projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
suser_* to priv_* conversion
[dragonfly.git] / sys / dev / netif / iwi / if_iwi.c
1 /*
2  * Copyright (c) 2004-2006
3  *      Damien Bergamini <damien.bergamini@free.fr>.
4  * Copyright (c) 2004, 2005
5  *      Andrew Atrens <atrens@nortelnetworks.com>.
6  *
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice unmodified, this list of conditions, and the following
14  *    disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  * $FreeBSD: src/sys/dev/iwi/if_iwi.c,v 1.8.2.6 2006/02/23 02:06:46 sam Exp $
32  * $DragonFly: src/sys/dev/netif/iwi/if_iwi.c,v 1.21 2008/05/14 11:59:20 sephe Exp $
33  */
34
35 /*-
36  * Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
37  * http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm
38  */
39
40 #include <sys/param.h>
41 #include <sys/sysctl.h>
42 #include <sys/sockio.h>
43 #include <sys/mbuf.h>
44 #include <sys/kernel.h>
45 #include <sys/kthread.h>
46 #include <sys/interrupt.h>
47 #include <sys/socket.h>
48 #include <sys/systm.h>
49 #include <sys/malloc.h>
50 #include <sys/module.h>
51 #include <sys/endian.h>
52 #include <sys/proc.h>
53 #include <sys/priv.h>
54 #include <sys/ucred.h>
55 #include <sys/bus.h>
56 #include <sys/rman.h>
57 #include <sys/serialize.h>
58
59 #include <bus/pci/pcidevs.h>
60 #include <bus/pci/pcireg.h>
61 #include <bus/pci/pcivar.h>
62
63 #include <net/bpf.h>
64 #include <net/if.h>
65 #include <net/if_arp.h>
66 #include <net/ethernet.h>
67 #include <net/if_dl.h>
68 #include <net/if_media.h>
69 #include <net/if_types.h>
70 #include <net/ifq_var.h>
71
72 #include <netproto/802_11/ieee80211_var.h>
73 #include <netproto/802_11/ieee80211_radiotap.h>
74
75 #include <netinet/in.h>
76 #include <netinet/in_systm.h>
77 #include <netinet/in_var.h>
78 #include <netinet/ip.h>
79 #include <netinet/if_ether.h>
80
81 #include <dev/netif/iwi/if_iwireg.h>
82 #include <dev/netif/iwi/if_iwivar.h>
83
84 #ifdef IWI_DEBUG
85 #define DPRINTF(x)      do { if (iwi_debug > 0) kprintf x; } while (0)
86 #define DPRINTFN(n, x)  do { if (iwi_debug >= (n)) kprintf x; } while (0)
87 int iwi_debug = 0;
88 SYSCTL_INT(_debug, OID_AUTO, iwi, CTLFLAG_RW, &iwi_debug, 0, "iwi debug level");
89 #else
90 #define DPRINTF(x)
91 #define DPRINTFN(n, x)
92 #endif
93
94 static struct iwi_ident {
95         uint16_t        vendor;
96         uint16_t        device;
97         const char      *name;
98 } iwi_ident_table[] = {
99         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2200BG,
100                 "Intel(R) PRO/Wireless 2200BG" },
101         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2225BG,
102                 "Intel(R) PRO/Wireless 2225BG" },
103         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_1,
104                 "Intel(R) PRO/Wireless 2915ABG" },
105         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_2,
106                 "Intel(R) PRO/Wireless 2915ABG" },
107         { 0, 0, NULL }
108 };
109
110 static void     iwi_fw_monitor(void *);
111 static void     iwi_dma_map_addr(void *, bus_dma_segment_t *, int, int);
112 static void     iwi_dma_map_mbuf(void *, bus_dma_segment_t *, int, bus_size_t,
113                                  int);
114 static int      iwi_alloc_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *,
115                     int);
116 static void     iwi_reset_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
117 static void     iwi_free_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
118 static int      iwi_alloc_tx_ring(struct iwi_softc *, struct iwi_tx_ring *,
119                     int, bus_addr_t, bus_addr_t);
120 static void     iwi_reset_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
121 static void     iwi_free_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
122 static int      iwi_alloc_rx_ring(struct iwi_softc *, struct iwi_rx_ring *,
123                     int);
124 static void     iwi_reset_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
125 static void     iwi_free_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
126 static struct   ieee80211_node *iwi_node_alloc(struct ieee80211_node_table *);
127 static void     iwi_node_free(struct ieee80211_node *);
128 static int      iwi_media_change(struct ifnet *);
129 static void     iwi_media_status(struct ifnet *, struct ifmediareq *);
130 static int      iwi_newstate(struct ieee80211com *, enum ieee80211_state, int);
131 static int      iwi_wme_update(struct ieee80211com *);
132 static uint16_t iwi_read_prom_word(struct iwi_softc *, uint8_t);
133 static void     iwi_fix_channel(struct ieee80211com *, struct mbuf *);
134 static void     iwi_frame_intr(struct iwi_softc *, struct iwi_rx_data *, int,
135                     struct iwi_frame *);
136 static void     iwi_notification_intr(struct iwi_softc *, struct iwi_notif *);
137 static void     iwi_rx_intr(struct iwi_softc *);
138 static void     iwi_tx_intr(struct iwi_softc *, struct iwi_tx_ring *);
139 static void     iwi_intr(void *);
140 static int      iwi_cmd(struct iwi_softc *, uint8_t, void *, uint8_t, int);
141 static void     iwi_write_ibssnode(struct iwi_softc *, const struct iwi_node *);
142 static int      iwi_tx_start(struct ifnet *, struct mbuf *,
143                     struct ieee80211_node *, int);
144 static void     iwi_start(struct ifnet *);
145 static void     iwi_watchdog(struct ifnet *);
146 static int      iwi_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
147 static void     iwi_stop_master(struct iwi_softc *);
148 static int      iwi_reset(struct iwi_softc *);
149 static int      iwi_load_ucode(struct iwi_softc *, void *, int);
150 static int      iwi_load_firmware(struct iwi_softc *, void *, int);
151 static int      iwi_cache_firmware(struct iwi_softc *, void *);
152 static void     iwi_free_firmware(struct iwi_softc *);
153 static int      iwi_config(struct iwi_softc *);
154 static int      iwi_set_chan(struct iwi_softc *, struct ieee80211_channel *);
155 static int      iwi_scan(struct iwi_softc *);
156 static int      iwi_auth_and_assoc(struct iwi_softc *);
157 static void     iwi_init(void *);
158 static void     iwi_stop(void *);
159 static int      iwi_sysctl_stats(SYSCTL_HANDLER_ARGS);
160 static int      iwi_sysctl_radio(SYSCTL_HANDLER_ARGS);
161
162 static int      iwi_probe(device_t);
163 static int      iwi_attach(device_t);
164 static int      iwi_detach(device_t);
165 static int      iwi_shutdown(device_t);
166 static int      iwi_suspend(device_t);
167 static int      iwi_resume(device_t);
168
169 static int      iwi_alloc_ibss_node(struct iwi_softc *);
170 static void     iwi_free_ibss_node(struct iwi_softc *, int);
171
172 static device_method_t iwi_methods[] = {
173         /* Device interface */
174         DEVMETHOD(device_probe,         iwi_probe),
175         DEVMETHOD(device_attach,        iwi_attach),
176         DEVMETHOD(device_detach,        iwi_detach),
177         DEVMETHOD(device_shutdown,      iwi_shutdown),
178         DEVMETHOD(device_suspend,       iwi_suspend),
179         DEVMETHOD(device_resume,        iwi_resume),
180
181         { 0, 0 }
182 };
183
184 static driver_t iwi_driver = {
185         "iwi",
186         iwi_methods,
187         sizeof (struct iwi_softc)
188 };
189
190 static devclass_t iwi_devclass;
191
192 DRIVER_MODULE(iwi, pci, iwi_driver, iwi_devclass, 0, 0);
193
194 MODULE_DEPEND(iwi, pci,  1, 1, 1);
195 MODULE_DEPEND(iwi, wlan, 1, 1, 1);
196
197 /*
198  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
199  */
200 static const struct ieee80211_rateset iwi_rateset_11a =
201         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
202
203 static const struct ieee80211_rateset iwi_rateset_11b =
204         { 4, { 2, 4, 11, 22 } };
205
206 static const struct ieee80211_rateset iwi_rateset_11g =
207         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
208
209 static void
210 iwi_fw_monitor(void *arg)
211 {
212         struct iwi_softc *sc = arg;
213         struct ifnet *ifp = &sc->sc_ic.ic_if;
214
215         lwkt_serialize_enter(ifp->if_serializer);
216         for (;;) {
217                 int error = 0;
218
219                 /*
220                  * Test to see whether we are detaching,
221                  * this is used to avoid race condition
222                  * especially when attaching fails.
223                  */
224                 if ((sc->flags & IWI_FLAG_EXIT) == 0) {
225                         crit_enter();
226                         tsleep_interlock(IWI_FW_WAKE_MONITOR(sc));
227                         lwkt_serialize_exit(ifp->if_serializer);
228                         error = tsleep(IWI_FW_WAKE_MONITOR(sc),
229                                        0, "iwifwm", 0);
230                         crit_exit();
231                         lwkt_serialize_enter(ifp->if_serializer);
232                 }
233
234                 if (error == 0) {
235                         int boff;
236
237                         if (sc->flags & IWI_FLAG_EXIT)
238                                 break;
239                         else if ((sc->flags & IWI_FLAG_RESET) == 0)
240                                 continue;
241
242                         if_printf(ifp, "reset firmware\n");
243                         for (boff = 1; sc->flags & IWI_FLAG_RESET; boff++) {
244                                 iwi_init(sc);
245                                 if (sc->flags & IWI_FLAG_FW_INITED) {
246                                         sc->flags &= ~IWI_FLAG_RESET;
247                                 } else if (boff > 10) { /* XXX */
248                                         if_printf(ifp, "fw reset failed.  "
249                                                   "retrying...\n");
250
251                                         /* XXX avoid to sleep to long */
252                                         boff = 1;
253                                 }
254
255                                 /*
256                                  * Since this would be infinite loop,
257                                  * if reseting firmware never succeeded,
258                                  * we test to see whether we are detaching.
259                                  */
260                                 if (sc->flags & IWI_FLAG_EXIT)
261                                         break;
262
263                                 crit_enter();
264                                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
265                                 lwkt_serialize_exit(ifp->if_serializer);
266                                 error = tsleep(IWI_FW_CMD_ACKED(sc), 0,
267                                                "iwirun", boff * hz);
268                                 crit_exit();
269                                 lwkt_serialize_enter(ifp->if_serializer);
270                         }
271                 }
272         }
273         lwkt_serialize_exit(ifp->if_serializer);
274
275         if_printf(ifp, "fw monitor exiting\n");
276         wakeup(IWI_FW_EXIT_MONITOR(sc));
277         kthread_exit();
278 }
279
280 static int
281 iwi_probe(device_t dev)
282 {
283         const struct iwi_ident *ident;
284         uint16_t vid, did;
285
286         vid = pci_get_vendor(dev);
287         did = pci_get_device(dev);
288         for (ident = iwi_ident_table; ident->name != NULL; ident++) {
289                 if (vid == ident->vendor && did == ident->device) {
290                         device_set_desc(dev, ident->name);
291                         return 0;
292                 }
293         }
294         return ENXIO;
295 }
296
297 /* Base Address Register */
298 #define IWI_PCI_BAR0    0x10
299
300 static int
301 iwi_attach(device_t dev)
302 {
303         struct iwi_softc *sc = device_get_softc(dev);
304         struct ieee80211com *ic = &sc->sc_ic;
305         struct ifnet *ifp = &ic->ic_if;
306         uint16_t val;
307         int error, i;
308
309         sc->sc_dev = dev;
310         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
311
312         if (pci_get_powerstate(dev) != PCI_POWERSTATE_D0) {
313                 device_printf(dev, "chip is in D%d power mode "
314                     "-- setting to D0\n", pci_get_powerstate(dev));
315                 pci_set_powerstate(dev, PCI_POWERSTATE_D0);
316         }
317
318         pci_write_config(dev, 0x41, 0, 1);
319
320         /* enable bus-mastering */
321         pci_enable_busmaster(dev);
322
323         sc->mem_rid = IWI_PCI_BAR0;
324         sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
325                                          RF_ACTIVE);
326         if (sc->mem == NULL) {
327                 device_printf(dev, "could not allocate memory resource\n");
328                 return ENXIO;
329         }
330         sc->sc_st = rman_get_bustag(sc->mem);
331         sc->sc_sh = rman_get_bushandle(sc->mem);
332
333         sc->irq_rid = 0;
334         sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
335                                          RF_ACTIVE | RF_SHAREABLE);
336         if (sc->irq == NULL) {
337                 device_printf(dev, "could not allocate interrupt resource\n");
338                 goto fail;
339         }
340
341         if (iwi_reset(sc) != 0) {
342                 device_printf(dev, "could not reset adapter\n");
343                 goto fail;
344         }
345
346         /*
347          * Allocate rings.
