iwi(4) does not support hardware based WEP encryption/descryption.
[dragonfly.git] / sys / dev / netif / iwi / if_iwi.c
1 /*
2  * Copyright (c) 2004-2006
3  *      Damien Bergamini <damien.bergamini@free.fr>.
4  * Copyright (c) 2004, 2005
5  *      Andrew Atrens <atrens@nortelnetworks.com>.
6  *
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice unmodified, this list of conditions, and the following
14  *    disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  * $FreeBSD: src/sys/dev/iwi/if_iwi.c,v 1.8.2.6 2006/02/23 02:06:46 sam Exp $
32  * $DragonFly: src/sys/dev/netif/iwi/if_iwi.c,v 1.20 2008/05/10 07:11:28 sephe Exp $
33  */
34
35 /*-
36  * Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
37  * http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm
38  */
39
40 #include <sys/param.h>
41 #include <sys/sysctl.h>
42 #include <sys/sockio.h>
43 #include <sys/mbuf.h>
44 #include <sys/kernel.h>
45 #include <sys/kthread.h>
46 #include <sys/socket.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/module.h>
50 #include <sys/endian.h>
51 #include <sys/proc.h>
52 #include <sys/ucred.h>
53 #include <sys/bus.h>
54 #include <sys/rman.h>
55 #include <sys/serialize.h>
56
57 #include <bus/pci/pcidevs.h>
58 #include <bus/pci/pcireg.h>
59 #include <bus/pci/pcivar.h>
60
61 #include <net/bpf.h>
62 #include <net/if.h>
63 #include <net/if_arp.h>
64 #include <net/ethernet.h>
65 #include <net/if_dl.h>
66 #include <net/if_media.h>
67 #include <net/if_types.h>
68 #include <net/ifq_var.h>
69
70 #include <netproto/802_11/ieee80211_var.h>
71 #include <netproto/802_11/ieee80211_radiotap.h>
72
73 #include <netinet/in.h>
74 #include <netinet/in_systm.h>
75 #include <netinet/in_var.h>
76 #include <netinet/ip.h>
77 #include <netinet/if_ether.h>
78
79 #include <dev/netif/iwi/if_iwireg.h>
80 #include <dev/netif/iwi/if_iwivar.h>
81
82 #ifdef IWI_DEBUG
83 #define DPRINTF(x)      do { if (iwi_debug > 0) kprintf x; } while (0)
84 #define DPRINTFN(n, x)  do { if (iwi_debug >= (n)) kprintf x; } while (0)
85 int iwi_debug = 0;
86 SYSCTL_INT(_debug, OID_AUTO, iwi, CTLFLAG_RW, &iwi_debug, 0, "iwi debug level");
87 #else
88 #define DPRINTF(x)
89 #define DPRINTFN(n, x)
90 #endif
91
92 static struct iwi_ident {
93         uint16_t        vendor;
94         uint16_t        device;
95         const char      *name;
96 } iwi_ident_table[] = {
97         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2200BG,
98                 "Intel(R) PRO/Wireless 2200BG" },
99         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2225BG,
100                 "Intel(R) PRO/Wireless 2225BG" },
101         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_1,
102                 "Intel(R) PRO/Wireless 2915ABG" },
103         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_2,
104                 "Intel(R) PRO/Wireless 2915ABG" },
105         { 0, 0, NULL }
106 };
107
108 static void     iwi_fw_monitor(void *);
109 static void     iwi_dma_map_addr(void *, bus_dma_segment_t *, int, int);
110 static void     iwi_dma_map_mbuf(void *, bus_dma_segment_t *, int, bus_size_t,
111                                  int);
112 static int      iwi_alloc_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *,
113                     int);
114 static void     iwi_reset_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
115 static void     iwi_free_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
116 static int      iwi_alloc_tx_ring(struct iwi_softc *, struct iwi_tx_ring *,
117                     int, bus_addr_t, bus_addr_t);
118 static void     iwi_reset_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
119 static void     iwi_free_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
120 static int      iwi_alloc_rx_ring(struct iwi_softc *, struct iwi_rx_ring *,
121                     int);
122 static void     iwi_reset_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
123 static void     iwi_free_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
124 static struct   ieee80211_node *iwi_node_alloc(struct ieee80211_node_table *);
125 static void     iwi_node_free(struct ieee80211_node *);
126 static int      iwi_media_change(struct ifnet *);
127 static void     iwi_media_status(struct ifnet *, struct ifmediareq *);
128 static int      iwi_newstate(struct ieee80211com *, enum ieee80211_state, int);
129 static int      iwi_wme_update(struct ieee80211com *);
130 static uint16_t iwi_read_prom_word(struct iwi_softc *, uint8_t);
131 static void     iwi_fix_channel(struct ieee80211com *, struct mbuf *);
132 static void     iwi_frame_intr(struct iwi_softc *, struct iwi_rx_data *, int,
133                     struct iwi_frame *);
134 static void     iwi_notification_intr(struct iwi_softc *, struct iwi_notif *);
135 static void     iwi_rx_intr(struct iwi_softc *);
136 static void     iwi_tx_intr(struct iwi_softc *, struct iwi_tx_ring *);
137 static void     iwi_intr(void *);
138 static int      iwi_cmd(struct iwi_softc *, uint8_t, void *, uint8_t, int);
139 static void     iwi_write_ibssnode(struct iwi_softc *, const struct iwi_node *);
140 static int      iwi_tx_start(struct ifnet *, struct mbuf *,
141                     struct ieee80211_node *, int);
142 static void     iwi_start(struct ifnet *);
143 static void     iwi_watchdog(struct ifnet *);
144 static int      iwi_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
145 static void     iwi_stop_master(struct iwi_softc *);
146 static int      iwi_reset(struct iwi_softc *);
147 static int      iwi_load_ucode(struct iwi_softc *, void *, int);
148 static int      iwi_load_firmware(struct iwi_softc *, void *, int);
149 static int      iwi_cache_firmware(struct iwi_softc *, void *);
150 static void     iwi_free_firmware(struct iwi_softc *);
151 static int      iwi_config(struct iwi_softc *);
152 static int      iwi_set_chan(struct iwi_softc *, struct ieee80211_channel *);
153 static int      iwi_scan(struct iwi_softc *);
154 static int      iwi_auth_and_assoc(struct iwi_softc *);
155 static void     iwi_init(void *);
156 static void     iwi_stop(void *);
157 static int      iwi_sysctl_stats(SYSCTL_HANDLER_ARGS);
158 static int      iwi_sysctl_radio(SYSCTL_HANDLER_ARGS);
159
160 static int      iwi_probe(device_t);
161 static int      iwi_attach(device_t);
162 static int      iwi_detach(device_t);
163 static int      iwi_shutdown(device_t);
164 static int      iwi_suspend(device_t);
165 static int      iwi_resume(device_t);
166
167 static int      iwi_alloc_ibss_node(struct iwi_softc *);
168 static void     iwi_free_ibss_node(struct iwi_softc *, int);
169
170 static device_method_t iwi_methods[] = {
171         /* Device interface */
172         DEVMETHOD(device_probe,         iwi_probe),
173         DEVMETHOD(device_attach,        iwi_attach),
174         DEVMETHOD(device_detach,        iwi_detach),
175         DEVMETHOD(device_shutdown,      iwi_shutdown),
176         DEVMETHOD(device_suspend,       iwi_suspend),
177         DEVMETHOD(device_resume,        iwi_resume),
178
179         { 0, 0 }
180 };
181
182 static driver_t iwi_driver = {
183         "iwi",
184         iwi_methods,
185         sizeof (struct iwi_softc)
186 };
187
188 static devclass_t iwi_devclass;
189
190 DRIVER_MODULE(iwi, pci, iwi_driver, iwi_devclass, 0, 0);
191
192 MODULE_DEPEND(iwi, pci,  1, 1, 1);
193 MODULE_DEPEND(iwi, wlan, 1, 1, 1);
194
195 /*
196  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
197  */
198 static const struct ieee80211_rateset iwi_rateset_11a =
199         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
200
201 static const struct ieee80211_rateset iwi_rateset_11b =
202         { 4, { 2, 4, 11, 22 } };
203
204 static const struct ieee80211_rateset iwi_rateset_11g =
205         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
206
207 static void
208 iwi_fw_monitor(void *arg)
209 {
210         struct iwi_softc *sc = arg;
211         struct ifnet *ifp = &sc->sc_ic.ic_if;
212
213         lwkt_serialize_enter(ifp->if_serializer);
214         for (;;) {
215                 int error = 0;
216
217                 /*
218                  * Test to see whether we are detaching,
219                  * this is used to avoid race condition
220                  * especially when attaching fails.
221                  */
222                 if ((sc->flags & IWI_FLAG_EXIT) == 0) {
223                         crit_enter();
224                         tsleep_interlock(IWI_FW_WAKE_MONITOR(sc));
225                         lwkt_serialize_exit(ifp->if_serializer);
226                         error = tsleep(IWI_FW_WAKE_MONITOR(sc),
227                                        0, "iwifwm", 0);
228                         crit_exit();
229                         lwkt_serialize_enter(ifp->if_serializer);
230                 }
231
232                 if (error == 0) {
233                         int boff;
234
235                         if (sc->flags & IWI_FLAG_EXIT)
236                                 break;
237                         else if ((sc->flags & IWI_FLAG_RESET) == 0)
238                                 continue;
239
240                         if_printf(ifp, "reset firmware\n");
241                         for (boff = 1; sc->flags & IWI_FLAG_RESET; boff++) {
242                                 iwi_init(sc);
243                                 if (sc->flags & IWI_FLAG_FW_INITED) {
244                                         sc->flags &= ~IWI_FLAG_RESET;
245                                 } else if (boff > 10) { /* XXX */
246                                         if_printf(ifp, "fw reset failed.  "
247                                                   "retrying...\n");
248
249                                         /* XXX avoid to sleep to long */
250                                         boff = 1;
251                                 }
252
253                                 /*
254                                  * Since this would be infinite loop,
255                                  * if reseting firmware never succeeded,
256                                  * we test to see whether we are detaching.
257                                  */
258                                 if (sc->flags & IWI_FLAG_EXIT)
259                                         break;
260
261                                 crit_enter();
262                                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
263                                 lwkt_serialize_exit(ifp->if_serializer);
264                                 error = tsleep(IWI_FW_CMD_ACKED(sc), 0,
265                                                "iwirun", boff * hz);
266                                 crit_exit();
267                                 lwkt_serialize_enter(ifp->if_serializer);
268                         }
269                 }
270         }
271         lwkt_serialize_exit(ifp->if_serializer);
272
273         if_printf(ifp, "fw monitor exiting\n");
274         wakeup(IWI_FW_EXIT_MONITOR(sc));
275         kthread_exit();
276 }
277
278 static int
279 iwi_probe(device_t dev)
280 {
281         const struct iwi_ident *ident;
282         uint16_t vid, did;
283
284         vid = pci_get_vendor(dev);
285         did = pci_get_device(dev);
286         for (ident = iwi_ident_table; ident->name != NULL; ident++) {
287                 if (vid == ident->vendor && did == ident->device) {
288                         device_set_desc(dev, ident->name);
289                         return 0;
290                 }
291         }
292         return ENXIO;
293 }
294
295 /* Base Address Register */
296 #define IWI_PCI_BAR0    0x10
297
298 static int
299 iwi_attach(device_t dev)
300 {
301         struct iwi_softc *sc = device_get_softc(dev);
302         struct ieee80211com *ic = &sc->sc_ic;
303         struct ifnet *ifp = &ic->ic_if;
304         uint16_t val;
305         int error, i;
306
307         sc->sc_dev = dev;
308         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
309
310         if (pci_get_powerstate(dev) != PCI_POWERSTATE_D0) {
311                 device_printf(dev, "chip is in D%d power mode "
312                     "-- setting to D0\n", pci_get_powerstate(dev));
313                 pci_set_powerstate(dev, PCI_POWERSTATE_D0);
314         }
315
316         pci_write_config(dev, 0x41, 0, 1);
317
318         /* enable bus-mastering */
319         pci_enable_busmaster(dev);
320
321         sc->mem_rid = IWI_PCI_BAR0;
322         sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
323                                          RF_ACTIVE);
324         if (sc->mem == NULL) {
325                 device_printf(dev, "could not allocate memory resource\n");
326                 return ENXIO;
327         }
328         sc->sc_st = rman_get_bustag(sc->mem);
329         sc->sc_sh = rman_get_bushandle(sc->mem);
330
331         sc->irq_rid = 0;
332         sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
333                                          RF_ACTIVE | RF_SHAREABLE);
334         if (sc->irq == NULL) {
335                 device_printf(dev, "could not allocate interrupt resource\n");
336                 goto fail;
337         }
338
339         if (iwi_reset(sc) != 0) {
340                 device_printf(dev, "could not reset adapter\n");
341                 goto fail;
342         }
343
344         /*
345          * Allocate rings.
