Nuke USB_DECLARE_DRIVER and USB_DECLARE_DRIVER_INIT macros.
[dragonfly.git] / sys / dev / netif / rum / if_rum.c
1 /*      $OpenBSD: if_rum.c,v 1.40 2006/09/18 16:20:20 damien Exp $      */
2 /*      $DragonFly: src/sys/dev/netif/rum/if_rum.c,v 1.17 2007/07/02 23:52:04 hasso Exp $       */
3
4 /*-
5  * Copyright (c) 2005, 2006 Damien Bergamini <damien.bergamini@free.fr>
6  * Copyright (c) 2006 Niall O'Higgins <niallo@openbsd.org>
7  *
8  * Permission to use, copy, modify, and distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20
21 /*-
22  * Ralink Technology RT2501USB/RT2601USB chipset driver
23  * http://www.ralinktech.com/
24  */
25
26 #include <sys/param.h>
27 #include <sys/bus.h>
28 #include <sys/endian.h>
29 #include <sys/kernel.h>
30 #include <sys/malloc.h>
31 #include <sys/mbuf.h>
32 #include <sys/rman.h>
33 #include <sys/serialize.h>
34 #include <sys/socket.h>
35 #include <sys/sockio.h>
36
37 #include <net/bpf.h>
38 #include <net/ethernet.h>
39 #include <net/if.h>
40 #include <net/if_arp.h>
41 #include <net/if_dl.h>
42 #include <net/if_media.h>
43 #include <net/ifq_var.h>
44
45 #include <netproto/802_11/ieee80211_var.h>
46 #include <netproto/802_11/ieee80211_radiotap.h>
47 #include <netproto/802_11/wlan_ratectl/onoe/ieee80211_onoe_param.h>
48
49 #include <bus/usb/usb.h>
50 #include <bus/usb/usbdi.h>
51 #include <bus/usb/usbdi_util.h>
52 #include <bus/usb/usbdevs.h>
53
54 #include "if_rumreg.h"
55 #include "if_rumvar.h"
56 #include "rum_ucode.h"
57
58 #ifdef USB_DEBUG
59 #define RUM_DEBUG
60 #endif
61
62 #ifdef RUM_DEBUG
63 #define DPRINTF(x)      do { if (rum_debug) kprintf x; } while (0)
64 #define DPRINTFN(n, x)  do { if (rum_debug >= (n)) kprintf x; } while (0)
65 int rum_debug = 0;
66 #else
67 #define DPRINTF(x)
68 #define DPRINTFN(n, x)
69 #endif
70
71 /* various supported device vendors/products */
72 static const struct usb_devno rum_devs[] = {
73         { USB_VENDOR_ABOCOM,            USB_PRODUCT_ABOCOM_HWU54DM },
74         { USB_VENDOR_ABOCOM,            USB_PRODUCT_ABOCOM_RT2573 },
75         { USB_VENDOR_ABOCOM,            USB_PRODUCT_ABOCOM_RT2573_1 },
76         { USB_VENDOR_ABOCOM,            USB_PRODUCT_ABOCOM_RT2573_2 },
77         { USB_VENDOR_ABOCOM,            USB_PRODUCT_ABOCOM_WUG2700 },
78         { USB_VENDOR_AMIT,              USB_PRODUCT_AMIT_CGWLUSB2GO },
79         { USB_VENDOR_ASUS,              USB_PRODUCT_ASUS_WL167G_2 },
80         { USB_VENDOR_ASUS,              USB_PRODUCT_ASUS_WL167G_3 },
81         { USB_VENDOR_BELKIN,            USB_PRODUCT_BELKIN_F5D7050A },
82         { USB_VENDOR_BELKIN,            USB_PRODUCT_BELKIN_F5D9050V3 },
83         { USB_VENDOR_LINKSYS4,          USB_PRODUCT_LINKSYS4_WUSB54GC },
84         { USB_VENDOR_LINKSYS4,          USB_PRODUCT_LINKSYS4_WUSB54GR },
85         { USB_VENDOR_CONCEPTRONIC,      USB_PRODUCT_CONCEPTRONIC_C54RU2 },
86         { USB_VENDOR_DICKSMITH,         USB_PRODUCT_DICKSMITH_CWD854F },
87         { USB_VENDOR_DICKSMITH,         USB_PRODUCT_DICKSMITH_RT2573 },
88         { USB_VENDOR_DLINK2,            USB_PRODUCT_DLINK2_DWLG122C1 },
89         { USB_VENDOR_DLINK2,            USB_PRODUCT_DLINK2_WUA1340 },
90         { USB_VENDOR_GIGABYTE,          USB_PRODUCT_GIGABYTE_GNWB01GS },
91         { USB_VENDOR_GIGABYTE,          USB_PRODUCT_GIGABYTE_GNWI05GS },
92         { USB_VENDOR_GIGASET,           USB_PRODUCT_GIGASET_RT2573 },
93         { USB_VENDOR_GOODWAY,           USB_PRODUCT_GOODWAY_RT2573 },
94         { USB_VENDOR_GUILLEMOT,         USB_PRODUCT_GUILLEMOT_HWGUSB254LB },
95         { USB_VENDOR_GUILLEMOT,         USB_PRODUCT_GUILLEMOT_HWGUSB254V2AP },
96         { USB_VENDOR_HUAWEI3COM,        USB_PRODUCT_HUAWEI3COM_RT2573 },
97         { USB_VENDOR_MELCO,             USB_PRODUCT_MELCO_G54HP },
98         { USB_VENDOR_MELCO,             USB_PRODUCT_MELCO_SG54HP },
99         { USB_VENDOR_MSI,               USB_PRODUCT_MSI_RT2573 },
100         { USB_VENDOR_MSI,               USB_PRODUCT_MSI_RT2573_1 },
101         { USB_VENDOR_MSI,               USB_PRODUCT_MSI_RT2573_2 },
102         { USB_VENDOR_MSI,               USB_PRODUCT_MSI_RT2573_3 },
103         { USB_VENDOR_NOVATECH,          USB_PRODUCT_NOVATECH_RT2573 },
104         { USB_VENDOR_PLANEX2,           USB_PRODUCT_PLANEX2_GWUS54HP },
105         { USB_VENDOR_PLANEX2,           USB_PRODUCT_PLANEX2_GWUS54MINI2 },
106         { USB_VENDOR_PLANEX2,           USB_PRODUCT_PLANEX2_GWUSMM },
107         { USB_VENDOR_QCOM,              USB_PRODUCT_QCOM_RT2573 },
108         { USB_VENDOR_QCOM,              USB_PRODUCT_QCOM_RT2573_2 },
109         { USB_VENDOR_RALINK,            USB_PRODUCT_RALINK_RT2573 },
110         { USB_VENDOR_RALINK,            USB_PRODUCT_RALINK_RT2671 },
111         { USB_VENDOR_RALINK,            USB_PRODUCT_RALINK_RT2573_2 },
112         { USB_VENDOR_SITECOMEU,         USB_PRODUCT_SITECOMEU_WL113R2 },
113         { USB_VENDOR_SITECOMEU,         USB_PRODUCT_SITECOMEU_WL172 },
114         { USB_VENDOR_SURECOM,           USB_PRODUCT_SURECOM_RT2573 }
115 };
116
117 static int              rum_alloc_tx_list(struct rum_softc *);
118 static void             rum_free_tx_list(struct rum_softc *);
119 static int              rum_alloc_rx_list(struct rum_softc *);
120 static void             rum_free_rx_list(struct rum_softc *);
121 static int              rum_media_change(struct ifnet *);
122 static void             rum_next_scan(void *);
123 static void             rum_task(void *);
124 static int              rum_newstate(struct ieee80211com *,
125                             enum ieee80211_state, int);
126 static void             rum_txeof(usbd_xfer_handle, usbd_private_handle,
127                             usbd_status);
128 static void             rum_rxeof(usbd_xfer_handle, usbd_private_handle,
129                             usbd_status);
130 static uint8_t          rum_rxrate(struct rum_rx_desc *);
131 static uint8_t          rum_plcp_signal(int);
132 static void             rum_setup_tx_desc(struct rum_softc *,
133                             struct rum_tx_desc *, uint32_t, uint16_t, int,
134                             int);
135 static int              rum_tx_data(struct rum_softc *, struct mbuf *,
136                             struct ieee80211_node *);
137 static void             rum_start(struct ifnet *);
138 static void             rum_watchdog(struct ifnet *);
139 static int              rum_ioctl(struct ifnet *, u_long, caddr_t,
140                                   struct ucred *);
141 static void             rum_eeprom_read(struct rum_softc *, uint16_t, void *,
142                             int);
143 static uint32_t         rum_read(struct rum_softc *, uint16_t);
144 static void             rum_read_multi(struct rum_softc *, uint16_t, void *,
145                             int);
146 static void             rum_write(struct rum_softc *, uint16_t, uint32_t);
147 static void             rum_write_multi(struct rum_softc *, uint16_t, void *,
148                             size_t);
149 static void             rum_bbp_write(struct rum_softc *, uint8_t, uint8_t);
150 static uint8_t          rum_bbp_read(struct rum_softc *, uint8_t);
151 static void             rum_rf_write(struct rum_softc *, uint8_t, uint32_t);
152 static void             rum_select_antenna(struct rum_softc *);
153 static void             rum_enable_mrr(struct rum_softc *);
154 static void             rum_set_txpreamble(struct rum_softc *);
155 static void             rum_set_basicrates(struct rum_softc *);
156 static void             rum_select_band(struct rum_softc *,
157                             struct ieee80211_channel *);
158 static void             rum_set_chan(struct rum_softc *,
159                             struct ieee80211_channel *);
160 static void             rum_enable_tsf_sync(struct rum_softc *);
161 static void             rum_update_slot(struct rum_softc *);
162 static void             rum_set_bssid(struct rum_softc *, const uint8_t *);
163 static void             rum_set_macaddr(struct rum_softc *, const uint8_t *);
164 static void             rum_update_promisc(struct rum_softc *);
165 static const char       *rum_get_rf(int);
166 static void             rum_read_eeprom(struct rum_softc *);
167 static int              rum_bbp_init(struct rum_softc *);
168 static void             rum_init(void *);
169 static void             rum_stop(struct rum_softc *);
170 static int              rum_load_microcode(struct rum_softc *, const uint8_t *,
171                             size_t);
172 static int              rum_prepare_beacon(struct rum_softc *);
173
174 static void             rum_stats_timeout(void *);
175 static void             rum_stats_update(usbd_xfer_handle, usbd_private_handle,
176                                          usbd_status);
177 static void             rum_stats(struct ieee80211com *,
178                                   struct ieee80211_node *,
179                                   struct ieee80211_ratectl_stats *);
180 static void             rum_ratectl_change(struct ieee80211com *ic, u_int,
181                                            u_int);
182 static int              rum_get_rssi(struct rum_softc *, uint8_t);
183
184 /*
185  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
186  */
187 static const struct ieee80211_rateset rum_rateset_11a =
188         { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
189
190 static const struct ieee80211_rateset rum_rateset_11b =
191         { 4, { 2, 4, 11, 22 } };
192
193 static const struct ieee80211_rateset rum_rateset_11g =
194         { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
195
196 static const struct {
197         uint32_t        reg;
198         uint32_t        val;
199 } rum_def_mac[] = {
200         RT2573_DEF_MAC
201 };
202
203 static const struct {
204         uint8_t reg;
205         uint8_t val;
206 } rum_def_bbp[] = {
207         RT2573_DEF_BBP
208 };
209
210 static const struct rfprog {
211         uint8_t         chan;
212         uint32_t        r1, r2, r3, r4;
213 }  rum_rf5226[] = {
214         RT2573_RF5226
215 }, rum_rf5225[] = {
216         RT2573_RF5225
217 };
218
219 static device_probe_t rum_match;
220 static device_attach_t rum_attach;
221 static device_detach_t rum_detach;
222
223 static devclass_t rum_devclass;
224
225 static kobj_method_t rum_methods[] = {
226         DEVMETHOD(device_probe, rum_match),
227         DEVMETHOD(device_attach, rum_attach),
228         DEVMETHOD(device_detach, rum_detach),
229         {0,0}
230 };
231
232 static driver_t rum_driver = {
233         "rum",
234         rum_methods,
235         sizeof(struct rum_softc)
236 };
237
238 MODULE_DEPEND(rum, usb, 1, 1, 1);
239 DRIVER_MODULE(rum, uhub, rum_driver, rum_devclass, usbd_driver_load, 0);
240
241 static int
242 rum_match(device_t self)
243 {
244         struct usb_attach_arg *uaa = device_get_ivars(self);
245
246         if (uaa->iface != NULL)
247                 return UMATCH_NONE;
248
249         return (usb_lookup(rum_devs, uaa->vendor, uaa->product) != NULL) ?
