projects / dragonfly.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge from vendor branch LESS:
[dragonfly.git] / sys / dev / netif / iwi / if_iwi.c
1 /*
2  * Copyright (c) 2004-2006
3  *      Damien Bergamini <damien.bergamini@free.fr>.
4  * Copyright (c) 2004, 2005
5  *      Andrew Atrens <atrens@nortelnetworks.com>.
6  *
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice unmodified, this list of conditions, and the following
14  *    disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  * $FreeBSD: src/sys/dev/iwi/if_iwi.c,v 1.8.2.6 2006/02/23 02:06:46 sam Exp $
32  * $DragonFly: src/sys/dev/netif/iwi/if_iwi.c,v 1.19 2007/02/20 14:24:21 sephe Exp $
33  */
34
35 /*-
36  * Intel(R) PRO/Wireless 2200BG/2225BG/2915ABG driver
37  * http://www.intel.com/network/connectivity/products/wireless/prowireless_mobile.htm
38  */
39
40 #include <sys/param.h>
41 #include <sys/sysctl.h>
42 #include <sys/sockio.h>
43 #include <sys/mbuf.h>
44 #include <sys/kernel.h>
45 #include <sys/kthread.h>
46 #include <sys/socket.h>
47 #include <sys/systm.h>
48 #include <sys/malloc.h>
49 #include <sys/module.h>
50 #include <sys/endian.h>
51 #include <sys/proc.h>
52 #include <sys/ucred.h>
53 #include <sys/bus.h>
54 #include <sys/rman.h>
55 #include <sys/serialize.h>
56
57 #include <bus/pci/pcidevs.h>
58 #include <bus/pci/pcireg.h>
59 #include <bus/pci/pcivar.h>
60
61 #include <net/bpf.h>
62 #include <net/if.h>
63 #include <net/if_arp.h>
64 #include <net/ethernet.h>
65 #include <net/if_dl.h>
66 #include <net/if_media.h>
67 #include <net/if_types.h>
68 #include <net/ifq_var.h>
69
70 #include <netproto/802_11/ieee80211_var.h>
71 #include <netproto/802_11/ieee80211_radiotap.h>
72
73 #include <netinet/in.h>
74 #include <netinet/in_systm.h>
75 #include <netinet/in_var.h>
76 #include <netinet/ip.h>
77 #include <netinet/if_ether.h>
78
79 #include <dev/netif/iwi/if_iwireg.h>
80 #include <dev/netif/iwi/if_iwivar.h>
81
82 #ifdef IWI_DEBUG
83 #define DPRINTF(x)      do { if (iwi_debug > 0) kprintf x; } while (0)
84 #define DPRINTFN(n, x)  do { if (iwi_debug >= (n)) kprintf x; } while (0)
85 int iwi_debug = 0;
86 SYSCTL_INT(_debug, OID_AUTO, iwi, CTLFLAG_RW, &iwi_debug, 0, "iwi debug level");
87 #else
88 #define DPRINTF(x)
89 #define DPRINTFN(n, x)
90 #endif
91
92 static struct iwi_ident {
93         uint16_t        vendor;
94         uint16_t        device;
95         const char      *name;
96 } iwi_ident_table[] = {
97         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2200BG,
98                 "Intel(R) PRO/Wireless 2200BG" },
99         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2225BG,
100                 "Intel(R) PRO/Wireless 2225BG" },
101         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_1,
102                 "Intel(R) PRO/Wireless 2915ABG" },
103         { PCI_VENDOR_INTEL, PCI_PRODUCT_INTEL_PRO_WL_2915ABG_2,
104                 "Intel(R) PRO/Wireless 2915ABG" },
105         { 0, 0, NULL }
106 };
107
108 static void     iwi_fw_monitor(void *);
109 static void     iwi_dma_map_addr(void *, bus_dma_segment_t *, int, int);
110 static void     iwi_dma_map_mbuf(void *, bus_dma_segment_t *, int, bus_size_t,
111                                  int);
112 static int      iwi_alloc_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *,
113                     int);
114 static void     iwi_reset_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
115 static void     iwi_free_cmd_ring(struct iwi_softc *, struct iwi_cmd_ring *);
116 static int      iwi_alloc_tx_ring(struct iwi_softc *, struct iwi_tx_ring *,
117                     int, bus_addr_t, bus_addr_t);
118 static void     iwi_reset_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
119 static void     iwi_free_tx_ring(struct iwi_softc *, struct iwi_tx_ring *);
120 static int      iwi_alloc_rx_ring(struct iwi_softc *, struct iwi_rx_ring *,
121                     int);
122 static void     iwi_reset_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
123 static void     iwi_free_rx_ring(struct iwi_softc *, struct iwi_rx_ring *);
124 static struct   ieee80211_node *iwi_node_alloc(struct ieee80211_node_table *);
125 static void     iwi_node_free(struct ieee80211_node *);
126 static int      iwi_media_change(struct ifnet *);
127 static void     iwi_media_status(struct ifnet *, struct ifmediareq *);
128 static int      iwi_newstate(struct ieee80211com *, enum ieee80211_state, int);
129 static int      iwi_wme_update(struct ieee80211com *);
130 static uint16_t iwi_read_prom_word(struct iwi_softc *, uint8_t);
131 static void     iwi_fix_channel(struct ieee80211com *, struct mbuf *);
132 static void     iwi_frame_intr(struct iwi_softc *, struct iwi_rx_data *, int,
133                     struct iwi_frame *);
134 static void     iwi_notification_intr(struct iwi_softc *, struct iwi_notif *);
135 static void     iwi_rx_intr(struct iwi_softc *);
136 static void     iwi_tx_intr(struct iwi_softc *, struct iwi_tx_ring *);
137 static void     iwi_intr(void *);
138 static int      iwi_cmd(struct iwi_softc *, uint8_t, void *, uint8_t, int);
139 static void     iwi_write_ibssnode(struct iwi_softc *, const struct iwi_node *);
140 static int      iwi_tx_start(struct ifnet *, struct mbuf *,
141                     struct ieee80211_node *, int);
142 static void     iwi_start(struct ifnet *);
143 static void     iwi_watchdog(struct ifnet *);
144 static int      iwi_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
145 static void     iwi_stop_master(struct iwi_softc *);
146 static int      iwi_reset(struct iwi_softc *);
147 static int      iwi_load_ucode(struct iwi_softc *, void *, int);
148 static int      iwi_load_firmware(struct iwi_softc *, void *, int);
149 static int      iwi_cache_firmware(struct iwi_softc *, void *);
150 static void     iwi_free_firmware(struct iwi_softc *);
151 static int      iwi_config(struct iwi_softc *);
152 static int      iwi_set_chan(struct iwi_softc *, struct ieee80211_channel *);
153 static int      iwi_scan(struct iwi_softc *);
154 static int      iwi_auth_and_assoc(struct iwi_softc *);
155 static void     iwi_init(void *);
156 static void     iwi_stop(void *);
157 static int      iwi_sysctl_stats(SYSCTL_HANDLER_ARGS);
158 static int      iwi_sysctl_radio(SYSCTL_HANDLER_ARGS);
159
160 static int      iwi_probe(device_t);
161 static int      iwi_attach(device_t);
162 static int      iwi_detach(device_t);
163 static int      iwi_shutdown(device_t);
164 static int      iwi_suspend(device_t);
165 static int      iwi_resume(device_t);
166
167 static int      iwi_alloc_ibss_node(struct iwi_softc *);
168 static void     iwi_free_ibss_node(struct iwi_softc *, int);
169
170 static device_method_t iwi_methods[] = {
171         /* Device interface */
172         DEVMETHOD(device_probe,         iwi_probe),
173         DEVMETHOD(device_attach,        iwi_attach),
174         DEVMETHOD(device_detach,        iwi_detach),
175         DEVMETHOD(device_shutdown,      iwi_shutdown),
176         DEVMETHOD(device_suspend,       iwi_suspend),
177         DEVMETHOD(device_resume,        iwi_resume),
178
179         { 0, 0 }
180 };
181
182 static driver_t iwi_driver = {
183         "iwi",
184         iwi_methods,
185         sizeof (struct iwi_softc)
186 };
187
188 static devclass_t iwi_devclass;
189
190 DRIVER_MODULE(iwi, pci, iwi_driver, iwi_devclass, 0, 0);
191
192 MODULE_DEPEND(iwi, pci,  1, 1, 1);
193 MODULE_DEPEND(iwi, wlan, 1, 1, 1);
194
195 /*
196  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
197  */
198 static const struct ieee80211_rateset iwi_rateset_11a =
199         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
200
201 static const struct ieee80211_rateset iwi_rateset_11b =
202         { 4, { 2, 4, 11, 22 } };
203
204 static const struct ieee80211_rateset iwi_rateset_11g =
205         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
206
207 static void
208 iwi_fw_monitor(void *arg)
209 {
210         struct iwi_softc *sc = arg;
211         struct ifnet *ifp = &sc->sc_ic.ic_if;
212
213         lwkt_serialize_enter(ifp->if_serializer);
214         for (;;) {
215                 int error = 0;
216
217                 /*
218                  * Test to see whether we are detaching,
219                  * this is used to avoid race condition
220                  * especially when attaching fails.
221                  */
222                 if ((sc->flags & IWI_FLAG_EXIT) == 0) {
223                         crit_enter();
224                         tsleep_interlock(IWI_FW_WAKE_MONITOR(sc));
225                         lwkt_serialize_exit(ifp->if_serializer);
226                         error = tsleep(IWI_FW_WAKE_MONITOR(sc),
227                                        0, "iwifwm", 0);
228                         crit_exit();
229                         lwkt_serialize_enter(ifp->if_serializer);
230                 }
231
232                 if (error == 0) {
233                         int boff;
234
235                         if (sc->flags & IWI_FLAG_EXIT)
236                                 break;
237                         else if ((sc->flags & IWI_FLAG_RESET) == 0)
238                                 continue;
239
240                         if_printf(ifp, "reset firmware\n");
241                         for (boff = 1; sc->flags & IWI_FLAG_RESET; boff++) {
242                                 iwi_init(sc);
243                                 if (sc->flags & IWI_FLAG_FW_INITED) {
244                                         sc->flags &= ~IWI_FLAG_RESET;
245                                 } else if (boff > 10) { /* XXX */
246                                         if_printf(ifp, "fw reset failed.  "
247                                                   "retrying...\n");
248
249                                         /* XXX avoid to sleep to long */
250                                         boff = 1;
251                                 }
252
253                                 /*
254                                  * Since this would be infinite loop,
255                                  * if reseting firmware never succeeded,
256                                  * we test to see whether we are detaching.
257                                  */
258                                 if (sc->flags & IWI_FLAG_EXIT)
259                                         break;
260
261                                 crit_enter();
262                                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
263                                 lwkt_serialize_exit(ifp->if_serializer);
264                                 error = tsleep(IWI_FW_CMD_ACKED(sc), 0,
265                                                "iwirun", boff * hz);
266                                 crit_exit();
267                                 lwkt_serialize_enter(ifp->if_serializer);
268                         }
269                 }
270         }
271         lwkt_serialize_exit(ifp->if_serializer);
272
273         if_printf(ifp, "fw monitor exiting\n");
274         wakeup(IWI_FW_EXIT_MONITOR(sc));
275         kthread_exit();
276 }
277
278 static int
279 iwi_probe(device_t dev)
280 {
281         const struct iwi_ident *ident;
282         uint16_t vid, did;
283
284         vid = pci_get_vendor(dev);
285         did = pci_get_device(dev);
286         for (ident = iwi_ident_table; ident->name != NULL; ident++) {
287                 if (vid == ident->vendor && did == ident->device) {
288                         device_set_desc(dev, ident->name);
289                         return 0;
290                 }
291         }
292         return ENXIO;
293 }
294
295 /* Base Address Register */
296 #define IWI_PCI_BAR0    0x10
297
298 static int
299 iwi_attach(device_t dev)
300 {
301         struct iwi_softc *sc = device_get_softc(dev);
302         struct ieee80211com *ic = &sc->sc_ic;
303         struct ifnet *ifp = &ic->ic_if;
304         uint16_t val;
305         int error, i;
306
307         sc->sc_dev = dev;
308         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
309
310         if (pci_get_powerstate(dev) != PCI_POWERSTATE_D0) {
311                 device_printf(dev, "chip is in D%d power mode "
312                     "-- setting to D0\n", pci_get_powerstate(dev));
313                 pci_set_powerstate(dev, PCI_POWERSTATE_D0);
314         }
315
316         pci_write_config(dev, 0x41, 0, 1);
317
318         /* enable bus-mastering */
319         pci_enable_busmaster(dev);
320
321         sc->mem_rid = IWI_PCI_BAR0;
322         sc->mem = bus_alloc_resource_any(dev, SYS_RES_MEMORY, &sc->mem_rid,
323                                          RF_ACTIVE);
324         if (sc->mem == NULL) {
325                 device_printf(dev, "could not allocate memory resource\n");
326                 return ENXIO;
327         }
328         sc->sc_st = rman_get_bustag(sc->mem);
329         sc->sc_sh = rman_get_bushandle(sc->mem);
330
331         sc->irq_rid = 0;
332         sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ, &sc->irq_rid,
333                                          RF_ACTIVE | RF_SHAREABLE);
334         if (sc->irq == NULL) {
335                 device_printf(dev, "could not allocate interrupt resource\n");
336                 goto fail;
337         }
338
339         if (iwi_reset(sc) != 0) {
340                 device_printf(dev, "could not reset adapter\n");
341                 goto fail;
342         }
343
344         /*
345          * Allocate rings.
