projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge from vendor branch GCC:
[dragonfly.git] / sys / dev / netif / iwi / if_iwi.c
1 /*
2  * Copyright (c) 2004-2006
3  *      Damien Bergamini <damien.bergamini@free.fr>.
4  * Copyright (c) 2004, 2005
5  *      Andrew Atrens <atrens@nortelnetworks.com>.
6  *
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice unmodified, this list of conditions, and the following
14  *    disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  * $FreeBSD: src/sys/dev/iwi/if_iwi.c,v 1.8.2.6 2006/02/23 02:06:46 sam Exp $
32  * $DragonFly: src/sys/dev/netif/iwi/if_iwi.c,v 1.18 2006/12/23 09:44:26 sephe Exp $
33  */
34
35 /*-
36  * Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
37  * http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm
38  */
39
40 #include <sys/param.h>
41 #include <sys/sysctl.h>
42 #include <sys/sockio.h>
43 #include <sys/mbuf.h>
44 #include <sys/kernel.h>
45 #include <sys/kthread.h>
46 #include <sys/socket.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/module.h>
50 #include <sys/endian.h>
51 #include <sys/proc.h>
52 #include <sys/ucred.h>
53 #include <sys/bus.h>
54 #include <sys/rman.h>
55 #include <sys/serialize.h>
56
57 #include <bus/pci/pcidevs.h>
58 #include <bus/pci/pcireg.h>
59 #include <bus/pci/pcivar.h>
60
61 #include <net/bpf.h>
62 #include <net/if.h>
63 #include <net/if_arp.h>
64 #include <net/ethernet.h>
65 #include <net/if_dl.h>
66 #include <net/if_media.h>
67 #include <net/if_types.h>
68 #include <net/ifq_var.h>
69
70 #include <netproto/802_11/ieee80211_var.h>
71 #include <netproto/802_11/ieee80211_radiotap.h>
72
73 #include <netinet/in.h>
74 #include <netinet/in_systm.h>
75 #include <netinet/in_var.h>
76 #include <netinet/ip.h>
77 #include <netinet/if_ether.h>
78
79 #include <dev/netif/iwi/if_iwireg.h>
80 #include <dev/netif/iwi/if_iwivar.h>
81
82 #ifdef IWI_DEBUG
83 #define DPRINTF(x)      do { if (iwi_debug > 0) kprintf x; } while (0)
84 #define DPRINTFN(n, x)  do { if (iwi_debug >= (n)) kprintf x; } while (0)
85 int iwi_debug = 0;
86 SYSCTL_INT(_debug, OID_AUTO, iwi, CTLFLAG_RW, &iwi_debug, 0, "iwi debug level");
87 #else
88 #define DPRINTF(x)
89 #define DPRINTFN(n, x)
90 #endif
91
92 static struct iwi_ident {
93         uint16_t        vendor;
94         uint16_t        device;
95         const char      *name;
96 } iwi_ident_table[] = {
97         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2200BG,
98                 "Intel(R) PRO/Wireless 2200BG" },
99         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2225BG,
100                 "Intel(R) PRO/Wireless 2225BG" },
101         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_1,
102                 "Intel(R) PRO/Wireless 2915ABG" },
103         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_2,
104                 "Intel(R) PRO/Wireless 2915ABG" },
105         { 0, 0, NULL }
106 };
107
108 static void     iwi_fw_monitor(void *);
109 static void     iwi_dma_map_addr(void *, bus_dma_segment_t *, int, int);
110 static void     iwi_dma_map_mbuf(void *, bus_dma_segment_t *, int, bus_size_t,
111                                  int);
112 static int      iwi_alloc_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *,
113                     int);
114 static void     iwi_reset_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
115 static void     iwi_free_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
116 static int      iwi_alloc_tx_ring(struct iwi_softc *, struct iwi_tx_ring *,
117                     int, bus_addr_t, bus_addr_t);
118 static void     iwi_reset_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
119 static void     iwi_free_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
120 static int      iwi_alloc_rx_ring(struct iwi_softc *, struct iwi_rx_ring *,
121                     int);
122 static void     iwi_reset_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
123 static void     iwi_free_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
124 static struct   ieee80211_node *iwi_node_alloc(struct ieee80211_node_table *);
125 static void     iwi_node_free(struct ieee80211_node *);
126 static int      iwi_media_change(struct ifnet *);
127 static void     iwi_media_status(struct ifnet *, struct ifmediareq *);
128 static int      iwi_newstate(struct ieee80211com *, enum ieee80211_state, int);
129 static int      iwi_wme_update(struct ieee80211com *);
130 static uint16_t iwi_read_prom_word(struct iwi_softc *, uint8_t);
131 static void     iwi_fix_channel(struct ieee80211com *, struct mbuf *);
132 static void     iwi_frame_intr(struct iwi_softc *, struct iwi_rx_data *, int,
133                     struct iwi_frame *);
134 static void     iwi_notification_intr(struct iwi_softc *, struct iwi_notif *);
135 static void     iwi_rx_intr(struct iwi_softc *);
136 static void     iwi_tx_intr(struct iwi_softc *, struct iwi_tx_ring *);
137 static void     iwi_intr(void *);
138 static int      iwi_cmd(struct iwi_softc *, uint8_t, void *, uint8_t, int);
139 static void     iwi_write_ibssnode(struct iwi_softc *, const struct iwi_node *);
140 static int      iwi_tx_start(struct ifnet *, struct mbuf *,
141                     struct ieee80211_node *, int);
142 static void     iwi_start(struct ifnet *);
143 static void     iwi_watchdog(struct ifnet *);
144 static int      iwi_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
145 static void     iwi_stop_master(struct iwi_softc *);
146 static int      iwi_reset(struct iwi_softc *);
147 static int      iwi_load_ucode(struct iwi_softc *, void *, int);
148 static int      iwi_load_firmware(struct iwi_softc *, void *, int);
149 static int      iwi_cache_firmware(struct iwi_softc *, void *);
150 static void     iwi_free_firmware(struct iwi_softc *);
151 static int      iwi_config(struct iwi_softc *);
152 static int      iwi_set_chan(struct iwi_softc *, struct ieee80211_channel *);
153 static int      iwi_scan(struct iwi_softc *);
154 static int      iwi_auth_and_assoc(struct iwi_softc *);
155 static void     iwi_init(void *);
156 static void     iwi_stop(void *);
157 static int      iwi_sysctl_stats(SYSCTL_HANDLER_ARGS);
158 static int      iwi_sysctl_radio(SYSCTL_HANDLER_ARGS);
159
160 static int      iwi_probe(device_t);
161 static int      iwi_attach(device_t);
162 static int      iwi_detach(device_t);
163 static int      iwi_shutdown(device_t);
164 static int      iwi_suspend(device_t);
165 static int      iwi_resume(device_t);
166
167 static int      iwi_alloc_ibss_node(struct iwi_softc *);
168 static void     iwi_free_ibss_node(struct iwi_softc *, int);
169
170 static device_method_t iwi_methods[] = {
171         /* Device interface */
172         DEVMETHOD(device_probe,         iwi_probe),
173         DEVMETHOD(device_attach,        iwi_attach),
174         DEVMETHOD(device_detach,        iwi_detach),
175         DEVMETHOD(device_shutdown,      iwi_shutdown),
176         DEVMETHOD(device_suspend,       iwi_suspend),
177         DEVMETHOD(device_resume,        iwi_resume),
178
179         { 0, 0 }
180 };
181
182 static driver_t iwi_driver = {
183         "iwi",
184         iwi_methods,
185         sizeof (struct iwi_softc)
186 };
187
188 static devclass_t iwi_devclass;
189
190 DRIVER_MODULE(iwi, pci, iwi_driver, iwi_devclass, 0, 0);
191
192 MODULE_DEPEND(iwi, pci,  1, 1, 1);
193 MODULE_DEPEND(iwi, wlan, 1, 1, 1);
194
195 /*
196  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
197  */
198 static const struct ieee80211_rateset iwi_rateset_11a =
199         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
200
201 static const struct ieee80211_rateset iwi_rateset_11b =
202         { 4, { 2, 4, 11, 22 } };
203
204 static const struct ieee80211_rateset iwi_rateset_11g =
205         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
206
207 static void
208 iwi_fw_monitor(void *arg)
209 {
210         struct iwi_softc *sc = arg;
211         struct ifnet *ifp = &sc->sc_ic.ic_if;
212
213         lwkt_serialize_enter(ifp->if_serializer);
214         for (;;) {
215                 int error = 0;
216
217                 /*
218                  * Test to see whether we are detaching,
219                  * this is used to avoid race condition
220                  * especially when attaching fails.
221                  */
222                 if ((sc->flags & IWI_FLAG_EXIT) == 0) {
223                         crit_enter();
224                         tsleep_interlock(IWI_FW_WAKE_MONITOR(sc));
225                         lwkt_serialize_exit(ifp->if_serializer);
226                         error = tsleep(IWI_FW_WAKE_MONITOR(sc),
227                                        0, "iwifwm", 0);
228                         crit_exit();
229                         lwkt_serialize_enter(ifp->if_serializer);
230                 }
231
232                 if (error == 0) {
233                         int boff;
234
235                         if (sc->flags & IWI_FLAG_EXIT)
236                                 break;
237                         else if ((sc->flags & IWI_FLAG_RESET) == 0)
238                                 continue;
239
240                         if_printf(ifp, "reset firmware\n");
241                         for (boff = 1; sc->flags & IWI_FLAG_RESET; boff++) {
242                                 iwi_init(sc);
243                                 if (sc->flags & IWI_FLAG_FW_INITED) {
244                                         sc->flags &= ~IWI_FLAG_RESET;
245                                 } else if (boff > 10) { /* XXX */
246                                         if_printf(ifp, "fw reset failed.  "
247                                                   "retrying...\n");
248
249                                         /* XXX avoid to sleep to long */
250                                         boff = 1;
251                                 }
252
253                                 /*
254                                  * Since this would be infinite loop,
255                                  * if reseting firmware never succeeded,
256                                  * we test to see whether we are detaching.
257                                  */
258                                 if (sc->flags & IWI_FLAG_EXIT)
259                                         break;
260
261                                 crit_enter();
262                                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
263                                 lwkt_serialize_exit(ifp->if_serializer);
264                                 error = tsleep(IWI_FW_CMD_ACKED(sc), 0,
265                                                "iwirun", boff * hz);
266                                 crit_exit();
267                                 lwkt_serialize_enter(ifp->if_serializer);
268                         }
269                 }
270         }
271         lwkt_serialize_exit(ifp->if_serializer);
272
273         if_printf(ifp, "fw monitor exiting\n");
274         wakeup(IWI_FW_EXIT_MONITOR(sc));
275         kthread_exit();
276 }
277
278 static int
279 iwi_probe(device_t dev)
280 {
281         const struct iwi_ident *ident;
282         uint16_t vid, did;
283
284         vid = pci_get_vendor(dev);
285         did = pci_get_device(dev);
286         for (ident = iwi_ident_table; ident->name != NULL; ident++) {
287                 if (vid == ident->vendor && did == ident->device) {
288                         device_set_desc(dev, ident->name);
289                         return 0;
290                 }
291         }
292         return ENXIO;
293 }
294
295 /* Base Address Register */
296 #define IWI_PCI_BAR0    0x10
297
298 static int
299 iwi_attach(device_t dev)
300 {
301         struct iwi_softc *sc = device_get_softc(dev);
302         struct ieee80211com *ic = &sc->sc_ic;
303         struct ifnet *ifp = &ic->ic_if;
304         uint16_t val;
305         int error, i;
306
307         sc->sc_dev = dev;
308         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
309
310         if (pci_get_powerstate(dev) != PCI_POWERSTATE_D0) {
311                 device_printf(dev, "chip is in D%d power mode "
312                     "-- setting to D0\n", pci_get_powerstate(dev));
313                 pci_set_powerstate(dev, PCI_POWERSTATE_D0);
314         }
315
316         pci_write_config(dev, 0x41, 0, 1);
317
318         /* enable bus-mastering */
319         pci_enable_busmaster(dev);
320
321         sc->mem_rid = IWI_PCI_BAR0;
322         sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
323                                          RF_ACTIVE);
324         if (sc->mem == NULL) {
325                 device_printf(dev, "could not allocate memory resource\n");
326                 return ENXIO;
327         }
328         sc->sc_st = rman_get_bustag(sc->mem);
329         sc->sc_sh = rman_get_bushandle(sc->mem);
330
331         sc->irq_rid = 0;
332         sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
333                                          RF_ACTIVE | RF_SHAREABLE);
334         if (sc->irq == NULL) {
335                 device_printf(dev, "could not allocate interrupt resource\n");
336                 goto fail;
337         }
338
339         if (iwi_reset(sc) != 0) {
340                 device_printf(dev, "could not reset adapter\n");
341                 goto fail;
342         }
343
344         /*
345          * Allocate rings.