346          */
347         error = iwi_alloc_cmd_ring(sc, &sc->cmdq, IWI_CMD_RING_COUNT);
348         if (error != 0) {
349                 device_printf(dev, "could not allocate Cmd ring\n");
350                 goto fail;
351         }
352
353         error = iwi_alloc_tx_ring(sc, &sc->txq[0], IWI_TX_RING_COUNT,
354                                   IWI_CSR_TX1_RIDX, IWI_CSR_TX1_WIDX);
355         if (error != 0) {
356                 device_printf(dev, "could not allocate Tx ring 1\n");
357                 goto fail;
358         }
359
360         error = iwi_alloc_tx_ring(sc, &sc->txq[1], IWI_TX_RING_COUNT,
361                                   IWI_CSR_TX2_RIDX, IWI_CSR_TX2_WIDX);
362         if (error != 0) {
363                 device_printf(dev, "could not allocate Tx ring 2\n");
364                 goto fail;
365         }
366
367         error = iwi_alloc_tx_ring(sc, &sc->txq[2], IWI_TX_RING_COUNT,
368                                   IWI_CSR_TX3_RIDX, IWI_CSR_TX3_WIDX);
369         if (error != 0) {
370                 device_printf(dev, "could not allocate Tx ring 3\n");
371                 goto fail;
372         }
373
374         error = iwi_alloc_tx_ring(sc, &sc->txq[3], IWI_TX_RING_COUNT,
375                                   IWI_CSR_TX4_RIDX, IWI_CSR_TX4_WIDX);
376         if (error != 0) {
377                 device_printf(dev, "could not allocate Tx ring 4\n");
378                 goto fail;
379         }
380
381         error = iwi_alloc_rx_ring(sc, &sc->rxq, IWI_RX_RING_COUNT);
382         if (error != 0) {
383                 device_printf(dev, "could not allocate Rx ring\n");
384                 goto fail;
385         }
386
387         sysctl_ctx_init(&sc->sysctl_ctx);
388         sc->sysctl_tree = SYSCTL_ADD_NODE(&sc->sysctl_ctx,
389                                 SYSCTL_STATIC_CHILDREN(_hw),
390                                 OID_AUTO,
391                                 device_get_nameunit(dev),
392                                 CTLFLAG_RD,
393                                 0, "");
394         if (sc->sysctl_tree == NULL) {
395                 device_printf(dev, "sysctl add node failed\n");
396                 error = EIO;
397                 goto fail;
398         }
399
400         ifp->if_softc = sc;
401         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
402         ifp->if_init = iwi_init;
403         ifp->if_ioctl = iwi_ioctl;
404         ifp->if_start = iwi_start;
405         ifp->if_watchdog = iwi_watchdog;
406         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
407         ifq_set_ready(&ifp->if_snd);
408
409         ic->ic_wme.wme_update = iwi_wme_update;
410         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
411         ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
412         ic->ic_state = IEEE80211_S_INIT;
413
414         /* set device capabilities */
415         ic->ic_caps =
416             IEEE80211_C_IBSS |          /* IBSS mode supported */
417             IEEE80211_C_MONITOR |       /* monitor mode supported */
418             IEEE80211_C_TXPMGT |        /* tx power management */
419             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
420             IEEE80211_C_WPA |           /* 802.11i */
421             IEEE80211_C_WME;            /* 802.11e */
422
423         /* read MAC address from EEPROM */
424         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 0);
425         ic->ic_myaddr[0] = val & 0xff;
426         ic->ic_myaddr[1] = val >> 8;
427         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 1);
428         ic->ic_myaddr[2] = val & 0xff;
429         ic->ic_myaddr[3] = val >> 8;
430         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 2);
431         ic->ic_myaddr[4] = val & 0xff;
432         ic->ic_myaddr[5] = val >> 8;
433
434         if (pci_get_device(dev) >= 0x4223) {
435                 /* set supported .11a rates (2915ABG only) */
436                 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwi_rateset_11a;
437
438                 /* set supported .11a channels */
439                 for (i = 36; i <= 64; i += 4) {
440                         ic->ic_channels[i].ic_freq =
441                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
442                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
443                 }
444                 for (i = 149; i <= 165; i += 4) {
445                         ic->ic_channels[i].ic_freq =
446                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
447                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
448                 }
449         }
450
451         /* set supported .11b and .11g rates */
452         ic->ic_sup_rates[IEEE80211_MODE_11B] = iwi_rateset_11b;
453         ic->ic_sup_rates[IEEE80211_MODE_11G] = iwi_rateset_11g;
454
455         /* set supported .11b and .11g channels (1 through 14) */
456         for (i = 1; i <= 14; i++) {
457                 ic->ic_channels[i].ic_freq =
458                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
459                 ic->ic_channels[i].ic_flags =
460                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
461                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
462         }
463
464         ieee80211_ifattach(ic);
465         /* override default methods */
466         ic->ic_node_alloc = iwi_node_alloc;
467         sc->sc_node_free = ic->ic_node_free;
468         ic->ic_node_free = iwi_node_free;
469         /* override state transition machine */
470         sc->sc_newstate = ic->ic_newstate;
471         ic->ic_newstate = iwi_newstate;
472         ieee80211_media_init(ic, iwi_media_change, iwi_media_status);
473
474         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
475             sizeof (struct ieee80211_frame) + 64, &sc->sc_drvbpf);
476
477         sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
478         sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
479         sc->sc_rxtap.wr_ihdr.it_present = htole32(IWI_RX_RADIOTAP_PRESENT);
480
481         sc->sc_txtap_len = sizeof sc->sc_txtapu;
482         sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
483         sc->sc_txtap.wt_ihdr.it_present = htole32(IWI_TX_RADIOTAP_PRESENT);
484
485         /*
486          * Add a few sysctl knobs.
487          */
488         sc->dwelltime = 100;
489         sc->bluetooth = 1;
490         sc->antenna = 0;
491
492         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
493             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "radio",
494             CTLTYPE_INT | CTLFLAG_RD, sc, 0, iwi_sysctl_radio, "I",
495             "radio transmitter switch state (0=off, 1=on)");
496
497         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
498             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "stats",
499             CTLTYPE_OPAQUE | CTLFLAG_RD, sc, 0, iwi_sysctl_stats, "S",
500             "statistics");
501
502         SYSCTL_ADD_INT(&sc->sysctl_ctx,
503             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "dwell",
504             CTLFLAG_RW, &sc->dwelltime, 0,
505             "channel dwell time (ms) for AP/station scanning");
506
507         SYSCTL_ADD_INT(&sc->sysctl_ctx,
508             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "bluetooth",
509             CTLFLAG_RW, &sc->bluetooth, 0, "bluetooth coexistence");
510
511         SYSCTL_ADD_INT(&sc->sysctl_ctx,
512             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "antenna",
513             CTLFLAG_RW, &sc->antenna, 0, "antenna (0=auto)");
514
515         /*
516          * Start firmware monitoring thread
517          *
518          * NOTE:
519          * This should be done only after serializer is initialized,
520          * i.e. after ieee80211_ifattach(), because serializer will be
521          * held once iwi_fw_monitor() is entered.
522          */
523         error = kthread_create(iwi_fw_monitor, sc, &sc->sc_fw_monitor,
524                                "%s:fw-monitor", device_get_nameunit(dev));
525         if (error) {
526                 device_printf(dev, "could not create fw monitor\n");
527                 goto fail1;
528         }
529         sc->flags |= IWI_FLAG_MONITOR;
530
531         /*
532          * Hook our interrupt after all initialization is complete.
533          */
534         error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE, iwi_intr, sc,
535                                &sc->sc_ih, ifp->if_serializer);
536         if (error != 0) {
537                 device_printf(dev, "could not set up interrupt\n");
538                 goto fail1;
539         }
540
541         if (bootverbose)
542                 ieee80211_announce(ic);
543
544         return 0;
545
546 fail1:
547         bpfdetach(ifp);
548         ieee80211_ifdetach(ic);
549 fail:
550         iwi_detach(dev);
551         return ENXIO;
552 }
553
554 static int
555 iwi_detach(device_t dev)
556 {
557         struct iwi_softc *sc = device_get_softc(dev);
558         struct ieee80211com *ic = &sc->sc_ic;
559         struct ifnet *ifp = ic->ic_ifp;
560
561         if (sc->flags & IWI_FLAG_MONITOR) {
562                 lwkt_serialize_enter(ifp->if_serializer);
563                 sc->flags |= IWI_FLAG_EXIT;
564                 wakeup(IWI_FW_WAKE_MONITOR(sc));
565
566                 crit_enter();
567                 tsleep_interlock(IWI_FW_EXIT_MONITOR(sc));
568                 lwkt_serialize_exit(ifp->if_serializer);
569                 tsleep(IWI_FW_EXIT_MONITOR(sc), 0, "iwiexi", 0);
570                 crit_exit();
571                 /* No need to hold serializer again */
572
573                 if_printf(ifp, "fw monitor exited\n");
574         }
575
576         if (device_is_attached(dev)) {
577                 lwkt_serialize_enter(ifp->if_serializer);
578
579                 iwi_stop(sc);
580                 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
581                 iwi_free_firmware(sc);
582
583                 lwkt_serialize_exit(ifp->if_serializer);
584
585                 bpfdetach(ifp);
586                 ieee80211_ifdetach(ic);
587         }
588
589         iwi_free_cmd_ring(sc, &sc->cmdq);
590         iwi_free_tx_ring(sc, &sc->txq[0]);
591         iwi_free_tx_ring(sc, &sc->txq[1]);
592         iwi_free_tx_ring(sc, &sc->txq[2]);
593         iwi_free_tx_ring(sc, &sc->txq[3]);
594         iwi_free_rx_ring(sc, &sc->rxq);
595
596         if (sc->irq != NULL)
597                 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
598
599         if (sc->mem != NULL)
600                 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
601
602         if (sc->sysctl_tree != NULL)
603                 sysctl_ctx_free(&sc->sysctl_ctx);
604
605         return 0;
606 }
607
608 static void
609 iwi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
610 {
611         if (error != 0)
612                 return;
613
614         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
615
616         *(bus_addr_t *)arg = segs[0].ds_addr;
617 }
618
619 static int
620 iwi_alloc_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring, int count)
621 {
622         int error;
623
624         ring->count = count;
625         ring->queued = 0;
626         ring->cur = ring->next = 0;
627
628         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
629             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_CMD_DESC_SIZE, 1,
630             count * IWI_CMD_DESC_SIZE, 0, &ring->desc_dmat);
631         if (error != 0) {
632                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
633                 goto fail;
634         }
635
636         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
637             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
638         if (error != 0) {
639                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
640                 goto fail;
641         }
642
643         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
644             count * IWI_CMD_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
645         if (error != 0) {
646                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
647                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
648                 ring->desc = NULL;
649                 return error;
650         }
651
652         return 0;
653
654 fail:   iwi_free_cmd_ring(sc, ring);
655         return error;
656 }
657
658 static void
659 iwi_reset_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
660 {
661         ring->queued = 0;
662         ring->cur = ring->next = 0;
663 }
664
665 static void
666 iwi_free_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
667 {
668         if (ring->desc != NULL) {
669                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
670                     BUS_DMASYNC_POSTWRITE);
671                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
672                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
673                 ring->desc = NULL;
674         }
675
676         if (ring->desc_dmat != NULL) {
677                 bus_dma_tag_destroy(ring->desc_dmat);   
678                 ring->desc_dmat = NULL;
679         }
680 }
681
682 static int
683 iwi_alloc_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring, int count,
684     bus_addr_t csr_ridx, bus_addr_t csr_widx)
685 {
686         int i, error;
687
688         ring->count = count;
689         ring->queued = 0;
690         ring->cur = ring->next = 0;
691         ring->csr_ridx = csr_ridx;
692         ring->csr_widx = csr_widx;
693
694         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
695             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_TX_DESC_SIZE, 1,
696             count * IWI_TX_DESC_SIZE, 0, &ring->desc_dmat);
697         if (error != 0) {
698                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
699                 goto fail;
700         }
701
702         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
703             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
704         if (error != 0) {
705                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
706                 goto fail;
707         }
708
709         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
710             count * IWI_TX_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