346          */
347         error = iwi_alloc_cmd_ring(sc, &sc->cmdq, IWI_CMD_RING_COUNT);
348         if (error != 0) {
349                 device_printf(dev, "could not allocate Cmd ring\n");
350                 goto fail;
351         }
352
353         error = iwi_alloc_tx_ring(sc, &sc->txq[0], IWI_TX_RING_COUNT,
354                                   IWI_CSR_TX1_RIDX, IWI_CSR_TX1_WIDX);
355         if (error != 0) {
356                 device_printf(dev, "could not allocate Tx ring 1\n");
357                 goto fail;
358         }
359
360         error = iwi_alloc_tx_ring(sc, &sc->txq[1], IWI_TX_RING_COUNT,
361                                   IWI_CSR_TX2_RIDX, IWI_CSR_TX2_WIDX);
362         if (error != 0) {
363                 device_printf(dev, "could not allocate Tx ring 2\n");
364                 goto fail;
365         }
366
367         error = iwi_alloc_tx_ring(sc, &sc->txq[2], IWI_TX_RING_COUNT,
368                                   IWI_CSR_TX3_RIDX, IWI_CSR_TX3_WIDX);
369         if (error != 0) {
370                 device_printf(dev, "could not allocate Tx ring 3\n");
371                 goto fail;
372         }
373
374         error = iwi_alloc_tx_ring(sc, &sc->txq[3], IWI_TX_RING_COUNT,
375                                   IWI_CSR_TX4_RIDX, IWI_CSR_TX4_WIDX);
376         if (error != 0) {
377                 device_printf(dev, "could not allocate Tx ring 4\n");
378                 goto fail;
379         }
380
381         error = iwi_alloc_rx_ring(sc, &sc->rxq, IWI_RX_RING_COUNT);
382         if (error != 0) {
383                 device_printf(dev, "could not allocate Rx ring\n");
384                 goto fail;
385         }
386
387         sysctl_ctx_init(&sc->sysctl_ctx);
388         sc->sysctl_tree = SYSCTL_ADD_NODE(&sc->sysctl_ctx,
389                                 SYSCTL_STATIC_CHILDREN(_hw),
390                                 OID_AUTO,
391                                 device_get_nameunit(dev),
392                                 CTLFLAG_RD,
393                                 0, "");
394         if (sc->sysctl_tree == NULL) {
395                 device_printf(dev, "sysctl add node failed\n");
396                 error = EIO;
397                 goto fail;
398         }
399
400         ifp->if_softc = sc;
401         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
402         ifp->if_init = iwi_init;
403         ifp->if_ioctl = iwi_ioctl;
404         ifp->if_start = iwi_start;
405         ifp->if_watchdog = iwi_watchdog;
406         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
407         ifq_set_ready(&ifp->if_snd);
408
409         ic->ic_wme.wme_update = iwi_wme_update;
410         ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
411         ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
412         ic->ic_state = IEEE80211_S_INIT;
413
414         /* set device capabilities */
415         ic->ic_caps =
416             IEEE80211_C_IBSS |          /* IBSS mode supported */
417             IEEE80211_C_MONITOR |       /* monitor mode supported */
418             IEEE80211_C_TXPMGT |        /* tx power management */
419             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
420             IEEE80211_C_WEP |           /* WEP */
421             IEEE80211_C_WPA |           /* 802.11i */
422             IEEE80211_C_WME;            /* 802.11e */
423
424         /* read MAC address from EEPROM */
425         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 0);
426         ic->ic_myaddr[0] = val & 0xff;
427         ic->ic_myaddr[1] = val >> 8;
428         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 1);
429         ic->ic_myaddr[2] = val & 0xff;
430         ic->ic_myaddr[3] = val >> 8;
431         val = iwi_read_prom_word(sc, IWI_EEPROM_MAC + 2);
432         ic->ic_myaddr[4] = val & 0xff;
433         ic->ic_myaddr[5] = val >> 8;
434
435         if (pci_get_device(dev) >= 0x4223) {
436                 /* set supported .11a rates (2915ABG only) */
437                 ic->ic_sup_rates[IEEE80211_MODE_11A] = iwi_rateset_11a;
438
439                 /* set supported .11a channels */
440                 for (i = 36; i <= 64; i += 4) {
441                         ic->ic_channels[i].ic_freq =
442                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
443                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
444                 }
445                 for (i = 149; i <= 165; i += 4) {
446                         ic->ic_channels[i].ic_freq =
447                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
448                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
449                 }
450         }
451
452         /* set supported .11b and .11g rates */
453         ic->ic_sup_rates[IEEE80211_MODE_11B] = iwi_rateset_11b;
454         ic->ic_sup_rates[IEEE80211_MODE_11G] = iwi_rateset_11g;
455
456         /* set supported .11b and .11g channels (1 through 14) */
457         for (i = 1; i <= 14; i++) {
458                 ic->ic_channels[i].ic_freq =
459                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
460                 ic->ic_channels[i].ic_flags =
461                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
462                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
463         }
464
465         ieee80211_ifattach(ic);
466         /* override default methods */
467         ic->ic_node_alloc = iwi_node_alloc;
468         sc->sc_node_free = ic->ic_node_free;
469         ic->ic_node_free = iwi_node_free;
470         /* override state transition machine */
471         sc->sc_newstate = ic->ic_newstate;
472         ic->ic_newstate = iwi_newstate;
473         ieee80211_media_init(ic, iwi_media_change, iwi_media_status);
474
475         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
476             sizeof (struct ieee80211_frame) + 64, &sc->sc_drvbpf);
477
478         sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
479         sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
480         sc->sc_rxtap.wr_ihdr.it_present = htole32(IWI_RX_RADIOTAP_PRESENT);
481
482         sc->sc_txtap_len = sizeof sc->sc_txtapu;
483         sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
484         sc->sc_txtap.wt_ihdr.it_present = htole32(IWI_TX_RADIOTAP_PRESENT);
485
486         /*
487          * Add a few sysctl knobs.
488          */
489         sc->dwelltime = 100;
490         sc->bluetooth = 1;
491         sc->antenna = 0;
492
493         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
494             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "radio",
495             CTLTYPE_INT | CTLFLAG_RD, sc, 0, iwi_sysctl_radio, "I",
496             "radio transmitter switch state (0=off, 1=on)");
497
498         SYSCTL_ADD_PROC(&sc->sysctl_ctx,
499             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "stats",
500             CTLTYPE_OPAQUE | CTLFLAG_RD, sc, 0, iwi_sysctl_stats, "S",
501             "statistics");
502
503         SYSCTL_ADD_INT(&sc->sysctl_ctx,
504             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "dwell",
505             CTLFLAG_RW, &sc->dwelltime, 0,
506             "channel dwell time (ms) for AP/station scanning");
507
508         SYSCTL_ADD_INT(&sc->sysctl_ctx,
509             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "bluetooth",
510             CTLFLAG_RW, &sc->bluetooth, 0, "bluetooth coexistence");
511
512         SYSCTL_ADD_INT(&sc->sysctl_ctx,
513             SYSCTL_CHILDREN(sc->sysctl_tree), OID_AUTO, "antenna",
514             CTLFLAG_RW, &sc->antenna, 0, "antenna (0=auto)");
515
516         /*
517          * Start firmware monitoring thread
518          *
519          * NOTE:
520          * This should be done only after serializer is initialized,
521          * i.e. after ieee80211_ifattach(), because serializer will be
522          * held once iwi_fw_monitor() is entered.
523          */
524         error = kthread_create(iwi_fw_monitor, sc, &sc->sc_fw_monitor,
525                                "%s:fw-monitor", device_get_nameunit(dev));
526         if (error) {
527                 device_printf(dev, "could not create fw monitor\n");
528                 goto fail1;
529         }
530         sc->flags |= IWI_FLAG_MONITOR;
531
532         /*
533          * Hook our interrupt after all initialization is complete.
534          */
535         error = bus_setup_intr(dev, sc->irq, INTR_MPSAFE, iwi_intr, sc,
536                                &sc->sc_ih, ifp->if_serializer);
537         if (error != 0) {
538                 device_printf(dev, "could not set up interrupt\n");
539                 goto fail1;
540         }
541
542         if (bootverbose)
543                 ieee80211_announce(ic);
544
545         return 0;
546
547 fail1:
548         bpfdetach(ifp);
549         ieee80211_ifdetach(ic);
550 fail:
551         iwi_detach(dev);
552         return ENXIO;
553 }
554
555 static int
556 iwi_detach(device_t dev)
557 {
558         struct iwi_softc *sc = device_get_softc(dev);
559         struct ieee80211com *ic = &sc->sc_ic;
560         struct ifnet *ifp = ic->ic_ifp;
561
562         if (sc->flags & IWI_FLAG_MONITOR) {
563                 lwkt_serialize_enter(ifp->if_serializer);
564                 sc->flags |= IWI_FLAG_EXIT;
565                 wakeup(IWI_FW_WAKE_MONITOR(sc));
566
567                 crit_enter();
568                 tsleep_interlock(IWI_FW_EXIT_MONITOR(sc));
569                 lwkt_serialize_exit(ifp->if_serializer);
570                 tsleep(IWI_FW_EXIT_MONITOR(sc), 0, "iwiexi", 0);
571                 crit_exit();
572                 /* No need to hold serializer again */
573
574                 if_printf(ifp, "fw monitor exited\n");
575         }
576
577         if (device_is_attached(dev)) {
578                 lwkt_serialize_enter(ifp->if_serializer);
579
580                 iwi_stop(sc);
581                 bus_teardown_intr(dev, sc->irq, sc->sc_ih);
582                 iwi_free_firmware(sc);
583
584                 lwkt_serialize_exit(ifp->if_serializer);
585
586                 bpfdetach(ifp);
587                 ieee80211_ifdetach(ic);
588         }
589
590         iwi_free_cmd_ring(sc, &sc->cmdq);
591         iwi_free_tx_ring(sc, &sc->txq[0]);
592         iwi_free_tx_ring(sc, &sc->txq[1]);
593         iwi_free_tx_ring(sc, &sc->txq[2]);
594         iwi_free_tx_ring(sc, &sc->txq[3]);
595         iwi_free_rx_ring(sc, &sc->rxq);
596
597         if (sc->irq != NULL)
598                 bus_release_resource(dev, SYS_RES_IRQ, sc->irq_rid, sc->irq);
599
600         if (sc->mem != NULL)
601                 bus_release_resource(dev, SYS_RES_MEMORY, sc->mem_rid, sc->mem);
602
603         if (sc->sysctl_tree != NULL)
604                 sysctl_ctx_free(&sc->sysctl_ctx);
605
606         return 0;
607 }
608
609 static void
610 iwi_dma_map_addr(void *arg, bus_dma_segment_t *segs, int nseg, int error)
611 {
612         if (error != 0)
613                 return;
614
615         KASSERT(nseg == 1, ("too many DMA segments, %d should be 1", nseg));
616
617         *(bus_addr_t *)arg = segs[0].ds_addr;
618 }
619
620 static int
621 iwi_alloc_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring, int count)
622 {
623         int error;
624
625         ring->count = count;
626         ring->queued = 0;
627         ring->cur = ring->next = 0;
628
629         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
630             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_CMD_DESC_SIZE, 1,
631             count * IWI_CMD_DESC_SIZE, 0, &ring->desc_dmat);
632         if (error != 0) {
633                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
634                 goto fail;
635         }
636
637         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
638             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
639         if (error != 0) {
640                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
641                 goto fail;
642         }
643
644         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
645             count * IWI_CMD_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
646         if (error != 0) {
647                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
648                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
649                 ring->desc = NULL;
650                 return error;
651         }
652
653         return 0;
654
655 fail:   iwi_free_cmd_ring(sc, ring);
656         return error;
657 }
658
659 static void
660 iwi_reset_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
661 {
662         ring->queued = 0;
663         ring->cur = ring->next = 0;
664 }
665
666 static void
667 iwi_free_cmd_ring(struct iwi_softc *sc, struct iwi_cmd_ring *ring)
668 {
669         if (ring->desc != NULL) {
670                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
671                     BUS_DMASYNC_POSTWRITE);
672                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
673                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
674                 ring->desc = NULL;
675         }
676
677         if (ring->desc_dmat != NULL) {
678                 bus_dma_tag_destroy(ring->desc_dmat);   
679                 ring->desc_dmat = NULL;
680         }
681 }
682
683 static int
684 iwi_alloc_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring, int count,
685     bus_addr_t csr_ridx, bus_addr_t csr_widx)
686 {
687         int i, error;
688
689         ring->count = count;
690         ring->queued = 0;
691         ring->cur = ring->next = 0;
692         ring->csr_ridx = csr_ridx;
693         ring->csr_widx = csr_widx;
694
695         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
696             BUS_SPACE_MAXADDR, NULL, NULL, count * IWI_TX_DESC_SIZE, 1,
697             count * IWI_TX_DESC_SIZE, 0, &ring->desc_dmat);
698         if (error != 0) {
699                 device_printf(sc->sc_dev, "could not create desc DMA tag\n");
700                 goto fail;
701         }
702
703         error = bus_dmamem_alloc(ring->desc_dmat, (void **)&ring->desc,
704             BUS_DMA_WAITOK | BUS_DMA_ZERO, &ring->desc_map);
705         if (error != 0) {
706                 device_printf(sc->sc_dev, "could not allocate DMA memory\n");
707                 goto fail;
708         }
709
710         error = bus_dmamap_load(ring->desc_dmat, ring->desc_map, ring->desc,