250             UMATCH_VENDOR_PRODUCT : UMATCH_NONE;
251 }
252
253 static int
254 rum_attach(device_t self)
255 {
256         struct rum_softc *sc = device_get_softc(self);
257         struct usb_attach_arg *uaa = device_get_ivars(self);
258         struct ieee80211com *ic = &sc->sc_ic;
259         struct ifnet *ifp = &ic->ic_if;
260         usb_interface_descriptor_t *id;
261         usb_endpoint_descriptor_t *ed;
262         usbd_status error;
263         char devinfo[1024];
264         int i, ntries;
265         uint32_t tmp;
266
267         sc->sc_udev = uaa->device;
268
269         usbd_devinfo(uaa->device, 0, devinfo);
270         sc->sc_dev = self;
271         device_set_desc_copy(self, devinfo);
272
273         if (usbd_set_config_no(sc->sc_udev, RT2573_CONFIG_NO, 0) != 0) {
274                 kprintf("%s: could not set configuration no\n",
275                     device_get_nameunit(sc->sc_dev));
276                 return ENXIO;
277         }
278
279         /* get the first interface handle */
280         error = usbd_device2interface_handle(sc->sc_udev, RT2573_IFACE_INDEX,
281             &sc->sc_iface);
282         if (error != 0) {
283                 kprintf("%s: could not get interface handle\n",
284                     device_get_nameunit(sc->sc_dev));
285                 return ENXIO;
286         }
287
288         /*
289          * Find endpoints.
290          */
291         id = usbd_get_interface_descriptor(sc->sc_iface);
292
293         sc->sc_rx_no = sc->sc_tx_no = -1;
294         for (i = 0; i < id->bNumEndpoints; i++) {
295                 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i);
296                 if (ed == NULL) {
297                         kprintf("%s: no endpoint descriptor for iface %d\n",
298                             device_get_nameunit(sc->sc_dev), i);
299                         return ENXIO;
300                 }
301
302                 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN &&
303                     UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK)
304                         sc->sc_rx_no = ed->bEndpointAddress;
305                 else if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT &&
306                     UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK)
307                         sc->sc_tx_no = ed->bEndpointAddress;
308         }
309         if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) {
310                 kprintf("%s: missing endpoint\n", device_get_nameunit(sc->sc_dev));
311                 return ENXIO;
312         }
313
314         usb_init_task(&sc->sc_task, rum_task, sc);
315
316         callout_init(&sc->scan_ch);
317         callout_init(&sc->stats_ch);
318
319         /* retrieve RT2573 rev. no */
320         for (ntries = 0; ntries < 1000; ntries++) {
321                 if ((tmp = rum_read(sc, RT2573_MAC_CSR0)) != 0)
322                         break;
323                 DELAY(1000);
324         }
325         if (ntries == 1000) {
326                 kprintf("%s: timeout waiting for chip to settle\n",
327                     device_get_nameunit(sc->sc_dev));
328                 return ENXIO;
329         }
330
331         /* retrieve MAC address and various other things from EEPROM */
332         rum_read_eeprom(sc);
333
334         kprintf("%s: MAC/BBP RT%04x (rev 0x%05x), RF %s, address %6D\n",
335             device_get_nameunit(sc->sc_dev), sc->macbbp_rev, tmp,
336             rum_get_rf(sc->rf_rev), ic->ic_myaddr, ":");
337
338         error = rum_load_microcode(sc, rt2573, sizeof(rt2573));
339         if (error != 0) {
340                 device_printf(self, "can't load microcode\n");
341                 return ENXIO;
342         }
343
344         ic->ic_phytype = IEEE80211_T_OFDM;      /* not only, but not used */
345         ic->ic_opmode = IEEE80211_M_STA;        /* default to BSS mode */
346         ic->ic_state = IEEE80211_S_INIT;
347
348         /* set device capabilities */
349         ic->ic_caps =
350             IEEE80211_C_IBSS |          /* IBSS mode supported */
351             IEEE80211_C_MONITOR |       /* monitor mode supported */
352             IEEE80211_C_HOSTAP |        /* HostAp mode supported */
353             IEEE80211_C_TXPMGT |        /* tx power management */
354             IEEE80211_C_SHPREAMBLE |    /* short preamble supported */
355             IEEE80211_C_SHSLOT |        /* short slot time supported */
356             IEEE80211_C_WPA;            /* WPA 1+2 */
357
358         if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_5226) {
359                 /* set supported .11a rates */
360                 ic->ic_sup_rates[IEEE80211_MODE_11A] = rum_rateset_11a;
361
362                 /* set supported .11a channels */
363                 for (i = 34; i <= 46; i += 4) {
364                         ic->ic_channels[i].ic_freq =
365                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
366                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
367                 }
368                 for (i = 36; i <= 64; i += 4) {
369                         ic->ic_channels[i].ic_freq =
370                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
371                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
372                 }
373                 for (i = 100; i <= 140; i += 4) {
374                         ic->ic_channels[i].ic_freq =
375                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
376                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
377                 }
378                 for (i = 149; i <= 165; i += 4) {
379                         ic->ic_channels[i].ic_freq =
380                             ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
381                         ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
382                 }
383         }
384
385         /* set supported .11b and .11g rates */
386         ic->ic_sup_rates[IEEE80211_MODE_11B] = rum_rateset_11b;
387         ic->ic_sup_rates[IEEE80211_MODE_11G] = rum_rateset_11g;
388
389         /* set supported .11b and .11g channels (1 through 14) */
390         for (i = 1; i <= 14; i++) {
391                 ic->ic_channels[i].ic_freq =
392                     ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
393                 ic->ic_channels[i].ic_flags =
394                     IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
395                     IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
396         }
397
398         sc->sc_sifs = IEEE80211_DUR_SIFS;       /* Default SIFS */
399
400         if_initname(ifp, device_get_name(self), device_get_unit(self));
401         ifp->if_softc = sc;
402         ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
403         ifp->if_init = rum_init;
404         ifp->if_ioctl = rum_ioctl;
405         ifp->if_start = rum_start;
406         ifp->if_watchdog = rum_watchdog;
407         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
408         ifq_set_ready(&ifp->if_snd);
409
410         ic->ic_ratectl.rc_st_ratectl_cap = IEEE80211_RATECTL_CAP_ONOE;
411         ic->ic_ratectl.rc_st_ratectl = IEEE80211_RATECTL_ONOE;
412         ic->ic_ratectl.rc_st_valid_stats =
413                 IEEE80211_RATECTL_STATS_PKT_NORETRY |
414                 IEEE80211_RATECTL_STATS_PKT_OK |
415                 IEEE80211_RATECTL_STATS_PKT_ERR |
416                 IEEE80211_RATECTL_STATS_RETRIES;
417         ic->ic_ratectl.rc_st_stats = rum_stats;
418         ic->ic_ratectl.rc_st_change = rum_ratectl_change;
419
420         ieee80211_ifattach(ic);
421
422         /* Enable software beacon missing handling. */
423         ic->ic_flags_ext |= IEEE80211_FEXT_SWBMISS;
424
425         /* override state transition machine */
426         sc->sc_newstate = ic->ic_newstate;
427         ic->ic_newstate = rum_newstate;
428         ieee80211_media_init(ic, rum_media_change, ieee80211_media_status);
429
430         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
431             sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN,
432             &sc->sc_drvbpf);
433
434         sc->sc_rxtap_len = sizeof sc->sc_rxtapu;
435         sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
436         sc->sc_rxtap.wr_ihdr.it_present = htole32(RT2573_RX_RADIOTAP_PRESENT);
437
438         sc->sc_txtap_len = sizeof sc->sc_txtapu;
439         sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
440         sc->sc_txtap.wt_ihdr.it_present = htole32(RT2573_TX_RADIOTAP_PRESENT);
441
442         if (bootverbose)
443                 ieee80211_announce(ic);
444
445         return 0;
446 }
447
448 static int
449 rum_detach(device_t self)
450 {
451         struct rum_softc *sc = device_get_softc(self);
452         struct ifnet *ifp = &sc->sc_ic.ic_if;
453 #ifdef INVARIANTS
454         int i;
455 #endif
456
457         crit_enter();
458
459         callout_stop(&sc->scan_ch);
460         callout_stop(&sc->stats_ch);
461
462         lwkt_serialize_enter(ifp->if_serializer);
463         rum_stop(sc);
464         lwkt_serialize_exit(ifp->if_serializer);
465
466         usb_rem_task(sc->sc_udev, &sc->sc_task);
467
468         bpfdetach(ifp);
469         ieee80211_ifdetach(&sc->sc_ic); /* free all nodes */
470
471         crit_exit();
472
473         KKASSERT(sc->stats_xfer == NULL);
474         KKASSERT(sc->sc_rx_pipeh == NULL);
475         KKASSERT(sc->sc_tx_pipeh == NULL);
476
477 #ifdef INVARIANTS
478         /*
479          * Make sure TX/RX list is empty
480          */
481         for (i = 0; i < RT2573_TX_LIST_COUNT; i++) {
482                 struct rum_tx_data *data = &sc->tx_data[i];
483
484                 KKASSERT(data->xfer == NULL);
485                 KKASSERT(data->ni == NULL);
486                 KKASSERT(data->m == NULL);
487         }
488         for (i = 0; i < RT2573_RX_LIST_COUNT; i++) {
489                 struct rum_rx_data *data = &sc->rx_data[i];
490
491                 KKASSERT(data->xfer == NULL);
492                 KKASSERT(data->m == NULL);
493         }
494 #endif
495         return 0;
496 }
497
498 static int
499 rum_alloc_tx_list(struct rum_softc *sc)
500 {
501         int i;
502
503         sc->tx_queued = 0;
504         for (i = 0; i < RT2573_TX_LIST_COUNT; i++) {
505                 struct rum_tx_data *data = &sc->tx_data[i];
506
507                 data->sc = sc;
508
509                 data->xfer = usbd_alloc_xfer(sc->sc_udev);
510                 if (data->xfer == NULL) {
511                         kprintf("%s: could not allocate tx xfer\n",
512                             device_get_nameunit(sc->sc_dev));
513                         return ENOMEM;
