1 /* $NetBSD: if_wpi.c,v 1.42 2009/05/06 09:25:16 cegger Exp $ */
4 * Copyright (c) 2006, 2007
5 * Damien Bergamini <damien.bergamini@free.fr>
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 #include <sys/cdefs.h>
21 __KERNEL_RCSID(0, "$NetBSD: if_wpi.c,v 1.42 2009/05/06 09:25:16 cegger Exp $");
24 * Driver for Intel PRO/Wireless 3945ABG 802.11 network adapters.
29 #include <sys/param.h>
30 #include <sys/sockio.h>
31 #include <sys/sysctl.h>
33 #include <sys/kernel.h>
34 #include <sys/socket.h>
35 #include <sys/systm.h>
36 #include <sys/malloc.h>
37 #include <sys/mutex.h>
40 #include <sys/kauth.h>
41 #include <sys/callout.h>
44 #include <machine/endian.h>
47 #include <dev/pci/pcireg.h>
48 #include <dev/pci/pcivar.h>
49 #include <dev/pci/pcidevs.h>
55 #include <net/if_arp.h>
56 #include <net/if_dl.h>
57 #include <net/if_ether.h>
58 #include <net/if_media.h>
59 #include <net/if_types.h>
61 #include <net80211/ieee80211_var.h>
62 #include <net80211/ieee80211_amrr.h>
63 #include <net80211/ieee80211_radiotap.h>
65 #include <netinet/in.h>
66 #include <netinet/in_systm.h>
67 #include <netinet/in_var.h>
68 #include <netinet/ip.h>
70 #include <dev/firmload.h>
72 #include <dev/pci/if_wpireg.h>
73 #include <dev/pci/if_wpivar.h>
76 #define DPRINTF(x) if (wpi_debug > 0) printf x
77 #define DPRINTFN(n, x) if (wpi_debug >= (n)) printf x
81 #define DPRINTFN(n, x)
85 * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
87 static const struct ieee80211_rateset wpi_rateset_11a
=
88 { 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
90 static const struct ieee80211_rateset wpi_rateset_11b
=
91 { 4, { 2, 4, 11, 22 } };
93 static const struct ieee80211_rateset wpi_rateset_11g
=
94 { 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
96 static once_t wpi_firmware_init
;
97 static kmutex_t wpi_firmware_mutex
;
98 static size_t wpi_firmware_users
;
99 static uint8_t *wpi_firmware_image
;
100 static size_t wpi_firmware_size
;
102 static int wpi_match(device_t
, cfdata_t
, void *);
103 static void wpi_attach(device_t
, device_t
, void *);
104 static int wpi_detach(device_t
, int);
105 static int wpi_dma_contig_alloc(bus_dma_tag_t
, struct wpi_dma_info
*,
106 void **, bus_size_t
, bus_size_t
, int);
107 static void wpi_dma_contig_free(struct wpi_dma_info
*);
108 static int wpi_alloc_shared(struct wpi_softc
*);
109 static void wpi_free_shared(struct wpi_softc
*);
110 static int wpi_alloc_fwmem(struct wpi_softc
*);
111 static void wpi_free_fwmem(struct wpi_softc
*);
112 static struct wpi_rbuf
*wpi_alloc_rbuf(struct wpi_softc
*);
113 static void wpi_free_rbuf(struct mbuf
*, void *, size_t, void *);
114 static int wpi_alloc_rpool(struct wpi_softc
*);
115 static void wpi_free_rpool(struct wpi_softc
*);
116 static int wpi_alloc_rx_ring(struct wpi_softc
*, struct wpi_rx_ring
*);
117 static void wpi_reset_rx_ring(struct wpi_softc
*, struct wpi_rx_ring
*);
118 static void wpi_free_rx_ring(struct wpi_softc
*, struct wpi_rx_ring
*);
119 static int wpi_alloc_tx_ring(struct wpi_softc
*, struct wpi_tx_ring
*, int,
121 static void wpi_reset_tx_ring(struct wpi_softc
*, struct wpi_tx_ring
*);
122 static void wpi_free_tx_ring(struct wpi_softc
*, struct wpi_tx_ring
*);
123 static struct ieee80211_node
* wpi_node_alloc(struct ieee80211_node_table
*);
124 static void wpi_newassoc(struct ieee80211_node
*, int);
125 static int wpi_media_change(struct ifnet
*);
126 static int wpi_newstate(struct ieee80211com
*, enum ieee80211_state
, int);
127 static void wpi_fix_channel(struct ieee80211com
*, struct mbuf
*);
128 static void wpi_mem_lock(struct wpi_softc
*);
129 static void wpi_mem_unlock(struct wpi_softc
*);
130 static uint32_t wpi_mem_read(struct wpi_softc
*, uint16_t);
131 static void wpi_mem_write(struct wpi_softc
*, uint16_t, uint32_t);
132 static void wpi_mem_write_region_4(struct wpi_softc
*, uint16_t,
133 const uint32_t *, int);
134 static int wpi_read_prom_data(struct wpi_softc
*, uint32_t, void *, int);
135 static int wpi_load_microcode(struct wpi_softc
*, const uint8_t *, int);
136 static int wpi_load_firmware(struct wpi_softc
*);
137 static void wpi_calib_timeout(void *);
138 static void wpi_iter_func(void *, struct ieee80211_node
*);
139 static void wpi_power_calibration(struct wpi_softc
*, int);
140 static void wpi_rx_intr(struct wpi_softc
*, struct wpi_rx_desc
*,
141 struct wpi_rx_data
*);
142 static void wpi_tx_intr(struct wpi_softc
*, struct wpi_rx_desc
*);
143 static void wpi_cmd_intr(struct wpi_softc
*, struct wpi_rx_desc
*);
144 static void wpi_notif_intr(struct wpi_softc
*);
145 static int wpi_intr(void *);
146 static void wpi_read_eeprom(struct wpi_softc
*);
147 static void wpi_read_eeprom_channels(struct wpi_softc
*, int);
148 static void wpi_read_eeprom_group(struct wpi_softc
*, int);
149 static uint8_t wpi_plcp_signal(int);
150 static int wpi_tx_data(struct wpi_softc
*, struct mbuf
*,
151 struct ieee80211_node
*, int);
152 static void wpi_start(struct ifnet
*);
153 static void wpi_watchdog(struct ifnet
*);
154 static int wpi_ioctl(struct ifnet
*, u_long
, void *);
155 static int wpi_cmd(struct wpi_softc
*, int, const void *, int, int);
156 static int wpi_wme_update(struct ieee80211com
*);
157 static int wpi_mrr_setup(struct wpi_softc
*);
158 static void wpi_set_led(struct wpi_softc
*, uint8_t, uint8_t, uint8_t);
159 static void wpi_enable_tsf(struct wpi_softc
*, struct ieee80211_node
*);
160 static int wpi_set_txpower(struct wpi_softc
*,
161 struct ieee80211_channel
*, int);
162 static int wpi_get_power_index(struct wpi_softc
*,
163 struct wpi_power_group
*, struct ieee80211_channel
*, int);
164 static int wpi_setup_beacon(struct wpi_softc
*, struct ieee80211_node
*);
165 static int wpi_auth(struct wpi_softc
*);
166 static int wpi_scan(struct wpi_softc
*, uint16_t);
167 static int wpi_config(struct wpi_softc
*);
168 static void wpi_stop_master(struct wpi_softc
*);
169 static int wpi_power_up(struct wpi_softc
*);
170 static int wpi_reset(struct wpi_softc
*);
171 static void wpi_hw_config(struct wpi_softc
*);
172 static int wpi_init(struct ifnet
*);
173 static void wpi_stop(struct ifnet
*, int);
174 static bool wpi_resume(device_t PMF_FN_PROTO
);
175 static int wpi_getrfkill(struct wpi_softc
*);
176 static void wpi_sysctlattach(struct wpi_softc
*);
178 CFATTACH_DECL_NEW(wpi
, sizeof (struct wpi_softc
), wpi_match
, wpi_attach
,
182 wpi_match(device_t parent
, cfdata_t match __unused
, void *aux
)
184 struct pci_attach_args
*pa
= aux
;
186 if (PCI_VENDOR(pa
->pa_id
) != PCI_VENDOR_INTEL
)
189 if (PCI_PRODUCT(pa
->pa_id
) == PCI_PRODUCT_INTEL_PRO_WL_3945ABG_1
||
190 PCI_PRODUCT(pa
->pa_id
) == PCI_PRODUCT_INTEL_PRO_WL_3945ABG_2
)
196 /* Base Address Register */
197 #define WPI_PCI_BAR0 0x10
200 wpi_attach_once(void)
202 mutex_init(&wpi_firmware_mutex
, MUTEX_DEFAULT
, IPL_NONE
);
207 wpi_attach(device_t parent __unused
, device_t self
, void *aux
)
209 struct wpi_softc
*sc
= device_private(self
);
210 struct ieee80211com
*ic
= &sc
->sc_ic
;
211 struct ifnet
*ifp
= &sc
->sc_ec
.ec_if
;
212 struct pci_attach_args
*pa
= aux
;
215 bus_space_tag_t memt
;
216 bus_space_handle_t memh
;
217 pci_intr_handle_t ih
;
219 int error
, ac
, revision
;
221 RUN_ONCE(&wpi_firmware_init
, wpi_attach_once
);
225 sc
->sc_pct
= pa
->pa_pc
;
226 sc
->sc_pcitag
= pa
->pa_tag
;
228 callout_init(&sc
->calib_to
, 0);
229 callout_setfunc(&sc
->calib_to
, wpi_calib_timeout
, sc
);
231 pci_devinfo(pa
->pa_id
, pa
->pa_class
, 0, devinfo
, sizeof devinfo
);
232 revision
= PCI_REVISION(pa
->pa_class
);
233 aprint_normal(": %s (rev. 0x%02x)\n", devinfo
, revision
);
235 /* enable bus-mastering */
236 data
= pci_conf_read(sc
->sc_pct
, sc
->sc_pcitag
, PCI_COMMAND_STATUS_REG
);
237 data
|= PCI_COMMAND_MASTER_ENABLE
;
238 pci_conf_write(sc
->sc_pct
, sc
->sc_pcitag
, PCI_COMMAND_STATUS_REG
, data
);
240 /* map the register window */
241 error
= pci_mapreg_map(pa
, WPI_PCI_BAR0
, PCI_MAPREG_TYPE_MEM
|
242 PCI_MAPREG_MEM_TYPE_32BIT
, 0, &memt
, &memh
, NULL
, &sc
->sc_sz
);
244 aprint_error_dev(self
, "could not map memory space\n");
250 sc
->sc_dmat
= pa
->pa_dmat
;
252 if (pci_intr_map(pa
, &ih
) != 0) {
253 aprint_error_dev(self
, "could not map interrupt\n");
257 intrstr
= pci_intr_string(sc
->sc_pct
, ih
);
258 sc
->sc_ih
= pci_intr_establish(sc
->sc_pct
, ih
, IPL_NET
, wpi_intr
, sc
);
259 if (sc
->sc_ih
== NULL
) {
260 aprint_error_dev(self
, "could not establish interrupt");
262 aprint_error(" at %s", intrstr
);
266 aprint_normal_dev(self
, "interrupting at %s\n", intrstr
);
268 if (wpi_reset(sc
) != 0) {
269 aprint_error_dev(self
, "could not reset adapter\n");
274 * Allocate DMA memory for firmware transfers.
276 if ((error
= wpi_alloc_fwmem(sc
)) != 0)
280 * Allocate shared page and Tx/Rx rings.
282 if ((error
= wpi_alloc_shared(sc
)) != 0) {
283 aprint_error_dev(self
, "could not allocate shared area\n");
287 if ((error
= wpi_alloc_rpool(sc
)) != 0) {
288 aprint_error_dev(self
, "could not allocate Rx buffers\n");
292 for (ac
= 0; ac
< 4; ac
++) {
293 error
= wpi_alloc_tx_ring(sc
, &sc
->txq
[ac
], WPI_TX_RING_COUNT
, ac
);
295 aprint_error_dev(self
, "could not allocate Tx ring %d\n", ac
);
300 error
= wpi_alloc_tx_ring(sc
, &sc
->cmdq
, WPI_CMD_RING_COUNT
, 4);
302 aprint_error_dev(self
, "could not allocate command ring\n");
306 if (wpi_alloc_rx_ring(sc
, &sc
->rxq
) != 0) {
307 aprint_error_dev(self
, "could not allocate Rx ring\n");
312 ic
->ic_phytype
= IEEE80211_T_OFDM
; /* not only, but not used */
313 ic
->ic_opmode
= IEEE80211_M_STA
; /* default to BSS mode */
314 ic
->ic_state
= IEEE80211_S_INIT
;
316 /* set device capabilities */
318 IEEE80211_C_IBSS
| /* IBSS mode support */
319 IEEE80211_C_WPA
| /* 802.11i */
320 IEEE80211_C_MONITOR
| /* monitor mode supported */
321 IEEE80211_C_TXPMGT
| /* tx power management */
322 IEEE80211_C_SHSLOT
| /* short slot time supported */
323 IEEE80211_C_SHPREAMBLE
| /* short preamble supported */
324 IEEE80211_C_WME
; /* 802.11e */
326 /* read supported channels and MAC address from EEPROM */
329 /* set supported .11a, .11b, .11g rates */
330 ic
->ic_sup_rates
[IEEE80211_MODE_11A
] = wpi_rateset_11a
;
331 ic
->ic_sup_rates
[IEEE80211_MODE_11B
] = wpi_rateset_11b
;
332 ic
->ic_sup_rates
[IEEE80211_MODE_11G
] = wpi_rateset_11g
;
334 ic
->ic_ibss_chan
= &ic
->ic_channels
[0];
337 ifp
->if_flags
= IFF_BROADCAST
| IFF_SIMPLEX
| IFF_MULTICAST
;
338 ifp
->if_init
= wpi_init
;
339 ifp
->if_stop
= wpi_stop
;
340 ifp
->if_ioctl
= wpi_ioctl
;
341 ifp
->if_start
= wpi_start
;
342 ifp
->if_watchdog
= wpi_watchdog
;
343 IFQ_SET_READY(&ifp
->if_snd
);
344 memcpy(ifp
->if_xname
, device_xname(self
), IFNAMSIZ
);
347 ieee80211_ifattach(ic
);
348 /* override default methods */
349 ic
->ic_node_alloc
= wpi_node_alloc
;
350 ic
->ic_newassoc
= wpi_newassoc
;
351 ic
->ic_wme
.wme_update
= wpi_wme_update
;
353 /* override state transition machine */
354 sc
->sc_newstate
= ic
->ic_newstate
;
355 ic
->ic_newstate
= wpi_newstate
;
356 ieee80211_media_init(ic
, wpi_media_change
, ieee80211_media_status
);
358 sc
->amrr
.amrr_min_success_threshold
= 1;
359 sc
->amrr
.amrr_max_success_threshold
= 15;
361 wpi_sysctlattach(sc
);
363 if (pmf_device_register(self
, NULL
, wpi_resume
))
364 pmf_class_network_register(self
, ifp
);
366 aprint_error_dev(self
, "couldn't establish power handler\n");
369 bpfattach2(ifp
, DLT_IEEE802_11_RADIO
,
370 sizeof (struct ieee80211_frame
) + IEEE80211_RADIOTAP_HDRLEN
,
373 sc
->sc_rxtap_len
= sizeof sc
->sc_rxtapu
;
374 sc
->sc_rxtap
.wr_ihdr
.it_len
= htole16(sc
->sc_rxtap_len
);
375 sc
->sc_rxtap
.wr_ihdr
.it_present
= htole32(WPI_RX_RADIOTAP_PRESENT
);
377 sc
->sc_txtap_len
= sizeof sc
->sc_txtapu
;
378 sc
->sc_txtap
.wt_ihdr
.it_len
= htole16(sc
->sc_txtap_len
);
379 sc
->sc_txtap
.wt_ihdr
.it_present
= htole32(WPI_TX_RADIOTAP_PRESENT
);
382 ieee80211_announce(ic
);
386 fail4
: wpi_free_tx_ring(sc
, &sc
->cmdq
);
387 fail3
: while (--ac
>= 0)
388 wpi_free_tx_ring(sc
, &sc
->txq
[ac
]);
390 fail2
: wpi_free_shared(sc
);
391 fail1
: wpi_free_fwmem(sc
);
395 wpi_detach(device_t self
, int flags __unused
)
397 struct wpi_softc
*sc
= device_private(self
);
398 struct ifnet
*ifp
= sc
->sc_ic
.ic_ifp
;
407 ieee80211_ifdetach(&sc
->sc_ic
);
411 for (ac
= 0; ac
< 4; ac
++)
412 wpi_free_tx_ring(sc
, &sc
->txq
[ac
]);
413 wpi_free_tx_ring(sc
, &sc
->cmdq
);
414 wpi_free_rx_ring(sc
, &sc
->rxq
);
418 if (sc
->sc_ih
!= NULL
) {
419 pci_intr_disestablish(sc
->sc_pct
, sc
->sc_ih
);
423 bus_space_unmap(sc
->sc_st
, sc
->sc_sh
, sc
->sc_sz
);
426 mutex_enter(&wpi_firmware_mutex
);
427 if (--wpi_firmware_users
== 0)
428 firmware_free(wpi_firmware_image
, wpi_firmware_size
);
429 mutex_exit(&wpi_firmware_mutex
);
436 wpi_dma_contig_alloc(bus_dma_tag_t tag
, struct wpi_dma_info
*dma
,
437 void **kvap
, bus_size_t size
, bus_size_t alignment
, int flags
)
444 error
= bus_dmamap_create(tag
, size
, 1, size
, 0, flags
, &dma
->map
);
448 error
= bus_dmamem_alloc(tag
, size
, alignment
, 0, &dma
->seg
, 1, &nsegs
,
453 error
= bus_dmamem_map(tag
, &dma
->seg
, 1, size
, &dma
->vaddr
, flags
);
457 error
= bus_dmamap_load(tag
, dma
->map
, dma
->vaddr
, size
, NULL
, flags
);
461 memset(dma
->vaddr
, 0, size
);
463 dma
->paddr
= dma
->map
->dm_segs
[0].ds_addr
;
469 fail
: wpi_dma_contig_free(dma
);
474 wpi_dma_contig_free(struct wpi_dma_info
*dma
)
476 if (dma
->map
!= NULL
) {
477 if (dma
->vaddr
!= NULL
) {
478 bus_dmamap_unload(dma
->tag
, dma
->map
);
479 bus_dmamem_unmap(dma
->tag
, dma
->vaddr
, dma
->size
);
480 bus_dmamem_free(dma
->tag
, &dma
->seg
, 1);
483 bus_dmamap_destroy(dma
->tag
, dma
->map
);
489 * Allocate a shared page between host and NIC.