346          */
347         error = iwi_alloc_cmd_ring(sc, &sc->cmdq, IWI_CMD_RING_COUNT);
348         if (error != 0) {
349                 device_printf(dev, "could not allocate Cmd ring\n");
350                 goto fail;
351         }
352
353         error = iwi_alloc_tx_ring(sc, &sc->txq[0], IWI_TX_RING_COUNT,
354                                   IWI_CSR_TX1_RIDX, IWI_CSR_TX1_WIDX);
355         if (error != 0) {
356                 device_printf(dev, "could not allocate Tx ring 1\n");
357                 goto fail;
358         }
359
360         error = iwi_alloc_tx_ring(sc, &sc->txq[1], IWI_TX_RING_COUNT,
361                                   IWI_CSR_TX2_RIDX, IWI_CSR_TX2_WIDX);
362         if (error != 0) {
363                 device_printf(dev, "could not allocate Tx ring 2\n");
364                 goto fail;
365         }
366
367         error = iwi_alloc_tx_ring(sc, &sc->txq[2], IWI_TX_RING_COUNT,
368                                   IWI_CSR_TX3_RIDX, IWI_CSR_TX3_WIDX);
369         if (error != 0) {
370                 device_printf(dev, "could not allocate Tx ring 3\n");
371                 goto fail;
372         }
373
374         error = iwi_alloc_tx_ring(sc, &sc->txq[3], IWI_TX_RING_COUNT,
375                                   IWI_CSR_TX4_RIDX, IWI_CSR_TX4_WIDX);
376         if (error != 0) {
377                 device_printf(dev, "could not allocate Tx ring 4\n");
378                 goto fail;
379         }
380
381         error = iwi_alloc_rx_ring(sc, &sc->rxq, IWI_RX_RING_COUNT);
382         if (error != 0) {
383                 device_printf(dev, "could not allocate Rx ring\n");
384                 goto fail;
385         }
386
387         sysctl_ctx_init(&sc->sysctl_ctx);
388         sc->sysctl_tree = SYSCTL_ADD_NODE(&sc->sysctl_ctx,
389                                 SYSCTL_STATIC_CHILDREN(_hw),
390                                 OID_AUTO,
391                                 device_get_nameunit(dev),
392                                 CTLFLAG_RD,
393                                 0, "");
394         if (sc->sysctl_tree == NULL) {
395                 device_printf(dev, "sysctl add node failed\n");
396                 error = EIO;
397                 goto fail;
398         }
399
400         ifp->if_softc = sc;
401         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
402         ifp->if_init = iwi_init;
403         ifp->if_ioctl = iwi_ioctl;
404         ifp->if_start = iwi_start;
405         ifp->if_watchdog = iwi_watchdog;
406         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
407         ifq_set_ready(&ifp->if_snd);
408
409         ic->ic_wme.wme_update = iwi_wme_update;
410         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
411         ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
412         ic->ic_state = IEEE80211_S_INIT;
413
414         /* set device capabilities */
415         ic->ic_caps =
416             IEEE80211_C_IBSS |          /* IBSS mode supported */
417             IEEE80211_C_MONITOR |       /* monitor mode supported */
418             IEEE80211_C_TXPMGT |        /* tx power management */
419             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
420             IEEE80211_C_WEP |           /* WEP */
421             IEEE80211_C_WPA |           /* 802.11i */
422             IEEE80211_C_WME;            /* 802.11e */
423
424         /* read MAC address from EEPROM */
425         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 0);
426         ic->ic_myaddr[0] = val & 0xff;
427         ic->ic_myaddr[1] = val >> 8;
428         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 1);
429         ic->ic_myaddr[2] = val & 0xff;
430         ic->ic_myaddr[3] = val >> 8;
431         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 2);
432         ic->ic_myaddr[4] = val & 0xff;
433         ic->ic_myaddr[5] = val >> 8;
434
435         if (pci_get_device(dev) >= 0x4223) {
436                 /* set supported .11a rates (2915ABG only) */
437                 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwi_rateset_11a;
438
439                 /* set supported .11a channels */
440                 for (i = 36; i <= 64; i += 4) {
441                         ic->ic_channels[i].ic_freq =
442                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
443                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
444                 }
445                 for (i = 149; i <= 165; i += 4) {
446                         ic->ic_channels[i].ic_freq =
447                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
448                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
449                 }
450         }
451
452         /* set supported .11b and .11g rates */
453         ic->ic_sup_rates[IEEE80211_MODE_11B] = iwi_rateset_11b;
454         ic->ic_sup_rates[IEEE80211_MODE_11G] = iwi_rateset_11g;
455
456         /* set supported .11b and .11g channels (1 through 14) */
457         for (i = 1; i <= 14; i++) {
458                 ic->ic_channels[i].ic_freq =
459                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
460                 ic->ic_channels[i].ic_flags =
461                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
462                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
463         }
464
465         ieee80211_ifattach(ic);
466         /* override default methods */
467         ic->ic_node_alloc = iwi_node_alloc;
468         sc->sc_node_free = ic->ic_node_free;
469         ic->ic_node_free = iwi_node_free;
470         /* override state transition machine */
471         sc->sc_newstate = ic->ic_newstate;
472         ic->ic_newstate = iwi_newstate;
473         ieee80211_media_init(ic, iwi_media_change, iwi_media_status);
474
475         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
476             sizeof (struct ieee80211_frame) + 64, &sc->sc_drvbpf);
477
478         sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
479         sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
480         sc->sc_rxtap.wr_ihdr.it_present = htole32(IWI_RX_RADIOTAP_PRESENT);
481
482         sc->sc_txtap_len = sizeof sc->sc_txtapu;
483         sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
484         sc->sc_txtap.wt_ihdr.it_present = htole32(IWI_TX_RADIOTAP_PRESENT);
485
486         /*
487          * Add a few sysctl knobs.
488          */
489         sc->dwelltime = 100;
490         sc->bluetooth = 1;
491         sc->antenna = 0;
492
493         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
494             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "radio",
495             CTLTYPE_INT | CTLFLAG_RD, sc, 0, iwi_sysctl_radio, "I",
496             "radio transmitter switch state (0=off, 1=on)");
497
498         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
499             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "stats",
500             CTLTYPE_OPAQUE | CTLFLAG_RD, sc, 0, iwi_sysctl_stats, "S",
501             "statistics");
502
503         SYSCTL_ADD_INT(&sc->sysctl_ctx,
504             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "dwell",
505             CTLFLAG_RW, &sc->dwelltime, 0,
506             "channel dwell time (ms) for AP/station scanning");
507
508         SYSCTL_ADD_INT(&sc->sysctl_ctx,
509             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "bluetooth",
510             CTLFLAG_RW, &sc->bluetooth, 0, "bluetooth coexistence");
511
512         SYSCTL_ADD_INT(&sc->sysctl_ctx,
513             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "antenna",
514             CTLFLAG_RW, &sc->antenna, 0, "antenna (0=auto)");
515
516         /*
517          * Start firmware monitoring thread
518          *
519          * NOTE:
520          * This should be done only after serializer is initialized,
521          * i.e. after ieee80211_ifattach(), because serializer will be
522          * held once iwi_fw_monitor() is entered.
523          */
524         error = kthread_create(iwi_fw_monitor, sc, &sc->sc_fw_monitor,
525                                "%s:fw-monitor", device_get_nameunit(dev));
526         if (error) {
527                 device_printf(dev, "could not create fw monitor\n");
528                 goto fail1;
529         }
530         sc->flags |= IWI_FLAG_MONITOR;
531
532         /*
533          * Hook our interrupt after all initialization is complete.
534          */
535         error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE, iwi_intr, sc,
536                                &sc->sc_ih, ifp->if_serializer);
537         if (error != 0) {
538                 device_printf(dev, "could not set up interrupt\n");
539                 goto fail1;
540         }
541
542         if (bootverbose)
543                 ieee80211_announce(ic);
544
545         return 0;
546
547 fail1:
548         bpfdetach(ifp);
549         ieee80211_ifdetach(ic);
550 fail:
551         iwi_detach(dev);
552         return ENXIO;
553 }
554
555 static int
556 iwi_detach(device_t dev)
557 {
558         struct iwi_softc *sc = device_get_softc(dev);
559         struct ieee80211com *ic = &sc->sc_ic;
560         struct ifnet *ifp = ic->ic_ifp;
561
562         if (sc->flags & IWI_FLAG_MONITOR) {
563                 lwkt_serialize_enter(ifp->if_serializer);
564                 sc->flags |= IWI_FLAG_EXIT;
565                 wakeup(IWI_FW_WAKE_MONITOR(sc));
566
567                 crit_enter();
568                 tsleep_interlock(IWI_FW_EXIT_MONITOR(sc));
569                 lwkt_serialize_exit(ifp->if_serializer);
570                 tsleep(IWI_FW_EXIT_MONITOR(sc), 0, "iwiexi", 0);
571                 crit_exit();
572                 /* No need to hold serializer again */
573
574                 if_printf(ifp, "fw monitor exited\n");
575         }
576
577         if (device_is_attached(dev)) {
578                 lwkt_serialize_enter(ifp->if_serializer);
579
580                 iwi_stop(sc);
581                 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
582                 iwi_free_firmware(sc);
583
584                 lwkt_serialize_exit(ifp->if_serializer);
585
586                 bpfdetach(ifp);
587                 ieee80211_ifdetach(ic);
588         }
589
590         iwi_free_cmd_ring(sc, &sc->cmdq);
591         iwi_free_tx_ring(sc, &sc->txq[0]);
592         iwi_free_tx_ring(sc, &sc->txq[1]);
593         iwi_free_tx_ring(sc, &sc->txq[2]);
594         iwi_free_tx_ring(sc, &sc->txq[3]);
595         iwi_free_rx_ring(sc, &sc->rxq);
596
597         if (sc->irq != NULL)
598                 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
599
600         if (sc->mem != NULL)
601                 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
602
603         if (sc->sysctl_tree != NULL)
604                 sysctl_ctx_free(&sc->sysctl_ctx);
605
606         return 0;
607 }
608
609 static void
610 iwi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
611 {
612         if (error != 0)
613                 return;
614
615         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
616
617         *(bus_addr_t *)arg = segs[0].ds_addr;
618 }
619
620 static int
621 iwi_alloc_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring, int count)
622 {
623         int error;
624
625         ring->count = count;
626         ring->queued = 0;
627         ring->cur = ring->next = 0;
628
629         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
630             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_CMD_DESC_SIZE, 1,
631             count * IWI_CMD_DESC_SIZE, 0, &ring->desc_dmat);
632         if (error != 0) {
633                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
634                 goto fail;
635         }
636
637         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
638             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
639         if (error != 0) {
640                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
641                 goto fail;
642         }
643
644         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
645             count * IWI_CMD_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
646         if (error != 0) {
647                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
648                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
649                 ring->desc = NULL;
650                 return error;
651         }
652
653         return 0;
654
655 fail:   iwi_free_cmd_ring(sc, ring);
656         return error;
657 }
658
659 static void
660 iwi_reset_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
661 {
662         ring->queued = 0;
663         ring->cur = ring->next = 0;
664 }
665
666 static void
667 iwi_free_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
668 {
669         if (ring->desc != NULL) {
670                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
671                     BUS_DMASYNC_POSTWRITE);
672                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
673                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
674                 ring->desc = NULL;
675         }
676
677         if (ring->desc_dmat != NULL) {
678                 bus_dma_tag_destroy(ring->desc_dmat);   
679                 ring->desc_dmat = NULL;
680         }
681 }
682
683 static int
684 iwi_alloc_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring, int count,
685     bus_addr_t csr_ridx, bus_addr_t csr_widx)
686 {
687         int i, error;
688
689         ring->count = count;
690         ring->queued = 0;
691         ring->cur = ring->next = 0;
692         ring->csr_ridx = csr_ridx;
693         ring->csr_widx = csr_widx;
694
695         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
696             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_TX_DESC_SIZE, 1,
697             count * IWI_TX_DESC_SIZE, 0, &ring->desc_dmat);
698         if (error != 0) {
699                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
700                 goto fail;
701         }
702
703         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
704             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
705         if (error != 0) {
706                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
707                 goto fail;
708         }
709
710         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