348          */
349         error = iwi_alloc_cmd_ring(sc, &sc->cmdq, IWI_CMD_RING_COUNT);
350         if (error != 0) {
351                 device_printf(dev, "could not allocate Cmd ring\n");
352                 goto fail;
353         }
354
355         error = iwi_alloc_tx_ring(sc, &sc->txq[0], IWI_TX_RING_COUNT,
356                                   IWI_CSR_TX1_RIDX, IWI_CSR_TX1_WIDX);
357         if (error != 0) {
358                 device_printf(dev, "could not allocate Tx ring 1\n");
359                 goto fail;
360         }
361
362         error = iwi_alloc_tx_ring(sc, &sc->txq[1], IWI_TX_RING_COUNT,
363                                   IWI_CSR_TX2_RIDX, IWI_CSR_TX2_WIDX);
364         if (error != 0) {
365                 device_printf(dev, "could not allocate Tx ring 2\n");
366                 goto fail;
367         }
368
369         error = iwi_alloc_tx_ring(sc, &sc->txq[2], IWI_TX_RING_COUNT,
370                                   IWI_CSR_TX3_RIDX, IWI_CSR_TX3_WIDX);
371         if (error != 0) {
372                 device_printf(dev, "could not allocate Tx ring 3\n");
373                 goto fail;
374         }
375
376         error = iwi_alloc_tx_ring(sc, &sc->txq[3], IWI_TX_RING_COUNT,
377                                   IWI_CSR_TX4_RIDX, IWI_CSR_TX4_WIDX);
378         if (error != 0) {
379                 device_printf(dev, "could not allocate Tx ring 4\n");
380                 goto fail;
381         }
382
383         error = iwi_alloc_rx_ring(sc, &sc->rxq, IWI_RX_RING_COUNT);
384         if (error != 0) {
385                 device_printf(dev, "could not allocate Rx ring\n");
386                 goto fail;
387         }
388
389         sysctl_ctx_init(&sc->sysctl_ctx);
390         sc->sysctl_tree = SYSCTL_ADD_NODE(&sc->sysctl_ctx,
391                                 SYSCTL_STATIC_CHILDREN(_hw),
392                                 OID_AUTO,
393                                 device_get_nameunit(dev),
394                                 CTLFLAG_RD,
395                                 0, "");
396         if (sc->sysctl_tree == NULL) {
397                 device_printf(dev, "sysctl add node failed\n");
398                 error = EIO;
399                 goto fail;
400         }
401
402         ifp->if_softc = sc;
403         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
404         ifp->if_init = iwi_init;
405         ifp->if_ioctl = iwi_ioctl;
406         ifp->if_start = iwi_start;
407         ifp->if_watchdog = iwi_watchdog;
408         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
409         ifq_set_ready(&ifp->if_snd);
410
411         ic->ic_wme.wme_update = iwi_wme_update;
412         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
413         ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
414         ic->ic_state = IEEE80211_S_INIT;
415
416         /* set device capabilities */
417         ic->ic_caps =
418             IEEE80211_C_IBSS |          /* IBSS mode supported */
419             IEEE80211_C_MONITOR |       /* monitor mode supported */
420             IEEE80211_C_TXPMGT |        /* tx power management */
421             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
422             IEEE80211_C_WPA |           /* 802.11i */
423             IEEE80211_C_WME;            /* 802.11e */
424
425         /* read MAC address from EEPROM */
426         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 0);
427         ic->ic_myaddr[0] = val & 0xff;
428         ic->ic_myaddr[1] = val >> 8;
429         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 1);
430         ic->ic_myaddr[2] = val & 0xff;
431         ic->ic_myaddr[3] = val >> 8;
432         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 2);
433         ic->ic_myaddr[4] = val & 0xff;
434         ic->ic_myaddr[5] = val >> 8;
435
436         if (pci_get_device(dev) >= 0x4223) {
437                 /* set supported .11a rates (2915ABG only) */
438                 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwi_rateset_11a;
439
440                 /* set supported .11a channels */
441                 for (i = 36; i <= 64; i += 4) {
442                         ic->ic_channels[i].ic_freq =
443                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
444                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
445                 }
446                 for (i = 149; i <= 165; i += 4) {
447                         ic->ic_channels[i].ic_freq =
448                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
449                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
450                 }
451         }
452
453         /* set supported .11b and .11g rates */
454         ic->ic_sup_rates[IEEE80211_MODE_11B] = iwi_rateset_11b;
455         ic->ic_sup_rates[IEEE80211_MODE_11G] = iwi_rateset_11g;
456
457         /* set supported .11b and .11g channels (1 through 14) */
458         for (i = 1; i <= 14; i++) {
459                 ic->ic_channels[i].ic_freq =
460                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
461                 ic->ic_channels[i].ic_flags =
462                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
463                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
464         }
465
466         ieee80211_ifattach(ic);
467         /* override default methods */
468         ic->ic_node_alloc = iwi_node_alloc;
469         sc->sc_node_free = ic->ic_node_free;
470         ic->ic_node_free = iwi_node_free;
471         /* override state transition machine */
472         sc->sc_newstate = ic->ic_newstate;
473         ic->ic_newstate = iwi_newstate;
474         ieee80211_media_init(ic, iwi_media_change, iwi_media_status);
475
476         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
477             sizeof (struct ieee80211_frame) + 64, &sc->sc_drvbpf);
478
479         sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
480         sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
481         sc->sc_rxtap.wr_ihdr.it_present = htole32(IWI_RX_RADIOTAP_PRESENT);
482
483         sc->sc_txtap_len = sizeof sc->sc_txtapu;
484         sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
485         sc->sc_txtap.wt_ihdr.it_present = htole32(IWI_TX_RADIOTAP_PRESENT);
486
487         /*
488          * Add a few sysctl knobs.
489          */
490         sc->dwelltime = 100;
491         sc->bluetooth = 1;
492         sc->antenna = 0;
493
494         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
495             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "radio",
496             CTLTYPE_INT | CTLFLAG_RD, sc, 0, iwi_sysctl_radio, "I",
497             "radio transmitter switch state (0=off, 1=on)");
498
499         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
500             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "stats",
501             CTLTYPE_OPAQUE | CTLFLAG_RD, sc, 0, iwi_sysctl_stats, "S",
502             "statistics");
503
504         SYSCTL_ADD_INT(&sc->sysctl_ctx,
505             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "dwell",
506             CTLFLAG_RW, &sc->dwelltime, 0,
507             "channel dwell time (ms) for AP/station scanning");
508
509         SYSCTL_ADD_INT(&sc->sysctl_ctx,
510             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "bluetooth",
511             CTLFLAG_RW, &sc->bluetooth, 0, "bluetooth coexistence");
512
513         SYSCTL_ADD_INT(&sc->sysctl_ctx,
514             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "antenna",
515             CTLFLAG_RW, &sc->antenna, 0, "antenna (0=auto)");
516
517         /*
518          * Start firmware monitoring thread
519          *
520          * NOTE:
521          * This should be done only after serializer is initialized,
522          * i.e. after ieee80211_ifattach(), because serializer will be
523          * held once iwi_fw_monitor() is entered.
524          */
525         error = kthread_create(iwi_fw_monitor, sc, &sc->sc_fw_monitor,
526                                "%s:fw-monitor", device_get_nameunit(dev));
527         if (error) {
528                 device_printf(dev, "could not create fw monitor\n");
529                 goto fail1;
530         }
531         sc->flags |= IWI_FLAG_MONITOR;
532
533         /*
534          * Hook our interrupt after all initialization is complete.
535          */
536         error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE, iwi_intr, sc,
537                                &sc->sc_ih, ifp->if_serializer);
538         if (error != 0) {
539                 device_printf(dev, "could not set up interrupt\n");
540                 goto fail1;
541         }
542
543         ifp->if_cpuid = ithread_cpuid(rman_get_start(sc->irq));
544         KKASSERT(ifp->if_cpuid >= 0 && ifp->if_cpuid < ncpus);
545
546         if (bootverbose)
547                 ieee80211_announce(ic);
548
549         return 0;
550
551 fail1:
552         bpfdetach(ifp);
553         ieee80211_ifdetach(ic);
554 fail:
555         iwi_detach(dev);
556         return ENXIO;
557 }
558
559 static int
560 iwi_detach(device_t dev)
561 {
562         struct iwi_softc *sc = device_get_softc(dev);
563         struct ieee80211com *ic = &sc->sc_ic;
564         struct ifnet *ifp = ic->ic_ifp;
565
566         if (sc->flags & IWI_FLAG_MONITOR) {
567                 lwkt_serialize_enter(ifp->if_serializer);
568                 sc->flags |= IWI_FLAG_EXIT;
569                 wakeup(IWI_FW_WAKE_MONITOR(sc));
570
571                 crit_enter();
572                 tsleep_interlock(IWI_FW_EXIT_MONITOR(sc));
573                 lwkt_serialize_exit(ifp->if_serializer);
574                 tsleep(IWI_FW_EXIT_MONITOR(sc), 0, "iwiexi", 0);
575                 crit_exit();
576                 /* No need to hold serializer again */
577
578                 if_printf(ifp, "fw monitor exited\n");
579         }
580
581         if (device_is_attached(dev)) {
582                 lwkt_serialize_enter(ifp->if_serializer);
583
584                 iwi_stop(sc);
585                 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
586                 iwi_free_firmware(sc);
587
588                 lwkt_serialize_exit(ifp->if_serializer);
589
590                 bpfdetach(ifp);
591                 ieee80211_ifdetach(ic);
592         }
593
594         iwi_free_cmd_ring(sc, &sc->cmdq);
595         iwi_free_tx_ring(sc, &sc->txq[0]);
596         iwi_free_tx_ring(sc, &sc->txq[1]);
597         iwi_free_tx_ring(sc, &sc->txq[2]);
598         iwi_free_tx_ring(sc, &sc->txq[3]);
599         iwi_free_rx_ring(sc, &sc->rxq);
600
601         if (sc->irq != NULL)
602                 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
603
604         if (sc->mem != NULL)
605                 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
606
607         if (sc->sysctl_tree != NULL)
608                 sysctl_ctx_free(&sc->sysctl_ctx);
609
610         return 0;
611 }
612
613 static void
614 iwi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
615 {
616         if (error != 0)
617                 return;
618
619         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
620
621         *(bus_addr_t *)arg = segs[0].ds_addr;
622 }
623
624 static int
625 iwi_alloc_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring, int count)
626 {
627         int error;
628
629         ring->count = count;
630         ring->queued = 0;
631         ring->cur = ring->next = 0;
632
633         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
634             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_CMD_DESC_SIZE, 1,
635             count * IWI_CMD_DESC_SIZE, 0, &ring->desc_dmat);
636         if (error != 0) {
637                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
638                 goto fail;
639         }
640
641         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
642             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
643         if (error != 0) {
644                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
645                 goto fail;
646         }
647
648         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
649             count * IWI_CMD_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
650         if (error != 0) {
651                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
652                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
653                 ring->desc = NULL;
654                 return error;
655         }
656
657         return 0;
658
659 fail:   iwi_free_cmd_ring(sc, ring);
660         return error;
661 }
662
663 static void
664 iwi_reset_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
665 {
666         ring->queued = 0;
667         ring->cur = ring->next = 0;
668 }
669
670 static void
671 iwi_free_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
672 {
673         if (ring->desc != NULL) {
674                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
675                     BUS_DMASYNC_POSTWRITE);
676                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
677                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
678                 ring->desc = NULL;
679         }
680
681         if (ring->desc_dmat != NULL) {
682                 bus_dma_tag_destroy(ring->desc_dmat);   
683                 ring->desc_dmat = NULL;
684         }
685 }
686
687 static int
688 iwi_alloc_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring, int count,
689     bus_addr_t csr_ridx, bus_addr_t csr_widx)
690 {
691         int i, error;
692
693         ring->count = count;
694         ring->queued = 0;
695         ring->cur = ring->next = 0;
696         ring->csr_ridx = csr_ridx;
697         ring->csr_widx = csr_widx;
698
699         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
700             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_TX_DESC_SIZE, 1,
701             count * IWI_TX_DESC_SIZE, 0, &ring->desc_dmat);
702         if (error != 0) {
703                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
704                 goto fail;
705         }
706
707         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
708             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
709         if (error != 0) {
710                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
711                 goto fail;
712         }
713
714         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