492 wpi_alloc_shared(struct wpi_softc
*sc
)
495 /* must be aligned on a 4K-page boundary */
496 error
= wpi_dma_contig_alloc(sc
->sc_dmat
, &sc
->shared_dma
,
497 (void **)&sc
->shared
, sizeof (struct wpi_shared
),
498 WPI_BUF_ALIGN
,BUS_DMA_NOWAIT
);
500 aprint_error_dev(sc
->sc_dev
,
501 "could not allocate shared area DMA memory\n");
507 wpi_free_shared(struct wpi_softc
*sc
)
509 wpi_dma_contig_free(&sc
->shared_dma
);
513 * Allocate DMA-safe memory for firmware transfer.
516 wpi_alloc_fwmem(struct wpi_softc
*sc
)
519 /* allocate enough contiguous space to store text and data */
520 error
= wpi_dma_contig_alloc(sc
->sc_dmat
, &sc
->fw_dma
, NULL
,
521 WPI_FW_MAIN_TEXT_MAXSZ
+ WPI_FW_MAIN_DATA_MAXSZ
, 0,
525 aprint_error_dev(sc
->sc_dev
,
526 "could not allocate firmware transfer area"
532 wpi_free_fwmem(struct wpi_softc
*sc
)
534 wpi_dma_contig_free(&sc
->fw_dma
);
538 static struct wpi_rbuf
*
539 wpi_alloc_rbuf(struct wpi_softc
*sc
)
541 struct wpi_rbuf
*rbuf
;
543 mutex_enter(&sc
->rxq
.freelist_mtx
);
544 rbuf
= SLIST_FIRST(&sc
->rxq
.freelist
);
546 SLIST_REMOVE_HEAD(&sc
->rxq
.freelist
, next
);
547 sc
->rxq
.nb_free_entries
--;
549 mutex_exit(&sc
->rxq
.freelist_mtx
);
555 * This is called automatically by the network stack when the mbuf to which our
556 * Rx buffer is attached is freed.
559 wpi_free_rbuf(struct mbuf
* m
, void *buf
, size_t size
, void *arg
)
561 struct wpi_rbuf
*rbuf
= arg
;
562 struct wpi_softc
*sc
= rbuf
->sc
;
564 /* put the buffer back in the free list */
566 mutex_enter(&sc
->rxq
.freelist_mtx
);
567 SLIST_INSERT_HEAD(&sc
->rxq
.freelist
, rbuf
, next
);
568 mutex_exit(&sc
->rxq
.freelist_mtx
);
569 /* No need to protect this with a mutex, see wpi_rx_intr */
570 sc
->rxq
.nb_free_entries
++;
572 if (__predict_true(m
!= NULL
))
573 pool_cache_put(mb_cache
, m
);
577 wpi_alloc_rpool(struct wpi_softc
*sc
)
579 struct wpi_rx_ring
*ring
= &sc
->rxq
;
580 struct wpi_rbuf
*rbuf
;
583 /* allocate a big chunk of DMA'able memory.. */
584 error
= wpi_dma_contig_alloc(sc
->sc_dmat
, &ring
->buf_dma
, NULL
,
585 WPI_RBUF_COUNT
* WPI_RBUF_SIZE
, WPI_BUF_ALIGN
, BUS_DMA_NOWAIT
);
587 aprint_normal_dev(sc
->sc_dev
,
588 "could not allocate Rx buffers DMA memory\n");
592 /* ..and split it into 3KB chunks */
593 mutex_init(&ring
->freelist_mtx
, MUTEX_DEFAULT
, IPL_NET
);
594 SLIST_INIT(&ring
->freelist
);
595 for (i
= 0; i
< WPI_RBUF_COUNT
; i
++) {
596 rbuf
= &ring
->rbuf
[i
];
597 rbuf
->sc
= sc
; /* backpointer for callbacks */
598 rbuf
->vaddr
= (char *)ring
->buf_dma
.vaddr
+ i
* WPI_RBUF_SIZE
;
599 rbuf
->paddr
= ring
->buf_dma
.paddr
+ i
* WPI_RBUF_SIZE
;
601 SLIST_INSERT_HEAD(&ring
->freelist
, rbuf
, next
);
604 ring
->nb_free_entries
= WPI_RBUF_COUNT
;
609 wpi_free_rpool(struct wpi_softc
*sc
)
611 wpi_dma_contig_free(&sc
->rxq
.buf_dma
);
615 wpi_alloc_rx_ring(struct wpi_softc
*sc
, struct wpi_rx_ring
*ring
)
617 struct wpi_rx_data
*data
;
618 struct wpi_rbuf
*rbuf
;
623 error
= wpi_dma_contig_alloc(sc
->sc_dmat
, &ring
->desc_dma
,
624 (void **)&ring
->desc
,
625 WPI_RX_RING_COUNT
* sizeof (struct wpi_rx_desc
),
626 WPI_RING_DMA_ALIGN
, BUS_DMA_NOWAIT
);
628 aprint_error_dev(sc
->sc_dev
, "could not allocate rx ring DMA memory\n");
635 for (i
= 0; i
< WPI_RX_RING_COUNT
; i
++) {
636 data
= &ring
->data
[i
];
638 MGETHDR(data
->m
, M_DONTWAIT
, MT_DATA
);
639 if (data
->m
== NULL
) {
640 aprint_error_dev(sc
->sc_dev
, "could not allocate rx mbuf\n");
644 if ((rbuf
= wpi_alloc_rbuf(sc
)) == NULL
) {
647 aprint_error_dev(sc
->sc_dev
, "could not allocate rx cluster\n");
651 /* attach Rx buffer to mbuf */
652 MEXTADD(data
->m
, rbuf
->vaddr
, WPI_RBUF_SIZE
, 0, wpi_free_rbuf
,
654 data
->m
->m_flags
|= M_EXT_RW
;
656 ring
->desc
[i
] = htole32(rbuf
->paddr
);
661 fail
: wpi_free_rx_ring(sc
, ring
);
666 wpi_reset_rx_ring(struct wpi_softc
*sc
, struct wpi_rx_ring
*ring
)
672 WPI_WRITE(sc
, WPI_RX_CONFIG
, 0);
673 for (ntries
= 0; ntries
< 100; ntries
++) {
674 if (WPI_READ(sc
, WPI_RX_STATUS
) & WPI_RX_IDLE
)
679 if (ntries
== 100 && wpi_debug
> 0)
680 aprint_error_dev(sc
->sc_dev
, "timeout resetting Rx ring\n");
688 wpi_free_rx_ring(struct wpi_softc
*sc
, struct wpi_rx_ring
*ring
)
692 wpi_dma_contig_free(&ring
->desc_dma
);
694 for (i
= 0; i
< WPI_RX_RING_COUNT
; i
++) {
695 if (ring
->data
[i
].m
!= NULL
)
696 m_freem(ring
->data
[i
].m
);
701 wpi_alloc_tx_ring(struct wpi_softc
*sc
, struct wpi_tx_ring
*ring
, int count
,
704 struct wpi_tx_data
*data
;
712 error
= wpi_dma_contig_alloc(sc
->sc_dmat
, &ring
->desc_dma
,
713 (void **)&ring
->desc
, count
* sizeof (struct wpi_tx_desc
),
714 WPI_RING_DMA_ALIGN
, BUS_DMA_NOWAIT
);
716 aprint_error_dev(sc
->sc_dev
, "could not allocate tx ring DMA memory\n");
720 /* update shared page with ring's base address */
721 sc
->shared
->txbase
[qid
] = htole32(ring
->desc_dma
.paddr
);
723 error
= wpi_dma_contig_alloc(sc
->sc_dmat
, &ring
->cmd_dma
,
725 count
* sizeof (struct wpi_tx_cmd
), 4, BUS_DMA_NOWAIT
);
727 aprint_error_dev(sc
->sc_dev
, "could not allocate tx cmd DMA memory\n");
731 ring
->data
= malloc(count
* sizeof (struct wpi_tx_data
), M_DEVBUF
,
733 if (ring
->data
== NULL
) {
734 aprint_error_dev(sc
->sc_dev
, "could not allocate tx data slots\n");
738 memset(ring
->data
, 0, count
* sizeof (struct wpi_tx_data
));
740 for (i
= 0; i
< count
; i
++) {
741 data
= &ring
->data
[i
];
743 error
= bus_dmamap_create(sc
->sc_dmat
, MCLBYTES
,
744 WPI_MAX_SCATTER
- 1, MCLBYTES
, 0, BUS_DMA_NOWAIT
,
747 aprint_error_dev(sc
->sc_dev
, "could not create tx buf DMA map\n");
754 fail
: wpi_free_tx_ring(sc
, ring
);
759 wpi_reset_tx_ring(struct wpi_softc
*sc
, struct wpi_tx_ring
*ring
)
761 struct wpi_tx_data
*data
;
766 WPI_WRITE(sc
, WPI_TX_CONFIG(ring
->qid
), 0);
767 for (ntries
= 0; ntries
< 100; ntries
++) {
768 if (WPI_READ(sc
, WPI_TX_STATUS
) & WPI_TX_IDLE(ring
->qid
))
773 if (ntries
== 100 && wpi_debug
> 0) {
774 aprint_error_dev(sc
->sc_dev
, "timeout resetting Tx ring %d\n",
780 for (i
= 0; i
< ring
->count
; i
++) {
781 data
= &ring
->data
[i
];
783 if (data
->m
!= NULL
) {
784 bus_dmamap_unload(sc
->sc_dmat
, data
->map
);
795 wpi_free_tx_ring(struct wpi_softc
*sc
, struct wpi_tx_ring
*ring
)
797 struct wpi_tx_data
*data
;
800 wpi_dma_contig_free(&ring
->desc_dma
);
801 wpi_dma_contig_free(&ring
->cmd_dma
);
803 if (ring
->data
!= NULL
) {
804 for (i
= 0; i
< ring
->count
; i
++) {
805 data
= &ring
->data
[i
];
807 if (data
->m
!= NULL
) {
808 bus_dmamap_unload(sc
->sc_dmat
, data
->map
);
812 free(ring
->data
, M_DEVBUF
);
817 static struct ieee80211_node
*
818 wpi_node_alloc(struct ieee80211_node_table
*nt __unused
)
822 wn
= malloc(sizeof (struct wpi_node
), M_80211_NODE
, M_NOWAIT
| M_ZERO
);
824 return (struct ieee80211_node
*)wn
;
828 wpi_newassoc(struct ieee80211_node
*ni
, int isnew
)
830 struct wpi_softc
*sc
= ni
->ni_ic
->ic_ifp
->if_softc
;
833 ieee80211_amrr_node_init(&sc
->amrr
, &((struct wpi_node
*)ni
)->amn
);
835 /* set rate to some reasonable initial value */
836 for (i
= ni
->ni_rates
.rs_nrates
- 1;
837 i
> 0 && (ni
->ni_rates
.rs_rates
[i
] & IEEE80211_RATE_VAL
) > 72;
843 wpi_media_change(struct ifnet
*ifp
)
847 error
= ieee80211_media_change(ifp
);
848 if (error
!= ENETRESET
)
851 if ((ifp
->if_flags
& (IFF_UP
| IFF_RUNNING
)) == (IFF_UP
| IFF_RUNNING
))
858 wpi_newstate(struct ieee80211com
*ic
, enum ieee80211_state nstate
, int arg
)
860 struct ifnet
*ifp
= ic
->ic_ifp
;
861 struct wpi_softc
*sc
= ifp
->if_softc
;
862 struct ieee80211_node
*ni
;
865 callout_stop(&sc
->calib_to
);
868 case IEEE80211_S_SCAN
:
873 sc
->is_scanning
= true;
874 ieee80211_node_table_reset(&ic
->ic_scan
);
875 ic
->ic_flags
|= IEEE80211_F_SCAN
| IEEE80211_F_ASCAN
;
877 /* make the link LED blink while we're scanning */
878 wpi_set_led(sc
, WPI_LED_LINK
, 20, 2);
880 if ((error
= wpi_scan(sc
, IEEE80211_CHAN_G
)) != 0) {
881 aprint_error_dev(sc
->sc_dev
, "could not initiate scan\n");
882 ic
->ic_flags
&= ~(IEEE80211_F_SCAN
| IEEE80211_F_ASCAN
);
886 ic
->ic_state
= nstate
;
889 case IEEE80211_S_ASSOC
:
890 if (ic
->ic_state
!= IEEE80211_S_RUN
)
893 case IEEE80211_S_AUTH
:
894 sc
->config
.associd
= 0;
895 sc
->config
.filter
&= ~htole32(WPI_FILTER_BSS
);
896 if ((error
= wpi_auth(sc
)) != 0) {
897 aprint_error_dev(sc
->sc_dev
,
898 "could not send authentication request\n");
903 case IEEE80211_S_RUN
:
904 if (ic
->ic_opmode
== IEEE80211_M_MONITOR
) {
905 /* link LED blinks while monitoring */
906 wpi_set_led(sc
, WPI_LED_LINK
, 5, 5);
912 if (ic
->ic_opmode
!= IEEE80211_M_STA
) {
913 (void) wpi_auth(sc
); /* XXX */
914 wpi_setup_beacon(sc
, ni
);
917 wpi_enable_tsf(sc
, ni
);
919 /* update adapter's configuration */
920 sc
->config
.associd
= htole16(ni
->ni_associd
& ~0xc000);
921 /* short preamble/slot time are negotiated when associating */
922 sc
->config
.flags
&= ~htole32(WPI_CONFIG_SHPREAMBLE
|
924 if (ic
->ic_flags
& IEEE80211_F_SHSLOT
)
925 sc
->config
.flags
|= htole32(WPI_CONFIG_SHSLOT
);
926 if (ic
->ic_flags
& IEEE80211_F_SHPREAMBLE
)
927 sc
->config
.flags
|= htole32(WPI_CONFIG_SHPREAMBLE
);
928 sc
->config
.filter
|= htole32(WPI_FILTER_BSS
);
929 if (ic
->ic_opmode
!= IEEE80211_M_STA
)
930 sc
->config
.filter
|= htole32(WPI_FILTER_BEACON
);
932 /* XXX put somewhere HC_QOS_SUPPORT_ASSOC + HC_IBSS_START */
934 DPRINTF(("config chan %d flags %x\n", sc
->config
.chan
,
936 error
= wpi_cmd(sc
, WPI_CMD_CONFIGURE
, &sc
->config
,
937 sizeof (struct wpi_config
), 1);
939 aprint_error_dev(sc
->sc_dev
, "could not update configuration\n");
943 /* configuration has changed, set Tx power accordingly */
944 if ((error
= wpi_set_txpower(sc
, ni
->ni_chan
, 1)) != 0) {
945 aprint_error_dev(sc
->sc_dev
, "could not set Tx power\n");
949 if (ic
->ic_opmode
== IEEE80211_M_STA
) {
950 /* fake a join to init the tx rate */
954 /* start periodic calibration timer */
956 callout_schedule(&sc
->calib_to
, hz
/2);
958 /* link LED always on while associated */
959 wpi_set_led(sc
, WPI_LED_LINK
, 0, 1);
962 case IEEE80211_S_INIT
:
963 sc
->is_scanning
= false;
967 return sc
->sc_newstate(ic
, nstate
, arg
);
971 * XXX: Hack to set the current channel to the value advertised in beacons or
972 * probe responses. Only used during AP detection.