711         if (error != 0) {
712                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
713
714                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
715                 ring->desc = NULL;
716                 goto fail;
717         }
718
719         ring->data = kmalloc(count * sizeof (struct iwi_tx_data), M_DEVBUF,
720             M_WAITOK | M_ZERO);
721
722         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
723             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, IWI_MAX_NSEG - 2,
724             MCLBYTES, 0, &ring->data_dmat);
725         if (error != 0) {
726                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
727                 goto fail;
728         }
729
730         for (i = 0; i < count; i++) {
731                 error = bus_dmamap_create(ring->data_dmat, 0,
732                     &ring->data[i].map);
733                 if (error != 0) {
734                         device_printf(sc->sc_dev, "could not create DMA map\n");
735                         goto fail;
736                 }
737         }
738
739         return 0;
740
741 fail:   iwi_free_tx_ring(sc, ring);
742         return error;
743 }
744
745 static void
746 iwi_reset_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
747 {
748         struct iwi_tx_data *data;
749         int i;
750
751         for (i = 0; i < ring->count; i++) {
752                 data = &ring->data[i];
753
754                 if (data->m != NULL) {
755                         bus_dmamap_sync(ring->data_dmat, data->map,
756                             BUS_DMASYNC_POSTWRITE);
757                         bus_dmamap_unload(ring->data_dmat, data->map);
758                         m_freem(data->m);
759                         data->m = NULL;
760                 }
761
762                 if (data->ni != NULL) {
763                         ieee80211_free_node(data->ni);
764                         data->ni = NULL;
765                 }
766         }
767
768         ring->queued = 0;
769         ring->cur = ring->next = 0;
770 }
771
772 static void
773 iwi_free_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
774 {
775         struct iwi_tx_data *data;
776         int i;
777
778         if (ring->desc != NULL) {
779                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
780                     BUS_DMASYNC_POSTWRITE);
781                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
782                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
783                 ring->desc = NULL;
784         }
785
786         if (ring->desc_dmat != NULL) {
787                 bus_dma_tag_destroy(ring->desc_dmat);
788                 ring->desc_dmat = NULL;
789         }
790
791         if (ring->data != NULL) {
792                 for (i = 0; i < ring->count; i++) {
793                         data = &ring->data[i];
794
795                         if (data->m != NULL) {
796                                 bus_dmamap_sync(ring->data_dmat, data->map,
797                                     BUS_DMASYNC_POSTWRITE);
798                                 bus_dmamap_unload(ring->data_dmat, data->map);
799                                 m_freem(data->m);
800                                 data->m = NULL;
801                         }
802
803                         if (data->ni != NULL) {
804                                 ieee80211_free_node(data->ni);
805                                 data->ni = NULL;
806                         }
807
808                         if (data->map != NULL) {
809                                 bus_dmamap_destroy(ring->data_dmat, data->map);
810                                 data->map = NULL;
811                         }
812                 }
813
814                 kfree(ring->data, M_DEVBUF);
815                 ring->data = NULL;
816         }
817
818         if (ring->data_dmat != NULL) {
819                 bus_dma_tag_destroy(ring->data_dmat);
820                 ring->data_dmat = NULL;
821         }
822 }
823
824 static int
825 iwi_alloc_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring, int count)
826 {
827         struct iwi_rx_data *data;
828         int i, error;
829
830         ring->count = count;
831         ring->cur = 0;
832
833         ring->data = kmalloc(count * sizeof (struct iwi_rx_data), M_DEVBUF,
834             M_WAITOK | M_ZERO);
835
836         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
837             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1, MCLBYTES, 0,
838             &ring->data_dmat);
839         if (error != 0) {
840                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
841                 goto fail;
842         }
843
844         for (i = 0; i < count; i++) {
845                 data = &ring->data[i];
846
847                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
848                 if (error != 0) {
849                         device_printf(sc->sc_dev, "could not create DMA map\n");
850                         goto fail;
851                 }
852
853                 data->m = m_getcl(MB_WAIT, MT_DATA, M_PKTHDR);
854                 if (data->m == NULL) {
855                         device_printf(sc->sc_dev,
856                             "could not allocate rx mbuf\n");
857                         error = ENOMEM;
858                         goto fail;
859                 }
860
861                 error = bus_dmamap_load(ring->data_dmat, data->map,
862                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
863                     &data->physaddr, 0);
864                 if (error != 0) {
865                         device_printf(sc->sc_dev,
866                             "could not load rx buf DMA map");
867
868                         m_freem(data->m);
869                         data->m = NULL;
870                         goto fail;
871                 }
872
873                 data->reg = IWI_CSR_RX_BASE + i * 4;
874         }
875
876         return 0;
877
878 fail:   iwi_free_rx_ring(sc, ring);
879         return error;
880 }
881
882 static void
883 iwi_reset_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
884 {
885         ring->cur = 0;
886 }
887
888 static void
889 iwi_free_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
890 {
891         struct iwi_rx_data *data;
892         int i;
893
894         if (ring->data != NULL) {
895                 for (i = 0; i < ring->count; i++) {
896                         data = &ring->data[i];
897
898                         if (data->m != NULL) {
899                                 bus_dmamap_sync(ring->data_dmat, data->map,
900                                     BUS_DMASYNC_POSTREAD);
901                                 bus_dmamap_unload(ring->data_dmat, data->map);
902                                 m_freem(data->m);
903                                 data->m = NULL;
904                         }
905
906                         if (data->map != NULL) {
907                                 bus_dmamap_destroy(ring->data_dmat, data->map);
908                                 data->map = NULL;
909                         }
910                 }
911
912                 kfree(ring->data, M_DEVBUF);
913                 ring->data = NULL;
914         }
915
916         if (ring->data_dmat != NULL) {
917                 bus_dma_tag_destroy(ring->data_dmat);
918                 ring->data_dmat = NULL;
919         }
920 }
921
922 static int
923 iwi_shutdown(device_t dev)
924 {
925         struct iwi_softc *sc = device_get_softc(dev);
926         struct ifnet *ifp = &sc->sc_ic.ic_if;
927
928         lwkt_serialize_enter(ifp->if_serializer);
929         iwi_stop(sc);
930         lwkt_serialize_exit(ifp->if_serializer);
931
932         return 0;
933 }
934
935 static int
936 iwi_suspend(device_t dev)
937 {
938         struct iwi_softc *sc = device_get_softc(dev);
939         struct ifnet *ifp = &sc->sc_ic.ic_if;
940
941         lwkt_serialize_enter(ifp->if_serializer);
942         iwi_stop(sc);
943         lwkt_serialize_exit(ifp->if_serializer);
944
945         return 0;
946 }
947
948 static int
949 iwi_resume(device_t dev)
950 {
951         struct iwi_softc *sc = device_get_softc(dev);
952         struct ifnet *ifp = sc->sc_ic.ic_ifp;
953
954         lwkt_serialize_enter(ifp->if_serializer);
955
956         pci_write_config(dev, 0x41, 0, 1);
957
958         if (ifp->if_flags & IFF_UP) {
959                 ifp->if_init(ifp->if_softc);
960                 if (ifp->if_flags & IFF_RUNNING)
961                         ifp->if_start(ifp);
962         }
963
964         lwkt_serialize_exit(ifp->if_serializer);
965
966         return 0;
967 }
968
969 static struct ieee80211_node *
970 iwi_node_alloc(struct ieee80211_node_table *nt)
971 {
972         struct iwi_node *in;
973
974         in = kmalloc(sizeof (struct iwi_node), M_80211_NODE, M_NOWAIT | M_ZERO);
975         if (in == NULL)
976                 return NULL;
977
978         in->in_station = -1;
979
980         return &in->in_node;
981 }
982
983 static void
984 iwi_node_free(struct ieee80211_node *ni)
985 {
986         struct ieee80211com *ic = ni->ni_ic;
987         struct iwi_softc *sc = ic->ic_ifp->if_softc;
988         struct iwi_node *in = (struct iwi_node *)ni;
989
990         if (in->in_station != -1)
991                 iwi_free_ibss_node(sc, in->in_station);
992
993         sc->sc_node_free(ni);
994 }
995
996 static int
997 iwi_media_change(struct ifnet *ifp)
998 {
999         struct iwi_softc *sc = ifp->if_softc;
1000         int error;
1001
1002         ASSERT_SERIALIZED(ifp->if_serializer);
1003
1004         error = ieee80211_media_change(ifp);
1005         if (error != ENETRESET)
1006                 return error;
1007
1008         if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
1009                 iwi_init(sc);
1010         return 0;
1011 }
1012
1013 /*
1014  * The firmware automatically adapts the transmit speed.  We report its current
1015  * value here.
1016  */
1017 static void
1018 iwi_media_status(struct ifnet *ifp, struct ifmediareq *imr)
1019 {
1020         struct iwi_softc *sc = ifp->if_softc;
1021         struct ieee80211com *ic = &sc->sc_ic;
1022 #define N(a)    (sizeof (a) / sizeof (a[0]))
1023         static const struct {
1024                 uint32_t        val;
1025                 int             rate;
1026         } rates[] = {
1027                 { IWI_RATE_DS1,      2 },
1028                 { IWI_RATE_DS2,      4 },
1029                 { IWI_RATE_DS5,     11 },
1030                 { IWI_RATE_DS11,    22 },
1031                 { IWI_RATE_OFDM6,   12 },
1032                 { IWI_RATE_OFDM9,   18 },
1033                 { IWI_RATE_OFDM12,  24 },
1034                 { IWI_RATE_OFDM18,  36 },
1035                 { IWI_RATE_OFDM24,  48 },
1036                 { IWI_RATE_OFDM36,  72 },
1037                 { IWI_RATE_OFDM48,  96 },
1038                 { IWI_RATE_OFDM54, 108 },
1039         };
1040         uint32_t val;
1041         int rate, i;
1042
1043         imr->ifm_status = IFM_AVALID;
1044         imr->ifm_active = IFM_IEEE80211;
1045         if (ic->ic_state == IEEE80211_S_RUN)
1046                 imr->ifm_status |= IFM_ACTIVE;
1047
1048         /* read current transmission rate from adapter */
1049         val = CSR_READ_4(sc, IWI_CSR_CURRENT_TX_RATE);
1050
1051         /* convert rate to 802.11 rate */
1052         for (i = 0; i < N(rates) && rates[i].val != val; i++);
1053         rate = (i < N(rates)) ? rates[i].rate : 0;
1054
1055         imr->ifm_active |= ieee80211_rate2media(ic, rate, ic->ic_curmode);
1056         switch (ic->ic_opmode) {
1057         case IEEE80211_M_STA:
1058                 break;
1059
1060         case IEEE80211_M_IBSS:
1061                 imr->ifm_active |= IFM_IEEE80211_ADHOC;
1062                 break;
1063
1064         case IEEE80211_M_MONITOR:
1065                 imr->ifm_active |= IFM_IEEE80211_MONITOR;
1066                 break;
1067
1068         case IEEE80211_M_AHDEMO:
1069         case IEEE80211_M_HOSTAP:
1070                 /* should not get there */
1071                 break;
1072         }
1073 #undef N
1074 }
1075
1076 static int
1077 iwi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1078 {
1079         struct ifnet *ifp = ic->ic_ifp;
1080         struct iwi_softc *sc = ifp->if_softc;
1081         enum ieee80211_state ostate;
1082         uint32_t tmp;
1083
1084         ostate = ic->ic_state;
1085
1086         switch (nstate) {
1087         case IEEE80211_S_SCAN:
1088                 if (sc->flags & IWI_FLAG_SCANNING)
1089                         break;
1090
1091                 ieee80211_node_table_reset(&ic->ic_scan);
1092                 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN;
1093                 sc->flags |= IWI_FLAG_SCANNING;
1094                 iwi_scan(sc);
1095                 break;
1096
1097         case IEEE80211_S_AUTH:
1098                 iwi_auth_and_assoc(sc);
1099                 break;
1100
1101         case IEEE80211_S_RUN:
1102                 if (ic->ic_opmode == IEEE80211_M_IBSS)
1103                         iwi_auth_and_assoc(sc);
1104                 else if (ic->ic_opmode == IEEE80211_M_MONITOR)
1105                         iwi_set_chan(sc, ic->ic_ibss_chan);
1106
1107                 /* assoc led on */
1108                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1109                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp | IWI_LED_ASSOC);
1110
1111                 return sc->sc_newstate(ic, nstate,
1112                     IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1113
1114         case IEEE80211_S_ASSOC:
1115                 break;
1116
1117         case IEEE80211_S_INIT:
1118                 sc->flags &= ~IWI_FLAG_SCANNING;
1119
1120                 if (ostate != IEEE80211_S_RUN)
1121                         break;
1122
1123                 /* assoc led off */
1124                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1125                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp & ~IWI_LED_ASSOC);
1126                 break;
1127         }
1128
1129         ic->ic_state = nstate;
1130
1131         return 0;
1132 }
1133
1134 /*
1135  * WME parameters coming from IEEE 802.11e specification.  These values are
1136  * already declared in ieee80211_proto.c, but they are static so they can't
1137  * be reused here.