711             count * IWI_TX_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
712         if (error != 0) {
713                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
714
715                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
716                 ring->desc = NULL;
717                 goto fail;
718         }
719
720         ring->data = kmalloc(count * sizeof (struct iwi_tx_data), M_DEVBUF,
721             M_WAITOK | M_ZERO);
722
723         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
724             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, IWI_MAX_NSEG - 2,
725             MCLBYTES, 0, &ring->data_dmat);
726         if (error != 0) {
727                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
728                 goto fail;
729         }
730
731         for (i = 0; i < count; i++) {
732                 error = bus_dmamap_create(ring->data_dmat, 0,
733                     &ring->data[i].map);
734                 if (error != 0) {
735                         device_printf(sc->sc_dev, "could not create DMA map\n");
736                         goto fail;
737                 }
738         }
739
740         return 0;
741
742 fail:   iwi_free_tx_ring(sc, ring);
743         return error;
744 }
745
746 static void
747 iwi_reset_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
748 {
749         struct iwi_tx_data *data;
750         int i;
751
752         for (i = 0; i < ring->count; i++) {
753                 data = &ring->data[i];
754
755                 if (data->m != NULL) {
756                         bus_dmamap_sync(ring->data_dmat, data->map,
757                             BUS_DMASYNC_POSTWRITE);
758                         bus_dmamap_unload(ring->data_dmat, data->map);
759                         m_freem(data->m);
760                         data->m = NULL;
761                 }
762
763                 if (data->ni != NULL) {
764                         ieee80211_free_node(data->ni);
765                         data->ni = NULL;
766                 }
767         }
768
769         ring->queued = 0;
770         ring->cur = ring->next = 0;
771 }
772
773 static void
774 iwi_free_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
775 {
776         struct iwi_tx_data *data;
777         int i;
778
779         if (ring->desc != NULL) {
780                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
781                     BUS_DMASYNC_POSTWRITE);
782                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
783                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
784                 ring->desc = NULL;
785         }
786
787         if (ring->desc_dmat != NULL) {
788                 bus_dma_tag_destroy(ring->desc_dmat);
789                 ring->desc_dmat = NULL;
790         }
791
792         if (ring->data != NULL) {
793                 for (i = 0; i < ring->count; i++) {
794                         data = &ring->data[i];
795
796                         if (data->m != NULL) {
797                                 bus_dmamap_sync(ring->data_dmat, data->map,
798                                     BUS_DMASYNC_POSTWRITE);
799                                 bus_dmamap_unload(ring->data_dmat, data->map);
800                                 m_freem(data->m);
801                                 data->m = NULL;
802                         }
803
804                         if (data->ni != NULL) {
805                                 ieee80211_free_node(data->ni);
806                                 data->ni = NULL;
807                         }
808
809                         if (data->map != NULL) {
810                                 bus_dmamap_destroy(ring->data_dmat, data->map);
811                                 data->map = NULL;
812                         }
813                 }
814
815                 kfree(ring->data, M_DEVBUF);
816                 ring->data = NULL;
817         }
818
819         if (ring->data_dmat != NULL) {
820                 bus_dma_tag_destroy(ring->data_dmat);
821                 ring->data_dmat = NULL;
822         }
823 }
824
825 static int
826 iwi_alloc_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring, int count)
827 {
828         struct iwi_rx_data *data;
829         int i, error;
830
831         ring->count = count;
832         ring->cur = 0;
833
834         ring->data = kmalloc(count * sizeof (struct iwi_rx_data), M_DEVBUF,
835             M_WAITOK | M_ZERO);
836
837         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
838             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1, MCLBYTES, 0,
839             &ring->data_dmat);
840         if (error != 0) {
841                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
842                 goto fail;
843         }
844
845         for (i = 0; i < count; i++) {
846                 data = &ring->data[i];
847
848                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
849                 if (error != 0) {
850                         device_printf(sc->sc_dev, "could not create DMA map\n");
851                         goto fail;
852                 }
853
854                 data->m = m_getcl(MB_WAIT, MT_DATA, M_PKTHDR);
855                 if (data->m == NULL) {
856                         device_printf(sc->sc_dev,
857                             "could not allocate rx mbuf\n");
858                         error = ENOMEM;
859                         goto fail;
860                 }
861
862                 error = bus_dmamap_load(ring->data_dmat, data->map,
863                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
864                     &data->physaddr, 0);
865                 if (error != 0) {
866                         device_printf(sc->sc_dev,
867                             "could not load rx buf DMA map");
868
869                         m_freem(data->m);
870                         data->m = NULL;
871                         goto fail;
872                 }
873
874                 data->reg = IWI_CSR_RX_BASE + i * 4;
875         }
876
877         return 0;
878
879 fail:   iwi_free_rx_ring(sc, ring);
880         return error;
881 }
882
883 static void
884 iwi_reset_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
885 {
886         ring->cur = 0;
887 }
888
889 static void
890 iwi_free_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
891 {
892         struct iwi_rx_data *data;
893         int i;
894
895         if (ring->data != NULL) {
896                 for (i = 0; i < ring->count; i++) {
897                         data = &ring->data[i];
898
899                         if (data->m != NULL) {
900                                 bus_dmamap_sync(ring->data_dmat, data->map,
901                                     BUS_DMASYNC_POSTREAD);
902                                 bus_dmamap_unload(ring->data_dmat, data->map);
903                                 m_freem(data->m);
904                                 data->m = NULL;
905                         }
906
907                         if (data->map != NULL) {
908                                 bus_dmamap_destroy(ring->data_dmat, data->map);
909                                 data->map = NULL;
910                         }
911                 }
912
913                 kfree(ring->data, M_DEVBUF);
914                 ring->data = NULL;
915         }
916
917         if (ring->data_dmat != NULL) {
918                 bus_dma_tag_destroy(ring->data_dmat);
919                 ring->data_dmat = NULL;
920         }
921 }
922
923 static int
924 iwi_shutdown(device_t dev)
925 {
926         struct iwi_softc *sc = device_get_softc(dev);
927         struct ifnet *ifp = &sc->sc_ic.ic_if;
928
929         lwkt_serialize_enter(ifp->if_serializer);
930         iwi_stop(sc);
931         lwkt_serialize_exit(ifp->if_serializer);
932
933         return 0;
934 }
935
936 static int
937 iwi_suspend(device_t dev)
938 {
939         struct iwi_softc *sc = device_get_softc(dev);
940         struct ifnet *ifp = &sc->sc_ic.ic_if;
941
942         lwkt_serialize_enter(ifp->if_serializer);
943         iwi_stop(sc);
944         lwkt_serialize_exit(ifp->if_serializer);
945
946         return 0;
947 }
948
949 static int
950 iwi_resume(device_t dev)
951 {
952         struct iwi_softc *sc = device_get_softc(dev);
953         struct ifnet *ifp = sc->sc_ic.ic_ifp;
954
955         lwkt_serialize_enter(ifp->if_serializer);
956
957         pci_write_config(dev, 0x41, 0, 1);
958
959         if (ifp->if_flags & IFF_UP) {
960                 ifp->if_init(ifp->if_softc);
961                 if (ifp->if_flags & IFF_RUNNING)
962                         ifp->if_start(ifp);
963         }
964
965         lwkt_serialize_exit(ifp->if_serializer);
966
967         return 0;
968 }
969
970 static struct ieee80211_node *
971 iwi_node_alloc(struct ieee80211_node_table *nt)
972 {
973         struct iwi_node *in;
974
975         in = kmalloc(sizeof (struct iwi_node), M_80211_NODE, M_NOWAIT | M_ZERO);
976         if (in == NULL)
977                 return NULL;
978
979         in->in_station = -1;
980
981         return &in->in_node;
982 }
983
984 static void
985 iwi_node_free(struct ieee80211_node *ni)
986 {
987         struct ieee80211com *ic = ni->ni_ic;
988         struct iwi_softc *sc = ic->ic_ifp->if_softc;
989         struct iwi_node *in = (struct iwi_node *)ni;
990
991         if (in->in_station != -1)
992                 iwi_free_ibss_node(sc, in->in_station);
993
994         sc->sc_node_free(ni);
995 }
996
997 static int
998 iwi_media_change(struct ifnet *ifp)
999 {
1000         struct iwi_softc *sc = ifp->if_softc;
1001         int error;
1002
1003         ASSERT_SERIALIZED(ifp->if_serializer);
1004
1005         error = ieee80211_media_change(ifp);
1006         if (error != ENETRESET)
1007                 return error;
1008
1009         if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
1010                 iwi_init(sc);
1011         return 0;
1012 }
1013
1014 /*
1015  * The firmware automatically adapts the transmit speed.  We report its current
1016  * value here.
1017  */
1018 static void
1019 iwi_media_status(struct ifnet *ifp, struct ifmediareq *imr)
1020 {
1021         struct iwi_softc *sc = ifp->if_softc;
1022         struct ieee80211com *ic = &sc->sc_ic;
1023 #define N(a)    (sizeof (a) / sizeof (a[0]))
1024         static const struct {
1025                 uint32_t        val;
1026                 int             rate;
1027         } rates[] = {
1028                 { IWI_RATE_DS1,      2 },
1029                 { IWI_RATE_DS2,      4 },
1030                 { IWI_RATE_DS5,     11 },
1031                 { IWI_RATE_DS11,    22 },
1032                 { IWI_RATE_OFDM6,   12 },
1033                 { IWI_RATE_OFDM9,   18 },
1034                 { IWI_RATE_OFDM12,  24 },
1035                 { IWI_RATE_OFDM18,  36 },
1036                 { IWI_RATE_OFDM24,  48 },
1037                 { IWI_RATE_OFDM36,  72 },
1038                 { IWI_RATE_OFDM48,  96 },
1039                 { IWI_RATE_OFDM54, 108 },
1040         };
1041         uint32_t val;
1042         int rate, i;
1043
1044         imr->ifm_status = IFM_AVALID;
1045         imr->ifm_active = IFM_IEEE80211;
1046         if (ic->ic_state == IEEE80211_S_RUN)
1047                 imr->ifm_status |= IFM_ACTIVE;
1048
1049         /* read current transmission rate from adapter */
1050         val = CSR_READ_4(sc, IWI_CSR_CURRENT_TX_RATE);
1051
1052         /* convert rate to 802.11 rate */
1053         for (i = 0; i < N(rates) && rates[i].val != val; i++);
1054         rate = (i < N(rates)) ? rates[i].rate : 0;
1055
1056         imr->ifm_active |= ieee80211_rate2media(ic, rate, ic->ic_curmode);
1057         switch (ic->ic_opmode) {
1058         case IEEE80211_M_STA:
1059                 break;
1060
1061         case IEEE80211_M_IBSS:
1062                 imr->ifm_active |= IFM_IEEE80211_ADHOC;
1063                 break;
1064
1065         case IEEE80211_M_MONITOR:
1066                 imr->ifm_active |= IFM_IEEE80211_MONITOR;
1067                 break;
1068
1069         case IEEE80211_M_AHDEMO:
1070         case IEEE80211_M_HOSTAP:
1071                 /* should not get there */
1072                 break;
1073         }
1074 #undef N
1075 }
1076
1077 static int
1078 iwi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1079 {
1080         struct ifnet *ifp = ic->ic_ifp;
1081         struct iwi_softc *sc = ifp->if_softc;
1082         enum ieee80211_state ostate;
1083         uint32_t tmp;
1084
1085         ostate = ic->ic_state;
1086
1087         switch (nstate) {
1088         case IEEE80211_S_SCAN:
1089                 if (sc->flags & IWI_FLAG_SCANNING)
1090                         break;
1091
1092                 ieee80211_node_table_reset(&ic->ic_scan);
1093                 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN;
1094                 sc->flags |= IWI_FLAG_SCANNING;
1095                 iwi_scan(sc);
1096                 break;
1097
1098         case IEEE80211_S_AUTH:
1099                 iwi_auth_and_assoc(sc);
1100                 break;
1101
1102         case IEEE80211_S_RUN:
1103                 if (ic->ic_opmode == IEEE80211_M_IBSS)
1104                         iwi_auth_and_assoc(sc);
1105                 else if (ic->ic_opmode == IEEE80211_M_MONITOR)
1106                         iwi_set_chan(sc, ic->ic_ibss_chan);
1107
1108                 /* assoc led on */
1109                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1110                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp | IWI_LED_ASSOC);
1111
1112                 return sc->sc_newstate(ic, nstate,
1113                     IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1114
1115         case IEEE80211_S_ASSOC:
1116                 break;
1117
1118         case IEEE80211_S_INIT:
1119                 sc->flags &= ~IWI_FLAG_SCANNING;
1120
1121                 if (ostate != IEEE80211_S_RUN)
1122                         break;
1123
1124                 /* assoc led off */
1125                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1126                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp & ~IWI_LED_ASSOC);
1127                 break;
1128         }
1129
1130         ic->ic_state = nstate;
1131
1132         return 0;
1133 }
1134
1135 /*
1136  * WME parameters coming from IEEE 802.11e specification.  These values are
1137  * already declared in ieee80211_proto.c, but they are static so they can't
1138  * be reused here.