973 * XXX: Duplicated from if_iwi.c
976 wpi_fix_channel(struct ieee80211com
*ic
, struct mbuf
*m
)
978 struct ieee80211_frame
*wh
;
982 wh
= mtod(m
, struct ieee80211_frame
*);
984 if ((wh
->i_fc
[0] & IEEE80211_FC0_TYPE_MASK
) != IEEE80211_FC0_TYPE_MGT
)
987 subtype
= wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
;
989 if (subtype
!= IEEE80211_FC0_SUBTYPE_BEACON
&&
990 subtype
!= IEEE80211_FC0_SUBTYPE_PROBE_RESP
)
993 frm
= (uint8_t *)(wh
+ 1);
994 efrm
= mtod(m
, uint8_t *) + m
->m_len
;
996 frm
+= 12; /* skip tstamp, bintval and capinfo fields */
998 if (*frm
== IEEE80211_ELEMID_DSPARMS
)
999 #if IEEE80211_CHAN_MAX < 255
1000 if (frm
[2] <= IEEE80211_CHAN_MAX
)
1002 ic
->ic_curchan
= &ic
->ic_channels
[frm
[2]];
1009 * Grab exclusive access to NIC memory.
1012 wpi_mem_lock(struct wpi_softc
*sc
)
1017 tmp
= WPI_READ(sc
, WPI_GPIO_CTL
);
1018 WPI_WRITE(sc
, WPI_GPIO_CTL
, tmp
| WPI_GPIO_MAC
);
1020 /* spin until we actually get the lock */
1021 for (ntries
= 0; ntries
< 1000; ntries
++) {
1022 if ((WPI_READ(sc
, WPI_GPIO_CTL
) &
1023 (WPI_GPIO_CLOCK
| WPI_GPIO_SLEEP
)) == WPI_GPIO_CLOCK
)
1028 aprint_error_dev(sc
->sc_dev
, "could not lock memory\n");
1032 * Release lock on NIC memory.
1035 wpi_mem_unlock(struct wpi_softc
*sc
)
1037 uint32_t tmp
= WPI_READ(sc
, WPI_GPIO_CTL
);
1038 WPI_WRITE(sc
, WPI_GPIO_CTL
, tmp
& ~WPI_GPIO_MAC
);
1042 wpi_mem_read(struct wpi_softc
*sc
, uint16_t addr
)
1044 WPI_WRITE(sc
, WPI_READ_MEM_ADDR
, WPI_MEM_4
| addr
);
1045 return WPI_READ(sc
, WPI_READ_MEM_DATA
);
1049 wpi_mem_write(struct wpi_softc
*sc
, uint16_t addr
, uint32_t data
)
1051 WPI_WRITE(sc
, WPI_WRITE_MEM_ADDR
, WPI_MEM_4
| addr
);
1052 WPI_WRITE(sc
, WPI_WRITE_MEM_DATA
, data
);
1056 wpi_mem_write_region_4(struct wpi_softc
*sc
, uint16_t addr
,
1057 const uint32_t *data
, int wlen
)
1059 for (; wlen
> 0; wlen
--, data
++, addr
+= 4)
1060 wpi_mem_write(sc
, addr
, *data
);
1065 * Read `len' bytes from the EEPROM. We access the EEPROM through the MAC
1066 * instead of using the traditional bit-bang method.
1069 wpi_read_prom_data(struct wpi_softc
*sc
, uint32_t addr
, void *data
, int len
)
1071 uint8_t *out
= data
;
1076 for (; len
> 0; len
-= 2, addr
++) {
1077 WPI_WRITE(sc
, WPI_EEPROM_CTL
, addr
<< 2);
1079 for (ntries
= 0; ntries
< 10; ntries
++) {
1080 if ((val
= WPI_READ(sc
, WPI_EEPROM_CTL
)) &
1086 aprint_error_dev(sc
->sc_dev
, "could not read EEPROM\n");
1099 * The firmware boot code is small and is intended to be copied directly into
1100 * the NIC internal memory.
1103 wpi_load_microcode(struct wpi_softc
*sc
, const uint8_t *ucode
, int size
)
1107 size
/= sizeof (uint32_t);
1111 /* copy microcode image into NIC memory */
1112 wpi_mem_write_region_4(sc
, WPI_MEM_UCODE_BASE
,
1113 (const uint32_t *)ucode
, size
);
1115 wpi_mem_write(sc
, WPI_MEM_UCODE_SRC
, 0);
1116 wpi_mem_write(sc
, WPI_MEM_UCODE_DST
, WPI_FW_TEXT
);
1117 wpi_mem_write(sc
, WPI_MEM_UCODE_SIZE
, size
);
1120 wpi_mem_write(sc
, WPI_MEM_UCODE_CTL
, WPI_UC_RUN
);
1122 /* wait for transfer to complete */
1123 for (ntries
= 0; ntries
< 1000; ntries
++) {
1124 if (!(wpi_mem_read(sc
, WPI_MEM_UCODE_CTL
) & WPI_UC_RUN
))
1128 if (ntries
== 1000) {
1130 aprint_error_dev(sc
->sc_dev
, "could not load boot firmware\n");
1133 wpi_mem_write(sc
, WPI_MEM_UCODE_CTL
, WPI_UC_ENABLE
);
1141 wpi_cache_firmware(struct wpi_softc
*sc
)
1143 firmware_handle_t fw
;
1149 mutex_enter(&wpi_firmware_mutex
);
1150 if (wpi_firmware_users
++) {
1151 mutex_exit(&wpi_firmware_mutex
);
1155 /* load firmware image from disk */
1156 if ((error
= firmware_open("if_wpi","iwlwifi-3945.ucode", &fw
) != 0)) {
1157 aprint_error_dev(sc
->sc_dev
, "could not read firmware file\n");
1161 wpi_firmware_size
= firmware_get_size(fw
);
1163 if (wpi_firmware_size
> sizeof (struct wpi_firmware_hdr
) +
1164 WPI_FW_MAIN_TEXT_MAXSZ
+ WPI_FW_MAIN_DATA_MAXSZ
+
1165 WPI_FW_INIT_TEXT_MAXSZ
+ WPI_FW_INIT_DATA_MAXSZ
+
1166 WPI_FW_BOOT_TEXT_MAXSZ
) {
1167 aprint_error_dev(sc
->sc_dev
, "invalid firmware file\n");
1172 if (wpi_firmware_size
< sizeof (struct wpi_firmware_hdr
)) {
1173 aprint_error_dev(sc
->sc_dev
,
1174 "truncated firmware header: %zu bytes\n",
1180 wpi_firmware_image
= firmware_malloc(wpi_firmware_size
);
1181 if (wpi_firmware_image
== NULL
) {
1182 aprint_error_dev(sc
->sc_dev
, "not enough memory to stock firmware\n");
1187 if ((error
= firmware_read(fw
, 0, wpi_firmware_image
, wpi_firmware_size
)) != 0) {
1188 aprint_error_dev(sc
->sc_dev
, "can't get firmware\n");
1194 mutex_exit(&wpi_firmware_mutex
);
1199 firmware_free(wpi_firmware_image
, wpi_firmware_size
);
1202 if (--wpi_firmware_users
== 0)
1203 firmware_free(wpi_firmware_image
, wpi_firmware_size
);
1204 mutex_exit(&wpi_firmware_mutex
);
1209 wpi_load_firmware(struct wpi_softc
*sc
)
1211 struct wpi_dma_info
*dma
= &sc
->fw_dma
;
1212 struct wpi_firmware_hdr hdr
;
1213 const uint8_t *init_text
, *init_data
, *main_text
, *main_data
;
1214 const uint8_t *boot_text
;
1215 uint32_t init_textsz
, init_datasz
, main_textsz
, main_datasz
;
1216 uint32_t boot_textsz
;
1219 if ((error
= wpi_cache_firmware(sc
)) != 0)
1222 memcpy(&hdr
, wpi_firmware_image
, sizeof(hdr
));
1224 main_textsz
= le32toh(hdr
.main_textsz
);
1225 main_datasz
= le32toh(hdr
.main_datasz
);
1226 init_textsz
= le32toh(hdr
.init_textsz
);
1227 init_datasz
= le32toh(hdr
.init_datasz
);
1228 boot_textsz
= le32toh(hdr
.boot_textsz
);
1230 /* sanity-check firmware segments sizes */
1231 if (main_textsz
> WPI_FW_MAIN_TEXT_MAXSZ
||
1232 main_datasz
> WPI_FW_MAIN_DATA_MAXSZ
||
1233 init_textsz
> WPI_FW_INIT_TEXT_MAXSZ
||
1234 init_datasz
> WPI_FW_INIT_DATA_MAXSZ
||
1235 boot_textsz
> WPI_FW_BOOT_TEXT_MAXSZ
||
1236 (boot_textsz
& 3) != 0) {
1237 aprint_error_dev(sc
->sc_dev
, "invalid firmware header\n");
1242 /* check that all firmware segments are present */
1243 if (wpi_firmware_size
<
1244 sizeof (struct wpi_firmware_hdr
) + main_textsz
+
1245 main_datasz
+ init_textsz
+ init_datasz
+ boot_textsz
) {
1246 aprint_error_dev(sc
->sc_dev
,
1247 "firmware file too short: %zu bytes\n", wpi_firmware_size
);
1252 /* get pointers to firmware segments */
1253 main_text
= wpi_firmware_image
+ sizeof (struct wpi_firmware_hdr
);
1254 main_data
= main_text
+ main_textsz
;
1255 init_text
= main_data
+ main_datasz
;
1256 init_data
= init_text
+ init_textsz
;
1257 boot_text
= init_data
+ init_datasz
;
1259 /* copy initialization images into pre-allocated DMA-safe memory */
1260 memcpy(dma
->vaddr
, init_data
, init_datasz
);
1261 memcpy((char*)dma
->vaddr
+ WPI_FW_INIT_DATA_MAXSZ
, init_text
, init_textsz
);
1263 /* tell adapter where to find initialization images */
1265 wpi_mem_write(sc
, WPI_MEM_DATA_BASE
, dma
->paddr
);
1266 wpi_mem_write(sc
, WPI_MEM_DATA_SIZE
, init_datasz
);
1267 wpi_mem_write(sc
, WPI_MEM_TEXT_BASE
,
1268 dma
->paddr
+ WPI_FW_INIT_DATA_MAXSZ
);
1269 wpi_mem_write(sc
, WPI_MEM_TEXT_SIZE
, init_textsz
);
1272 /* load firmware boot code */
1273 if ((error
= wpi_load_microcode(sc
, boot_text
, boot_textsz
)) != 0) {
1274 aprint_error_dev(sc
->sc_dev
, "could not load boot firmware\n");
1278 /* now press "execute" ;-) */
1279 WPI_WRITE(sc
, WPI_RESET
, 0);
1281 /* ..and wait at most one second for adapter to initialize */
1282 if ((error
= tsleep(sc
, PCATCH
, "wpiinit", hz
)) != 0) {
1283 /* this isn't what was supposed to happen.. */
1284 aprint_error_dev(sc
->sc_dev
,
1285 "timeout waiting for adapter to initialize\n");
1288 /* copy runtime images into pre-allocated DMA-safe memory */
1289 memcpy(dma
->vaddr
, main_data
, main_datasz
);
1290 memcpy((char*)dma
->vaddr
+ WPI_FW_MAIN_DATA_MAXSZ
, main_text
, main_textsz
);
1292 /* tell adapter where to find runtime images */
1294 wpi_mem_write(sc
, WPI_MEM_DATA_BASE
, dma
->paddr
);
1295 wpi_mem_write(sc
, WPI_MEM_DATA_SIZE
, main_datasz
);
1296 wpi_mem_write(sc
, WPI_MEM_TEXT_BASE
,
1297 dma
->paddr
+ WPI_FW_MAIN_DATA_MAXSZ
);
1298 wpi_mem_write(sc
, WPI_MEM_TEXT_SIZE
, WPI_FW_UPDATED
| main_textsz
);
1301 /* wait at most one second for second alive notification */
1302 if ((error
= tsleep(sc
, PCATCH
, "wpiinit", hz
)) != 0) {
1303 /* this isn't what was supposed to happen.. */
1304 aprint_error_dev(sc
->sc_dev
,
1305 "timeout waiting for adapter to initialize\n");
1311 mutex_enter(&wpi_firmware_mutex
);
1312 sc
->fw_used
= false;
1313 --wpi_firmware_users
;
1314 mutex_exit(&wpi_firmware_mutex
);
1319 wpi_calib_timeout(void *arg
)
1321 struct wpi_softc
*sc
= arg
;
1322 struct ieee80211com
*ic
= &sc
->sc_ic
;
1325 /* automatic rate control triggered every 500ms */
1326 if (ic
->ic_fixed_rate
== -1) {
1328 if (ic
->ic_opmode
== IEEE80211_M_STA
)
1329 wpi_iter_func(sc
, ic
->ic_bss
);
1331 ieee80211_iterate_nodes(&ic
->ic_sta
, wpi_iter_func
, sc
);
1335 /* update sensor data */
1336 temp
= (int)WPI_READ(sc
, WPI_TEMPERATURE
);
1338 /* automatic power calibration every 60s */
1339 if (++sc
->calib_cnt
>= 120) {
1340 wpi_power_calibration(sc
, temp
);
1344 callout_schedule(&sc
->calib_to
, hz
/2);
1348 wpi_iter_func(void *arg
, struct ieee80211_node
*ni
)
1350 struct wpi_softc
*sc
= arg
;
1351 struct wpi_node
*wn
= (struct wpi_node
*)ni
;
1353 ieee80211_amrr_choose(&sc
->amrr
, ni
, &wn
->amn
);
1357 * This function is called periodically (every 60 seconds) to adjust output
1358 * power to temperature changes.
