ray_com_runq_done(sc);
1197 * XXX_AUTH need to think of run queue when doing auths from request i.e. would
1198 * XXX_AUTH need to have auth at top of runq?
1199 * XXX_AUTH ditto for sending any auth response packets...what about timeouts?
1205 /* XXX_AUTH check exit status and retry or fail as we can't associate without this */
1206 ray_init_auth_send(sc, sc->sc_c.np_bss_id, IEEE80211_AUTH_OPEN_REQUEST);
1210 * Build and send an authentication packet
1212 * If an error occurs, returns 1 else returns 0.
1215 ray_init_auth_send(struct ray_softc *sc, u_int8_t *dst, int sequence)
1220 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN | RAY_DBG_AUTH, "");
1222 /* Get a control block */
1223 if (ray_ccs_tx(sc, &ccs, &bufp)) {
1224 RAY_RECERR(sc, "could not obtain a ccs");
1228 /* Fill the header in */
1229 bufp = ray_tx_wrhdr(sc, bufp,
1230 IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_AUTH,
1231 IEEE80211_FC1_DIR_NODS,
1233 sc->arpcom.ac_enaddr,
1234 sc->sc_c.np_bss_id);
1236 /* Add algorithm number */
1237 SRAM_WRITE_1(sc, bufp + pktlen++, IEEE80211_AUTH_ALG_OPEN);
1238 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1240 /* Add sequence number */
1241 SRAM_WRITE_1(sc, bufp + pktlen++, sequence);
1242 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1244 /* Add status code */
1245 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1246 SRAM_WRITE_1(sc, bufp + pktlen++, 0);
1247 pktlen += sizeof(struct ieee80211_frame);
1249 return (ray_tx_send(sc, ccs, pktlen, dst));
1253 * Complete authentication runq
1256 ray_init_auth_done(struct ray_softc *sc, u_int8_t status)
1258 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN | RAY_DBG_AUTH, "");
1260 if (status != IEEE80211_STATUS_SUCCESS)
1261 RAY_RECERR(sc, "authentication failed with status %d", status);
1263 * XXX_AUTH retry? if not just recall ray_init_auth_send and dont clear runq?
1264 * XXX_AUTH association requires that authenitcation is successful
1265 * XXX_AUTH before we associate, and the runq is the only way to halt the
1266 * XXX_AUTH progress of associate.
1267 * XXX_AUTH In this case I might not need the RAY_AUTH_NEEDED state
1269 ray_com_runq_done(sc);
1273 * Runq entry to starting an association with an access point
1276 ray_init_assoc(struct ray_softc *sc, struct ray_comq_entry *com)
1278 struct ifnet *ifp = &sc->arpcom.ac_if;
1280 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1282 /* If the card already running we might not need to associate */
1283 RAY_COM_CHKRUNNING(sc, com, ifp);
1286 * Don't do anything if we are not in a managed network
1288 if (sc->sc_c.np_net_type != RAY_MIB_NET_TYPE_INFRA) {
1289 ray_com_runq_done(sc);
1296 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_START_ASSOC);
1297 ray_com_ecf(sc, com);
1301 * Complete association
1304 ray_init_assoc_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1306 struct ifnet *ifp = &sc->arpcom.ac_if;
1308 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
1309 RAY_COM_CHECK(sc, ccs);
1311 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
1314 * Hurrah! The network is now active.
1316 * Clearing IFF_OACTIVE will ensure that the system will send us
1317 * packets. Just before we return from the interrupt context
1318 * we check to see if packets have been queued.
1320 sc->sc_c.np_havenet = 1;
1321 sc->sc_c.np_framing = sc->sc_d.np_framing;
1322 ifp->if_flags |= IFF_RUNNING;
1323 ifp->if_flags &= ~IFF_OACTIVE;
1325 ray_com_ecf_done(sc);
1331 * Inhibit card - if we can't prevent reception then do not worry;
1332 * stopping a NIC only guarantees no TX.
1334 * The change to the interface flags is done via the runq so that any
1335 * existing commands can execute normally.
1338 ray_stop_user(struct ray_softc *sc)
1340 struct ray_comq_entry *com[1];
1343 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STOP, "");
1346 * Schedule the real stop routine
1349 com[ncom++] = RAY_COM_MALLOC(ray_stop, 0);
1351 RAY_COM_RUNQ(sc, com, ncom, "raystop", error);
1353 /* XXX no real error processing from anything yet! */
1355 RAY_COM_FREE(com, ncom);
1361 * Runq entry for stopping the interface activity
1364 ray_stop(struct ray_softc *sc, struct ray_comq_entry *com)
1366 struct ifnet *ifp = &sc->arpcom.ac_if;
1369 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STOP, "");
1372 * Mark as not running and drain output queue
1374 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
1377 IF_DEQUEUE(&ifp->if_snd, m);
1383 ray_com_runq_done(sc);
1387 ray_watchdog(struct ifnet *ifp)
1389 struct ray_softc *sc = ifp->if_softc;
1391 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
1394 if ((sc == NULL) || (sc->sc_gone))
1397 RAY_PRINTF(sc, "watchdog timeout");
1401 * Transmit packet handling
1407 * We make two assumptions here:
1408 * 1) That the current priority is set to splimp _before_ this code
1409 * is called *and* is returned to the appropriate priority after
1411 * 2) That the IFF_OACTIVE flag is checked before this code is called
1412 * (i.e. that the output part of the interface is idle)
1414 * A simple one packet at a time TX routine is used - we don't bother
1415 * chaining TX buffers. Performance is sufficient to max out the
1416 * wireless link on a P75.
1418 * AST J30 Windows 95A (100MHz Pentium) to
1419 * Libretto 50CT FreeBSD-3.1 (75MHz Pentium) 167.37kB/s
1420 * Nonname box FreeBSD-3.4 (233MHz AMD K6) 161.82kB/s
1422 * Libretto 50CT FreeBSD-3.1 (75MHz Pentium) to
1423 * AST J30 Windows 95A (100MHz Pentium) 167.37kB/s
1424 * Nonname box FreeBSD-3.4 (233MHz AMD K6) 161.38kB/s
1426 * Given that 160kB/s is saturating the 2Mb/s wireless link we
1429 * In short I'm happy that the added complexity of chaining TX
1430 * packets together isn't worth it for my machines.
1433 ray_tx(struct ifnet *ifp)
1435 struct ray_softc *sc = ifp->if_softc;
1436 struct mbuf *m0, *m;
1437 struct ether_header *eh;
1442 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1446 * Some simple checks first - some are overkill
1448 if ((sc == NULL) || (sc->sc_gone))
1450 if (!(ifp->if_flags & IFF_RUNNING)) {
1451 RAY_RECERR(sc, "cannot transmit - not running");
1454 if (!sc->sc_c.np_havenet) {
1455 RAY_RECERR(sc, "cannot transmit - no network");
1458 if (!RAY_ECF_READY(sc)) {
1459 /* Can't assume that the ECF is busy because of this driver */
1460 if ((sc->tx_timerh.callout == NULL) ||
1461 (!callout_active(sc->tx_timerh.callout))) {
1463 timeout(ray_tx_timo, sc, RAY_TX_TIMEOUT);
1467 untimeout(ray_tx_timo, sc, sc->tx_timerh);
1470 * We find a ccs before we process the mbuf so that we are sure it
1471 * is worthwhile processing the packet. All errors in the mbuf
1472 * processing are either errors in the mbuf or gross configuration
1473 * errors and the packet wouldn't get through anyway.
1475 if (ray_ccs_tx(sc, &ccs, &bufp)) {
1476 ifp->if_flags |= IFF_OACTIVE;
1481 * Get the mbuf and process it - we have to remember to free the
1482 * ccs if there are any errors.
1484 IF_DEQUEUE(&ifp->if_snd, m0);
1486 RAY_CCS_FREE(sc, ccs);
1490 pktlen = m0->m_pkthdr.len;
1491 if (pktlen > ETHER_MAX_LEN - ETHER_CRC_LEN) {
1492 RAY_RECERR(sc, "mbuf too long %d", pktlen);
1493 RAY_CCS_FREE(sc, ccs);
1499 m0 = m_pullup(m0, sizeof(struct ether_header));
1501 RAY_RECERR(sc, "could not pullup ether");
1502 RAY_CCS_FREE(sc, ccs);
1506 eh = mtod(m0, struct ether_header *);
1509 * Write the 802.11 header according to network type etc.
1511 if (sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_ADHOC)
1512 bufp = ray_tx_wrhdr(sc, bufp,
1513 IEEE80211_FC0_TYPE_DATA,
1514 IEEE80211_FC1_DIR_NODS,
1517 sc->sc_c.np_bss_id);
1519 if (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_TERMINAL)
1520 bufp = ray_tx_wrhdr(sc, bufp,
1521 IEEE80211_FC0_TYPE_DATA,
1522 IEEE80211_FC1_DIR_TODS,
1527 bufp = ray_tx_wrhdr(sc, bufp,
1528 IEEE80211_FC0_TYPE_DATA,
1529 IEEE80211_FC1_DIR_FROMDS,
1539 switch (sc->sc_c.np_framing) {
1541 case RAY_FRAMING_ENCAPSULATION:
1542 /* Nice and easy - nothing! (just add an 802.11 header) */
1545 case RAY_FRAMING_TRANSLATION:
1547 * Drop the first address in the ethernet header and
1548 * write an LLC and SNAP header over the second.
1550 m_adj(m0, ETHER_ADDR_LEN);
1552 RAY_RECERR(sc, "could not get space for 802.2 header");
1553 RAY_CCS_FREE(sc, ccs);
1557 llc = mtod(m0, struct llc *);
1558 llc->llc_dsap = LLC_SNAP_LSAP;
1559 llc->llc_ssap = LLC_SNAP_LSAP;
1560 llc->llc_control = LLC_UI;
1561 llc->llc_un.type_snap.org_code[0] = 0;
1562 llc->llc_un.type_snap.org_code[1] = 0;
1563 llc->llc_un.type_snap.org_code[2] = 0;
1567 RAY_RECERR(sc, "unknown framing type %d", sc->sc_c.np_framing);
1568 RAY_CCS_FREE(sc, ccs);
1575 RAY_RECERR(sc, "could not frame packet");
1576 RAY_CCS_FREE(sc, ccs);
1580 RAY_MBUF_DUMP(sc, RAY_DBG_TX, m0, "framed packet");
1583 * Copy the mbuf to the buffer in common memory
1585 * We drop and don't bother wrapping as Ethernet packets are 1518
1586 * bytes, we checked the mbuf earlier, and our TX buffers are 2048
1587 * bytes. We don't have 530 bytes of headers etc. so something
1590 pktlen = sizeof(struct ieee80211_frame);
1591 for (m = m0; m != NULL; m = m->m_next) {
1593 if ((len = m->m_len) == 0)
1595 if ((bufp + len) < RAY_TX_END)
1596 SRAM_WRITE_REGION(sc, bufp, mtod(m, u_int8_t *), len);
1598 RAY_RECERR(sc, "tx buffer overflow");
1599 RAY_CCS_FREE(sc, ccs);
1610 if (ray_tx_send(sc, ccs, pktlen, eh->ether_dhost))
1618 * Start timeout routine.