1138  */
1139 static const struct wmeParams iwi_wme_cck_params[WME_NUM_AC] = {
1140         { 0, 3, 5,  7,   0 },   /* WME_AC_BE */
1141         { 0, 3, 5, 10,   0 },   /* WME_AC_BK */
1142         { 0, 2, 4,  5, 188 },   /* WME_AC_VI */
1143         { 0, 2, 3,  4, 102 }    /* WME_AC_VO */
1144 };
1145
1146 static const struct wmeParams iwi_wme_ofdm_params[WME_NUM_AC] = {
1147         { 0, 3, 4,  6,   0 },   /* WME_AC_BE */
1148         { 0, 3, 4, 10,   0 },   /* WME_AC_BK */
1149         { 0, 2, 3,  4,  94 },   /* WME_AC_VI */
1150         { 0, 2, 2,  3,  47 }    /* WME_AC_VO */
1151 };
1152
1153 static int
1154 iwi_wme_update(struct ieee80211com *ic)
1155 {
1156 #define IWI_EXP2(v)     htole16((1 << (v)) - 1)
1157 #define IWI_USEC(v)     htole16(IEEE80211_TXOP_TO_US(v))
1158         struct iwi_softc *sc = ic->ic_ifp->if_softc;
1159         struct iwi_wme_params wme[3];
1160         const struct wmeParams *wmep;
1161         int ac;
1162
1163         /*
1164          * We shall not override firmware default WME values if WME is not
1165          * actually enabled.
1166          */
1167         if (!(ic->ic_flags & IEEE80211_F_WME))
1168                 return 0;
1169
1170         for (ac = 0; ac < WME_NUM_AC; ac++) {
1171                 /* set WME values for current operating mode */
1172                 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac];
1173                 wme[0].aifsn[ac] = wmep->wmep_aifsn;
1174                 wme[0].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1175                 wme[0].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1176                 wme[0].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1177                 wme[0].acm[ac]   = wmep->wmep_acm;
1178
1179                 /* set WME values for CCK modulation */
1180                 wmep = &iwi_wme_cck_params[ac];
1181                 wme[1].aifsn[ac] = wmep->wmep_aifsn;
1182                 wme[1].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1183                 wme[1].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1184                 wme[1].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1185                 wme[1].acm[ac]   = wmep->wmep_acm;
1186
1187                 /* set WME values for OFDM modulation */
1188                 wmep = &iwi_wme_ofdm_params[ac];
1189                 wme[2].aifsn[ac] = wmep->wmep_aifsn;
1190                 wme[2].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1191                 wme[2].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1192                 wme[2].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1193                 wme[2].acm[ac]   = wmep->wmep_acm;
1194         }
1195
1196         DPRINTF(("Setting WME parameters\n"));
1197         return iwi_cmd(sc, IWI_CMD_SET_WME_PARAMS, wme, sizeof wme, 1);
1198 #undef IWI_USEC
1199 #undef IWI_EXP2
1200 }
1201
1202 /*
1203  * Read 16 bits at address 'addr' from the serial EEPROM.
1204  */
1205 static uint16_t
1206 iwi_read_prom_word(struct iwi_softc *sc, uint8_t addr)
1207 {
1208         uint32_t tmp;
1209         uint16_t val;
1210         int n;
1211
1212         /* Clock C once before the first command */
1213         IWI_EEPROM_CTL(sc, 0);
1214         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1215         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1216         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1217
1218         /* Write start bit (1) */
1219         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1220         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1221
1222         /* Write READ opcode (10) */
1223         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1224         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1225         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1226         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1227
1228         /* Write address A7-A0 */
1229         for (n = 7; n >= 0; n--) {
1230                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1231                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D));
1232                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1233                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D) | IWI_EEPROM_C);
1234         }
1235
1236         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1237
1238         /* Read data Q15-Q0 */
1239         val = 0;
1240         for (n = 15; n >= 0; n--) {
1241                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1242                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1243                 tmp = MEM_READ_4(sc, IWI_MEM_EEPROM_CTL);
1244                 val |= ((tmp & IWI_EEPROM_Q) >> IWI_EEPROM_SHIFT_Q) << n;
1245         }
1246
1247         IWI_EEPROM_CTL(sc, 0);
1248
1249         /* Clear Chip Select and clock C */
1250         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1251         IWI_EEPROM_CTL(sc, 0);
1252         IWI_EEPROM_CTL(sc, IWI_EEPROM_C);
1253
1254         return val;
1255 }
1256
1257 /*
1258  * XXX: Hack to set the current channel to the value advertised in beacons or
1259  * probe responses. Only used during AP detection.
1260  */
1261 static void
1262 iwi_fix_channel(struct ieee80211com *ic, struct mbuf *m)
1263 {
1264         struct ieee80211_frame *wh;
1265         uint8_t subtype;
1266         uint8_t *frm, *efrm;
1267
1268         wh = mtod(m, struct ieee80211_frame *);
1269
1270         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT)
1271                 return;
1272
1273         subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1274
1275         if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
1276             subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1277                 return;
1278
1279         frm = (uint8_t *)(wh + 1);
1280         efrm = mtod(m, uint8_t *) + m->m_len;
1281
1282         frm += 12;      /* skip tstamp, bintval and capinfo fields */
1283         while (frm < efrm) {
1284                 if (*frm == IEEE80211_ELEMID_DSPARMS)
1285 #if IEEE80211_CHAN_MAX < 255
1286                 if (frm[2] <= IEEE80211_CHAN_MAX)
1287 #endif
1288                         ic->ic_curchan = &ic->ic_channels[frm[2]];
1289
1290                 frm += frm[1] + 2;
1291         }
1292 }
1293
1294 static void
1295 iwi_frame_intr(struct iwi_softc *sc, struct iwi_rx_data *data, int i,
1296     struct iwi_frame *frame)
1297 {
1298         struct ieee80211com *ic = &sc->sc_ic;
1299         struct ifnet *ifp = ic->ic_ifp;
1300         struct mbuf *mnew, *m;
1301         struct ieee80211_frame *wh;
1302         struct ieee80211_node *ni;
1303         int error;
1304
1305         DPRINTFN(5, ("received frame len=%u chan=%u rssi=%u\n",
1306             le16toh(frame->len), frame->chan, frame->rssi_dbm));
1307
1308         if (le16toh(frame->len) < sizeof (struct ieee80211_frame))
1309                 return;
1310
1311         /*
1312          * Try to allocate a new mbuf for this ring element and load it before
1313          * processing the current mbuf. If the ring element cannot be loaded,
1314          * drop the received packet and reuse the old mbuf. In the unlikely
1315          * case that the old mbuf can't be reloaded either, explicitly panic.
1316          */
1317         mnew = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
1318         if (mnew == NULL) {
1319                 ifp->if_ierrors++;
1320                 return;
1321         }
1322
1323         bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1324
1325         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1326             mtod(mnew, void *), MCLBYTES, iwi_dma_map_addr, &data->physaddr,
1327             0);
1328         if (error != 0) {
1329                 m_freem(mnew);
1330
1331                 /* try to reload the old mbuf */
1332                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1333                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
1334                     &data->physaddr, 0);
1335                 if (error != 0) {
1336                         /* very unlikely that it will fail... */
1337                         panic("%s: could not load old rx mbuf",
1338                             device_get_name(sc->sc_dev));
1339                 }
1340                 ifp->if_ierrors++;
1341                 return;
1342         }
1343
1344         /*
1345          * New mbuf successfully loaded, update Rx ring and continue
1346          * processing.
1347          */
1348         m = data->m;
1349         data->m = mnew;
1350         CSR_WRITE_4(sc, data->reg, data->physaddr);
1351
1352         /* Finalize mbuf */
1353         m->m_pkthdr.rcvif = ifp;
1354         m->m_pkthdr.len = m->m_len = sizeof (struct iwi_hdr) +
1355             sizeof (struct iwi_frame) + le16toh(frame->len);
1356
1357         m_adj(m, sizeof (struct iwi_hdr) + sizeof (struct iwi_frame));
1358
1359         if (ic->ic_state == IEEE80211_S_SCAN)
1360                 iwi_fix_channel(ic, m);
1361
1362         if (sc->sc_drvbpf != NULL) {
1363                 struct iwi_rx_radiotap_header *tap = &sc->sc_rxtap;
1364
1365                 tap->wr_flags = 0;
1366                 tap->wr_rate = frame->rate;
1367                 tap->wr_chan_freq =
1368                     htole16(ic->ic_channels[frame->chan].ic_freq);
1369                 tap->wr_chan_flags =
1370                     htole16(ic->ic_channels[frame->chan].ic_flags);
1371                 tap->wr_antsignal = frame->signal;
1372                 tap->wr_antenna = frame->antenna;
1373
1374                 bpf_ptap(sc->sc_drvbpf, m, tap, sc->sc_rxtap_len);
1375         }
1376
1377         wh = mtod(m, struct ieee80211_frame *);
1378         ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
1379
1380         /* send the frame to the 802.11 layer */
1381         ieee80211_input(ic, m, ni, frame->rssi_dbm, 0);
1382
1383         /* node is no longer needed */
1384         ieee80211_free_node(ni);
1385 }
1386
1387 static void
1388 iwi_notification_intr(struct iwi_softc *sc, struct iwi_notif *notif)
1389 {
1390         struct ieee80211com *ic = &sc->sc_ic;
1391         struct iwi_notif_scan_channel *chan;
1392         struct iwi_notif_scan_complete *scan;
1393         struct iwi_notif_authentication *auth;
1394         struct iwi_notif_association *assoc;
1395
1396         switch (notif->type) {
1397         case IWI_NOTIF_TYPE_SCAN_CHANNEL:
1398                 chan = (struct iwi_notif_scan_channel *)(notif + 1);
1399
1400                 DPRINTFN(2, ("Scanning channel (%u)\n", chan->nchan));
1401                 break;
1402
1403         case IWI_NOTIF_TYPE_SCAN_COMPLETE:
1404                 scan = (struct iwi_notif_scan_complete *)(notif + 1);
1405
1406                 DPRINTFN(2, ("Scan completed (%u, %u)\n", scan->nchan,
1407                     scan->status));
1408
1409                 /* monitor mode uses scan to set the channel ... */
1410                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1411                         sc->flags &= ~IWI_FLAG_SCANNING;
1412                         ieee80211_end_scan(ic);
1413                 } else
1414                         iwi_set_chan(sc, ic->ic_ibss_chan);
1415                 break;
1416
1417         case IWI_NOTIF_TYPE_AUTHENTICATION:
1418                 auth = (struct iwi_notif_authentication *)(notif + 1);
1419
1420                 DPRINTFN(2, ("Authentication (%u)\n", auth->state));
1421
1422                 switch (auth->state) {
1423                 case IWI_AUTHENTICATED:
1424                         ieee80211_node_authorize(ic->ic_bss);
1425                         ieee80211_new_state(ic, IEEE80211_S_ASSOC, -1);
1426                         break;
1427
1428                 case IWI_DEAUTHENTICATED:
1429                         break;
1430
1431                 default:
1432                         device_printf(sc->sc_dev,
1433                             "unknown authentication state %u\n", auth->state);
1434                 }
1435                 break;
1436
1437         case IWI_NOTIF_TYPE_ASSOCIATION:
1438                 assoc = (struct iwi_notif_association *)(notif + 1);
1439
1440                 DPRINTFN(2, ("Association (%u, %u)\n", assoc->state,
1441                     assoc->status));
1442
1443                 switch (assoc->state) {
1444                 case IWI_AUTHENTICATED:
1445                         /* re-association, do nothing */
1446                         break;
1447
1448                 case IWI_ASSOCIATED:
1449                         ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1450                         break;
1451
1452                 case IWI_DEASSOCIATED:
1453                         ieee80211_begin_scan(ic, 1);
1454                         break;
1455
1456                 default:
1457                         device_printf(sc->sc_dev,
1458                             "unknown association state %u\n", assoc->state);
1459                 }
1460                 break;
1461
1462         default:
1463                 DPRINTFN(5, ("Notification (%u)\n", notif->type));
1464         }
1465 }
1466
1467 static void
1468 iwi_rx_intr(struct iwi_softc *sc)
1469 {
1470         struct iwi_rx_data *data;
1471         struct iwi_hdr *hdr;
1472         uint32_t hw;
1473
1474         hw = CSR_READ_4(sc, IWI_CSR_RX_RIDX);
1475
1476         for (; sc->rxq.cur != hw;) {
1477                 data = &sc->rxq.data[sc->rxq.cur];
1478
1479                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1480                     BUS_DMASYNC_POSTREAD);
1481
1482                 hdr = mtod(data->m, struct iwi_hdr *);
1483
1484                 switch (hdr->type) {
1485                 case IWI_HDR_TYPE_FRAME:
1486                         iwi_frame_intr(sc, data, sc->rxq.cur,
1487                             (struct iwi_frame *)(hdr + 1));
1488                         break;
1489
1490                 case IWI_HDR_TYPE_NOTIF:
1491                         iwi_notification_intr(sc,
1492                             (struct iwi_notif *)(hdr + 1));
1493                         break;
1494
1495                 default:
1496                         device_printf(sc->sc_dev, "unknown hdr type %u\n",