1139  */
1140 static const struct wmeParams iwi_wme_cck_params[WME_NUM_AC] = {
1141         { 0, 3, 5,  7,   0 },   /* WME_AC_BE */
1142         { 0, 3, 5, 10,   0 },   /* WME_AC_BK */
1143         { 0, 2, 4,  5, 188 },   /* WME_AC_VI */
1144         { 0, 2, 3,  4, 102 }    /* WME_AC_VO */
1145 };
1146
1147 static const struct wmeParams iwi_wme_ofdm_params[WME_NUM_AC] = {
1148         { 0, 3, 4,  6,   0 },   /* WME_AC_BE */
1149         { 0, 3, 4, 10,   0 },   /* WME_AC_BK */
1150         { 0, 2, 3,  4,  94 },   /* WME_AC_VI */
1151         { 0, 2, 2,  3,  47 }    /* WME_AC_VO */
1152 };
1153
1154 static int
1155 iwi_wme_update(struct ieee80211com *ic)
1156 {
1157 #define IWI_EXP2(v)     htole16((1 << (v)) - 1)
1158 #define IWI_USEC(v)     htole16(IEEE80211_TXOP_TO_US(v))
1159         struct iwi_softc *sc = ic->ic_ifp->if_softc;
1160         struct iwi_wme_params wme[3];
1161         const struct wmeParams *wmep;
1162         int ac;
1163
1164         /*
1165          * We shall not override firmware default WME values if WME is not
1166          * actually enabled.
1167          */
1168         if (!(ic->ic_flags & IEEE80211_F_WME))
1169                 return 0;
1170
1171         for (ac = 0; ac < WME_NUM_AC; ac++) {
1172                 /* set WME values for current operating mode */
1173                 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac];
1174                 wme[0].aifsn[ac] = wmep->wmep_aifsn;
1175                 wme[0].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1176                 wme[0].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1177                 wme[0].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1178                 wme[0].acm[ac]   = wmep->wmep_acm;
1179
1180                 /* set WME values for CCK modulation */
1181                 wmep = &iwi_wme_cck_params[ac];
1182                 wme[1].aifsn[ac] = wmep->wmep_aifsn;
1183                 wme[1].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1184                 wme[1].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1185                 wme[1].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1186                 wme[1].acm[ac]   = wmep->wmep_acm;
1187
1188                 /* set WME values for OFDM modulation */
1189                 wmep = &iwi_wme_ofdm_params[ac];
1190                 wme[2].aifsn[ac] = wmep->wmep_aifsn;
1191                 wme[2].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1192                 wme[2].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1193                 wme[2].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1194                 wme[2].acm[ac]   = wmep->wmep_acm;
1195         }
1196
1197         DPRINTF(("Setting WME parameters\n"));
1198         return iwi_cmd(sc, IWI_CMD_SET_WME_PARAMS, wme, sizeof wme, 1);
1199 #undef IWI_USEC
1200 #undef IWI_EXP2
1201 }
1202
1203 /*
1204  * Read 16 bits at address 'addr' from the serial EEPROM.
1205  */
1206 static uint16_t
1207 iwi_read_prom_word(struct iwi_softc *sc, uint8_t addr)
1208 {
1209         uint32_t tmp;
1210         uint16_t val;
1211         int n;
1212
1213         /* Clock C once before the first command */
1214         IWI_EEPROM_CTL(sc, 0);
1215         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1216         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1217         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1218
1219         /* Write start bit (1) */
1220         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1221         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1222
1223         /* Write READ opcode (10) */
1224         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1225         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1226         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1227         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1228
1229         /* Write address A7-A0 */
1230         for (n = 7; n >= 0; n--) {
1231                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1232                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D));
1233                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1234                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D) | IWI_EEPROM_C);
1235         }
1236
1237         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1238
1239         /* Read data Q15-Q0 */
1240         val = 0;
1241         for (n = 15; n >= 0; n--) {
1242                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1243                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1244                 tmp = MEM_READ_4(sc, IWI_MEM_EEPROM_CTL);
1245                 val |= ((tmp & IWI_EEPROM_Q) >> IWI_EEPROM_SHIFT_Q) << n;
1246         }
1247
1248         IWI_EEPROM_CTL(sc, 0);
1249
1250         /* Clear Chip Select and clock C */
1251         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1252         IWI_EEPROM_CTL(sc, 0);
1253         IWI_EEPROM_CTL(sc, IWI_EEPROM_C);
1254
1255         return val;
1256 }
1257
1258 /*
1259  * XXX: Hack to set the current channel to the value advertised in beacons or
1260  * probe responses. Only used during AP detection.
1261  */
1262 static void
1263 iwi_fix_channel(struct ieee80211com *ic, struct mbuf *m)
1264 {
1265         struct ieee80211_frame *wh;
1266         uint8_t subtype;
1267         uint8_t *frm, *efrm;
1268
1269         wh = mtod(m, struct ieee80211_frame *);
1270
1271         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT)
1272                 return;
1273
1274         subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1275
1276         if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
1277             subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1278                 return;
1279
1280         frm = (uint8_t *)(wh + 1);
1281         efrm = mtod(m, uint8_t *) + m->m_len;
1282
1283         frm += 12;      /* skip tstamp, bintval and capinfo fields */
1284         while (frm < efrm) {
1285                 if (*frm == IEEE80211_ELEMID_DSPARMS)
1286 #if IEEE80211_CHAN_MAX < 255
1287                 if (frm[2] <= IEEE80211_CHAN_MAX)
1288 #endif
1289                         ic->ic_curchan = &ic->ic_channels[frm[2]];
1290
1291                 frm += frm[1] + 2;
1292         }
1293 }
1294
1295 static void
1296 iwi_frame_intr(struct iwi_softc *sc, struct iwi_rx_data *data, int i,
1297     struct iwi_frame *frame)
1298 {
1299         struct ieee80211com *ic = &sc->sc_ic;
1300         struct ifnet *ifp = ic->ic_ifp;
1301         struct mbuf *mnew, *m;
1302         struct ieee80211_frame *wh;
1303         struct ieee80211_node *ni;
1304         int error;
1305
1306         DPRINTFN(5, ("received frame len=%u chan=%u rssi=%u\n",
1307             le16toh(frame->len), frame->chan, frame->rssi_dbm));
1308
1309         if (le16toh(frame->len) < sizeof (struct ieee80211_frame))
1310                 return;
1311
1312         /*
1313          * Try to allocate a new mbuf for this ring element and load it before
1314          * processing the current mbuf. If the ring element cannot be loaded,
1315          * drop the received packet and reuse the old mbuf. In the unlikely
1316          * case that the old mbuf can't be reloaded either, explicitly panic.
1317          */
1318         mnew = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
1319         if (mnew == NULL) {
1320                 ifp->if_ierrors++;
1321                 return;
1322         }
1323
1324         bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1325
1326         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1327             mtod(mnew, void *), MCLBYTES, iwi_dma_map_addr, &data->physaddr,
1328             0);
1329         if (error != 0) {
1330                 m_freem(mnew);
1331
1332                 /* try to reload the old mbuf */
1333                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1334                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
1335                     &data->physaddr, 0);
1336                 if (error != 0) {
1337                         /* very unlikely that it will fail... */
1338                         panic("%s: could not load old rx mbuf",
1339                             device_get_name(sc->sc_dev));
1340                 }
1341                 ifp->if_ierrors++;
1342                 return;
1343         }
1344
1345         /*
1346          * New mbuf successfully loaded, update Rx ring and continue
1347          * processing.
1348          */
1349         m = data->m;
1350         data->m = mnew;
1351         CSR_WRITE_4(sc, data->reg, data->physaddr);
1352
1353         /* Finalize mbuf */
1354         m->m_pkthdr.rcvif = ifp;
1355         m->m_pkthdr.len = m->m_len = sizeof (struct iwi_hdr) +
1356             sizeof (struct iwi_frame) + le16toh(frame->len);
1357
1358         m_adj(m, sizeof (struct iwi_hdr) + sizeof (struct iwi_frame));
1359
1360         if (ic->ic_state == IEEE80211_S_SCAN)
1361                 iwi_fix_channel(ic, m);
1362
1363         if (sc->sc_drvbpf != NULL) {
1364                 struct iwi_rx_radiotap_header *tap = &sc->sc_rxtap;
1365
1366                 tap->wr_flags = 0;
1367                 tap->wr_rate = frame->rate;
1368                 tap->wr_chan_freq =
1369                     htole16(ic->ic_channels[frame->chan].ic_freq);
1370                 tap->wr_chan_flags =
1371                     htole16(ic->ic_channels[frame->chan].ic_flags);
1372                 tap->wr_antsignal = frame->signal;
1373                 tap->wr_antenna = frame->antenna;
1374
1375                 bpf_ptap(sc->sc_drvbpf, m, tap, sc->sc_rxtap_len);
1376         }
1377
1378         wh = mtod(m, struct ieee80211_frame *);
1379         ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
1380
1381         /* send the frame to the 802.11 layer */
1382         ieee80211_input(ic, m, ni, frame->rssi_dbm, 0);
1383
1384         /* node is no longer needed */
1385         ieee80211_free_node(ni);
1386 }
1387
1388 static void
1389 iwi_notification_intr(struct iwi_softc *sc, struct iwi_notif *notif)
1390 {
1391         struct ieee80211com *ic = &sc->sc_ic;
1392         struct iwi_notif_scan_channel *chan;
1393         struct iwi_notif_scan_complete *scan;
1394         struct iwi_notif_authentication *auth;
1395         struct iwi_notif_association *assoc;
1396
1397         switch (notif->type) {
1398         case IWI_NOTIF_TYPE_SCAN_CHANNEL:
1399                 chan = (struct iwi_notif_scan_channel *)(notif + 1);
1400
1401                 DPRINTFN(2, ("Scanning channel (%u)\n", chan->nchan));
1402                 break;
1403
1404         case IWI_NOTIF_TYPE_SCAN_COMPLETE:
1405                 scan = (struct iwi_notif_scan_complete *)(notif + 1);
1406
1407                 DPRINTFN(2, ("Scan completed (%u, %u)\n", scan->nchan,
1408                     scan->status));
1409
1410                 /* monitor mode uses scan to set the channel ... */
1411                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1412                         sc->flags &= ~IWI_FLAG_SCANNING;
1413                         ieee80211_end_scan(ic);
1414                 } else
1415                         iwi_set_chan(sc, ic->ic_ibss_chan);
1416                 break;
1417
1418         case IWI_NOTIF_TYPE_AUTHENTICATION:
1419                 auth = (struct iwi_notif_authentication *)(notif + 1);
1420
1421                 DPRINTFN(2, ("Authentication (%u)\n", auth->state));
1422
1423                 switch (auth->state) {
1424                 case IWI_AUTHENTICATED:
1425                         ieee80211_node_authorize(ic->ic_bss);
1426                         ieee80211_new_state(ic, IEEE80211_S_ASSOC, -1);
1427                         break;
1428
1429                 case IWI_DEAUTHENTICATED:
1430                         break;
1431
1432                 default:
1433                         device_printf(sc->sc_dev,
1434                             "unknown authentication state %u\n", auth->state);
1435                 }
1436                 break;
1437
1438         case IWI_NOTIF_TYPE_ASSOCIATION:
1439                 assoc = (struct iwi_notif_association *)(notif + 1);
1440
1441                 DPRINTFN(2, ("Association (%u, %u)\n", assoc->state,
1442                     assoc->status));
1443
1444                 switch (assoc->state) {
1445                 case IWI_AUTHENTICATED:
1446                         /* re-association, do nothing */
1447                         break;
1448
1449                 case IWI_ASSOCIATED:
1450                         ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1451                         break;
1452
1453                 case IWI_DEASSOCIATED:
1454                         ieee80211_begin_scan(ic, 1);
1455                         break;
1456
1457                 default:
1458                         device_printf(sc->sc_dev,
1459                             "unknown association state %u\n", assoc->state);
1460                 }
1461                 break;
1462
1463         default:
1464                 DPRINTFN(5, ("Notification (%u)\n", notif->type));
1465         }
1466 }
1467
1468 static void
1469 iwi_rx_intr(struct iwi_softc *sc)
1470 {
1471         struct iwi_rx_data *data;
1472         struct iwi_hdr *hdr;
1473         uint32_t hw;
1474
1475         hw = CSR_READ_4(sc, IWI_CSR_RX_RIDX);
1476
1477         for (; sc->rxq.cur != hw;) {
1478                 data = &sc->rxq.data[sc->rxq.cur];
1479
1480                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1481                     BUS_DMASYNC_POSTREAD);
1482
1483                 hdr = mtod(data->m, struct iwi_hdr *);
1484
1485                 switch (hdr->type) {
1486                 case IWI_HDR_TYPE_FRAME:
1487                         iwi_frame_intr(sc, data, sc->rxq.cur,
1488                             (struct iwi_frame *)(hdr + 1));
1489                         break;
1490
1491                 case IWI_HDR_TYPE_NOTIF:
1492                         iwi_notification_intr(sc,
1493                             (struct iwi_notif *)(hdr + 1));
1494                         break;
1495