1620 * Used when card was busy but we needed to send a packet.
1623 ray_tx_timo(void *xsc)
1625 struct ray_softc *sc = (struct ray_softc *)xsc;
1626 struct ifnet *ifp = &sc->arpcom.ac_if;
1629 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
1631 if (!(ifp->if_flags & IFF_OACTIVE) && (ifp->if_snd.ifq_head != NULL)) {
1639 * Write an 802.11 header into the Tx buffer space and return the
1640 * adjusted buffer pointer.
1643 ray_tx_wrhdr(struct ray_softc *sc, size_t bufp, u_int8_t type, u_int8_t fc1, u_int8_t *addr1, u_int8_t *addr2, u_int8_t *addr3)
1645 struct ieee80211_frame header;
1647 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1650 bzero(&header, sizeof(struct ieee80211_frame));
1651 header.i_fc[0] = (IEEE80211_FC0_VERSION_0 | type);
1652 header.i_fc[1] = fc1;
1653 bcopy(addr1, header.i_addr1, ETHER_ADDR_LEN);
1654 bcopy(addr2, header.i_addr2, ETHER_ADDR_LEN);
1655 bcopy(addr3, header.i_addr3, ETHER_ADDR_LEN);
1657 SRAM_WRITE_REGION(sc, bufp, (u_int8_t *)&header,
1658 sizeof(struct ieee80211_frame));
1660 return (bufp + sizeof(struct ieee80211_frame));
1664 * Fill in a few loose ends and kick the card to send the packet
1666 * Returns 0 on success, 1 on failure
1669 ray_tx_send(struct ray_softc *sc, size_t ccs, int pktlen, u_int8_t *dst)
1673 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1676 while (!RAY_ECF_READY(sc)) {
1677 DELAY(RAY_ECF_SPIN_DELAY);
1678 if (++i > RAY_ECF_SPIN_TRIES) {
1679 RAY_RECERR(sc, "ECF busy, dropping packet");
1680 RAY_CCS_FREE(sc, ccs);
1685 RAY_RECERR(sc, "spun %d times", i);
1687 SRAM_WRITE_FIELD_2(sc, ccs, ray_cmd_tx, c_len, pktlen);
1688 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_antenna,
1689 ray_tx_best_antenna(sc, dst));
1690 SRAM_WRITE_1(sc, RAY_SCB_CCSI, RAY_CCS_INDEX(ccs));
1691 RAY_ECF_START_CMD(sc);
1697 * Determine best antenna to use from rx level and antenna cache
1700 ray_tx_best_antenna(struct ray_softc *sc, u_int8_t *dst)
1702 struct ray_siglev *sl;
1706 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1708 if (sc->sc_version == RAY_ECFS_BUILD_4)
1711 /* try to find host */
1712 for (i = 0; i < RAY_NSIGLEVRECS; i++) {
1713 sl = &sc->sc_siglevs[i];
1714 if (bcmp(sl->rsl_host, dst, ETHER_ADDR_LEN) == 0)
1717 /* not found, return default setting */
1721 /* This is a simple thresholding scheme that takes the mean
1722 * of the best antenna history. This is okay but as it is a
1723 * filter, it adds a bit of lag in situations where the
1724 * best antenna swaps from one side to the other slowly. Don't know
1725 * how likely this is given the horrible fading though.
1728 for (i = 0; i < RAY_NANTENNA; i++) {
1729 antenna += sl->rsl_antennas[i];
1732 return (antenna > (RAY_NANTENNA >> 1));
1736 * Transmit now complete so clear ccs and network flags.
1739 ray_tx_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
1741 struct ifnet *ifp = &sc->arpcom.ac_if;
1743 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_TX, "");
1745 RAY_CCSERR(sc, status, if_oerrors);
1747 RAY_CCS_FREE(sc, ccs);
1749 if (ifp->if_flags & IFF_OACTIVE)
1750 ifp->if_flags &= ~IFF_OACTIVE;
1754 * Receiver packet handling
1758 * Receive a packet from the card
1761 ray_rx(struct ray_softc *sc, size_t rcs)
1763 struct ieee80211_frame *header;
1764 struct ifnet *ifp = &sc->arpcom.ac_if;
1766 size_t pktlen, fraglen, readlen, tmplen;
1768 u_int8_t siglev, antenna;
1772 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
1775 RAY_DPRINTF(sc, RAY_DBG_CCS, "using rcs 0x%x", rcs);
1781 * Get first part of packet and the length. Do some sanity checks
1784 first = RAY_CCS_INDEX(rcs);
1785 pktlen = SRAM_READ_FIELD_2(sc, rcs, ray_cmd_rx, c_pktlen);
1786 siglev = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_siglev);
1787 antenna = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_antenna);
1789 if ((pktlen > MCLBYTES) || (pktlen < sizeof(struct ieee80211_frame))) {
1790 RAY_RECERR(sc, "packet too big or too small");
1795 MGETHDR(m0, M_DONTWAIT, MT_DATA);
1797 RAY_RECERR(sc, "MGETHDR failed");
1801 if (pktlen > MHLEN) {
1802 MCLGET(m0, M_DONTWAIT);
1803 if (!(m0->m_flags & M_EXT)) {
1804 RAY_RECERR(sc, "MCLGET failed");
1811 m0->m_pkthdr.rcvif = ifp;
1812 m0->m_pkthdr.len = pktlen;
1814 mp = mtod(m0, u_int8_t *);
1817 * Walk the fragment chain to build the complete packet.
1819 * The use of two index variables removes a race with the
1820 * hardware. If one index were used the clearing of the CCS would
1821 * happen before reading the next pointer and the hardware can get in.
1822 * Not my idea but verbatim from the NetBSD driver.
1825 while ((i = ni) && (i != RAY_CCS_LINK_NULL)) {
1826 rcs = RAY_CCS_ADDRESS(i);
1827 ni = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_nextfrag);
1828 bufp = SRAM_READ_FIELD_2(sc, rcs, ray_cmd_rx, c_bufp);
1829 fraglen = SRAM_READ_FIELD_2(sc, rcs, ray_cmd_rx, c_len);
1830 if (fraglen + readlen > pktlen) {
1831 RAY_RECERR(sc, "bad length current 0x%x pktlen 0x%x",
1832 fraglen + readlen, pktlen);
1838 if ((i < RAY_RCS_FIRST) || (i > RAY_RCS_LAST)) {
1839 RAY_RECERR(sc, "bad rcs index 0x%x", i);
1846 ebufp = bufp + fraglen;
1847 if (ebufp <= RAY_RX_END)
1848 SRAM_READ_REGION(sc, bufp, mp, fraglen);
1850 SRAM_READ_REGION(sc, bufp, mp,
1851 (tmplen = RAY_RX_END - bufp));
1852 SRAM_READ_REGION(sc, RAY_RX_BASE, mp + tmplen,
1853 ebufp - RAY_RX_END);
1862 * Walk the chain again to free the rcss.
1865 while ((i = ni) && (i != RAY_CCS_LINK_NULL)) {
1866 rcs = RAY_CCS_ADDRESS(i);
1867 ni = SRAM_READ_FIELD_1(sc, rcs, ray_cmd_rx, c_nextfrag);
1868 RAY_CCS_FREE(sc, rcs);
1875 * Check the 802.11 packet type and hand off to
1876 * appropriate functions.
1878 header = mtod(m0, struct ieee80211_frame *);
1879 if ((header->i_fc[0] & IEEE80211_FC0_VERSION_MASK)
1880 != IEEE80211_FC0_VERSION_0) {
1881 RAY_RECERR(sc, "header not version 0 fc0 0x%x",
1887 switch (header->i_fc[0] & IEEE80211_FC0_TYPE_MASK) {
1889 case IEEE80211_FC0_TYPE_DATA:
1890 ray_rx_data(sc, m0, siglev, antenna);
1893 case IEEE80211_FC0_TYPE_MGT:
1897 case IEEE80211_FC0_TYPE_CTL:
1902 RAY_RECERR(sc, "unknown packet fc0 0x%x", header->i_fc[0]);
1909 * Deal with DATA packet types
1912 ray_rx_data(struct ray_softc *sc, struct mbuf *m0, u_int8_t siglev, u_int8_t antenna)
1914 struct ifnet *ifp = &sc->arpcom.ac_if;
1915 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
1916 struct ether_header *eh;
1918 u_int8_t *sa = NULL, *da = NULL, *ra = NULL, *ta = NULL;
1921 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_RX, "");
1924 * Check the the data packet subtype, some packets have
1925 * nothing in them so we will drop them here.
1927 switch (header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) {
1929 case IEEE80211_FC0_SUBTYPE_DATA:
1930 case IEEE80211_FC0_SUBTYPE_CF_ACK:
1931 case IEEE80211_FC0_SUBTYPE_CF_POLL:
1932 case IEEE80211_FC0_SUBTYPE_CF_ACPL:
1933 RAY_DPRINTF(sc, RAY_DBG_RX, "DATA packet");
1936 case IEEE80211_FC0_SUBTYPE_NODATA:
1937 case IEEE80211_FC0_SUBTYPE_CFACK:
1938 case IEEE80211_FC0_SUBTYPE_CFPOLL:
1939 case IEEE80211_FC0_SUBTYPE_CF_ACK_CF_ACK:
1940 RAY_DPRINTF(sc, RAY_DBG_RX, "NULL packet");
1946 RAY_RECERR(sc, "reserved DATA packet subtype 0x%x",
1947 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
1954 * Parse the To DS and From DS fields to determine the length
1955 * of the 802.11 header for use later on.