711             count * IWI_TX_DESC_SIZE, iwi_dma_map_addr, &ring->physaddr, 0);
712         if (error != 0) {
713                 device_printf(sc->sc_dev, "could not load desc DMA map\n");
714
715                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
716                 ring->desc = NULL;
717                 goto fail;
718         }
719
720         ring->data = kmalloc(count * sizeof (struct iwi_tx_data), M_DEVBUF,
721             M_WAITOK | M_ZERO);
722
723         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
724             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, IWI_MAX_NSEG - 2,
725             MCLBYTES, 0, &ring->data_dmat);
726         if (error != 0) {
727                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
728                 goto fail;
729         }
730
731         for (i = 0; i < count; i++) {
732                 error = bus_dmamap_create(ring->data_dmat, 0,
733                     &ring->data[i].map);
734                 if (error != 0) {
735                         device_printf(sc->sc_dev, "could not create DMA map\n");
736                         goto fail;
737                 }
738         }
739
740         return 0;
741
742 fail:   iwi_free_tx_ring(sc, ring);
743         return error;
744 }
745
746 static void
747 iwi_reset_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
748 {
749         struct iwi_tx_data *data;
750         int i;
751
752         for (i = 0; i < ring->count; i++) {
753                 data = &ring->data[i];
754
755                 if (data->m != NULL) {
756                         bus_dmamap_sync(ring->data_dmat, data->map,
757                             BUS_DMASYNC_POSTWRITE);
758                         bus_dmamap_unload(ring->data_dmat, data->map);
759                         m_freem(data->m);
760                         data->m = NULL;
761                 }
762
763                 if (data->ni != NULL) {
764                         ieee80211_free_node(data->ni);
765                         data->ni = NULL;
766                 }
767         }
768
769         ring->queued = 0;
770         ring->cur = ring->next = 0;
771 }
772
773 static void
774 iwi_free_tx_ring(struct iwi_softc *sc, struct iwi_tx_ring *ring)
775 {
776         struct iwi_tx_data *data;
777         int i;
778
779         if (ring->desc != NULL) {
780                 bus_dmamap_sync(ring->desc_dmat, ring->desc_map,
781                     BUS_DMASYNC_POSTWRITE);
782                 bus_dmamap_unload(ring->desc_dmat, ring->desc_map);
783                 bus_dmamem_free(ring->desc_dmat, ring->desc, ring->desc_map);
784                 ring->desc = NULL;
785         }
786
787         if (ring->desc_dmat != NULL) {
788                 bus_dma_tag_destroy(ring->desc_dmat);
789                 ring->desc_dmat = NULL;
790         }
791
792         if (ring->data != NULL) {
793                 for (i = 0; i < ring->count; i++) {
794                         data = &ring->data[i];
795
796                         if (data->m != NULL) {
797                                 bus_dmamap_sync(ring->data_dmat, data->map,
798                                     BUS_DMASYNC_POSTWRITE);
799                                 bus_dmamap_unload(ring->data_dmat, data->map);
800                                 m_freem(data->m);
801                                 data->m = NULL;
802                         }
803
804                         if (data->ni != NULL) {
805                                 ieee80211_free_node(data->ni);
806                                 data->ni = NULL;
807                         }
808
809                         if (data->map != NULL) {
810                                 bus_dmamap_destroy(ring->data_dmat, data->map);
811                                 data->map = NULL;
812                         }
813                 }
814
815                 kfree(ring->data, M_DEVBUF);
816                 ring->data = NULL;
817         }
818
819         if (ring->data_dmat != NULL) {
820                 bus_dma_tag_destroy(ring->data_dmat);
821                 ring->data_dmat = NULL;
822         }
823 }
824
825 static int
826 iwi_alloc_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring, int count)
827 {
828         struct iwi_rx_data *data;
829         int i, error;
830
831         ring->count = count;
832         ring->cur = 0;
833
834         ring->data = kmalloc(count * sizeof (struct iwi_rx_data), M_DEVBUF,
835             M_WAITOK | M_ZERO);
836
837         error = bus_dma_tag_create(NULL, 1, 0, BUS_SPACE_MAXADDR_32BIT,
838             BUS_SPACE_MAXADDR, NULL, NULL, MCLBYTES, 1, MCLBYTES, 0,
839             &ring->data_dmat);
840         if (error != 0) {
841                 device_printf(sc->sc_dev, "could not create data DMA tag\n");
842                 goto fail;
843         }
844
845         for (i = 0; i < count; i++) {
846                 data = &ring->data[i];
847
848                 error = bus_dmamap_create(ring->data_dmat, 0, &data->map);
849                 if (error != 0) {
850                         device_printf(sc->sc_dev, "could not create DMA map\n");
851                         goto fail;
852                 }
853
854                 data->m = m_getcl(MB_WAIT, MT_DATA, M_PKTHDR);
855                 if (data->m == NULL) {
856                         device_printf(sc->sc_dev,
857                             "could not allocate rx mbuf\n");
858                         error = ENOMEM;
859                         goto fail;
860                 }
861
862                 error = bus_dmamap_load(ring->data_dmat, data->map,
863                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
864                     &data->physaddr, 0);
865                 if (error != 0) {
866                         device_printf(sc->sc_dev,
867                             "could not load rx buf DMA map");
868
869                         m_freem(data->m);
870                         data->m = NULL;
871                         goto fail;
872                 }
873
874                 data->reg = IWI_CSR_RX_BASE + i * 4;
875         }
876
877         return 0;
878
879 fail:   iwi_free_rx_ring(sc, ring);
880         return error;
881 }
882
883 static void
884 iwi_reset_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
885 {
886         ring->cur = 0;
887 }
888
889 static void
890 iwi_free_rx_ring(struct iwi_softc *sc, struct iwi_rx_ring *ring)
891 {
892         struct iwi_rx_data *data;
893         int i;
894
895         if (ring->data != NULL) {
896                 for (i = 0; i < ring->count; i++) {
897                         data = &ring->data[i];
898
899                         if (data->m != NULL) {
900                                 bus_dmamap_sync(ring->data_dmat, data->map,
901                                     BUS_DMASYNC_POSTREAD);
902                                 bus_dmamap_unload(ring->data_dmat, data->map);
903                                 m_freem(data->m);
904                                 data->m = NULL;
905                         }
906
907                         if (data->map != NULL) {
908                                 bus_dmamap_destroy(ring->data_dmat, data->map);
909                                 data->map = NULL;
910                         }
911                 }
912
913                 kfree(ring->data, M_DEVBUF);
914                 ring->data = NULL;
915         }
916
917         if (ring->data_dmat != NULL) {
918                 bus_dma_tag_destroy(ring->data_dmat);
919                 ring->data_dmat = NULL;
920         }
921 }
922
923 static int
924 iwi_shutdown(device_t dev)
925 {
926         struct iwi_softc *sc = device_get_softc(dev);
927         struct ifnet *ifp = &sc->sc_ic.ic_if;
928
929         lwkt_serialize_enter(ifp->if_serializer);
930         iwi_stop(sc);
931         lwkt_serialize_exit(ifp->if_serializer);
932
933         return 0;
934 }
935
936 static int
937 iwi_suspend(device_t dev)
938 {
939         struct iwi_softc *sc = device_get_softc(dev);
940         struct ifnet *ifp = &sc->sc_ic.ic_if;
941
942         lwkt_serialize_enter(ifp->if_serializer);
943         iwi_stop(sc);
944         lwkt_serialize_exit(ifp->if_serializer);
945
946         return 0;
947 }
948
949 static int
950 iwi_resume(device_t dev)
951 {
952         struct iwi_softc *sc = device_get_softc(dev);
953         struct ifnet *ifp = sc->sc_ic.ic_ifp;
954
955         lwkt_serialize_enter(ifp->if_serializer);
956
957         pci_write_config(dev, 0x41, 0, 1);
958
959         if (ifp->if_flags & IFF_UP) {
960                 ifp->if_init(ifp->if_softc);
961                 if (ifp->if_flags & IFF_RUNNING)
962                         ifp->if_start(ifp);
963         }
964
965         lwkt_serialize_exit(ifp->if_serializer);
966
967         return 0;
968 }
969
970 static struct ieee80211_node *
971 iwi_node_alloc(struct ieee80211_node_table *nt)
972 {
973         struct iwi_node *in;
974
975         in = kmalloc(sizeof (struct iwi_node), M_80211_NODE, M_NOWAIT | M_ZERO);
976         if (in == NULL)
977                 return NULL;
978
979         in->in_station = -1;
980
981         return &in->in_node;
982 }
983
984 static void
985 iwi_node_free(struct ieee80211_node *ni)
986 {
987         struct ieee80211com *ic = ni->ni_ic;
988         struct iwi_softc *sc = ic->ic_ifp->if_softc;
989         struct iwi_node *in = (struct iwi_node *)ni;
990
991         if (in->in_station != -1)
992                 iwi_free_ibss_node(sc, in->in_station);
993
994         sc->sc_node_free(ni);
995 }
996
997 static int
998 iwi_media_change(struct ifnet *ifp)
999 {
1000         struct iwi_softc *sc = ifp->if_softc;
1001         int error;
1002
1003         ASSERT_SERIALIZED(ifp->if_serializer);
1004
1005         error = ieee80211_media_change(ifp);
1006         if (error != ENETRESET)
1007                 return error;
1008
1009         if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
1010                 iwi_init(sc);
1011         return 0;
1012 }
1013
1014 /*
1015  * The firmware automatically adapts the transmit speed.  We report its current
1016  * value here.
1017  */
1018 static void
1019 iwi_media_status(struct ifnet *ifp, struct ifmediareq *imr)
1020 {
1021         struct iwi_softc *sc = ifp->if_softc;
1022         struct ieee80211com *ic = &sc->sc_ic;
1023 #define N(a)    (sizeof (a) / sizeof (a[0]))
1024         static const struct {
1025                 uint32_t        val;
1026                 int             rate;
1027         } rates[] = {
1028                 { IWI_RATE_DS1,      2 },
1029                 { IWI_RATE_DS2,      4 },
1030                 { IWI_RATE_DS5,     11 },
1031                 { IWI_RATE_DS11,    22 },
1032                 { IWI_RATE_OFDM6,   12 },
1033                 { IWI_RATE_OFDM9,   18 },
1034                 { IWI_RATE_OFDM12,  24 },
1035                 { IWI_RATE_OFDM18,  36 },
1036                 { IWI_RATE_OFDM24,  48 },
1037                 { IWI_RATE_OFDM36,  72 },
1038                 { IWI_RATE_OFDM48,  96 },
1039                 { IWI_RATE_OFDM54, 108 },
1040         };
1041         uint32_t val;
1042         int rate, i;
1043
1044         imr->ifm_status = IFM_AVALID;
1045         imr->ifm_active = IFM_IEEE80211;
1046         if (ic->ic_state == IEEE80211_S_RUN)
1047                 imr->ifm_status |= IFM_ACTIVE;
1048
1049         /* read current transmission rate from adapter */
1050         val = CSR_READ_4(sc, IWI_CSR_CURRENT_TX_RATE);
1051
1052         /* convert rate to 802.11 rate */
1053         for (i = 0; i < N(rates) && rates[i].val != val; i++);
1054         rate = (i < N(rates)) ? rates[i].rate : 0;
1055
1056         imr->ifm_active |= ieee80211_rate2media(ic, rate, ic->ic_curmode);
1057         switch (ic->ic_opmode) {
1058         case IEEE80211_M_STA:
1059                 break;
1060
1061         case IEEE80211_M_IBSS:
1062                 imr->ifm_active |= IFM_IEEE80211_ADHOC;
1063                 break;
1064
1065         case IEEE80211_M_MONITOR:
1066                 imr->ifm_active |= IFM_IEEE80211_MONITOR;
1067                 break;
1068
1069         case IEEE80211_M_AHDEMO:
1070         case IEEE80211_M_HOSTAP:
1071                 /* should not get there */
1072                 break;
1073         }
1074 #undef N
1075 }
1076
1077 static int
1078 iwi_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
1079 {
1080         struct ifnet *ifp = ic->ic_ifp;
1081         struct iwi_softc *sc = ifp->if_softc;
1082         enum ieee80211_state ostate;
1083         uint32_t tmp;
1084
1085         ostate = ic->ic_state;
1086
1087         switch (nstate) {
1088         case IEEE80211_S_SCAN:
1089                 if (sc->flags & IWI_FLAG_SCANNING)
1090                         break;
1091
1092                 ieee80211_node_table_reset(&ic->ic_scan);
1093                 ic->ic_flags |= IEEE80211_F_SCAN | IEEE80211_F_ASCAN;
1094                 sc->flags |= IWI_FLAG_SCANNING;
1095                 iwi_scan(sc);
1096                 break;
1097
1098         case IEEE80211_S_AUTH:
1099                 iwi_auth_and_assoc(sc);
1100                 break;
1101
1102         case IEEE80211_S_RUN:
1103                 if (ic->ic_opmode == IEEE80211_M_IBSS)
1104                         iwi_auth_and_assoc(sc);
1105                 else if (ic->ic_opmode == IEEE80211_M_MONITOR)
1106                         iwi_set_chan(sc, ic->ic_ibss_chan);
1107
1108                 /* assoc led on */
1109                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1110                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp | IWI_LED_ASSOC);
1111
1112                 return sc->sc_newstate(ic, nstate,
1113                     IEEE80211_FC0_SUBTYPE_ASSOC_RESP);
1114
1115         case IEEE80211_S_ASSOC:
1116                 break;
1117
1118         case IEEE80211_S_INIT:
1119                 sc->flags &= ~IWI_FLAG_SCANNING;
1120
1121                 if (ostate != IEEE80211_S_RUN)
1122                         break;
1123
1124                 /* assoc led off */
1125                 tmp = MEM_READ_4(sc, IWI_MEM_EVENT_CTL) & IWI_LED_MASK;
1126                 MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, tmp & ~IWI_LED_ASSOC);
1127                 break;
1128         }
1129
1130         ic->ic_state = nstate;
1131
1132         return 0;
1133 }
1134
1135 /*
1136  * WME parameters coming from IEEE 802.11e specification.  These values are
1137  * already declared in ieee80211_proto.c, but they are static so they can't
1138  * be reused here.