1361 wpi_power_calibration(struct wpi_softc
*sc
, int temp
)
1363 /* sanity-check read value */
1364 if (temp
< -260 || temp
> 25) {
1365 /* this can't be correct, ignore */
1366 DPRINTF(("out-of-range temperature reported: %d\n", temp
));
1370 DPRINTF(("temperature %d->%d\n", sc
->temp
, temp
));
1372 /* adjust Tx power if need be */
1373 if (abs(temp
- sc
->temp
) <= 6)
1378 if (wpi_set_txpower(sc
, sc
->sc_ic
.ic_bss
->ni_chan
, 1) != 0) {
1379 /* just warn, too bad for the automatic calibration... */
1380 aprint_error_dev(sc
->sc_dev
, "could not adjust Tx power\n");
1385 wpi_rx_intr(struct wpi_softc
*sc
, struct wpi_rx_desc
*desc
,
1386 struct wpi_rx_data
*data
)
1388 struct ieee80211com
*ic
= &sc
->sc_ic
;
1389 struct ifnet
*ifp
= ic
->ic_ifp
;
1390 struct wpi_rx_ring
*ring
= &sc
->rxq
;
1391 struct wpi_rx_stat
*stat
;
1392 struct wpi_rx_head
*head
;
1393 struct wpi_rx_tail
*tail
;
1394 struct wpi_rbuf
*rbuf
;
1395 struct ieee80211_frame
*wh
;
1396 struct ieee80211_node
*ni
;
1397 struct mbuf
*m
, *mnew
;
1400 stat
= (struct wpi_rx_stat
*)(desc
+ 1);
1402 if (stat
->len
> WPI_STAT_MAXLEN
) {
1403 aprint_error_dev(sc
->sc_dev
, "invalid rx statistic header\n");
1408 head
= (struct wpi_rx_head
*)((char *)(stat
+ 1) + stat
->len
);
1409 tail
= (struct wpi_rx_tail
*)((char *)(head
+ 1) + le16toh(head
->len
));
1411 DPRINTFN(4, ("rx intr: idx=%d len=%d stat len=%d rssi=%d rate=%x "
1412 "chan=%d tstamp=%" PRId64
"\n", ring
->cur
, le32toh(desc
->len
),
1413 le16toh(head
->len
), (int8_t)stat
->rssi
, head
->rate
, head
->chan
,
1414 le64toh(tail
->tstamp
)));
1417 * Discard Rx frames with bad CRC early (XXX we may want to pass them
1418 * to radiotap in monitor mode).
1420 if ((le32toh(tail
->flags
) & WPI_RX_NOERROR
) != WPI_RX_NOERROR
) {
1421 DPRINTF(("rx tail flags error %x\n", le32toh(tail
->flags
)));
1426 /* Compute where are the useful datas */
1427 data_off
= (char*)(head
+ 1) - mtod(data
->m
, char*);
1430 * If the number of free entry is too low
1431 * just dup the data->m socket and reuse the same rbuf entry
1432 * Note that thi test is not protected by a mutex because the
1433 * only path that causes nb_free_entries to decrease is through
1434 * this interrupt routine, which is not re-entrent.
1435 * What may not be obvious is that the safe path is if that test
1436 * evaluates as true, so nb_free_entries can grow any time.
1438 if (sc
->rxq
.nb_free_entries
<= WPI_RBUF_LOW_LIMIT
) {
1440 /* Prepare the mbuf for the m_dup */
1441 data
->m
->m_pkthdr
.len
= data
->m
->m_len
= le16toh(head
->len
);
1442 data
->m
->m_data
= (char*) data
->m
->m_data
+ data_off
;
1444 m
= m_dup(data
->m
,0,M_COPYALL
,M_DONTWAIT
);
1446 /* Restore the m_data pointer for future use */
1447 data
->m
->m_data
= (char*) data
->m
->m_data
- data_off
;
1455 MGETHDR(mnew
, M_DONTWAIT
, MT_DATA
);
1461 rbuf
= wpi_alloc_rbuf(sc
);
1462 KASSERT(rbuf
!= NULL
);
1464 /* attach Rx buffer to mbuf */
1465 MEXTADD(mnew
, rbuf
->vaddr
, WPI_RBUF_SIZE
, 0, wpi_free_rbuf
,
1467 mnew
->m_flags
|= M_EXT_RW
;
1472 /* update Rx descriptor */
1473 ring
->desc
[ring
->cur
] = htole32(rbuf
->paddr
);
1475 m
->m_data
= (char*)m
->m_data
+ data_off
;
1476 m
->m_pkthdr
.len
= m
->m_len
= le16toh(head
->len
);
1480 m
->m_pkthdr
.rcvif
= ifp
;
1482 if (ic
->ic_state
== IEEE80211_S_SCAN
)
1483 wpi_fix_channel(ic
, m
);
1486 if (sc
->sc_drvbpf
!= NULL
) {
1487 struct wpi_rx_radiotap_header
*tap
= &sc
->sc_rxtap
;
1491 htole16(ic
->ic_channels
[head
->chan
].ic_freq
);
1492 tap
->wr_chan_flags
=
1493 htole16(ic
->ic_channels
[head
->chan
].ic_flags
);
1494 tap
->wr_dbm_antsignal
= (int8_t)(stat
->rssi
- WPI_RSSI_OFFSET
);
1495 tap
->wr_dbm_antnoise
= (int8_t)le16toh(stat
->noise
);
1496 tap
->wr_tsft
= tail
->tstamp
;
1497 tap
->wr_antenna
= (le16toh(head
->flags
) >> 4) & 0xf;
1498 switch (head
->rate
) {
1500 case 10: tap
->wr_rate
= 2; break;
1501 case 20: tap
->wr_rate
= 4; break;
1502 case 55: tap
->wr_rate
= 11; break;
1503 case 110: tap
->wr_rate
= 22; break;
1505 case 0xd: tap
->wr_rate
= 12; break;
1506 case 0xf: tap
->wr_rate
= 18; break;
1507 case 0x5: tap
->wr_rate
= 24; break;
1508 case 0x7: tap
->wr_rate
= 36; break;
1509 case 0x9: tap
->wr_rate
= 48; break;
1510 case 0xb: tap
->wr_rate
= 72; break;
1511 case 0x1: tap
->wr_rate
= 96; break;
1512 case 0x3: tap
->wr_rate
= 108; break;
1513 /* unknown rate: should not happen */
1514 default: tap
->wr_rate
= 0;
1516 if (le16toh(head
->flags
) & 0x4)
1517 tap
->wr_flags
|= IEEE80211_RADIOTAP_F_SHORTPRE
;
1519 bpf_mtap2(sc
->sc_drvbpf
, tap
, sc
->sc_rxtap_len
, m
);
1523 /* grab a reference to the source node */
1524 wh
= mtod(m
, struct ieee80211_frame
*);
1525 ni
= ieee80211_find_rxnode(ic
, (struct ieee80211_frame_min
*)wh
);
1527 /* send the frame to the 802.11 layer */
1528 ieee80211_input(ic
, m
, ni
, stat
->rssi
, 0);
1530 /* release node reference */
1531 ieee80211_free_node(ni
);
1535 wpi_tx_intr(struct wpi_softc
*sc
, struct wpi_rx_desc
*desc
)
1537 struct ifnet
*ifp
= sc
->sc_ic
.ic_ifp
;
1538 struct wpi_tx_ring
*ring
= &sc
->txq
[desc
->qid
& 0x3];
1539 struct wpi_tx_data
*txdata
= &ring
->data
[desc
->idx
];
1540 struct wpi_tx_stat
*stat
= (struct wpi_tx_stat
*)(desc
+ 1);
1541 struct wpi_node
*wn
= (struct wpi_node
*)txdata
->ni
;
1543 DPRINTFN(4, ("tx done: qid=%d idx=%d retries=%d nkill=%d rate=%x "
1544 "duration=%d status=%x\n", desc
->qid
, desc
->idx
, stat
->ntries
,
1545 stat
->nkill
, stat
->rate
, le32toh(stat
->duration
),
1546 le32toh(stat
->status
)));
1549 * Update rate control statistics for the node.
1550 * XXX we should not count mgmt frames since they're always sent at
1551 * the lowest available bit-rate.
1553 wn
->amn
.amn_txcnt
++;
1554 if (stat
->ntries
> 0) {
1555 DPRINTFN(3, ("tx intr ntries %d\n", stat
->ntries
));
1556 wn
->amn
.amn_retrycnt
++;
1559 if ((le32toh(stat
->status
) & 0xff) != 1)
1564 bus_dmamap_unload(sc
->sc_dmat
, txdata
->map
);
1567 ieee80211_free_node(txdata
->ni
);
1572 sc
->sc_tx_timer
= 0;
1573 ifp
->if_flags
&= ~IFF_OACTIVE
;
1578 wpi_cmd_intr(struct wpi_softc
*sc
, struct wpi_rx_desc
*desc
)
1580 struct wpi_tx_ring
*ring
= &sc
->cmdq
;
1581 struct wpi_tx_data
*data
;
1583 if ((desc
->qid
& 7) != 4)
1584 return; /* not a command ack */
1586 data
= &ring
->data
[desc
->idx
];
1588 /* if the command was mapped in a mbuf, free it */
1589 if (data
->m
!= NULL
) {
1590 bus_dmamap_unload(sc
->sc_dmat
, data
->map
);
1595 wakeup(&ring
->cmd
[desc
->idx
]);
1599 wpi_notif_intr(struct wpi_softc
*sc
)
1601 struct ieee80211com
*ic
= &sc
->sc_ic
;
1602 struct ifnet
*ifp
= ic
->ic_ifp
;
1603 struct wpi_rx_desc
*desc
;
1604 struct wpi_rx_data
*data
;
1607 hw
= le32toh(sc
->shared
->next
);
1608 while (sc
->rxq
.cur
!= hw
) {
1609 data
= &sc
->rxq
.data
[sc
->rxq
.cur
];
1611 desc
= mtod(data
->m
, struct wpi_rx_desc
*);
1613 DPRINTFN(4, ("rx notification qid=%x idx=%d flags=%x type=%d "
1614 "len=%d\n", desc
->qid
, desc
->idx
, desc
->flags
,
1615 desc
->type
, le32toh(desc
->len
)));
1617 if (!(desc
->qid
& 0x80)) /* reply to a command */
1618 wpi_cmd_intr(sc
, desc
);
1620 switch (desc
->type
) {
1622 /* a 802.11 frame was received */
1623 wpi_rx_intr(sc
, desc
, data
);
1627 /* a 802.11 frame has been transmitted */
1628 wpi_tx_intr(sc
, desc
);
1633 struct wpi_ucode_info
*uc
=
1634 (struct wpi_ucode_info
*)(desc
+ 1);
1636 /* the microcontroller is ready */
1637 DPRINTF(("microcode alive notification version %x "
1638 "alive %x\n", le32toh(uc
->version
),
1639 le32toh(uc
->valid
)));
1641 if (le32toh(uc
->valid
) != 1) {
1642 aprint_error_dev(sc
->sc_dev
,
1643 "microcontroller initialization failed\n");
1647 case WPI_STATE_CHANGED
:
1649 uint32_t *status
= (uint32_t *)(desc
+ 1);
1651 /* enabled/disabled notification */
1652 DPRINTF(("state changed to %x\n", le32toh(*status
)));
1654 if (le32toh(*status
) & 1) {
1655 /* the radio button has to be pushed */
1656 aprint_error_dev(sc
->sc_dev
, "Radio transmitter is off\n");
1657 /* turn the interface down */
1658 ifp
->if_flags
&= ~IFF_UP
;
1660 return; /* no further processing */
1664 case WPI_START_SCAN
:
1666 struct wpi_start_scan
*scan
=
1667 (struct wpi_start_scan
*)(desc
+ 1);
1669 DPRINTFN(2, ("scanning channel %d status %x\n",
1670 scan
->chan
, le32toh(scan
->status
)));
1672 /* fix current channel */
1673 ic
->ic_bss
->ni_chan
= &ic
->ic_channels
[scan
->chan
];
1678 struct wpi_stop_scan
*scan
=
1679 (struct wpi_stop_scan
*)(desc
+ 1);
1681 DPRINTF(("scan finished nchan=%d status=%d chan=%d\n",
1682 scan
->nchan
, scan
->status
, scan
->chan
));
1684 if (scan
->status
== 1 && scan
->chan
<= 14) {
1686 * We just finished scanning 802.11g channels,
1687 * start scanning 802.11a ones.
