The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/dev/netif/rtw/rtw.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*
    2  * Copyright (c) 2006 The DragonFly Project.  All rights reserved.
    3  * 
    4  * This code is derived from software contributed to The DragonFly Project
    5  * by Sepherosa Ziehau <sepherosa@gmail.com>
    6  * 
    7  * Redistribution and use in source and binary forms, with or without
    8  * modification, are permitted provided that the following conditions
    9  * are met:
   10  * 
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in
   15  *    the documentation and/or other materials provided with the
   16  *    distribution.
   17  * 3. Neither the name of The DragonFly Project nor the names of its
   18  *    contributors may be used to endorse or promote products derived
   19  *    from this software without specific, prior written permission.
   20  * 
   21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
   22  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
   23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
   24  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
   25  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
   26  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
   27  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   28  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
   29  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   30  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   31  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   32  * SUCH DAMAGE.
   33  *
   34  * $NetBSD: rtw.c,v 1.72 2006/03/28 00:48:10 dyoung Exp $
   35  */
   36 
   37 /*
   38  * Copyright (c) 2004, 2005 David Young.  All rights reserved.
   39  *
   40  * Programmed for NetBSD by David Young.
   41  *
   42  * Redistribution and use in source and binary forms, with or without
   43  * modification, are permitted provided that the following conditions
   44  * are met:
   45  * 1. Redistributions of source code must retain the above copyright
   46  *    notice, this list of conditions and the following disclaimer.
   47  * 2. Redistributions in binary form must reproduce the above copyright
   48  *    notice, this list of conditions and the following disclaimer in the
   49  *    documentation and/or other materials provided with the distribution.
   50  * 3. The name of David Young may not be used to endorse or promote
   51  *    products derived from this software without specific prior
   52  *    written permission.
   53  *
   54  * THIS SOFTWARE IS PROVIDED BY David Young ``AS IS'' AND ANY
   55  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   56  * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
   57  * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL David
   58  * Young BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
   59  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
   60  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   61  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   62  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   63  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   64  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
   65  * OF SUCH DAMAGE.
   66  */
   67 
   68 /*
   69  * Device driver for the Realtek RTL8180 802.11 MAC/BBP.
   70  */
   71 
   72 #include <sys/param.h>
   73 #include <sys/bitops.h>
   74 #include <sys/bus.h>
   75 #include <sys/endian.h>
   76 #include <sys/kernel.h>
   77 #include <sys/interrupt.h>
   78 #include <sys/rman.h>
   79 #include <sys/socket.h>
   80 #include <sys/sockio.h>
   81 #include <sys/serialize.h>
   82 #include <sys/sysctl.h>
   83 
   84 #include <net/if.h>
   85 #include <net/if_arp.h>
   86 #include <net/if_dl.h>