1496                 default:
1497                         device_printf(sc->sc_dev, "unknown hdr type %u\n",
1498                             hdr->type);
1499                 }
1500
1501                 DPRINTFN(15, ("rx done idx=%u\n", sc->rxq.cur));
1502
1503                 sc->rxq.cur = (sc->rxq.cur + 1) % IWI_RX_RING_COUNT;
1504         }
1505
1506         /* Tell the firmware what we have processed */
1507         hw = (hw == 0) ? IWI_RX_RING_COUNT - 1 : hw - 1;
1508         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, hw);
1509 }
1510
1511 static void
1512 iwi_tx_intr(struct iwi_softc *sc, struct iwi_tx_ring *txq)
1513 {
1514         struct ieee80211com *ic = &sc->sc_ic;
1515         struct ifnet *ifp = ic->ic_ifp;
1516         struct iwi_tx_data *data;
1517         uint32_t hw;
1518
1519         hw = CSR_READ_4(sc, txq->csr_ridx);
1520
1521         for (; txq->next != hw;) {
1522                 data = &txq->data[txq->next];
1523
1524                 bus_dmamap_sync(txq->data_dmat, data->map,
1525                     BUS_DMASYNC_POSTWRITE);
1526                 bus_dmamap_unload(txq->data_dmat, data->map);
1527                 m_freem(data->m);
1528                 data->m = NULL;
1529                 ieee80211_free_node(data->ni);
1530                 data->ni = NULL;
1531
1532                 DPRINTFN(15, ("tx done idx=%u\n", txq->next));
1533
1534                 ifp->if_opackets++;
1535
1536                 txq->queued--;
1537                 txq->next = (txq->next + 1) % IWI_TX_RING_COUNT;
1538         }
1539
1540         sc->sc_tx_timer = 0;
1541         ifp->if_flags &= ~IFF_OACTIVE;
1542         iwi_start(ifp);
1543 }
1544
1545 static void
1546 iwi_intr(void *arg)
1547 {
1548         struct iwi_softc *sc = arg;
1549         uint32_t r;
1550
1551         r = CSR_READ_4(sc, IWI_CSR_INTR);
1552         if (r == 0 || r == 0xffffffff)
1553                 return;
1554
1555         /* disable interrupts */
1556         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1557
1558         if (r & IWI_INTR_FATAL_ERROR) {
1559                 device_printf(sc->sc_dev, "fatal error\n");
1560
1561                 if ((sc->flags & (IWI_FLAG_EXIT | IWI_FLAG_RESET)) == 0) {
1562                         sc->flags |= IWI_FLAG_RESET;
1563                         device_printf(sc->sc_dev, "wake firmware monitor\n");
1564                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1565                 }
1566         }
1567
1568         if (r & IWI_INTR_PARITY_ERROR) {
1569                 device_printf(sc->sc_dev, "parity error\n");
1570                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1571                 iwi_stop(sc);
1572         }
1573
1574         if (r & IWI_INTR_FW_INITED) {
1575                 if (!(r & (IWI_INTR_FATAL_ERROR | IWI_INTR_PARITY_ERROR)))
1576                         wakeup(IWI_FW_INITIALIZED(sc));
1577         }
1578
1579         if (r & IWI_INTR_RADIO_OFF) {
1580                 DPRINTF(("radio transmitter turned off\n"));
1581                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1582                 iwi_stop(sc);
1583         }
1584
1585         if (r & IWI_INTR_CMD_DONE)
1586                 wakeup(IWI_FW_CMD_ACKED(sc));
1587
1588         if (r & IWI_INTR_TX1_DONE)
1589                 iwi_tx_intr(sc, &sc->txq[0]);
1590
1591         if (r & IWI_INTR_TX2_DONE)
1592                 iwi_tx_intr(sc, &sc->txq[1]);
1593
1594         if (r & IWI_INTR_TX3_DONE)
1595                 iwi_tx_intr(sc, &sc->txq[2]);
1596
1597         if (r & IWI_INTR_TX4_DONE)
1598                 iwi_tx_intr(sc, &sc->txq[3]);
1599
1600         if (r & IWI_INTR_RX_DONE)
1601                 iwi_rx_intr(sc);
1602
1603         /* acknowledge interrupts */
1604         CSR_WRITE_4(sc, IWI_CSR_INTR, r);
1605
1606         /* re-enable interrupts */
1607         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
1608 }
1609
1610 static int
1611 iwi_cmd(struct iwi_softc *sc, uint8_t type, void *data, uint8_t len, int async)
1612 {
1613         struct iwi_cmd_desc *desc;
1614         struct ifnet *ifp = &sc->sc_ic.ic_if;
1615         int ret;
1616
1617         desc = &sc->cmdq.desc[sc->cmdq.cur];
1618
1619         desc->hdr.type = IWI_HDR_TYPE_COMMAND;
1620         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1621         desc->type = type;
1622         desc->len = len;
1623         memcpy(desc->data, data, len);
1624
1625         bus_dmamap_sync(sc->cmdq.desc_dmat, sc->cmdq.desc_map,
1626             BUS_DMASYNC_PREWRITE);
1627
1628         DPRINTFN(2, ("sending command idx=%u type=%u len=%u\n", sc->cmdq.cur,
1629             type, len));
1630
1631         sc->cmdq.cur = (sc->cmdq.cur + 1) % IWI_CMD_RING_COUNT;
1632         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
1633
1634         if (!async) {
1635                 ASSERT_SERIALIZED(ifp->if_serializer);
1636
1637                 crit_enter();
1638                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
1639                 lwkt_serialize_exit(ifp->if_serializer);
1640                 ret = tsleep(IWI_FW_CMD_ACKED(sc), 0, "iwicmd", hz);
1641                 crit_exit();
1642                 lwkt_serialize_enter(ifp->if_serializer);
1643         } else {
1644                 ret = 0;
1645         }
1646
1647         return ret;
1648 }
1649
1650 static void
1651 iwi_write_ibssnode(struct iwi_softc *sc, const struct iwi_node *in)
1652 {
1653         struct iwi_ibssnode node;
1654
1655         /* write node information into NIC memory */
1656         memset(&node, 0, sizeof node);
1657         IEEE80211_ADDR_COPY(node.bssid, in->in_node.ni_macaddr);
1658
1659         CSR_WRITE_REGION_1(sc,
1660             IWI_CSR_NODE_BASE + in->in_station * sizeof node,
1661             (uint8_t *)&node, sizeof node);
1662 }
1663
1664 struct iwi_dma_mapping {
1665         bus_dma_segment_t segs[IWI_MAX_NSEG];
1666         int nseg;
1667         bus_size_t mapsize;
1668 };
1669
1670 static void
1671 iwi_dma_map_mbuf(void *arg, bus_dma_segment_t *segs, int nseg,
1672                  bus_size_t mapsize, int error)
1673 {
1674         struct iwi_dma_mapping *map = arg;
1675
1676         if (error != 0)
1677                 return;
1678
1679         KASSERT(nseg <= IWI_MAX_NSEG, ("too many DMA segments %d", nseg));
1680
1681         bcopy(segs, map->segs, nseg * sizeof(bus_dma_segment_t));
1682         map->nseg = nseg;
1683         map->mapsize = mapsize;
1684 }
1685
1686 static int
1687 iwi_tx_start(struct ifnet *ifp, struct mbuf *m0, struct ieee80211_node *ni,
1688     int ac)
1689 {
1690         struct iwi_softc *sc = ifp->if_softc;
1691         struct ieee80211com *ic = &sc->sc_ic;
1692         struct iwi_node *in = (struct iwi_node *)ni;
1693         struct ieee80211_frame *wh;
1694         struct ieee80211_key *k;
1695         const struct chanAccParams *cap;
1696         struct iwi_tx_ring *txq = &sc->txq[ac];
1697         struct iwi_tx_data *data;
1698         struct iwi_tx_desc *desc;
1699         struct mbuf *mnew;
1700         struct iwi_dma_mapping map;
1701         int error, hdrlen, i, noack = 0;
1702
1703         wh = mtod(m0, struct ieee80211_frame *);
1704
1705         if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) {
1706                 hdrlen = sizeof (struct ieee80211_qosframe);
1707                 cap = &ic->ic_wme.wme_chanParams;
1708                 noack = cap->cap_wmeParams[ac].wmep_noackPolicy;
1709         } else
1710                 hdrlen = sizeof (struct ieee80211_frame);
1711
1712         /*
1713          * This is only used in IBSS mode where the firmware expect an index
1714          * in a h/w table instead of a destination address.
1715          */
1716         if (ic->ic_opmode == IEEE80211_M_IBSS && in->in_station == -1) {
1717                 in->in_station = iwi_alloc_ibss_node(sc);
1718                 if (in->in_station == -1) {     /* h/w table is full */
1719                         m_freem(m0);
1720                         ieee80211_free_node(ni);
1721                         ifp->if_oerrors++;
1722                         if_printf(ifp, "ibss table is full\n");
1723                         return 0;
1724                 }
1725                 iwi_write_ibssnode(sc, in);
1726         }
1727
1728         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1729                 k = ieee80211_crypto_encap(ic, ni, m0);
1730                 if (k == NULL) {
1731                         m_freem(m0);
1732                         return ENOBUFS;
1733                 }
1734
1735                 /* packet header may have moved, reset our local pointer */
1736                 wh = mtod(m0, struct ieee80211_frame *);
1737         }
1738
1739         if (sc->sc_drvbpf != NULL) {
1740                 struct iwi_tx_radiotap_header *tap = &sc->sc_txtap;
1741
1742                 tap->wt_flags = 0;
1743                 tap->wt_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
1744                 tap->wt_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
1745
1746                 bpf_ptap(sc->sc_drvbpf, m0, tap, sc->sc_txtap_len);
1747         }
1748
1749         data = &txq->data[txq->cur];
1750         desc = &txq->desc[txq->cur];
1751
1752         /* save and trim IEEE802.11 header */
1753         m_copydata(m0, 0, hdrlen, (caddr_t)&desc->wh);
1754         m_adj(m0, hdrlen);
1755
1756         error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1757                                      iwi_dma_map_mbuf, &map, BUS_DMA_NOWAIT);
1758         if (error != 0 && error != EFBIG) {
1759                 device_printf(sc->sc_dev, "could not map mbuf (error %d)\n",
1760                     error);
1761                 m_freem(m0);
1762                 return error;
1763         }
1764         if (error != 0) {
1765                 mnew = m_defrag(m0, MB_DONTWAIT);
1766                 if (mnew == NULL) {
1767                         device_printf(sc->sc_dev,
1768                             "could not defragment mbuf\n");
1769                         m_freem(m0);
1770                         return ENOBUFS;
1771                 }
1772                 m0 = mnew;
1773
1774                 error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1775                                              iwi_dma_map_mbuf, &map,
1776                                              BUS_DMA_NOWAIT);
1777                 if (error != 0) {
1778                         device_printf(sc->sc_dev,
1779                             "could not map mbuf (error %d)\n", error);
1780                         m_freem(m0);
1781                         return error;
1782                 }
1783         }
1784
1785         data->m = m0;
1786         data->ni = ni;
1787
1788         desc->hdr.type = IWI_HDR_TYPE_DATA;
1789         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1790         desc->station =
1791             (ic->ic_opmode == IEEE80211_M_IBSS) ? in->in_station : 0;
1792         desc->cmd = IWI_DATA_CMD_TX;
1793         desc->len = htole16(m0->m_pkthdr.len);
1794         desc->flags = 0;
1795         desc->xflags = 0;
1796
1797         if (!noack && !IEEE80211_IS_MULTICAST(desc->wh.i_addr1))
1798                 desc->flags |= IWI_DATA_FLAG_NEED_ACK;
1799
1800 #if 0
1801         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
1802                 desc->wh.i_fc[1] |= IEEE80211_FC1_WEP;
1803                 desc->weptxkey = ic->ic_crypto.cs_def_txkey;
1804         } else
1805 #endif
1806                 desc->flags |= IWI_DATA_FLAG_NO_WEP;
1807
1808         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1809                 desc->flags |= IWI_DATA_FLAG_SHPREAMBLE;
1810
1811         if (desc->wh.i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS)
1812                 desc->xflags |= IWI_DATA_XFLAG_QOS;
1813
1814         desc->nseg = htole32(map.nseg);
1815         for (i = 0; i < map.nseg; i++) {
1816                 desc->seg_addr[i] = htole32(map.segs[i].ds_addr);
1817                 desc->seg_len[i]  = htole16(map.segs[i].ds_len);
1818         }
1819
1820         bus_dmamap_sync(txq->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
1821         bus_dmamap_sync(txq->desc_dmat, txq->desc_map, BUS_DMASYNC_PREWRITE);
1822
1823         DPRINTFN(5, ("sending data frame txq=%u idx=%u len=%u nseg=%u\n",
1824             ac, txq->cur, le16toh(desc->len), map.nseg));
1825
1826         txq->queued++;
1827         txq->cur = (txq->cur + 1) % IWI_TX_RING_COUNT;
1828         CSR_WRITE_4(sc, txq->csr_widx, txq->cur);
1829
1830         return 0;
1831 }
1832
1833 static void
1834 iwi_start(struct ifnet *ifp)
1835 {
1836         struct iwi_softc *sc = ifp->if_softc;
1837         struct ieee80211com *ic = &sc->sc_ic;
1838         struct mbuf *m0;
1839         struct ether_header *eh;
1840         struct ieee80211_node *ni;
1841         int ac;
1842
1843         if (ic->ic_state != IEEE80211_S_RUN)
1844                 return;
1845
1846         for (;;) {
1847                 m0 = ifq_dequeue(&ifp->if_snd, NULL);
1848                 if (m0 == NULL)
1849                         break;
1850
1851                 if (m0->m_len < sizeof (struct ether_header) &&
1852                     (m0 = m_pullup(m0, sizeof (struct ether_header))) == NULL) {
1853                         ifp->if_oerrors++;
1854                         continue;
1855                 }
1856                 eh = mtod(m0, struct ether_header *);
1857                 ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1858                 if (ni == NULL) {
1859                         m_freem(m0);
1860                         ifp->if_oerrors++;
1861                         continue;
1862                 }
1863
1864                 /* classify mbuf so we can find which tx ring to use */
1865                 if (ieee80211_classify(ic, m0, ni) != 0) {
1866                         m_freem(m0);
1867                         ieee80211_free_node(ni);
1868                         ifp->if_oerrors++;
1869                         continue;
1870                 }
1871
1872                 /* no QoS encapsulation for EAPOL frames */
1873                 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ?