514                 }
515
516                 data->buf = usbd_alloc_buffer(data->xfer,
517                     RT2573_TX_DESC_SIZE + IEEE80211_MAX_LEN);
518                 if (data->buf == NULL) {
519                         kprintf("%s: could not allocate tx buffer\n",
520                             device_get_nameunit(sc->sc_dev));
521                         return ENOMEM;
522                 }
523
524                 /* clean Tx descriptor */
525                 bzero(data->buf, RT2573_TX_DESC_SIZE);
526         }
527         return 0;
528 }
529
530 static void
531 rum_free_tx_list(struct rum_softc *sc)
532 {
533         int i;
534
535         for (i = 0; i < RT2573_TX_LIST_COUNT; i++) {
536                 struct rum_tx_data *data = &sc->tx_data[i];
537
538                 if (data->xfer != NULL) {
539                         usbd_free_xfer(data->xfer);
540                         data->xfer = NULL;
541                 }
542                 if (data->ni != NULL) {
543                         ieee80211_free_node(data->ni);
544                         data->ni = NULL;
545                 }
546                 if (data->m != NULL) {
547                         m_freem(data->m);
548                         data->m = NULL;
549                 }
550         }
551         sc->tx_queued = 0;
552 }
553
554 static int
555 rum_alloc_rx_list(struct rum_softc *sc)
556 {
557         int i;
558
559         for (i = 0; i < RT2573_RX_LIST_COUNT; i++) {
560                 struct rum_rx_data *data = &sc->rx_data[i];
561
562                 data->sc = sc;
563
564                 data->xfer = usbd_alloc_xfer(sc->sc_udev);
565                 if (data->xfer == NULL) {
566                         kprintf("%s: could not allocate rx xfer\n",
567                             device_get_nameunit(sc->sc_dev));
568                         return ENOMEM;
569                 }
570
571                 if (usbd_alloc_buffer(data->xfer, MCLBYTES) == NULL) {
572                         kprintf("%s: could not allocate rx buffer\n",
573                             device_get_nameunit(sc->sc_dev));
574                         return ENOMEM;
575                 }
576
577                 data->m = m_getcl(MB_WAIT, MT_DATA, M_PKTHDR);
578
579                 data->buf = mtod(data->m, uint8_t *);
580                 bzero(data->buf, sizeof(struct rum_rx_desc));
581         }
582         return 0;
583 }
584
585 static void
586 rum_free_rx_list(struct rum_softc *sc)
587 {
588         int i;
589
590         for (i = 0; i < RT2573_RX_LIST_COUNT; i++) {
591                 struct rum_rx_data *data = &sc->rx_data[i];
592
593                 if (data->xfer != NULL) {
594                         usbd_free_xfer(data->xfer);
595                         data->xfer = NULL;
596                 }
597                 if (data->m != NULL) {
598                         m_freem(data->m);
599                         data->m = NULL;
600                 }
601         }
602 }
603
604 static int
605 rum_media_change(struct ifnet *ifp)
606 {
607         int error;
608
609         error = ieee80211_media_change(ifp);
610         if (error != ENETRESET)
611                 return error;
612
613         if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
614                 rum_init(ifp->if_softc);
615
616         return 0;
617 }
618
619 /*
620  * This function is called periodically (every 200ms) during scanning to
621  * switch from one channel to another.
622  */
623 static void
624 rum_next_scan(void *arg)
625 {
626         struct rum_softc *sc = arg;
627         struct ieee80211com *ic = &sc->sc_ic;
628         struct ifnet *ifp = &ic->ic_if;
629
630         if (sc->sc_stopped)
631                 return;
632
633         crit_enter();
634
635         if (ic->ic_state == IEEE80211_S_SCAN) {
636                 lwkt_serialize_enter(ifp->if_serializer);
637                 ieee80211_next_scan(ic);
638                 lwkt_serialize_exit(ifp->if_serializer);
639         }
640
641         crit_exit();
642 }
643
644 static void
645 rum_task(void *xarg)
646 {
647         struct rum_softc *sc = xarg;
648         struct ieee80211com *ic = &sc->sc_ic;
649         struct ifnet *ifp = &ic->ic_if;
650         enum ieee80211_state nstate;
651         struct ieee80211_node *ni;
652         int arg;
653
654         if (sc->sc_stopped)
655                 return;
656
657         crit_enter();
658
659         nstate = sc->sc_state;
660         arg = sc->sc_arg;
661
662         KASSERT(nstate != IEEE80211_S_INIT,
663                 ("->INIT state transition should not be defered\n"));
664         rum_set_chan(sc, ic->ic_curchan);
665
666         switch (nstate) {
667         case IEEE80211_S_RUN:
668                 ni = ic->ic_bss;
669
670                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
671                         rum_update_slot(sc);
672                         rum_enable_mrr(sc);
673                         rum_set_txpreamble(sc);
674                         rum_set_basicrates(sc);
675                         rum_set_bssid(sc, ni->ni_bssid);
676                 }
677
678                 if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
679                     ic->ic_opmode == IEEE80211_M_IBSS)
680                         rum_prepare_beacon(sc);
681
682                 if (ic->ic_opmode != IEEE80211_M_MONITOR)
683                         rum_enable_tsf_sync(sc);
684
685                 /* clear statistic registers (STA_CSR0 to STA_CSR5) */
686                 rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof(sc->sta));
687                 callout_reset(&sc->stats_ch, 4 * hz / 5, rum_stats_timeout, sc);
688                 break;
689
690         case IEEE80211_S_SCAN:
691                 callout_reset(&sc->scan_ch, hz / 5, rum_next_scan, sc);
692                 break;
693
694         default:
695                 break;
696         }
697
698         lwkt_serialize_enter(ifp->if_serializer);
699         ieee80211_ratectl_newstate(ic, nstate);
700         sc->sc_newstate(ic, nstate, arg);
701         lwkt_serialize_exit(ifp->if_serializer);
702
703         crit_exit();
704 }
705
706 static int
707 rum_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
708 {
709         struct rum_softc *sc = ic->ic_if.if_softc;
710         struct ifnet *ifp = &ic->ic_if;
711
712         crit_enter();
713
714         ASSERT_SERIALIZED(ifp->if_serializer);
715
716         callout_stop(&sc->scan_ch);
717         callout_stop(&sc->stats_ch);
718
719         /* do it in a process context */
720         sc->sc_state = nstate;
721         sc->sc_arg = arg;
722
723         lwkt_serialize_exit(ifp->if_serializer);
724         usb_rem_task(sc->sc_udev, &sc->sc_task);
725
726         if (nstate == IEEE80211_S_INIT) {
727                 lwkt_serialize_enter(ifp->if_serializer);
728                 ieee80211_ratectl_newstate(ic, nstate);
729                 sc->sc_newstate(ic, nstate, arg);
730         } else {
731                 usb_add_task(sc->sc_udev, &sc->sc_task, USB_TASKQ_DRIVER);
732                 lwkt_serialize_enter(ifp->if_serializer);
733         }
734
735         crit_exit();
736         return 0;
737 }
738
739 /* quickly determine if a given rate is CCK or OFDM */
740 #define RUM_RATE_IS_OFDM(rate)  ((rate) >= 12 && (rate) != 22)
741
742 #define RUM_ACK_SIZE    (sizeof(struct ieee80211_frame_ack) + IEEE80211_FCS_LEN)
743
744 static void
745 rum_txeof(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status)
746 {
747         struct rum_tx_data *data = priv;
748         struct rum_softc *sc = data->sc;
749         struct ieee80211com *ic = &sc->sc_ic;
750         struct ifnet *ifp = &ic->ic_if;
751         struct ieee80211_node *ni;
752
753         if (sc->sc_stopped)
754                 return;
755
756         crit_enter();
757
758         if (status != USBD_NORMAL_COMPLETION) {
759                 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) {
760                         crit_exit();
761                         return;
762                 }
763
764                 kprintf("%s: could not transmit buffer: %s\n",
765                     device_get_nameunit(sc->sc_dev), usbd_errstr(status));
766
767                 if (status == USBD_STALLED)
768                         usbd_clear_endpoint_stall_async(sc->sc_tx_pipeh);
769
770                 ifp->if_oerrors++;
771                 crit_exit();
772                 return;
773         }
774
775         m_freem(data->m);
776         data->m = NULL;
777         ni = data->ni;
778         data->ni = NULL;
779
780         bzero(data->buf, sizeof(struct rum_tx_data));
781         sc->tx_queued--;
782         ifp->if_opackets++;     /* XXX may fail too */
783
784         DPRINTFN(10, ("tx done\n"));
785
786         sc->sc_tx_timer = 0;
787         ifp->if_flags &= ~IFF_OACTIVE;
788
789         lwkt_serialize_enter(ifp->if_serializer);
790         ieee80211_free_node(ni);
791         ifp->if_start(ifp);
792         lwkt_serialize_exit(ifp->if_serializer);
793
794         crit_exit();
795 }
796
797 static void
798 rum_rxeof(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status)
799 {
800         struct rum_rx_data *data = priv;
801         struct rum_softc *sc = data->sc;
802         struct ieee80211com *ic = &sc->sc_ic;
803         struct ifnet *ifp = &ic->ic_if;
804         struct rum_rx_desc *desc;
805         struct ieee80211_frame_min *wh;
806         struct ieee80211_node *ni;
807         struct mbuf *mnew, *m;
808         int len, rssi;
809
810         if (sc->sc_stopped)
811                 return;
812
813         crit_enter();
814
815         if (status != USBD_NORMAL_COMPLETION) {
816                 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) {
817                         crit_exit();
818                         return;
819                 }
820
821                 if (status == USBD_STALLED)
822                         usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh);
823                 goto skip;
824         }
825
826         usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL);
827
828         if (len < RT2573_RX_DESC_SIZE + sizeof(struct ieee80211_frame_min)) {
829                 DPRINTF(("%s: xfer too short %d\n", device_get_nameunit(sc->sc_dev),
830                     len));
831                 ifp->if_ierrors++;
832                 goto skip;
833         }
834
835         desc = (struct rum_rx_desc *)data->buf;
836
837         if (le32toh(desc->flags) & RT2573_RX_CRC_ERROR) {
838                 /*
839                  * This should not happen since we did not request to receive
840                  * those frames when we filled RT2573_TXRX_CSR0.