715             count * IWI_TX_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
716         if (error != 0) {
717                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
718
719                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
720                 ring->desc = NULL;
721                 goto fail;
722         }
723
724         ring->data = kmalloc(count * sizeof (struct iwi_tx_data), M_DEVBUF,
725             M_WAITOK | M_ZERO);
726
727         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
728             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, IWI_MAX_NSEG - 2,
729             MCLBYTES, 0, &ring->data_dmat);
730         if (error != 0) {
731                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
732                 goto fail;
733         }
734
735         for (i = 0; i < count; i++) {
736                 error = bus_dmamap_create(ring->data_dmat, 0,
737                     &ring->data[i].map);
738                 if (error != 0) {
739                         device_printf(sc->sc_dev, "could not create DMA map\n");
740                         goto fail;
741                 }
742         }
743
744         return 0;
745
746 fail:   iwi_free_tx_ring(sc, ring);
747         return error;
748 }
749
750 static void
751 iwi_reset_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
752 {
753         struct iwi_tx_data *data;
754         int i;
755
756         for (i = 0; i < ring->count; i++) {
757                 data = &ring->data[i];
758
759                 if (data->m != NULL) {
760                         bus_dmamap_sync(ring->data_dmat, data->map,
761                             BUS_DMASYNC_POSTWRITE);
762                         bus_dmamap_unload(ring->data_dmat, data->map);
763                         m_freem(data->m);
764                         data->m = NULL;
765                 }
766
767                 if (data->ni != NULL) {
768                         ieee80211_free_node(data->ni);
769                         data->ni = NULL;
770                 }
771         }
772
773         ring->queued = 0;
774         ring->cur = ring->next = 0;
775 }
776
777 static void
778 iwi_free_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
779 {
780         struct iwi_tx_data *data;
781         int i;
782
783         if (ring->desc != NULL) {
784                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
785                     BUS_DMASYNC_POSTWRITE);
786                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
787                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
788                 ring->desc = NULL;
789         }
790
791         if (ring->desc_dmat != NULL) {
792                 bus_dma_tag_destroy(ring->desc_dmat);
793                 ring->desc_dmat = NULL;
794         }
795
796         if (ring->data != NULL) {
797                 for (i = 0; i < ring->count; i++) {
798                         data = &ring->data[i];
799
800                         if (data->m != NULL) {
801                                 bus_dmamap_sync(ring->data_dmat, data->map,
802                                     BUS_DMASYNC_POSTWRITE);
803                                 bus_dmamap_unload(ring->data_dmat, data->map);
804                                 m_freem(data->m);
805                                 data->m = NULL;
806                         }
807
808                         if (data->ni != NULL) {
809                                 ieee80211_free_node(data->ni);
810                                 data->ni = NULL;
811                         }
812
813                         if (data->map != NULL) {
814                                 bus_dmamap_destroy(ring->data_dmat, data->map);
815                                 data->map = NULL;
816                         }
817                 }
818
819                 kfree(ring->data, M_DEVBUF);
820                 ring->data = NULL;
821         }
822
823         if (ring->data_dmat != NULL) {
824                 bus_dma_tag_destroy(ring->data_dmat);
825                 ring->data_dmat = NULL;
826         }
827 }
828
829 static int
830 iwi_alloc_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring, int count)
831 {
832         struct iwi_rx_data *data;
833         int i, error;
834
835         ring->count = count;
836         ring->cur = 0;
837
838         ring->data = kmalloc(count * sizeof (struct iwi_rx_data), M_DEVBUF,
839             M_WAITOK | M_ZERO);
840
841         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
842             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1, MCLBYTES, 0,
843             &ring->data_dmat);
844         if (error != 0) {
845                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
846                 goto fail;
847         }
848
849         for (i = 0; i < count; i++) {
850                 data = &ring->data[i];
851
852                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
853                 if (error != 0) {
854                         device_printf(sc->sc_dev, "could not create DMA map\n");
855                         goto fail;
856                 }
857
858                 data->m = m_getcl(MB_WAIT, MT_DATA, M_PKTHDR);
859                 if (data->m == NULL) {
860                         device_printf(sc->sc_dev,
861                             "could not allocate rx mbuf\n");
862                         error = ENOMEM;
863                         goto fail;
864                 }
865
866                 error = bus_dmamap_load(ring->data_dmat, data->map,
867                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
868                     &data->physaddr, 0);
869                 if (error != 0) {
870                         device_printf(sc->sc_dev,
871                             "could not load rx buf DMA map");
872
873                         m_freem(data->m);
874                         data->m = NULL;
875                         goto fail;
876                 }
877
878                 data->reg = IWI_CSR_RX_BASE + i * 4;
879         }
880
881         return 0;
882
883 fail:   iwi_free_rx_ring(sc, ring);
884         return error;
885 }
886
887 static void
888 iwi_reset_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
889 {
890         ring->cur = 0;
891 }
892
893 static void
894 iwi_free_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
895 {
896         struct iwi_rx_data *data;
897         int i;
898
899         if (ring->data != NULL) {
900                 for (i = 0; i < ring->count; i++) {
901                         data = &ring->data[i];
902
903                         if (data->m != NULL) {
904                                 bus_dmamap_sync(ring->data_dmat, data->map,
905                                     BUS_DMASYNC_POSTREAD);
906                                 bus_dmamap_unload(ring->data_dmat, data->map);
907                                 m_freem(data->m);
908                                 data->m = NULL;
909                         }
910
911                         if (data->map != NULL) {
912                                 bus_dmamap_destroy(ring->data_dmat, data->map);
913                                 data->map = NULL;
914                         }
915                 }
916
917                 kfree(ring->data, M_DEVBUF);
918                 ring->data = NULL;
919         }
920
921         if (ring->data_dmat != NULL) {
922                 bus_dma_tag_destroy(ring->data_dmat);
923                 ring->data_dmat = NULL;
924         }
925 }
926
927 static int
928 iwi_shutdown(device_t dev)
929 {
930         struct iwi_softc *sc = device_get_softc(dev);
931         struct ifnet *ifp = &sc->sc_ic.ic_if;
932
933         lwkt_serialize_enter(ifp->if_serializer);
934         iwi_stop(sc);
935         lwkt_serialize_exit(ifp->if_serializer);
936
937         return 0;
938 }
939
940 static int
941 iwi_suspend(device_t dev)
942 {
943         struct iwi_softc *sc = device_get_softc(dev);
944         struct ifnet *ifp = &sc->sc_ic.ic_if;
945
946         lwkt_serialize_enter(ifp->if_serializer);
947         iwi_stop(sc);
948         lwkt_serialize_exit(ifp->if_serializer);
949
950         return 0;
951 }
952
953 static int
954 iwi_resume(device_t dev)
955 {
956         struct iwi_softc *sc = device_get_softc(dev);
957         struct ifnet *ifp = sc->sc_ic.ic_ifp;
958
959         lwkt_serialize_enter(ifp->if_serializer);
960
961         pci_write_config(dev, 0x41, 0, 1);
962
963         if (ifp->if_flags & IFF_UP) {
964                 ifp->if_init(ifp->if_softc);
965                 if (ifp->if_flags & IFF_RUNNING)
966                         if_devstart(ifp);
967         }
968
969         lwkt_serialize_exit(ifp->if_serializer);
970
971         return 0;
972 }
973
974 static struct ieee80211_node *
975 iwi_node_alloc(struct ieee80211_node_table *nt)
976 {
977         struct iwi_node *in;
978
979         in = kmalloc(sizeof (struct iwi_node), M_80211_NODE, M_NOWAIT | M_ZERO);
980         if (in == NULL)
981                 return NULL;
982
983         in->in_station = -1;
984
985         return &in->in_node;
986 }
987
988 static void
989 iwi_node_free(struct ieee80211_node *ni)
990 {
991         struct ieee80211com *ic = ni->ni_ic;
992         struct iwi_softc *sc = ic->ic_ifp->if_softc;
993         struct iwi_node *in = (struct iwi_node *)ni;
994
995         if (in->in_station != -1)
996                 iwi_free_ibss_node(sc, in->in_station);
997
998         sc->sc_node_free(ni);
999 }
1000
1001 static int
1002 iwi_media_change(struct ifnet *ifp)
1003 {
1004         struct iwi_softc *sc = ifp->if_softc;
1005         int error;
1006
1007         ASSERT_SERIALIZED(ifp->if_serializer);
1008
1009         error = ieee80211_media_change(ifp);
1010         if (error != ENETRESET)
1011                 return error;
1012
1013         if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
1014                 iwi_init(sc);
1015         return 0;
1016 }
1017
1018 /*
1019  * The firmware automatically adapts the transmit speed.  We report its current
1020  * value here.
1021  */
1022 static void
1023 iwi_media_status(struct ifnet *ifp, struct ifmediareq *imr)
1024 {
1025         struct iwi_softc *sc = ifp->if_softc;
1026         struct ieee80211com *ic = &sc->sc_ic;
1027 #define N(a)    (sizeof (a) / sizeof (a[0]))
1028         static const struct {
1029                 uint32_t        val;
1030                 int             rate;
1031         } rates[] = {
1032                 { IWI_RATE_DS1,      2 },
1033                 { IWI_RATE_DS2,      4 },
1034                 { IWI_RATE_DS5,     11 },
1035                 { IWI_RATE_DS11,    22 },
1036                 { IWI_RATE_OFDM6,   12 },
1037                 { IWI_RATE_OFDM9,   18 },
1038                 { IWI_RATE_OFDM12,  24 },
1039                 { IWI_RATE_OFDM18,  36 },
1040                 { IWI_RATE_OFDM24,  48 },
1041                 { IWI_RATE_OFDM36,  72 },
1042                 { IWI_RATE_OFDM48,  96 },
1043                 { IWI_RATE_OFDM54, 108 },
1044         };
1045         uint32_t val;
1046         int rate, i;
1047
1048         imr->ifm_status = IFM_AVALID;
1049         imr->ifm_active = IFM_IEEE80211;
1050         if (ic->ic_state == IEEE80211_S_RUN)
1051                 imr->ifm_status |= IFM_ACTIVE;
1052
1053         /* read current transmission rate from adapter */
1054         val = CSR_READ_4(sc, IWI_CSR_CURRENT_TX_RATE);
1055
1056         /* convert rate to 802.11 rate */
1057         for (i = 0; i < N(rates) && rates[i].val != val; i++);
1058         rate = (i < N(rates)) ? rates[i].rate : 0;
1059
1060         imr->ifm_active |= ieee80211_rate2media(ic, rate, ic->ic_curmode);
1061         switch (ic->ic_opmode) {
1062         case IEEE80211_M_STA:
1063                 break;
1064
1065         case IEEE80211_M_IBSS:
1066                 imr->ifm_active |= IFM_IEEE80211_ADHOC;
1067                 break;
1068
1069         case IEEE80211_M_MONITOR:
1070                 imr->ifm_active |= IFM_IEEE80211_MONITOR;
1071                 break;
1072
1073         case IEEE80211_M_AHDEMO:
1074         case IEEE80211_M_HOSTAP:
1075                 /* should not get there */
1076                 break;
1077         }
1078 #undef N
1079 }
1080
1081 static int
1082 iwi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1083 {
1084         struct ifnet *ifp = ic->ic_ifp;
1085         struct iwi_softc *sc = ifp->if_softc;
1086         enum ieee80211_state ostate;
1087         uint32_t tmp;
1088
1089         ostate = ic->ic_state;
1090
1091         switch (nstate) {
1092         case IEEE80211_S_SCAN:
1093                 if (sc->flags & IWI_FLAG_SCANNING)
1094                         break;
1095
1096                 ieee80211_node_table_reset(&ic->ic_scan);
1097                 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN;
1098                 sc->flags |= IWI_FLAG_SCANNING;
1099                 iwi_scan(sc);
1100                 break;
1101
1102         case IEEE80211_S_AUTH:
1103                 iwi_auth_and_assoc(sc);
1104                 break;
1105
1106         case IEEE80211_S_RUN:
1107                 if (ic->ic_opmode == IEEE80211_M_IBSS)
1108                         iwi_auth_and_assoc(sc);
1109                 else if (ic->ic_opmode == IEEE80211_M_MONITOR)
1110                         iwi_set_chan(sc, ic->ic_ibss_chan);
1111
1112                 /* assoc led on */
1113                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1114                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp | IWI_LED_ASSOC);
1115
1116                 return sc->sc_newstate(ic, nstate,
1117                     IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1118
1119         case IEEE80211_S_ASSOC:
1120                 break;
1121
1122         case IEEE80211_S_INIT:
1123                 sc->flags &= ~IWI_FLAG_SCANNING;
1124
1125                 if (ostate != IEEE80211_S_RUN)
1126                         break;
1127
1128                 /* assoc led off */
1129                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1130                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp & ~IWI_LED_ASSOC);
1131                 break;
1132         }
1133
1134         ic->ic_state = nstate;
1135
1136         return 0;
1137 }
1138
1139 /*
1140  * WME parameters coming from IEEE 802.11e specification.  These values are
1141  * already declared in ieee80211_proto.c, but they are static so they can't
1142  * be reused here.