1689 if (wpi_scan(sc
, IEEE80211_CHAN_A
) == 0)
1692 sc
->is_scanning
= false;
1693 ieee80211_end_scan(ic
);
1698 sc
->rxq
.cur
= (sc
->rxq
.cur
+ 1) % WPI_RX_RING_COUNT
;
1701 /* tell the firmware what we have processed */
1702 hw
= (hw
== 0) ? WPI_RX_RING_COUNT
- 1 : hw
- 1;
1703 WPI_WRITE(sc
, WPI_RX_WIDX
, hw
& ~7);
1709 struct wpi_softc
*sc
= arg
;
1710 struct ifnet
*ifp
= sc
->sc_ic
.ic_ifp
;
1713 r
= WPI_READ(sc
, WPI_INTR
);
1714 if (r
== 0 || r
== 0xffffffff)
1715 return 0; /* not for us */
1717 DPRINTFN(5, ("interrupt reg %x\n", r
));
1719 /* disable interrupts */
1720 WPI_WRITE(sc
, WPI_MASK
, 0);
1721 /* ack interrupts */
1722 WPI_WRITE(sc
, WPI_INTR
, r
);
1724 if (r
& (WPI_SW_ERROR
| WPI_HW_ERROR
)) {
1725 aprint_error_dev(sc
->sc_dev
, "fatal firmware error\n");
1726 sc
->sc_ic
.ic_ifp
->if_flags
&= ~IFF_UP
;
1727 wpi_stop(sc
->sc_ic
.ic_ifp
, 1);
1731 if (r
& WPI_RX_INTR
)
1734 if (r
& WPI_ALIVE_INTR
) /* firmware initialized */
1737 /* re-enable interrupts */
1738 if (ifp
->if_flags
& IFF_UP
)
1739 WPI_WRITE(sc
, WPI_MASK
, WPI_INTR_MASK
);
1745 wpi_plcp_signal(int rate
)
1748 /* CCK rates (returned values are device-dependent) */
1752 case 22: return 110;
1754 /* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
1755 /* R1-R4, (u)ral is R4-R1 */
1756 case 12: return 0xd;
1757 case 18: return 0xf;
1758 case 24: return 0x5;
1759 case 36: return 0x7;
1760 case 48: return 0x9;
1761 case 72: return 0xb;
1762 case 96: return 0x1;
1763 case 108: return 0x3;
1765 /* unsupported rates (should not get there) */
1770 /* quickly determine if a given rate is CCK or OFDM */
1771 #define WPI_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22)
1774 wpi_tx_data(struct wpi_softc
*sc
, struct mbuf
*m0
, struct ieee80211_node
*ni
,
1777 struct ieee80211com
*ic
= &sc
->sc_ic
;
1778 struct wpi_tx_ring
*ring
= &sc
->txq
[ac
];
1779 struct wpi_tx_desc
*desc
;
1780 struct wpi_tx_data
*data
;
1781 struct wpi_tx_cmd
*cmd
;
1782 struct wpi_cmd_data
*tx
;
1783 struct ieee80211_frame
*wh
;
1784 struct ieee80211_key
*k
;
1785 const struct chanAccParams
*cap
;
1787 int i
, error
, rate
, hdrlen
, noack
= 0;
1789 desc
= &ring
->desc
[ring
->cur
];
1790 data
= &ring
->data
[ring
->cur
];
1792 wh
= mtod(m0
, struct ieee80211_frame
*);
1794 if (IEEE80211_QOS_HAS_SEQ(wh
)) {
1795 cap
= &ic
->ic_wme
.wme_chanParams
;
1796 noack
= cap
->cap_wmeParams
[ac
].wmep_noackPolicy
;
1799 if (wh
->i_fc
[1] & IEEE80211_FC1_WEP
) {
1800 k
= ieee80211_crypto_encap(ic
, ni
, m0
);
1806 /* packet header may have moved, reset our local pointer */
1807 wh
= mtod(m0
, struct ieee80211_frame
*);
1810 hdrlen
= ieee80211_anyhdrsize(wh
);
1813 if ((wh
->i_fc
[0] & IEEE80211_FC0_TYPE_MASK
) ==
1814 IEEE80211_FC0_TYPE_MGT
) {
1815 /* mgmt frames are sent at the lowest available bit-rate */
1816 rate
= ni
->ni_rates
.rs_rates
[0];
1818 if (ic
->ic_fixed_rate
!= -1) {
1819 rate
= ic
->ic_sup_rates
[ic
->ic_curmode
].
1820 rs_rates
[ic
->ic_fixed_rate
];
1822 rate
= ni
->ni_rates
.rs_rates
[ni
->ni_txrate
];
1824 rate
&= IEEE80211_RATE_VAL
;
1828 if (sc
->sc_drvbpf
!= NULL
) {
1829 struct wpi_tx_radiotap_header
*tap
= &sc
->sc_txtap
;
1832 tap
->wt_chan_freq
= htole16(ni
->ni_chan
->ic_freq
);
1833 tap
->wt_chan_flags
= htole16(ni
->ni_chan
->ic_flags
);
1834 tap
->wt_rate
= rate
;
1835 tap
->wt_hwqueue
= ac
;
1836 if (wh
->i_fc
[1] & IEEE80211_FC1_WEP
)
1837 tap
->wt_flags
|= IEEE80211_RADIOTAP_F_WEP
;
1839 bpf_mtap2(sc
->sc_drvbpf
, tap
, sc
->sc_txtap_len
, m0
);
1843 cmd
= &ring
->cmd
[ring
->cur
];
1844 cmd
->code
= WPI_CMD_TX_DATA
;
1846 cmd
->qid
= ring
->qid
;
1847 cmd
->idx
= ring
->cur
;
1849 tx
= (struct wpi_cmd_data
*)cmd
->data
;
1852 if (!noack
&& !IEEE80211_IS_MULTICAST(wh
->i_addr1
)) {
1853 tx
->flags
|= htole32(WPI_TX_NEED_ACK
);
1854 } else if (m0
->m_pkthdr
.len
+ IEEE80211_CRC_LEN
> ic
->ic_rtsthreshold
)
1855 tx
->flags
|= htole32(WPI_TX_NEED_RTS
| WPI_TX_FULL_TXOP
);
1857 tx
->flags
|= htole32(WPI_TX_AUTO_SEQ
);
1859 /* retrieve destination node's id */
1860 tx
->id
= IEEE80211_IS_MULTICAST(wh
->i_addr1
) ? WPI_ID_BROADCAST
:
1863 if ((wh
->i_fc
[0] & IEEE80211_FC0_TYPE_MASK
) ==
1864 IEEE80211_FC0_TYPE_MGT
) {
1865 /* tell h/w to set timestamp in probe responses */
1867 (IEEE80211_FC0_TYPE_MASK
| IEEE80211_FC0_SUBTYPE_MASK
)) ==
1868 (IEEE80211_FC0_TYPE_MGT
| IEEE80211_FC0_SUBTYPE_PROBE_RESP
))
1869 tx
->flags
|= htole32(WPI_TX_INSERT_TSTAMP
);
1871 if (((wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
) ==
1872 IEEE80211_FC0_SUBTYPE_ASSOC_REQ
) ||
1873 ((wh
->i_fc
[0] & IEEE80211_FC0_SUBTYPE_MASK
) ==
1874 IEEE80211_FC0_SUBTYPE_REASSOC_REQ
))
1875 tx
->timeout
= htole16(3);
1877 tx
->timeout
= htole16(2);
1879 tx
->timeout
= htole16(0);
1881 tx
->rate
= wpi_plcp_signal(rate
);
1883 /* be very persistant at sending frames out */
1885 tx
->data_ntries
= 15;
1887 tx
->ofdm_mask
= 0xff;
1889 tx
->lifetime
= htole32(WPI_LIFETIME_INFINITE
);
1891 tx
->len
= htole16(m0
->m_pkthdr
.len
);
1893 /* save and trim IEEE802.11 header */
1894 memcpy((uint8_t *)(tx
+ 1), wh
, hdrlen
);
1897 error
= bus_dmamap_load_mbuf(sc
->sc_dmat
, data
->map
, m0
,
1898 BUS_DMA_WRITE
| BUS_DMA_NOWAIT
);
1899 if (error
!= 0 && error
!= EFBIG
) {
1900 aprint_error_dev(sc
->sc_dev
, "could not map mbuf (error %d)\n", error
);
1905 /* too many fragments, linearize */
1906 MGETHDR(mnew
, M_DONTWAIT
, MT_DATA
);
1912 M_COPY_PKTHDR(mnew
, m0
);
1913 if (m0
->m_pkthdr
.len
> MHLEN
) {
1914 MCLGET(mnew
, M_DONTWAIT
);
1915 if (!(mnew
->m_flags
& M_EXT
)) {
1922 m_copydata(m0
, 0, m0
->m_pkthdr
.len
, mtod(mnew
, void *));
1924 mnew
->m_len
= mnew
->m_pkthdr
.len
;
1927 error
= bus_dmamap_load_mbuf(sc
->sc_dmat
, data
->map
, m0
,
1928 BUS_DMA_WRITE
| BUS_DMA_NOWAIT
);
1930 aprint_error_dev(sc
->sc_dev
, "could not map mbuf (error %d)\n",
1940 DPRINTFN(4, ("sending data: qid=%d idx=%d len=%d nsegs=%d\n",
1941 ring
->qid
, ring
->cur
, m0
->m_pkthdr
.len
, data
->map
->dm_nsegs
));
1943 /* first scatter/gather segment is used by the tx data command */
1944 desc
->flags
= htole32(WPI_PAD32(m0
->m_pkthdr
.len
) << 28 |
1945 (1 + data
->map
->dm_nsegs
) << 24);
1946 desc
->segs
[0].addr
= htole32(ring
->cmd_dma
.paddr
+
1947 ring
->cur
* sizeof (struct wpi_tx_cmd
));
1948 desc
->segs
[0].len
= htole32(4 + sizeof (struct wpi_cmd_data
) +
1949 ((hdrlen
+ 3) & ~3));
1951 for (i
= 1; i
<= data
->map
->dm_nsegs
; i
++) {
1952 desc
->segs
[i
].addr
=
1953 htole32(data
->map
->dm_segs
[i
- 1].ds_addr
);
1955 htole32(data
->map
->dm_segs
[i
- 1].ds_len
);
1961 ring
->cur
= (ring
->cur
+ 1) % WPI_TX_RING_COUNT
;
1962 WPI_WRITE(sc
, WPI_TX_WIDX
, ring
->qid
<< 8 | ring
->cur
);
1968 wpi_start(struct ifnet
*ifp
)
1970 struct wpi_softc
*sc
= ifp
->if_softc
;
1971 struct ieee80211com
*ic
= &sc
->sc_ic
;
1972 struct ieee80211_node
*ni
;
1973 struct ether_header
*eh
;
1978 * net80211 may still try to send management frames even if the
1979 * IFF_RUNNING flag is not set...
1981 if ((ifp
->if_flags
& (IFF_RUNNING
| IFF_OACTIVE
)) != IFF_RUNNING
)
1985 IF_DEQUEUE(&ic
->ic_mgtq
, m0
);
1988 ni
= (struct ieee80211_node
*)m0
->m_pkthdr
.rcvif
;
1989 m0
->m_pkthdr
.rcvif
= NULL
;
1991 /* management frames go into ring 0 */
1992 if (sc
->txq
[0].queued
> sc
->txq
[0].count
- 8) {
1997 if (ic
->ic_rawbpf
!= NULL
)
1998 bpf_mtap(ic
->ic_rawbpf
, m0
);
2000 if (wpi_tx_data(sc
, m0
, ni
, 0) != 0) {
2005 if (ic
->ic_state
!= IEEE80211_S_RUN
)
2007 IFQ_POLL(&ifp
->if_snd
, m0
);
2011 if (m0
->m_len
< sizeof (*eh
) &&
2012 (m0
= m_pullup(m0
, sizeof (*eh
))) == NULL
) {
2016 eh
= mtod(m0
, struct ether_header
*);
2017 ni
= ieee80211_find_txnode(ic
, eh
->ether_dhost
);
2024 /* classify mbuf so we can find which tx ring to use */
2025 if (ieee80211_classify(ic
, m0
, ni
) != 0) {
2027 ieee80211_free_node(ni
);
2032 /* no QoS encapsulation for EAPOL frames */
2033 ac
= (eh
->ether_type
!= htons(ETHERTYPE_PAE
)) ?
2034 M_WME_GETAC(m0
) : WME_AC_BE
;
2036 if (sc
->txq
[ac
].queued
> sc
->txq
[ac
].count
- 8) {
2037 /* there is no place left in this ring */
2038 ifp
->if_flags
|= IFF_OACTIVE
;
2041 IFQ_DEQUEUE(&ifp
->if_snd
, m0
);
2043 if (ifp
->if_bpf
!= NULL
)
2044 bpf_mtap(ifp
->if_bpf
, m0
);
2046 m0
= ieee80211_encap(ic
, m0
, ni
);
2048 ieee80211_free_node(ni
);
2053 if (ic
->ic_rawbpf
!= NULL
)
2054 bpf_mtap(ic
->ic_rawbpf
, m0
);
2056 if (wpi_tx_data(sc
, m0
, ni
, ac
) != 0) {
2057 ieee80211_free_node(ni
);
2063 sc
->sc_tx_timer
= 5;
2069 wpi_watchdog(struct ifnet
*ifp
)
2071 struct wpi_softc
*sc
= ifp
->if_softc
;
2075 if (sc
->sc_tx_timer
> 0) {
2076 if (--sc
->sc_tx_timer
== 0) {
2077 aprint_error_dev(sc
->sc_dev
, "device timeout\n");
2079 ifp
->if_flags
&= ~IFF_UP
;
2086 ieee80211_watchdog(&sc
->sc_ic
);
2090 wpi_ioctl(struct ifnet
*ifp
, u_long cmd
, void *data
)
2092 #define IS_RUNNING(ifp) \
2093 ((ifp->if_flags & IFF_UP) && (ifp->if_flags & IFF_RUNNING))
2095 struct wpi_softc
*sc
= ifp
->if_softc
;
2096 struct ieee80211com
*ic
= &sc
->sc_ic
;
2103 if ((error
= ifioctl_common(ifp
, cmd
, data
)) != 0)
2105 if (ifp
->if_flags
& IFF_UP
) {
2106 if (!(ifp
->if_flags
& IFF_RUNNING
))
2109 if (ifp
->if_flags
& IFF_RUNNING
)
2116 /* XXX no h/w multicast filter? --dyoung */
2117 if ((error
= ether_ioctl(ifp
, cmd
, data
)) == ENETRESET
) {
2118 /* setup multicast filter, etc */
2124 error
= ieee80211_ioctl(ic
, cmd
, data
);
2127 if (error
== ENETRESET
) {
2128 if (IS_RUNNING(ifp
) &&
2129 (ic
->ic_roaming
!= IEEE80211_ROAMING_MANUAL
))
2141 * Extract various information from EEPROM.
2144 wpi_read_eeprom(struct wpi_softc
*sc
)
2146 struct ieee80211com
*ic
= &sc
->sc_ic
;
2150 wpi_read_prom_data(sc
, WPI_EEPROM_CAPABILITIES
, &sc
->cap
, 1);
2151 wpi_read_prom_data(sc
, WPI_EEPROM_REVISION
, &sc
->rev
, 2);
2152 wpi_read_prom_data(sc
, WPI_EEPROM_TYPE
, &sc
->type
, 1);
2154 DPRINTF(("cap=%x rev=%x type=%x\n", sc
->cap
, le16toh(sc
->rev
),
2157 /* read and print regulatory domain */
2158 wpi_read_prom_data(sc
, WPI_EEPROM_DOMAIN
, domain
, 4);
2159 aprint_normal_dev(sc
->sc_dev
, "%.4s", domain
);
2161 /* read and print MAC address */
2162 wpi_read_prom_data(sc
, WPI_EEPROM_MAC
, ic
->ic_myaddr
, 6);
2163 aprint_normal(", address %s\n", ether_sprintf(ic
->ic_myaddr
));
2165 /* read the list of authorized channels */
2166 for (i
= 0; i
< WPI_CHAN_BANDS_COUNT
; i
++)
2167 wpi_read_eeprom_channels(sc
, i
);
2169 /* read the list of power groups */
2170 for (i
= 0; i
< WPI_POWER_GROUPS_COUNT
; i
++)
2171 wpi_read_eeprom_group(sc
, i
);
2175 wpi_read_eeprom_channels(struct wpi_softc
*sc
, int n
)
2177 struct ieee80211com
*ic
= &sc
->sc_ic
;
2178 const struct wpi_chan_band
*band
= &wpi_bands
[n
];
2179 struct wpi_eeprom_chan channels
[WPI_MAX_CHAN_PER_BAND
];
2182 wpi_read_prom_data(sc
, band
->addr
, channels
,
2183 band
->nchan
* sizeof (struct wpi_eeprom_chan
));
2185 for (i
= 0; i
< band
->nchan
; i
++) {
2186 if (!(channels
[i
].flags
& WPI_EEPROM_CHAN_VALID
))
2189 chan
= band
->chan
[i
];
2191 if (n
== 0) { /* 2GHz band */
2192 ic
->ic_channels
[chan
].ic_freq
=
2193 ieee80211_ieee2mhz(chan
, IEEE80211_CHAN_2GHZ
);
2194 ic
->ic_channels
[chan
].ic_flags
=
2195 IEEE80211_CHAN_CCK
| IEEE80211_CHAN_OFDM
|
2196 IEEE80211_CHAN_DYN
| IEEE80211_CHAN_2GHZ
;
2198 } else { /* 5GHz band */
2200 * Some 3945abg adapters support channels 7, 8, 11
2201 * and 12 in the 2GHz *and* 5GHz bands.