841                  */
842                 DPRINTFN(5, ("CRC error\n"));
843                 ifp->if_ierrors++;
844                 goto skip;
845         }
846
847         mnew = m_getcl(MB_DONTWAIT, MT_DATA, M_PKTHDR);
848         if (mnew == NULL) {
849                 kprintf("%s: could not allocate rx mbuf\n",
850                     device_get_nameunit(sc->sc_dev));
851                 ifp->if_ierrors++;
852                 goto skip;
853         }
854
855         m = data->m;
856         data->m = NULL;
857         data->buf = NULL;
858
859         lwkt_serialize_enter(ifp->if_serializer);
860
861         /* finalize mbuf */
862         m->m_pkthdr.rcvif = ifp;
863         m->m_data = (caddr_t)(desc + 1);
864         m->m_pkthdr.len = m->m_len = (le32toh(desc->flags) >> 16) & 0xfff;
865
866         rssi = rum_get_rssi(sc, desc->rssi);
867
868         wh = mtod(m, struct ieee80211_frame_min *);
869         ni = ieee80211_find_rxnode(ic, wh);
870
871         /* Error happened during RSSI conversion. */
872         if (rssi < 0)
873                 rssi = ni->ni_rssi;
874
875         if (sc->sc_drvbpf != NULL) {
876                 struct rum_rx_radiotap_header *tap = &sc->sc_rxtap;
877
878                 tap->wr_flags = 0;
879                 tap->wr_rate = rum_rxrate(desc);
880                 tap->wr_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq);
881                 tap->wr_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags);
882                 tap->wr_antenna = sc->rx_ant;
883                 tap->wr_antsignal = rssi;
884
885                 bpf_ptap(sc->sc_drvbpf, m, tap, sc->sc_rxtap_len);
886         }
887
888         /* send the frame to the 802.11 layer */
889         ieee80211_input(ic, m, ni, rssi, 0);
890
891         /* node is no longer needed */
892         ieee80211_free_node(ni);
893
894         if ((ifp->if_flags & IFF_OACTIVE) == 0)
895                 ifp->if_start(ifp);
896
897         lwkt_serialize_exit(ifp->if_serializer);
898
899         data->m = mnew;
900         data->buf = mtod(data->m, uint8_t *);
901
902         DPRINTFN(15, ("rx done\n"));
903
904 skip:   /* setup a new transfer */
905         bzero(data->buf, sizeof(struct rum_rx_desc));
906         usbd_setup_xfer(xfer, sc->sc_rx_pipeh, data, data->buf, MCLBYTES,
907             USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, rum_rxeof);
908         usbd_transfer(xfer);
909
910         crit_exit();
911 }
912
913 /*
914  * This function is only used by the Rx radiotap code. It returns the rate at
915  * which a given frame was received.
916  */
917 static uint8_t
918 rum_rxrate(struct rum_rx_desc *desc)
919 {
920         if (le32toh(desc->flags) & RT2573_RX_OFDM) {
921                 /* reverse function of rum_plcp_signal */
922                 switch (desc->rate) {
923                 case 0xb:       return 12;
924                 case 0xf:       return 18;
925                 case 0xa:       return 24;
926                 case 0xe:       return 36;
927                 case 0x9:       return 48;
928                 case 0xd:       return 72;
929                 case 0x8:       return 96;
930                 case 0xc:       return 108;
931                 }
932         } else {
933                 if (desc->rate == 10)
934                         return 2;
935                 if (desc->rate == 20)
936                         return 4;
937                 if (desc->rate == 55)
938                         return 11;
939                 if (desc->rate == 110)
940                         return 22;
941         }
942         return 2;       /* should not get there */
943 }
944
945 static uint8_t
946 rum_plcp_signal(int rate)
947 {
948         switch (rate) {
949         /* CCK rates (returned values are device-dependent) */
950         case 2:         return 0x0;
951         case 4:         return 0x1;
952         case 11:        return 0x2;
953         case 22:        return 0x3;
954
955         /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
956         case 12:        return 0xb;
957         case 18:        return 0xf;
958         case 24:        return 0xa;
959         case 36:        return 0xe;
960         case 48:        return 0x9;
961         case 72:        return 0xd;
962         case 96:        return 0x8;
963         case 108:       return 0xc;
964
965         /* unsupported rates (should not get there) */
966         default:        return 0xff;
967         }
968 }
969
970 static void
971 rum_setup_tx_desc(struct rum_softc *sc, struct rum_tx_desc *desc,
972     uint32_t flags, uint16_t xflags, int len, int rate)
973 {
974         struct ieee80211com *ic = &sc->sc_ic;
975         uint16_t plcp_length;
976         int remainder;
977
978         desc->flags = htole32(flags);
979         desc->flags |= htole32(len << 16);
980
981         desc->xflags = htole16(xflags);
982
983         desc->wme = htole16(
984             RT2573_QID(0) |
985             RT2573_AIFSN(2) |
986             RT2573_LOGCWMIN(4) |
987             RT2573_LOGCWMAX(10));
988
989         /* setup PLCP fields */
990         desc->plcp_signal  = rum_plcp_signal(rate);
991         desc->plcp_service = 4;
992
993         len += IEEE80211_CRC_LEN;
994         if (RUM_RATE_IS_OFDM(rate)) {
995                 desc->flags |= htole32(RT2573_TX_OFDM);
996
997                 plcp_length = len & 0xfff;
998                 desc->plcp_length_hi = plcp_length >> 6;
999                 desc->plcp_length_lo = plcp_length & 0x3f;
1000         } else {
1001                 plcp_length = (16 * len + rate - 1) / rate;
1002                 if (rate == 22) {
1003                         remainder = (16 * len) % 22;
1004                         if (remainder != 0 && remainder < 7)
1005                                 desc->plcp_service |= RT2573_PLCP_LENGEXT;
1006                 }
1007                 desc->plcp_length_hi = plcp_length >> 8;
1008                 desc->plcp_length_lo = plcp_length & 0xff;
1009
1010                 if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
1011                         desc->plcp_signal |= 0x08;
1012         }
1013         desc->flags |= htole32(RT2573_TX_VALID);
1014 }
1015
1016 #define RUM_TX_TIMEOUT  5000
1017
1018 static int
1019 rum_tx_data(struct rum_softc *sc, struct mbuf *m0, struct ieee80211_node *ni)
1020 {
1021         struct ieee80211com *ic = &sc->sc_ic;
1022         struct ifnet *ifp = &ic->ic_if;
1023         struct rum_tx_desc *desc;
1024         struct rum_tx_data *data;
1025         struct ieee80211_frame *wh;
1026         uint32_t flags = 0;
1027         uint16_t dur;
1028         usbd_status error;
1029         int xferlen, rate, rateidx;
1030
1031         wh = mtod(m0, struct ieee80211_frame *);
1032
1033         if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
1034                 if (ieee80211_crypto_encap(ic, ni, m0) == NULL) {
1035                         m_freem(m0);
1036                         return ENOBUFS;
1037                 }
1038
1039                 /* packet header may have moved, reset our local pointer */
1040                 wh = mtod(m0, struct ieee80211_frame *);
1041         }
1042
1043         /* pickup a rate */
1044         if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
1045             IEEE80211_FC0_TYPE_MGT) {
1046                 /* mgmt frames are sent at the lowest available bit-rate */
1047                 rateidx = 0;
1048         } else {
1049                 ieee80211_ratectl_findrate(ni, m0->m_pkthdr.len, &rateidx, 1);
1050         }
1051         rate = IEEE80211_RS_RATE(&ni->ni_rates, rateidx);
1052
1053         data = &sc->tx_data[0];
1054         desc = (struct rum_tx_desc *)data->buf;
1055
1056         data->m = m0;
1057         data->ni = ni;
1058
1059         if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
1060                 flags |= RT2573_TX_ACK;
1061
1062                 dur = ieee80211_txtime(ni, RUM_ACK_SIZE,
1063                         ieee80211_ack_rate(ni, rate), ic->ic_flags) +
1064                         sc->sc_sifs;
1065                 *(uint16_t *)wh->i_dur = htole16(dur);
1066
1067                 /* tell hardware to set timestamp in probe responses */
1068                 if ((wh->i_fc[0] &
1069                     (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
1070                     (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
1071                         flags |= RT2573_TX_TIMESTAMP;
1072         }
1073
1074         if (sc->sc_drvbpf != NULL) {
1075                 struct rum_tx_radiotap_header *tap = &sc->sc_txtap;
1076
1077                 tap->wt_flags = 0;
1078                 tap->wt_rate = rate;
1079                 tap->wt_chan_freq = htole16(ic->ic_bss->ni_chan->ic_freq);
1080                 tap->wt_chan_flags = htole16(ic->ic_bss->ni_chan->ic_flags);
1081                 tap->wt_antenna = sc->tx_ant;
1082
1083                 bpf_ptap(sc->sc_drvbpf, m0, tap, sc->sc_txtap_len);
1084         }
1085
1086         m_copydata(m0, 0, m0->m_pkthdr.len, data->buf + RT2573_TX_DESC_SIZE);
1087         rum_setup_tx_desc(sc, desc, flags, 0, m0->m_pkthdr.len, rate);
1088
1089         /* Align end on a 4-bytes boundary */
1090         xferlen = roundup(RT2573_TX_DESC_SIZE + m0->m_pkthdr.len, 4);
1091
1092         /*
1093          * No space left in the last URB to store the extra 4 bytes, force
1094          * sending of another URB.