   87 #include <net/if_media.h>
   88 #include <net/ifq_var.h>
   89 #include <net/ethernet.h>
   90 #include <net/bpf.h>
   91 
   92 #include <netproto/802_11/ieee80211_var.h>
   93 #include <netproto/802_11/ieee80211_radiotap.h>
   94 #include <netproto/802_11/wlan_ratectl/onoe/ieee80211_onoe_param.h>
   95 
   96 #include <dev/netif/rtw/rtwreg.h>
   97 #include <dev/netif/rtw/rtwvar.h>
   98 #include <dev/netif/rtw/rtwphyio.h>
   99 #include <dev/netif/rtw/rtwphy.h>
  100 #include <dev/netif/rtw/smc93cx6var.h>
  101 #include <dev/netif/rtw/sa2400reg.h>
  102 
  103 /* XXX */
  104 #define IEEE80211_DUR_DS_LONG_PREAMBLE  144
  105 #define IEEE80211_DUR_DS_SHORT_PREAMBLE 72
  106 #define IEEE80211_DUR_DS_SLOW_PLCPHDR   48
  107 #define IEEE80211_DUR_DS_FAST_PLCPHDR   24
  108 #define IEEE80211_DUR_DS_SLOW_ACK       112
  109 #define IEEE80211_DUR_DS_SLOW_CTS       112
  110 #define IEEE80211_DUR_DS_SIFS           10
  111 
  112 struct rtw_txsegs {
  113         int                     nseg;
  114         bus_dma_segment_t       segs[RTW_MAXPKTSEGS];
  115 };
  116 
  117 devclass_t      rtw_devclass;
  118 
  119 static const struct ieee80211_rateset rtw_rates_11b = { 4, { 2, 4, 11, 22 } };
  120 
  121 SYSCTL_NODE(_hw, OID_AUTO, rtw, CTLFLAG_RD, 0,
  122             "Realtek RTL818x 802.11 controls");
  123 
  124 /* [0, __SHIFTOUT(RTW_CONFIG4_RFTYPE_MASK, RTW_CONFIG4_RFTYPE_MASK)] */
  125 static int      rtw_rfprog_fallback = 0;
  126 SYSCTL_INT(_hw_rtw, OID_AUTO, rfprog_fallback, CTLFLAG_RW,
  127            &rtw_rfprog_fallback, 0, "fallback RF programming method");
  128 
  129 static int      rtw_host_rfio = 0;              /* 0/1 */
  130 SYSCTL_INT(_hw_rtw, OID_AUTO, host_rfio, CTLFLAG_RW,
  131            &rtw_host_rfio, 0, "enable host control of RF I/O");
  132 
  133 #ifdef RTW_DEBUG
  134 int             rtw_debug = 0;                  /* [0, RTW_DEBUG_MAX] */
  135 SYSCTL_INT(_hw_rtw, OID_AUTO, debug, CTLFLAG_RW, &rtw_debug, 0, "debug level");
  136 
  137 static int      rtw_rxbufs_limit = RTW_RXQLEN;  /* [0, RTW_RXQLEN] */
  138 SYSCTL_INT(_hw_rtw, OID_AUTO, rxbufs_limit, CTLFLAG_RW, &rtw_rxbufs_limit, 0,
  139            "rx buffers limit");
  140 #endif /* RTW_DEBUG */
  141 
  142 #if 0
  143 static int      rtw_xmtr_restart = 0;
  144 SYSCTL_INT(_hw_rtw, OID_AUTO, xmtr_restart, CTLFLAG_RW, &rtw_xmtr_restart, 0,
  145            "gratuitously reset xmtr on rcvr error");
  146 
  147 static int      rtw_ring_reset = 0;
  148 SYSCTL_INT(_hw_rtw, OID_AUTO, ring_reset, CTLFLAG_RW, &rtw_ring_reset, 0,
  149            "reset ring pointers on rcvr error");
  150 #endif
  151 
  152 static int      rtw_do_chip_reset = 0;
  153 SYSCTL_INT(_hw_rtw, OID_AUTO, chip_reset, CTLFLAG_RW, &rtw_do_chip_reset, 0,
  154            "gratuitously reset chip on rcvr error");
  155 
  156 int             rtw_dwelltime = 200;    /* milliseconds */
  157 
  158 /* XXX */
  159 static struct ieee80211_cipher rtw_cipher_wep;
  160 
  161 static void     rtw_led_init(struct rtw_softc *);
  162 static void     rtw_led_newstate(struct rtw_softc *, enum ieee80211_state);
  163 static void     rtw_led_slowblink(void *);
  164 static void     rtw_led_fastblink(void *);
  165 static void     rtw_led_set(struct rtw_softc *);
  166 
  167 static void     rtw_init(void *);
  168 static void     rtw_start(struct ifnet *, struct ifaltq_subque *);
  169 static int      rtw_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
  170 static void     rtw_watchdog(struct ifnet *);
  171 static void     rtw_intr(void *);
  172 
  173 static void     rtw_intr_rx(struct rtw_softc *, uint16_t);
  174 static void     rtw_intr_tx(struct rtw_softc *, uint16_t);
  175 static void     rtw_intr_beacon(struct rtw_softc *, uint16_t);
  176 static void     rtw_intr_atim(struct rtw_softc *);