1143  */
1144 static const struct wmeParams iwi_wme_cck_params[WME_NUM_AC] = {
1145         { 0, 3, 5,  7,   0 },   /* WME_AC_BE */
1146         { 0, 3, 5, 10,   0 },   /* WME_AC_BK */
1147         { 0, 2, 4,  5, 188 },   /* WME_AC_VI */
1148         { 0, 2, 3,  4, 102 }    /* WME_AC_VO */
1149 };
1150
1151 static const struct wmeParams iwi_wme_ofdm_params[WME_NUM_AC] = {
1152         { 0, 3, 4,  6,   0 },   /* WME_AC_BE */
1153         { 0, 3, 4, 10,   0 },   /* WME_AC_BK */
1154         { 0, 2, 3,  4,  94 },   /* WME_AC_VI */
1155         { 0, 2, 2,  3,  47 }    /* WME_AC_VO */
1156 };
1157
1158 static int
1159 iwi_wme_update(struct ieee80211com *ic)
1160 {
1161 #define IWI_EXP2(v)     htole16((1 << (v)) - 1)
1162 #define IWI_USEC(v)     htole16(IEEE80211_TXOP_TO_US(v))
1163         struct iwi_softc *sc = ic->ic_ifp->if_softc;
1164         struct iwi_wme_params wme[3];
1165         const struct wmeParams *wmep;
1166         int ac;
1167
1168         /*
1169          * We shall not override firmware default WME values if WME is not
1170          * actually enabled.
1171          */
1172         if (!(ic->ic_flags & IEEE80211_F_WME))
1173                 return 0;
1174
1175         for (ac = 0; ac < WME_NUM_AC; ac++) {
1176                 /* set WME values for current operating mode */
1177                 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac];
1178                 wme[0].aifsn[ac] = wmep->wmep_aifsn;
1179                 wme[0].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1180                 wme[0].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1181                 wme[0].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1182                 wme[0].acm[ac]   = wmep->wmep_acm;
1183
1184                 /* set WME values for CCK modulation */
1185                 wmep = &iwi_wme_cck_params[ac];
1186                 wme[1].aifsn[ac] = wmep->wmep_aifsn;
1187                 wme[1].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1188                 wme[1].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1189                 wme[1].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1190                 wme[1].acm[ac]   = wmep->wmep_acm;
1191
1192                 /* set WME values for OFDM modulation */
1193                 wmep = &iwi_wme_ofdm_params[ac];
1194                 wme[2].aifsn[ac] = wmep->wmep_aifsn;
1195                 wme[2].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1196                 wme[2].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1197                 wme[2].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1198                 wme[2].acm[ac]   = wmep->wmep_acm;
1199         }
1200
1201         DPRINTF(("Setting WME parameters\n"));
1202         return iwi_cmd(sc, IWI_CMD_SET_WME_PARAMS, wme, sizeof wme, 1);
1203 #undef IWI_USEC
1204 #undef IWI_EXP2
1205 }
1206
1207 /*
1208  * Read 16 bits at address 'addr' from the serial EEPROM.
1209  */
1210 static uint16_t
1211 iwi_read_prom_word(struct iwi_softc *sc, uint8_t addr)
1212 {
1213         uint32_t tmp;
1214         uint16_t val;
1215         int n;
1216
1217         /* Clock C once before the first command */
1218         IWI_EEPROM_CTL(sc, 0);
1219         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1220         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1221         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1222
1223         /* Write start bit (1) */
1224         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1225         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1226
1227         /* Write READ opcode (10) */
1228         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1229         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1230         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1231         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1232
1233         /* Write address A7-A0 */
1234         for (n = 7; n >= 0; n--) {
1235                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1236                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D));
1237                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1238                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D) | IWI_EEPROM_C);
1239         }
1240
1241         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1242
1243         /* Read data Q15-Q0 */
1244         val = 0;
1245         for (n = 15; n >= 0; n--) {
1246                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1247                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1248                 tmp = MEM_READ_4(sc, IWI_MEM_EEPROM_CTL);
1249                 val |= ((tmp & IWI_EEPROM_Q) >> IWI_EEPROM_SHIFT_Q) << n;
1250         }
1251
1252         IWI_EEPROM_CTL(sc, 0);
1253
1254         /* Clear Chip Select and clock C */
1255         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1256         IWI_EEPROM_CTL(sc, 0);
1257         IWI_EEPROM_CTL(sc, IWI_EEPROM_C);
1258
1259         return val;
1260 }
1261
1262 /*
1263  * XXX: Hack to set the current channel to the value advertised in beacons or
1264  * probe responses. Only used during AP detection.
1265  */
1266 static void
1267 iwi_fix_channel(struct ieee80211com *ic, struct mbuf *m)
1268 {
1269         struct ieee80211_frame *wh;
1270         uint8_t subtype;
1271         uint8_t *frm, *efrm;
1272
1273         wh = mtod(m, struct ieee80211_frame *);
1274
1275         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT)
1276                 return;
1277
1278         subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1279
1280         if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
1281             subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1282                 return;
1283
1284         frm = (uint8_t *)(wh + 1);
1285         efrm = mtod(m, uint8_t *) + m->m_len;
1286
1287         frm += 12;      /* skip tstamp, bintval and capinfo fields */
1288         while (frm < efrm) {
1289                 if (*frm == IEEE80211_ELEMID_DSPARMS)
1290 #if IEEE80211_CHAN_MAX < 255
1291                 if (frm[2] <= IEEE80211_CHAN_MAX)
1292 #endif
1293                         ic->ic_curchan = &ic->ic_channels[frm[2]];
1294
1295                 frm += frm[1] + 2;
1296         }
1297 }
1298
1299 static void
1300 iwi_frame_intr(struct iwi_softc *sc, struct iwi_rx_data *data, int i,
1301     struct iwi_frame *frame)
1302 {
1303         struct ieee80211com *ic = &sc->sc_ic;
1304         struct ifnet *ifp = ic->ic_ifp;
1305         struct mbuf *mnew, *m;
1306         struct ieee80211_frame *wh;
1307         struct ieee80211_node *ni;
1308         int error;
1309
1310         DPRINTFN(5, ("received frame len=%u chan=%u rssi=%u\n",
1311             le16toh(frame->len), frame->chan, frame->rssi_dbm));
1312
1313         if (le16toh(frame->len) < sizeof (struct ieee80211_frame))
1314                 return;
1315
1316         /*
1317          * Try to allocate a new mbuf for this ring element and load it before
1318          * processing the current mbuf. If the ring element cannot be loaded,
1319          * drop the received packet and reuse the old mbuf. In the unlikely
1320          * case that the old mbuf can't be reloaded either, explicitly panic.
1321          */
1322         mnew = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
1323         if (mnew == NULL) {
1324                 ifp->if_ierrors++;
1325                 return;
1326         }
1327
1328         bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1329
1330         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1331             mtod(mnew, void *), MCLBYTES, iwi_dma_map_addr, &data->physaddr,
1332             0);
1333         if (error != 0) {
1334                 m_freem(mnew);
1335
1336                 /* try to reload the old mbuf */
1337                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1338                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
1339                     &data->physaddr, 0);
1340                 if (error != 0) {
1341                         /* very unlikely that it will fail... */
1342                         panic("%s: could not load old rx mbuf",
1343                             device_get_name(sc->sc_dev));
1344                 }
1345                 ifp->if_ierrors++;
1346                 return;
1347         }
1348
1349         /*
1350          * New mbuf successfully loaded, update Rx ring and continue
1351          * processing.
1352          */
1353         m = data->m;
1354         data->m = mnew;
1355         CSR_WRITE_4(sc, data->reg, data->physaddr);
1356
1357         /* Finalize mbuf */
1358         m->m_pkthdr.rcvif = ifp;
1359         m->m_pkthdr.len = m->m_len = sizeof (struct iwi_hdr) +
1360             sizeof (struct iwi_frame) + le16toh(frame->len);
1361
1362         m_adj(m, sizeof (struct iwi_hdr) + sizeof (struct iwi_frame));
1363
1364         if (ic->ic_state == IEEE80211_S_SCAN)
1365                 iwi_fix_channel(ic, m);
1366
1367         if (sc->sc_drvbpf != NULL) {
1368                 struct iwi_rx_radiotap_header *tap = &sc->sc_rxtap;
1369
1370                 tap->wr_flags = 0;
1371                 tap->wr_rate = frame->rate;
1372                 tap->wr_chan_freq =
1373                     htole16(ic->ic_channels[frame->chan].ic_freq);
1374                 tap->wr_chan_flags =
1375                     htole16(ic->ic_channels[frame->chan].ic_flags);
1376                 tap->wr_antsignal = frame->signal;
1377                 tap->wr_antenna = frame->antenna;
1378
1379                 bpf_ptap(sc->sc_drvbpf, m, tap, sc->sc_rxtap_len);
1380         }
1381
1382         wh = mtod(m, struct ieee80211_frame *);
1383         ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
1384
1385         /* send the frame to the 802.11 layer */
1386         ieee80211_input(ic, m, ni, frame->rssi_dbm, 0);
1387
1388         /* node is no longer needed */
1389         ieee80211_free_node(ni);
1390 }
1391
1392 static void
1393 iwi_notification_intr(struct iwi_softc *sc, struct iwi_notif *notif)
1394 {
1395         struct ieee80211com *ic = &sc->sc_ic;
1396         struct iwi_notif_scan_channel *chan;
1397         struct iwi_notif_scan_complete *scan;
1398         struct iwi_notif_authentication *auth;
1399         struct iwi_notif_association *assoc;
1400
1401         switch (notif->type) {
1402         case IWI_NOTIF_TYPE_SCAN_CHANNEL:
1403                 chan = (struct iwi_notif_scan_channel *)(notif + 1);
1404
1405                 DPRINTFN(2, ("Scanning channel (%u)\n", chan->nchan));
1406                 break;
1407
1408         case IWI_NOTIF_TYPE_SCAN_COMPLETE:
1409                 scan = (struct iwi_notif_scan_complete *)(notif + 1);
1410
1411                 DPRINTFN(2, ("Scan completed (%u, %u)\n", scan->nchan,
1412                     scan->status));
1413
1414                 /* monitor mode uses scan to set the channel ... */
1415                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1416                         sc->flags &= ~IWI_FLAG_SCANNING;
1417                         ieee80211_end_scan(ic);
1418                 } else
1419                         iwi_set_chan(sc, ic->ic_ibss_chan);
1420                 break;
1421
1422         case IWI_NOTIF_TYPE_AUTHENTICATION:
1423                 auth = (struct iwi_notif_authentication *)(notif + 1);
1424
1425                 DPRINTFN(2, ("Authentication (%u)\n", auth->state));
1426
1427                 switch (auth->state) {
1428                 case IWI_AUTHENTICATED:
1429                         ieee80211_node_authorize(ic->ic_bss);
1430                         ieee80211_new_state(ic, IEEE80211_S_ASSOC, -1);
1431                         break;
1432
1433                 case IWI_DEAUTHENTICATED:
1434                         break;
1435
1436                 default:
1437                         device_printf(sc->sc_dev,
1438                             "unknown authentication state %u\n", auth->state);
1439                 }
1440                 break;
1441
1442         case IWI_NOTIF_TYPE_ASSOCIATION:
1443                 assoc = (struct iwi_notif_association *)(notif + 1);
1444
1445                 DPRINTFN(2, ("Association (%u, %u)\n", assoc->state,
1446                     assoc->status));
1447
1448                 switch (assoc->state) {
1449                 case IWI_AUTHENTICATED:
1450                         /* re-association, do nothing */
1451                         break;
1452
1453                 case IWI_ASSOCIATED:
1454                         ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1455                         break;
1456
1457                 case IWI_DEASSOCIATED:
1458                         ieee80211_begin_scan(ic, 1);
1459                         break;
1460
1461                 default:
1462                         device_printf(sc->sc_dev,
1463                             "unknown association state %u\n", assoc->state);
1464                 }
1465                 break;
1466
1467         default:
1468                 DPRINTFN(5, ("Notification (%u)\n", notif->type));
1469         }
1470 }
1471
1472 static void
1473 iwi_rx_intr(struct iwi_softc *sc)
1474 {
1475         struct iwi_rx_data *data;
1476         struct iwi_hdr *hdr;
1477         uint32_t hw;
1478
1479         hw = CSR_READ_4(sc, IWI_CSR_RX_RIDX);
1480
1481         for (; sc->rxq.cur != hw;) {
1482                 data = &sc->rxq.data[sc->rxq.cur];
1483
1484                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1485                     BUS_DMASYNC_POSTREAD);
1486
1487                 hdr = mtod(data->m, struct iwi_hdr *);
1488
1489                 switch (hdr->type) {
1490                 case IWI_HDR_TYPE_FRAME:
1491                         iwi_frame_intr(sc, data, sc->rxq.cur,
1492                             (struct iwi_frame *)(hdr + 1));
1493                         break;
1494
1495                 case IWI_HDR_TYPE_NOTIF:
1496                         iwi_notification_intr(sc,
1497                             (struct iwi_notif *)(hdr + 1));
1498                         break;
1499
1500                 default:
1501                         device_printf(sc->sc_dev, "unknown hdr type %u\n",
1502                             hdr->type);
1503                 }
1504
1505                 DPRINTFN(15, ("rx done idx=%u\n", sc->rxq.cur));
1506
1507                 sc->rxq.cur = (sc->rxq.cur + 1) % IWI_RX_RING_COUNT;
1508         }
1509
1510         /* Tell the firmware what we have processed */
1511         hw = (hw == 0) ? IWI_RX_RING_COUNT - 1 : hw - 1;
1512         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, hw);
1513 }
1514
1515 static void
1516 iwi_tx_intr(struct iwi_softc *sc, struct iwi_tx_ring *txq)
1517 {
1518         struct ieee80211com *ic = &sc->sc_ic;
1519         struct ifnet *ifp = ic->ic_ifp;
1520         struct iwi_tx_data *data;
1521         uint32_t hw;
1522
1523         hw = CSR_READ_4(sc, txq->csr_ridx);
1524
1525         for (; txq->next != hw;) {
1526                 data = &txq->data[txq->next];
1527
1528                 bus_dmamap_sync(txq->data_dmat, data->map,
1529                     BUS_DMASYNC_POSTWRITE);
1530                 bus_dmamap_unload(txq->data_dmat, data->map);
1531                 m_freem(data->m);
1532                 data->m = NULL;
1533                 ieee80211_free_node(data->ni);
1534                 data->ni = NULL;
1535
1536                 DPRINTFN(15, ("tx done idx=%u\n", txq->next));
1537
1538                 ifp->if_opackets++;
1539
1540                 txq->queued--;
1541                 txq->next = (txq->next + 1) % IWI_TX_RING_COUNT;
1542         }
1543
1544         sc->sc_tx_timer = 0;
1545         ifp->if_flags &= ~IFF_OACTIVE;
1546         if_devstart(ifp);
1547 }
1548
1549 static void
1550 iwi_intr(void *arg)
1551 {
1552         struct iwi_softc *sc = arg;
1553         uint32_t r;
1554
1555         r = CSR_READ_4(sc, IWI_CSR_INTR);
1556         if (r == 0 || r == 0xffffffff)
1557                 return;
1558
1559         /* disable interrupts */
1560         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1561
1562         if (r & IWI_INTR_FATAL_ERROR) {
1563                 device_printf(sc->sc_dev, "fatal error\n");
1564
1565                 if ((sc->flags & (IWI_FLAG_EXIT | IWI_FLAG_RESET)) == 0) {
1566                         sc->flags |= IWI_FLAG_RESET;
1567                         device_printf(sc->sc_dev, "wake firmware monitor\n");
1568                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1569                 }
1570         }
1571
1572         if (r & IWI_INTR_PARITY_ERROR) {
1573                 device_printf(sc->sc_dev, "parity error\n");
1574                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1575                 iwi_stop(sc);
1576         }
1577
1578         if (r & IWI_INTR_FW_INITED) {
1579                 if (!(r & (IWI_INTR_FATAL_ERROR | IWI_INTR_PARITY_ERROR)))
1580                         wakeup(IWI_FW_INITIALIZED(sc));
1581         }
1582
1583         if (r & IWI_INTR_RADIO_OFF) {
1584                 DPRINTF(("radio transmitter turned off\n"));
1585                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1586                 iwi_stop(sc);
1587         }
1588
1589         if (r & IWI_INTR_CMD_DONE)
1590                 wakeup(IWI_FW_CMD_ACKED(sc));
1591
1592         if (r & IWI_INTR_TX1_DONE)
1593                 iwi_tx_intr(sc, &sc->txq[0]);
1594
1595         if (r & IWI_INTR_TX2_DONE)
1596                 iwi_tx_intr(sc, &sc->txq[1]);
1597
1598         if (r & IWI_INTR_TX3_DONE)
1599                 iwi_tx_intr(sc, &sc->txq[2]);
1600
1601         if (r & IWI_INTR_TX4_DONE)
1602                 iwi_tx_intr(sc, &sc->txq[3]);
1603
1604         if (r & IWI_INTR_RX_DONE)
1605                 iwi_rx_intr(sc);
1606
1607         /* acknowledge interrupts */
1608         CSR_WRITE_4(sc, IWI_CSR_INTR, r);
1609
1610         /* re-enable interrupts */
1611         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
1612 }
1613
1614 static int
1615 iwi_cmd(struct iwi_softc *sc, uint8_t type, void *data, uint8_t len, int async)
1616 {
1617         struct iwi_cmd_desc *desc;
1618         struct ifnet *ifp = &sc->sc_ic.ic_if;
1619         int ret;
1620
1621         desc = &sc->cmdq.desc[sc->cmdq.cur];
1622
1623         desc->hdr.type = IWI_HDR_TYPE_COMMAND;
1624         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1625         desc->type = type;
1626         desc->len = len;
1627         memcpy(desc->data, data, len);
1628
1629         bus_dmamap_sync(sc->cmdq.desc_dmat, sc->cmdq.desc_map,
1630             BUS_DMASYNC_PREWRITE);
1631
1632         DPRINTFN(2, ("sending command idx=%u type=%u len=%u\n", sc->cmdq.cur,
1633             type, len));
1634
1635         sc->cmdq.cur = (sc->cmdq.cur + 1) % IWI_CMD_RING_COUNT;
1636         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
1637
1638         if (!async) {
1639                 ASSERT_SERIALIZED(ifp->if_serializer);
1640
1641                 crit_enter();
1642                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
1643                 lwkt_serialize_exit(ifp->if_serializer);
1644                 ret = tsleep(IWI_FW_CMD_ACKED(sc), 0, "iwicmd", hz);
1645                 crit_exit();
1646                 lwkt_serialize_enter(ifp->if_serializer);
1647         } else {
1648                 ret = 0;
1649         }
1650
1651         return ret;
1652 }
1653
1654 static void
1655 iwi_write_ibssnode(struct iwi_softc *sc, const struct iwi_node *in)
1656 {
1657         struct iwi_ibssnode node;
1658
1659         /* write node information into NIC memory */
1660         memset(&node, 0, sizeof node);
1661         IEEE80211_ADDR_COPY(node.bssid, in->in_node.ni_macaddr);
1662
1663         CSR_WRITE_REGION_1(sc,
1664             IWI_CSR_NODE_BASE + in->in_station * sizeof node,
1665             (uint8_t *)&node, sizeof node);
1666 }
1667
1668 struct iwi_dma_mapping {
1669         bus_dma_segment_t segs[IWI_MAX_NSEG];
1670         int nseg;
1671         bus_size_t mapsize;
1672 };
1673
1674 static void
1675 iwi_dma_map_mbuf(void *arg, bus_dma_segment_t *segs, int nseg,
1676                  bus_size_t mapsize, int error)
1677 {
1678         struct iwi_dma_mapping *map = arg;
1679
1680         if (error != 0)
1681                 return;
1682
1683         KASSERT(nseg <= IWI_MAX_NSEG, ("too many DMA segments %d", nseg));
1684
1685         bcopy(segs, map->segs, nseg * sizeof(bus_dma_segment_t));
1686         map->nseg = nseg;
1687         map->mapsize = mapsize;
1688 }
1689
1690 static int
1691 iwi_tx_start(struct ifnet *ifp, struct mbuf *m0, struct ieee80211_node *ni,
1692     int ac)
1693 {
1694         struct iwi_softc *sc = ifp->if_softc;
1695         struct ieee80211com *ic = &sc->sc_ic;
1696         struct iwi_node *in = (struct iwi_node *)ni;
1697         struct ieee80211_frame *wh;
1698         struct ieee80211_key *k;
1699         const struct chanAccParams *cap;
1700         struct iwi_tx_ring *txq = &sc->txq[ac];
1701         struct iwi_tx_data *data;
1702         struct iwi_tx_desc *desc;
1703         struct mbuf *mnew;
1704         struct iwi_dma_mapping map;
1705         int error, hdrlen, i, noack = 0;
1706
1707         wh = mtod(m0, struct ieee80211_frame *);
1708
1709         if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) {
1710                 hdrlen = sizeof (struct ieee80211_qosframe);
1711                 cap = &ic->ic_wme.wme_chanParams;
1712                 noack = cap->cap_wmeParams[ac].wmep_noackPolicy;
1713         } else
1714                 hdrlen = sizeof (struct ieee80211_frame);
1715
1716         /*
1717          * This is only used in IBSS mode where the firmware expect an index
1718          * in a h/w table instead of a destination address.
1719          */
1720         if (ic->ic_opmode == IEEE80211_M_IBSS && in->in_station == -1) {
1721                 in->in_station = iwi_alloc_ibss_node(sc);
1722                 if (in->in_station == -1) {     /* h/w table is full */
1723                         m_freem(m0);
1724                         ieee80211_free_node(ni);
1725                         ifp->if_oerrors++;
1726                         if_printf(ifp, "ibss table is full\n");
1727                         return 0;
1728                 }
1729                 iwi_write_ibssnode(sc, in);
1730         }
1731
1732         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1733                 k = ieee80211_crypto_encap(ic, ni, m0);
1734                 if (k == NULL) {
1735                         m_freem(m0);
1736                         return ENOBUFS;
1737                 }
1738
1739                 /* packet header may have moved, reset our local pointer */
1740                 wh = mtod(m0, struct ieee80211_frame *);
1741         }
1742
1743         if (sc->sc_drvbpf != NULL) {
1744                 struct iwi_tx_radiotap_header *tap = &sc->sc_txtap;
1745
1746                 tap->wt_flags = 0;
1747                 tap->wt_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
1748                 tap->wt_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
1749
1750                 bpf_ptap(sc->sc_drvbpf, m0, tap, sc->sc_txtap_len);
1751         }
1752
1753         data = &txq->data[txq->cur];
1754         desc = &txq->desc[txq->cur];
1755
1756         /* save and trim IEEE802.11 header */
1757         m_copydata(m0, 0, hdrlen, (caddr_t)&desc->wh);
1758         m_adj(m0, hdrlen);
1759
1760         error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1761                                      iwi_dma_map_mbuf, &map, BUS_DMA_NOWAIT);
1762         if (error != 0 && error != EFBIG) {
1763                 device_printf(sc->sc_dev, "could not map mbuf (error %d)\n",
1764                     error);
1765                 m_freem(m0);
1766                 return error;
1767         }
1768         if (error != 0) {
1769                 mnew = m_defrag(m0, MB_DONTWAIT);
1770                 if (mnew == NULL) {
1771                         device_printf(sc->sc_dev,
1772                             "could not defragment mbuf\n");
1773                         m_freem(m0);
1774                         return ENOBUFS;
1775                 }
1776                 m0 = mnew;
1777
1778                 error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1779                                              iwi_dma_map_mbuf, &map,
1780                                              BUS_DMA_NOWAIT);
1781                 if (error != 0) {
1782                         device_printf(sc->sc_dev,
1783                             "could not map mbuf (error %d)\n", error);
1784                         m_freem(m0);
1785                         return error;
1786                 }
1787         }
1788
1789         data->m = m0;
1790         data->ni = ni;
1791
1792         desc->hdr.type = IWI_HDR_TYPE_DATA;
1793         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1794         desc->station =
1795             (ic->ic_opmode == IEEE80211_M_IBSS) ? in->in_station : 0;
1796         desc->cmd = IWI_DATA_CMD_TX;
1797         desc->len = htole16(m0->m_pkthdr.len);
1798         desc->flags = 0;
1799         desc->xflags = 0;
1800
1801         if (!noack && !IEEE80211_IS_MULTICAST(desc->wh.i_addr1))
1802                 desc->flags |= IWI_DATA_FLAG_NEED_ACK;
1803
1804 #if 0
1805         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
1806                 desc->wh.i_fc[1] |= IEEE80211_FC1_WEP;
1807                 desc->weptxkey = ic->ic_crypto.cs_def_txkey;
1808         } else
1809 #endif
1810                 desc->flags |= IWI_DATA_FLAG_NO_WEP;
1811
1812         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1813                 desc->flags |= IWI_DATA_FLAG_SHPREAMBLE;
1814
1815         if (desc->wh.i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS)
1816                 desc->xflags |= IWI_DATA_XFLAG_QOS;
1817
1818         desc->nseg = htole32(map.nseg);
1819         for (i = 0; i < map.nseg; i++) {
1820                 desc->seg_addr[i] = htole32(map.segs[i].ds_addr);
1821                 desc->seg_len[i]  = htole16(map.segs[i].ds_len);
1822         }
1823
1824         bus_dmamap_sync(txq->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
1825         bus_dmamap_sync(txq->desc_dmat, txq->desc_map, BUS_DMASYNC_PREWRITE);
1826
1827         DPRINTFN(5, ("sending data frame txq=%u idx=%u len=%u nseg=%u\n",
1828             ac, txq->cur, le16toh(desc->len), map.nseg));
1829
1830         txq->queued++;
1831         txq->cur = (txq->cur + 1) % IWI_TX_RING_COUNT;
1832         CSR_WRITE_4(sc, txq->csr_widx, txq->cur);
1833
1834         return 0;
1835 }
1836
1837 static void
1838 iwi_start(struct ifnet *ifp)
1839 {
1840         struct iwi_softc *sc = ifp->if_softc;
1841         struct ieee80211com *ic = &sc->sc_ic;
1842         struct mbuf *m0;
1843         struct ether_header *eh;
1844         struct ieee80211_node *ni;
1845         int ac;
1846
1847         ieee80211_drain_mgtq(&ic->ic_mgtq);
1848         if (ic->ic_state != IEEE80211_S_RUN) {
1849                 ifq_purge(&ifp->if_snd);
1850                 return;
1851         }
1852
1853         for (;;) {
1854                 m0 = ifq_dequeue(&ifp->if_snd, NULL);
1855                 if (m0 == NULL)
1856                         break;
1857
1858                 if (m0->m_len < sizeof (struct ether_header) &&
1859                     (m0 = m_pullup(m0, sizeof (struct ether_header))) == NULL) {
1860                         ifp->if_oerrors++;
1861                         continue;
1862                 }
1863                 eh = mtod(m0, struct ether_header *);
1864                 ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1865                 if (ni == NULL) {
1866                         m_freem(m0);
1867                         ifp->if_oerrors++;
1868                         continue;
1869                 }
1870
1871                 /* classify mbuf so we can find which tx ring to use */
1872                 if (ieee80211_classify(ic, m0, ni) != 0) {
1873                         m_freem(m0);
1874                         ieee80211_free_node(ni);
1875                         ifp->if_oerrors++;
1876                         continue;
1877                 }
1878
1879                 /* no QoS encapsulation for EAPOL frames */
1880                 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ?