1957 * Additionally, furtle out the right destination and
1958 * source MAC addresses for the packet. Packets may come via
1959 * APs so the MAC addresses of the immediate node may be
1960 * different from the node that actually sent us the packet.
1962 * da destination address of final recipient
1963 * sa source address of orginator
1964 * ra receiver address of immediate recipient
1965 * ta transmitter address of immediate orginator
1967 * Address matching is performed on da or sa with the AP or
1968 * BSSID in ra and ta.
1970 RAY_MBUF_DUMP(sc, RAY_DBG_RX, m0, "(1) packet before framing");
1971 switch (header->i_fc[1] & IEEE80211_FC1_DIR_MASK) {
1973 case IEEE80211_FC1_DIR_NODS:
1974 da = ra = header->i_addr1;
1975 sa = ta = header->i_addr2;
1976 trim = sizeof(struct ieee80211_frame);
1977 RAY_DPRINTF(sc, RAY_DBG_RX, "from %6D to %6D",
1981 case IEEE80211_FC1_DIR_FROMDS:
1982 da = ra = header->i_addr1;
1983 ta = header->i_addr2;
1984 sa = header->i_addr3;
1985 trim = sizeof(struct ieee80211_frame);
1986 RAY_DPRINTF(sc, RAY_DBG_RX, "ap %6D from %6D to %6D",
1987 ta, ":", sa, ":", da, ":");
1990 case IEEE80211_FC1_DIR_TODS:
1991 ra = header->i_addr1;
1992 sa = ta = header->i_addr2;
1993 da = header->i_addr3;
1994 trim = sizeof(struct ieee80211_frame);
1995 RAY_DPRINTF(sc, RAY_DBG_RX, "from %6D to %6D ap %6D",
1996 sa, ":", da, ":", ra, ":");
1999 case IEEE80211_FC1_DIR_DSTODS:
2000 ra = header->i_addr1;
2001 ta = header->i_addr2;
2002 da = header->i_addr3;
2003 sa = (u_int8_t *)header+1;
2004 trim = sizeof(struct ieee80211_frame) + ETHER_ADDR_LEN;
2005 RAY_DPRINTF(sc, RAY_DBG_RX, "from %6D to %6D ap %6D to %6D",
2006 sa, ":", da, ":", ta, ":", ra, ":");
2013 * Each case must leave an Ethernet header and adjust trim.
2015 switch (sc->sc_c.np_framing) {
2017 case RAY_FRAMING_ENCAPSULATION:
2018 /* A NOP as the Ethernet header is in the packet */
2021 case RAY_FRAMING_TRANSLATION:
2022 /* Check that we have an LLC and SNAP sequence */
2023 llc = (struct llc *)((u_int8_t *)header + trim);
2024 if (llc->llc_dsap == LLC_SNAP_LSAP &&
2025 llc->llc_ssap == LLC_SNAP_LSAP &&
2026 llc->llc_control == LLC_UI &&
2027 llc->llc_un.type_snap.org_code[0] == 0 &&
2028 llc->llc_un.type_snap.org_code[1] == 0 &&
2029 llc->llc_un.type_snap.org_code[2] == 0) {
2031 * This is not magic. RFC1042 header is 8
2032 * bytes, with the last two bytes being the
2033 * ether type. So all we need is another
2034 * ETHER_ADDR_LEN bytes to write the
2037 trim -= ETHER_ADDR_LEN;
2038 eh = (struct ether_header *)((u_int8_t *)header + trim);
2041 * Copy carefully to avoid mashing the MAC
2042 * addresses. The address layout in the .11 header
2043 * does make sense, honest, but it is a pain.
2045 * NODS da sa no risk
2046 * FROMDS da ta sa sa then da
2047 * DSTODS ra ta da sa sa then da
2048 * TODS ra sa da da then sa
2052 bcopy(sa, eh->ether_shost, ETHER_ADDR_LEN);
2053 bcopy(da, eh->ether_dhost, ETHER_ADDR_LEN);
2056 bcopy(da, eh->ether_dhost, ETHER_ADDR_LEN);
2057 bcopy(sa, eh->ether_shost, ETHER_ADDR_LEN);
2062 /* Assume RAY_FRAMING_ENCAPSULATION */
2064 "got encapsulated packet but in translation mode");
2070 RAY_RECERR(sc, "unknown framing type %d", sc->sc_c.np_framing);
2075 RAY_MBUF_DUMP(sc, RAY_DBG_RX, m0, "(2) packet after framing");
2078 * Finally, do a bit of house keeping before sending the packet
2082 RAY_MBUF_DUMP(sc, RAY_DBG_RX, m0, "(3) packet after trimming");
2084 ray_rx_update_cache(sc, header->i_addr2, siglev, antenna);
2085 eh = mtod(m0, struct ether_header *);
2086 m_adj(m0, sizeof(struct ether_header));
2087 ether_input(ifp, eh, m0);
2091 * Deal with MGT packet types
2094 ray_rx_mgt(struct ray_softc *sc, struct mbuf *m0)
2096 struct ifnet *ifp = &sc->arpcom.ac_if;
2097 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2099 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_MGT, "");
2101 if ((header->i_fc[1] & IEEE80211_FC1_DIR_MASK) !=
2102 IEEE80211_FC1_DIR_NODS) {
2103 RAY_RECERR(sc, "MGT TODS/FROMDS wrong fc1 0x%x",
2104 header->i_fc[1] & IEEE80211_FC1_DIR_MASK);
2111 * Check the the mgt packet subtype, some packets should be
2112 * dropped depending on the mode the station is in. See pg
2115 * P - proccess, J - Junk, E - ECF deals with, I - Illegal
2117 * AHDOC procces or junk
2118 * INFRA STA process or junk
2119 * INFRA AP process or jumk
2121 * +PPP IEEE80211_FC0_SUBTYPE_BEACON
2122 * +EEE IEEE80211_FC0_SUBTYPE_PROBE_REQ
2123 * +EEE IEEE80211_FC0_SUBTYPE_PROBE_RESP
2124 * PPP IEEE80211_FC0_SUBTYPE_AUTH
2125 * PPP IEEE80211_FC0_SUBTYPE_DEAUTH
2126 * JJP IEEE80211_FC0_SUBTYPE_ASSOC_REQ
2127 * JPJ IEEE80211_FC0_SUBTYPE_ASSOC_RESP
2128 * JPP IEEE80211_FC0_SUBTYPE_DISASSOC
2129 * JJP IEEE80211_FC0_SUBTYPE_REASSOC_REQ
2130 * JPJ IEEE80211_FC0_SUBTYPE_REASSOC_RESP
2131 * +EEE IEEE80211_FC0_SUBTYPE_ATIM
2133 RAY_MBUF_DUMP(sc, RAY_DBG_MGT, m0, "MGT packet");
2134 switch (header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) {
2136 case IEEE80211_FC0_SUBTYPE_BEACON:
2137 RAY_DPRINTF(sc, RAY_DBG_MGT, "BEACON MGT packet");
2138 ray_rx_mgt_beacon(sc, m0);
2141 case IEEE80211_FC0_SUBTYPE_AUTH:
2142 RAY_DPRINTF(sc, RAY_DBG_MGT, "AUTH MGT packet");
2143 ray_rx_mgt_auth(sc, m0);
2146 case IEEE80211_FC0_SUBTYPE_DEAUTH:
2147 RAY_DPRINTF(sc, RAY_DBG_MGT, "DEAUTH MGT packet");
2148 /* XXX ray_rx_mgt_deauth(sc, m0); */
2151 case IEEE80211_FC0_SUBTYPE_ASSOC_REQ:
2152 case IEEE80211_FC0_SUBTYPE_REASSOC_REQ:
2153 RAY_DPRINTF(sc, RAY_DBG_MGT, "(RE)ASSOC_REQ MGT packet");
2154 if ((sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_INFRA) &&
2155 (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_AP))
2156 RAY_RECERR(sc, "can't be an AP yet"); /* XXX_ACTING_AP */
2159 case IEEE80211_FC0_SUBTYPE_ASSOC_RESP:
2160 case IEEE80211_FC0_SUBTYPE_REASSOC_RESP:
2161 RAY_DPRINTF(sc, RAY_DBG_MGT, "(RE)ASSOC_RESP MGT packet");
2162 if ((sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_INFRA) &&
2163 (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_TERMINAL))
2164 RAY_RECERR(sc, "can't be in INFRA yet"); /* XXX_INFRA */
2167 case IEEE80211_FC0_SUBTYPE_DISASSOC:
2168 RAY_DPRINTF(sc, RAY_DBG_MGT, "DISASSOC MGT packet");
2169 if (sc->sc_c.np_net_type == RAY_MIB_NET_TYPE_INFRA)
2170 RAY_RECERR(sc, "can't be in INFRA yet"); /* XXX_INFRA */
2173 case IEEE80211_FC0_SUBTYPE_PROBE_REQ:
2174 case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
2175 case IEEE80211_FC0_SUBTYPE_ATIM:
2176 RAY_RECERR(sc, "unexpected MGT packet subtype 0x%0x",
2177 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2182 RAY_RECERR(sc, "reserved MGT packet subtype 0x%x",
2183 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2191 * Deal with BEACON management packet types
2192 * XXX furtle anything interesting out
2193 * XXX Note that there are rules governing what beacons to read
2194 * XXX see 8802 S7.2.3, S11.1.2.3
2195 * XXX is this actually useful?