1874                     M_WME_GETAC(m0) : WME_AC_BE;
1875
1876                 if (sc->txq[ac].queued > IWI_TX_RING_COUNT - 8) {
1877                         /* there is no place left in this ring */
1878                         m_freem(m0);
1879                         ieee80211_free_node(ni);
1880                         ifp->if_flags |= IFF_OACTIVE;
1881                         break;
1882                 }
1883
1884                 BPF_MTAP(ifp, m0);
1885
1886                 m0 = ieee80211_encap(ic, m0, ni);
1887                 if (m0 == NULL) {
1888                         ieee80211_free_node(ni);
1889                         ifp->if_oerrors++;
1890                         continue;
1891                 }
1892
1893                 if (ic->ic_rawbpf != NULL)
1894                         bpf_mtap(ic->ic_rawbpf, m0);
1895
1896                 if (iwi_tx_start(ifp, m0, ni, ac) != 0) {
1897                         ieee80211_free_node(ni);
1898                         ifp->if_oerrors++;
1899                         break;
1900                 }
1901
1902                 sc->sc_tx_timer = 5;
1903                 ifp->if_timer = 1;
1904         }
1905 }
1906
1907 static void
1908 iwi_watchdog(struct ifnet *ifp)
1909 {
1910         struct iwi_softc *sc = ifp->if_softc;
1911         struct ieee80211com *ic = &sc->sc_ic;
1912
1913         ifp->if_timer = 0;
1914
1915         if (sc->sc_tx_timer > 0) {
1916                 if (--sc->sc_tx_timer == 0) {
1917                         if_printf(ifp, "device timeout\n");
1918                         ifp->if_oerrors++;
1919                         sc->flags |= IWI_FLAG_RESET;
1920                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1921                         return;
1922                 }
1923                 ifp->if_timer = 1;
1924         }
1925
1926         ieee80211_watchdog(ic);
1927 }
1928
1929 static int
1930 iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1931 {
1932         struct iwi_softc *sc = ifp->if_softc;
1933         struct ieee80211com *ic = &sc->sc_ic;
1934         struct ifreq *ifr;
1935         int error = 0;
1936
1937         switch (cmd) {
1938         case SIOCSIFFLAGS:
1939                 if (ifp->if_flags & IFF_UP) {
1940                         if (!(ifp->if_flags & IFF_RUNNING))
1941                                 iwi_init(sc);
1942                 } else {
1943                         if (ifp->if_flags & IFF_RUNNING)
1944                                 iwi_stop(sc);
1945                 }
1946                 break;
1947
1948         case SIOCSLOADFW:
1949                 /* only super-user can do that! */
1950                 error = suser_cred(cr, NULL_CRED_OKAY);
1951                 if (error != 0)
1952                         break;
1953
1954                 ifr = (struct ifreq *)data;
1955                 error = iwi_cache_firmware(sc, ifr->ifr_data);
1956                 break;
1957
1958         case SIOCSKILLFW:
1959                 /* only super-user can do that! */
1960                 error = suser_cred(cr, NULL_CRED_OKAY);
1961                 if (error != 0)
1962                         break;
1963
1964                 ifp->if_flags &= ~IFF_UP;
1965                 iwi_stop(sc);
1966                 iwi_free_firmware(sc);
1967                 break;
1968
1969         default:
1970                 error = ieee80211_ioctl(ic, cmd, data, cr);
1971         }
1972
1973         if (error == ENETRESET) {
1974                 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1975                     (IFF_UP | IFF_RUNNING) &&
1976                     (ic->ic_roaming != IEEE80211_ROAMING_MANUAL))
1977                         iwi_init(sc);
1978                 error = 0;
1979         }
1980
1981         return error;
1982 }
1983
1984 static void
1985 iwi_stop_master(struct iwi_softc *sc)
1986 {
1987         uint32_t tmp;
1988         int ntries;
1989
1990         /* disable interrupts */
1991         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1992
1993         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_STOP_MASTER);
1994         for (ntries = 0; ntries < 5; ntries++) {
1995                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
1996                         break;
1997                 DELAY(10);
1998         }
1999         if (ntries == 5)
2000                 if_printf(&sc->sc_ic.ic_if, "timeout waiting for master\n");
2001
2002         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2003         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_PRINCETON_RESET);
2004
2005         sc->flags &= ~IWI_FLAG_FW_INITED;
2006 }
2007
2008 static int
2009 iwi_reset(struct iwi_softc *sc)
2010 {
2011         uint32_t tmp;
2012         int i, ntries;
2013
2014         iwi_stop_master(sc);
2015
2016         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2017         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2018
2019         CSR_WRITE_4(sc, IWI_CSR_READ_INT, IWI_READ_INT_INIT_HOST);
2020
2021         /* Wait for clock stabilization */
2022         for (ntries = 0; ntries < 1000; ntries++) {
2023                 if (CSR_READ_4(sc, IWI_CSR_CTL) & IWI_CTL_CLOCK_READY)
2024                         break;
2025                 DELAY(200);
2026         }
2027         if (ntries == 1000) {
2028                 if_printf(&sc->sc_ic.ic_if,
2029                           "timeout waiting for clock stabilization\n");
2030                 return EIO;
2031         }
2032
2033         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2034         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_SOFT_RESET);
2035
2036         DELAY(10);
2037
2038         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2039         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2040
2041         /* Clear NIC memory */
2042         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0);
2043         for (i = 0; i < 0xc000; i++)
2044                 CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2045
2046         return 0;
2047 }
2048
2049 static int
2050 iwi_load_ucode(struct iwi_softc *sc, void *uc, int size)
2051 {
2052         uint32_t tmp;
2053         uint16_t *w;
2054         int ntries, i;
2055
2056         CSR_WRITE_4(sc, IWI_CSR_RST, CSR_READ_4(sc, IWI_CSR_RST) |
2057             IWI_RST_STOP_MASTER);
2058         for (ntries = 0; ntries < 5; ntries++) {
2059                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
2060                         break;
2061                 DELAY(10);
2062         }
2063         if (ntries == 5) {
2064                 device_printf(sc->sc_dev, "timeout waiting for master\n");
2065                 return EIO;
2066         }
2067
2068         MEM_WRITE_4(sc, 0x3000e0, 0x80000000);
2069         DELAY(5000);
2070
2071         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2072         tmp &= ~IWI_RST_PRINCETON_RESET;
2073         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2074
2075         DELAY(5000);
2076         MEM_WRITE_4(sc, 0x3000e0, 0);
2077         DELAY(1000);
2078         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 1);
2079         DELAY(1000);
2080         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 0);
2081         DELAY(1000);
2082         MEM_WRITE_1(sc, 0x200000, 0x00);
2083         MEM_WRITE_1(sc, 0x200000, 0x40);
2084         DELAY(1000);
2085
2086         /* write microcode into adapter memory */
2087         for (w = uc; size > 0; w++, size -= 2)
2088                 MEM_WRITE_2(sc, 0x200010, htole16(*w));
2089
2090         MEM_WRITE_1(sc, 0x200000, 0x00);
2091         MEM_WRITE_1(sc, 0x200000, 0x80);
2092
2093         /* wait until we get an answer */
2094         for (ntries = 0; ntries < 100; ntries++) {
2095                 if (MEM_READ_1(sc, 0x200000) & 1)
2096                         break;
2097                 DELAY(100);
2098         }
2099         if (ntries == 100) {
2100                 device_printf(sc->sc_dev,
2101                     "timeout waiting for ucode to initialize\n");
2102                 return EIO;
2103         }
2104
2105         /* read the answer or the firmware will not initialize properly */
2106         for (i = 0; i < 7; i++)
2107                 MEM_READ_4(sc, 0x200004);
2108
2109         MEM_WRITE_1(sc, 0x200000, 0x00);
2110
2111         return 0;
2112 }
2113
2114 /* macro to handle unaligned little endian data in firmware image */
2115 #define GETLE32(p) ((p)[0] | (p)[1] << 8 | (p)[2] << 16 | (p)[3] << 24)
2116
2117 static int
2118 iwi_load_firmware(struct iwi_softc *sc, void *fw, int size)
2119 {
2120         bus_dma_tag_t dmat;
2121         bus_dmamap_t map;
2122         bus_addr_t physaddr;
2123         void *virtaddr;
2124         u_char *p, *end;
2125         uint32_t sentinel, ctl, src, dst, sum, len, mlen, tmp;
2126         int ntries, error = 0;
2127         struct ifnet *ifp = &sc->sc_ic.ic_if;
2128
2129         ASSERT_SERIALIZED(ifp->if_serializer);
2130
2131         /* Allocate DMA memory for mapping firmware image */
2132         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
2133             BUS_SPACE_MAXADDR, NULL, NULL, size, 1, size, 0, &dmat);
2134         if (error != 0) {
2135                 device_printf(sc->sc_dev,
2136                     "could not create firmware DMA tag\n");
2137                 goto fail1;
2138         }
2139
2140         error = bus_dmamem_alloc(dmat, &virtaddr, BUS_DMA_WAITOK, &map);
2141         if (error != 0) {
2142                 device_printf(sc->sc_dev,
2143                     "could not allocate firmware DMA memory\n");
2144                 goto fail2;
2145         }
2146
2147         error = bus_dmamap_load(dmat, map, virtaddr, size, iwi_dma_map_addr,
2148             &physaddr, 0);
2149         if (error != 0) {
2150                 device_printf(sc->sc_dev, "could not load firmware DMA map\n");
2151                 goto fail3;
2152         }
2153
2154         /* Copy firmware image to DMA memory */
2155         memcpy(virtaddr, fw, size);
2156
2157         /* Make sure the adapter will get up-to-date values */
2158         bus_dmamap_sync(dmat, map, BUS_DMASYNC_PREWRITE);
2159
2160         /* Tell the adapter where the command blocks are stored */
2161         MEM_WRITE_4(sc, 0x3000a0, 0x27000);
2162
2163         /*
2164          * Store command blocks into adapter's internal memory using register
2165          * indirections. The adapter will read the firmware image through DMA
2166          * using information stored in command blocks.