1497                             hdr->type);
1498                 }
1499
1500                 DPRINTFN(15, ("rx done idx=%u\n", sc->rxq.cur));
1501
1502                 sc->rxq.cur = (sc->rxq.cur + 1) % IWI_RX_RING_COUNT;
1503         }
1504
1505         /* Tell the firmware what we have processed */
1506         hw = (hw == 0) ? IWI_RX_RING_COUNT - 1 : hw - 1;
1507         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, hw);
1508 }
1509
1510 static void
1511 iwi_tx_intr(struct iwi_softc *sc, struct iwi_tx_ring *txq)
1512 {
1513         struct ieee80211com *ic = &sc->sc_ic;
1514         struct ifnet *ifp = ic->ic_ifp;
1515         struct iwi_tx_data *data;
1516         uint32_t hw;
1517
1518         hw = CSR_READ_4(sc, txq->csr_ridx);
1519
1520         for (; txq->next != hw;) {
1521                 data = &txq->data[txq->next];
1522
1523                 bus_dmamap_sync(txq->data_dmat, data->map,
1524                     BUS_DMASYNC_POSTWRITE);
1525                 bus_dmamap_unload(txq->data_dmat, data->map);
1526                 m_freem(data->m);
1527                 data->m = NULL;
1528                 ieee80211_free_node(data->ni);
1529                 data->ni = NULL;
1530
1531                 DPRINTFN(15, ("tx done idx=%u\n", txq->next));
1532
1533                 ifp->if_opackets++;
1534
1535                 txq->queued--;
1536                 txq->next = (txq->next + 1) % IWI_TX_RING_COUNT;
1537         }
1538
1539         sc->sc_tx_timer = 0;
1540         ifp->if_flags &= ~IFF_OACTIVE;
1541         iwi_start(ifp);
1542 }
1543
1544 static void
1545 iwi_intr(void *arg)
1546 {
1547         struct iwi_softc *sc = arg;
1548         uint32_t r;
1549
1550         r = CSR_READ_4(sc, IWI_CSR_INTR);
1551         if (r == 0 || r == 0xffffffff)
1552                 return;
1553
1554         /* disable interrupts */
1555         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1556
1557         if (r & IWI_INTR_FATAL_ERROR) {
1558                 device_printf(sc->sc_dev, "fatal error\n");
1559
1560                 if ((sc->flags & (IWI_FLAG_EXIT | IWI_FLAG_RESET)) == 0) {
1561                         sc->flags |= IWI_FLAG_RESET;
1562                         device_printf(sc->sc_dev, "wake firmware monitor\n");
1563                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1564                 }
1565         }
1566
1567         if (r & IWI_INTR_PARITY_ERROR) {
1568                 device_printf(sc->sc_dev, "parity error\n");
1569                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1570                 iwi_stop(sc);
1571         }
1572
1573         if (r & IWI_INTR_FW_INITED) {
1574                 if (!(r & (IWI_INTR_FATAL_ERROR | IWI_INTR_PARITY_ERROR)))
1575                         wakeup(IWI_FW_INITIALIZED(sc));
1576         }
1577
1578         if (r & IWI_INTR_RADIO_OFF) {
1579                 DPRINTF(("radio transmitter turned off\n"));
1580                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1581                 iwi_stop(sc);
1582         }
1583
1584         if (r & IWI_INTR_CMD_DONE)
1585                 wakeup(IWI_FW_CMD_ACKED(sc));
1586
1587         if (r & IWI_INTR_TX1_DONE)
1588                 iwi_tx_intr(sc, &sc->txq[0]);
1589
1590         if (r & IWI_INTR_TX2_DONE)
1591                 iwi_tx_intr(sc, &sc->txq[1]);
1592
1593         if (r & IWI_INTR_TX3_DONE)
1594                 iwi_tx_intr(sc, &sc->txq[2]);
1595
1596         if (r & IWI_INTR_TX4_DONE)
1597                 iwi_tx_intr(sc, &sc->txq[3]);
1598
1599         if (r & IWI_INTR_RX_DONE)
1600                 iwi_rx_intr(sc);
1601
1602         /* acknowledge interrupts */
1603         CSR_WRITE_4(sc, IWI_CSR_INTR, r);
1604
1605         /* re-enable interrupts */
1606         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
1607 }
1608
1609 static int
1610 iwi_cmd(struct iwi_softc *sc, uint8_t type, void *data, uint8_t len, int async)
1611 {
1612         struct iwi_cmd_desc *desc;
1613         struct ifnet *ifp = &sc->sc_ic.ic_if;
1614         int ret;
1615
1616         desc = &sc->cmdq.desc[sc->cmdq.cur];
1617
1618         desc->hdr.type = IWI_HDR_TYPE_COMMAND;
1619         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1620         desc->type = type;
1621         desc->len = len;
1622         memcpy(desc->data, data, len);
1623
1624         bus_dmamap_sync(sc->cmdq.desc_dmat, sc->cmdq.desc_map,
1625             BUS_DMASYNC_PREWRITE);
1626
1627         DPRINTFN(2, ("sending command idx=%u type=%u len=%u\n", sc->cmdq.cur,
1628             type, len));
1629
1630         sc->cmdq.cur = (sc->cmdq.cur + 1) % IWI_CMD_RING_COUNT;
1631         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
1632
1633         if (!async) {
1634                 ASSERT_SERIALIZED(ifp->if_serializer);
1635
1636                 crit_enter();
1637                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
1638                 lwkt_serialize_exit(ifp->if_serializer);
1639                 ret = tsleep(IWI_FW_CMD_ACKED(sc), 0, "iwicmd", hz);
1640                 crit_exit();
1641                 lwkt_serialize_enter(ifp->if_serializer);
1642         } else {
1643                 ret = 0;
1644         }
1645
1646         return ret;
1647 }
1648
1649 static void
1650 iwi_write_ibssnode(struct iwi_softc *sc, const struct iwi_node *in)
1651 {
1652         struct iwi_ibssnode node;
1653
1654         /* write node information into NIC memory */
1655         memset(&node, 0, sizeof node);
1656         IEEE80211_ADDR_COPY(node.bssid, in->in_node.ni_macaddr);
1657
1658         CSR_WRITE_REGION_1(sc,
1659             IWI_CSR_NODE_BASE + in->in_station * sizeof node,
1660             (uint8_t *)&node, sizeof node);
1661 }
1662
1663 struct iwi_dma_mapping {
1664         bus_dma_segment_t segs[IWI_MAX_NSEG];
1665         int nseg;
1666         bus_size_t mapsize;
1667 };
1668
1669 static void
1670 iwi_dma_map_mbuf(void *arg, bus_dma_segment_t *segs, int nseg,
1671                  bus_size_t mapsize, int error)
1672 {
1673         struct iwi_dma_mapping *map = arg;
1674
1675         if (error != 0)
1676                 return;
1677
1678         KASSERT(nseg <= IWI_MAX_NSEG, ("too many DMA segments %d", nseg));
1679
1680         bcopy(segs, map->segs, nseg * sizeof(bus_dma_segment_t));
1681         map->nseg = nseg;
1682         map->mapsize = mapsize;
1683 }
1684
1685 static int
1686 iwi_tx_start(struct ifnet *ifp, struct mbuf *m0, struct ieee80211_node *ni,
1687     int ac)
1688 {
1689         struct iwi_softc *sc = ifp->if_softc;
1690         struct ieee80211com *ic = &sc->sc_ic;
1691         struct iwi_node *in = (struct iwi_node *)ni;
1692         struct ieee80211_frame *wh;
1693         struct ieee80211_key *k;
1694         const struct chanAccParams *cap;
1695         struct iwi_tx_ring *txq = &sc->txq[ac];
1696         struct iwi_tx_data *data;
1697         struct iwi_tx_desc *desc;
1698         struct mbuf *mnew;
1699         struct iwi_dma_mapping map;
1700         int error, hdrlen, i, noack = 0;
1701
1702         wh = mtod(m0, struct ieee80211_frame *);
1703
1704         if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) {
1705                 hdrlen = sizeof (struct ieee80211_qosframe);
1706                 cap = &ic->ic_wme.wme_chanParams;
1707                 noack = cap->cap_wmeParams[ac].wmep_noackPolicy;
1708         } else
1709                 hdrlen = sizeof (struct ieee80211_frame);
1710
1711         /*
1712          * This is only used in IBSS mode where the firmware expect an index
1713          * in a h/w table instead of a destination address.
1714          */
1715         if (ic->ic_opmode == IEEE80211_M_IBSS && in->in_station == -1) {
1716                 in->in_station = iwi_alloc_ibss_node(sc);
1717                 if (in->in_station == -1) {     /* h/w table is full */
1718                         m_freem(m0);
1719                         ieee80211_free_node(ni);
1720                         ifp->if_oerrors++;
1721                         if_printf(ifp, "ibss table is full\n");
1722                         return 0;
1723                 }
1724                 iwi_write_ibssnode(sc, in);
1725         }
1726
1727         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1728                 k = ieee80211_crypto_encap(ic, ni, m0);
1729                 if (k == NULL) {
1730                         m_freem(m0);
1731                         return ENOBUFS;
1732                 }
1733
1734                 /* packet header may have moved, reset our local pointer */
1735                 wh = mtod(m0, struct ieee80211_frame *);
1736         }
1737
1738         if (sc->sc_drvbpf != NULL) {
1739                 struct iwi_tx_radiotap_header *tap = &sc->sc_txtap;
1740
1741                 tap->wt_flags = 0;
1742                 tap->wt_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
1743                 tap->wt_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
1744
1745                 bpf_ptap(sc->sc_drvbpf, m0, tap, sc->sc_txtap_len);
1746         }
1747
1748         data = &txq->data[txq->cur];
1749         desc = &txq->desc[txq->cur];
1750
1751         /* save and trim IEEE802.11 header */
1752         m_copydata(m0, 0, hdrlen, (caddr_t)&desc->wh);
1753         m_adj(m0, hdrlen);
1754
1755         error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1756                                      iwi_dma_map_mbuf, &map, BUS_DMA_NOWAIT);
1757         if (error != 0 && error != EFBIG) {
1758                 device_printf(sc->sc_dev, "could not map mbuf (error %d)\n",
1759                     error);
1760                 m_freem(m0);
1761                 return error;
1762         }
1763         if (error != 0) {
1764                 mnew = m_defrag(m0, MB_DONTWAIT);
1765                 if (mnew == NULL) {
1766                         device_printf(sc->sc_dev,
1767                             "could not defragment mbuf\n");
1768                         m_freem(m0);
1769                         return ENOBUFS;
1770                 }
1771                 m0 = mnew;
1772
1773                 error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1774                                              iwi_dma_map_mbuf, &map,
1775                                              BUS_DMA_NOWAIT);
1776                 if (error != 0) {
1777                         device_printf(sc->sc_dev,
1778                             "could not map mbuf (error %d)\n", error);
1779                         m_freem(m0);
1780                         return error;
1781                 }
1782         }
1783
1784         data->m = m0;
1785         data->ni = ni;
1786
1787         desc->hdr.type = IWI_HDR_TYPE_DATA;
1788         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1789         desc->station =
1790             (ic->ic_opmode == IEEE80211_M_IBSS) ? in->in_station : 0;
1791         desc->cmd = IWI_DATA_CMD_TX;
1792         desc->len = htole16(m0->m_pkthdr.len);
1793         desc->flags = 0;
1794         desc->xflags = 0;
1795
1796         if (!noack && !IEEE80211_IS_MULTICAST(desc->wh.i_addr1))
1797                 desc->flags |= IWI_DATA_FLAG_NEED_ACK;
1798
1799 #if 0
1800         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
1801                 desc->wh.i_fc[1] |= IEEE80211_FC1_WEP;
1802                 desc->weptxkey = ic->ic_crypto.cs_def_txkey;
1803         } else
1804 #endif
1805                 desc->flags |= IWI_DATA_FLAG_NO_WEP;
1806
1807         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1808                 desc->flags |= IWI_DATA_FLAG_SHPREAMBLE;
1809
1810         if (desc->wh.i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS)
1811                 desc->xflags |= IWI_DATA_XFLAG_QOS;
1812
1813         desc->nseg = htole32(map.nseg);
1814         for (i = 0; i < map.nseg; i++) {
1815                 desc->seg_addr[i] = htole32(map.segs[i].ds_addr);
1816                 desc->seg_len[i]  = htole16(map.segs[i].ds_len);
1817         }
1818
1819         bus_dmamap_sync(txq->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
1820         bus_dmamap_sync(txq->desc_dmat, txq->desc_map, BUS_DMASYNC_PREWRITE);
1821
1822         DPRINTFN(5, ("sending data frame txq=%u idx=%u len=%u nseg=%u\n",
1823             ac, txq->cur, le16toh(desc->len), map.nseg));
1824
1825         txq->queued++;
1826         txq->cur = (txq->cur + 1) % IWI_TX_RING_COUNT;
1827         CSR_WRITE_4(sc, txq->csr_widx, txq->cur);
1828
1829         return 0;
1830 }
1831
1832 static void
1833 iwi_start(struct ifnet *ifp)
1834 {
1835         struct iwi_softc *sc = ifp->if_softc;
1836         struct ieee80211com *ic = &sc->sc_ic;
1837         struct mbuf *m0;
1838         struct ether_header *eh;
1839         struct ieee80211_node *ni;
1840         int ac;
1841
1842         if (ic->ic_state != IEEE80211_S_RUN)
1843                 return;
1844
1845         IF_POLL(&ic->ic_mgtq, m0);
1846         if (m0 != NULL)
1847                 ieee80211_drain_mgtq(&ic->ic_mgtq);
1848
1849         for (;;) {
1850                 m0 = ifq_dequeue(&ifp->if_snd, NULL);
1851                 if (m0 == NULL)
1852                         break;
1853
1854                 if (m0->m_len < sizeof (struct ether_header) &&
1855                     (m0 = m_pullup(m0, sizeof (struct ether_header))) == NULL) {
1856                         ifp->if_oerrors++;
1857                         continue;
1858                 }
1859                 eh = mtod(m0, struct ether_header *);
1860                 ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1861                 if (ni == NULL) {
1862                         m_freem(m0);
1863                         ifp->if_oerrors++;
1864                         continue;
1865                 }
1866
1867                 /* classify mbuf so we can find which tx ring to use */
1868                 if (ieee80211_classify(ic, m0, ni) != 0) {
1869                         m_freem(m0);
1870                         ieee80211_free_node(ni);
1871                         ifp->if_oerrors++;
1872                         continue;
1873                 }
1874
1875                 /* no QoS encapsulation for EAPOL frames */
1876                 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ?