2198 ray_rx_mgt_beacon(struct ray_softc *sc, struct mbuf *m0)
2200 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2201 ieee80211_mgt_beacon_t beacon = (u_int8_t *)(header+1);
2202 struct ieee80211_information elements;
2204 u_int64_t *timestamp;
2206 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_MGT, "");
2208 timestamp = (u_int64_t *)beacon;
2210 RAY_DPRINTF(sc, RAY_DBG_MGT, "timestamp\t0x%x", *timestamp);
2211 RAY_DPRINTF(sc, RAY_DBG_MGT, "interval\t\t0x%x", IEEE80211_BEACON_INTERVAL(beacon));
2212 RAY_DPRINTF(sc, RAY_DBG_MGT, "capability\t0x%x", IEEE80211_BEACON_CAPABILITY(beacon));
2214 ray_rx_mgt_info(sc, m0, &elements);
2219 ray_rx_mgt_info(struct ray_softc *sc, struct mbuf *m0, struct ieee80211_information *elements)
2221 struct ifnet *ifp = &sc->arpcom.ac_if;
2222 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2223 ieee80211_mgt_beacon_t beacon = (u_int8_t *)(header+1);
2224 ieee80211_mgt_beacon_t bp, be;
2227 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_MGT, "");
2230 be = mtod(m0, u_int8_t *) + m0->m_len;
2234 RAY_DPRINTF(sc, RAY_DBG_MGT, "id 0x%02x length %d", *bp, len);
2238 case IEEE80211_ELEMID_SSID:
2239 if (len > IEEE80211_NWID_LEN) {
2240 RAY_RECERR(sc, "bad SSD length: %d from %6D",
2241 len, header->i_addr2, ":");
2243 strncpy(elements->ssid, bp + 2, len);
2244 elements->ssid[len] = 0;
2245 RAY_DPRINTF(sc, RAY_DBG_MGT,
2246 "beacon ssid %s", elements->ssid);
2249 case IEEE80211_ELEMID_RATES:
2250 RAY_DPRINTF(sc, RAY_DBG_MGT, "rates");
2253 case IEEE80211_ELEMID_FHPARMS:
2254 elements->fh.dwell = bp[2] + (bp[3] << 8);
2255 elements->fh.set = bp[4];
2256 elements->fh.pattern = bp[5];
2257 elements->fh.index = bp[6];
2258 RAY_DPRINTF(sc, RAY_DBG_MGT,
2259 "fhparams dwell\t0x%04x", elements->fh.dwell);
2260 RAY_DPRINTF(sc, RAY_DBG_MGT,
2261 "fhparams set\t0x%02x", elements->fh.set);
2262 RAY_DPRINTF(sc, RAY_DBG_MGT,
2263 "fhparams pattern\t0x%02x", elements->fh.pattern);
2264 RAY_DPRINTF(sc, RAY_DBG_MGT,
2265 "fhparams index\t0x%02x", elements->fh.index);
2268 case IEEE80211_ELEMID_DSPARMS:
2269 RAY_RECERR(sc, "got direct sequence params!");
2272 case IEEE80211_ELEMID_CFPARMS:
2273 RAY_DPRINTF(sc, RAY_DBG_MGT, "cfparams");
2276 case IEEE80211_ELEMID_TIM:
2277 elements->tim.count = bp[2];
2278 elements->tim.period = bp[3];
2279 elements->tim.bitctl = bp[4];
2280 RAY_DPRINTF(sc, RAY_DBG_MGT,
2281 "tim count\t0x%02x", elements->tim.count);
2282 RAY_DPRINTF(sc, RAY_DBG_MGT,
2283 "tim period\t0x%02x", elements->tim.period);
2284 RAY_DPRINTF(sc, RAY_DBG_MGT,
2285 "tim bitctl\t0x%02x", elements->tim.bitctl);
2286 #if RAY_DEBUG & RAY_DBG_MGT
2289 for (i = 5; i < len + 1; i++)
2290 RAY_DPRINTF(sc, RAY_DBG_MGT,
2291 "tim pvt[%03d]\t0x%02x", i-5, bp[i]);
2296 case IEEE80211_ELEMID_IBSSPARMS:
2297 elements->ibss.atim = bp[2] + (bp[3] << 8);
2298 RAY_DPRINTF(sc, RAY_DBG_MGT,
2299 "ibssparams atim\t0x%02x", elements->ibss.atim);
2302 case IEEE80211_ELEMID_CHALLENGE:
2303 RAY_DPRINTF(sc, RAY_DBG_MGT, "challenge");
2307 RAY_RECERR(sc, "reserved MGT element id 0x%x", *bp);
2308 ifp->if_ierrors++;break;
2315 * Deal with AUTH management packet types
2318 ray_rx_mgt_auth(struct ray_softc *sc, struct mbuf *m0)
2320 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2321 ieee80211_mgt_auth_t auth = (u_int8_t *)(header+1);
2323 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_AUTH, "");
2325 switch (IEEE80211_AUTH_ALGORITHM(auth)) {
2327 case IEEE80211_AUTH_ALG_OPEN:
2328 RAY_DPRINTF(sc, RAY_DBG_AUTH,
2329 "open system authentication sequence number %d",
2330 IEEE80211_AUTH_TRANSACTION(auth));
2331 if (IEEE80211_AUTH_TRANSACTION(auth) ==
2332 IEEE80211_AUTH_OPEN_REQUEST) {
2334 /* XXX_AUTH use ray_init_auth_send */
2336 } else if (IEEE80211_AUTH_TRANSACTION(auth) ==
2337 IEEE80211_AUTH_OPEN_RESPONSE)
2338 ray_init_auth_done(sc, IEEE80211_AUTH_STATUS(auth));
2341 case IEEE80211_AUTH_ALG_SHARED:
2343 "shared key authentication sequence number %d",
2344 IEEE80211_AUTH_TRANSACTION(auth));
2349 "reserved authentication subtype 0x%04hx",
2350 IEEE80211_AUTH_ALGORITHM(auth));
2356 * Deal with CTL packet types
2359 ray_rx_ctl(struct ray_softc *sc, struct mbuf *m0)
2361 struct ifnet *ifp = &sc->arpcom.ac_if;
2362 struct ieee80211_frame *header = mtod(m0, struct ieee80211_frame *);
2364 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CTL, "");
2366 if ((header->i_fc[1] & IEEE80211_FC1_DIR_MASK) !=
2367 IEEE80211_FC1_DIR_NODS) {
2368 RAY_RECERR(sc, "CTL TODS/FROMDS wrong fc1 0x%x",
2369 header->i_fc[1] & IEEE80211_FC1_DIR_MASK);
2376 * Check the the ctl packet subtype, some packets should be
2377 * dropped depending on the mode the station is in. The ECF
2378 * should deal with everything but the power save poll to an
2379 * AP. See pg 52(60) of docs.
2381 RAY_MBUF_DUMP(sc, RAY_DBG_CTL, m0, "CTL packet");
2382 switch (header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) {
2384 case IEEE80211_FC0_SUBTYPE_PS_POLL:
2385 RAY_DPRINTF(sc, RAY_DBG_CTL, "PS_POLL CTL packet");
2386 if ((sc->sc_d.np_net_type == RAY_MIB_NET_TYPE_INFRA) &&
2387 (sc->sc_c.np_ap_status == RAY_MIB_AP_STATUS_AP))
2388 RAY_RECERR(sc, "can't be an AP yet"); /* XXX_ACTING_AP */
2391 case IEEE80211_FC0_SUBTYPE_RTS:
2392 case IEEE80211_FC0_SUBTYPE_CTS:
2393 case IEEE80211_FC0_SUBTYPE_ACK:
2394 case IEEE80211_FC0_SUBTYPE_CF_END:
2395 case IEEE80211_FC0_SUBTYPE_CF_END_ACK:
2396 RAY_RECERR(sc, "unexpected CTL packet subtype 0x%0x",
2397 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2402 RAY_RECERR(sc, "reserved CTL packet subtype 0x%x",
2403 header->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK);
2411 * Update rx level and antenna cache
2414 ray_rx_update_cache(struct ray_softc *sc, u_int8_t *src, u_int8_t siglev, u_int8_t antenna)
2416 struct timeval mint;
2417 struct ray_siglev *sl;
2420 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2422 /* Try to find host */
2423 for (i = 0; i < RAY_NSIGLEVRECS; i++) {
2424 sl = &sc->sc_siglevs[i];
2425 if (bcmp(sl->rsl_host, src, ETHER_ADDR_LEN) == 0)
2428 /* Not found, find oldest slot */
2430 mint.tv_sec = LONG_MAX;
2432 for (i = 0; i < RAY_NSIGLEVRECS; i++) {
2433 sl = &sc->sc_siglevs[i];
2434 if (timevalcmp(&sl->rsl_time, &mint, <)) {
2436 mint = sl->rsl_time;
2439 sl = &sc->sc_siglevs[mini];
2440 bzero(sl->rsl_siglevs, RAY_NSIGLEV);
2441 bzero(sl->rsl_antennas, RAY_NANTENNA);
2442 bcopy(src, sl->rsl_host, ETHER_ADDR_LEN);
2445 microtime(&sl->rsl_time);
2446 bcopy(sl->rsl_siglevs, &sl->rsl_siglevs[1], RAY_NSIGLEV-1);
2447 sl->rsl_siglevs[0] = siglev;
2448 if (sc->sc_version != RAY_ECFS_BUILD_4) {
2449 bcopy(sl->rsl_antennas, &sl->rsl_antennas[1], RAY_NANTENNA-1);
2450 sl->rsl_antennas[0] = antenna;
2455 * Interrupt handling
2459 * Process an interrupt
2464 struct ray_softc *sc = (struct ray_softc *)xsc;
2465 struct ifnet *ifp = &sc->arpcom.ac_if;
2467 u_int8_t cmd, status;
2470 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2473 if ((sc == NULL) || (sc->sc_gone))
2477 * Check that the interrupt was for us, if so get the rcs/ccs
2478 * and vector on the command contained within it.
2480 if (RAY_HCS_INTR(sc)) {
2481 ccsi = SRAM_READ_1(sc, RAY_SCB_RCSI);
2482 ccs = RAY_CCS_ADDRESS(ccsi);
2483 cmd = SRAM_READ_FIELD_1(sc, ccs, ray_cmd, c_cmd);
2484 status = SRAM_READ_FIELD_1(sc, ccs, ray_cmd, c_status);
2485 if (ccsi <= RAY_CCS_LAST)
2486 ray_intr_ccs(sc, cmd, status, ccs);
2487 else if (ccsi <= RAY_RCS_LAST)
2488 ray_intr_rcs(sc, cmd, ccs);
2490 RAY_RECERR(sc, "bad ccs index 0x%x", ccsi);
2491 RAY_HCS_CLEAR_INTR(sc);
2494 /* Send any packets lying around and update error counters */
2495 if (!(ifp->if_flags & IFF_OACTIVE) && (ifp->if_snd.ifq_head != NULL))
2497 if ((++sc->sc_checkcounters % 32) == 0)
2498 ray_intr_updt_errcntrs(sc);
2502 * Read the error counters.