  177 static void     rtw_intr_ioerror(struct rtw_softc *, uint16_t);
  178 static void     rtw_intr_timeout(struct rtw_softc *);
  179 
  180 static int      rtw_dequeue(struct ifnet *, struct rtw_txsoft_blk **,
  181                             struct rtw_txdesc_blk **, struct mbuf **,
  182                             struct ieee80211_node **);
  183 static struct mbuf *rtw_load_txbuf(struct rtw_softc *, struct rtw_txsoft *,
  184                                    struct rtw_txsegs *, int, struct mbuf *);
  185 
  186 static void     rtw_idle(struct rtw_softc *);
  187 static void     rtw_txring_fixup(struct rtw_softc *);
  188 static void     rtw_rxring_fixup(struct rtw_softc *);
  189 static int      rtw_txring_next(struct rtw_regs *, struct rtw_txdesc_blk *);
  190 static void     rtw_reset_oactive(struct rtw_softc *);
  191 
  192 static int      rtw_enable(struct rtw_softc *);
  193 static void     rtw_disable(struct rtw_softc *);
  194 static void     rtw_io_enable(struct rtw_softc *, uint8_t, int);
  195 static int      rtw_pwrstate(struct rtw_softc *, enum rtw_pwrstate);
  196 static void     rtw_set_access(struct rtw_softc *, enum rtw_access);
  197 
  198 static void     rtw_continuous_tx_enable(struct rtw_softc *, int);
  199 static void     rtw_txdac_enable(struct rtw_softc *, int);
  200 static void     rtw_anaparm_enable(struct rtw_regs *, int);
  201 static void     rtw_config0123_enable(struct rtw_regs *, int);
  202 
  203 static void     rtw_transmit_config(struct rtw_regs *);
  204 static void     rtw_set_rfprog(struct rtw_softc *);
  205 static void     rtw_enable_interrupts(struct rtw_softc *);
  206 static void     rtw_pktfilt_load(struct rtw_softc *);
  207 static void     rtw_wep_setkeys(struct rtw_softc *);
  208 static void     rtw_resume_ticks(struct rtw_softc *);
  209 static void     rtw_set_nettype(struct rtw_softc *, enum ieee80211_opmode);
  210 
  211 static int      rtw_reset(struct rtw_softc *);
  212 static int      rtw_chip_reset(struct rtw_softc *);
  213 static int      rtw_recall_eeprom(struct rtw_softc *);
  214 static int      rtw_srom_read(struct rtw_softc *);
  215 static int      rtw_srom_parse(struct rtw_softc *);
  216 static struct rtw_rf *rtw_rf_attach(struct rtw_softc *, enum rtw_rfchipid, int);
  217 
  218 static uint8_t  rtw_check_phydelay(struct rtw_regs *, uint32_t);
  219 static void     rtw_identify_country(struct rtw_softc *);
  220 static int      rtw_identify_sta(struct rtw_softc *);
  221 
  222 static int      rtw_swring_setup(struct rtw_softc *);
  223 static void     rtw_hwring_setup(struct rtw_softc *);
  224 
  225 static int      rtw_desc_blk_alloc(struct rtw_softc *);
  226 static void     rtw_desc_blk_free(struct rtw_softc *);
  227 static int      rtw_soft_blk_alloc(struct rtw_softc *);
  228 static void     rtw_soft_blk_free(struct rtw_softc *);
  229 
  230 static void     rtw_txdesc_blk_init_all(struct rtw_softc *);
  231 static void     rtw_txsoft_blk_init_all(struct rtw_softc *);
  232 static void     rtw_rxdesc_blk_init_all(struct rtw_softc *);
  233 static int      rtw_rxsoft_blk_init_all(struct rtw_softc *);
  234 
  235 static void     rtw_txdesc_blk_reset_all(struct rtw_softc *);
  236 
  237 static int      rtw_rxsoft_alloc(struct rtw_softc *, struct rtw_rxsoft *, int);
  238 static void     rtw_rxdesc_init(struct rtw_softc *, int idx, int);
  239 
  240 #ifdef RTW_DEBUG
  241 static void     rtw_print_txdesc(struct rtw_softc *, const char *,
  242                                  struct rtw_txsoft *, struct rtw_txdesc_blk *,
  243                                  int);
  244 #endif /* RTW_DEBUG */
  245 
  246 static int      rtw_newstate(struct ieee80211com *, enum ieee80211_state, int);
  247 static void     rtw_next_scan(void *);
  248 
  249 static int      rtw_key_delete(struct ieee80211com *,