1139  */
1140 static const struct wmeParams iwi_wme_cck_params[WME_NUM_AC] = {
1141         { 0, 3, 5,  7,   0 },   /* WME_AC_BE */
1142         { 0, 3, 5, 10,   0 },   /* WME_AC_BK */
1143         { 0, 2, 4,  5, 188 },   /* WME_AC_VI */
1144         { 0, 2, 3,  4, 102 }    /* WME_AC_VO */
1145 };
1146
1147 static const struct wmeParams iwi_wme_ofdm_params[WME_NUM_AC] = {
1148         { 0, 3, 4,  6,   0 },   /* WME_AC_BE */
1149         { 0, 3, 4, 10,   0 },   /* WME_AC_BK */
1150         { 0, 2, 3,  4,  94 },   /* WME_AC_VI */
1151         { 0, 2, 2,  3,  47 }    /* WME_AC_VO */
1152 };
1153
1154 static int
1155 iwi_wme_update(struct ieee80211com *ic)
1156 {
1157 #define IWI_EXP2(v)     htole16((1 << (v)) - 1)
1158 #define IWI_USEC(v)     htole16(IEEE80211_TXOP_TO_US(v))
1159         struct iwi_softc *sc = ic->ic_ifp->if_softc;
1160         struct iwi_wme_params wme[3];
1161         const struct wmeParams *wmep;
1162         int ac;
1163
1164         /*
1165          * We shall not override firmware default WME values if WME is not
1166          * actually enabled.
1167          */
1168         if (!(ic->ic_flags & IEEE80211_F_WME))
1169                 return 0;
1170
1171         for (ac = 0; ac < WME_NUM_AC; ac++) {
1172                 /* set WME values for current operating mode */
1173                 wmep = &ic->ic_wme.wme_chanParams.cap_wmeParams[ac];
1174                 wme[0].aifsn[ac] = wmep->wmep_aifsn;
1175                 wme[0].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1176                 wme[0].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1177                 wme[0].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1178                 wme[0].acm[ac]   = wmep->wmep_acm;
1179
1180                 /* set WME values for CCK modulation */
1181                 wmep = &iwi_wme_cck_params[ac];
1182                 wme[1].aifsn[ac] = wmep->wmep_aifsn;
1183                 wme[1].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1184                 wme[1].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1185                 wme[1].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1186                 wme[1].acm[ac]   = wmep->wmep_acm;
1187
1188                 /* set WME values for OFDM modulation */
1189                 wmep = &iwi_wme_ofdm_params[ac];
1190                 wme[2].aifsn[ac] = wmep->wmep_aifsn;
1191                 wme[2].cwmin[ac] = IWI_EXP2(wmep->wmep_logcwmin);
1192                 wme[2].cwmax[ac] = IWI_EXP2(wmep->wmep_logcwmax);
1193                 wme[2].burst[ac] = IWI_USEC(wmep->wmep_txopLimit);
1194                 wme[2].acm[ac]   = wmep->wmep_acm;
1195         }
1196
1197         DPRINTF(("Setting WME parameters\n"));
1198         return iwi_cmd(sc, IWI_CMD_SET_WME_PARAMS, wme, sizeof wme, 1);
1199 #undef IWI_USEC
1200 #undef IWI_EXP2
1201 }
1202
1203 /*
1204  * Read 16 bits at address 'addr' from the serial EEPROM.
1205  */
1206 static uint16_t
1207 iwi_read_prom_word(struct iwi_softc *sc, uint8_t addr)
1208 {
1209         uint32_t tmp;
1210         uint16_t val;
1211         int n;
1212
1213         /* Clock C once before the first command */
1214         IWI_EEPROM_CTL(sc, 0);
1215         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1216         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1217         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1218
1219         /* Write start bit (1) */
1220         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1221         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1222
1223         /* Write READ opcode (10) */
1224         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D);
1225         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_D | IWI_EEPROM_C);
1226         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1227         IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1228
1229         /* Write address A7-A0 */
1230         for (n = 7; n >= 0; n--) {
1231                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1232                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D));
1233                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S |
1234                     (((addr >> n) & 1) << IWI_EEPROM_SHIFT_D) | IWI_EEPROM_C);
1235         }
1236
1237         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1238
1239         /* Read data Q15-Q0 */
1240         val = 0;
1241         for (n = 15; n >= 0; n--) {
1242                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S | IWI_EEPROM_C);
1243                 IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1244                 tmp = MEM_READ_4(sc, IWI_MEM_EEPROM_CTL);
1245                 val |= ((tmp & IWI_EEPROM_Q) >> IWI_EEPROM_SHIFT_Q) << n;
1246         }
1247
1248         IWI_EEPROM_CTL(sc, 0);
1249
1250         /* Clear Chip Select and clock C */
1251         IWI_EEPROM_CTL(sc, IWI_EEPROM_S);
1252         IWI_EEPROM_CTL(sc, 0);
1253         IWI_EEPROM_CTL(sc, IWI_EEPROM_C);
1254
1255         return val;
1256 }
1257
1258 /*
1259  * XXX: Hack to set the current channel to the value advertised in beacons or
1260  * probe responses. Only used during AP detection.
1261  */
1262 static void
1263 iwi_fix_channel(struct ieee80211com *ic, struct mbuf *m)
1264 {
1265         struct ieee80211_frame *wh;
1266         uint8_t subtype;
1267         uint8_t *frm, *efrm;
1268
1269         wh = mtod(m, struct ieee80211_frame *);
1270
1271         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_MGT)
1272                 return;
1273
1274         subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK;
1275
1276         if (subtype != IEEE80211_FC0_SUBTYPE_BEACON &&
1277             subtype != IEEE80211_FC0_SUBTYPE_PROBE_RESP)
1278                 return;
1279
1280         frm = (uint8_t *)(wh + 1);
1281         efrm = mtod(m, uint8_t *) + m->m_len;
1282
1283         frm += 12;      /* skip tstamp, bintval and capinfo fields */
1284         while (frm < efrm) {
1285                 if (*frm == IEEE80211_ELEMID_DSPARMS)
1286 #if IEEE80211_CHAN_MAX < 255
1287                 if (frm[2] <= IEEE80211_CHAN_MAX)
1288 #endif
1289                         ic->ic_curchan = &ic->ic_channels[frm[2]];
1290
1291                 frm += frm[1] + 2;
1292         }
1293 }
1294
1295 static void
1296 iwi_frame_intr(struct iwi_softc *sc, struct iwi_rx_data *data, int i,
1297     struct iwi_frame *frame)
1298 {
1299         struct ieee80211com *ic = &sc->sc_ic;
1300         struct ifnet *ifp = ic->ic_ifp;
1301         struct mbuf *mnew, *m;
1302         struct ieee80211_frame *wh;
1303         struct ieee80211_node *ni;
1304         int error;
1305
1306         DPRINTFN(5, ("received frame len=%u chan=%u rssi=%u\n",
1307             le16toh(frame->len), frame->chan, frame->rssi_dbm));
1308
1309         if (le16toh(frame->len) < sizeof (struct ieee80211_frame))
1310                 return;
1311
1312         /*
1313          * Try to allocate a new mbuf for this ring element and load it before
1314          * processing the current mbuf. If the ring element cannot be loaded,
1315          * drop the received packet and reuse the old mbuf. In the unlikely
1316          * case that the old mbuf can't be reloaded either, explicitly panic.
1317          */
1318         mnew = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
1319         if (mnew == NULL) {
1320                 ifp->if_ierrors++;
1321                 return;
1322         }
1323
1324         bus_dmamap_unload(sc->rxq.data_dmat, data->map);
1325
1326         error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1327             mtod(mnew, void *), MCLBYTES, iwi_dma_map_addr, &data->physaddr,
1328             0);
1329         if (error != 0) {
1330                 m_freem(mnew);
1331
1332                 /* try to reload the old mbuf */
1333                 error = bus_dmamap_load(sc->rxq.data_dmat, data->map,
1334                     mtod(data->m, void *), MCLBYTES, iwi_dma_map_addr,
1335                     &data->physaddr, 0);
1336                 if (error != 0) {
1337                         /* very unlikely that it will fail... */
1338                         panic("%s: could not load old rx mbuf",
1339                             device_get_name(sc->sc_dev));
1340                 }
1341                 ifp->if_ierrors++;
1342                 return;
1343         }
1344
1345         /*
1346          * New mbuf successfully loaded, update Rx ring and continue
1347          * processing.
1348          */
1349         m = data->m;
1350         data->m = mnew;
1351         CSR_WRITE_4(sc, data->reg, data->physaddr);
1352
1353         /* Finalize mbuf */
1354         m->m_pkthdr.rcvif = ifp;
1355         m->m_pkthdr.len = m->m_len = sizeof (struct iwi_hdr) +
1356             sizeof (struct iwi_frame) + le16toh(frame->len);
1357
1358         m_adj(m, sizeof (struct iwi_hdr) + sizeof (struct iwi_frame));
1359
1360         if (ic->ic_state == IEEE80211_S_SCAN)
1361                 iwi_fix_channel(ic, m);
1362
1363         if (sc->sc_drvbpf != NULL) {
1364                 struct iwi_rx_radiotap_header *tap = &sc->sc_rxtap;
1365
1366                 tap->wr_flags = 0;
1367                 tap->wr_rate = frame->rate;
1368                 tap->wr_chan_freq =
1369                     htole16(ic->ic_channels[frame->chan].ic_freq);
1370                 tap->wr_chan_flags =
1371                     htole16(ic->ic_channels[frame->chan].ic_flags);
1372                 tap->wr_antsignal = frame->signal;
1373                 tap->wr_antenna = frame->antenna;
1374
1375                 bpf_ptap(sc->sc_drvbpf, m, tap, sc->sc_rxtap_len);
1376         }
1377
1378         wh = mtod(m, struct ieee80211_frame *);
1379         ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh);
1380
1381         /* send the frame to the 802.11 layer */
1382         ieee80211_input(ic, m, ni, frame->rssi_dbm, 0);
1383
1384         /* node is no longer needed */
1385         ieee80211_free_node(ni);
1386 }
1387
1388 static void
1389 iwi_notification_intr(struct iwi_softc *sc, struct iwi_notif *notif)
1390 {
1391         struct ieee80211com *ic = &sc->sc_ic;
1392         struct iwi_notif_scan_channel *chan;
1393         struct iwi_notif_scan_complete *scan;
1394         struct iwi_notif_authentication *auth;
1395         struct iwi_notif_association *assoc;
1396
1397         switch (notif->type) {
1398         case IWI_NOTIF_TYPE_SCAN_CHANNEL:
1399                 chan = (struct iwi_notif_scan_channel *)(notif + 1);
1400
1401                 DPRINTFN(2, ("Scanning channel (%u)\n", chan->nchan));
1402                 break;
1403
1404         case IWI_NOTIF_TYPE_SCAN_COMPLETE:
1405                 scan = (struct iwi_notif_scan_complete *)(notif + 1);
1406
1407                 DPRINTFN(2, ("Scan completed (%u, %u)\n", scan->nchan,
1408                     scan->status));
1409
1410                 /* monitor mode uses scan to set the channel ... */
1411                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1412                         sc->flags &= ~IWI_FLAG_SCANNING;
1413                         ieee80211_end_scan(ic);
1414                 } else
1415                         iwi_set_chan(sc, ic->ic_ibss_chan);
1416                 break;
1417
1418         case IWI_NOTIF_TYPE_AUTHENTICATION:
1419                 auth = (struct iwi_notif_authentication *)(notif + 1);
1420
1421                 DPRINTFN(2, ("Authentication (%u)\n", auth->state));
1422
1423                 switch (auth->state) {
1424                 case IWI_AUTHENTICATED:
1425                         ieee80211_node_authorize(ic->ic_bss);
1426                         ieee80211_new_state(ic, IEEE80211_S_ASSOC, -1);
1427                         break;
1428
1429                 case IWI_DEAUTHENTICATED:
1430                         break;
1431
1432                 default:
1433                         device_printf(sc->sc_dev,
1434                             "unknown authentication state %u\n", auth->state);
1435                 }
1436                 break;
1437
1438         case IWI_NOTIF_TYPE_ASSOCIATION:
1439                 assoc = (struct iwi_notif_association *)(notif + 1);
1440
1441                 DPRINTFN(2, ("Association (%u, %u)\n", assoc->state,
1442                     assoc->status));
1443
1444                 switch (assoc->state) {
1445                 case IWI_AUTHENTICATED:
1446                         /* re-association, do nothing */
1447                         break;
1448
1449                 case IWI_ASSOCIATED:
1450                         ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
1451                         break;
1452
1453                 case IWI_DEASSOCIATED:
1454                         ieee80211_begin_scan(ic, 1);
1455                         break;
1456
1457                 default:
1458                         device_printf(sc->sc_dev,
1459                             "unknown association state %u\n", assoc->state);
1460                 }
1461                 break;
1462
1463         default:
1464                 DPRINTFN(5, ("Notification (%u)\n", notif->type));
1465         }
1466 }
1467
1468 static void
1469 iwi_rx_intr(struct iwi_softc *sc)
1470 {
1471         struct iwi_rx_data *data;
1472         struct iwi_hdr *hdr;
1473         uint32_t hw;
1474
1475         hw = CSR_READ_4(sc, IWI_CSR_RX_RIDX);
1476
1477         for (; sc->rxq.cur != hw;) {
1478                 data = &sc->rxq.data[sc->rxq.cur];
1479
1480                 bus_dmamap_sync(sc->rxq.data_dmat, data->map,
1481                     BUS_DMASYNC_POSTREAD);
1482
1483                 hdr = mtod(data->m, struct iwi_hdr *);
1484
1485                 switch (hdr->type) {
1486                 case IWI_HDR_TYPE_FRAME:
1487                         iwi_frame_intr(sc, data, sc->rxq.cur,
1488                             (struct iwi_frame *)(hdr + 1));
1489                         break;
1490
1491                 case IWI_HDR_TYPE_NOTIF:
1492                         iwi_notification_intr(sc,
1493                             (struct iwi_notif *)(hdr + 1));
1494                         break;
1495
1496                 default:
1497                         device_printf(sc->sc_dev, "unknown hdr type %u\n",
1498                             hdr->type);
1499                 }
1500
1501                 DPRINTFN(15, ("rx done idx=%u\n", sc->rxq.cur));
1502
1503                 sc->rxq.cur = (sc->rxq.cur + 1) % IWI_RX_RING_COUNT;
1504         }
1505
1506         /* Tell the firmware what we have processed */
1507         hw = (hw == 0) ? IWI_RX_RING_COUNT - 1 : hw - 1;
1508         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, hw);
1509 }
1510
1511 static void
1512 iwi_tx_intr(struct iwi_softc *sc, struct iwi_tx_ring *txq)
1513 {
1514         struct ieee80211com *ic = &sc->sc_ic;
1515         struct ifnet *ifp = ic->ic_ifp;
1516         struct iwi_tx_data *data;
1517         uint32_t hw;
1518
1519         hw = CSR_READ_4(sc, txq->csr_ridx);
1520
1521         for (; txq->next != hw;) {
1522                 data = &txq->data[txq->next];
1523
1524                 bus_dmamap_sync(txq->data_dmat, data->map,
1525                     BUS_DMASYNC_POSTWRITE);
1526                 bus_dmamap_unload(txq->data_dmat, data->map);
1527                 m_freem(data->m);
1528                 data->m = NULL;
1529                 ieee80211_free_node(data->ni);
1530                 data->ni = NULL;
1531
1532                 DPRINTFN(15, ("tx done idx=%u\n", txq->next));
1533
1534                 ifp->if_opackets++;
1535
1536                 txq->queued--;
1537                 txq->next = (txq->next + 1) % IWI_TX_RING_COUNT;
1538         }
1539
1540         sc->sc_tx_timer = 0;
1541         ifp->if_flags &= ~IFF_OACTIVE;
1542         iwi_start(ifp);
1543 }
1544
1545 static void
1546 iwi_intr(void *arg)
1547 {
1548         struct iwi_softc *sc = arg;
1549         uint32_t r;
1550
1551         r = CSR_READ_4(sc, IWI_CSR_INTR);
1552         if (r == 0 || r == 0xffffffff)
1553                 return;
1554
1555         /* disable interrupts */
1556         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1557
1558         if (r & IWI_INTR_FATAL_ERROR) {
1559                 device_printf(sc->sc_dev, "fatal error\n");
1560
1561                 if ((sc->flags & (IWI_FLAG_EXIT | IWI_FLAG_RESET)) == 0) {
1562                         sc->flags |= IWI_FLAG_RESET;
1563                         device_printf(sc->sc_dev, "wake firmware monitor\n");
1564                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1565                 }
1566         }
1567
1568         if (r & IWI_INTR_PARITY_ERROR) {
1569                 device_printf(sc->sc_dev, "parity error\n");
1570                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1571                 iwi_stop(sc);
1572         }
1573
1574         if (r & IWI_INTR_FW_INITED) {
1575                 if (!(r & (IWI_INTR_FATAL_ERROR | IWI_INTR_PARITY_ERROR)))
1576                         wakeup(IWI_FW_INITIALIZED(sc));
1577         }
1578
1579         if (r & IWI_INTR_RADIO_OFF) {
1580                 DPRINTF(("radio transmitter turned off\n"));
1581                 sc->sc_ic.ic_ifp->if_flags &= ~IFF_UP;
1582                 iwi_stop(sc);
1583         }
1584
1585         if (r & IWI_INTR_CMD_DONE)
1586                 wakeup(IWI_FW_CMD_ACKED(sc));
1587
1588         if (r & IWI_INTR_TX1_DONE)
1589                 iwi_tx_intr(sc, &sc->txq[0]);
1590
1591         if (r & IWI_INTR_TX2_DONE)
1592                 iwi_tx_intr(sc, &sc->txq[1]);
1593
1594         if (r & IWI_INTR_TX3_DONE)
1595                 iwi_tx_intr(sc, &sc->txq[2]);
1596
1597         if (r & IWI_INTR_TX4_DONE)
1598                 iwi_tx_intr(sc, &sc->txq[3]);
1599
1600         if (r & IWI_INTR_RX_DONE)
1601                 iwi_rx_intr(sc);
1602
1603         /* acknowledge interrupts */
1604         CSR_WRITE_4(sc, IWI_CSR_INTR, r);
1605
1606         /* re-enable interrupts */
1607         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
1608 }
1609
1610 static int
1611 iwi_cmd(struct iwi_softc *sc, uint8_t type, void *data, uint8_t len, int async)
1612 {
1613         struct iwi_cmd_desc *desc;
1614         struct ifnet *ifp = &sc->sc_ic.ic_if;
1615         int ret;
1616
1617         desc = &sc->cmdq.desc[sc->cmdq.cur];
1618
1619         desc->hdr.type = IWI_HDR_TYPE_COMMAND;
1620         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1621         desc->type = type;
1622         desc->len = len;
1623         memcpy(desc->data, data, len);
1624
1625         bus_dmamap_sync(sc->cmdq.desc_dmat, sc->cmdq.desc_map,
1626             BUS_DMASYNC_PREWRITE);
1627
1628         DPRINTFN(2, ("sending command idx=%u type=%u len=%u\n", sc->cmdq.cur,
1629             type, len));
1630
1631         sc->cmdq.cur = (sc->cmdq.cur + 1) % IWI_CMD_RING_COUNT;
1632         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
1633
1634         if (!async) {
1635                 ASSERT_SERIALIZED(ifp->if_serializer);
1636
1637                 crit_enter();
1638                 tsleep_interlock(IWI_FW_CMD_ACKED(sc));
1639                 lwkt_serialize_exit(ifp->if_serializer);
1640                 ret = tsleep(IWI_FW_CMD_ACKED(sc), 0, "iwicmd", hz);
1641                 crit_exit();
1642                 lwkt_serialize_enter(ifp->if_serializer);
1643         } else {
1644                 ret = 0;
1645         }
1646
1647         return ret;
1648 }
1649
1650 static void
1651 iwi_write_ibssnode(struct iwi_softc *sc, const struct iwi_node *in)
1652 {
1653         struct iwi_ibssnode node;
1654
1655         /* write node information into NIC memory */
1656         memset(&node, 0, sizeof node);
1657         IEEE80211_ADDR_COPY(node.bssid, in->in_node.ni_macaddr);
1658
1659         CSR_WRITE_REGION_1(sc,
1660             IWI_CSR_NODE_BASE + in->in_station * sizeof node,
1661             (uint8_t *)&node, sizeof node);
1662 }
1663
1664 struct iwi_dma_mapping {
1665         bus_dma_segment_t segs[IWI_MAX_NSEG];
1666         int nseg;
1667         bus_size_t mapsize;
1668 };
1669
1670 static void
1671 iwi_dma_map_mbuf(void *arg, bus_dma_segment_t *segs, int nseg,
1672                  bus_size_t mapsize, int error)
1673 {
1674         struct iwi_dma_mapping *map = arg;
1675
1676         if (error != 0)
1677                 return;
1678
1679         KASSERT(nseg <= IWI_MAX_NSEG, ("too many DMA segments %d", nseg));
1680
1681         bcopy(segs, map->segs, nseg * sizeof(bus_dma_segment_t));
1682         map->nseg = nseg;
1683         map->mapsize = mapsize;
1684 }
1685
1686 static int
1687 iwi_tx_start(struct ifnet *ifp, struct mbuf *m0, struct ieee80211_node *ni,
1688     int ac)
1689 {
1690         struct iwi_softc *sc = ifp->if_softc;
1691         struct ieee80211com *ic = &sc->sc_ic;
1692         struct iwi_node *in = (struct iwi_node *)ni;
1693         struct ieee80211_frame *wh;
1694         struct ieee80211_key *k;
1695         const struct chanAccParams *cap;
1696         struct iwi_tx_ring *txq = &sc->txq[ac];
1697         struct iwi_tx_data *data;
1698         struct iwi_tx_desc *desc;
1699         struct mbuf *mnew;
1700         struct iwi_dma_mapping map;
1701         int error, hdrlen, i, noack = 0;
1702
1703         wh = mtod(m0, struct ieee80211_frame *);
1704
1705         if (wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS) {
1706                 hdrlen = sizeof (struct ieee80211_qosframe);
1707                 cap = &ic->ic_wme.wme_chanParams;
1708                 noack = cap->cap_wmeParams[ac].wmep_noackPolicy;
1709         } else
1710                 hdrlen = sizeof (struct ieee80211_frame);
1711
1712         /*
1713          * This is only used in IBSS mode where the firmware expect an index
1714          * in a h/w table instead of a destination address.
1715          */
1716         if (ic->ic_opmode == IEEE80211_M_IBSS && in->in_station == -1) {
1717                 in->in_station = iwi_alloc_ibss_node(sc);
1718                 if (in->in_station == -1) {     /* h/w table is full */
1719                         m_freem(m0);
1720                         ieee80211_free_node(ni);
1721                         ifp->if_oerrors++;
1722                         if_printf(ifp, "ibss table is full\n");
1723                         return 0;
1724                 }
1725                 iwi_write_ibssnode(sc, in);
1726         }
1727
1728         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1729                 k = ieee80211_crypto_encap(ic, ni, m0);
1730                 if (k == NULL) {
1731                         m_freem(m0);
1732                         return ENOBUFS;
1733                 }
1734
1735                 /* packet header may have moved, reset our local pointer */
1736                 wh = mtod(m0, struct ieee80211_frame *);
1737         }
1738
1739         if (sc->sc_drvbpf != NULL) {
1740                 struct iwi_tx_radiotap_header *tap = &sc->sc_txtap;
1741
1742                 tap->wt_flags = 0;
1743                 tap->wt_chan_freq = htole16(ic->ic_ibss_chan->ic_freq);
1744                 tap->wt_chan_flags = htole16(ic->ic_ibss_chan->ic_flags);
1745
1746                 bpf_ptap(sc->sc_drvbpf, m0, tap, sc->sc_txtap_len);
1747         }
1748
1749         data = &txq->data[txq->cur];
1750         desc = &txq->desc[txq->cur];
1751
1752         /* save and trim IEEE802.11 header */
1753         m_copydata(m0, 0, hdrlen, (caddr_t)&desc->wh);
1754         m_adj(m0, hdrlen);
1755
1756         error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1757                                      iwi_dma_map_mbuf, &map, BUS_DMA_NOWAIT);
1758         if (error != 0 && error != EFBIG) {
1759                 device_printf(sc->sc_dev, "could not map mbuf (error %d)\n",
1760                     error);
1761                 m_freem(m0);
1762                 return error;
1763         }
1764         if (error != 0) {
1765                 mnew = m_defrag(m0, MB_DONTWAIT);
1766                 if (mnew == NULL) {
1767                         device_printf(sc->sc_dev,
1768                             "could not defragment mbuf\n");
1769                         m_freem(m0);
1770                         return ENOBUFS;
1771                 }
1772                 m0 = mnew;
1773
1774                 error = bus_dmamap_load_mbuf(txq->data_dmat, data->map, m0,
1775                                              iwi_dma_map_mbuf, &map,
1776                                              BUS_DMA_NOWAIT);
1777                 if (error != 0) {
1778                         device_printf(sc->sc_dev,
1779                             "could not map mbuf (error %d)\n", error);
1780                         m_freem(m0);
1781                         return error;
1782                 }
1783         }
1784
1785         data->m = m0;
1786         data->ni = ni;
1787
1788         desc->hdr.type = IWI_HDR_TYPE_DATA;
1789         desc->hdr.flags = IWI_HDR_FLAG_IRQ;
1790         desc->station =
1791             (ic->ic_opmode == IEEE80211_M_IBSS) ? in->in_station : 0;
1792         desc->cmd = IWI_DATA_CMD_TX;
1793         desc->len = htole16(m0->m_pkthdr.len);
1794         desc->flags = 0;
1795         desc->xflags = 0;
1796
1797         if (!noack && !IEEE80211_IS_MULTICAST(desc->wh.i_addr1))
1798                 desc->flags |= IWI_DATA_FLAG_NEED_ACK;
1799
1800 #if 0
1801         if (ic->ic_flags & IEEE80211_F_PRIVACY) {
1802                 desc->wh.i_fc[1] |= IEEE80211_FC1_WEP;
1803                 desc->weptxkey = ic->ic_crypto.cs_def_txkey;
1804         } else
1805 #endif
1806                 desc->flags |= IWI_DATA_FLAG_NO_WEP;
1807
1808         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
1809                 desc->flags |= IWI_DATA_FLAG_SHPREAMBLE;
1810
1811         if (desc->wh.i_fc[0] & IEEE80211_FC0_SUBTYPE_QOS)
1812                 desc->xflags |= IWI_DATA_XFLAG_QOS;
1813
1814         desc->nseg = htole32(map.nseg);
1815         for (i = 0; i < map.nseg; i++) {
1816                 desc->seg_addr[i] = htole32(map.segs[i].ds_addr);
1817                 desc->seg_len[i]  = htole16(map.segs[i].ds_len);
1818         }
1819
1820         bus_dmamap_sync(txq->data_dmat, data->map, BUS_DMASYNC_PREWRITE);
1821         bus_dmamap_sync(txq->desc_dmat, txq->desc_map, BUS_DMASYNC_PREWRITE);
1822
1823         DPRINTFN(5, ("sending data frame txq=%u idx=%u len=%u nseg=%u\n",
1824             ac, txq->cur, le16toh(desc->len), map.nseg));
1825
1826         txq->queued++;
1827         txq->cur = (txq->cur + 1) % IWI_TX_RING_COUNT;
1828         CSR_WRITE_4(sc, txq->csr_widx, txq->cur);
1829
1830         return 0;
1831 }
1832
1833 static void
1834 iwi_start(struct ifnet *ifp)
1835 {
1836         struct iwi_softc *sc = ifp->if_softc;
1837         struct ieee80211com *ic = &sc->sc_ic;
1838         struct mbuf *m0;
1839         struct ether_header *eh;
1840         struct ieee80211_node *ni;
1841         int ac;
1842
1843         if (ic->ic_state != IEEE80211_S_RUN)
1844                 return;
1845
1846         IF_POLL(&ic->ic_mgtq, m0);
1847         if (m0 != NULL)
1848                 ieee80211_drain_mgtq(&ic->ic_mgtq);
1849
1850         for (;;) {
1851                 m0 = ifq_dequeue(&ifp->if_snd, NULL);
1852                 if (m0 == NULL)
1853                         break;
1854
1855                 if (m0->m_len < sizeof (struct ether_header) &&
1856                     (m0 = m_pullup(m0, sizeof (struct ether_header))) == NULL) {
1857                         ifp->if_oerrors++;
1858                         continue;
1859                 }
1860                 eh = mtod(m0, struct ether_header *);
1861                 ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1862                 if (ni == NULL) {
1863                         m_freem(m0);
1864                         ifp->if_oerrors++;
1865                         continue;
1866                 }
1867
1868                 /* classify mbuf so we can find which tx ring to use */
1869                 if (ieee80211_classify(ic, m0, ni) != 0) {
1870                         m_freem(m0);
1871                         ieee80211_free_node(ni);
1872                         ifp->if_oerrors++;
1873                         continue;
1874                 }
1875
1876                 /* no QoS encapsulation for EAPOL frames */
1877                 ac = (eh->ether_type != htons(ETHERTYPE_PAE)) ?