1877                     M_WME_GETAC(m0) : WME_AC_BE;
1878
1879                 if (sc->txq[ac].queued > IWI_TX_RING_COUNT - 8) {
1880                         /* there is no place left in this ring */
1881                         m_freem(m0);
1882                         ieee80211_free_node(ni);
1883                         ifp->if_flags |= IFF_OACTIVE;
1884                         break;
1885                 }
1886
1887                 BPF_MTAP(ifp, m0);
1888
1889                 m0 = ieee80211_encap(ic, m0, ni);
1890                 if (m0 == NULL) {
1891                         ieee80211_free_node(ni);
1892                         ifp->if_oerrors++;
1893                         continue;
1894                 }
1895
1896                 if (ic->ic_rawbpf != NULL)
1897                         bpf_mtap(ic->ic_rawbpf, m0);
1898
1899                 if (iwi_tx_start(ifp, m0, ni, ac) != 0) {
1900                         ieee80211_free_node(ni);
1901                         ifp->if_oerrors++;
1902                         break;
1903                 }
1904
1905                 sc->sc_tx_timer = 5;
1906                 ifp->if_timer = 1;
1907         }
1908 }
1909
1910 static void
1911 iwi_watchdog(struct ifnet *ifp)
1912 {
1913         struct iwi_softc *sc = ifp->if_softc;
1914         struct ieee80211com *ic = &sc->sc_ic;
1915
1916         ifp->if_timer = 0;
1917
1918         if (sc->sc_tx_timer > 0) {
1919                 if (--sc->sc_tx_timer == 0) {
1920                         if_printf(ifp, "device timeout\n");
1921                         ifp->if_oerrors++;
1922                         sc->flags |= IWI_FLAG_RESET;
1923                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1924                         return;
1925                 }
1926                 ifp->if_timer = 1;
1927         }
1928
1929         ieee80211_watchdog(ic);
1930 }
1931
1932 static int
1933 iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1934 {
1935         struct iwi_softc *sc = ifp->if_softc;
1936         struct ieee80211com *ic = &sc->sc_ic;
1937         struct ifreq *ifr;
1938         int error = 0;
1939
1940         switch (cmd) {
1941         case SIOCSIFFLAGS:
1942                 if (ifp->if_flags & IFF_UP) {
1943                         if (!(ifp->if_flags & IFF_RUNNING))
1944                                 iwi_init(sc);
1945                 } else {
1946                         if (ifp->if_flags & IFF_RUNNING)
1947                                 iwi_stop(sc);
1948                 }
1949                 break;
1950
1951         case SIOCSLOADFW:
1952                 /* only super-user can do that! */
1953                 error = suser_cred(cr, NULL_CRED_OKAY);
1954                 if (error != 0)
1955                         break;
1956
1957                 ifr = (struct ifreq *)data;
1958                 error = iwi_cache_firmware(sc, ifr->ifr_data);
1959                 break;
1960
1961         case SIOCSKILLFW:
1962                 /* only super-user can do that! */
1963                 error = suser_cred(cr, NULL_CRED_OKAY);
1964                 if (error != 0)
1965                         break;
1966
1967                 ifp->if_flags &= ~IFF_UP;
1968                 iwi_stop(sc);
1969                 iwi_free_firmware(sc);
1970                 break;
1971
1972         default:
1973                 error = ieee80211_ioctl(ic, cmd, data, cr);
1974         }
1975
1976         if (error == ENETRESET) {
1977                 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1978                     (IFF_UP | IFF_RUNNING) &&
1979                     (ic->ic_roaming != IEEE80211_ROAMING_MANUAL))
1980                         iwi_init(sc);
1981                 error = 0;
1982         }
1983
1984         return error;
1985 }
1986
1987 static void
1988 iwi_stop_master(struct iwi_softc *sc)
1989 {
1990         uint32_t tmp;
1991         int ntries;
1992
1993         /* disable interrupts */
1994         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1995
1996         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_STOP_MASTER);
1997         for (ntries = 0; ntries < 5; ntries++) {
1998                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
1999                         break;
2000                 DELAY(10);
2001         }
2002         if (ntries == 5)
2003                 if_printf(&sc->sc_ic.ic_if, "timeout waiting for master\n");
2004
2005         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2006         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_PRINCETON_RESET);
2007
2008         sc->flags &= ~IWI_FLAG_FW_INITED;
2009 }
2010
2011 static int
2012 iwi_reset(struct iwi_softc *sc)
2013 {
2014         uint32_t tmp;
2015         int i, ntries;
2016
2017         iwi_stop_master(sc);
2018
2019         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2020         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2021
2022         CSR_WRITE_4(sc, IWI_CSR_READ_INT, IWI_READ_INT_INIT_HOST);
2023
2024         /* Wait for clock stabilization */
2025         for (ntries = 0; ntries < 1000; ntries++) {
2026                 if (CSR_READ_4(sc, IWI_CSR_CTL) & IWI_CTL_CLOCK_READY)
2027                         break;
2028                 DELAY(200);
2029         }
2030         if (ntries == 1000) {
2031                 if_printf(&sc->sc_ic.ic_if,
2032                           "timeout waiting for clock stabilization\n");
2033                 return EIO;
2034         }
2035
2036         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2037         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_SOFT_RESET);
2038
2039         DELAY(10);
2040
2041         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2042         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2043
2044         /* Clear NIC memory */
2045         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0);
2046         for (i = 0; i < 0xc000; i++)
2047                 CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2048
2049         return 0;
2050 }
2051
2052 static int
2053 iwi_load_ucode(struct iwi_softc *sc, void *uc, int size)
2054 {
2055         uint32_t tmp;
2056         uint16_t *w;
2057         int ntries, i;
2058
2059         CSR_WRITE_4(sc, IWI_CSR_RST, CSR_READ_4(sc, IWI_CSR_RST) |
2060             IWI_RST_STOP_MASTER);
2061         for (ntries = 0; ntries < 5; ntries++) {
2062                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
2063                         break;
2064                 DELAY(10);
2065         }
2066         if (ntries == 5) {
2067                 device_printf(sc->sc_dev, "timeout waiting for master\n");
2068                 return EIO;
2069         }
2070
2071         MEM_WRITE_4(sc, 0x3000e0, 0x80000000);
2072         DELAY(5000);
2073
2074         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2075         tmp &= ~IWI_RST_PRINCETON_RESET;
2076         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2077
2078         DELAY(5000);
2079         MEM_WRITE_4(sc, 0x3000e0, 0);
2080         DELAY(1000);
2081         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 1);
2082         DELAY(1000);
2083         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 0);
2084         DELAY(1000);
2085         MEM_WRITE_1(sc, 0x200000, 0x00);
2086         MEM_WRITE_1(sc, 0x200000, 0x40);
2087         DELAY(1000);
2088
2089         /* write microcode into adapter memory */
2090         for (w = uc; size > 0; w++, size -= 2)
2091                 MEM_WRITE_2(sc, 0x200010, htole16(*w));
2092
2093         MEM_WRITE_1(sc, 0x200000, 0x00);
2094         MEM_WRITE_1(sc, 0x200000, 0x80);
2095
2096         /* wait until we get an answer */
2097         for (ntries = 0; ntries < 100; ntries++) {
2098                 if (MEM_READ_1(sc, 0x200000) & 1)
2099                         break;
2100                 DELAY(100);
2101         }
2102         if (ntries == 100) {
2103                 device_printf(sc->sc_dev,
2104                     "timeout waiting for ucode to initialize\n");
2105                 return EIO;
2106         }
2107
2108         /* read the answer or the firmware will not initialize properly */
2109         for (i = 0; i < 7; i++)
2110                 MEM_READ_4(sc, 0x200004);
2111
2112         MEM_WRITE_1(sc, 0x200000, 0x00);
2113
2114         return 0;
2115 }
2116
2117 /* macro to handle unaligned little endian data in firmware image */
2118 #define GETLE32(p) ((p)[0] | (p)[1] << 8 | (p)[2] << 16 | (p)[3] << 24)
2119
2120 static int
2121 iwi_load_firmware(struct iwi_softc *sc, void *fw, int size)
2122 {
2123         bus_dma_tag_t dmat;
2124         bus_dmamap_t map;
2125         bus_addr_t physaddr;
2126         void *virtaddr;
2127         u_char *p, *end;
2128         uint32_t sentinel, ctl, src, dst, sum, len, mlen, tmp;
2129         int ntries, error = 0;
2130         struct ifnet *ifp = &sc->sc_ic.ic_if;
2131
2132         ASSERT_SERIALIZED(ifp->if_serializer);
2133
2134         /* Allocate DMA memory for mapping firmware image */
2135         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
2136             BUS_SPACE_MAXADDR, NULL, NULL, size, 1, size, 0, &dmat);
2137         if (error != 0) {
2138                 device_printf(sc->sc_dev,
2139                     "could not create firmware DMA tag\n");
2140                 goto fail1;
2141         }
2142
2143         error = bus_dmamem_alloc(dmat, &virtaddr, BUS_DMA_WAITOK, &map);
2144         if (error != 0) {
2145                 device_printf(sc->sc_dev,
2146                     "could not allocate firmware DMA memory\n");
2147                 goto fail2;
2148         }
2149
2150         error = bus_dmamap_load(dmat, map, virtaddr, size, iwi_dma_map_addr,
2151             &physaddr, 0);
2152         if (error != 0) {
2153                 device_printf(sc->sc_dev, "could not load firmware DMA map\n");
2154                 goto fail3;
2155         }
2156
2157         /* Copy firmware image to DMA memory */
2158         memcpy(virtaddr, fw, size);
2159
2160         /* Make sure the adapter will get up-to-date values */
2161         bus_dmamap_sync(dmat, map, BUS_DMASYNC_PREWRITE);
2162
2163         /* Tell the adapter where the command blocks are stored */
2164         MEM_WRITE_4(sc, 0x3000a0, 0x27000);
2165
2166         /*
2167          * Store command blocks into adapter's internal memory using register
2168          * indirections. The adapter will read the firmware image through DMA
2169          * using information stored in command blocks.