  250                                const struct ieee80211_key *);
  251 static int      rtw_key_set(struct ieee80211com *,
  252                             const struct ieee80211_key *,
  253                             const u_int8_t[IEEE80211_ADDR_LEN]);
  254 static void     rtw_key_update_end(struct ieee80211com *);
  255 static void     rtw_key_update_begin(struct ieee80211com *);
  256 static int      rtw_wep_decap(struct ieee80211_key *, struct mbuf *, int);
  257 
  258 static int      rtw_compute_duration1(int, int, uint32_t, int,
  259                                       struct rtw_duration *);
  260 static int      rtw_compute_duration(const struct ieee80211_frame_min *,
  261                                      const struct ieee80211_key *, int,
  262                                      uint32_t, int, int,
  263                                      struct rtw_duration *,
  264                                      struct rtw_duration *, int *, int);
  265 
  266 static int      rtw_get_rssi(struct rtw_softc *, uint8_t, uint8_t);
  267 static int      rtw_maxim_getrssi(uint8_t, uint8_t);
  268 static int      rtw_gct_getrssi(uint8_t, uint8_t);
  269 static int      rtw_philips_getrssi(uint8_t, uint8_t);
  270 
  271 static void     *rtw_ratectl_attach(struct ieee80211com *, u_int);
  272 
  273 #ifdef RTW_DEBUG
  274 static void
  275 rtw_print_regs(struct rtw_regs *regs, const char *dvname, const char *where)
  276 {
  277 #define PRINTREG32(sc, reg)                             \
  278         RTW_DPRINTF(RTW_DEBUG_REGDUMP,                  \
  279             ("%s: reg[ " #reg " / %03x ] = %08x\n",     \
  280             dvname, reg, RTW_READ(regs, reg)))
  281 
  282 #define PRINTREG16(sc, reg)                             \
  283         RTW_DPRINTF(RTW_DEBUG_REGDUMP,                  \
  284             ("%s: reg[ " #reg " / %03x ] = %04x\n",     \
  285             dvname, reg, RTW_READ16(regs, reg)))
  286 
  287 #define PRINTREG8(sc, reg)                              \
  288         RTW_DPRINTF(RTW_DEBUG_REGDUMP,                  \
  289             ("%s: reg[ " #reg " / %03x ] = %02x\n",     \
  290             dvname, reg, RTW_READ8(regs, reg)))
  291 
  292         RTW_DPRINTF(RTW_DEBUG_REGDUMP, ("%s: %s\n", dvname, where));
  293 
  294         PRINTREG32(regs, RTW_IDR0);
  295         PRINTREG32(regs, RTW_IDR1);
  296         PRINTREG32(regs, RTW_MAR0);
  297         PRINTREG32(regs, RTW_MAR1);
  298         PRINTREG32(regs, RTW_TSFTRL);
  299         PRINTREG32(regs, RTW_TSFTRH);
  300         PRINTREG32(regs, RTW_TLPDA);
  301         PRINTREG32(regs, RTW_TNPDA);
  302         PRINTREG32(regs, RTW_THPDA);
  303         PRINTREG32(regs, RTW_TCR);
  304         PRINTREG32(regs, RTW_RCR);
  305         PRINTREG32(regs, RTW_TINT);
  306         PRINTREG32(regs, RTW_TBDA);
  307         PRINTREG32(regs, RTW_ANAPARM);
  308         PRINTREG32(regs, RTW_BB);
  309         PRINTREG32(regs, RTW_PHYCFG);
  310         PRINTREG32(regs, RTW_WAKEUP0L);
  311         PRINTREG32(regs, RTW_WAKEUP0H);
  312         PRINTREG32(regs, RTW_WAKEUP1L);
  313         PRINTREG32(regs, RTW_WAKEUP1H);
  314         PRINTREG32(regs, RTW_WAKEUP2LL);
  315         PRINTREG32(regs, RTW_WAKEUP2LH);
  316         PRINTREG32(regs, RTW_WAKEUP2HL);
  317         PRINTREG32(regs, RTW_WAKEUP2HH);
  318         PRINTREG32(regs, RTW_WAKEUP3LL);
  319         PRINTREG32(regs, RTW_WAKEUP3LH);
  320         PRINTREG32(regs, RTW_WAKEUP3HL);
  321         PRINTREG32(regs, RTW_WAKEUP3HH);
  322         PRINTREG32(regs, RTW_WAKEUP4LL);
  323         PRINTREG32(regs, RTW_WAKEUP4LH);
  324         PRINTREG32(regs, RTW_WAKEUP4HL);
  325         PRINTREG32(regs, RTW_WAKEUP4HH);
  326         PRINTREG32(regs, RTW_DK0);
  327         PRINTREG32(regs, RTW_DK1);