1881                     M_WME_GETAC(m0) : WME_AC_BE;
1882
1883                 if (sc->txq[ac].queued > IWI_TX_RING_COUNT - 8) {
1884                         /* there is no place left in this ring */
1885                         m_freem(m0);
1886                         ieee80211_free_node(ni);
1887                         ifp->if_flags |= IFF_OACTIVE;
1888                         break;
1889                 }
1890
1891                 BPF_MTAP(ifp, m0);
1892
1893                 m0 = ieee80211_encap(ic, m0, ni);
1894                 if (m0 == NULL) {
1895                         ieee80211_free_node(ni);
1896                         ifp->if_oerrors++;
1897                         continue;
1898                 }
1899
1900                 if (ic->ic_rawbpf != NULL)
1901                         bpf_mtap(ic->ic_rawbpf, m0);
1902
1903                 if (iwi_tx_start(ifp, m0, ni, ac) != 0) {
1904                         ieee80211_free_node(ni);
1905                         ifp->if_oerrors++;
1906                         break;
1907                 }
1908
1909                 sc->sc_tx_timer = 5;
1910                 ifp->if_timer = 1;
1911         }
1912 }
1913
1914 static void
1915 iwi_watchdog(struct ifnet *ifp)
1916 {
1917         struct iwi_softc *sc = ifp->if_softc;
1918         struct ieee80211com *ic = &sc->sc_ic;
1919
1920         ifp->if_timer = 0;
1921
1922         if (sc->sc_tx_timer > 0) {
1923                 if (--sc->sc_tx_timer == 0) {
1924                         if_printf(ifp, "device timeout\n");
1925                         ifp->if_oerrors++;
1926                         sc->flags |= IWI_FLAG_RESET;
1927                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1928                         return;
1929                 }
1930                 ifp->if_timer = 1;
1931         }
1932
1933         ieee80211_watchdog(ic);
1934 }
1935
1936 static int
1937 iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1938 {
1939         struct iwi_softc *sc = ifp->if_softc;
1940         struct ieee80211com *ic = &sc->sc_ic;
1941         struct ifreq *ifr;
1942         int error = 0;
1943
1944         switch (cmd) {
1945         case SIOCSIFFLAGS:
1946                 if (ifp->if_flags & IFF_UP) {
1947                         if (!(ifp->if_flags & IFF_RUNNING))
1948                                 iwi_init(sc);
1949                 } else {
1950                         if (ifp->if_flags & IFF_RUNNING)
1951                                 iwi_stop(sc);
1952                 }
1953                 break;
1954
1955         case SIOCSLOADFW:
1956                 /* only super-user can do that! */
1957                 error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
1958                 if (error != 0)
1959                         break;
1960
1961                 ifr = (struct ifreq *)data;
1962                 error = iwi_cache_firmware(sc, ifr->ifr_data);
1963                 break;
1964
1965         case SIOCSKILLFW:
1966                 /* only super-user can do that! */
1967                 error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY);
1968                 if (error != 0)
1969                         break;
1970
1971                 ifp->if_flags &= ~IFF_UP;
1972                 iwi_stop(sc);
1973                 iwi_free_firmware(sc);
1974                 break;
1975
1976         default:
1977                 error = ieee80211_ioctl(ic, cmd, data, cr);
1978         }
1979
1980         if (error == ENETRESET) {
1981                 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1982                     (IFF_UP | IFF_RUNNING) &&
1983                     (ic->ic_roaming != IEEE80211_ROAMING_MANUAL))
1984                         iwi_init(sc);
1985                 error = 0;
1986         }
1987
1988         return error;
1989 }
1990
1991 static void
1992 iwi_stop_master(struct iwi_softc *sc)
1993 {
1994         uint32_t tmp;
1995         int ntries;
1996
1997         /* disable interrupts */
1998         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1999
2000         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_STOP_MASTER);
2001         for (ntries = 0; ntries < 5; ntries++) {
2002                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
2003                         break;
2004                 DELAY(10);
2005         }
2006         if (ntries == 5)
2007                 if_printf(&sc->sc_ic.ic_if, "timeout waiting for master\n");
2008
2009         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2010         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_PRINCETON_RESET);
2011
2012         sc->flags &= ~IWI_FLAG_FW_INITED;
2013 }
2014
2015 static int
2016 iwi_reset(struct iwi_softc *sc)
2017 {
2018         uint32_t tmp;
2019         int i, ntries;
2020
2021         iwi_stop_master(sc);
2022
2023         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2024         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2025
2026         CSR_WRITE_4(sc, IWI_CSR_READ_INT, IWI_READ_INT_INIT_HOST);
2027
2028         /* Wait for clock stabilization */
2029         for (ntries = 0; ntries < 1000; ntries++) {
2030                 if (CSR_READ_4(sc, IWI_CSR_CTL) & IWI_CTL_CLOCK_READY)
2031                         break;
2032                 DELAY(200);
2033         }
2034         if (ntries == 1000) {
2035                 if_printf(&sc->sc_ic.ic_if,
2036                           "timeout waiting for clock stabilization\n");
2037                 return EIO;
2038         }
2039
2040         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2041         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_SOFT_RESET);
2042
2043         DELAY(10);
2044
2045         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2046         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2047
2048         /* Clear NIC memory */
2049         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0);
2050         for (i = 0; i < 0xc000; i++)
2051                 CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2052
2053         return 0;
2054 }
2055
2056 static int
2057 iwi_load_ucode(struct iwi_softc *sc, void *uc, int size)
2058 {
2059         uint32_t tmp;
2060         uint16_t *w;
2061         int ntries, i;
2062
2063         CSR_WRITE_4(sc, IWI_CSR_RST, CSR_READ_4(sc, IWI_CSR_RST) |
2064             IWI_RST_STOP_MASTER);
2065         for (ntries = 0; ntries < 5; ntries++) {
2066                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
2067                         break;
2068                 DELAY(10);
2069         }
2070         if (ntries == 5) {
2071                 device_printf(sc->sc_dev, "timeout waiting for master\n");
2072                 return EIO;
2073         }
2074
2075         MEM_WRITE_4(sc, 0x3000e0, 0x80000000);
2076         DELAY(5000);
2077
2078         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2079         tmp &= ~IWI_RST_PRINCETON_RESET;
2080         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2081
2082         DELAY(5000);
2083         MEM_WRITE_4(sc, 0x3000e0, 0);
2084         DELAY(1000);
2085         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 1);
2086         DELAY(1000);
2087         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 0);
2088         DELAY(1000);
2089         MEM_WRITE_1(sc, 0x200000, 0x00);
2090         MEM_WRITE_1(sc, 0x200000, 0x40);
2091         DELAY(1000);
2092
2093         /* write microcode into adapter memory */
2094         for (w = uc; size > 0; w++, size -= 2)
2095                 MEM_WRITE_2(sc, 0x200010, htole16(*w));
2096
2097         MEM_WRITE_1(sc, 0x200000, 0x00);
2098         MEM_WRITE_1(sc, 0x200000, 0x80);
2099
2100         /* wait until we get an answer */
2101         for (ntries = 0; ntries < 100; ntries++) {
2102                 if (MEM_READ_1(sc, 0x200000) & 1)
2103                         break;
2104                 DELAY(100);
2105         }
2106         if (ntries == 100) {
2107                 device_printf(sc->sc_dev,
2108                     "timeout waiting for ucode to initialize\n");
2109                 return EIO;
2110         }
2111
2112         /* read the answer or the firmware will not initialize properly */
2113         for (i = 0; i < 7; i++)
2114                 MEM_READ_4(sc, 0x200004);
2115
2116         MEM_WRITE_1(sc, 0x200000, 0x00);
2117
2118         return 0;
2119 }
2120
2121 /* macro to handle unaligned little endian data in firmware image */
2122 #define GETLE32(p) ((p)[0] | (p)[1] << 8 | (p)[2] << 16 | (p)[3] << 24)
2123
2124 static int
2125 iwi_load_firmware(struct iwi_softc *sc, void *fw, int size)
2126 {
2127         bus_dma_tag_t dmat;
2128         bus_dmamap_t map;
2129         bus_addr_t physaddr;
2130         void *virtaddr;
2131         u_char *p, *end;
2132         uint32_t sentinel, ctl, src, dst, sum, len, mlen, tmp;
2133         int ntries, error = 0;
2134         struct ifnet *ifp = &sc->sc_ic.ic_if;
2135
2136         ASSERT_SERIALIZED(ifp->if_serializer);
2137
2138         /* Allocate DMA memory for mapping firmware image */
2139         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
2140             BUS_SPACE_MAXADDR, NULL, NULL, size, 1, size, 0, &dmat);
2141         if (error != 0) {
2142                 device_printf(sc->sc_dev,
2143                     "could not create firmware DMA tag\n");
2144                 goto fail1;
2145         }
2146
2147         error = bus_dmamem_alloc(dmat, &virtaddr, BUS_DMA_WAITOK, &map);
2148         if (error != 0) {
2149                 device_printf(sc->sc_dev,
2150                     "could not allocate firmware DMA memory\n");
2151                 goto fail2;
2152         }
2153
2154         error = bus_dmamap_load(dmat, map, virtaddr, size, iwi_dma_map_addr,
2155             &physaddr, 0);
2156         if (error != 0) {
2157                 device_printf(sc->sc_dev, "could not load firmware DMA map\n");
2158                 goto fail3;
2159         }
2160
2161         /* Copy firmware image to DMA memory */
2162         memcpy(virtaddr, fw, size);
2163
2164         /* Make sure the adapter will get up-to-date values */
2165         bus_dmamap_sync(dmat, map, BUS_DMASYNC_PREWRITE);
2166
2167         /* Tell the adapter where the command blocks are stored */
2168         MEM_WRITE_4(sc, 0x3000a0, 0x27000);
2169
2170         /*
2171          * Store command blocks into adapter's internal memory using register
2172          * indirections. The adapter will read the firmware image through DMA
2173          * using information stored in command blocks.