2505 ray_intr_updt_errcntrs(struct ray_softc *sc)
2509 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2513 * The card implements the following protocol to keep the
2514 * values from being changed while read: It checks the `own'
2515 * bit and if zero writes the current internal counter value,
2516 * it then sets the `own' bit to 1. If the `own' bit was 1 it
2517 * incremenets its internal counter. The user thus reads the
2518 * counter if the `own' bit is one and then sets the own bit
2521 csc = RAY_STATUS_BASE;
2522 if (SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_mrxo_own)) {
2523 sc->sc_rxoverflow +=
2524 SRAM_READ_FIELD_2(sc, csc, ray_csc, csc_mrx_overflow);
2525 SRAM_WRITE_FIELD_1(sc, csc, ray_csc, csc_mrxo_own, 0);
2527 if (SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_mrxc_own)) {
2529 SRAM_READ_FIELD_2(sc, csc, ray_csc, csc_mrx_overflow);
2530 SRAM_WRITE_FIELD_1(sc, csc, ray_csc, csc_mrxc_own, 0);
2532 if (SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_rxhc_own)) {
2534 SRAM_READ_FIELD_2(sc, csc, ray_csc, csc_rx_hcksum);
2535 SRAM_WRITE_FIELD_1(sc, csc, ray_csc, csc_rxhc_own, 0);
2537 sc->sc_rxnoise = SRAM_READ_FIELD_1(sc, csc, ray_csc, csc_rx_noise);
2541 * Process CCS command completion
2544 ray_intr_ccs(struct ray_softc *sc, u_int8_t cmd, u_int8_t status, size_t ccs)
2546 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2550 case RAY_CMD_DOWNLOAD_PARAMS:
2551 RAY_DPRINTF(sc, RAY_DBG_COM, "START_PARAMS");
2552 ray_init_download_done(sc, status, ccs);
2555 case RAY_CMD_UPDATE_PARAMS:
2556 RAY_DPRINTF(sc, RAY_DBG_COM, "UPDATE_PARAMS");
2557 ray_upparams_done(sc, status, ccs);
2560 case RAY_CMD_REPORT_PARAMS:
2561 RAY_DPRINTF(sc, RAY_DBG_COM, "REPORT_PARAMS");
2562 ray_repparams_done(sc, status, ccs);
2565 case RAY_CMD_UPDATE_MCAST:
2566 RAY_DPRINTF(sc, RAY_DBG_COM, "UPDATE_MCAST");
2567 ray_mcast_done(sc, status, ccs);
2570 case RAY_CMD_START_NET:
2571 case RAY_CMD_JOIN_NET:
2572 RAY_DPRINTF(sc, RAY_DBG_COM, "START|JOIN_NET");
2573 ray_init_sj_done(sc, status, ccs);
2576 case RAY_CMD_TX_REQ:
2577 RAY_DPRINTF(sc, RAY_DBG_COM, "TX_REQ");
2578 ray_tx_done(sc, status, ccs);
2581 case RAY_CMD_START_ASSOC:
2582 RAY_DPRINTF(sc, RAY_DBG_COM, "START_ASSOC");
2583 ray_init_assoc_done(sc, status, ccs);
2586 case RAY_CMD_UPDATE_APM:
2587 RAY_RECERR(sc, "unexpected UPDATE_APM");
2590 case RAY_CMD_TEST_MEM:
2591 RAY_RECERR(sc, "unexpected TEST_MEM");
2594 case RAY_CMD_SHUTDOWN:
2595 RAY_RECERR(sc, "unexpected SHUTDOWN");
2598 case RAY_CMD_DUMP_MEM:
2599 RAY_RECERR(sc, "unexpected DUMP_MEM");
2602 case RAY_CMD_START_TIMER:
2603 RAY_RECERR(sc, "unexpected START_TIMER");
2607 RAY_RECERR(sc, "unknown command 0x%x", cmd);
2613 * Process ECF command request
2616 ray_intr_rcs(struct ray_softc *sc, u_int8_t cmd, size_t rcs)
2618 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2622 case RAY_ECMD_RX_DONE:
2623 RAY_DPRINTF(sc, RAY_DBG_RX, "RX_DONE");
2627 case RAY_ECMD_REJOIN_DONE:
2628 RAY_DPRINTF(sc, RAY_DBG_RX, "REJOIN_DONE");
2629 sc->sc_c.np_havenet = 1; /* XXX Should not be here but in function */
2632 case RAY_ECMD_ROAM_START:
2633 RAY_DPRINTF(sc, RAY_DBG_RX, "ROAM_START");
2634 sc->sc_c.np_havenet = 0; /* XXX Should not be here but in function */
2637 case RAY_ECMD_JAPAN_CALL_SIGNAL:
2638 RAY_RECERR(sc, "unexpected JAPAN_CALL_SIGNAL");
2642 RAY_RECERR(sc, "unknown command 0x%x", cmd);
2646 RAY_CCS_FREE(sc, rcs);
2650 * User land entry to multicast list changes
2653 ray_mcast_user(struct ray_softc *sc)
2655 struct ray_comq_entry *com[2];
2658 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2661 * Do all checking in the runq to preserve ordering.
2663 * We run promisc to pick up changes to the ALL_MULTI
2667 com[ncom++] = RAY_COM_MALLOC(ray_mcast, 0);
2668 com[ncom++] = RAY_COM_MALLOC(ray_promisc, 0);
2670 RAY_COM_RUNQ(sc, com, ncom, "raymcast", error);
2672 /* XXX no real error processing from anything yet! */
2674 RAY_COM_FREE(com, ncom);
2680 * Runq entry to setting the multicast filter list
2682 * MUST always be followed by a call to ray_promisc to pick up changes
2686 ray_mcast(struct ray_softc *sc, struct ray_comq_entry *com)
2688 struct ifnet *ifp = &sc->arpcom.ac_if;
2689 struct ifmultiaddr *ifma;
2693 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2697 * If card is not running we don't need to update this.
2699 if (!(ifp->if_flags & IFF_RUNNING)) {
2700 RAY_DPRINTF(sc, RAY_DBG_IOCTL, "not running");
2701 ray_com_runq_done(sc);
2706 * The multicast list is only 16 items long so use promiscuous
2707 * mode and don't bother updating the multicast list.
2709 for (ifma = ifp->if_multiaddrs.lh_first; ifma != NULL;
2710 ifma = ifma->ifma_link.le_next)
2713 ray_com_runq_done(sc);
2715 } else if (count > 16) {
2716 ifp->if_flags |= IFF_ALLMULTI;
2717 ray_com_runq_done(sc);
2719 } else if (ifp->if_flags & IFF_ALLMULTI)
2720 ifp->if_flags &= ~IFF_ALLMULTI;
2725 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_MCAST);
2726 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
2727 ray_cmd_update_mcast, c_nmcast, count);
2728 bufp = RAY_HOST_TO_ECF_BASE;
2729 for (ifma = ifp->if_multiaddrs.lh_first; ifma != NULL;
2730 ifma = ifma->ifma_link.le_next) {
2734 LLADDR((struct sockaddr_dl *)ifma->ifma_addr),
2737 bufp += ETHER_ADDR_LEN;
2740 ray_com_ecf(sc, com);
2744 * Complete the multicast filter list update
2747 ray_mcast_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
2749 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_STARTJOIN, "");
2750 RAY_COM_CHECK(sc, ccs);
2752 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
2754 ray_com_ecf_done(sc);
2758 * Runq entry to set/reset promiscuous mode
2761 ray_promisc(struct ray_softc *sc, struct ray_comq_entry *com)
2763 struct ifnet *ifp = &sc->arpcom.ac_if;
2765 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2769 * If card not running or we already have the right flags
2770 * we don't need to update this
2772 sc->sc_d.np_promisc = !!(ifp->if_flags & (IFF_PROMISC | IFF_ALLMULTI));
2773 if (!(ifp->if_flags & IFF_RUNNING) ||
2774 (sc->sc_c.np_promisc == sc->sc_d.np_promisc)) {
2775 ray_com_runq_done(sc);
2782 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_PARAMS);
2783 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
2784 ray_cmd_update, c_paramid, RAY_MIB_PROMISC);
2785 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_update, c_nparam, 1);
2786 SRAM_WRITE_1(sc, RAY_HOST_TO_ECF_BASE, sc->sc_d.np_promisc);
2788 ray_com_ecf(sc, com);
2792 * User land entry to parameter reporting
2794 * As we by pass the runq to report current parameters this function
2795 * only provides a snap shot of the driver's state.