2202 * Because of limitations in our net80211(9) stack,
2203 * we can't support these channels in 5GHz band.
2208 ic
->ic_channels
[chan
].ic_freq
=
2209 ieee80211_ieee2mhz(chan
, IEEE80211_CHAN_5GHZ
);
2210 ic
->ic_channels
[chan
].ic_flags
= IEEE80211_CHAN_A
;
2213 /* is active scan allowed on this channel? */
2214 if (!(channels
[i
].flags
& WPI_EEPROM_CHAN_ACTIVE
)) {
2215 ic
->ic_channels
[chan
].ic_flags
|=
2216 IEEE80211_CHAN_PASSIVE
;
2219 /* save maximum allowed power for this channel */
2220 sc
->maxpwr
[chan
] = channels
[i
].maxpwr
;
2222 DPRINTF(("adding chan %d flags=0x%x maxpwr=%d\n",
2223 chan
, channels
[i
].flags
, sc
->maxpwr
[chan
]));
2228 wpi_read_eeprom_group(struct wpi_softc
*sc
, int n
)
2230 struct wpi_power_group
*group
= &sc
->groups
[n
];
2231 struct wpi_eeprom_group rgroup
;
2234 wpi_read_prom_data(sc
, WPI_EEPROM_POWER_GRP
+ n
* 32, &rgroup
,
2237 /* save power group information */
2238 group
->chan
= rgroup
.chan
;
2239 group
->maxpwr
= rgroup
.maxpwr
;
2240 /* temperature at which the samples were taken */
2241 group
->temp
= (int16_t)le16toh(rgroup
.temp
);
2243 DPRINTF(("power group %d: chan=%d maxpwr=%d temp=%d\n", n
,
2244 group
->chan
, group
->maxpwr
, group
->temp
));
2246 for (i
= 0; i
< WPI_SAMPLES_COUNT
; i
++) {
2247 group
->samples
[i
].index
= rgroup
.samples
[i
].index
;
2248 group
->samples
[i
].power
= rgroup
.samples
[i
].power
;
2250 DPRINTF(("\tsample %d: index=%d power=%d\n", i
,
2251 group
->samples
[i
].index
, group
->samples
[i
].power
));
2256 * Send a command to the firmware.
2259 wpi_cmd(struct wpi_softc
*sc
, int code
, const void *buf
, int size
, int async
)
2261 struct wpi_tx_ring
*ring
= &sc
->cmdq
;
2262 struct wpi_tx_desc
*desc
;
2263 struct wpi_tx_cmd
*cmd
;
2265 KASSERT(size
<= sizeof cmd
->data
);
2267 desc
= &ring
->desc
[ring
->cur
];
2268 cmd
= &ring
->cmd
[ring
->cur
];
2272 cmd
->qid
= ring
->qid
;
2273 cmd
->idx
= ring
->cur
;
2274 memcpy(cmd
->data
, buf
, size
);
2276 desc
->flags
= htole32(WPI_PAD32(size
) << 28 | 1 << 24);
2277 desc
->segs
[0].addr
= htole32(ring
->cmd_dma
.paddr
+
2278 ring
->cur
* sizeof (struct wpi_tx_cmd
));
2279 desc
->segs
[0].len
= htole32(4 + size
);
2282 ring
->cur
= (ring
->cur
+ 1) % WPI_CMD_RING_COUNT
;
2283 WPI_WRITE(sc
, WPI_TX_WIDX
, ring
->qid
<< 8 | ring
->cur
);
2285 return async
? 0 : tsleep(cmd
, PCATCH
, "wpicmd", hz
);
2289 wpi_wme_update(struct ieee80211com
*ic
)
2291 #define WPI_EXP2(v) htole16((1 << (v)) - 1)
2292 #define WPI_USEC(v) htole16(IEEE80211_TXOP_TO_US(v))
2293 struct wpi_softc
*sc
= ic
->ic_ifp
->if_softc
;
2294 const struct wmeParams
*wmep
;
2295 struct wpi_wme_setup wme
;
2298 /* don't override default WME values if WME is not actually enabled */
2299 if (!(ic
->ic_flags
& IEEE80211_F_WME
))
2303 for (ac
= 0; ac
< WME_NUM_AC
; ac
++) {
2304 wmep
= &ic
->ic_wme
.wme_chanParams
.cap_wmeParams
[ac
];
2305 wme
.ac
[ac
].aifsn
= wmep
->wmep_aifsn
;
2306 wme
.ac
[ac
].cwmin
= WPI_EXP2(wmep
->wmep_logcwmin
);
2307 wme
.ac
[ac
].cwmax
= WPI_EXP2(wmep
->wmep_logcwmax
);
2308 wme
.ac
[ac
].txop
= WPI_USEC(wmep
->wmep_txopLimit
);
2310 DPRINTF(("setting WME for queue %d aifsn=%d cwmin=%d cwmax=%d "
2311 "txop=%d\n", ac
, wme
.ac
[ac
].aifsn
, wme
.ac
[ac
].cwmin
,
2312 wme
.ac
[ac
].cwmax
, wme
.ac
[ac
].txop
));
2315 return wpi_cmd(sc
, WPI_CMD_SET_WME
, &wme
, sizeof wme
, 1);
2321 * Configure h/w multi-rate retries.
2324 wpi_mrr_setup(struct wpi_softc
*sc
)
2326 struct ieee80211com
*ic
= &sc
->sc_ic
;
2327 struct wpi_mrr_setup mrr
;
2330 /* CCK rates (not used with 802.11a) */
2331 for (i
= WPI_CCK1
; i
<= WPI_CCK11
; i
++) {
2332 mrr
.rates
[i
].flags
= 0;
2333 mrr
.rates
[i
].plcp
= wpi_ridx_to_plcp
[i
];
2334 /* fallback to the immediate lower CCK rate (if any) */
2335 mrr
.rates
[i
].next
= (i
== WPI_CCK1
) ? WPI_CCK1
: i
- 1;
2336 /* try one time at this rate before falling back to "next" */
2337 mrr
.rates
[i
].ntries
= 1;
2340 /* OFDM rates (not used with 802.11b) */
2341 for (i
= WPI_OFDM6
; i
<= WPI_OFDM54
; i
++) {
2342 mrr
.rates
[i
].flags
= 0;
2343 mrr
.rates
[i
].plcp
= wpi_ridx_to_plcp
[i
];
2344 /* fallback to the immediate lower rate (if any) */
2345 /* we allow fallback from OFDM/6 to CCK/2 in 11b/g mode */
2346 mrr
.rates
[i
].next
= (i
== WPI_OFDM6
) ?
2347 ((ic
->ic_curmode
== IEEE80211_MODE_11A
) ?
2348 WPI_OFDM6
: WPI_CCK2
) :
2350 /* try one time at this rate before falling back to "next" */
2351 mrr
.rates
[i
].ntries
= 1;
2354 /* setup MRR for control frames */
2355 mrr
.which
= htole32(WPI_MRR_CTL
);
2356 error
= wpi_cmd(sc
, WPI_CMD_MRR_SETUP
, &mrr
, sizeof mrr
, 0);
2358 aprint_error_dev(sc
->sc_dev
, "could not setup MRR for control frames\n");
2362 /* setup MRR for data frames */
2363 mrr
.which
= htole32(WPI_MRR_DATA
);
2364 error
= wpi_cmd(sc
, WPI_CMD_MRR_SETUP
, &mrr
, sizeof mrr
, 0);
2366 aprint_error_dev(sc
->sc_dev
, "could not setup MRR for data frames\n");
2374 wpi_set_led(struct wpi_softc
*sc
, uint8_t which
, uint8_t off
, uint8_t on
)
2376 struct wpi_cmd_led led
;
2379 led
.unit
= htole32(100000); /* on/off in unit of 100ms */
2383 (void)wpi_cmd(sc
, WPI_CMD_SET_LED
, &led
, sizeof led
, 1);
2387 wpi_enable_tsf(struct wpi_softc
*sc
, struct ieee80211_node
*ni
)
2389 struct wpi_cmd_tsf tsf
;
2392 memset(&tsf
, 0, sizeof tsf
);
2393 memcpy(&tsf
.tstamp
, ni
->ni_tstamp
.data
, 8);
2394 tsf
.bintval
= htole16(ni
->ni_intval
);
2395 tsf
.lintval
= htole16(10);
2397 /* compute remaining time until next beacon */
2398 val
= (uint64_t)ni
->ni_intval
* 1024; /* msecs -> usecs */
2399 mod
= le64toh(tsf
.tstamp
) % val
;
2400 tsf
.binitval
= htole32((uint32_t)(val
- mod
));
2402 DPRINTF(("TSF bintval=%u tstamp=%" PRId64
", init=%u\n",
2403 ni
->ni_intval
, le64toh(tsf
.tstamp
), (uint32_t)(val
- mod
)));
2405 if (wpi_cmd(sc
, WPI_CMD_TSF
, &tsf
, sizeof tsf
, 1) != 0)
2406 aprint_error_dev(sc
->sc_dev
, "could not enable TSF\n");
2410 * Update Tx power to match what is defined for channel `c'.
2413 wpi_set_txpower(struct wpi_softc
*sc
, struct ieee80211_channel
*c
, int async
)
2415 struct ieee80211com
*ic
= &sc
->sc_ic
;
2416 struct wpi_power_group
*group
;
2417 struct wpi_cmd_txpower txpower
;
2421 /* get channel number */
2422 chan
= ieee80211_chan2ieee(ic
, c
);
2424 /* find the power group to which this channel belongs */
2425 if (IEEE80211_IS_CHAN_5GHZ(c
)) {
2426 for (group
= &sc
->groups
[1]; group
< &sc
->groups
[4]; group
++)
2427 if (chan
<= group
->chan
)
2430 group
= &sc
->groups
[0];
2432 memset(&txpower
, 0, sizeof txpower
);
2433 txpower
.band
= IEEE80211_IS_CHAN_5GHZ(c
) ? 0 : 1;
2434 txpower
.chan
= htole16(chan
);
2436 /* set Tx power for all OFDM and CCK rates */
2437 for (i
= 0; i
<= 11 ; i
++) {
2438 /* retrieve Tx power for this channel/rate combination */
2439 int idx
= wpi_get_power_index(sc
, group
, c
,
2440 wpi_ridx_to_rate
[i
]);
2442 txpower
.rates
[i
].plcp
= wpi_ridx_to_plcp
[i
];
2444 if (IEEE80211_IS_CHAN_5GHZ(c
)) {
2445 txpower
.rates
[i
].rf_gain
= wpi_rf_gain_5ghz
[idx
];
2446 txpower
.rates
[i
].dsp_gain
= wpi_dsp_gain_5ghz
[idx
];
2448 txpower
.rates
[i
].rf_gain
= wpi_rf_gain_2ghz
[idx
];
2449 txpower
.rates
[i
].dsp_gain
= wpi_dsp_gain_2ghz
[idx
];
2451 DPRINTF(("chan %d/rate %d: power index %d\n", chan
,
2452 wpi_ridx_to_rate
[i
], idx
));
2455 return wpi_cmd(sc
, WPI_CMD_TXPOWER
, &txpower
, sizeof txpower
, async
);
2459 * Determine Tx power index for a given channel/rate combination.
2460 * This takes into account the regulatory information from EEPROM and the
2461 * current temperature.
2464 wpi_get_power_index(struct wpi_softc
*sc
, struct wpi_power_group
*group
,
2465 struct ieee80211_channel
*c
, int rate
)
2467 /* fixed-point arithmetic division using a n-bit fractional part */
2468 #define fdivround(a, b, n) \
2469 ((((1 << n) * (a)) / (b) + (1 << n) / 2) / (1 << n))
2471 /* linear interpolation */
2472 #define interpolate(x, x1, y1, x2, y2, n) \
2473 ((y1) + fdivround(((x) - (x1)) * ((y2) - (y1)), (x2) - (x1), n))
2475 struct ieee80211com
*ic
= &sc
->sc_ic
;
2476 struct wpi_power_sample
*sample
;
2480 /* get channel number */
2481 chan
= ieee80211_chan2ieee(ic
, c
);
2483 /* default power is group's maximum power - 3dB */
2484 pwr
= group
->maxpwr
/ 2;
2486 /* decrease power for highest OFDM rates to reduce distortion */
2488 case 72: /* 36Mb/s */
2489 pwr
-= IEEE80211_IS_CHAN_2GHZ(c
) ? 0 : 5;
2491 case 96: /* 48Mb/s */
2492 pwr
-= IEEE80211_IS_CHAN_2GHZ(c
) ? 7 : 10;
2494 case 108: /* 54Mb/s */
2495 pwr
-= IEEE80211_IS_CHAN_2GHZ(c
) ? 9 : 12;
2499 /* never exceed channel's maximum allowed Tx power */
2500 pwr
= min(pwr
, sc
->maxpwr
[chan
]);
2502 /* retrieve power index into gain tables from samples */
2503 for (sample
= group
->samples
; sample
< &group
->samples
[3]; sample
++)
2504 if (pwr
> sample
[1].power
)
2506 /* fixed-point linear interpolation using a 19-bit fractional part */
2507 idx
= interpolate(pwr
, sample
[0].power
, sample
[0].index
,
2508 sample
[1].power
, sample
[1].index
, 19);
2511 * Adjust power index based on current temperature:
2512 * - if cooler than factory-calibrated: decrease output power
2513 * - if warmer than factory-calibrated: increase output power
2515 idx
-= (sc
->temp
- group
->temp
) * 11 / 100;
2517 /* decrease power for CCK rates (-5dB) */
2518 if (!WPI_RATE_IS_OFDM(rate
))
2521 /* keep power index in a valid range */
2524 if (idx
> WPI_MAX_PWR_INDEX
)
2525 return WPI_MAX_PWR_INDEX
;
2533 * Build a beacon frame that the firmware will broadcast periodically in
2534 * IBSS or HostAP modes.