2167          */
2168         src = physaddr;
2169         p = virtaddr;
2170         end = p + size;
2171         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0x27000);
2172
2173         while (p < end) {
2174                 dst = GETLE32(p); p += 4; src += 4;
2175                 len = GETLE32(p); p += 4; src += 4;
2176                 p += len;
2177
2178                 while (len > 0) {
2179                         mlen = min(len, IWI_CB_MAXDATALEN);
2180
2181                         ctl = IWI_CB_DEFAULT_CTL | mlen;
2182                         sum = ctl ^ src ^ dst;
2183
2184                         /* Write a command block */
2185                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, ctl);
2186                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, src);
2187                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, dst);
2188                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, sum);
2189
2190                         src += mlen;
2191                         dst += mlen;
2192                         len -= mlen;
2193                 }
2194         }
2195
2196         /* Write a fictive final command block (sentinel) */
2197         sentinel = CSR_READ_4(sc, IWI_CSR_AUTOINC_ADDR);
2198         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2199
2200         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2201         tmp &= ~(IWI_RST_MASTER_DISABLED | IWI_RST_STOP_MASTER);
2202         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2203
2204         /* Tell the adapter to start processing command blocks */
2205         MEM_WRITE_4(sc, 0x3000a4, 0x540100);
2206
2207         /* Wait until the adapter reaches the sentinel */
2208         for (ntries = 0; ntries < 400; ntries++) {
2209                 if (MEM_READ_4(sc, 0x3000d0) >= sentinel)
2210                         break;
2211                 DELAY(100);
2212         }
2213         if (ntries == 400) {
2214                 device_printf(sc->sc_dev,
2215                     "timeout processing command blocks\n");
2216                 error = EIO;
2217                 goto fail4;
2218         }
2219
2220         /* We're done with command blocks processing */
2221         MEM_WRITE_4(sc, 0x3000a4, 0x540c00);
2222
2223         /* Allow interrupts so we know when the firmware is ready */
2224         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
2225
2226         /* Tell the adapter to initialize the firmware */
2227         CSR_WRITE_4(sc, IWI_CSR_RST, 0);
2228
2229         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2230         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_ALLOW_STANDBY);
2231
2232         /* wait at most one second for firmware initialization to complete */
2233         crit_enter();
2234         tsleep_interlock(IWI_FW_INITIALIZED(sc));
2235         lwkt_serialize_exit(ifp->if_serializer);
2236         error = tsleep(IWI_FW_INITIALIZED(sc), 0, "iwiinit", hz);
2237         crit_exit();
2238         lwkt_serialize_enter(ifp->if_serializer);
2239         if (error != 0) {
2240                 device_printf(sc->sc_dev, "timeout waiting for firmware "
2241                     "initialization to complete\n");
2242                 goto fail4;
2243         }
2244
2245 fail4:  bus_dmamap_sync(dmat, map, BUS_DMASYNC_POSTWRITE);
2246         bus_dmamap_unload(dmat, map);
2247 fail3:  bus_dmamem_free(dmat, virtaddr, map);
2248 fail2:  bus_dma_tag_destroy(dmat);
2249 fail1:
2250         return error;
2251 }
2252
2253 /*
2254  * Store firmware into kernel memory so we can download it when we need to,
2255  * e.g when the adapter wakes up from suspend mode.
2256  */
2257 static int
2258 iwi_cache_firmware(struct iwi_softc *sc, void *data)
2259 {
2260         struct iwi_firmware *kfw = &sc->fw;
2261         struct iwi_firmware ufw;
2262         int error;
2263
2264         iwi_free_firmware(sc);
2265
2266         if ((error = copyin(data, &ufw, sizeof ufw)) != 0)
2267                 return error;
2268
2269         kfw->boot_size  = ufw.boot_size;
2270         kfw->ucode_size = ufw.ucode_size;
2271         kfw->main_size  = ufw.main_size;
2272
2273         kfw->boot = kmalloc(kfw->boot_size, M_DEVBUF, M_WAITOK);
2274         kfw->ucode = kmalloc(kfw->ucode_size, M_DEVBUF, M_WAITOK);
2275         kfw->main = kmalloc(kfw->main_size, M_DEVBUF, M_WAITOK);
2276
2277         if ((error = copyin(ufw.boot, kfw->boot, kfw->boot_size)) != 0)
2278                 goto fail;
2279
2280         if ((error = copyin(ufw.ucode, kfw->ucode, kfw->ucode_size)) != 0)
2281                 goto fail;
2282
2283         if ((error = copyin(ufw.main, kfw->main, kfw->main_size)) != 0)
2284                 goto fail;
2285
2286         DPRINTF(("Firmware cached: boot %u, ucode %u, main %u\n",
2287             kfw->boot_size, kfw->ucode_size, kfw->main_size));
2288
2289         sc->flags |= IWI_FLAG_FW_CACHED;
2290
2291         return 0;
2292
2293 fail:
2294         kfree(kfw->boot, M_DEVBUF);
2295         kfree(kfw->ucode, M_DEVBUF);
2296         kfree(kfw->main, M_DEVBUF);
2297
2298         return error;
2299 }
2300
2301 static void
2302 iwi_free_firmware(struct iwi_softc *sc)
2303 {
2304         if (!(sc->flags & IWI_FLAG_FW_CACHED))
2305                 return;
2306
2307         kfree(sc->fw.boot, M_DEVBUF);
2308         kfree(sc->fw.ucode, M_DEVBUF);
2309         kfree(sc->fw.main, M_DEVBUF);
2310
2311         sc->flags &= ~IWI_FLAG_FW_CACHED;
2312 }
2313
2314 static int
2315 iwi_config(struct iwi_softc *sc)
2316 {
2317         struct ieee80211com *ic = &sc->sc_ic;
2318         struct ifnet *ifp = ic->ic_ifp;
2319         struct iwi_configuration config;
2320         struct iwi_rateset rs;
2321         struct iwi_txpower power;
2322         struct ieee80211_key *wk;
2323         struct iwi_wep_key wepkey;
2324         uint32_t data;
2325         int error, i;
2326
2327         IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
2328         DPRINTF(("Setting MAC address to %6D\n", ic->ic_myaddr, ":"));
2329         error = iwi_cmd(sc, IWI_CMD_SET_MAC_ADDRESS, ic->ic_myaddr,
2330             IEEE80211_ADDR_LEN, 0);
2331         if (error != 0)
2332                 return error;
2333
2334         memset(&config, 0, sizeof config);
2335         config.bluetooth_coexistence = sc->bluetooth;
2336         config.antenna = sc->antenna;
2337         config.multicast_enabled = 1;
2338         config.answer_pbreq = (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2339         config.disable_unicast_decryption = 1;
2340         config.disable_multicast_decryption = 1;
2341         DPRINTF(("Configuring adapter\n"));
2342         error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config, 0);
2343         if (error != 0)
2344                 return error;
2345
2346         data = htole32(IWI_POWER_MODE_CAM);
2347         DPRINTF(("Setting power mode to %u\n", le32toh(data)));
2348         error = iwi_cmd(sc, IWI_CMD_SET_POWER_MODE, &data, sizeof data, 0);
2349         if (error != 0)
2350                 return error;
2351
2352         data = htole32(ic->ic_rtsthreshold);
2353         DPRINTF(("Setting RTS threshold to %u\n", le32toh(data)));
2354         error = iwi_cmd(sc, IWI_CMD_SET_RTS_THRESHOLD, &data, sizeof data, 0);
2355         if (error != 0)
2356                 return error;
2357
2358         data = htole32(ic->ic_fragthreshold);
2359         DPRINTF(("Setting fragmentation threshold to %u\n", le32toh(data)));
2360         error = iwi_cmd(sc, IWI_CMD_SET_FRAG_THRESHOLD, &data, sizeof data, 0);
2361         if (error != 0)
2362                 return error;
2363
2364         if (ic->ic_opmode == IEEE80211_M_IBSS) {
2365                 power.mode = IWI_MODE_11B;
2366                 power.nchan = 11;
2367                 for (i = 0; i < 11; i++) {
2368                         power.chan[i].chan = i + 1;
2369                         power.chan[i].power = IWI_TXPOWER_MAX;
2370                 }
2371                 DPRINTF(("Setting .11b channels tx power\n"));
2372                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2373                     0);
2374                 if (error != 0)
2375                         return error;
2376
2377                 power.mode = IWI_MODE_11G;
2378                 DPRINTF(("Setting .11g channels tx power\n"));
2379                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2380                     0);
2381                 if (error != 0)
2382                         return error;
2383         }
2384
2385         rs.mode = IWI_MODE_11G;
2386         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2387         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11G].rs_nrates;
2388         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11G].rs_rates,
2389             rs.nrates);
2390         DPRINTF(("Setting .11bg supported rates (%u)\n", rs.nrates));
2391         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2392         if (error != 0)
2393                 return error;
2394
2395         rs.mode = IWI_MODE_11A;
2396         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2397         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11A].rs_nrates;
2398         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11A].rs_rates,
2399             rs.nrates);
2400         DPRINTF(("Setting .11a supported rates (%u)\n", rs.nrates));
2401         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2402         if (error != 0)
2403                 return error;
2404
2405         /* if we have a desired ESSID, set it now */
2406         if (ic->ic_des_esslen != 0) {
2407 #ifdef IWI_DEBUG
2408                 if (iwi_debug > 0) {
2409                         kprintf("Setting desired ESSID to ");
2410                         ieee80211_print_essid(ic->ic_des_essid,
2411                             ic->ic_des_esslen);
2412                         kprintf("\n");
2413                 }
2414 #endif
2415                 error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ic->ic_des_essid,
2416                     ic->ic_des_esslen, 0);
2417                 if (error != 0)
2418                         return error;
2419         }
2420
2421         data = htole32(karc4random());
2422         DPRINTF(("Setting initialization vector to %u\n", le32toh(data)));
2423         error = iwi_cmd(sc, IWI_CMD_SET_IV, &data, sizeof data, 0);
2424         if (error != 0)
2425                 return error;
2426
2427         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2428                 wk = &ic->ic_crypto.cs_nw_keys[i];
2429
2430                 wepkey.cmd = IWI_WEP_KEY_CMD_SETKEY;
2431                 wepkey.idx = i;
2432                 wepkey.len = wk->wk_keylen;
2433                 memset(wepkey.key, 0, sizeof wepkey.key);
2434                 memcpy(wepkey.key, wk->wk_key, wk->wk_keylen);
2435                 DPRINTF(("Setting wep key index %u len %u\n", wepkey.idx,
2436                     wepkey.len));
2437                 error = iwi_cmd(sc, IWI_CMD_SET_WEP_KEY, &wepkey,
2438                     sizeof wepkey, 0);
2439                 if (error != 0)
2440                         return error;
2441         }
2442
2443         /* Enable adapter */
2444         DPRINTF(("Enabling adapter\n"));
2445         return iwi_cmd(sc, IWI_CMD_ENABLE, NULL, 0, 0);
2446 }
2447
2448 static int
2449 iwi_set_chan(struct iwi_softc *sc, struct ieee80211_channel *chan)
2450 {
2451         struct ieee80211com *ic = &sc->sc_ic;
2452         struct iwi_scan scan;
2453
2454         memset(&scan, 0, sizeof scan);
2455         memset(scan.type, IWI_SCAN_TYPE_PASSIVE, sizeof scan.type);
2456         scan.passive = htole16(2000);
2457         scan.channels[0] = 1 |
2458             (IEEE80211_IS_CHAN_5GHZ(chan) ? IWI_CHAN_5GHZ : IWI_CHAN_2GHZ);
2459         scan.channels[1] = ieee80211_chan2ieee(ic, chan);
2460
2461         DPRINTF(("Setting channel to %u\n", ieee80211_chan2ieee(ic, chan)));
2462         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2463 }
2464
2465 static int
2466 iwi_scan(struct iwi_softc *sc)
2467 {
2468         struct ieee80211com *ic = &sc->sc_ic;
2469         struct iwi_scan scan;
2470         uint8_t *p;
2471         int i, count;
2472
2473         memset(&scan, 0, sizeof scan);
2474
2475         if (ic->ic_des_esslen != 0) {
2476                 scan.bdirected = htole16(sc->dwelltime);
2477                 memset(scan.type, IWI_SCAN_TYPE_BDIRECTED, sizeof scan.type);
2478         } else {
2479                 scan.broadcast = htole16(sc->dwelltime);
2480                 memset(scan.type, IWI_SCAN_TYPE_BROADCAST, sizeof scan.type);
2481         }
2482
2483         p = scan.channels;
2484         count = 0;
2485         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2486                 if (IEEE80211_IS_CHAN_5GHZ(&ic->ic_channels[i]) &&
2487                     isset(ic->ic_chan_active, i)) {
2488                         *++p = i;
2489                         count++;
2490                 }
2491         }
2492         *(p - count) = IWI_CHAN_5GHZ | count;
2493
2494         p = (count > 0) ? p + 1 : scan.channels;
2495         count = 0;
2496         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2497                 if (IEEE80211_IS_CHAN_2GHZ(&ic->ic_channels[i]) &&
2498                     isset(ic->ic_chan_active, i)) {
2499                         *++p = i;
2500                         count++;
2501                 }
2502         }
2503         *(p - count) = IWI_CHAN_2GHZ | count;
2504