2798 ray_repparams_user(struct ray_softc *sc, struct ray_param_req *pr)
2800 struct ray_comq_entry *com[1];
2803 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2806 * Test for illegal values or immediate responses
2808 if (pr->r_paramid > RAY_MIB_MAX)
2810 if ((sc->sc_version == RAY_ECFS_BUILD_4) &&
2811 !(mib_info[pr->r_paramid][0] & RAY_V4))
2813 if ((sc->sc_version == RAY_ECFS_BUILD_5) &&
2814 !(mib_info[pr->r_paramid][0] & RAY_V5))
2816 if (pr->r_paramid > RAY_MIB_LASTUSER) {
2817 switch (pr->r_paramid) {
2819 case RAY_MIB_VERSION:
2820 if (sc->sc_version == RAY_ECFS_BUILD_4)
2821 *pr->r_data = RAY_V4;
2823 *pr->r_data = RAY_V5;
2825 case RAY_MIB_CUR_BSSID:
2826 bcopy(sc->sc_c.np_bss_id, pr->r_data, ETHER_ADDR_LEN);
2828 case RAY_MIB_CUR_INITED:
2829 *pr->r_data = sc->sc_c.np_inited;
2831 case RAY_MIB_CUR_DEF_TXRATE:
2832 *pr->r_data = sc->sc_c.np_def_txrate;
2834 case RAY_MIB_CUR_ENCRYPT:
2835 *pr->r_data = sc->sc_c.np_encrypt;
2837 case RAY_MIB_CUR_NET_TYPE:
2838 *pr->r_data = sc->sc_c.np_net_type;
2840 case RAY_MIB_CUR_SSID:
2841 bcopy(sc->sc_c.np_ssid, pr->r_data, IEEE80211_NWID_LEN);
2843 case RAY_MIB_CUR_PRIV_START:
2844 *pr->r_data = sc->sc_c.np_priv_start;
2846 case RAY_MIB_CUR_PRIV_JOIN:
2847 *pr->r_data = sc->sc_c.np_priv_join;
2849 case RAY_MIB_DES_BSSID:
2850 bcopy(sc->sc_d.np_bss_id, pr->r_data, ETHER_ADDR_LEN);
2852 case RAY_MIB_DES_INITED:
2853 *pr->r_data = sc->sc_d.np_inited;
2855 case RAY_MIB_DES_DEF_TXRATE:
2856 *pr->r_data = sc->sc_d.np_def_txrate;
2858 case RAY_MIB_DES_ENCRYPT:
2859 *pr->r_data = sc->sc_d.np_encrypt;
2861 case RAY_MIB_DES_NET_TYPE:
2862 *pr->r_data = sc->sc_d.np_net_type;
2864 case RAY_MIB_DES_SSID:
2865 bcopy(sc->sc_d.np_ssid, pr->r_data, IEEE80211_NWID_LEN);
2867 case RAY_MIB_DES_PRIV_START:
2868 *pr->r_data = sc->sc_d.np_priv_start;
2870 case RAY_MIB_DES_PRIV_JOIN:
2871 *pr->r_data = sc->sc_d.np_priv_join;
2873 case RAY_MIB_CUR_AP_STATUS:
2874 *pr->r_data = sc->sc_c.np_ap_status;
2876 case RAY_MIB_CUR_PROMISC:
2877 *pr->r_data = sc->sc_c.np_promisc;
2879 case RAY_MIB_DES_AP_STATUS:
2880 *pr->r_data = sc->sc_d.np_ap_status;
2882 case RAY_MIB_DES_PROMISC:
2883 *pr->r_data = sc->sc_d.np_promisc;
2885 case RAY_MIB_CUR_FRAMING:
2886 *pr->r_data = sc->sc_c.np_framing;
2888 case RAY_MIB_DES_FRAMING:
2889 *pr->r_data = sc->sc_d.np_framing;
2896 pr->r_failcause = 0;
2897 if (sc->sc_version == RAY_ECFS_BUILD_4)
2898 pr->r_len = mib_info[pr->r_paramid][RAY_MIB_INFO_SIZ4];
2899 else if (sc->sc_version == RAY_ECFS_BUILD_5)
2900 pr->r_len = mib_info[pr->r_paramid][RAY_MIB_INFO_SIZ5];
2904 pr->r_failcause = 0;
2906 com[ncom++] = RAY_COM_MALLOC(ray_repparams, RAY_COM_FWOK);
2907 com[ncom-1]->c_pr = pr;
2909 RAY_COM_RUNQ(sc, com, ncom, "rayrparm", error);
2911 /* XXX no real error processing from anything yet! */
2912 if (!com[0]->c_retval && pr->r_failcause)
2915 RAY_COM_FREE(com, ncom);
2921 * Runq entry to read the required parameter
2923 * The card and driver are happy for parameters to be read
2924 * whenever the card is plugged in
2927 ray_repparams(struct ray_softc *sc, struct ray_comq_entry *com)
2929 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2935 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_REPORT_PARAMS);
2936 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
2937 ray_cmd_report, c_paramid, com->c_pr->r_paramid);
2938 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_report, c_nparam, 1);
2940 ray_com_ecf(sc, com);
2944 * Complete the parameter reporting
2947 ray_repparams_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
2949 struct ray_comq_entry *com;
2951 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2953 RAY_COM_CHECK(sc, ccs);
2955 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
2957 com = TAILQ_FIRST(&sc->sc_comq);
2958 com->c_pr->r_failcause =
2959 SRAM_READ_FIELD_1(sc, ccs, ray_cmd_report, c_failcause);
2961 SRAM_READ_FIELD_1(sc, ccs, ray_cmd_report, c_len);
2962 SRAM_READ_REGION(sc, RAY_ECF_TO_HOST_BASE,
2963 com->c_pr->r_data, com->c_pr->r_len);
2965 ray_com_ecf_done(sc);
2969 * User land entry (and exit) to the error counters
2972 ray_repstats_user(struct ray_softc *sc, struct ray_stats_req *sr)
2974 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
2976 sr->rxoverflow = sc->sc_rxoverflow;
2977 sr->rxcksum = sc->sc_rxcksum;
2978 sr->rxhcksum = sc->sc_rxhcksum;
2979 sr->rxnoise = sc->sc_rxnoise;
2985 * User land entry to parameter update changes
2987 * As a parameter change can cause the network parameters to be
2988 * invalid we have to re-start/join.
2991 ray_upparams_user(struct ray_softc *sc, struct ray_param_req *pr)
2993 struct ray_comq_entry *com[4];
2994 int error, ncom, todo;
2995 #define RAY_UPP_SJ 0x1
2996 #define RAY_UPP_PARAMS 0x2
2998 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3001 * Check that the parameter is available based on firmware version
3003 pr->r_failcause = 0;
3004 if (pr->r_paramid > RAY_MIB_LASTUSER)
3006 if ((sc->sc_version == RAY_ECFS_BUILD_4) &&
3007 !(mib_info[pr->r_paramid][0] & RAY_V4))
3009 if ((sc->sc_version == RAY_ECFS_BUILD_5) &&
3010 !(mib_info[pr->r_paramid][0] & RAY_V5))
3014 * Handle certain parameters specially
3017 switch (pr->r_paramid) {
3018 case RAY_MIB_NET_TYPE: /* Updated via START_NET JOIN_NET */
3019 sc->sc_d.np_net_type = *pr->r_data;
3023 case RAY_MIB_SSID: /* Updated via START_NET JOIN_NET */
3024 bcopy(pr->r_data, sc->sc_d.np_ssid, IEEE80211_NWID_LEN);
3028 case RAY_MIB_PRIVACY_MUST_START:/* Updated via START_NET */
3029 if (sc->sc_c.np_net_type != RAY_MIB_NET_TYPE_ADHOC)
3031 sc->sc_d.np_priv_start = *pr->r_data;
3035 case RAY_MIB_PRIVACY_CAN_JOIN: /* Updated via START_NET JOIN_NET */
3036 sc->sc_d.np_priv_join = *pr->r_data;
3040 case RAY_MIB_BASIC_RATE_SET:
3041 sc->sc_d.np_def_txrate = *pr->r_data;
3042 todo |= RAY_UPP_PARAMS;
3045 case RAY_MIB_AP_STATUS: /* Unsupported */
3046 case RAY_MIB_MAC_ADDR: /* XXX Need interface up but could be done */
3047 case RAY_MIB_PROMISC: /* BPF */
3052 todo |= RAY_UPP_PARAMS;
3058 * Generate the runq entries as needed
3061 if (todo & RAY_UPP_PARAMS) {
3062 com[ncom++] = RAY_COM_MALLOC(ray_upparams, 0);
3063 com[ncom-1]->c_pr = pr;
3065 if (todo & RAY_UPP_SJ) {
3066 com[ncom++] = RAY_COM_MALLOC(ray_init_sj, 0);
3067 com[ncom++] = RAY_COM_MALLOC(ray_init_auth, 0);
3068 com[ncom++] = RAY_COM_MALLOC(ray_init_assoc, 0);
3071 RAY_COM_RUNQ(sc, com, ncom, "rayuparam", error);
3073 /* XXX no real error processing from anything yet! */
3074 if (!com[0]->c_retval && pr->r_failcause)
3077 RAY_COM_FREE(com, ncom);
3083 * Runq entry to update a parameter
3085 * The card and driver are happy for parameters to be updated
3086 * whenever the card is plugged in
3088 * XXX the above is a little bit of a lie until _download is sorted out and we
3089 * XXX keep local copies of things
3092 ray_upparams(struct ray_softc *sc, struct ray_comq_entry *com)
3094 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3097 ray_ccs_fill(sc, com->c_ccs, RAY_CMD_UPDATE_PARAMS);
3099 SRAM_WRITE_FIELD_1(sc, com->c_ccs,
3100 ray_cmd_update, c_paramid, com->c_pr->r_paramid);
3101 SRAM_WRITE_FIELD_1(sc, com->c_ccs, ray_cmd_update, c_nparam, 1);
3102 SRAM_WRITE_REGION(sc, RAY_HOST_TO_ECF_BASE,
3103 com->c_pr->r_data, com->c_pr->r_len);
3105 ray_com_ecf(sc, com);
3109 * Complete the parameter update, note that promisc finishes up here too
3112 ray_upparams_done(struct ray_softc *sc, u_int8_t status, size_t ccs)
3114 struct ray_comq_entry *com;
3116 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3118 RAY_COM_CHECK(sc, ccs);
3120 RAY_CCSERR(sc, status, if_oerrors); /* XXX error counter */
3122 com = TAILQ_FIRST(&sc->sc_comq);
3124 switch (SRAM_READ_FIELD_1(sc, ccs, ray_cmd_update, c_paramid)) {
3126 case RAY_MIB_PROMISC:
3127 sc->sc_c.np_promisc = SRAM_READ_1(sc, RAY_HOST_TO_ECF_BASE);
3128 RAY_DPRINTF(sc, RAY_DBG_IOCTL,
3129 "promisc value %d", sc->sc_c.np_promisc);
3133 com->c_pr->r_failcause =
3134 SRAM_READ_FIELD_1(sc, ccs, ray_cmd_update, c_failcause);
3139 ray_com_ecf_done(sc);
3143 * Command queuing and execution
3147 * Set up a comq entry struct
3149 static struct ray_comq_entry *
3150 ray_com_init(struct ray_comq_entry *com, ray_comqfn_t function, int flags, char *mesg)
3152 com->c_function = function;
3153 com->c_flags = flags;
3156 com->c_wakeup = NULL;
3164 * Malloc and set up a comq entry struct
3166 static struct ray_comq_entry *
3167 ray_com_malloc(ray_comqfn_t function, int flags, char *mesg)
3169 struct ray_comq_entry *com;
3171 MALLOC(com, struct ray_comq_entry *,
3172 sizeof(struct ray_comq_entry), M_RAYCOM, M_WAITOK);
3174 return (ray_com_init(com, function, flags, mesg));
3178 * Add an array of commands to the runq, get some ccs's for them and
3179 * then run, waiting on the last command.
3181 * We add the commands to the queue first to preserve ioctl ordering.
3183 * On recoverable errors, this routine removes the entries from the
3184 * runq. A caller can requeue the commands (and still preserve its own
3185 * processes ioctl ordering) but doesn't have to. When the card is
3186 * detached we get out quickly to prevent panics and don't bother
3190 ray_com_runq_add(struct ray_softc *sc, struct ray_comq_entry *com[], int ncom, char *wmesg)
3194 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3198 * Add the commands to the runq but don't let it run until
3199 * the ccs's are allocated successfully
3201 com[0]->c_flags |= RAY_COM_FWAIT;
3202 for (i = 0; i < ncom; i++) {
3203 com[i]->c_wakeup = com[ncom-1];
3204 RAY_DPRINTF(sc, RAY_DBG_COM, "adding %p", com[i]);
3205 RAY_DCOM(sc, RAY_DBG_DCOM, com[i], "adding");
3206 TAILQ_INSERT_TAIL(&sc->sc_comq, com[i], c_chain);
3208 com[ncom-1]->c_flags |= RAY_COM_FWOK;
3211 * Allocate ccs's for each command.