2537 wpi_setup_beacon(struct wpi_softc
*sc
, struct ieee80211_node
*ni
)
2539 struct ieee80211com
*ic
= &sc
->sc_ic
;
2540 struct wpi_tx_ring
*ring
= &sc
->cmdq
;
2541 struct wpi_tx_desc
*desc
;
2542 struct wpi_tx_data
*data
;
2543 struct wpi_tx_cmd
*cmd
;
2544 struct wpi_cmd_beacon
*bcn
;
2545 struct ieee80211_beacon_offsets bo
;
2549 desc
= &ring
->desc
[ring
->cur
];
2550 data
= &ring
->data
[ring
->cur
];
2552 m0
= ieee80211_beacon_alloc(ic
, ni
, &bo
);
2554 aprint_error_dev(sc
->sc_dev
, "could not allocate beacon frame\n");
2558 cmd
= &ring
->cmd
[ring
->cur
];
2559 cmd
->code
= WPI_CMD_SET_BEACON
;
2561 cmd
->qid
= ring
->qid
;
2562 cmd
->idx
= ring
->cur
;
2564 bcn
= (struct wpi_cmd_beacon
*)cmd
->data
;
2565 memset(bcn
, 0, sizeof (struct wpi_cmd_beacon
));
2566 bcn
->id
= WPI_ID_BROADCAST
;
2567 bcn
->ofdm_mask
= 0xff;
2568 bcn
->cck_mask
= 0x0f;
2569 bcn
->lifetime
= htole32(WPI_LIFETIME_INFINITE
);
2570 bcn
->len
= htole16(m0
->m_pkthdr
.len
);
2571 bcn
->rate
= (ic
->ic_curmode
== IEEE80211_MODE_11A
) ?
2572 wpi_plcp_signal(12) : wpi_plcp_signal(2);
2573 bcn
->flags
= htole32(WPI_TX_AUTO_SEQ
| WPI_TX_INSERT_TSTAMP
);
2575 /* save and trim IEEE802.11 header */
2576 m_copydata(m0
, 0, sizeof (struct ieee80211_frame
), (void *)&bcn
->wh
);
2577 m_adj(m0
, sizeof (struct ieee80211_frame
));
2579 /* assume beacon frame is contiguous */
2580 error
= bus_dmamap_load_mbuf(sc
->sc_dmat
, data
->map
, m0
,
2581 BUS_DMA_READ
| BUS_DMA_NOWAIT
);
2583 aprint_error_dev(sc
->sc_dev
, "could not map beacon\n");
2590 /* first scatter/gather segment is used by the beacon command */
2591 desc
->flags
= htole32(WPI_PAD32(m0
->m_pkthdr
.len
) << 28 | 2 << 24);
2592 desc
->segs
[0].addr
= htole32(ring
->cmd_dma
.paddr
+
2593 ring
->cur
* sizeof (struct wpi_tx_cmd
));
2594 desc
->segs
[0].len
= htole32(4 + sizeof (struct wpi_cmd_beacon
));
2595 desc
->segs
[1].addr
= htole32(data
->map
->dm_segs
[0].ds_addr
);
2596 desc
->segs
[1].len
= htole32(data
->map
->dm_segs
[0].ds_len
);
2599 ring
->cur
= (ring
->cur
+ 1) % WPI_CMD_RING_COUNT
;
2600 WPI_WRITE(sc
, WPI_TX_WIDX
, ring
->qid
<< 8 | ring
->cur
);
2606 wpi_auth(struct wpi_softc
*sc
)
2608 struct ieee80211com
*ic
= &sc
->sc_ic
;
2609 struct ieee80211_node
*ni
= ic
->ic_bss
;
2610 struct wpi_node_info node
;
2613 /* update adapter's configuration */
2614 IEEE80211_ADDR_COPY(sc
->config
.bssid
, ni
->ni_bssid
);
2615 sc
->config
.chan
= ieee80211_chan2ieee(ic
, ni
->ni_chan
);
2616 sc
->config
.flags
= htole32(WPI_CONFIG_TSF
);
2617 if (IEEE80211_IS_CHAN_2GHZ(ni
->ni_chan
)) {
2618 sc
->config
.flags
|= htole32(WPI_CONFIG_AUTO
|
2621 switch (ic
->ic_curmode
) {
2622 case IEEE80211_MODE_11A
:
2623 sc
->config
.cck_mask
= 0;
2624 sc
->config
.ofdm_mask
= 0x15;
2626 case IEEE80211_MODE_11B
:
2627 sc
->config
.cck_mask
= 0x03;
2628 sc
->config
.ofdm_mask
= 0;
2630 default: /* assume 802.11b/g */
2631 sc
->config
.cck_mask
= 0x0f;
2632 sc
->config
.ofdm_mask
= 0x15;
2635 DPRINTF(("config chan %d flags %x cck %x ofdm %x\n", sc
->config
.chan
,
2636 sc
->config
.flags
, sc
->config
.cck_mask
, sc
->config
.ofdm_mask
));
2637 error
= wpi_cmd(sc
, WPI_CMD_CONFIGURE
, &sc
->config
,
2638 sizeof (struct wpi_config
), 1);
2640 aprint_error_dev(sc
->sc_dev
, "could not configure\n");
2644 /* configuration has changed, set Tx power accordingly */
2645 if ((error
= wpi_set_txpower(sc
, ni
->ni_chan
, 1)) != 0) {
2646 aprint_error_dev(sc
->sc_dev
, "could not set Tx power\n");
2650 /* add default node */
2651 memset(&node
, 0, sizeof node
);
2652 IEEE80211_ADDR_COPY(node
.bssid
, ni
->ni_bssid
);
2653 node
.id
= WPI_ID_BSS
;
2654 node
.rate
= (ic
->ic_curmode
== IEEE80211_MODE_11A
) ?
2655 wpi_plcp_signal(12) : wpi_plcp_signal(2);
2656 node
.action
= htole32(WPI_ACTION_SET_RATE
);
2657 node
.antenna
= WPI_ANTENNA_BOTH
;
2658 error
= wpi_cmd(sc
, WPI_CMD_ADD_NODE
, &node
, sizeof node
, 1);
2660 aprint_error_dev(sc
->sc_dev
, "could not add BSS node\n");
2668 * Send a scan request to the firmware. Since this command is huge, we map it
2669 * into a mbuf instead of using the pre-allocated set of commands.
2672 wpi_scan(struct wpi_softc
*sc
, uint16_t flags
)
2674 struct ieee80211com
*ic
= &sc
->sc_ic
;
2675 struct wpi_tx_ring
*ring
= &sc
->cmdq
;
2676 struct wpi_tx_desc
*desc
;
2677 struct wpi_tx_data
*data
;
2678 struct wpi_tx_cmd
*cmd
;
2679 struct wpi_scan_hdr
*hdr
;
2680 struct wpi_scan_chan
*chan
;
2681 struct ieee80211_frame
*wh
;
2682 struct ieee80211_rateset
*rs
;
2683 struct ieee80211_channel
*c
;
2684 enum ieee80211_phymode mode
;
2686 int nrates
, pktlen
, error
;
2688 desc
= &ring
->desc
[ring
->cur
];
2689 data
= &ring
->data
[ring
->cur
];
2691 MGETHDR(data
->m
, M_DONTWAIT
, MT_DATA
);
2692 if (data
->m
== NULL
) {
2693 aprint_error_dev(sc
->sc_dev
,
2694 "could not allocate mbuf for scan command\n");
2698 MCLGET(data
->m
, M_DONTWAIT
);
2699 if (!(data
->m
->m_flags
& M_EXT
)) {
2702 aprint_error_dev(sc
->sc_dev
,
2703 "could not allocate mbuf for scan command\n");
2707 cmd
= mtod(data
->m
, struct wpi_tx_cmd
*);
2708 cmd
->code
= WPI_CMD_SCAN
;
2710 cmd
->qid
= ring
->qid
;
2711 cmd
->idx
= ring
->cur
;
2713 hdr
= (struct wpi_scan_hdr
*)cmd
->data
;
2714 memset(hdr
, 0, sizeof (struct wpi_scan_hdr
));
2715 hdr
->txflags
= htole32(WPI_TX_AUTO_SEQ
);
2716 hdr
->id
= WPI_ID_BROADCAST
;
2717 hdr
->lifetime
= htole32(WPI_LIFETIME_INFINITE
);
2720 * Move to the next channel if no packets are received within 5 msecs
2721 * after sending the probe request (this helps to reduce the duration
2724 hdr
->quiet
= htole16(5); /* timeout in milliseconds */
2725 hdr
->plcp_threshold
= htole16(1); /* min # of packets */
2727 if (flags
& IEEE80211_CHAN_A
) {
2728 hdr
->crc_threshold
= htole16(1);
2729 /* send probe requests at 6Mbps */
2730 hdr
->rate
= wpi_plcp_signal(12);
2732 hdr
->flags
= htole32(WPI_CONFIG_24GHZ
| WPI_CONFIG_AUTO
);
2733 /* send probe requests at 1Mbps */
2734 hdr
->rate
= wpi_plcp_signal(2);
2737 /* for directed scans, firmware inserts the essid IE itself */
2738 hdr
->essid
[0].id
= IEEE80211_ELEMID_SSID
;
2739 hdr
->essid
[0].len
= ic
->ic_des_esslen
;
2740 memcpy(hdr
->essid
[0].data
, ic
->ic_des_essid
, ic
->ic_des_esslen
);
2743 * Build a probe request frame. Most of the following code is a
2744 * copy & paste of what is done in net80211.
2746 wh
= (struct ieee80211_frame
*)(hdr
+ 1);
2747 wh
->i_fc
[0] = IEEE80211_FC0_VERSION_0
| IEEE80211_FC0_TYPE_MGT
|
2748 IEEE80211_FC0_SUBTYPE_PROBE_REQ
;
2749 wh
->i_fc
[1] = IEEE80211_FC1_DIR_NODS
;
2750 IEEE80211_ADDR_COPY(wh
->i_addr1
, etherbroadcastaddr
);
2751 IEEE80211_ADDR_COPY(wh
->i_addr2
, ic
->ic_myaddr
);
2752 IEEE80211_ADDR_COPY(wh
->i_addr3
, etherbroadcastaddr
);
2753 *(u_int16_t
*)&wh
->i_dur
[0] = 0; /* filled by h/w */
2754 *(u_int16_t
*)&wh
->i_seq
[0] = 0; /* filled by h/w */
2756 frm
= (uint8_t *)(wh
+ 1);
2758 /* add empty essid IE (firmware generates it for directed scans) */
2759 *frm
++ = IEEE80211_ELEMID_SSID
;
2762 mode
= ieee80211_chan2mode(ic
, ic
->ic_ibss_chan
);
2763 rs
= &ic
->ic_sup_rates
[mode
];
2765 /* add supported rates IE */
2766 *frm
++ = IEEE80211_ELEMID_RATES
;
2767 nrates
= rs
->rs_nrates
;
2768 if (nrates
> IEEE80211_RATE_SIZE
)
2769 nrates
= IEEE80211_RATE_SIZE
;
2771 memcpy(frm
, rs
->rs_rates
, nrates
);
2774 /* add supported xrates IE */
2775 if (rs
->rs_nrates
> IEEE80211_RATE_SIZE
) {
2776 nrates
= rs
->rs_nrates
- IEEE80211_RATE_SIZE
;
2777 *frm
++ = IEEE80211_ELEMID_XRATES
;
2779 memcpy(frm
, rs
->rs_rates
+ IEEE80211_RATE_SIZE
, nrates
);
2783 /* setup length of probe request */
2784 hdr
->paylen
= htole16(frm
- (uint8_t *)wh
);
2786 chan
= (struct wpi_scan_chan
*)frm
;
2787 for (c
= &ic
->ic_channels
[1];
2788 c
<= &ic
->ic_channels
[IEEE80211_CHAN_MAX
]; c
++) {
2789 if ((c
->ic_flags
& flags
) != flags
)
2792 chan
->chan
= ieee80211_chan2ieee(ic
, c
);
2794 if (!(c
->ic_flags
& IEEE80211_CHAN_PASSIVE
)) {
2795 chan
->flags
|= WPI_CHAN_ACTIVE
;
2796 if (ic
->ic_des_esslen
!= 0)
2797 chan
->flags
|= WPI_CHAN_DIRECT
;
2799 chan
->dsp_gain
= 0x6e;
2800 if (IEEE80211_IS_CHAN_5GHZ(c
)) {
2801 chan
->rf_gain
= 0x3b;
2802 chan
->active
= htole16(10);
2803 chan
->passive
= htole16(110);
2805 chan
->rf_gain
= 0x28;
2806 chan
->active
= htole16(20);
2807 chan
->passive
= htole16(120);
2812 frm
+= sizeof (struct wpi_scan_chan
);
2814 hdr
->len
= htole16(frm
- (uint8_t *)hdr
);
2815 pktlen
= frm
- (uint8_t *)cmd
;
2817 error
= bus_dmamap_load(sc
->sc_dmat
, data
->map
, cmd
, pktlen
,
2818 NULL
, BUS_DMA_NOWAIT
);
2820 aprint_error_dev(sc
->sc_dev
, "could not map scan command\n");
2826 desc
->flags
= htole32(WPI_PAD32(pktlen
) << 28 | 1 << 24);
2827 desc
->segs
[0].addr
= htole32(data
->map
->dm_segs
[0].ds_addr
);
2828 desc
->segs
[0].len
= htole32(data
->map
->dm_segs
[0].ds_len
);
2831 ring
->cur
= (ring
->cur
+ 1) % WPI_CMD_RING_COUNT
;
2832 WPI_WRITE(sc
, WPI_TX_WIDX
, ring
->qid
<< 8 | ring
->cur
);
2834 return 0; /* will be notified async. of failure/success */
2838 wpi_config(struct wpi_softc
*sc
)
2840 struct ieee80211com
*ic
= &sc
->sc_ic
;
2841 struct ifnet
*ifp
= ic
->ic_ifp
;
2842 struct wpi_power power
;
2843 struct wpi_bluetooth bluetooth
;
2844 struct wpi_node_info node
;
2847 memset(&power
, 0, sizeof power
);
2848 power
.flags
= htole32(WPI_POWER_CAM
| 0x8);
2849 error
= wpi_cmd(sc
, WPI_CMD_SET_POWER_MODE
, &power
, sizeof power
, 0);
2851 aprint_error_dev(sc
->sc_dev
, "could not set power mode\n");
2855 /* configure bluetooth coexistence */
2856 memset(&bluetooth
, 0, sizeof bluetooth
);
2857 bluetooth
.flags
= 3;
2858 bluetooth
.lead
= 0xaa;
2860 error
= wpi_cmd(sc
, WPI_CMD_BLUETOOTH
, &bluetooth
, sizeof bluetooth
,
2863 aprint_error_dev(sc
->sc_dev
,
2864 "could not configure bluetooth coexistence\n");
2868 /* configure adapter */
2869 memset(&sc
->config
, 0, sizeof (struct wpi_config
));