1878                     M_WME_GETAC(m0) : WME_AC_BE;
1879
1880                 if (sc->txq[ac].queued > IWI_TX_RING_COUNT - 8) {
1881                         /* there is no place left in this ring */
1882                         m_freem(m0);
1883                         ieee80211_free_node(ni);
1884                         ifp->if_flags |= IFF_OACTIVE;
1885                         break;
1886                 }
1887
1888                 BPF_MTAP(ifp, m0);
1889
1890                 m0 = ieee80211_encap(ic, m0, ni);
1891                 if (m0 == NULL) {
1892                         ieee80211_free_node(ni);
1893                         ifp->if_oerrors++;
1894                         continue;
1895                 }
1896
1897                 if (ic->ic_rawbpf != NULL)
1898                         bpf_mtap(ic->ic_rawbpf, m0);
1899
1900                 if (iwi_tx_start(ifp, m0, ni, ac) != 0) {
1901                         ieee80211_free_node(ni);
1902                         ifp->if_oerrors++;
1903                         break;
1904                 }
1905
1906                 sc->sc_tx_timer = 5;
1907                 ifp->if_timer = 1;
1908         }
1909 }
1910
1911 static void
1912 iwi_watchdog(struct ifnet *ifp)
1913 {
1914         struct iwi_softc *sc = ifp->if_softc;
1915         struct ieee80211com *ic = &sc->sc_ic;
1916
1917         ifp->if_timer = 0;
1918
1919         if (sc->sc_tx_timer > 0) {
1920                 if (--sc->sc_tx_timer == 0) {
1921                         if_printf(ifp, "device timeout\n");
1922                         ifp->if_oerrors++;
1923                         sc->flags |= IWI_FLAG_RESET;
1924                         wakeup(IWI_FW_WAKE_MONITOR(sc));
1925                         return;
1926                 }
1927                 ifp->if_timer = 1;
1928         }
1929
1930         ieee80211_watchdog(ic);
1931 }
1932
1933 static int
1934 iwi_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1935 {
1936         struct iwi_softc *sc = ifp->if_softc;
1937         struct ieee80211com *ic = &sc->sc_ic;
1938         struct ifreq *ifr;
1939         int error = 0;
1940
1941         switch (cmd) {
1942         case SIOCSIFFLAGS:
1943                 if (ifp->if_flags & IFF_UP) {
1944                         if (!(ifp->if_flags & IFF_RUNNING))
1945                                 iwi_init(sc);
1946                 } else {
1947                         if (ifp->if_flags & IFF_RUNNING)
1948                                 iwi_stop(sc);
1949                 }
1950                 break;
1951
1952         case SIOCSLOADFW:
1953                 /* only super-user can do that! */
1954                 error = suser_cred(cr, NULL_CRED_OKAY);
1955                 if (error != 0)
1956                         break;
1957
1958                 ifr = (struct ifreq *)data;
1959                 error = iwi_cache_firmware(sc, ifr->ifr_data);
1960                 break;
1961
1962         case SIOCSKILLFW:
1963                 /* only super-user can do that! */
1964                 error = suser_cred(cr, NULL_CRED_OKAY);
1965                 if (error != 0)
1966                         break;
1967
1968                 ifp->if_flags &= ~IFF_UP;
1969                 iwi_stop(sc);
1970                 iwi_free_firmware(sc);
1971                 break;
1972
1973         default:
1974                 error = ieee80211_ioctl(ic, cmd, data, cr);
1975         }
1976
1977         if (error == ENETRESET) {
1978                 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1979                     (IFF_UP | IFF_RUNNING) &&
1980                     (ic->ic_roaming != IEEE80211_ROAMING_MANUAL))
1981                         iwi_init(sc);
1982                 error = 0;
1983         }
1984
1985         return error;
1986 }
1987
1988 static void
1989 iwi_stop_master(struct iwi_softc *sc)
1990 {
1991         uint32_t tmp;
1992         int ntries;
1993
1994         /* disable interrupts */
1995         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, 0);
1996
1997         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_STOP_MASTER);
1998         for (ntries = 0; ntries < 5; ntries++) {
1999                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
2000                         break;
2001                 DELAY(10);
2002         }
2003         if (ntries == 5)
2004                 if_printf(&sc->sc_ic.ic_if, "timeout waiting for master\n");
2005
2006         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2007         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_PRINCETON_RESET);
2008
2009         sc->flags &= ~IWI_FLAG_FW_INITED;
2010 }
2011
2012 static int
2013 iwi_reset(struct iwi_softc *sc)
2014 {
2015         uint32_t tmp;
2016         int i, ntries;
2017
2018         iwi_stop_master(sc);
2019
2020         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2021         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2022
2023         CSR_WRITE_4(sc, IWI_CSR_READ_INT, IWI_READ_INT_INIT_HOST);
2024
2025         /* Wait for clock stabilization */
2026         for (ntries = 0; ntries < 1000; ntries++) {
2027                 if (CSR_READ_4(sc, IWI_CSR_CTL) & IWI_CTL_CLOCK_READY)
2028                         break;
2029                 DELAY(200);
2030         }
2031         if (ntries == 1000) {
2032                 if_printf(&sc->sc_ic.ic_if,
2033                           "timeout waiting for clock stabilization\n");
2034                 return EIO;
2035         }
2036
2037         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2038         CSR_WRITE_4(sc, IWI_CSR_RST, tmp | IWI_RST_SOFT_RESET);
2039
2040         DELAY(10);
2041
2042         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2043         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_INIT);
2044
2045         /* Clear NIC memory */
2046         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0);
2047         for (i = 0; i < 0xc000; i++)
2048                 CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2049
2050         return 0;
2051 }
2052
2053 static int
2054 iwi_load_ucode(struct iwi_softc *sc, void *uc, int size)
2055 {
2056         uint32_t tmp;
2057         uint16_t *w;
2058         int ntries, i;
2059
2060         CSR_WRITE_4(sc, IWI_CSR_RST, CSR_READ_4(sc, IWI_CSR_RST) |
2061             IWI_RST_STOP_MASTER);
2062         for (ntries = 0; ntries < 5; ntries++) {
2063                 if (CSR_READ_4(sc, IWI_CSR_RST) & IWI_RST_MASTER_DISABLED)
2064                         break;
2065                 DELAY(10);
2066         }
2067         if (ntries == 5) {
2068                 device_printf(sc->sc_dev, "timeout waiting for master\n");
2069                 return EIO;
2070         }
2071
2072         MEM_WRITE_4(sc, 0x3000e0, 0x80000000);
2073         DELAY(5000);
2074
2075         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2076         tmp &= ~IWI_RST_PRINCETON_RESET;
2077         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2078
2079         DELAY(5000);
2080         MEM_WRITE_4(sc, 0x3000e0, 0);
2081         DELAY(1000);
2082         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 1);
2083         DELAY(1000);
2084         MEM_WRITE_4(sc, IWI_MEM_EVENT_CTL, 0);
2085         DELAY(1000);
2086         MEM_WRITE_1(sc, 0x200000, 0x00);
2087         MEM_WRITE_1(sc, 0x200000, 0x40);
2088         DELAY(1000);
2089
2090         /* write microcode into adapter memory */
2091         for (w = uc; size > 0; w++, size -= 2)
2092                 MEM_WRITE_2(sc, 0x200010, htole16(*w));
2093
2094         MEM_WRITE_1(sc, 0x200000, 0x00);
2095         MEM_WRITE_1(sc, 0x200000, 0x80);
2096
2097         /* wait until we get an answer */
2098         for (ntries = 0; ntries < 100; ntries++) {
2099                 if (MEM_READ_1(sc, 0x200000) & 1)
2100                         break;
2101                 DELAY(100);
2102         }
2103         if (ntries == 100) {
2104                 device_printf(sc->sc_dev,
2105                     "timeout waiting for ucode to initialize\n");
2106                 return EIO;
2107         }
2108
2109         /* read the answer or the firmware will not initialize properly */
2110         for (i = 0; i < 7; i++)
2111                 MEM_READ_4(sc, 0x200004);
2112
2113         MEM_WRITE_1(sc, 0x200000, 0x00);
2114
2115         return 0;
2116 }
2117
2118 /* macro to handle unaligned little endian data in firmware image */
2119 #define GETLE32(p) ((p)[0] | (p)[1] << 8 | (p)[2] << 16 | (p)[3] << 24)
2120
2121 static int
2122 iwi_load_firmware(struct iwi_softc *sc, void *fw, int size)
2123 {
2124         bus_dma_tag_t dmat;
2125         bus_dmamap_t map;
2126         bus_addr_t physaddr;
2127         void *virtaddr;
2128         u_char *p, *end;
2129         uint32_t sentinel, ctl, src, dst, sum, len, mlen, tmp;
2130         int ntries, error = 0;
2131         struct ifnet *ifp = &sc->sc_ic.ic_if;
2132
2133         ASSERT_SERIALIZED(ifp->if_serializer);
2134
2135         /* Allocate DMA memory for mapping firmware image */
2136         error = bus_dma_tag_create(NULL, 4, 0, BUS_SPACE_MAXADDR_32BIT,
2137             BUS_SPACE_MAXADDR, NULL, NULL, size, 1, size, 0, &dmat);
2138         if (error != 0) {
2139                 device_printf(sc->sc_dev,
2140                     "could not create firmware DMA tag\n");
2141                 goto fail1;
2142         }
2143
2144         error = bus_dmamem_alloc(dmat, &virtaddr, BUS_DMA_WAITOK, &map);
2145         if (error != 0) {
2146                 device_printf(sc->sc_dev,
2147                     "could not allocate firmware DMA memory\n");
2148                 goto fail2;
2149         }
2150
2151         error = bus_dmamap_load(dmat, map, virtaddr, size, iwi_dma_map_addr,
2152             &physaddr, 0);
2153         if (error != 0) {
2154                 device_printf(sc->sc_dev, "could not load firmware DMA map\n");
2155                 goto fail3;
2156         }
2157
2158         /* Copy firmware image to DMA memory */
2159         memcpy(virtaddr, fw, size);
2160
2161         /* Make sure the adapter will get up-to-date values */
2162         bus_dmamap_sync(dmat, map, BUS_DMASYNC_PREWRITE);
2163
2164         /* Tell the adapter where the command blocks are stored */
2165         MEM_WRITE_4(sc, 0x3000a0, 0x27000);
2166
2167         /*
2168          * Store command blocks into adapter's internal memory using register
2169          * indirections. The adapter will read the firmware image through DMA
2170          * using information stored in command blocks.