1095          */
1096         if ((xferlen % 64) == 0)
1097                 xferlen += 4;
1098
1099         DPRINTFN(10, ("sending frame len=%u rate=%u xfer len=%u\n",
1100             m0->m_pkthdr.len + RT2573_TX_DESC_SIZE, rate, xferlen));
1101
1102         lwkt_serialize_exit(ifp->if_serializer);
1103
1104         usbd_setup_xfer(data->xfer, sc->sc_tx_pipeh, data, data->buf, xferlen,
1105             USBD_FORCE_SHORT_XFER | USBD_NO_COPY, RUM_TX_TIMEOUT, rum_txeof);
1106
1107         error = usbd_transfer(data->xfer);
1108         if (error != USBD_NORMAL_COMPLETION && error != USBD_IN_PROGRESS) {
1109                 m_freem(m0);
1110                 data->m = NULL;
1111                 data->ni = NULL;
1112         } else {
1113                 sc->tx_queued++;
1114                 error = 0;
1115         }
1116
1117         lwkt_serialize_enter(ifp->if_serializer);
1118         return error;
1119 }
1120
1121 static void
1122 rum_start(struct ifnet *ifp)
1123 {
1124         struct rum_softc *sc = ifp->if_softc;
1125         struct ieee80211com *ic = &sc->sc_ic;
1126
1127         ASSERT_SERIALIZED(ifp->if_serializer);
1128
1129         if (sc->sc_stopped)
1130                 return;
1131
1132         crit_enter();
1133
1134         if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) {
1135                 crit_exit();
1136                 return;
1137         }
1138
1139         for (;;) {
1140                 struct ieee80211_node *ni;
1141                 struct mbuf *m0;
1142
1143                 if (!IF_QEMPTY(&ic->ic_mgtq)) {
1144                         if (sc->tx_queued >= RT2573_TX_LIST_COUNT) {
1145                                 ifp->if_flags |= IFF_OACTIVE;
1146                                 break;
1147                         }
1148                         IF_DEQUEUE(&ic->ic_mgtq, m0);
1149
1150                         ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif;
1151                         m0->m_pkthdr.rcvif = NULL;
1152
1153                         BPF_MTAP(ifp, m0);
1154
1155                         if (rum_tx_data(sc, m0, ni) != 0) {
1156                                 ieee80211_free_node(ni);
1157                                 break;
1158                         }
1159                 } else {
1160                         struct ether_header *eh;
1161
1162                         if (ic->ic_state != IEEE80211_S_RUN)
1163                                 break;
1164
1165                         m0 = ifq_poll(&ifp->if_snd);
1166                         if (m0 == NULL)
1167                                 break;
1168                         if (sc->tx_queued >= RT2573_TX_LIST_COUNT) {
1169                                 ifp->if_flags |= IFF_OACTIVE;
1170                                 break;
1171                         }
1172                         ifq_dequeue(&ifp->if_snd, m0);
1173
1174                         if (m0->m_len < sizeof(struct ether_header)) {
1175                                 m0 = m_pullup(m0, sizeof(struct ether_header));
1176                                 if (m0 == NULL) {
1177                                         ifp->if_oerrors++;
1178                                         continue;
1179                                 }
1180                         }
1181                         eh = mtod(m0, struct ether_header *);
1182
1183                         ni = ieee80211_find_txnode(ic, eh->ether_dhost);
1184                         if (ni == NULL) {
1185                                 m_freem(m0);
1186                                 continue;
1187                         }
1188
1189                         BPF_MTAP(ifp, m0);
1190
1191                         m0 = ieee80211_encap(ic, m0, ni);
1192                         if (m0 == NULL) {
1193                                 ieee80211_free_node(ni);
1194                                 continue;
1195                         }
1196
1197                         if (ic->ic_rawbpf != NULL)
1198                                 bpf_mtap(ic->ic_rawbpf, m0);
1199
1200                         if (rum_tx_data(sc, m0, ni) != 0) {
1201                                 ieee80211_free_node(ni);
1202                                 ifp->if_oerrors++;
1203                                 break;
1204                         }
1205                 }
1206
1207                 sc->sc_tx_timer = 5;
1208                 ifp->if_timer = 1;
1209         }
1210
1211         crit_exit();
1212 }
1213
1214 static void
1215 rum_watchdog(struct ifnet *ifp)
1216 {
1217         struct rum_softc *sc = ifp->if_softc;
1218
1219         ASSERT_SERIALIZED(ifp->if_serializer);
1220
1221         crit_enter();
1222
1223         ifp->if_timer = 0;
1224
1225         if (sc->sc_tx_timer > 0) {
1226                 if (--sc->sc_tx_timer == 0) {
1227                         kprintf("%s: device timeout\n", device_get_nameunit(sc->sc_dev));
1228                         /*rum_init(sc); XXX needs a process context! */
1229                         ifp->if_oerrors++;
1230
1231                         crit_exit();
1232                         return;
1233                 }
1234                 ifp->if_timer = 1;
1235         }
1236
1237         ieee80211_watchdog(&sc->sc_ic);
1238
1239         crit_exit();
1240 }
1241
1242 static int
1243 rum_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
1244 {
1245         struct rum_softc *sc = ifp->if_softc;
1246         struct ieee80211com *ic = &sc->sc_ic;
1247         int error = 0;
1248
1249         ASSERT_SERIALIZED(ifp->if_serializer);
1250
1251         crit_enter();
1252
1253         switch (cmd) {
1254         case SIOCSIFFLAGS:
1255                 if (ifp->if_flags & IFF_UP) {
1256                         if (ifp->if_flags & IFF_RUNNING) {
1257                                 lwkt_serialize_exit(ifp->if_serializer);
1258                                 rum_update_promisc(sc);
1259                                 lwkt_serialize_enter(ifp->if_serializer);
1260                         } else {
1261                                 rum_init(sc);
1262                         }
1263                 } else {
1264                         if (ifp->if_flags & IFF_RUNNING)
1265                                 rum_stop(sc);
1266                 }
1267                 break;
1268         default:
1269                 error = ieee80211_ioctl(ic, cmd, data, cr);
1270                 break;
1271         }
1272
1273         if (error == ENETRESET) {
1274                 struct ieee80211req *ireq = (struct ieee80211req *)data;
1275
1276                 if (cmd == SIOCS80211 &&
1277                     ireq->i_type == IEEE80211_IOC_CHANNEL &&
1278                     ic->ic_opmode == IEEE80211_M_MONITOR) {
1279                         /*
1280                          * This allows for fast channel switching in monitor
1281                          * mode (used by kismet). In IBSS mode, we must
1282                          * explicitly reset the interface to generate a new
1283                          * beacon frame.
1284                          */
1285                         lwkt_serialize_exit(ifp->if_serializer);
1286                         rum_set_chan(sc, ic->ic_ibss_chan);
1287                         lwkt_serialize_enter(ifp->if_serializer);
1288                 } else if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
1289                            (IFF_UP | IFF_RUNNING)) {
1290                         rum_init(sc);
1291                 }
1292                 error = 0;
1293         }
1294
1295         crit_exit();
1296         return error;
1297 }
1298
1299 static void
1300 rum_eeprom_read(struct rum_softc *sc, uint16_t addr, void *buf, int len)
1301 {
1302         usb_device_request_t req;
1303         usbd_status error;
1304
1305         req.bmRequestType = UT_READ_VENDOR_DEVICE;
1306         req.bRequest = RT2573_READ_EEPROM;
1307         USETW(req.wValue, 0);
1308         USETW(req.wIndex, addr);
1309         USETW(req.wLength, len);
1310
1311         error = usbd_do_request(sc->sc_udev, &req, buf);
1312         if (error != 0) {
1313                 kprintf("%s: could not read EEPROM: %s\n",
1314                     device_get_nameunit(sc->sc_dev), usbd_errstr(error));
1315         }
1316 }
1317
1318 static uint32_t
1319 rum_read(struct rum_softc *sc, uint16_t reg)
1320 {
1321         uint32_t val;
1322
1323         rum_read_multi(sc, reg, &val, sizeof val);
1324
1325         return le32toh(val);
1326 }
1327
1328 static void
1329 rum_read_multi(struct rum_softc *sc, uint16_t reg, void *buf, int len)
1330 {
1331         usb_device_request_t req;
1332         usbd_status error;
1333
1334         req.bmRequestType = UT_READ_VENDOR_DEVICE;
1335         req.bRequest = RT2573_READ_MULTI_MAC;
1336         USETW(req.wValue, 0);
1337         USETW(req.wIndex, reg);
1338         USETW(req.wLength, len);
1339
1340         error = usbd_do_request(sc->sc_udev, &req, buf);
1341         if (error != 0) {
1342                 kprintf("%s: could not multi read MAC register: %s\n",
1343                     device_get_nameunit(sc->sc_dev), usbd_errstr(error));
1344         }
1345 }
1346
1347 static void
1348 rum_write(struct rum_softc *sc, uint16_t reg, uint32_t val)
1349 {
1350         uint32_t tmp = htole32(val);
1351
1352         rum_write_multi(sc, reg, &tmp, sizeof tmp);
1353 }
1354
1355 static void
1356 rum_write_multi(struct rum_softc *sc, uint16_t reg, void *buf, size_t len)
1357 {
1358         usb_device_request_t req;
1359         usbd_status error;
1360
1361         req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
1362         req.bRequest = RT2573_WRITE_MULTI_MAC;
1363         USETW(req.wValue, 0);
1364         USETW(req.wIndex, reg);
1365         USETW(req.wLength, len);
1366
1367         error = usbd_do_request(sc->sc_udev, &req, buf);
1368         if (error != 0) {
1369                 kprintf("%s: could not multi write MAC register: %s\n",
1370                     device_get_nameunit(sc->sc_dev), usbd_errstr(error));
1371         }
1372 }
1373
1374 static void
1375 rum_bbp_write(struct rum_softc *sc, uint8_t reg, uint8_t val)
1376 {
1377         uint32_t tmp;
1378         int ntries;
1379
1380         for (ntries = 0; ntries < 5; ntries++) {
1381                 if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
1382                         break;
1383         }
1384         if (ntries == 5) {
1385                 kprintf("%s: could not write to BBP\n", device_get_nameunit(sc->sc_dev));
1386                 return;
1387         }
1388
1389         tmp = RT2573_BBP_BUSY | (reg & 0x7f) << 8 | val;
1390         rum_write(sc, RT2573_PHY_CSR3, tmp);
1391 }
1392
1393 static uint8_t
1394 rum_bbp_read(struct rum_softc *sc, uint8_t reg)
1395 {
1396         uint32_t val;
1397         int ntries;
1398
1399         for (ntries = 0; ntries < 5; ntries++) {
1400                 if (!(rum_read(sc, RT2573_PHY_CSR3) & RT2573_BBP_BUSY))
1401                         break;
1402         }
1403         if (ntries == 5) {
1404                 kprintf("%s: could not read BBP\n", device_get_nameunit(sc->sc_dev));
1405                 return 0;
1406         }
1407
1408         val = RT2573_BBP_BUSY | RT2573_BBP_READ | reg << 8;
1409         rum_write(sc, RT2573_PHY_CSR3, val);
1410
1411         for (ntries = 0; ntries < 100; ntries++) {
1412                 val = rum_read(sc, RT2573_PHY_CSR3);
1413                 if (!(val & RT2573_BBP_BUSY))
1414                         return val & 0xff;
1415                 DELAY(1);
1416         }
1417
1418         kprintf("%s: could not read BBP\n", device_get_nameunit(sc->sc_dev));
1419         return 0;
1420 }
1421
1422 static void
1423 rum_rf_write(struct rum_softc *sc, uint8_t reg, uint32_t val)
1424 {
1425         uint32_t tmp;
1426         int ntries;
1427
1428         for (ntries = 0; ntries < 5; ntries++) {
1429                 if (!(rum_read(sc, RT2573_PHY_CSR4) & RT2573_RF_BUSY))
1430                         break;
1431         }
1432         if (ntries == 5) {
1433                 kprintf("%s: could not write to RF\n", device_get_nameunit(sc->sc_dev));
1434                 return;
1435         }
1436
1437         tmp = RT2573_RF_BUSY | RT2573_RF_20BIT | (val & 0xfffff) << 2 |
1438             (reg & 3);
1439         rum_write(sc, RT2573_PHY_CSR4, tmp);
1440
1441         /* remember last written value in sc */
1442         sc->rf_regs[reg] = val;
1443
1444         DPRINTFN(15, ("RF R[%u] <- 0x%05x\n", reg & 3, val & 0xfffff));
1445 }
1446
1447 static void
1448 rum_select_antenna(struct rum_softc *sc)
1449 {
1450         uint8_t bbp4, bbp77;
1451         uint32_t tmp;
1452
1453         bbp4  = rum_bbp_read(sc, 4);
1454         bbp77 = rum_bbp_read(sc, 77);
1455
1456         /* TBD */
1457
1458         /* make sure Rx is disabled before switching antenna */
1459         tmp = rum_read(sc, RT2573_TXRX_CSR0);
1460         rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
1461
1462         rum_bbp_write(sc,  4, bbp4);
1463         rum_bbp_write(sc, 77, bbp77);
1464
1465         rum_write(sc, RT2573_TXRX_CSR0, tmp);
1466 }
1467
1468 /*
1469  * Enable multi-rate retries for frames sent at OFDM rates.
1470  * In 802.11b/g mode, allow fallback to CCK rates.