3213 for (i = 0; i < ncom; i++) {
3214 error = ray_ccs_alloc(sc, &com[i]->c_ccs, wmesg);
3222 * Allow the queue to run and sleep if needed.
3224 * Iff the FDETACHED flag is set in the com entry we waited on
3225 * the driver is in a zombie state! The softc structure has been
3226 * freed by the generic bus detach methods - eek. We tread very
3229 com[0]->c_flags &= ~RAY_COM_FWAIT;
3231 if (TAILQ_FIRST(&sc->sc_comq) != NULL) {
3232 RAY_DPRINTF(sc, RAY_DBG_COM, "sleeping");
3233 error = tsleep(com[ncom-1], PCATCH, wmesg, 0);
3234 if (com[ncom-1]->c_flags & RAY_COM_FDETACHED)
3236 RAY_DPRINTF(sc, RAY_DBG_COM,
3237 "awakened, tsleep returned 0x%x", error);
3243 * Only clean the queue on real errors - we don't care about it
3244 * when we detach as the queue entries are freed by the callers.
3246 if (error && (error != ENXIO))
3247 for (i = 0; i < ncom; i++)
3248 if (!(com[i]->c_flags & RAY_COM_FCOMPLETED)) {
3249 RAY_DPRINTF(sc, RAY_DBG_COM, "removing %p",
3251 RAY_DCOM(sc, RAY_DBG_DCOM, com[i], "removing");
3252 TAILQ_REMOVE(&sc->sc_comq, com[i], c_chain);
3253 ray_ccs_free(sc, com[i]->c_ccs);
3254 com[i]->c_ccs = NULL;
3261 * Run the command at the head of the queue (if not already running)
3264 ray_com_runq(struct ray_softc *sc)
3266 struct ray_comq_entry *com;
3268 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3270 com = TAILQ_FIRST(&sc->sc_comq);
3271 if ((com == NULL) ||
3272 (com->c_flags & RAY_COM_FRUNNING) ||
3273 (com->c_flags & RAY_COM_FWAIT) ||
3274 (com->c_flags & RAY_COM_FDETACHED))
3277 com->c_flags |= RAY_COM_FRUNNING;
3278 RAY_DPRINTF(sc, RAY_DBG_COM, "running %p", com);
3279 RAY_DCOM(sc, RAY_DBG_DCOM, com, "running");
3280 com->c_function(sc, com);
3284 * Remove run command, free ccs and wakeup caller.
3286 * Minimal checks are done here as we ensure that the com and command
3287 * handler were matched up earlier. Must be called at splnet or higher
3288 * so that entries on the command queue are correctly removed.
3290 * Remove the com from the comq, and wakeup the caller if it requested
3291 * to be woken. This is used for ensuring a sequence of commands
3292 * completes. Finally, re-run the queue.
3295 ray_com_runq_done(struct ray_softc *sc)
3297 struct ray_comq_entry *com;
3299 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3301 com = TAILQ_FIRST(&sc->sc_comq); /* XXX shall we check this as below */
3302 RAY_DPRINTF(sc, RAY_DBG_COM, "removing %p", com);
3303 RAY_DCOM(sc, RAY_DBG_DCOM, com, "removing");
3304 TAILQ_REMOVE(&sc->sc_comq, com, c_chain);
3306 com->c_flags &= ~RAY_COM_FRUNNING;
3307 com->c_flags |= RAY_COM_FCOMPLETED;
3309 ray_ccs_free(sc, com->c_ccs);
3312 if (com->c_flags & RAY_COM_FWOK)
3313 wakeup(com->c_wakeup);
3317 /* XXX what about error on completion then? deal with when i fix
3318 * XXX the status checking
3320 * XXX all the runq_done calls from IFF_RUNNING checks in runq
3321 * XXX routines should return EIO but shouldn't abort the runq
3326 * Send a command to the ECF.
3329 ray_com_ecf(struct ray_softc *sc, struct ray_comq_entry *com)
3333 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3336 while (!RAY_ECF_READY(sc)) {
3337 DELAY(RAY_ECF_SPIN_DELAY);
3338 if (++i > RAY_ECF_SPIN_TRIES)
3339 RAY_PANIC(sc, "spun too long");
3342 RAY_RECERR(sc, "spun %d times", i);
3344 RAY_DPRINTF(sc, RAY_DBG_COM, "sending %p", com);
3345 RAY_DCOM(sc, RAY_DBG_DCOM, com, "sending");
3346 SRAM_WRITE_1(sc, RAY_SCB_CCSI, RAY_CCS_INDEX(com->c_ccs));
3347 RAY_ECF_START_CMD(sc);
3349 if (RAY_COM_NEEDS_TIMO(
3350 SRAM_READ_FIELD_1(sc, com->c_ccs, ray_cmd, c_cmd))) {
3351 RAY_DPRINTF(sc, RAY_DBG_COM, "adding timeout");
3352 sc->com_timerh = timeout(ray_com_ecf_timo, sc, RAY_COM_TIMEOUT);
3357 * Deal with commands that require a timeout to test completion.
3359 * This routine is coded to only expect one outstanding request for the
3360 * timed out requests at a time, but thats all that can be outstanding
3361 * per hardware limitations and all that we issue anyway.
3363 * We don't do any fancy testing of the command currently issued as we
3364 * know it must be a timeout based one...unless I've got this wrong!
3367 ray_com_ecf_timo(void *xsc)
3369 struct ray_softc *sc = (struct ray_softc *)xsc;
3370 struct ray_comq_entry *com;
3371 u_int8_t cmd, status;
3376 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3379 com = TAILQ_FIRST(&sc->sc_comq);
3381 cmd = SRAM_READ_FIELD_1(sc, com->c_ccs, ray_cmd, c_cmd);
3382 status = SRAM_READ_FIELD_1(sc, com->c_ccs, ray_cmd, c_status);
3385 case RAY_CCS_STATUS_COMPLETE:
3386 case RAY_CCS_STATUS_FREE: /* Buggy firmware */
3387 ray_intr_ccs(sc, cmd, status, com->c_ccs);
3390 case RAY_CCS_STATUS_BUSY:
3391 sc->com_timerh = timeout(ray_com_ecf_timo, sc, RAY_COM_TIMEOUT);
3394 default: /* Replicates NetBSD */
3395 if (sc->sc_ccsinuse[RAY_CCS_INDEX(com->c_ccs)] == 1) {
3396 /* give a chance for the interrupt to occur */
3397 sc->sc_ccsinuse[RAY_CCS_INDEX(com->c_ccs)] = 2;
3398 sc->com_timerh = timeout(ray_com_ecf_timo, sc,
3401 ray_intr_ccs(sc, cmd, status, com->c_ccs);
3410 * Called when interrupt handler for the command has done all it
3411 * needs to. Will be called at splnet.
3414 ray_com_ecf_done(struct ray_softc *sc)
3416 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "");
3418 untimeout(ray_com_ecf_timo, sc, sc->com_timerh);
3420 ray_com_runq_done(sc);
3423 #if RAY_DEBUG & RAY_DBG_COM
3425 * Process completed ECF commands that probably came from the command queue
3427 * This routine is called after vectoring the completed ECF command
3428 * to the appropriate _done routine. It helps check everything is okay.
3431 ray_com_ecf_check(struct ray_softc *sc, size_t ccs, char *mesg)
3433 struct ray_comq_entry *com;
3435 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_COM, "%s", mesg);
3437 com = TAILQ_FIRST(&sc->sc_comq);
3440 RAY_PANIC(sc, "no command queue");
3441 if (com->c_ccs != ccs)
3442 RAY_PANIC(sc, "ccs's don't match");
3444 #endif /* RAY_DEBUG & RAY_DBG_COM */
3451 * Obtain a ccs for a commmand
3453 * Returns 0 and in `ccsp' the bus offset of the free ccs. Will block
3454 * awaiting free ccs if needed - if the sleep is interrupted
3455 * EINTR/ERESTART is returned, if the card is ejected we return ENXIO.
3458 ray_ccs_alloc(struct ray_softc *sc, size_t *ccsp, char *wmesg)
3464 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3468 for (i = RAY_CCS_CMD_FIRST; i <= RAY_CCS_CMD_LAST; i++) {
3469 /* we probe here to make the card go */
3470 (void)SRAM_READ_FIELD_1(sc, RAY_CCS_ADDRESS(i), ray_cmd,
3472 if (!sc->sc_ccsinuse[i])
3475 if (i > RAY_CCS_CMD_LAST) {
3476 RAY_DPRINTF(sc, RAY_DBG_CCS, "sleeping");
3477 error = tsleep(ray_ccs_alloc, PCATCH, wmesg, 0);
3478 if ((sc == NULL) || (sc->sc_gone))
3480 RAY_DPRINTF(sc, RAY_DBG_CCS,
3481 "awakened, tsleep returned 0x%x", error);
3487 RAY_DPRINTF(sc, RAY_DBG_CCS, "allocated 0x%02x", i);
3488 sc->sc_ccsinuse[i] = 1;
3489 ccs = RAY_CCS_ADDRESS(i);
3496 * Fill the easy bits in of a pre-allocated CCS
3499 ray_ccs_fill(struct ray_softc *sc, size_t ccs, u_int cmd)
3501 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3505 RAY_PANIC(sc, "ccs not allocated");
3507 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd, c_status, RAY_CCS_STATUS_BUSY);
3508 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd, c_cmd, cmd);
3509 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd, c_link, RAY_CCS_LINK_NULL);
3513 * Free up a ccs allocated via ray_ccs_alloc
3515 * Return the old status. This routine is only used for ccs allocated via
3516 * ray_ccs_alloc (not tx, rx or ECF command requests).