2171          */
2172         src = physaddr;
2173         p = virtaddr;
2174         end = p + size;
2175         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_ADDR, 0x27000);
2176
2177         while (p < end) {
2178                 dst = GETLE32(p); p += 4; src += 4;
2179                 len = GETLE32(p); p += 4; src += 4;
2180                 p += len;
2181
2182                 while (len > 0) {
2183                         mlen = min(len, IWI_CB_MAXDATALEN);
2184
2185                         ctl = IWI_CB_DEFAULT_CTL | mlen;
2186                         sum = ctl ^ src ^ dst;
2187
2188                         /* Write a command block */
2189                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, ctl);
2190                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, src);
2191                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, dst);
2192                         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, sum);
2193
2194                         src += mlen;
2195                         dst += mlen;
2196                         len -= mlen;
2197                 }
2198         }
2199
2200         /* Write a fictive final command block (sentinel) */
2201         sentinel = CSR_READ_4(sc, IWI_CSR_AUTOINC_ADDR);
2202         CSR_WRITE_4(sc, IWI_CSR_AUTOINC_DATA, 0);
2203
2204         tmp = CSR_READ_4(sc, IWI_CSR_RST);
2205         tmp &= ~(IWI_RST_MASTER_DISABLED | IWI_RST_STOP_MASTER);
2206         CSR_WRITE_4(sc, IWI_CSR_RST, tmp);
2207
2208         /* Tell the adapter to start processing command blocks */
2209         MEM_WRITE_4(sc, 0x3000a4, 0x540100);
2210
2211         /* Wait until the adapter reaches the sentinel */
2212         for (ntries = 0; ntries < 400; ntries++) {
2213                 if (MEM_READ_4(sc, 0x3000d0) >= sentinel)
2214                         break;
2215                 DELAY(100);
2216         }
2217         if (ntries == 400) {
2218                 device_printf(sc->sc_dev,
2219                     "timeout processing command blocks\n");
2220                 error = EIO;
2221                 goto fail4;
2222         }
2223
2224         /* We're done with command blocks processing */
2225         MEM_WRITE_4(sc, 0x3000a4, 0x540c00);
2226
2227         /* Allow interrupts so we know when the firmware is ready */
2228         CSR_WRITE_4(sc, IWI_CSR_INTR_MASK, IWI_INTR_MASK);
2229
2230         /* Tell the adapter to initialize the firmware */
2231         CSR_WRITE_4(sc, IWI_CSR_RST, 0);
2232
2233         tmp = CSR_READ_4(sc, IWI_CSR_CTL);
2234         CSR_WRITE_4(sc, IWI_CSR_CTL, tmp | IWI_CTL_ALLOW_STANDBY);
2235
2236         /* wait at most one second for firmware initialization to complete */
2237         crit_enter();
2238         tsleep_interlock(IWI_FW_INITIALIZED(sc));
2239         lwkt_serialize_exit(ifp->if_serializer);
2240         error = tsleep(IWI_FW_INITIALIZED(sc), 0, "iwiinit", hz);
2241         crit_exit();
2242         lwkt_serialize_enter(ifp->if_serializer);
2243         if (error != 0) {
2244                 device_printf(sc->sc_dev, "timeout waiting for firmware "
2245                     "initialization to complete\n");
2246                 goto fail4;
2247         }
2248
2249 fail4:  bus_dmamap_sync(dmat, map, BUS_DMASYNC_POSTWRITE);
2250         bus_dmamap_unload(dmat, map);
2251 fail3:  bus_dmamem_free(dmat, virtaddr, map);
2252 fail2:  bus_dma_tag_destroy(dmat);
2253 fail1:
2254         return error;
2255 }
2256
2257 /*
2258  * Store firmware into kernel memory so we can download it when we need to,
2259  * e.g when the adapter wakes up from suspend mode.
2260  */
2261 static int
2262 iwi_cache_firmware(struct iwi_softc *sc, void *data)
2263 {
2264         struct iwi_firmware *kfw = &sc->fw;
2265         struct iwi_firmware ufw;
2266         int error;
2267
2268         iwi_free_firmware(sc);
2269
2270         if ((error = copyin(data, &ufw, sizeof ufw)) != 0)
2271                 return error;
2272
2273         kfw->boot_size  = ufw.boot_size;
2274         kfw->ucode_size = ufw.ucode_size;
2275         kfw->main_size  = ufw.main_size;
2276
2277         kfw->boot = kmalloc(kfw->boot_size, M_DEVBUF, M_WAITOK);
2278         kfw->ucode = kmalloc(kfw->ucode_size, M_DEVBUF, M_WAITOK);
2279         kfw->main = kmalloc(kfw->main_size, M_DEVBUF, M_WAITOK);
2280
2281         if ((error = copyin(ufw.boot, kfw->boot, kfw->boot_size)) != 0)
2282                 goto fail;
2283
2284         if ((error = copyin(ufw.ucode, kfw->ucode, kfw->ucode_size)) != 0)
2285                 goto fail;
2286
2287         if ((error = copyin(ufw.main, kfw->main, kfw->main_size)) != 0)
2288                 goto fail;
2289
2290         DPRINTF(("Firmware cached: boot %u, ucode %u, main %u\n",
2291             kfw->boot_size, kfw->ucode_size, kfw->main_size));
2292
2293         sc->flags |= IWI_FLAG_FW_CACHED;
2294
2295         return 0;
2296
2297 fail:
2298         kfree(kfw->boot, M_DEVBUF);
2299         kfree(kfw->ucode, M_DEVBUF);
2300         kfree(kfw->main, M_DEVBUF);
2301
2302         return error;
2303 }
2304
2305 static void
2306 iwi_free_firmware(struct iwi_softc *sc)
2307 {
2308         if (!(sc->flags & IWI_FLAG_FW_CACHED))
2309                 return;
2310
2311         kfree(sc->fw.boot, M_DEVBUF);
2312         kfree(sc->fw.ucode, M_DEVBUF);
2313         kfree(sc->fw.main, M_DEVBUF);
2314
2315         sc->flags &= ~IWI_FLAG_FW_CACHED;
2316 }
2317
2318 static int
2319 iwi_config(struct iwi_softc *sc)
2320 {
2321         struct ieee80211com *ic = &sc->sc_ic;
2322         struct ifnet *ifp = ic->ic_ifp;
2323         struct iwi_configuration config;
2324         struct iwi_rateset rs;
2325         struct iwi_txpower power;
2326         struct ieee80211_key *wk;
2327         struct iwi_wep_key wepkey;
2328         uint32_t data;
2329         int error, i;
2330
2331         IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
2332         DPRINTF(("Setting MAC address to %6D\n", ic->ic_myaddr, ":"));
2333         error = iwi_cmd(sc, IWI_CMD_SET_MAC_ADDRESS, ic->ic_myaddr,
2334             IEEE80211_ADDR_LEN, 0);
2335         if (error != 0)
2336                 return error;
2337
2338         memset(&config, 0, sizeof config);
2339         config.bluetooth_coexistence = sc->bluetooth;
2340         config.antenna = sc->antenna;
2341         config.multicast_enabled = 1;
2342         config.answer_pbreq = (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2343         config.disable_unicast_decryption = 1;
2344         config.disable_multicast_decryption = 1;
2345         DPRINTF(("Configuring adapter\n"));
2346         error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config, 0);
2347         if (error != 0)
2348                 return error;
2349
2350         data = htole32(IWI_POWER_MODE_CAM);
2351         DPRINTF(("Setting power mode to %u\n", le32toh(data)));
2352         error = iwi_cmd(sc, IWI_CMD_SET_POWER_MODE, &data, sizeof data, 0);
2353         if (error != 0)
2354                 return error;
2355
2356         data = htole32(ic->ic_rtsthreshold);
2357         DPRINTF(("Setting RTS threshold to %u\n", le32toh(data)));
2358         error = iwi_cmd(sc, IWI_CMD_SET_RTS_THRESHOLD, &data, sizeof data, 0);
2359         if (error != 0)
2360                 return error;
2361
2362         data = htole32(ic->ic_fragthreshold);
2363         DPRINTF(("Setting fragmentation threshold to %u\n", le32toh(data)));
2364         error = iwi_cmd(sc, IWI_CMD_SET_FRAG_THRESHOLD, &data, sizeof data, 0);
2365         if (error != 0)
2366                 return error;
2367
2368         if (ic->ic_opmode == IEEE80211_M_IBSS) {
2369                 power.mode = IWI_MODE_11B;
2370                 power.nchan = 11;
2371                 for (i = 0; i < 11; i++) {
2372                         power.chan[i].chan = i + 1;
2373                         power.chan[i].power = IWI_TXPOWER_MAX;
2374                 }
2375                 DPRINTF(("Setting .11b channels tx power\n"));
2376                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2377                     0);
2378                 if (error != 0)
2379                         return error;
2380
2381                 power.mode = IWI_MODE_11G;
2382                 DPRINTF(("Setting .11g channels tx power\n"));
2383                 error = iwi_cmd(sc, IWI_CMD_SET_TX_POWER, &power, sizeof power,
2384                     0);
2385                 if (error != 0)
2386                         return error;
2387         }
2388
2389         rs.mode = IWI_MODE_11G;
2390         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2391         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11G].rs_nrates;
2392         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11G].rs_rates,
2393             rs.nrates);
2394         DPRINTF(("Setting .11bg supported rates (%u)\n", rs.nrates));
2395         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2396         if (error != 0)
2397                 return error;
2398
2399         rs.mode = IWI_MODE_11A;
2400         rs.type = IWI_RATESET_TYPE_SUPPORTED;
2401         rs.nrates = ic->ic_sup_rates[IEEE80211_MODE_11A].rs_nrates;
2402         memcpy(rs.rates, ic->ic_sup_rates[IEEE80211_MODE_11A].rs_rates,
2403             rs.nrates);
2404         DPRINTF(("Setting .11a supported rates (%u)\n", rs.nrates));
2405         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 0);
2406         if (error != 0)
2407                 return error;
2408
2409         /* if we have a desired ESSID, set it now */
2410         if (ic->ic_des_esslen != 0) {
2411 #ifdef IWI_DEBUG
2412                 if (iwi_debug > 0) {
2413                         kprintf("Setting desired ESSID to ");
2414                         ieee80211_print_essid(ic->ic_des_essid,
2415                             ic->ic_des_esslen);
2416                         kprintf("\n");
2417                 }
2418 #endif
2419                 error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ic->ic_des_essid,
2420                     ic->ic_des_esslen, 0);
2421                 if (error != 0)
2422                         return error;
2423         }
2424
2425         data = htole32(karc4random());
2426         DPRINTF(("Setting initialization vector to %u\n", le32toh(data)));
2427         error = iwi_cmd(sc, IWI_CMD_SET_IV, &data, sizeof data, 0);
2428         if (error != 0)
2429                 return error;
2430
2431         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
2432                 wk = &ic->ic_crypto.cs_nw_keys[i];
2433
2434                 wepkey.cmd = IWI_WEP_KEY_CMD_SETKEY;
2435                 wepkey.idx = i;
2436                 wepkey.len = wk->wk_keylen;
2437                 memset(wepkey.key, 0, sizeof wepkey.key);
2438                 memcpy(wepkey.key, wk->wk_key, wk->wk_keylen);
2439                 DPRINTF(("Setting wep key index %u len %u\n", wepkey.idx,
2440                     wepkey.len));
2441                 error = iwi_cmd(sc, IWI_CMD_SET_WEP_KEY, &wepkey,
2442                     sizeof wepkey, 0);
2443                 if (error != 0)
2444                         return error;
2445         }
2446
2447         /* Enable adapter */
2448         DPRINTF(("Enabling adapter\n"));
2449         return iwi_cmd(sc, IWI_CMD_ENABLE, NULL, 0, 0);
2450 }
2451
2452 static int
2453 iwi_set_chan(struct iwi_softc *sc, struct ieee80211_channel *chan)
2454 {
2455         struct ieee80211com *ic = &sc->sc_ic;
2456         struct iwi_scan scan;
2457
2458         memset(&scan, 0, sizeof scan);
2459         memset(scan.type, IWI_SCAN_TYPE_PASSIVE, sizeof scan.type);
2460         scan.passive = htole16(2000);
2461         scan.channels[0] = 1 |
2462             (IEEE80211_IS_CHAN_5GHZ(chan) ? IWI_CHAN_5GHZ : IWI_CHAN_2GHZ);
2463         scan.channels[1] = ieee80211_chan2ieee(ic, chan);
2464
2465         DPRINTF(("Setting channel to %u\n", ieee80211_chan2ieee(ic, chan)));
2466         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2467 }
2468
2469 static int
2470 iwi_scan(struct iwi_softc *sc)
2471 {
2472         struct ieee80211com *ic = &sc->sc_ic;
2473         struct iwi_scan scan;
2474         uint8_t *p;
2475         int i, count;
2476
2477         memset(&scan, 0, sizeof scan);
2478
2479         if (ic->ic_des_esslen != 0) {
2480                 scan.bdirected = htole16(sc->dwelltime);
2481                 memset(scan.type, IWI_SCAN_TYPE_BDIRECTED, sizeof scan.type);
2482         } else {
2483                 scan.broadcast = htole16(sc->dwelltime);
2484                 memset(scan.type, IWI_SCAN_TYPE_BROADCAST, sizeof scan.type);
2485         }
2486
2487         p = scan.channels;
2488         count = 0;
2489         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2490                 if (IEEE80211_IS_CHAN_5GHZ(&ic->ic_channels[i]) &&
2491                     isset(ic->ic_chan_active, i)) {
2492                         *++p = i;
2493                         count++;
2494                 }
2495         }
2496         *(p - count) = IWI_CHAN_5GHZ | count;
2497
2498         p = (count > 0) ? p + 1 : scan.channels;
2499         count = 0;
2500         for (i = 0; i <= IEEE80211_CHAN_MAX; i++) {
2501                 if (IEEE80211_IS_CHAN_2GHZ(&ic->ic_channels[i]) &&
2502                     isset(ic->ic_chan_active, i)) {
2503                         *++p = i;
2504                         count++;
2505                 }
2506         }
2507         *(p - count) = IWI_CHAN_2GHZ | count;
2508