1471  */
1472 static void
1473 rum_enable_mrr(struct rum_softc *sc)
1474 {
1475         struct ieee80211com *ic = &sc->sc_ic;
1476         uint32_t tmp;
1477
1478         tmp = rum_read(sc, RT2573_TXRX_CSR4);
1479
1480         tmp &= ~RT2573_MRR_CCK_FALLBACK;
1481         if (!IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan))
1482                 tmp |= RT2573_MRR_CCK_FALLBACK;
1483         tmp |= RT2573_MRR_ENABLED;
1484
1485         rum_write(sc, RT2573_TXRX_CSR4, tmp);
1486 }
1487
1488 static void
1489 rum_set_txpreamble(struct rum_softc *sc)
1490 {
1491         uint32_t tmp;
1492
1493         tmp = rum_read(sc, RT2573_TXRX_CSR4);
1494
1495         tmp &= ~RT2573_SHORT_PREAMBLE;
1496         if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
1497                 tmp |= RT2573_SHORT_PREAMBLE;
1498
1499         rum_write(sc, RT2573_TXRX_CSR4, tmp);
1500 }
1501
1502 static void
1503 rum_set_basicrates(struct rum_softc *sc)
1504 {
1505         struct ieee80211com *ic = &sc->sc_ic;
1506
1507         /* update basic rate set */
1508         if (ic->ic_curmode == IEEE80211_MODE_11B) {
1509                 /* 11b basic rates: 1, 2Mbps */
1510                 rum_write(sc, RT2573_TXRX_CSR5, 0x3);
1511         } else if (IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->ni_chan)) {
1512                 /* 11a basic rates: 6, 12, 24Mbps */
1513                 rum_write(sc, RT2573_TXRX_CSR5, 0x150);
1514         } else {
1515                 /* 11g basic rates: 1, 2, 5.5, 11, 6, 12, 24Mbps */
1516                 rum_write(sc, RT2573_TXRX_CSR5, 0x15f);
1517         }
1518 }
1519
1520 /*
1521  * Reprogram MAC/BBP to switch to a new band.  Values taken from the reference
1522  * driver.
1523  */
1524 static void
1525 rum_select_band(struct rum_softc *sc, struct ieee80211_channel *c)
1526 {
1527         uint8_t bbp17, bbp35, bbp96, bbp97, bbp98, bbp104;
1528         uint32_t tmp;
1529
1530         /* update all BBP registers that depend on the band */
1531         bbp17 = 0x20; bbp96 = 0x48; bbp104 = 0x2c;
1532         bbp35 = 0x50; bbp97 = 0x48; bbp98  = 0x48;
1533         if (IEEE80211_IS_CHAN_5GHZ(c)) {
1534                 bbp17 += 0x08; bbp96 += 0x10; bbp104 += 0x0c;
1535                 bbp35 += 0x10; bbp97 += 0x10; bbp98  += 0x10;
1536         }
1537         if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1538             (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1539                 bbp17 += 0x10; bbp96 += 0x10; bbp104 += 0x10;
1540         }
1541
1542         sc->bbp17 = bbp17;
1543         rum_bbp_write(sc,  17, bbp17);
1544         rum_bbp_write(sc,  96, bbp96);
1545         rum_bbp_write(sc, 104, bbp104);
1546
1547         if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
1548             (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
1549                 rum_bbp_write(sc, 75, 0x80);
1550                 rum_bbp_write(sc, 86, 0x80);
1551                 rum_bbp_write(sc, 88, 0x80);
1552         }
1553
1554         rum_bbp_write(sc, 35, bbp35);
1555         rum_bbp_write(sc, 97, bbp97);
1556         rum_bbp_write(sc, 98, bbp98);
1557
1558         tmp = rum_read(sc, RT2573_PHY_CSR0);
1559         tmp &= ~(RT2573_PA_PE_2GHZ | RT2573_PA_PE_5GHZ);
1560         if (IEEE80211_IS_CHAN_2GHZ(c))
1561                 tmp |= RT2573_PA_PE_2GHZ;
1562         else
1563                 tmp |= RT2573_PA_PE_5GHZ;
1564         rum_write(sc, RT2573_PHY_CSR0, tmp);
1565 }
1566
1567 static void
1568 rum_set_chan(struct rum_softc *sc, struct ieee80211_channel *c)
1569 {
1570         struct ieee80211com *ic = &sc->sc_ic;
1571         const struct rfprog *rfprog;
1572         uint8_t bbp3, bbp94 = RT2573_BBPR94_DEFAULT;
1573         int8_t power;
1574         u_int i, chan;
1575
1576         chan = ieee80211_chan2ieee(ic, c);
1577         if (chan == 0 || chan == IEEE80211_CHAN_ANY)
1578                 return;
1579
1580         /* select the appropriate RF settings based on what EEPROM says */
1581         rfprog = (sc->rf_rev == RT2573_RF_5225 ||
1582                   sc->rf_rev == RT2573_RF_2527) ? rum_rf5225 : rum_rf5226;
1583
1584         /* find the settings for this channel (we know it exists) */
1585         for (i = 0; rfprog[i].chan != chan; i++)
1586                 ;       /* EMPTY */
1587
1588         power = sc->txpow[i];
1589         if (power < 0) {
1590                 bbp94 += power;
1591                 power = 0;
1592         } else if (power > 31) {
1593                 bbp94 += power - 31;
1594                 power = 31;
1595         }
1596
1597         /*
1598          * If we are switching from the 2GHz band to the 5GHz band or
1599          * vice-versa, BBP registers need to be reprogrammed.
1600          */
1601         if (c->ic_flags != sc->sc_curchan->ic_flags) {
1602                 rum_select_band(sc, c);
1603                 rum_select_antenna(sc);
1604         }
1605         sc->sc_curchan = c;
1606
1607         rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1608         rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1609         rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1610         rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1611
1612         rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1613         rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1614         rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7 | 1);
1615         rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1616
1617         rum_rf_write(sc, RT2573_RF1, rfprog[i].r1);
1618         rum_rf_write(sc, RT2573_RF2, rfprog[i].r2);
1619         rum_rf_write(sc, RT2573_RF3, rfprog[i].r3 | power << 7);
1620         rum_rf_write(sc, RT2573_RF4, rfprog[i].r4 | sc->rffreq << 10);
1621
1622         DELAY(10);
1623
1624         /* enable smart mode for MIMO-capable RFs */
1625         bbp3 = rum_bbp_read(sc, 3);
1626
1627         if (sc->rf_rev == RT2573_RF_5225 || sc->rf_rev == RT2573_RF_2527)
1628                 bbp3 &= ~RT2573_SMART_MODE;
1629         else
1630                 bbp3 |= RT2573_SMART_MODE;
1631
1632         rum_bbp_write(sc, 3, bbp3);
1633
1634         if (bbp94 != RT2573_BBPR94_DEFAULT)
1635                 rum_bbp_write(sc, 94, bbp94);
1636
1637         sc->sc_sifs = IEEE80211_IS_CHAN_5GHZ(c) ? IEEE80211_DUR_OFDM_SIFS
1638                                                 : IEEE80211_DUR_SIFS;
1639 }
1640
1641 /*
1642  * Enable TSF synchronization and tell h/w to start sending beacons for IBSS
1643  * and HostAP operating modes.
1644  */
1645 static void
1646 rum_enable_tsf_sync(struct rum_softc *sc)
1647 {
1648         struct ieee80211com *ic = &sc->sc_ic;
1649         uint32_t tmp;
1650
1651         if (ic->ic_opmode != IEEE80211_M_STA) {
1652                 /*
1653                  * Change default 16ms TBTT adjustment to 8ms.
1654                  * Must be done before enabling beacon generation.
1655                  */
1656                 rum_write(sc, RT2573_TXRX_CSR10, 1 << 12 | 8);
1657         }
1658
1659         tmp = rum_read(sc, RT2573_TXRX_CSR9) & 0xff000000;
1660
1661         /* set beacon interval (in 1/16ms unit) */
1662         tmp |= ic->ic_bss->ni_intval * 16;
1663
1664         tmp |= RT2573_TSF_TICKING | RT2573_ENABLE_TBTT;
1665         if (ic->ic_opmode == IEEE80211_M_STA)
1666                 tmp |= RT2573_TSF_MODE(1);
1667         else
1668                 tmp |= RT2573_TSF_MODE(2) | RT2573_GENERATE_BEACON;
1669
1670         rum_write(sc, RT2573_TXRX_CSR9, tmp);
1671 }
1672
1673 static void
1674 rum_update_slot(struct rum_softc *sc)
1675 {
1676         struct ieee80211com *ic = &sc->sc_ic;
1677         uint8_t slottime;
1678         uint32_t tmp;
1679
1680         slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
1681
1682         tmp = rum_read(sc, RT2573_MAC_CSR9);
1683         tmp = (tmp & ~0xff) | slottime;
1684         rum_write(sc, RT2573_MAC_CSR9, tmp);
1685
1686         DPRINTF(("setting slot time to %uus\n", slottime));
1687 }
1688
1689 static void
1690 rum_set_bssid(struct rum_softc *sc, const uint8_t *bssid)
1691 {
1692         uint32_t tmp;
1693
1694         tmp = bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24;
1695         rum_write(sc, RT2573_MAC_CSR4, tmp);
1696
1697         tmp = bssid[4] | bssid[5] << 8 | RT2573_ONE_BSSID << 16;
1698         rum_write(sc, RT2573_MAC_CSR5, tmp);
1699 }
1700
1701 static void
1702 rum_set_macaddr(struct rum_softc *sc, const uint8_t *addr)
1703 {
1704         uint32_t tmp;
1705
1706         tmp = addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24;
1707         rum_write(sc, RT2573_MAC_CSR2, tmp);
1708
1709         tmp = addr[4] | addr[5] << 8 | 0xff << 16;
1710         rum_write(sc, RT2573_MAC_CSR3, tmp);
1711 }
1712
1713 static void
1714 rum_update_promisc(struct rum_softc *sc)
1715 {
1716         struct ifnet *ifp = &sc->sc_ic.ic_if;
1717         uint32_t tmp;
1718
1719         tmp = rum_read(sc, RT2573_TXRX_CSR0);
1720
1721         tmp &= ~RT2573_DROP_NOT_TO_ME;
1722         if (!(ifp->if_flags & IFF_PROMISC))
1723                 tmp |= RT2573_DROP_NOT_TO_ME;
1724
1725         rum_write(sc, RT2573_TXRX_CSR0, tmp);
1726
1727         DPRINTF(("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