2870 IEEE80211_ADDR_COPY(ic
->ic_myaddr
, CLLADDR(ifp
->if_sadl
));
2871 IEEE80211_ADDR_COPY(sc
->config
.myaddr
, ic
->ic_myaddr
);
2872 /*set default channel*/
2873 sc
->config
.chan
= ieee80211_chan2ieee(ic
, ic
->ic_ibss_chan
);
2874 sc
->config
.flags
= htole32(WPI_CONFIG_TSF
);
2875 if (IEEE80211_IS_CHAN_2GHZ(ic
->ic_ibss_chan
)) {
2876 sc
->config
.flags
|= htole32(WPI_CONFIG_AUTO
|
2879 sc
->config
.filter
= 0;
2880 switch (ic
->ic_opmode
) {
2881 case IEEE80211_M_STA
:
2882 sc
->config
.mode
= WPI_MODE_STA
;
2883 sc
->config
.filter
|= htole32(WPI_FILTER_MULTICAST
);
2885 case IEEE80211_M_IBSS
:
2886 case IEEE80211_M_AHDEMO
:
2887 sc
->config
.mode
= WPI_MODE_IBSS
;
2889 case IEEE80211_M_HOSTAP
:
2890 sc
->config
.mode
= WPI_MODE_HOSTAP
;
2892 case IEEE80211_M_MONITOR
:
2893 sc
->config
.mode
= WPI_MODE_MONITOR
;
2894 sc
->config
.filter
|= htole32(WPI_FILTER_MULTICAST
|
2895 WPI_FILTER_CTL
| WPI_FILTER_PROMISC
);
2898 sc
->config
.cck_mask
= 0x0f; /* not yet negotiated */
2899 sc
->config
.ofdm_mask
= 0xff; /* not yet negotiated */
2900 error
= wpi_cmd(sc
, WPI_CMD_CONFIGURE
, &sc
->config
,
2901 sizeof (struct wpi_config
), 0);
2903 aprint_error_dev(sc
->sc_dev
, "configure command failed\n");
2907 /* configuration has changed, set Tx power accordingly */
2908 if ((error
= wpi_set_txpower(sc
, ic
->ic_ibss_chan
, 0)) != 0) {
2909 aprint_error_dev(sc
->sc_dev
, "could not set Tx power\n");
2913 /* add broadcast node */
2914 memset(&node
, 0, sizeof node
);
2915 IEEE80211_ADDR_COPY(node
.bssid
, etherbroadcastaddr
);
2916 node
.id
= WPI_ID_BROADCAST
;
2917 node
.rate
= wpi_plcp_signal(2);
2918 node
.action
= htole32(WPI_ACTION_SET_RATE
);
2919 node
.antenna
= WPI_ANTENNA_BOTH
;
2920 error
= wpi_cmd(sc
, WPI_CMD_ADD_NODE
, &node
, sizeof node
, 0);
2922 aprint_error_dev(sc
->sc_dev
, "could not add broadcast node\n");
2926 if ((error
= wpi_mrr_setup(sc
)) != 0) {
2927 aprint_error_dev(sc
->sc_dev
, "could not setup MRR\n");
2935 wpi_stop_master(struct wpi_softc
*sc
)
2940 tmp
= WPI_READ(sc
, WPI_RESET
);
2941 WPI_WRITE(sc
, WPI_RESET
, tmp
| WPI_STOP_MASTER
);
2943 tmp
= WPI_READ(sc
, WPI_GPIO_CTL
);
2944 if ((tmp
& WPI_GPIO_PWR_STATUS
) == WPI_GPIO_PWR_SLEEP
)
2945 return; /* already asleep */
2947 for (ntries
= 0; ntries
< 100; ntries
++) {
2948 if (WPI_READ(sc
, WPI_RESET
) & WPI_MASTER_DISABLED
)
2952 if (ntries
== 100) {
2953 aprint_error_dev(sc
->sc_dev
, "timeout waiting for master\n");
2958 wpi_power_up(struct wpi_softc
*sc
)
2964 tmp
= wpi_mem_read(sc
, WPI_MEM_POWER
);
2965 wpi_mem_write(sc
, WPI_MEM_POWER
, tmp
& ~0x03000000);
2968 for (ntries
= 0; ntries
< 5000; ntries
++) {
2969 if (WPI_READ(sc
, WPI_GPIO_STATUS
) & WPI_POWERED
)
2973 if (ntries
== 5000) {
2974 aprint_error_dev(sc
->sc_dev
, "timeout waiting for NIC to power up\n");
2981 wpi_reset(struct wpi_softc
*sc
)
2986 /* clear any pending interrupts */
2987 WPI_WRITE(sc
, WPI_INTR
, 0xffffffff);
2989 tmp
= WPI_READ(sc
, WPI_PLL_CTL
);
2990 WPI_WRITE(sc
, WPI_PLL_CTL
, tmp
| WPI_PLL_INIT
);
2992 tmp
= WPI_READ(sc
, WPI_CHICKEN
);
2993 WPI_WRITE(sc
, WPI_CHICKEN
, tmp
| WPI_CHICKEN_RXNOLOS
);
2995 tmp
= WPI_READ(sc
, WPI_GPIO_CTL
);
2996 WPI_WRITE(sc
, WPI_GPIO_CTL
, tmp
| WPI_GPIO_INIT
);
2998 /* wait for clock stabilization */
2999 for (ntries
= 0; ntries
< 1000; ntries
++) {
3000 if (WPI_READ(sc
, WPI_GPIO_CTL
) & WPI_GPIO_CLOCK
)
3004 if (ntries
== 1000) {
3005 aprint_error_dev(sc
->sc_dev
,
3006 "timeout waiting for clock stabilization\n");
3010 /* initialize EEPROM */
3011 tmp
= WPI_READ(sc
, WPI_EEPROM_STATUS
);
3012 if ((tmp
& WPI_EEPROM_VERSION
) == 0) {
3013 aprint_error_dev(sc
->sc_dev
, "EEPROM not found\n");
3016 WPI_WRITE(sc
, WPI_EEPROM_STATUS
, tmp
& ~WPI_EEPROM_LOCKED
);
3022 wpi_hw_config(struct wpi_softc
*sc
)
3026 /* voodoo from the reference driver */
3027 hw
= WPI_READ(sc
, WPI_HWCONFIG
);
3029 rev
= pci_conf_read(sc
->sc_pct
, sc
->sc_pcitag
, PCI_CLASS_REG
);
3030 rev
= PCI_REVISION(rev
);
3031 if ((rev
& 0xc0) == 0x40)
3032 hw
|= WPI_HW_ALM_MB
;
3033 else if (!(rev
& 0x80))
3034 hw
|= WPI_HW_ALM_MM
;
3036 if (sc
->cap
== 0x80)
3037 hw
|= WPI_HW_SKU_MRC
;
3039 hw
&= ~WPI_HW_REV_D
;
3040 if ((le16toh(sc
->rev
) & 0xf0) == 0xd0)
3044 hw
|= WPI_HW_TYPE_B
;
3046 DPRINTF(("setting h/w config %x\n", hw
));
3047 WPI_WRITE(sc
, WPI_HWCONFIG
, hw
);
3051 wpi_init(struct ifnet
*ifp
)
3053 struct wpi_softc
*sc
= ifp
->if_softc
;
3054 struct ieee80211com
*ic
= &sc
->sc_ic
;
3056 int qid
, ntries
, error
;
3059 (void)wpi_reset(sc
);
3062 wpi_mem_write(sc
, WPI_MEM_CLOCK1
, 0xa00);
3064 tmp
= wpi_mem_read(sc
, WPI_MEM_PCIDEV
);
3065 wpi_mem_write(sc
, WPI_MEM_PCIDEV
, tmp
| 0x800);
3068 (void)wpi_power_up(sc
);
3073 WPI_WRITE(sc
, WPI_RX_BASE
, sc
->rxq
.desc_dma
.paddr
);
3074 WPI_WRITE(sc
, WPI_RX_RIDX_PTR
, sc
->shared_dma
.paddr
+
3075 offsetof(struct wpi_shared
, next
));
3076 WPI_WRITE(sc
, WPI_RX_WIDX
, (WPI_RX_RING_COUNT
- 1) & ~7);
3077 WPI_WRITE(sc
, WPI_RX_CONFIG
, 0xa9601010);
3082 wpi_mem_write(sc
, WPI_MEM_MODE
, 2); /* bypass mode */
3083 wpi_mem_write(sc
, WPI_MEM_RA
, 1); /* enable RA0 */
3084 wpi_mem_write(sc
, WPI_MEM_TXCFG
, 0x3f); /* enable all 6 Tx rings */
3085 wpi_mem_write(sc
, WPI_MEM_BYPASS1
, 0x10000);
3086 wpi_mem_write(sc
, WPI_MEM_BYPASS2
, 0x30002);
3087 wpi_mem_write(sc
, WPI_MEM_MAGIC4
, 4);
3088 wpi_mem_write(sc
, WPI_MEM_MAGIC5
, 5);
3090 WPI_WRITE(sc
, WPI_TX_BASE_PTR
, sc
->shared_dma
.paddr
);
3091 WPI_WRITE(sc
, WPI_MSG_CONFIG
, 0xffff05a5);
3093 for (qid
= 0; qid
< 6; qid
++) {
3094 WPI_WRITE(sc
, WPI_TX_CTL(qid
), 0);
3095 WPI_WRITE(sc
, WPI_TX_BASE(qid
), 0);
3096 WPI_WRITE(sc
, WPI_TX_CONFIG(qid
), 0x80200008);
3100 /* clear "radio off" and "disable command" bits (reversed logic) */
3101 WPI_WRITE(sc
, WPI_UCODE_CLR
, WPI_RADIO_OFF
);
3102 WPI_WRITE(sc
, WPI_UCODE_CLR
, WPI_DISABLE_CMD
);
3104 /* clear any pending interrupts */
3105 WPI_WRITE(sc
, WPI_INTR
, 0xffffffff);
3106 /* enable interrupts */
3107 WPI_WRITE(sc
, WPI_MASK
, WPI_INTR_MASK
);
3109 /* not sure why/if this is necessary... */
3110 WPI_WRITE(sc
, WPI_UCODE_CLR
, WPI_RADIO_OFF
);
3111 WPI_WRITE(sc
, WPI_UCODE_CLR
, WPI_RADIO_OFF
);
3113 if ((error
= wpi_load_firmware(sc
)) != 0) {
3114 aprint_error_dev(sc
->sc_dev
, "could not load firmware\n");
3118 /* Check the status of the radio switch */
3119 if (wpi_getrfkill(sc
)) {
3120 aprint_error_dev(sc
->sc_dev
, "Radio is disabled by hardware switch\n");
3125 /* wait for thermal sensors to calibrate */
3126 for (ntries
= 0; ntries
< 1000; ntries
++) {
3127 if ((sc
->temp
= (int)WPI_READ(sc
, WPI_TEMPERATURE
)) != 0)
3131 if (ntries
== 1000) {
3132 aprint_error_dev(sc
->sc_dev
,
3133 "timeout waiting for thermal sensors calibration\n");
3138 DPRINTF(("temperature %d\n", sc
->temp
));
3140 if ((error
= wpi_config(sc
)) != 0) {
3141 aprint_error_dev(sc
->sc_dev
, "could not configure device\n");
3145 ifp
->if_flags
&= ~IFF_OACTIVE
;
3146 ifp
->if_flags
|= IFF_RUNNING
;
3148 if (ic
->ic_opmode
!= IEEE80211_M_MONITOR
) {
3149 if (ic
->ic_roaming
!= IEEE80211_ROAMING_MANUAL
)
3150 ieee80211_new_state(ic
, IEEE80211_S_SCAN
, -1);
3153 ieee80211_new_state(ic
, IEEE80211_S_RUN
, -1);
3157 fail1
: wpi_stop(ifp
, 1);
3163 wpi_stop(struct ifnet
*ifp
, int disable
)
3165 struct wpi_softc
*sc
= ifp
->if_softc
;
3166 struct ieee80211com
*ic
= &sc
->sc_ic
;
3170 ifp
->if_timer
= sc
->sc_tx_timer
= 0;
3171 ifp
->if_flags
&= ~(IFF_RUNNING
| IFF_OACTIVE
);
3173 ieee80211_new_state(ic
, IEEE80211_S_INIT
, -1);
3175 /* disable interrupts */
3176 WPI_WRITE(sc
, WPI_MASK
, 0);
3177 WPI_WRITE(sc
, WPI_INTR
, WPI_INTR_MASK
);
3178 WPI_WRITE(sc
, WPI_INTR_STATUS
, 0xff);
3179 WPI_WRITE(sc
, WPI_INTR_STATUS
, 0x00070000);
3182 wpi_mem_write(sc
, WPI_MEM_MODE
, 0);
3185 /* reset all Tx rings */
3186 for (ac
= 0; ac
< 4; ac
++)
3187 wpi_reset_tx_ring(sc
, &sc
->txq
[ac
]);
3188 wpi_reset_tx_ring(sc
, &sc
->cmdq
);
3191 wpi_reset_rx_ring(sc
, &sc
->rxq
);
3194 wpi_mem_write(sc
, WPI_MEM_CLOCK2
, 0x200);
3199 wpi_stop_master(sc
);
3201 tmp
= WPI_READ(sc
, WPI_RESET
);
3202 WPI_WRITE(sc
, WPI_RESET
, tmp
| WPI_SW_RESET
);
3206 wpi_resume(device_t dv PMF_FN_ARGS
)
3208 struct wpi_softc
*sc
= device_private(dv
);
3210 (void)wpi_reset(sc
);
3216 * Return whether or not the radio is enabled in hardware
3217 * (i.e. the rfkill switch is "off").
3220 wpi_getrfkill(struct wpi_softc
*sc
)
3225 tmp
= wpi_mem_read(sc
, WPI_MEM_RFKILL
);
3228 return !(tmp
& 0x01);
3232 wpi_sysctl_radio(SYSCTLFN_ARGS
)
3234 struct sysctlnode node
;
3235 struct wpi_softc
*sc
;
3239 sc
= (struct wpi_softc
*)node
.sysctl_data
;
3241 val
= !wpi_getrfkill(sc
);
3243 node
.sysctl_data
= &val
;
3244 error
= sysctl_lookup(SYSCTLFN_CALL(&node
));
3246 if (error
|| newp
== NULL
)
3253 wpi_sysctlattach(struct wpi_softc
*sc
)
3256 const struct sysctlnode
*rnode
;
3257 const struct sysctlnode
*cnode
;
3259 struct sysctllog
**clog
= &sc
->sc_sysctllog
;
3261 if ((rc
= sysctl_createv(clog
, 0, NULL
, &rnode
,
3262 CTLFLAG_PERMANENT
, CTLTYPE_NODE
, "hw", NULL
,
3263 NULL
, 0, NULL
, 0, CTL_HW
, CTL_EOL
)) != 0)
3266 if ((rc
= sysctl_createv(clog
, 0, &rnode
, &rnode
,
3267 CTLFLAG_PERMANENT
, CTLTYPE_NODE
, device_xname(sc
->sc_dev
),
3268 SYSCTL_DESCR("wpi controls and statistics"),
3269 NULL
, 0, NULL
, 0, CTL_CREATE
, CTL_EOL
)) != 0)
3272 if ((rc
= sysctl_createv(clog
, 0, &rnode
, &cnode
,
3273 CTLFLAG_PERMANENT
, CTLTYPE_INT
, "radio",
3274 SYSCTL_DESCR("radio transmitter switch state (0=off, 1=on)"),
3275 wpi_sysctl_radio
, 0, sc
, 0, CTL_CREATE
, CTL_EOL
)) != 0)
3279 /* control debugging printfs */
3280 if ((rc
= sysctl_createv(clog
, 0, &rnode
, &cnode
,
3281 CTLFLAG_PERMANENT
|CTLFLAG_READWRITE
, CTLTYPE_INT
,
3282 "debug", SYSCTL_DESCR("Enable debugging output"),
3283 NULL
, 0, &wpi_debug
, 0, CTL_CREATE
, CTL_EOL
)) != 0)
3289 aprint_error("%s: sysctl_createv failed (rc = %d)\n", __func__
, rc
);