2174          */
2175         src = physaddr;
2176         p = virtaddr;
2177         end = p + size;
2178         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0x27000);
2179
2180         while (p < end) {
2181                 dst = GETLE32(p); p += 4; src += 4;
2182                 len = GETLE32(p); p += 4; src += 4;
2183                 p += len;
2184
2185                 while (len > 0) {
2186                         mlen = min(len, IWI_CB_MAXDATALEN);
2187
2188                         ctl = IWI_CB_DEFAULT_CTL | mlen;
2189                         sum = ctl ^ src ^ dst;
2190
2191                         /* Write a command block */
2192                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, ctl);
2193                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, src);
2194                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, dst);
2195                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, sum);
2196
2197                         src += mlen;
2198                         dst += mlen;
2199                         len -= mlen;
2200                 }
2201         }
2202
2203         /* Write a fictive final command block (sentinel) */
2204         sentinel = CSR_READ_4(sc, IWI_CSR_AUTOINC_ADDR);
2205         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2206
2207         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2208         tmp &= ~(IWI_RST_MASTER_DISABLED | IWI_RST_STOP_MASTER);
2209         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2210
2211         /* Tell the adapter to start processing command blocks */
2212         MEM_WRITE_4(sc, 0x3000a4, 0x540100);
2213
2214         /* Wait until the adapter reaches the sentinel */
2215         for (ntries = 0; ntries < 400; ntries++) {
2216                 if (MEM_READ_4(sc, 0x3000d0) >= sentinel)
2217                         break;
2218                 DELAY(100);
2219         }
2220         if (ntries == 400) {
2221                 device_printf(sc->sc_dev,
2222                     "timeout processing command blocks\n");
2223                 error = EIO;
2224                 goto fail4;
2225         }
2226
2227         /* We're done with command blocks processing */
2228         MEM_WRITE_4(sc, 0x3000a4, 0x540c00);
2229
2230         /* Allow interrupts so we know when the firmware is ready */
2231         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
2232
2233         /* Tell the adapter to initialize the firmware */
2234         CSR_WRITE_4(sc, IWI_CSR_RST, 0);
2235
2236         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2237         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_ALLOW_STANDBY);
2238
2239         /* wait at most one second for firmware initialization to complete */
2240         crit_enter();
2241         tsleep_interlock(IWI_FW_INITIALIZED(sc));
2242         lwkt_serialize_exit(ifp->if_serializer);
2243         error = tsleep(IWI_FW_INITIALIZED(sc), 0, "iwiinit", hz);
2244         crit_exit();
2245         lwkt_serialize_enter(ifp->if_serializer);
2246         if (error != 0) {
2247                 device_printf(sc->sc_dev, "timeout waiting for firmware "
2248                     "initialization to complete\n");
2249                 goto fail4;
2250         }
2251
2252 fail4:  bus_dmamap_sync(dmat, map, BUS_DMASYNC_POSTWRITE);
2253         bus_dmamap_unload(dmat, map);
2254 fail3:  bus_dmamem_free(dmat, virtaddr, map);
2255 fail2:  bus_dma_tag_destroy(dmat);
2256 fail1:
2257         return error;
2258 }
2259
2260 /*
2261  * Store firmware into kernel memory so we can download it when we need to,
2262  * e.g when the adapter wakes up from suspend mode.
2263  */
2264 static int
2265 iwi_cache_firmware(struct iwi_softc *sc, void *data)
2266 {
2267         struct iwi_firmware *kfw = &sc->fw;
2268         struct iwi_firmware ufw;
2269         int error;
2270
2271         iwi_free_firmware(sc);
2272
2273         if ((error = copyin(data, &ufw, sizeof ufw)) != 0)
2274                 return error;
2275
2276         kfw->boot_size  = ufw.boot_size;
2277         kfw->ucode_size = ufw.ucode_size;
2278         kfw->main_size  = ufw.main_size;
2279
2280         kfw->boot = kmalloc(kfw->boot_size, M_DEVBUF, M_WAITOK);
2281         kfw->ucode = kmalloc(kfw->ucode_size, M_DEVBUF, M_WAITOK);
2282         kfw->main = kmalloc(kfw->main_size, M_DEVBUF, M_WAITOK);
2283
2284         if ((error = copyin(ufw.boot, kfw->boot, kfw->boot_size)) != 0)
2285                 goto fail;
2286
2287         if ((error = copyin(ufw.ucode, kfw->ucode, kfw->ucode_size)) != 0)
2288                 goto fail;
2289
2290         if ((error = copyin(ufw.main, kfw->main, kfw->main_size)) != 0)
2291                 goto fail;
2292
2293         DPRINTF(("Firmware cached: boot %u, ucode %u, main %u\n",
2294             kfw->boot_size, kfw->ucode_size, kfw->main_size));
2295
2296         sc->flags |= IWI_FLAG_FW_CACHED;
2297
2298         return 0;
2299
2300 fail:
2301         kfree(kfw->boot, M_DEVBUF);
2302         kfree(kfw->ucode, M_DEVBUF);
2303         kfree(kfw->main, M_DEVBUF);
2304
2305         return error;
2306 }
2307
2308 static void
2309 iwi_free_firmware(struct iwi_softc *sc)
2310 {
2311         if (!(sc->flags & IWI_FLAG_FW_CACHED))
2312                 return;
2313
2314         kfree(sc->fw.boot, M_DEVBUF);
2315         kfree(sc->fw.ucode, M_DEVBUF);
2316         kfree(sc->fw.main, M_DEVBUF);
2317
2318         sc->flags &= ~IWI_FLAG_FW_CACHED;
2319 }
2320
2321 static int
2322 iwi_config(struct iwi_softc *sc)
2323 {
2324         struct ieee80211com *ic = &sc->sc_ic;
2325         struct ifnet *ifp = ic->ic_ifp;
2326         struct iwi_configuration config;
2327         struct iwi_rateset rs;
2328         struct iwi_txpower power;
2329         struct ieee80211_key *wk;
2330         struct iwi_wep_key wepkey;
2331         uint32_t data;
2332         int error, i;
2333
2334         IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
2335         DPRINTF(("Setting MAC address to %6D\n", ic->ic_myaddr, ":"));
2336         error = iwi_cmd(sc, IWI_CMD_SET_MAC_ADDRESS, ic->ic_myaddr,
2337             IEEE80211_ADDR_LEN, 0);
2338         if (error != 0)
2339                 return error;
2340
2341         memset(&config, 0, sizeof config);
2342         config.bluetooth_coexistence = sc->bluetooth;
2343         config.antenna = sc->antenna;
2344         config.multicast_enabled = 1;
2345         config.answer_pbreq = (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2346         config.disable_unicast_decryption = 1;
2347         config.disable_multicast_decryption = 1;
2348         DPRINTF(("Configuring adapter\n"));
2349         error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config, 0);
2350         if (error != 0)
2351                 return error;
2352
2353         data = htole32(IWI_POWER_MODE_CAM);
2354         DPRINTF(("Setting power mode to %u\n", le32toh(data)));
2355         error = iwi_cmd(sc, IWI_CMD_SET_POWER_MODE, &data, sizeof data, 0);
2356         if (error != 0)
2357                 return error;
2358
2359         data = htole32(ic->ic_rtsthreshold);
2360         DPRINTF(("Setting RTS threshold to %u\n", le32toh(data)));
2361         error = iwi_cmd(sc, IWI_CMD_SET_RTS_THRESHOLD, &data, sizeof data, 0);
2362         if (error != 0)
2363                 return error;
2364
2365         data = htole32(ic->ic_fragthreshold);
2366         DPRINTF(("Setting fragmentation threshold to %u\n", le32toh(data)));
2367         error = iwi_cmd(sc, IWI_CMD_SET_FRAG_THRESHOLD, &data, sizeof data, 0);
2368         if (error != 0)
2369                 return error;
2370
2371         if (ic->ic_opmode == IEEE80211_M_IBSS) {
2372                 power.mode = IWI_MODE_11B;
2373                 power.nchan = 11;
2374                 for (i = 0; i < 11; i++) {
2375                         power.chan[i].chan = i + 1;
2376                         power.chan[i].power = IWI_TXPOWER_MAX;
2377                 }
2378                 DPRINTF(("Setting .11b channels tx power\n"));
2379                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2380                     0);
2381                 if (error != 0)
2382                         return error;
2383
2384                 power.mode = IWI_MODE_11G;
2385                 DPRINTF(("Setting .11g channels tx power\n"));
2386                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2387                     0);
2388                 if (error != 0)
2389                         return error;
2390         }
2391
2392         rs.mode = IWI_MODE_11G;
2393         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2394         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11G].rs_nrates;
2395         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11G].rs_rates,
2396             rs.nrates);
2397         DPRINTF(("Setting .11bg supported rates (%u)\n", rs.nrates));
2398         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2399         if (error != 0)
2400                 return error;
2401
2402         rs.mode = IWI_MODE_11A;
2403         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2404         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11A].rs_nrates;
2405         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11A].rs_rates,
2406             rs.nrates);
2407         DPRINTF(("Setting .11a supported rates (%u)\n", rs.nrates));
2408         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2409         if (error != 0)
2410                 return error;
2411
2412         /* if we have a desired ESSID, set it now */
2413         if (ic->ic_des_esslen != 0) {
2414 #ifdef IWI_DEBUG
2415                 if (iwi_debug > 0) {
2416                         kprintf("Setting desired ESSID to ");
2417                         ieee80211_print_essid(ic->ic_des_essid,
2418                             ic->ic_des_esslen);
2419                         kprintf("\n");
2420                 }
2421 #endif
2422                 error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ic->ic_des_essid,
2423                     ic->ic_des_esslen, 0);
2424                 if (error != 0)
2425                         return error;
2426         }
2427
2428         data = htole32(karc4random());
2429         DPRINTF(("Setting initialization vector to %u\n", le32toh(data)));
2430         error = iwi_cmd(sc, IWI_CMD_SET_IV, &data, sizeof data, 0);
2431         if (error != 0)
2432                 return error;
2433
2434         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2435                 wk = &ic->ic_crypto.cs_nw_keys[i];
2436
2437                 wepkey.cmd = IWI_WEP_KEY_CMD_SETKEY;
2438                 wepkey.idx = i;
2439                 wepkey.len = wk->wk_keylen;
2440                 memset(wepkey.key, 0, sizeof wepkey.key);
2441                 memcpy(wepkey.key, wk->wk_key, wk->wk_keylen);
2442                 DPRINTF(("Setting wep key index %u len %u\n", wepkey.idx,
2443                     wepkey.len));
2444                 error = iwi_cmd(sc, IWI_CMD_SET_WEP_KEY, &wepkey,
2445                     sizeof wepkey, 0);
2446                 if (error != 0)
2447                         return error;
2448         }
2449
2450         /* Enable adapter */
2451         DPRINTF(("Enabling adapter\n"));
2452         return iwi_cmd(sc, IWI_CMD_ENABLE, NULL, 0, 0);
2453 }
2454
2455 static int
2456 iwi_set_chan(struct iwi_softc *sc, struct ieee80211_channel *chan)
2457 {
2458         struct ieee80211com *ic = &sc->sc_ic;
2459         struct iwi_scan scan;
2460
2461         memset(&scan, 0, sizeof scan);
2462         memset(scan.type, IWI_SCAN_TYPE_PASSIVE, sizeof scan.type);
2463         scan.passive = htole16(2000);
2464         scan.channels[0] = 1 |
2465             (IEEE80211_IS_CHAN_5GHZ(chan) ? IWI_CHAN_5GHZ : IWI_CHAN_2GHZ);
2466         scan.channels[1] = ieee80211_chan2ieee(ic, chan);
2467
2468         DPRINTF(("Setting channel to %u\n", ieee80211_chan2ieee(ic, chan)));
2469         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2470 }
2471
2472 static int
2473 iwi_scan(struct iwi_softc *sc)
2474 {
2475         struct ieee80211com *ic = &sc->sc_ic;
2476         struct iwi_scan scan;
2477         uint8_t *p;
2478         int i, count;
2479
2480         memset(&scan, 0, sizeof scan);
2481
2482         if (ic->ic_des_esslen != 0) {
2483                 scan.bdirected = htole16(sc->dwelltime);
2484                 memset(scan.type, IWI_SCAN_TYPE_BDIRECTED, sizeof scan.type);
2485         } else {
2486                 scan.broadcast = htole16(sc->dwelltime);
2487                 memset(scan.type, IWI_SCAN_TYPE_BROADCAST, sizeof scan.type);
2488         }
2489
2490         p = scan.channels;
2491         count = 0;
2492         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2493                 if (IEEE80211_IS_CHAN_5GHZ(&ic->ic_channels[i]) &&
2494                     isset(ic->ic_chan_active, i)) {
2495                         *++p = i;
2496                         count++;
2497                 }
2498         }
2499         *(p - count) = IWI_CHAN_5GHZ | count;
2500
2501         p = (count > 0) ? p + 1 : scan.channels;
2502         count = 0;
2503         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2504                 if (IEEE80211_IS_CHAN_2GHZ(&ic->ic_channels[i]) &&
2505                     isset(ic->ic_chan_active, i)) {
2506                         *++p = i;
2507                         count++;
2508                 }
2509         }
2510         *(p - count) = IWI_CHAN_2GHZ | count;
2511