1728             "entering" : "leaving"));
1729 }
1730
1731 static const char *
1732 rum_get_rf(int rev)
1733 {
1734         switch (rev) {
1735         case RT2573_RF_2527:    return "RT2527 (MIMO XR)";
1736         case RT2573_RF_2528:    return "RT2528";
1737         case RT2573_RF_5225:    return "RT5225 (MIMO XR)";
1738         case RT2573_RF_5226:    return "RT5226";
1739         default:                return "unknown";
1740         }
1741 }
1742
1743 static void
1744 rum_read_eeprom(struct rum_softc *sc)
1745 {
1746         struct ieee80211com *ic = &sc->sc_ic;
1747         uint16_t val;
1748 #ifdef RUM_DEBUG
1749         int i;
1750 #endif
1751
1752         /* read MAC/BBP type */
1753         rum_eeprom_read(sc, RT2573_EEPROM_MACBBP, &val, 2);
1754         sc->macbbp_rev = le16toh(val);
1755
1756         /* read MAC address */
1757         rum_eeprom_read(sc, RT2573_EEPROM_ADDRESS, ic->ic_myaddr, 6);
1758
1759         rum_eeprom_read(sc, RT2573_EEPROM_ANTENNA, &val, 2);
1760         val = le16toh(val);
1761         sc->rf_rev =   (val >> 11) & 0x1f;
1762         sc->hw_radio = (val >> 10) & 0x1;
1763         sc->rx_ant =   (val >> 4)  & 0x3;
1764         sc->tx_ant =   (val >> 2)  & 0x3;
1765         sc->nb_ant =   val & 0x3;
1766
1767         DPRINTF(("RF revision=%d\n", sc->rf_rev));
1768
1769         rum_eeprom_read(sc, RT2573_EEPROM_CONFIG2, &val, 2);
1770         val = le16toh(val);
1771         sc->ext_5ghz_lna = (val >> 6) & 0x1;
1772         sc->ext_2ghz_lna = (val >> 4) & 0x1;
1773
1774         DPRINTF(("External 2GHz LNA=%d\nExternal 5GHz LNA=%d\n",
1775             sc->ext_2ghz_lna, sc->ext_5ghz_lna));
1776
1777         rum_eeprom_read(sc, RT2573_EEPROM_RSSI_2GHZ_OFFSET, &val, 2);
1778         val = le16toh(val);
1779         if ((val & 0xff) != 0xff)
1780                 sc->rssi_2ghz_corr = (int8_t)(val & 0xff);      /* signed */
1781
1782         /* Only [-10, 10] is valid */
1783         if (sc->rssi_2ghz_corr < -10 || sc->rssi_2ghz_corr > 10)
1784                 sc->rssi_2ghz_corr = 0;
1785
1786         rum_eeprom_read(sc, RT2573_EEPROM_RSSI_5GHZ_OFFSET, &val, 2);
1787         val = le16toh(val);
1788         if ((val & 0xff) != 0xff)
1789                 sc->rssi_5ghz_corr = (int8_t)(val & 0xff);      /* signed */
1790
1791         /* Only [-10, 10] is valid */
1792         if (sc->rssi_5ghz_corr < -10 || sc->rssi_5ghz_corr > 10)
1793                 sc->rssi_5ghz_corr = 0;
1794
1795         if (sc->ext_2ghz_lna)
1796                 sc->rssi_2ghz_corr -= 14;
1797         if (sc->ext_5ghz_lna)
1798                 sc->rssi_5ghz_corr -= 14;
1799
1800         DPRINTF(("RSSI 2GHz corr=%d\nRSSI 5GHz corr=%d\n",
1801             sc->rssi_2ghz_corr, sc->rssi_5ghz_corr));
1802
1803         rum_eeprom_read(sc, RT2573_EEPROM_FREQ_OFFSET, &val, 2);
1804         val = le16toh(val);
1805         if ((val & 0xff) != 0xff)
1806                 sc->rffreq = val & 0xff;
1807
1808         DPRINTF(("RF freq=%d\n", sc->rffreq));
1809
1810         /* read Tx power for all a/b/g channels */
1811         rum_eeprom_read(sc, RT2573_EEPROM_TXPOWER, sc->txpow, 14);
1812         /* XXX default Tx power for 802.11a channels */
1813         memset(sc->txpow + 14, 24, sizeof (sc->txpow) - 14);
1814 #ifdef RUM_DEBUG
1815         for (i = 0; i < 14; i++)
1816                 DPRINTF(("Channel=%d Tx power=%d\n", i + 1,  sc->txpow[i]));
1817 #endif
1818
1819         /* read default values for BBP registers */
1820         rum_eeprom_read(sc, RT2573_EEPROM_BBP_BASE, sc->bbp_prom, 2 * 16);
1821 #ifdef RUM_DEBUG
1822         for (i = 0; i < 14; i++) {
1823                 if (sc->bbp_prom[i].reg == 0 || sc->bbp_prom[i].reg == 0xff)
1824                         continue;
1825                 DPRINTF(("BBP R%d=%02x\n", sc->bbp_prom[i].reg,
1826                     sc->bbp_prom[i].val));
1827         }
1828 #endif
1829 }
1830
1831 static int
1832 rum_bbp_init(struct rum_softc *sc)
1833 {
1834 #define N(a)    (sizeof (a) / sizeof ((a)[0]))
1835         int i, ntries;
1836         uint8_t val;
1837
1838         /* wait for BBP to be ready */
1839         for (ntries = 0; ntries < 100; ntries++) {
1840                 val = rum_bbp_read(sc, 0);
1841                 if (val != 0 && val != 0xff)
1842                         break;
1843                 DELAY(1000);
1844         }
1845         if (ntries == 100) {
1846                 kprintf("%s: timeout waiting for BBP\n",
1847                     device_get_nameunit(sc->sc_dev));
1848                 return EIO;
1849         }
1850
1851         /* initialize BBP registers to default values */
1852         for (i = 0; i < N(rum_def_bbp); i++)
1853                 rum_bbp_write(sc, rum_def_bbp[i].reg, rum_def_bbp[i].val);
1854
1855         /* write vendor-specific BBP values (from EEPROM) */
1856         for (i = 0; i < 16; i++) {
1857                 if (sc->bbp_prom[i].reg == 0 || sc->bbp_prom[i].reg == 0xff)
1858                         continue;
1859                 rum_bbp_write(sc, sc->bbp_prom[i].reg, sc->bbp_prom[i].val);
1860         }
1861
1862         return 0;
1863 #undef N
1864 }
1865
1866 static void
1867 rum_init(void *xsc)
1868 {
1869 #define N(a)    (sizeof(a) / sizeof((a)[0]))
1870         struct rum_softc *sc = xsc;
1871         struct ieee80211com *ic = &sc->sc_ic;
1872         struct ifnet *ifp = &ic->ic_if;
1873         struct rum_rx_data *data;
1874         uint32_t tmp;
1875         usbd_status usb_err;
1876         int i, ntries, error;
1877
1878         ASSERT_SERIALIZED(ifp->if_serializer);
1879
1880         crit_enter();
1881
1882         rum_stop(sc);
1883         sc->sc_stopped = 0;
1884
1885         lwkt_serialize_exit(ifp->if_serializer);
1886
1887         /* initialize MAC registers to default values */
1888         for (i = 0; i < N(rum_def_mac); i++)
1889                 rum_write(sc, rum_def_mac[i].reg, rum_def_mac[i].val);
1890
1891         /* set host ready */
1892         rum_write(sc, RT2573_MAC_CSR1, 3);
1893         rum_write(sc, RT2573_MAC_CSR1, 0);
1894
1895         /* wait for BBP/RF to wakeup */
1896         for (ntries = 0; ntries < 1000; ntries++) {
1897                 if (rum_read(sc, RT2573_MAC_CSR12) & 8)
1898                         break;
1899                 rum_write(sc, RT2573_MAC_CSR12, 4);     /* force wakeup */
1900                 DELAY(1000);
1901         }
1902         if (ntries == 1000) {
1903                 kprintf("%s: timeout waiting for BBP/RF to wakeup\n",
1904                         device_get_nameunit(sc->sc_dev));
1905                 error = ETIMEDOUT;
1906                 goto fail;
1907         }
1908
1909         error = rum_bbp_init(sc);
1910         if (error)
1911                 goto fail;
1912
1913         /* select default channel */
1914         sc->sc_curchan = ic->ic_curchan = ic->ic_ibss_chan;
1915
1916         rum_select_band(sc, sc->sc_curchan);
1917         rum_select_antenna(sc);
1918         rum_set_chan(sc, sc->sc_curchan);
1919
1920         /* clear STA registers */
1921         rum_read_multi(sc, RT2573_STA_CSR0, sc->sta, sizeof sc->sta);
1922
1923         IEEE80211_ADDR_COPY(ic->ic_myaddr, IF_LLADDR(ifp));
1924         rum_set_macaddr(sc, ic->ic_myaddr);
1925
1926         /* initialize ASIC */
1927         rum_write(sc, RT2573_MAC_CSR1, 4);
1928
1929         /*
1930          * Allocate xfer for AMRR statistics requests.
1931          */
1932         sc->stats_xfer = usbd_alloc_xfer(sc->sc_udev);
1933         if (sc->stats_xfer == NULL) {
1934                 kprintf("%s: could not allocate AMRR xfer\n",
1935                         device_get_nameunit(sc->sc_dev));
1936                 error = ENOMEM;
1937                 goto fail;
1938         }
1939
1940         /*
1941          * Open Tx and Rx USB bulk pipes.
1942          */
1943         usb_err = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE,
1944                                  &sc->sc_tx_pipeh);
1945         if (usb_err != USBD_NORMAL_COMPLETION) {
1946                 kprintf("%s: could not open Tx pipe: %s\n",
1947                         device_get_nameunit(sc->sc_dev), usbd_errstr(usb_err));
1948                 error = EIO;
1949                 goto fail;
1950         }
1951
1952         usb_err = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE,
1953                                  &sc->sc_rx_pipeh);
1954         if (usb_err != USBD_NORMAL_COMPLETION) {
1955                 kprintf("%s: could not open Rx pipe: %s\n",
1956                     device_get_nameunit(sc->sc_dev), usbd_errstr(usb_err));
1957                 error = EIO;
1958                 goto fail;
1959         }
1960
1961         /*
1962          * Allocate Tx and Rx xfer queues.
1963          */
1964         error = rum_alloc_tx_list(sc);
1965         if (error) {
1966                 kprintf("%s: could not allocate Tx list\n",
1967                         device_get_nameunit(sc->sc_dev));
1968                 goto fail;
1969         }
1970
1971         error = rum_alloc_rx_list(sc);
1972         if (error) {
1973                 kprintf("%s: could not allocate Rx list\n",
1974                         device_get_nameunit(sc->sc_dev));
1975                 goto fail;
1976         }
1977
1978         /*
1979          * Start up the receive pipe.