3519 ray_ccs_free(struct ray_softc *sc, size_t ccs)
3521 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3524 #if 1 | (RAY_DEBUG & RAY_DBG_CCS)
3525 if (!sc->sc_ccsinuse[RAY_CCS_INDEX(ccs)])
3526 RAY_RECERR(sc, "freeing free ccs 0x%02x", RAY_CCS_INDEX(ccs));
3527 #endif /* RAY_DEBUG & RAY_DBG_CCS */
3529 RAY_CCS_FREE(sc, ccs);
3530 sc->sc_ccsinuse[RAY_CCS_INDEX(ccs)] = 0;
3531 RAY_DPRINTF(sc, RAY_DBG_CCS, "freed 0x%02x", RAY_CCS_INDEX(ccs));
3532 wakeup(ray_ccs_alloc);
3536 * Obtain a ccs and tx buffer to transmit with and fill them in.
3538 * Returns 0 and in `ccsp' the bus offset of the free ccs. Will not block
3539 * and if none available and will returns EAGAIN.
3541 * The caller must fill in the length later.
3542 * The caller must clear the ccs on errors.
3545 ray_ccs_tx(struct ray_softc *sc, size_t *ccsp, size_t *bufpp)
3551 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CCS, "");
3554 i = RAY_CCS_TX_FIRST;
3556 status = SRAM_READ_FIELD_1(sc, RAY_CCS_ADDRESS(i),
3558 if (status == RAY_CCS_STATUS_FREE)
3561 } while (i <= RAY_CCS_TX_LAST);
3562 if (i > RAY_CCS_TX_LAST) {
3565 RAY_DPRINTF(sc, RAY_DBG_CCS, "allocated 0x%02x", i);
3568 * Reserve and fill the ccs - must do the length later.
3570 * Even though build 4 and build 5 have different fields all these
3571 * are common apart from tx_rate. Neither the NetBSD driver or Linux
3572 * driver bother to overwrite this for build 4 cards.
3574 * The start of the buffer must be aligned to a 256 byte boundary
3575 * (least significant byte of address = 0x00).
3577 ccs = RAY_CCS_ADDRESS(i);
3578 bufp = RAY_TX_BASE + i * RAY_TX_BUF_SIZE;
3579 bufp += sc->sc_tibsize;
3580 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_status, RAY_CCS_STATUS_BUSY);
3581 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_cmd, RAY_CMD_TX_REQ);
3582 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_link, RAY_CCS_LINK_NULL);
3583 SRAM_WRITE_FIELD_2(sc, ccs, ray_cmd_tx, c_bufp, bufp);
3584 SRAM_WRITE_FIELD_1(sc,
3585 ccs, ray_cmd_tx, c_tx_rate, sc->sc_c.np_def_txrate);
3586 SRAM_WRITE_FIELD_1(sc, ccs, ray_cmd_tx, c_apm_mode, 0);
3587 bufp += sizeof(struct ray_tx_phy_header);
3595 * Routines to obtain resources for the card
3599 * Allocate the attribute memory on the card
3601 * The attribute memory space is abused by these devices as IO space. As such
3602 * the OS card services don't have a chance of knowing that they need to keep
3603 * the attribute space mapped. We have to do it manually.
3606 ray_res_alloc_am(struct ray_softc *sc)
3610 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CM, "");
3612 sc->am_rid = RAY_AM_RID;
3613 sc->am_res = bus_alloc_resource(sc->dev, SYS_RES_MEMORY,
3614 &sc->am_rid, 0UL, ~0UL, 0x1000, RF_ACTIVE);
3616 RAY_PRINTF(sc, "Cannot allocate attribute memory");
3619 error = CARD_SET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
3622 RAY_PRINTF(sc, "CARD_SET_MEMORY_OFFSET returned 0x%0x", error);
3625 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3626 SYS_RES_MEMORY, sc->am_rid, PCCARD_A_MEM_ATTR);
3628 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3631 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3632 SYS_RES_MEMORY, sc->am_rid, PCCARD_A_MEM_8BIT);
3634 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3637 sc->am_bsh = rman_get_bushandle(sc->am_res);
3638 sc->am_bst = rman_get_bustag(sc->am_res);
3640 #if RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM)
3644 CARD_GET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3645 SYS_RES_MEMORY, sc->am_rid, &flags);
3646 CARD_GET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
3647 sc->am_rid, &offset);
3648 RAY_PRINTF(sc, "allocated attribute memory:\n"
3649 ". start 0x%0lx count 0x%0lx flags 0x%0lx offset 0x%0x",
3650 bus_get_resource_start(sc->dev, SYS_RES_MEMORY, sc->am_rid),
3651 bus_get_resource_count(sc->dev, SYS_RES_MEMORY, sc->am_rid),
3654 #endif /* RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM) */
3660 * Allocate the common memory on the card
3662 * As this memory is described in the CIS, the OS card services should
3663 * have set the map up okay, but the card uses 8 bit RAM. This is not
3664 * described in the CIS.
3667 ray_res_alloc_cm(struct ray_softc *sc)
3669 u_long start, count, end;
3672 RAY_DPRINTF(sc, RAY_DBG_SUBR | RAY_DBG_CM, "");
3674 RAY_DPRINTF(sc,RAY_DBG_CM | RAY_DBG_BOOTPARAM,
3675 "cm start 0x%0lx count 0x%0lx",
3676 bus_get_resource_start(sc->dev, SYS_RES_MEMORY, RAY_CM_RID),
3677 bus_get_resource_count(sc->dev, SYS_RES_MEMORY, RAY_CM_RID));
3679 sc->cm_rid = RAY_CM_RID;
3680 start = bus_get_resource_start(sc->dev, SYS_RES_MEMORY, sc->cm_rid);
3681 count = bus_get_resource_count(sc->dev, SYS_RES_MEMORY, sc->cm_rid);
3682 end = start + count - 1;
3683 sc->cm_res = bus_alloc_resource(sc->dev, SYS_RES_MEMORY,
3684 &sc->cm_rid, start, end, count, RF_ACTIVE);
3686 RAY_PRINTF(sc, "Cannot allocate common memory");
3689 error = CARD_SET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
3692 RAY_PRINTF(sc, "CARD_SET_MEMORY_OFFSET returned 0x%0x", error);
3695 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3696 SYS_RES_MEMORY, sc->cm_rid, PCCARD_A_MEM_COM);
3698 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3701 error = CARD_SET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3702 SYS_RES_MEMORY, sc->cm_rid, PCCARD_A_MEM_8BIT);
3704 RAY_PRINTF(sc, "CARD_SET_RES_FLAGS returned 0x%0x", error);
3707 sc->cm_bsh = rman_get_bushandle(sc->cm_res);
3708 sc->cm_bst = rman_get_bustag(sc->cm_res);
3710 #if RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM)
3714 CARD_GET_RES_FLAGS(device_get_parent(sc->dev), sc->dev,
3715 SYS_RES_MEMORY, sc->cm_rid, &flags);
3716 CARD_GET_MEMORY_OFFSET(device_get_parent(sc->dev), sc->dev,
3717 sc->cm_rid, &offset);
3718 RAY_PRINTF(sc, "allocated common memory:\n"
3719 ". start 0x%0lx count 0x%0lx flags 0x%0lx offset 0x%0x",
3720 bus_get_resource_start(sc->dev, SYS_RES_MEMORY, sc->cm_rid),
3721 bus_get_resource_count(sc->dev, SYS_RES_MEMORY, sc->cm_rid),
3724 #endif /* RAY_DEBUG & (RAY_DBG_CM | RAY_DBG_BOOTPARAM) */
3730 * Get an irq and attach it to the bus
3733 ray_res_alloc_irq(struct ray_softc *sc)
3737 RAY_DPRINTF(sc, RAY_DBG_SUBR, "");
3739 RAY_DPRINTF(sc,RAY_DBG_CM | RAY_DBG_BOOTPARAM,
3740 "irq start 0x%0lx count 0x%0lx",
3741 bus_get_resource_start(sc->dev, SYS_RES_IRQ, 0),
3742 bus_get_resource_count(sc->dev, SYS_RES_IRQ, 0));
3745 sc->irq_res = bus_alloc_resource(sc->dev, SYS_RES_IRQ, &sc->irq_rid,
3746 0, ~0, 1, RF_ACTIVE);
3748 RAY_PRINTF(sc, "Cannot allocate irq");
3751 if ((error = bus_setup_intr(sc->dev, sc->irq_res, INTR_TYPE_NET,
3752 ray_intr, sc, &sc->irq_handle)) != 0) {
3753 RAY_PRINTF(sc, "Failed to setup irq");
3756 RAY_DPRINTF(sc, RAY_DBG_CM | RAY_DBG_BOOTPARAM, "allocated irq:\n"
3757 ". start 0x%0lx count 0x%0lx",
3758 bus_get_resource_start(sc->dev, SYS_RES_IRQ, sc->irq_rid),
3759 bus_get_resource_count(sc->dev, SYS_RES_IRQ, sc->irq_rid));
3765 * Release all of the card's resources
3768 ray_res_release(struct ray_softc *sc)
3770 if (sc->irq_res != 0) {
3771 bus_teardown_intr(sc->dev, sc->irq_res, sc->irq_handle);
3772 bus_release_resource(sc->dev, SYS_RES_IRQ,
3773 sc->irq_rid, sc->irq_res);
3776 if (sc->am_res != 0) {
3777 bus_release_resource(sc->dev, SYS_RES_MEMORY,
3778 sc->am_rid, sc->am_res);
3781 if (sc->cm_res != 0) {
3782 bus_release_resource(sc->dev, SYS_RES_MEMORY,
3783 sc->cm_rid, sc->cm_res);
3791 #if RAY_DEBUG & RAY_DBG_MBUF
3793 ray_dump_mbuf(struct ray_softc *sc, struct mbuf *m, char *s)
3799 RAY_PRINTF(sc, "%s", s);
3800 RAY_PRINTF(sc, "\nm0->data\t0x%p\nm_pkthdr.len\t%d\nm_len\t%d",
3801 mtod(m, u_int8_t *), m->m_pkthdr.len, m->m_len);
3804 for (; m; m = m->m_next) {
3805 d = mtod(m, u_int8_t *);
3808 for (; d < ed; i++, d++) {
3809 if ((i % 16) == 0) {
3810 printf(" %s\n\t", p);
3811 } else if ((i % 8) == 0)
3813 printf(" %02x", *d);
3814 p[i % 16] = ((*d >= 0x20) && (*d < 0x80)) ? *d : '.';
3820 #endif /* RAY_DEBUG & RAY_DBG_MBUF */
projects / dragonfly.git / blob