2512         DPRINTF(("Start scanning\n"));
2513         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2514 }
2515
2516 static int
2517 iwi_auth_and_assoc(struct iwi_softc *sc)
2518 {
2519         struct ieee80211com *ic = &sc->sc_ic;
2520         struct ifnet *ifp = ic->ic_ifp;
2521         struct ieee80211_node *ni = ic->ic_bss;
2522         struct ieee80211_wme_info wme;
2523         struct iwi_configuration config;
2524         struct iwi_associate assoc;
2525         struct iwi_rateset rs;
2526         uint16_t capinfo;
2527         uint32_t data;
2528         int error;
2529
2530         if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
2531                 memset(&config, 0, sizeof config);
2532                 config.bluetooth_coexistence = sc->bluetooth;
2533                 config.antenna = sc->antenna;
2534                 config.multicast_enabled = 1;
2535                 config.use_protection = 1;
2536                 config.answer_pbreq =
2537                     (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2538                 config.disable_unicast_decryption = 1;
2539                 config.disable_multicast_decryption = 1;
2540                 DPRINTF(("Configuring adapter\n"));
2541                 error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config,
2542                     1);
2543                 if (error != 0)
2544                         return error;
2545         }
2546
2547 #ifdef IWI_DEBUG
2548         if (iwi_debug > 0) {
2549                 kprintf("Setting ESSID to ");
2550                 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
2551                 kprintf("\n");
2552         }
2553 #endif
2554         error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ni->ni_essid, ni->ni_esslen, 1);
2555         if (error != 0)
2556                 return error;
2557
2558         /* the rate set has already been "negotiated" */
2559         rs.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2560             IWI_MODE_11G;
2561         rs.type = IWI_RATESET_TYPE_NEGOTIATED;
2562         rs.nrates = ni->ni_rates.rs_nrates;
2563         KKASSERT(rs.nrates <= IWI_RATESET_MAXSIZE);
2564         memcpy(rs.rates, ni->ni_rates.rs_rates, rs.nrates);
2565         DPRINTF(("Setting negociated rates (%u)\n", rs.nrates));
2566         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 1);
2567         if (error != 0)
2568                 return error;
2569
2570         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) {
2571                 wme.wme_id = IEEE80211_ELEMID_VENDOR;
2572                 wme.wme_len = sizeof (struct ieee80211_wme_info) - 2;
2573                 wme.wme_oui[0] = 0x00;
2574                 wme.wme_oui[1] = 0x50;
2575                 wme.wme_oui[2] = 0xf2;
2576                 wme.wme_type = WME_OUI_TYPE;
2577                 wme.wme_subtype = WME_INFO_OUI_SUBTYPE;
2578                 wme.wme_version = WME_VERSION;
2579                 wme.wme_info = 0;
2580
2581                 DPRINTF(("Setting WME IE (len=%u)\n", wme.wme_len));
2582                 error = iwi_cmd(sc, IWI_CMD_SET_WMEIE, &wme, sizeof wme, 1);
2583                 if (error != 0)
2584                         return error;
2585         }
2586
2587         if (ic->ic_opt_ie != NULL) {
2588                 DPRINTF(("Setting optional IE (len=%u)\n", ic->ic_opt_ie_len));
2589                 error = iwi_cmd(sc, IWI_CMD_SET_OPTIE, ic->ic_opt_ie,
2590                     ic->ic_opt_ie_len, 1);
2591                 if (error != 0)
2592                         return error;
2593         }
2594
2595         data = htole32(ni->ni_rssi);
2596         DPRINTF(("Setting sensitivity to %d\n", (int8_t)ni->ni_rssi));
2597         error = iwi_cmd(sc, IWI_CMD_SET_SENSITIVITY, &data, sizeof data, 1);
2598         if (error != 0)
2599                 return error;
2600
2601         memset(&assoc, 0, sizeof assoc);
2602         assoc.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2603             IWI_MODE_11G;
2604         assoc.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
2605         if (ni->ni_authmode == IEEE80211_AUTH_SHARED)
2606                 assoc.auth = ic->ic_crypto.cs_def_txkey << 4 | IWI_AUTH_SHARED;
2607         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
2608                 assoc.policy |= htole16(IWI_POLICY_WME);
2609         if (ic->ic_flags & IEEE80211_F_WPA)
2610                 assoc.policy |= htole16(IWI_POLICY_WPA);
2611         memcpy(assoc.tstamp, ni->ni_tstamp.data, 8);
2612
2613         if (ic->ic_opmode == IEEE80211_M_IBSS)
2614                 capinfo = IEEE80211_CAPINFO_IBSS;
2615         else
2616                 capinfo = IEEE80211_CAPINFO_ESS;
2617         if (ic->ic_flags & IEEE80211_F_PRIVACY)
2618                 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2619         if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2620             IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2621                 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2622         if (ic->ic_flags & IEEE80211_F_SHSLOT)
2623                 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2624         assoc.capinfo = htole16(capinfo);
2625
2626         assoc.lintval = htole16(ic->ic_lintval);
2627         assoc.intval = htole16(ni->ni_intval);
2628         IEEE80211_ADDR_COPY(assoc.bssid, ni->ni_bssid);
2629         if (ic->ic_opmode == IEEE80211_M_IBSS)
2630                 IEEE80211_ADDR_COPY(assoc.dst, ifp->if_broadcastaddr);
2631         else
2632                 IEEE80211_ADDR_COPY(assoc.dst, ni->ni_bssid);
2633
2634         DPRINTF(("Trying to associate to %6D channel %u auth %u\n",
2635             assoc.bssid, ":", assoc.chan, assoc.auth));
2636         return iwi_cmd(sc, IWI_CMD_ASSOCIATE, &assoc, sizeof assoc, 1);
2637 }
2638
2639 static void
2640 iwi_init(void *priv)
2641 {
2642         struct iwi_softc *sc = priv;
2643         struct ieee80211com *ic = &sc->sc_ic;
2644         struct ifnet *ifp = ic->ic_ifp;
2645         struct iwi_firmware *fw = &sc->fw;
2646         struct iwi_rx_data *data;
2647         int i;
2648
2649         /* exit immediately if firmware has not been ioctl'd */
2650         if (!(sc->flags & IWI_FLAG_FW_CACHED)) {
2651                 if (!(sc->flags & IWI_FLAG_FW_WARNED))
2652                         device_printf(sc->sc_dev, "Please load firmware\n");
2653                 sc->flags |= IWI_FLAG_FW_WARNED;
2654                 ifp->if_flags &= ~IFF_UP;
2655                 return;
2656         }
2657
2658         iwi_stop(sc);
2659
2660         if (iwi_reset(sc) != 0) {
2661                 device_printf(sc->sc_dev, "could not reset adapter\n");
2662                 goto fail;
2663         }
2664
2665         if (iwi_load_firmware(sc, fw->boot, fw->boot_size) != 0) {
2666                 device_printf(sc->sc_dev, "could not load boot firmware\n");
2667                 goto fail;
2668         }
2669
2670         if (iwi_load_ucode(sc, fw->ucode, fw->ucode_size) != 0) {
2671                 device_printf(sc->sc_dev, "could not load microcode\n");
2672                 goto fail;
2673         }
2674
2675         iwi_stop_master(sc);
2676
2677         CSR_WRITE_4(sc, IWI_CSR_CMD_BASE, sc->cmdq.physaddr);
2678         CSR_WRITE_4(sc, IWI_CSR_CMD_SIZE, sc->cmdq.count);
2679         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
2680
2681         CSR_WRITE_4(sc, IWI_CSR_TX1_BASE, sc->txq[0].physaddr);
2682         CSR_WRITE_4(sc, IWI_CSR_TX1_SIZE, sc->txq[0].count);
2683         CSR_WRITE_4(sc, IWI_CSR_TX1_WIDX, sc->txq[0].cur);
2684
2685         CSR_WRITE_4(sc, IWI_CSR_TX2_BASE, sc->txq[1].physaddr);
2686         CSR_WRITE_4(sc, IWI_CSR_TX2_SIZE, sc->txq[1].count);
2687         CSR_WRITE_4(sc, IWI_CSR_TX2_WIDX, sc->txq[1].cur);
2688
2689         CSR_WRITE_4(sc, IWI_CSR_TX3_BASE, sc->txq[2].physaddr);
2690         CSR_WRITE_4(sc, IWI_CSR_TX3_SIZE, sc->txq[2].count);
2691         CSR_WRITE_4(sc, IWI_CSR_TX3_WIDX, sc->txq[2].cur);
2692
2693         CSR_WRITE_4(sc, IWI_CSR_TX4_BASE, sc->txq[3].physaddr);
2694         CSR_WRITE_4(sc, IWI_CSR_TX4_SIZE, sc->txq[3].count);
2695         CSR_WRITE_4(sc, IWI_CSR_TX4_WIDX, sc->txq[3].cur);
2696
2697         for (i = 0; i < sc->rxq.count; i++) {
2698                 data = &sc->rxq.data[i];
2699                 CSR_WRITE_4(sc, data->reg, data->physaddr);
2700         }
2701
2702         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, sc->rxq.count - 1);
2703
2704         if (iwi_load_firmware(sc, fw->main, fw->main_size) != 0) {
2705                 device_printf(sc->sc_dev, "could not load main firmware\n");
2706                 goto fail;
2707         }
2708
2709         sc->flags |= IWI_FLAG_FW_INITED;
2710
2711         if (iwi_config(sc) != 0) {
2712                 device_printf(sc->sc_dev, "device configuration failed\n");
2713                 goto fail;
2714         }
2715
2716         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2717                 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
2718                         ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2719         } else
2720                 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
2721
2722         ifp->if_flags &= ~IFF_OACTIVE;
2723         ifp->if_flags |= IFF_RUNNING;
2724
2725         return;
2726
2727 fail:   ifp->if_flags &= ~IFF_UP;
2728         iwi_stop(sc);
2729 }
2730
2731 static void
2732 iwi_stop(void *priv)
2733 {
2734         struct iwi_softc *sc = priv;
2735         struct ieee80211com *ic = &sc->sc_ic;
2736         struct ifnet *ifp = ic->ic_ifp;
2737
2738         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2739
2740         iwi_stop_master(sc);
2741
2742         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_SOFT_RESET);
2743
2744         /* reset rings */
2745         iwi_reset_cmd_ring(sc, &sc->cmdq);
2746         iwi_reset_tx_ring(sc, &sc->txq[0]);
2747         iwi_reset_tx_ring(sc, &sc->txq[1]);
2748         iwi_reset_tx_ring(sc, &sc->txq[2]);
2749         iwi_reset_tx_ring(sc, &sc->txq[3]);
2750         iwi_reset_rx_ring(sc, &sc->rxq);
2751
2752         sc->sc_tx_timer = 0;
2753         ifp->if_timer = 0;
2754         ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
2755 }
2756
2757 static int
2758 iwi_sysctl_stats(SYSCTL_HANDLER_ARGS)
2759 {
2760         struct iwi_softc *sc = arg1;
2761         struct ifnet *ifp = &sc->sc_ic.ic_if;
2762         uint32_t size, buf[128];
2763
2764         lwkt_serialize_enter(ifp->if_serializer);
2765
2766         if (!(sc->flags & IWI_FLAG_FW_INITED)) {
2767                 memset(buf, 0, sizeof buf);
2768                 goto back;
2769         }
2770
2771         size = min(CSR_READ_4(sc, IWI_CSR_TABLE0_SIZE), 128 - 1);
2772         CSR_READ_REGION_4(sc, IWI_CSR_TABLE0_BASE, &buf[1], size);
2773 back:
2774         lwkt_serialize_exit(ifp->if_serializer);
2775         return SYSCTL_OUT(req, buf, sizeof buf);
2776 }
2777
2778 static int
2779 iwi_sysctl_radio(SYSCTL_HANDLER_ARGS)
2780 {
2781         struct iwi_softc *sc = arg1;
2782         struct ifnet *ifp = &sc->sc_ic.ic_if;
2783         int val;
2784
2785         lwkt_serialize_enter(ifp->if_serializer);
2786         val = (CSR_READ_4(sc, IWI_CSR_IO) & IWI_IO_RADIO_ENABLED) ? 1 : 0;
2787         lwkt_serialize_exit(ifp->if_serializer);
2788
2789         return SYSCTL_OUT(req, &val, sizeof val);
2790 }
2791
2792 static const int8_t     iwi_bitmap[256] = {
2793         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2794         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2795         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2796         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2797         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2798         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2799         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2800         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 7, 
2801         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2802         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2803         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2804         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2805         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2806         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2807         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2808         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, -1
2809 };
2810
2811 static int
2812 iwi_alloc_ibss_node(struct iwi_softc *sc)
2813 {
2814         int i;
2815
2816         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2817
2818         for (i = 0; i < IWI_MAX_IBSSNODE_NBYTE; ++i) {
2819                 int ret;
2820
2821                 ret = iwi_bitmap[sc->sc_ibss_node[i]];
2822                 if (ret != -1) {
2823                         sc->sc_ibss_node[i] |= (1 << ret);
2824                         ret += (i * NBBY);
2825                         return ret;
2826                 }
2827         }
2828         return -1;
2829 }
2830
2831 static void
2832 iwi_free_ibss_node(struct iwi_softc *sc, int ibss_node)
2833 {
2834         int i, b;
2835
2836         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2837         KASSERT(ibss_node < IWI_MAX_IBSSNODE, ("free ibss node, out of range"));
2838
2839         i = ibss_node / NBBY;
2840         b = ibss_node % NBBY;
2841
2842         sc->sc_ibss_node[i] &= ~(1 << b);
2843 }
DragonFly Project Source