2170          */
2171         src = physaddr;
2172         p = virtaddr;
2173         end = p + size;
2174         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0x27000);
2175
2176         while (p < end) {
2177                 dst = GETLE32(p); p += 4; src += 4;
2178                 len = GETLE32(p); p += 4; src += 4;
2179                 p += len;
2180
2181                 while (len > 0) {
2182                         mlen = min(len, IWI_CB_MAXDATALEN);
2183
2184                         ctl = IWI_CB_DEFAULT_CTL | mlen;
2185                         sum = ctl ^ src ^ dst;
2186
2187                         /* Write a command block */
2188                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, ctl);
2189                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, src);
2190                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, dst);
2191                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, sum);
2192
2193                         src += mlen;
2194                         dst += mlen;
2195                         len -= mlen;
2196                 }
2197         }
2198
2199         /* Write a fictive final command block (sentinel) */
2200         sentinel = CSR_READ_4(sc, IWI_CSR_AUTOINC_ADDR);
2201         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2202
2203         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2204         tmp &= ~(IWI_RST_MASTER_DISABLED | IWI_RST_STOP_MASTER);
2205         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2206
2207         /* Tell the adapter to start processing command blocks */
2208         MEM_WRITE_4(sc, 0x3000a4, 0x540100);
2209
2210         /* Wait until the adapter reaches the sentinel */
2211         for (ntries = 0; ntries < 400; ntries++) {
2212                 if (MEM_READ_4(sc, 0x3000d0) >= sentinel)
2213                         break;
2214                 DELAY(100);
2215         }
2216         if (ntries == 400) {
2217                 device_printf(sc->sc_dev,
2218                     "timeout processing command blocks\n");
2219                 error = EIO;
2220                 goto fail4;
2221         }
2222
2223         /* We're done with command blocks processing */
2224         MEM_WRITE_4(sc, 0x3000a4, 0x540c00);
2225
2226         /* Allow interrupts so we know when the firmware is ready */
2227         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
2228
2229         /* Tell the adapter to initialize the firmware */
2230         CSR_WRITE_4(sc, IWI_CSR_RST, 0);
2231
2232         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2233         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_ALLOW_STANDBY);
2234
2235         /* wait at most one second for firmware initialization to complete */
2236         crit_enter();
2237         tsleep_interlock(IWI_FW_INITIALIZED(sc));
2238         lwkt_serialize_exit(ifp->if_serializer);
2239         error = tsleep(IWI_FW_INITIALIZED(sc), 0, "iwiinit", hz);
2240         crit_exit();
2241         lwkt_serialize_enter(ifp->if_serializer);
2242         if (error != 0) {
2243                 device_printf(sc->sc_dev, "timeout waiting for firmware "
2244                     "initialization to complete\n");
2245                 goto fail4;
2246         }
2247
2248 fail4:  bus_dmamap_sync(dmat, map, BUS_DMASYNC_POSTWRITE);
2249         bus_dmamap_unload(dmat, map);
2250 fail3:  bus_dmamem_free(dmat, virtaddr, map);
2251 fail2:  bus_dma_tag_destroy(dmat);
2252 fail1:
2253         return error;
2254 }
2255
2256 /*
2257  * Store firmware into kernel memory so we can download it when we need to,
2258  * e.g when the adapter wakes up from suspend mode.
2259  */
2260 static int
2261 iwi_cache_firmware(struct iwi_softc *sc, void *data)
2262 {
2263         struct iwi_firmware *kfw = &sc->fw;
2264         struct iwi_firmware ufw;
2265         int error;
2266
2267         iwi_free_firmware(sc);
2268
2269         if ((error = copyin(data, &ufw, sizeof ufw)) != 0)
2270                 return error;
2271
2272         kfw->boot_size  = ufw.boot_size;
2273         kfw->ucode_size = ufw.ucode_size;
2274         kfw->main_size  = ufw.main_size;
2275
2276         kfw->boot = kmalloc(kfw->boot_size, M_DEVBUF, M_WAITOK);
2277         kfw->ucode = kmalloc(kfw->ucode_size, M_DEVBUF, M_WAITOK);
2278         kfw->main = kmalloc(kfw->main_size, M_DEVBUF, M_WAITOK);
2279
2280         if ((error = copyin(ufw.boot, kfw->boot, kfw->boot_size)) != 0)
2281                 goto fail;
2282
2283         if ((error = copyin(ufw.ucode, kfw->ucode, kfw->ucode_size)) != 0)
2284                 goto fail;
2285
2286         if ((error = copyin(ufw.main, kfw->main, kfw->main_size)) != 0)
2287                 goto fail;
2288
2289         DPRINTF(("Firmware cached: boot %u, ucode %u, main %u\n",
2290             kfw->boot_size, kfw->ucode_size, kfw->main_size));
2291
2292         sc->flags |= IWI_FLAG_FW_CACHED;
2293
2294         return 0;
2295
2296 fail:
2297         kfree(kfw->boot, M_DEVBUF);
2298         kfree(kfw->ucode, M_DEVBUF);
2299         kfree(kfw->main, M_DEVBUF);
2300
2301         return error;
2302 }
2303
2304 static void
2305 iwi_free_firmware(struct iwi_softc *sc)
2306 {
2307         if (!(sc->flags & IWI_FLAG_FW_CACHED))
2308                 return;
2309
2310         kfree(sc->fw.boot, M_DEVBUF);
2311         kfree(sc->fw.ucode, M_DEVBUF);
2312         kfree(sc->fw.main, M_DEVBUF);
2313
2314         sc->flags &= ~IWI_FLAG_FW_CACHED;
2315 }
2316
2317 static int
2318 iwi_config(struct iwi_softc *sc)
2319 {
2320         struct ieee80211com *ic = &sc->sc_ic;
2321         struct ifnet *ifp = ic->ic_ifp;
2322         struct iwi_configuration config;
2323         struct iwi_rateset rs;
2324         struct iwi_txpower power;
2325         struct ieee80211_key *wk;
2326         struct iwi_wep_key wepkey;
2327         uint32_t data;
2328         int error, i;
2329
2330         IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
2331         DPRINTF(("Setting MAC address to %6D\n", ic->ic_myaddr, ":"));
2332         error = iwi_cmd(sc, IWI_CMD_SET_MAC_ADDRESS, ic->ic_myaddr,
2333             IEEE80211_ADDR_LEN, 0);
2334         if (error != 0)
2335                 return error;
2336
2337         memset(&config, 0, sizeof config);
2338         config.bluetooth_coexistence = sc->bluetooth;
2339         config.antenna = sc->antenna;
2340         config.multicast_enabled = 1;
2341         config.answer_pbreq = (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2342         config.disable_unicast_decryption = 1;
2343         config.disable_multicast_decryption = 1;
2344         DPRINTF(("Configuring adapter\n"));
2345         error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config, 0);
2346         if (error != 0)
2347                 return error;
2348
2349         data = htole32(IWI_POWER_MODE_CAM);
2350         DPRINTF(("Setting power mode to %u\n", le32toh(data)));
2351         error = iwi_cmd(sc, IWI_CMD_SET_POWER_MODE, &data, sizeof data, 0);
2352         if (error != 0)
2353                 return error;
2354
2355         data = htole32(ic->ic_rtsthreshold);
2356         DPRINTF(("Setting RTS threshold to %u\n", le32toh(data)));
2357         error = iwi_cmd(sc, IWI_CMD_SET_RTS_THRESHOLD, &data, sizeof data, 0);
2358         if (error != 0)
2359                 return error;
2360
2361         data = htole32(ic->ic_fragthreshold);
2362         DPRINTF(("Setting fragmentation threshold to %u\n", le32toh(data)));
2363         error = iwi_cmd(sc, IWI_CMD_SET_FRAG_THRESHOLD, &data, sizeof data, 0);
2364         if (error != 0)
2365                 return error;
2366
2367         if (ic->ic_opmode == IEEE80211_M_IBSS) {
2368                 power.mode = IWI_MODE_11B;
2369                 power.nchan = 11;
2370                 for (i = 0; i < 11; i++) {
2371                         power.chan[i].chan = i + 1;
2372                         power.chan[i].power = IWI_TXPOWER_MAX;
2373                 }
2374                 DPRINTF(("Setting .11b channels tx power\n"));
2375                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2376                     0);
2377                 if (error != 0)
2378                         return error;
2379
2380                 power.mode = IWI_MODE_11G;
2381                 DPRINTF(("Setting .11g channels tx power\n"));
2382                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2383                     0);
2384                 if (error != 0)
2385                         return error;
2386         }
2387
2388         rs.mode = IWI_MODE_11G;
2389         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2390         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11G].rs_nrates;
2391         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11G].rs_rates,
2392             rs.nrates);
2393         DPRINTF(("Setting .11bg supported rates (%u)\n", rs.nrates));
2394         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2395         if (error != 0)
2396                 return error;
2397
2398         rs.mode = IWI_MODE_11A;
2399         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2400         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11A].rs_nrates;
2401         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11A].rs_rates,
2402             rs.nrates);
2403         DPRINTF(("Setting .11a supported rates (%u)\n", rs.nrates));
2404         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2405         if (error != 0)
2406                 return error;
2407
2408         /* if we have a desired ESSID, set it now */
2409         if (ic->ic_des_esslen != 0) {
2410 #ifdef IWI_DEBUG
2411                 if (iwi_debug > 0) {
2412                         kprintf("Setting desired ESSID to ");
2413                         ieee80211_print_essid(ic->ic_des_essid,
2414                             ic->ic_des_esslen);
2415                         kprintf("\n");
2416                 }
2417 #endif
2418                 error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ic->ic_des_essid,
2419                     ic->ic_des_esslen, 0);
2420                 if (error != 0)
2421                         return error;
2422         }
2423
2424         data = htole32(karc4random());
2425         DPRINTF(("Setting initialization vector to %u\n", le32toh(data)));
2426         error = iwi_cmd(sc, IWI_CMD_SET_IV, &data, sizeof data, 0);
2427         if (error != 0)
2428                 return error;
2429
2430         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2431                 wk = &ic->ic_crypto.cs_nw_keys[i];
2432
2433                 wepkey.cmd = IWI_WEP_KEY_CMD_SETKEY;
2434                 wepkey.idx = i;
2435                 wepkey.len = wk->wk_keylen;
2436                 memset(wepkey.key, 0, sizeof wepkey.key);
2437                 memcpy(wepkey.key, wk->wk_key, wk->wk_keylen);
2438                 DPRINTF(("Setting wep key index %u len %u\n", wepkey.idx,
2439                     wepkey.len));
2440                 error = iwi_cmd(sc, IWI_CMD_SET_WEP_KEY, &wepkey,
2441                     sizeof wepkey, 0);
2442                 if (error != 0)
2443                         return error;
2444         }
2445
2446         /* Enable adapter */
2447         DPRINTF(("Enabling adapter\n"));
2448         return iwi_cmd(sc, IWI_CMD_ENABLE, NULL, 0, 0);
2449 }
2450
2451 static int
2452 iwi_set_chan(struct iwi_softc *sc, struct ieee80211_channel *chan)
2453 {
2454         struct ieee80211com *ic = &sc->sc_ic;
2455         struct iwi_scan scan;
2456
2457         memset(&scan, 0, sizeof scan);
2458         memset(scan.type, IWI_SCAN_TYPE_PASSIVE, sizeof scan.type);
2459         scan.passive = htole16(2000);
2460         scan.channels[0] = 1 |
2461             (IEEE80211_IS_CHAN_5GHZ(chan) ? IWI_CHAN_5GHZ : IWI_CHAN_2GHZ);
2462         scan.channels[1] = ieee80211_chan2ieee(ic, chan);
2463
2464         DPRINTF(("Setting channel to %u\n", ieee80211_chan2ieee(ic, chan)));
2465         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2466 }
2467
2468 static int
2469 iwi_scan(struct iwi_softc *sc)
2470 {
2471         struct ieee80211com *ic = &sc->sc_ic;
2472         struct iwi_scan scan;
2473         uint8_t *p;
2474         int i, count;
2475
2476         memset(&scan, 0, sizeof scan);
2477
2478         if (ic->ic_des_esslen != 0) {
2479                 scan.bdirected = htole16(sc->dwelltime);
2480                 memset(scan.type, IWI_SCAN_TYPE_BDIRECTED, sizeof scan.type);
2481         } else {
2482                 scan.broadcast = htole16(sc->dwelltime);
2483                 memset(scan.type, IWI_SCAN_TYPE_BROADCAST, sizeof scan.type);
2484         }
2485
2486         p = scan.channels;
2487         count = 0;
2488         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2489                 if (IEEE80211_IS_CHAN_5GHZ(&ic->ic_channels[i]) &&
2490                     isset(ic->ic_chan_active, i)) {
2491                         *++p = i;
2492                         count++;
2493                 }
2494         }
2495         *(p - count) = IWI_CHAN_5GHZ | count;
2496
2497         p = (count > 0) ? p + 1 : scan.channels;
2498         count = 0;
2499         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2500                 if (IEEE80211_IS_CHAN_2GHZ(&ic->ic_channels[i]) &&
2501                     isset(ic->ic_chan_active, i)) {
2502                         *++p = i;
2503                         count++;
2504                 }
2505         }
2506         *(p - count) = IWI_CHAN_2GHZ | count;