2505         DPRINTF(("Start scanning\n"));
2506         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2507 }
2508
2509 static int
2510 iwi_auth_and_assoc(struct iwi_softc *sc)
2511 {
2512         struct ieee80211com *ic = &sc->sc_ic;
2513         struct ifnet *ifp = ic->ic_ifp;
2514         struct ieee80211_node *ni = ic->ic_bss;
2515         struct ieee80211_wme_info wme;
2516         struct iwi_configuration config;
2517         struct iwi_associate assoc;
2518         struct iwi_rateset rs;
2519         uint16_t capinfo;
2520         uint32_t data;
2521         int error;
2522
2523         if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
2524                 memset(&config, 0, sizeof config);
2525                 config.bluetooth_coexistence = sc->bluetooth;
2526                 config.antenna = sc->antenna;
2527                 config.multicast_enabled = 1;
2528                 config.use_protection = 1;
2529                 config.answer_pbreq =
2530                     (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2531                 config.disable_unicast_decryption = 1;
2532                 config.disable_multicast_decryption = 1;
2533                 DPRINTF(("Configuring adapter\n"));
2534                 error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config,
2535                     1);
2536                 if (error != 0)
2537                         return error;
2538         }
2539
2540 #ifdef IWI_DEBUG
2541         if (iwi_debug > 0) {
2542                 kprintf("Setting ESSID to ");
2543                 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
2544                 kprintf("\n");
2545         }
2546 #endif
2547         error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ni->ni_essid, ni->ni_esslen, 1);
2548         if (error != 0)
2549                 return error;
2550
2551         /* the rate set has already been "negotiated" */
2552         rs.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2553             IWI_MODE_11G;
2554         rs.type = IWI_RATESET_TYPE_NEGOTIATED;
2555         rs.nrates = ni->ni_rates.rs_nrates;
2556         KKASSERT(rs.nrates <= IWI_RATESET_MAXSIZE);
2557         memcpy(rs.rates, ni->ni_rates.rs_rates, rs.nrates);
2558         DPRINTF(("Setting negociated rates (%u)\n", rs.nrates));
2559         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 1);
2560         if (error != 0)
2561                 return error;
2562
2563         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) {
2564                 wme.wme_id = IEEE80211_ELEMID_VENDOR;
2565                 wme.wme_len = sizeof (struct ieee80211_wme_info) - 2;
2566                 wme.wme_oui[0] = 0x00;
2567                 wme.wme_oui[1] = 0x50;
2568                 wme.wme_oui[2] = 0xf2;
2569                 wme.wme_type = WME_OUI_TYPE;
2570                 wme.wme_subtype = WME_INFO_OUI_SUBTYPE;
2571                 wme.wme_version = WME_VERSION;
2572                 wme.wme_info = 0;
2573
2574                 DPRINTF(("Setting WME IE (len=%u)\n", wme.wme_len));
2575                 error = iwi_cmd(sc, IWI_CMD_SET_WMEIE, &wme, sizeof wme, 1);
2576                 if (error != 0)
2577                         return error;
2578         }
2579
2580         if (ic->ic_opt_ie != NULL) {
2581                 DPRINTF(("Setting optional IE (len=%u)\n", ic->ic_opt_ie_len));
2582                 error = iwi_cmd(sc, IWI_CMD_SET_OPTIE, ic->ic_opt_ie,
2583                     ic->ic_opt_ie_len, 1);
2584                 if (error != 0)
2585                         return error;
2586         }
2587
2588         data = htole32(ni->ni_rssi);
2589         DPRINTF(("Setting sensitivity to %d\n", (int8_t)ni->ni_rssi));
2590         error = iwi_cmd(sc, IWI_CMD_SET_SENSITIVITY, &data, sizeof data, 1);
2591         if (error != 0)
2592                 return error;
2593
2594         memset(&assoc, 0, sizeof assoc);
2595         assoc.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2596             IWI_MODE_11G;
2597         assoc.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
2598         if (ni->ni_authmode == IEEE80211_AUTH_SHARED)
2599                 assoc.auth = ic->ic_crypto.cs_def_txkey << 4 | IWI_AUTH_SHARED;
2600         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
2601                 assoc.policy |= htole16(IWI_POLICY_WME);
2602         if (ic->ic_flags & IEEE80211_F_WPA)
2603                 assoc.policy |= htole16(IWI_POLICY_WPA);
2604         memcpy(assoc.tstamp, ni->ni_tstamp.data, 8);
2605
2606         if (ic->ic_opmode == IEEE80211_M_IBSS)
2607                 capinfo = IEEE80211_CAPINFO_IBSS;
2608         else
2609                 capinfo = IEEE80211_CAPINFO_ESS;
2610         if (ic->ic_flags & IEEE80211_F_PRIVACY)
2611                 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2612         if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2613             IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2614                 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2615         if (ic->ic_flags & IEEE80211_F_SHSLOT)
2616                 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2617         assoc.capinfo = htole16(capinfo);
2618
2619         assoc.lintval = htole16(ic->ic_lintval);
2620         assoc.intval = htole16(ni->ni_intval);
2621         IEEE80211_ADDR_COPY(assoc.bssid, ni->ni_bssid);
2622         if (ic->ic_opmode == IEEE80211_M_IBSS)
2623                 IEEE80211_ADDR_COPY(assoc.dst, ifp->if_broadcastaddr);
2624         else
2625                 IEEE80211_ADDR_COPY(assoc.dst, ni->ni_bssid);
2626
2627         DPRINTF(("Trying to associate to %6D channel %u auth %u\n",
2628             assoc.bssid, ":", assoc.chan, assoc.auth));
2629         return iwi_cmd(sc, IWI_CMD_ASSOCIATE, &assoc, sizeof assoc, 1);
2630 }
2631
2632 static void
2633 iwi_init(void *priv)
2634 {
2635         struct iwi_softc *sc = priv;
2636         struct ieee80211com *ic = &sc->sc_ic;
2637         struct ifnet *ifp = ic->ic_ifp;
2638         struct iwi_firmware *fw = &sc->fw;
2639         struct iwi_rx_data *data;
2640         int i;
2641
2642         /* exit immediately if firmware has not been ioctl'd */
2643         if (!(sc->flags & IWI_FLAG_FW_CACHED)) {
2644                 if (!(sc->flags & IWI_FLAG_FW_WARNED))
2645                         device_printf(sc->sc_dev, "Please load firmware\n");
2646                 sc->flags |= IWI_FLAG_FW_WARNED;
2647                 ifp->if_flags &= ~IFF_UP;
2648                 return;
2649         }
2650
2651         iwi_stop(sc);
2652
2653         if (iwi_reset(sc) != 0) {
2654                 device_printf(sc->sc_dev, "could not reset adapter\n");
2655                 goto fail;
2656         }
2657
2658         if (iwi_load_firmware(sc, fw->boot, fw->boot_size) != 0) {
2659                 device_printf(sc->sc_dev, "could not load boot firmware\n");
2660                 goto fail;
2661         }
2662
2663         if (iwi_load_ucode(sc, fw->ucode, fw->ucode_size) != 0) {
2664                 device_printf(sc->sc_dev, "could not load microcode\n");
2665                 goto fail;
2666         }
2667
2668         iwi_stop_master(sc);
2669
2670         CSR_WRITE_4(sc, IWI_CSR_CMD_BASE, sc->cmdq.physaddr);
2671         CSR_WRITE_4(sc, IWI_CSR_CMD_SIZE, sc->cmdq.count);
2672         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
2673
2674         CSR_WRITE_4(sc, IWI_CSR_TX1_BASE, sc->txq[0].physaddr);
2675         CSR_WRITE_4(sc, IWI_CSR_TX1_SIZE, sc->txq[0].count);
2676         CSR_WRITE_4(sc, IWI_CSR_TX1_WIDX, sc->txq[0].cur);
2677
2678         CSR_WRITE_4(sc, IWI_CSR_TX2_BASE, sc->txq[1].physaddr);
2679         CSR_WRITE_4(sc, IWI_CSR_TX2_SIZE, sc->txq[1].count);
2680         CSR_WRITE_4(sc, IWI_CSR_TX2_WIDX, sc->txq[1].cur);
2681
2682         CSR_WRITE_4(sc, IWI_CSR_TX3_BASE, sc->txq[2].physaddr);
2683         CSR_WRITE_4(sc, IWI_CSR_TX3_SIZE, sc->txq[2].count);
2684         CSR_WRITE_4(sc, IWI_CSR_TX3_WIDX, sc->txq[2].cur);
2685
2686         CSR_WRITE_4(sc, IWI_CSR_TX4_BASE, sc->txq[3].physaddr);
2687         CSR_WRITE_4(sc, IWI_CSR_TX4_SIZE, sc->txq[3].count);
2688         CSR_WRITE_4(sc, IWI_CSR_TX4_WIDX, sc->txq[3].cur);
2689
2690         for (i = 0; i < sc->rxq.count; i++) {
2691                 data = &sc->rxq.data[i];
2692                 CSR_WRITE_4(sc, data->reg, data->physaddr);
2693         }
2694
2695         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, sc->rxq.count - 1);
2696
2697         if (iwi_load_firmware(sc, fw->main, fw->main_size) != 0) {
2698                 device_printf(sc->sc_dev, "could not load main firmware\n");
2699                 goto fail;
2700         }
2701
2702         sc->flags |= IWI_FLAG_FW_INITED;
2703
2704         if (iwi_config(sc) != 0) {
2705                 device_printf(sc->sc_dev, "device configuration failed\n");
2706                 goto fail;
2707         }
2708
2709         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2710                 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
2711                         ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2712         } else
2713                 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
2714
2715         ifp->if_flags &= ~IFF_OACTIVE;
2716         ifp->if_flags |= IFF_RUNNING;
2717
2718         return;
2719
2720 fail:   ifp->if_flags &= ~IFF_UP;
2721         iwi_stop(sc);
2722 }
2723
2724 static void
2725 iwi_stop(void *priv)
2726 {
2727         struct iwi_softc *sc = priv;
2728         struct ieee80211com *ic = &sc->sc_ic;
2729         struct ifnet *ifp = ic->ic_ifp;
2730
2731         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2732
2733         iwi_stop_master(sc);
2734
2735         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_SOFT_RESET);
2736
2737         /* reset rings */
2738         iwi_reset_cmd_ring(sc, &sc->cmdq);
2739         iwi_reset_tx_ring(sc, &sc->txq[0]);
2740         iwi_reset_tx_ring(sc, &sc->txq[1]);
2741         iwi_reset_tx_ring(sc, &sc->txq[2]);
2742         iwi_reset_tx_ring(sc, &sc->txq[3]);
2743         iwi_reset_rx_ring(sc, &sc->rxq);
2744
2745         sc->sc_tx_timer = 0;
2746         ifp->if_timer = 0;
2747         ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
2748 }
2749
2750 static int
2751 iwi_sysctl_stats(SYSCTL_HANDLER_ARGS)
2752 {
2753         struct iwi_softc *sc = arg1;
2754         struct ifnet *ifp = &sc->sc_ic.ic_if;
2755         uint32_t size, buf[128];
2756
2757         lwkt_serialize_enter(ifp->if_serializer);
2758
2759         if (!(sc->flags & IWI_FLAG_FW_INITED)) {
2760                 memset(buf, 0, sizeof buf);
2761                 goto back;
2762         }
2763
2764         size = min(CSR_READ_4(sc, IWI_CSR_TABLE0_SIZE), 128 - 1);
2765         CSR_READ_REGION_4(sc, IWI_CSR_TABLE0_BASE, &buf[1], size);
2766 back:
2767         lwkt_serialize_exit(ifp->if_serializer);
2768         return SYSCTL_OUT(req, buf, sizeof buf);
2769 }
2770
2771 static int
2772 iwi_sysctl_radio(SYSCTL_HANDLER_ARGS)
2773 {
2774         struct iwi_softc *sc = arg1;
2775         struct ifnet *ifp = &sc->sc_ic.ic_if;
2776         int val;
2777
2778         lwkt_serialize_enter(ifp->if_serializer);
2779         val = (CSR_READ_4(sc, IWI_CSR_IO) & IWI_IO_RADIO_ENABLED) ? 1 : 0;
2780         lwkt_serialize_exit(ifp->if_serializer);
2781
2782         return SYSCTL_OUT(req, &val, sizeof val);
2783 }
2784
2785 static const int8_t     iwi_bitmap[256] = {
2786         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2787         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2788         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2789         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2790         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2791         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2792         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2793         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 7, 
2794         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2795         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2796         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2797         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2798         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2799         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2800         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2801         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, -1
2802 };
2803
2804 static int
2805 iwi_alloc_ibss_node(struct iwi_softc *sc)
2806 {
2807         int i;
2808
2809         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2810
2811         for (i = 0; i < IWI_MAX_IBSSNODE_NBYTE; ++i) {
2812                 int ret;
2813
2814                 ret = iwi_bitmap[sc->sc_ibss_node[i]];
2815                 if (ret != -1) {
2816                         sc->sc_ibss_node[i] |= (1 << ret);
2817                         ret += (i * NBBY);
2818                         return ret;
2819                 }
2820         }
2821         return -1;
2822 }
2823
2824 static void
2825 iwi_free_ibss_node(struct iwi_softc *sc, int ibss_node)
2826 {
2827         int i, b;
2828
2829         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2830         KASSERT(ibss_node < IWI_MAX_IBSSNODE, ("free ibss node, out of range"));
2831
2832         i = ibss_node / NBBY;
2833         b = ibss_node % NBBY;
2834
2835         sc->sc_ibss_node[i] &= ~(1 << b);
2836 }
DragonFly Project Source