2509         DPRINTF(("Start scanning\n"));
2510         return iwi_cmd(sc, IWI_CMD_SCAN, &scan, sizeof scan, 1);
2511 }
2512
2513 static int
2514 iwi_auth_and_assoc(struct iwi_softc *sc)
2515 {
2516         struct ieee80211com *ic = &sc->sc_ic;
2517         struct ifnet *ifp = ic->ic_ifp;
2518         struct ieee80211_node *ni = ic->ic_bss;
2519         struct ieee80211_wme_info wme;
2520         struct iwi_configuration config;
2521         struct iwi_associate assoc;
2522         struct iwi_rateset rs;
2523         uint16_t capinfo;
2524         uint32_t data;
2525         int error;
2526
2527         if (IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
2528                 memset(&config, 0, sizeof config);
2529                 config.bluetooth_coexistence = sc->bluetooth;
2530                 config.antenna = sc->antenna;
2531                 config.multicast_enabled = 1;
2532                 config.use_protection = 1;
2533                 config.answer_pbreq =
2534                     (ic->ic_opmode == IEEE80211_M_IBSS) ? 1 : 0;
2535                 config.disable_unicast_decryption = 1;
2536                 config.disable_multicast_decryption = 1;
2537                 DPRINTF(("Configuring adapter\n"));
2538                 error = iwi_cmd(sc, IWI_CMD_SET_CONFIG, &config, sizeof config,
2539                     1);
2540                 if (error != 0)
2541                         return error;
2542         }
2543
2544 #ifdef IWI_DEBUG
2545         if (iwi_debug > 0) {
2546                 kprintf("Setting ESSID to ");
2547                 ieee80211_print_essid(ni->ni_essid, ni->ni_esslen);
2548                 kprintf("\n");
2549         }
2550 #endif
2551         error = iwi_cmd(sc, IWI_CMD_SET_ESSID, ni->ni_essid, ni->ni_esslen, 1);
2552         if (error != 0)
2553                 return error;
2554
2555         /* the rate set has already been "negotiated" */
2556         rs.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2557             IWI_MODE_11G;
2558         rs.type = IWI_RATESET_TYPE_NEGOTIATED;
2559         rs.nrates = ni->ni_rates.rs_nrates;
2560         KKASSERT(rs.nrates <= IWI_RATESET_MAXSIZE);
2561         memcpy(rs.rates, ni->ni_rates.rs_rates, rs.nrates);
2562         DPRINTF(("Setting negociated rates (%u)\n", rs.nrates));
2563         error = iwi_cmd(sc, IWI_CMD_SET_RATES, &rs, sizeof rs, 1);
2564         if (error != 0)
2565                 return error;
2566
2567         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL) {
2568                 wme.wme_id = IEEE80211_ELEMID_VENDOR;
2569                 wme.wme_len = sizeof (struct ieee80211_wme_info) - 2;
2570                 wme.wme_oui[0] = 0x00;
2571                 wme.wme_oui[1] = 0x50;
2572                 wme.wme_oui[2] = 0xf2;
2573                 wme.wme_type = WME_OUI_TYPE;
2574                 wme.wme_subtype = WME_INFO_OUI_SUBTYPE;
2575                 wme.wme_version = WME_VERSION;
2576                 wme.wme_info = 0;
2577
2578                 DPRINTF(("Setting WME IE (len=%u)\n", wme.wme_len));
2579                 error = iwi_cmd(sc, IWI_CMD_SET_WMEIE, &wme, sizeof wme, 1);
2580                 if (error != 0)
2581                         return error;
2582         }
2583
2584         if (ic->ic_opt_ie != NULL) {
2585                 DPRINTF(("Setting optional IE (len=%u)\n", ic->ic_opt_ie_len));
2586                 error = iwi_cmd(sc, IWI_CMD_SET_OPTIE, ic->ic_opt_ie,
2587                     ic->ic_opt_ie_len, 1);
2588                 if (error != 0)
2589                         return error;
2590         }
2591
2592         data = htole32(ni->ni_rssi);
2593         DPRINTF(("Setting sensitivity to %d\n", (int8_t)ni->ni_rssi));
2594         error = iwi_cmd(sc, IWI_CMD_SET_SENSITIVITY, &data, sizeof data, 1);
2595         if (error != 0)
2596                 return error;
2597
2598         memset(&assoc, 0, sizeof assoc);
2599         assoc.mode = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? IWI_MODE_11A :
2600             IWI_MODE_11G;
2601         assoc.chan = ieee80211_chan2ieee(ic, ni->ni_chan);
2602         if (ni->ni_authmode == IEEE80211_AUTH_SHARED)
2603                 assoc.auth = ic->ic_crypto.cs_def_txkey << 4 | IWI_AUTH_SHARED;
2604         if ((ic->ic_flags & IEEE80211_F_WME) && ni->ni_wme_ie != NULL)
2605                 assoc.policy |= htole16(IWI_POLICY_WME);
2606         if (ic->ic_flags & IEEE80211_F_WPA)
2607                 assoc.policy |= htole16(IWI_POLICY_WPA);
2608         memcpy(assoc.tstamp, ni->ni_tstamp.data, 8);
2609
2610         if (ic->ic_opmode == IEEE80211_M_IBSS)
2611                 capinfo = IEEE80211_CAPINFO_IBSS;
2612         else
2613                 capinfo = IEEE80211_CAPINFO_ESS;
2614         if (ic->ic_flags & IEEE80211_F_PRIVACY)
2615                 capinfo |= IEEE80211_CAPINFO_PRIVACY;
2616         if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) &&
2617             IEEE80211_IS_CHAN_2GHZ(ni->ni_chan))
2618                 capinfo |= IEEE80211_CAPINFO_SHORT_PREAMBLE;
2619         if (ic->ic_flags & IEEE80211_F_SHSLOT)
2620                 capinfo |= IEEE80211_CAPINFO_SHORT_SLOTTIME;
2621         assoc.capinfo = htole16(capinfo);
2622
2623         assoc.lintval = htole16(ic->ic_lintval);
2624         assoc.intval = htole16(ni->ni_intval);
2625         IEEE80211_ADDR_COPY(assoc.bssid, ni->ni_bssid);
2626         if (ic->ic_opmode == IEEE80211_M_IBSS)
2627                 IEEE80211_ADDR_COPY(assoc.dst, ifp->if_broadcastaddr);
2628         else
2629                 IEEE80211_ADDR_COPY(assoc.dst, ni->ni_bssid);
2630
2631         DPRINTF(("Trying to associate to %6D channel %u auth %u\n",
2632             assoc.bssid, ":", assoc.chan, assoc.auth));
2633         return iwi_cmd(sc, IWI_CMD_ASSOCIATE, &assoc, sizeof assoc, 1);
2634 }
2635
2636 static void
2637 iwi_init(void *priv)
2638 {
2639         struct iwi_softc *sc = priv;
2640         struct ieee80211com *ic = &sc->sc_ic;
2641         struct ifnet *ifp = ic->ic_ifp;
2642         struct iwi_firmware *fw = &sc->fw;
2643         struct iwi_rx_data *data;
2644         int i;
2645
2646         /* exit immediately if firmware has not been ioctl'd */
2647         if (!(sc->flags & IWI_FLAG_FW_CACHED)) {
2648                 if (!(sc->flags & IWI_FLAG_FW_WARNED))
2649                         device_printf(sc->sc_dev, "Please load firmware\n");
2650                 sc->flags |= IWI_FLAG_FW_WARNED;
2651                 ifp->if_flags &= ~IFF_UP;
2652                 return;
2653         }
2654
2655         iwi_stop(sc);
2656
2657         if (iwi_reset(sc) != 0) {
2658                 device_printf(sc->sc_dev, "could not reset adapter\n");
2659                 goto fail;
2660         }
2661
2662         if (iwi_load_firmware(sc, fw->boot, fw->boot_size) != 0) {
2663                 device_printf(sc->sc_dev, "could not load boot firmware\n");
2664                 goto fail;
2665         }
2666
2667         if (iwi_load_ucode(sc, fw->ucode, fw->ucode_size) != 0) {
2668                 device_printf(sc->sc_dev, "could not load microcode\n");
2669                 goto fail;
2670         }
2671
2672         iwi_stop_master(sc);
2673
2674         CSR_WRITE_4(sc, IWI_CSR_CMD_BASE, sc->cmdq.physaddr);
2675         CSR_WRITE_4(sc, IWI_CSR_CMD_SIZE, sc->cmdq.count);
2676         CSR_WRITE_4(sc, IWI_CSR_CMD_WIDX, sc->cmdq.cur);
2677
2678         CSR_WRITE_4(sc, IWI_CSR_TX1_BASE, sc->txq[0].physaddr);
2679         CSR_WRITE_4(sc, IWI_CSR_TX1_SIZE, sc->txq[0].count);
2680         CSR_WRITE_4(sc, IWI_CSR_TX1_WIDX, sc->txq[0].cur);
2681
2682         CSR_WRITE_4(sc, IWI_CSR_TX2_BASE, sc->txq[1].physaddr);
2683         CSR_WRITE_4(sc, IWI_CSR_TX2_SIZE, sc->txq[1].count);
2684         CSR_WRITE_4(sc, IWI_CSR_TX2_WIDX, sc->txq[1].cur);
2685
2686         CSR_WRITE_4(sc, IWI_CSR_TX3_BASE, sc->txq[2].physaddr);
2687         CSR_WRITE_4(sc, IWI_CSR_TX3_SIZE, sc->txq[2].count);
2688         CSR_WRITE_4(sc, IWI_CSR_TX3_WIDX, sc->txq[2].cur);
2689
2690         CSR_WRITE_4(sc, IWI_CSR_TX4_BASE, sc->txq[3].physaddr);
2691         CSR_WRITE_4(sc, IWI_CSR_TX4_SIZE, sc->txq[3].count);
2692         CSR_WRITE_4(sc, IWI_CSR_TX4_WIDX, sc->txq[3].cur);
2693
2694         for (i = 0; i < sc->rxq.count; i++) {
2695                 data = &sc->rxq.data[i];
2696                 CSR_WRITE_4(sc, data->reg, data->physaddr);
2697         }
2698
2699         CSR_WRITE_4(sc, IWI_CSR_RX_WIDX, sc->rxq.count - 1);
2700
2701         if (iwi_load_firmware(sc, fw->main, fw->main_size) != 0) {
2702                 device_printf(sc->sc_dev, "could not load main firmware\n");
2703                 goto fail;
2704         }
2705
2706         sc->flags |= IWI_FLAG_FW_INITED;
2707
2708         if (iwi_config(sc) != 0) {
2709                 device_printf(sc->sc_dev, "device configuration failed\n");
2710                 goto fail;
2711         }
2712
2713         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2714                 if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
2715                         ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2716         } else
2717                 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
2718
2719         ifp->if_flags &= ~IFF_OACTIVE;
2720         ifp->if_flags |= IFF_RUNNING;
2721
2722         return;
2723
2724 fail:   ifp->if_flags &= ~IFF_UP;
2725         iwi_stop(sc);
2726 }
2727
2728 static void
2729 iwi_stop(void *priv)
2730 {
2731         struct iwi_softc *sc = priv;
2732         struct ieee80211com *ic = &sc->sc_ic;
2733         struct ifnet *ifp = ic->ic_ifp;
2734
2735         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
2736
2737         iwi_stop_master(sc);
2738
2739         CSR_WRITE_4(sc, IWI_CSR_RST, IWI_RST_SOFT_RESET);
2740
2741         /* reset rings */
2742         iwi_reset_cmd_ring(sc, &sc->cmdq);
2743         iwi_reset_tx_ring(sc, &sc->txq[0]);
2744         iwi_reset_tx_ring(sc, &sc->txq[1]);
2745         iwi_reset_tx_ring(sc, &sc->txq[2]);
2746         iwi_reset_tx_ring(sc, &sc->txq[3]);
2747         iwi_reset_rx_ring(sc, &sc->rxq);
2748
2749         sc->sc_tx_timer = 0;
2750         ifp->if_timer = 0;
2751         ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
2752 }
2753
2754 static int
2755 iwi_sysctl_stats(SYSCTL_HANDLER_ARGS)
2756 {
2757         struct iwi_softc *sc = arg1;
2758         struct ifnet *ifp = &sc->sc_ic.ic_if;
2759         uint32_t size, buf[128];
2760
2761         lwkt_serialize_enter(ifp->if_serializer);
2762
2763         if (!(sc->flags & IWI_FLAG_FW_INITED)) {
2764                 memset(buf, 0, sizeof buf);
2765                 goto back;
2766         }
2767
2768         size = min(CSR_READ_4(sc, IWI_CSR_TABLE0_SIZE), 128 - 1);
2769         CSR_READ_REGION_4(sc, IWI_CSR_TABLE0_BASE, &buf[1], size);
2770 back:
2771         lwkt_serialize_exit(ifp->if_serializer);
2772         return SYSCTL_OUT(req, buf, sizeof buf);
2773 }
2774
2775 static int
2776 iwi_sysctl_radio(SYSCTL_HANDLER_ARGS)
2777 {
2778         struct iwi_softc *sc = arg1;
2779         struct ifnet *ifp = &sc->sc_ic.ic_if;
2780         int val;
2781
2782         lwkt_serialize_enter(ifp->if_serializer);
2783         val = (CSR_READ_4(sc, IWI_CSR_IO) & IWI_IO_RADIO_ENABLED) ? 1 : 0;
2784         lwkt_serialize_exit(ifp->if_serializer);
2785
2786         return SYSCTL_OUT(req, &val, sizeof val);
2787 }
2788
2789 static const int8_t     iwi_bitmap[256] = {
2790         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2791         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2792         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2793         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2794         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2795         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2796         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2797         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 7, 
2798         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2799         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2800         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2801         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 6, 
2802         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2803         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 5, 
2804         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, 4, 
2805         0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0, -1
2806 };
2807
2808 static int
2809 iwi_alloc_ibss_node(struct iwi_softc *sc)
2810 {
2811         int i;
2812
2813         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2814
2815         for (i = 0; i < IWI_MAX_IBSSNODE_NBYTE; ++i) {
2816                 int ret;
2817
2818                 ret = iwi_bitmap[sc->sc_ibss_node[i]];
2819                 if (ret != -1) {
2820                         sc->sc_ibss_node[i] |= (1 << ret);
2821                         ret += (i * NBBY);
2822                         return ret;
2823                 }
2824         }
2825         return -1;
2826 }
2827
2828 static void
2829 iwi_free_ibss_node(struct iwi_softc *sc, int ibss_node)
2830 {
2831         int i, b;
2832
2833         ASSERT_SERIALIZED(sc->sc_ic.ic_if.if_serializer);
2834         KASSERT(ibss_node < IWI_MAX_IBSSNODE, ("free ibss node, out of range"));
2835
2836         i = ibss_node / NBBY;
2837         b = ibss_node % NBBY;
2838
2839         sc->sc_ibss_node[i] &= ~(1 << b);
2840 }
DragonFly Project Source