2507
2508         DPRINTF(("Start scanning\n"));
2509         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2510 }
2511
2512 static int
2513 iwi_auth_and_assoc(struct iwi_softc *sc)
2514 {
2515         struct ieee80211com *ic = &sc->sc_ic;
2516         struct ifnet *ifp = ic->ic_ifp;
2517         struct ieee80211_node *ni = ic->ic_bss;
2518         struct ieee80211_wme_info wme;
2519         struct iwi_configuration config;
2520         struct iwi_associate assoc;
2521         struct iwi_rateset rs;
2522         uint16_t capinfo;
2523         uint32_t data;
2524         int error;
2525
2526         if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
2527                 memset(&config, 0, sizeof config);
2528                 config.bluetooth_coexistence = sc->bluetooth;
2529                 config.antenna = sc->antenna;
2530                 config.multicast_enabled = 1;
2531                 config.use_protection = 1;
2532                 config.answer_pbreq =
2533                     (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2534                 config.disable_unicast_decryption = 1;
2535                 config.disable_multicast_decryption = 1;
2536                 DPRINTF(("Configuring adapter\n"));
2537                 error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config,
2538                     1);
2539                 if (error != 0)
2540                         return error;
2541         }
2542
2543 #ifdef IWI_DEBUG
2544         if (iwi_debug > 0) {
2545                 kprintf("Setting ESSID to ");
2546                 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
2547                 kprintf("\n");
2548         }
2549 #endif
2550         error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ni->ni_essid, ni->ni_esslen, 1);
2551         if (error != 0)
2552                 return error;
2553
2554         /* the rate set has already been "negotiated" */
2555         rs.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2556             IWI_MODE_11G;
2557         rs.type = IWI_RATESET_TYPE_NEGOTIATED;
2558         rs.nrates = ni->ni_rates.rs_nrates;
2559         KKASSERT(rs.nrates <= IWI_RATESET_MAXSIZE);
2560         memcpy(rs.rates, ni->ni_rates.rs_rates, rs.nrates);
2561         DPRINTF(("Setting negociated rates (%u)\n", rs.nrates));
2562         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 1);
2563         if (error != 0)
2564                 return error;
2565
2566         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) {
2567                 wme.wme_id = IEEE80211_ELEMID_VENDOR;
2568                 wme.wme_len = sizeof (struct ieee80211_wme_info) - 2;
2569                 wme.wme_oui[0] = 0x00;
2570                 wme.wme_oui[1] = 0x50;
2571                 wme.wme_oui[2] = 0xf2;
2572                 wme.wme_type = WME_OUI_TYPE;
2573                 wme.wme_subtype = WME_INFO_OUI_SUBTYPE;
2574                 wme.wme_version = WME_VERSION;
2575                 wme.wme_info = 0;
2576
2577                 DPRINTF(("Setting WME IE (len=%u)\n", wme.wme_len));
2578                 error = iwi_cmd(sc, IWI_CMD_SET_WMEIE, &wme, sizeof wme, 1);
2579                 if (error != 0)
2580                         return error;
2581         }
2582
2583         if (ic->ic_opt_ie != NULL) {
2584                 DPRINTF(("Setting optional IE (len=%u)\n", ic->ic_opt_ie_len));
2585                 error = iwi_cmd(sc, IWI_CMD_SET_OPTIE, ic->ic_opt_ie,
2586                     ic->ic_opt_ie_len, 1);
2587                 if (error != 0)
2588                         return error;
2589         }
2590
2591         data = htole32(ni->ni_rssi);
2592         DPRINTF(("Setting sensitivity to %d\n", (int8_t)ni->ni_rssi));
2593         error = iwi_cmd(sc, IWI_CMD_SET_SENSITIVITY, &data, sizeof data, 1);
2594         if (error != 0)
2595                 return error;
2596
2597         memset(&assoc, 0, sizeof assoc);
2598         assoc.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2599             IWI_MODE_11G;
2600         assoc.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
2601         if (ni->ni_authmode == IEEE80211_AUTH_SHARED)
2602                 assoc.auth = ic->ic_crypto.cs_def_txkey << 4 | IWI_AUTH_SHARED;
2603         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
2604                 assoc.policy |= htole16(IWI_POLICY_WME);
2605         if (ic->ic_flags & IEEE80211_F_WPA)
2606                 assoc.policy |= htole16(IWI_POLICY_WPA);
2607         memcpy(assoc.tstamp, ni->ni_tstamp.data, 8);
2608
2609         if (ic->ic_opmode == IEEE80211_M_IBSS)
2610                 capinfo = IEEE80211_CAPINFO_IBSS;
2611         else
2612                 capinfo = IEEE80211_CAPINFO_ESS;
2613         if (ic->ic_flags & IEEE80211_F_PRIVACY)
2614                 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2615         if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2616             IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2617                 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2618         if (ic->ic_flags & IEEE80211_F_SHSLOT)
2619                 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2620         assoc.capinfo = htole16(capinfo);
2621
2622         assoc.lintval = htole16(ic->ic_lintval);
2623         assoc.intval = htole16(ni->ni_intval);
2624         IEEE80211_ADDR_COPY(assoc.bssid, ni->ni_bssid);
2625         if (ic->ic_opmode == IEEE80211_M_IBSS)
2626                 IEEE80211_ADDR_COPY(assoc.dst, ifp->if_broadcastaddr);
2627         else
2628                 IEEE80211_ADDR_COPY(assoc.dst, ni->ni_bssid);
2629
2630         DPRINTF(("Trying to associate to %6D channel %u auth %u\n",
2631             assoc.bssid, ":", assoc.chan, assoc.auth));
2632         return iwi_cmd(sc, IWI_CMD_ASSOCIATE, &assoc, sizeof assoc, 1);
2633 }
2634
2635 static void
2636 iwi_init(void *priv)
2637 {
2638         struct iwi_softc *sc = priv;
2639         struct ieee80211com *ic = &sc->sc_ic;
2640         struct ifnet *ifp = ic->ic_ifp;
2641         struct iwi_firmware *fw = &sc->fw;
2642         struct iwi_rx_data *data;
2643         int i;
2644
2645         /* exit immediately if firmware has not been ioctl'd */
2646         if (!(sc->flags & IWI_FLAG_FW_CACHED)) {
2647                 if (!(sc->flags & IWI_FLAG_FW_WARNED))
2648                         device_printf(sc->sc_dev, "Please load firmware\n");
2649                 sc->flags |= IWI_FLAG_FW_WARNED;
2650                 ifp->if_flags &= ~IFF_UP;
2651                 return;
2652         }
2653
2654         iwi_stop(sc);
2655
2656         if (iwi_reset(sc) != 0) {
2657                 device_printf(sc->sc_dev, "could not reset adapter\n");
2658                 goto fail;
2659         }
2660
2661         if (iwi_load_firmware(sc, fw->boot, fw->boot_size) != 0) {
2662                 device_printf(sc->sc_dev, "could not load boot firmware\n");
2663                 goto fail;
2664         }
2665
2666         if (iwi_load_ucode(sc, fw->ucode, fw->ucode_size) != 0) {
2667                 device_printf(sc->sc_dev, "could not load microcode\n");
2668                 goto fail;
2669         }
2670
2671         iwi_stop_master(sc);
2672
2673         CSR_WRITE_4(sc, IWI_CSR_CMD_BASE, sc->cmdq.physaddr);
2674         CSR_WRITE_4(sc, IWI_CSR_CMD_SIZE, sc->cmdq.count);
2675         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
2676
2677         CSR_WRITE_4(sc, IWI_CSR_TX1_BASE, sc->txq[0].physaddr);
2678         CSR_WRITE_4(sc, IWI_CSR_TX1_SIZE, sc->txq[0].count);
2679         CSR_WRITE_4(sc, IWI_CSR_TX1_WIDX, sc->txq[0].cur);
2680
2681         CSR_WRITE_4(sc, IWI_CSR_TX2_BASE, sc->txq[1].physaddr);
2682         CSR_WRITE_4(sc, IWI_CSR_TX2_SIZE, sc->txq[1].count);
2683         CSR_WRITE_4(sc, IWI_CSR_TX2_WIDX, sc->txq[1].cur);
2684
2685         CSR_WRITE_4(sc, IWI_CSR_TX3_BASE, sc->txq[2].physaddr);
2686         CSR_WRITE_4(sc, IWI_CSR_TX3_SIZE, sc->txq[2].count);
2687         CSR_WRITE_4(sc, IWI_CSR_TX3_WIDX, sc->txq[2].cur);
2688
2689         CSR_WRITE_4(sc, IWI_CSR_TX4_BASE, sc->txq[3].physaddr);
2690         CSR_WRITE_4(sc, IWI_CSR_TX4_SIZE, sc->txq[3].count);
2691         CSR_WRITE_4(sc, IWI_CSR_TX4_WIDX, sc->txq[3].cur);
2692
2693         for (i = 0; i < sc->rxq.count; i++) {
2694                 data = &sc->rxq.data[i];
2695                 CSR_WRITE_4(sc, data->reg, data->physaddr);
2696         }
2697
2698         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, sc->rxq.count - 1);
2699
2700         if (iwi_load_firmware(sc, fw->main, fw->main_size) != 0) {
2701                 device_printf(sc->sc_dev, "could not load main firmware\n");
2702                 goto fail;
2703         }
2704
2705         sc->flags |= IWI_FLAG_FW_INITED;
2706
2707         if (iwi_config(sc) != 0) {
2708                 device_printf(sc->sc_dev, "device configuration failed\n");
2709                 goto fail;
2710         }
2711
2712         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2713                 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
2714                         ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2715         } else
2716                 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
2717
2718         ifp->if_flags &= ~IFF_OACTIVE;
2719         ifp->if_flags |= IFF_RUNNING;
2720
2721         return;
2722
2723 fail:   ifp->if_flags &= ~IFF_UP;
2724         iwi_stop(sc);
2725 }
2726
2727 static void
2728 iwi_stop(void *priv)
2729 {
2730         struct iwi_softc *sc = priv;
2731         struct ieee80211com *ic = &sc->sc_ic;
2732         struct ifnet *ifp = ic->ic_ifp;
2733
2734         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2735
2736         iwi_stop_master(sc);
2737
2738         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_SOFT_RESET);
2739
2740         /* reset rings */
2741         iwi_reset_cmd_ring(sc, &sc->cmdq);
2742         iwi_reset_tx_ring(sc, &sc->txq[0]);
2743         iwi_reset_tx_ring(sc, &sc->txq[1]);
2744         iwi_reset_tx_ring(sc, &sc->txq[2]);
2745         iwi_reset_tx_ring(sc, &sc->txq[3]);
2746         iwi_reset_rx_ring(sc, &sc->rxq);
2747
2748         sc->sc_tx_timer = 0;
2749         ifp->if_timer = 0;
2750         ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
2751 }
2752
2753 static int
2754 iwi_sysctl_stats(SYSCTL_HANDLER_ARGS)
2755 {
2756         struct iwi_softc *sc = arg1;
2757         struct ifnet *ifp = &sc->sc_ic.ic_if;
2758         uint32_t size, buf[128];
2759
2760         lwkt_serialize_enter(ifp->if_serializer);
2761
2762         if (!(sc->flags & IWI_FLAG_FW_INITED)) {
2763                 memset(buf, 0, sizeof buf);
2764                 goto back;
2765         }
2766
2767         size = min(CSR_READ_4(sc, IWI_CSR_TABLE0_SIZE), 128 - 1);
2768         CSR_READ_REGION_4(sc, IWI_CSR_TABLE0_BASE, &buf[1], size);
2769 back:
2770         lwkt_serialize_exit(ifp->if_serializer);
2771         return SYSCTL_OUT(req, buf, sizeof buf);
2772 }
2773
2774 static int
2775 iwi_sysctl_radio(SYSCTL_HANDLER_ARGS)
2776 {
2777         struct iwi_softc *sc = arg1;
2778         struct ifnet *ifp = &sc->sc_ic.ic_if;
2779         int val;
2780
2781         lwkt_serialize_enter(ifp->if_serializer);
2782         val = (CSR_READ_4(sc, IWI_CSR_IO) & IWI_IO_RADIO_ENABLED) ? 1 : 0;
2783         lwkt_serialize_exit(ifp->if_serializer);
2784
2785         return SYSCTL_OUT(req, &val, sizeof val);
2786 }
2787
2788 static const int8_t     iwi_bitmap[256] = {
2789         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2790         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2791         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2792         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2793         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2794         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2795         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2796         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 7, 
2797         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2798         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2799         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2800         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2801         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2802         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2803         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2804         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, -1
2805 };
2806
2807 static int
2808 iwi_alloc_ibss_node(struct iwi_softc *sc)
2809 {
2810         int i;
2811
2812         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2813
2814         for (i = 0; i < IWI_MAX_IBSSNODE_NBYTE; ++i) {
2815                 int ret;
2816
2817                 ret = iwi_bitmap[sc->sc_ibss_node[i]];
2818                 if (ret != -1) {
2819                         sc->sc_ibss_node[i] |= (1 << ret);
2820                         ret += (i * NBBY);
2821                         return ret;
2822                 }
2823         }
2824         return -1;
2825 }
2826
2827 static void
2828 iwi_free_ibss_node(struct iwi_softc *sc, int ibss_node)
2829 {
2830         int i, b;
2831
2832         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2833         KASSERT(ibss_node < IWI_MAX_IBSSNODE, ("free ibss node, out of range"));
2834
2835         i = ibss_node / NBBY;
2836         b = ibss_node % NBBY;
2837
2838         sc->sc_ibss_node[i] &= ~(1 << b);
2839 }