1980          */
1981         for (i = 0; i < RT2573_RX_LIST_COUNT; i++) {
1982                 data = &sc->rx_data[i];
1983
1984                 usbd_setup_xfer(data->xfer, sc->sc_rx_pipeh, data, data->buf,
1985                     MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, rum_rxeof);
1986                 usbd_transfer(data->xfer);
1987         }
1988
1989         /* update Rx filter */
1990         tmp = rum_read(sc, RT2573_TXRX_CSR0) & 0xffff;
1991
1992         tmp |= RT2573_DROP_PHY_ERROR | RT2573_DROP_CRC_ERROR;
1993         if (ic->ic_opmode != IEEE80211_M_MONITOR) {
1994                 tmp |= RT2573_DROP_CTL | RT2573_DROP_VER_ERROR |
1995                        RT2573_DROP_ACKCTS;
1996                 if (ic->ic_opmode != IEEE80211_M_HOSTAP)
1997                         tmp |= RT2573_DROP_TODS;
1998                 if (!(ifp->if_flags & IFF_PROMISC))
1999                         tmp |= RT2573_DROP_NOT_TO_ME;
2000         }
2001         rum_write(sc, RT2573_TXRX_CSR0, tmp);
2002 fail:
2003         lwkt_serialize_enter(ifp->if_serializer);
2004
2005         if (error) {
2006                 rum_stop(sc);
2007         } else {
2008                 ifp->if_flags &= ~IFF_OACTIVE;
2009                 ifp->if_flags |= IFF_RUNNING;
2010
2011                 if (ic->ic_opmode != IEEE80211_M_MONITOR) {
2012                         if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
2013                                 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
2014                 } else {
2015                         ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
2016                 }
2017         }
2018
2019         crit_exit();
2020 #undef N
2021 }
2022
2023 static void
2024 rum_stop(struct rum_softc *sc)
2025 {
2026         struct ieee80211com *ic = &sc->sc_ic;
2027         struct ifnet *ifp = &ic->ic_if;
2028         uint32_t tmp;
2029
2030         ASSERT_SERIALIZED(ifp->if_serializer);
2031
2032         crit_enter();
2033
2034         ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
2035         sc->sc_stopped = 1;
2036
2037         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);  /* free all nodes */
2038
2039         sc->sc_tx_timer = 0;
2040         ifp->if_timer = 0;
2041
2042         lwkt_serialize_exit(ifp->if_serializer);
2043
2044         /* disable Rx */
2045         tmp = rum_read(sc, RT2573_TXRX_CSR0);
2046         rum_write(sc, RT2573_TXRX_CSR0, tmp | RT2573_DISABLE_RX);
2047
2048         /* reset ASIC */
2049         rum_write(sc, RT2573_MAC_CSR1, 3);
2050         rum_write(sc, RT2573_MAC_CSR1, 0);
2051
2052         if (sc->stats_xfer != NULL) {
2053                 usbd_free_xfer(sc->stats_xfer);
2054                 sc->stats_xfer = NULL;
2055         }
2056
2057         if (sc->sc_rx_pipeh != NULL) {
2058                 usbd_abort_pipe(sc->sc_rx_pipeh);
2059                 usbd_close_pipe(sc->sc_rx_pipeh);
2060                 sc->sc_rx_pipeh = NULL;
2061         }
2062
2063         if (sc->sc_tx_pipeh != NULL) {
2064                 usbd_abort_pipe(sc->sc_tx_pipeh);
2065                 usbd_close_pipe(sc->sc_tx_pipeh);
2066                 sc->sc_tx_pipeh = NULL;
2067         }
2068
2069         lwkt_serialize_enter(ifp->if_serializer);
2070
2071         rum_free_rx_list(sc);
2072         rum_free_tx_list(sc);
2073
2074         crit_exit();
2075 }
2076
2077 static int
2078 rum_load_microcode(struct rum_softc *sc, const uint8_t *ucode, size_t size)
2079 {
2080         usb_device_request_t req;
2081         uint16_t reg = RT2573_MCU_CODE_BASE;
2082         usbd_status error;
2083
2084         /* copy firmware image into NIC */
2085         for (; size >= 4; reg += 4, ucode += 4, size -= 4)
2086                 rum_write(sc, reg, UGETDW(ucode));
2087
2088         req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
2089         req.bRequest = RT2573_MCU_CNTL;
2090         USETW(req.wValue, RT2573_MCU_RUN);
2091         USETW(req.wIndex, 0);
2092         USETW(req.wLength, 0);
2093
2094         error = usbd_do_request(sc->sc_udev, &req, NULL);
2095         if (error != 0) {
2096                 kprintf("%s: could not run firmware: %s\n",
2097                     device_get_nameunit(sc->sc_dev), usbd_errstr(error));
2098         }
2099         return error;
2100 }
2101
2102 static int
2103 rum_prepare_beacon(struct rum_softc *sc)
2104 {
2105         struct ieee80211com *ic = &sc->sc_ic;
2106         struct ifnet *ifp = &ic->ic_if;
2107         struct ieee80211_beacon_offsets bo;
2108         struct rum_tx_desc desc;
2109         struct mbuf *m0;
2110         int rate;
2111
2112         lwkt_serialize_enter(ifp->if_serializer);
2113         m0 = ieee80211_beacon_alloc(ic, ic->ic_bss, &bo);
2114         lwkt_serialize_exit(ifp->if_serializer);
2115
2116         if (m0 == NULL) {
2117                 if_printf(&ic->ic_if, "could not allocate beacon frame\n");
2118                 return ENOBUFS;
2119         }
2120
2121         /* send beacons at the lowest available rate */
2122         rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->ni_chan) ? 12 : 2;
2123
2124         rum_setup_tx_desc(sc, &desc, RT2573_TX_TIMESTAMP, RT2573_TX_HWSEQ,
2125             m0->m_pkthdr.len, rate);
2126
2127         /* copy the first 24 bytes of Tx descriptor into NIC memory */
2128         rum_write_multi(sc, RT2573_HW_BEACON_BASE0, (uint8_t *)&desc, 24);
2129
2130         /* copy beacon header and payload into NIC memory */
2131         rum_write_multi(sc, RT2573_HW_BEACON_BASE0 + 24, mtod(m0, uint8_t *),
2132             m0->m_pkthdr.len);
2133
2134         m_freem(m0);
2135
2136         return 0;
2137 }
2138
2139 static void
2140 rum_stats_timeout(void *arg)
2141 {
2142         struct rum_softc *sc = arg;
2143         usb_device_request_t req;
2144
2145         if (sc->sc_stopped)
2146                 return;
2147
2148         crit_enter();
2149
2150         /*
2151          * Asynchronously read statistic registers (cleared by read).
2152          */
2153         req.bmRequestType = UT_READ_VENDOR_DEVICE;
2154         req.bRequest = RT2573_READ_MULTI_MAC;
2155         USETW(req.wValue, 0);
2156         USETW(req.wIndex, RT2573_STA_CSR0);
2157         USETW(req.wLength, sizeof(sc->sta));
2158
2159         usbd_setup_default_xfer(sc->stats_xfer, sc->sc_udev, sc,
2160                                 USBD_DEFAULT_TIMEOUT, &req,
2161                                 sc->sta, sizeof(sc->sta), 0,
2162                                 rum_stats_update);
2163         usbd_transfer(sc->stats_xfer);
2164
2165         crit_exit();
2166 }
2167
2168 static void
2169 rum_stats_update(usbd_xfer_handle xfer, usbd_private_handle priv,
2170                  usbd_status status)
2171 {
2172         struct rum_softc *sc = (struct rum_softc *)priv;
2173         struct ifnet *ifp = &sc->sc_ic.ic_if;
2174         struct ieee80211_ratectl_stats *stats = &sc->sc_stats;
2175
2176         if (status != USBD_NORMAL_COMPLETION) {
2177                 kprintf("%s: could not retrieve Tx statistics - cancelling "
2178                     "automatic rate control\n", device_get_nameunit(sc->sc_dev));
2179                 return;
2180         }
2181
2182         crit_enter();
2183
2184         /* count TX retry-fail as Tx errors */
2185         ifp->if_oerrors += RUM_TX_PKT_FAIL(sc);
2186
2187         stats->stats_pkt_noretry += RUM_TX_PKT_NO_RETRY(sc);
2188         stats->stats_pkt_ok += RUM_TX_PKT_NO_RETRY(sc) +
2189                                RUM_TX_PKT_ONE_RETRY(sc) +
2190                                RUM_TX_PKT_MULTI_RETRY(sc);
2191         stats->stats_pkt_err += RUM_TX_PKT_FAIL(sc);
2192
2193         stats->stats_retries += RUM_TX_PKT_ONE_RETRY(sc);
2194 #if 1
2195         /*
2196          * XXX Estimated average:
2197          * Actual number of retries for each packet should belong to
2198          * [2, RUM_TX_SHORT_RETRY_MAX]
2199          */
2200         stats->stats_retries += RUM_TX_PKT_MULTI_RETRY(sc) *
2201                                 ((2 + RUM_TX_SHORT_RETRY_MAX) / 2);
2202 #else
2203         stats->stats_retries += RUM_TX_PKT_MULTI_RETRY(sc);
2204 #endif
2205         stats->stats_retries += RUM_TX_PKT_FAIL(sc) * RUM_TX_SHORT_RETRY_MAX;
2206
2207         callout_reset(&sc->stats_ch, 4 * hz / 5, rum_stats_timeout, sc);
2208
2209         crit_exit();
2210 }
2211
2212 static void
2213 rum_stats(struct ieee80211com *ic, struct ieee80211_node *ni __unused,
2214           struct ieee80211_ratectl_stats *stats)
2215 {
2216         struct ifnet *ifp = &ic->ic_if;
2217         struct rum_softc *sc = ifp->if_softc;
2218
2219         ASSERT_SERIALIZED(ifp->if_serializer);
2220
2221         bcopy(&sc->sc_stats, stats, sizeof(*stats));
2222         bzero(&sc->sc_stats, sizeof(sc->sc_stats));
2223 }
2224
2225 static void
2226 rum_ratectl_change(struct ieee80211com *ic, u_int orc __unused, u_int nrc)
2227 {
2228         struct ieee80211_ratectl_state *st = &ic->ic_ratectl;
2229         struct ieee80211_onoe_param *oparam;
2230
2231         if (st->rc_st_param != NULL) {
2232                 kfree(st->rc_st_param, M_DEVBUF);
2233                 st->rc_st_param = NULL;
2234         }
2235
2236         switch (nrc) {
2237         case IEEE80211_RATECTL_ONOE:
2238                 oparam = kmalloc(sizeof(*oparam), M_DEVBUF, M_INTWAIT);
2239
2240                 IEEE80211_ONOE_PARAM_SETUP(oparam);
2241                 oparam->onoe_raise = 15;
2242
2243                 st->rc_st_param = oparam;
2244                 break;
2245         case IEEE80211_RATECTL_NONE:
2246                 /* This could only happen during detaching */
2247                 break;
2248         default:
2249                 panic("unknown rate control algo %u\n", nrc);
2250         }
2251 }
2252
2253 static int
2254 rum_get_rssi(struct rum_softc *sc, uint8_t raw)
2255 {
2256         int lna, agc, rssi;
2257
2258         lna = (raw >> 5) & 0x3;
2259         agc = raw & 0x1f;
2260
2261         if (lna == 0) {
2262                 /*
2263                  * No RSSI mapping
2264                  *
2265                  * NB: Since RSSI is relative to noise floor, -1 is
2266                  *     adequate for caller to know error happened.
2267                  */
2268                 return -1;
2269         }
2270
2271         rssi = (2 * agc) - RT2573_NOISE_FLOOR;
2272
2273         if (IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan)) {
2274                 rssi += sc->rssi_2ghz_corr;
2275
2276                 if (lna == 1)
2277                         rssi -= 64;
2278                 else if (lna == 2)
2279                         rssi -= 74;
2280                 else if (lna == 3)
2281                         rssi -= 90;
2282         } else {
2283                 rssi += sc->rssi_5ghz_corr;
2284
2285                 if (!sc->ext_5ghz_lna && lna != 1)
2286                         rssi += 4;
2287
2288                 if (lna == 1)
2289                         rssi -= 64;
2290                 else if (lna == 2)
2291                         rssi -= 86;
2292                 else if (lna == 3)
2293                         rssi -= 100;
2294         }
2295         return rssi;
2296 }