  328         PRINTREG32(regs, RTW_DK2);
  329         PRINTREG32(regs, RTW_DK3);
  330         PRINTREG32(regs, RTW_RETRYCTR);
  331         PRINTREG32(regs, RTW_RDSAR);
  332         PRINTREG32(regs, RTW_FER);
  333         PRINTREG32(regs, RTW_FEMR);
  334         PRINTREG32(regs, RTW_FPSR);
  335         PRINTREG32(regs, RTW_FFER);
  336 
  337         /* 16-bit registers */
  338         PRINTREG16(regs, RTW_BRSR);
  339         PRINTREG16(regs, RTW_IMR);
  340         PRINTREG16(regs, RTW_ISR);
  341         PRINTREG16(regs, RTW_BCNITV);
  342         PRINTREG16(regs, RTW_ATIMWND);
  343         PRINTREG16(regs, RTW_BINTRITV);
  344         PRINTREG16(regs, RTW_ATIMTRITV);
  345         PRINTREG16(regs, RTW_CRC16ERR);
  346         PRINTREG16(regs, RTW_CRC0);
  347         PRINTREG16(regs, RTW_CRC1);
  348         PRINTREG16(regs, RTW_CRC2);
  349         PRINTREG16(regs, RTW_CRC3);
  350         PRINTREG16(regs, RTW_CRC4);
  351         PRINTREG16(regs, RTW_CWR);
  352 
  353         /* 8-bit registers */
  354         PRINTREG8(regs, RTW_CR);
  355         PRINTREG8(regs, RTW_9346CR);
  356         PRINTREG8(regs, RTW_CONFIG0);
  357         PRINTREG8(regs, RTW_CONFIG1);
  358         PRINTREG8(regs, RTW_CONFIG2);
  359         PRINTREG8(regs, RTW_MSR);
  360         PRINTREG8(regs, RTW_CONFIG3);
  361         PRINTREG8(regs, RTW_CONFIG4);
  362         PRINTREG8(regs, RTW_TESTR);
  363         PRINTREG8(regs, RTW_PSR);
  364         PRINTREG8(regs, RTW_SCR);
  365         PRINTREG8(regs, RTW_PHYDELAY);
  366         PRINTREG8(regs, RTW_CRCOUNT);
  367         PRINTREG8(regs, RTW_PHYADDR);
  368         PRINTREG8(regs, RTW_PHYDATAW);
  369         PRINTREG8(regs, RTW_PHYDATAR);
  370         PRINTREG8(regs, RTW_CONFIG5);
  371         PRINTREG8(regs, RTW_TPPOLL);
  372 
  373         PRINTREG16(regs, RTW_BSSID16);
  374         PRINTREG32(regs, RTW_BSSID32);
  375 #undef PRINTREG32
  376 #undef PRINTREG16
  377 #undef PRINTREG8
  378 }
  379 #endif /* RTW_DEBUG */
  380 
  381 static void
  382 rtw_continuous_tx_enable(struct rtw_softc *sc, int enable)
  383 {
  384         struct rtw_regs *regs = &sc->sc_regs;
  385         uint32_t tcr;
  386 
  387         tcr = RTW_READ(regs, RTW_TCR);
  388         tcr &= ~RTW_TCR_LBK_MASK;
  389         if (enable)
  390                 tcr |= RTW_TCR_LBK_CONT;
  391         else
  392                 tcr |= RTW_TCR_LBK_NORMAL;
  393         RTW_WRITE(regs, RTW_TCR, tcr);
  394         RTW_SYNC(regs, RTW_TCR, RTW_TCR);
  395         rtw_set_access(sc, RTW_ACCESS_ANAPARM);
  396         rtw_txdac_enable(sc, !enable);
  397         rtw_set_access(sc, RTW_ACCESS_ANAPARM);/* XXX Voodoo from Linux. */
  398         rtw_set_access(sc, RTW_ACCESS_NONE);
  399 }
  400 
  401 #ifdef RTW_DEBUG
  402 static const char *
  403 rtw_access_string(enum rtw_access access)
  404 {
  405         switch (access) {
  406         case RTW_ACCESS_NONE:
  407                 return "none";
  408         case RTW_ACCESS_CONFIG:
  409                 return "config";
  410         case RTW_ACCESS_ANAPARM:
  411                 return "anaparm";
  412         default:
  413                 return "unknown";
  414         }
  415 }
  416 #endif /* RTW_DEBUG */
  417 
  418 static void
  419 rtw_set_access1(struct rtw_regs *regs, enum rtw_access naccess)
  420 {
  421         KKASSERT(naccess >= RTW_ACCESS_NONE && naccess <= RTW_ACCESS_ANAPARM);
  422         KKASSERT(regs->r_access >= RTW_ACCESS_NONE &&
  423                  regs->r_access <= RTW_ACCESS_ANAPARM);
  424 
  425         if (naccess == regs->r_access)
  426                 return;
  427 
  428         switch (naccess) {
  429         case RTW_ACCESS_NONE:
  430                 switch (regs->r_access) {
  431                 case RTW_ACCESS_ANAPARM:
  432                         rtw_anaparm_enable(regs, 0);
  433                         /*FALLTHROUGH*/
  434                 case RTW_ACCESS_CONFIG:
  435                         rtw_config0123_enable(regs, 0);
  436                         /*FALLTHROUGH*/
  437                 case RTW_ACCESS_NONE:
  438                         break;
  439                 }
  440                 break;
  441         case RTW_ACCESS_CONFIG:
  442                 switch (regs->r_access) {
  443                 case RTW_ACCESS_NONE:
  444                         rtw_config0123_enable(regs, 1);
  445                         /*FALLTHROUGH*/
  446                 case RTW_ACCESS_CONFIG:
  447                         break;
  448                 case RTW_ACCESS_ANAPARM:
  449                         rtw_anaparm_enable(regs, 0);
  450                         break;
  451                 }
  452                 break;
  453         case RTW_ACCESS_ANAPARM:
  454                 switch (regs->r_access) {
  455                 case RTW_ACCESS_NONE:
  456                         rtw_config0123_enable(regs, 1);
  457                         /*FALLTHROUGH*/
  458                 case RTW_ACCESS_CONFIG:
  459                         rtw_anaparm_enable(regs, 1);
  460                         /*FALLTHROUGH*/
  461                 case RTW_ACCESS_ANAPARM:
  462                         break;
  463                 }
  464                 break;
  465         }
  466 }
  467 
  468 static void
  469 rtw_set_access(struct rtw_softc *sc, enum rtw_access access)
  470 {
  471         struct rtw_regs *regs = &sc->sc_regs;
  472 
  473         rtw_set_access1(regs, access);
  474         RTW_DPRINTF(RTW_DEBUG_ACCESS,
  475             ("%s: access %s -> %s\n", sc->sc_ic.ic_if.if_xname,
  476             rtw_access_string(regs->r_access),
  477             rtw_access_string(access)));
  478         regs->r_access = access;
  479 }
  480 
  481 /*
  482  * Enable registers, switch register banks.
  483  */
  484 static void
  485 rtw_config0123_enable(struct rtw_regs *regs, int enable)
  486 {
  487         uint8_t ecr;
  488 
  489         ecr = RTW_READ8(regs, RTW_9346CR);
  490         ecr &= ~(RTW_9346CR_EEM_MASK | RTW_9346CR_EECS | RTW_9346CR_EESK);
  491         if (enable) {
  492                 ecr |= RTW_9346CR_EEM_CONFIG;
  493         } else {
  494                 RTW_WBW(regs, RTW_9346CR, MAX(RTW_CONFIG0, RTW_CONFIG3));
  495                 ecr |= RTW_9346CR_EEM_NORMAL;
  496         }
  497         RTW_WRITE8(regs, RTW_9346CR, ecr);
  498         RTW_SYNC(regs, RTW_9346CR, RTW_9346CR);
  499 }
  500 
  501 /* requires rtw_config0123_enable(, 1) */
  502 static void
  503 rtw_anaparm_enable(struct rtw_regs *regs, int enable)
  504 {
  505         uint8_t cfg3;
  506 
  507         cfg3 = RTW_READ8(regs, RTW_CONFIG3);
  508         cfg3 |= RTW_CONFIG3_CLKRUNEN;
  509         if (enable)
  510                 cfg3 |= RTW_CONFIG3_PARMEN;
  511         else
  512                 cfg3 &= ~RTW_CONFIG3_PARMEN;
  513         RTW_WRITE8(regs, RTW_CONFIG3, cfg3);
  514         RTW_SYNC(regs, RTW_CONFIG3, RTW_CONFIG3);
  515 }
  516 
  517 /* requires rtw_anaparm_enable(, 1) */
  518 static void
  519 rtw_txdac_enable(struct rtw_softc *sc, int enable)
  520 {
  521         uint32_t anaparm;
  522         struct rtw_regs *regs = &sc->sc_regs;
  523 
  524         anaparm = RTW_READ(regs, RTW_ANAPARM);
  525         if (enable)
  526                 anaparm &= ~RTW_ANAPARM_TXDACOFF;
  527         else
  528                 anaparm |= RTW_ANAPARM_TXDACOFF;
  529         RTW_WRITE(regs, RTW_ANAPARM, anaparm);
  530         RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
  531 }
  532 
  533 static int
  534 rtw_chip_reset1(struct rtw_softc *sc)
  535 {
  536         struct rtw_regs *regs = &sc->sc_regs;
  537         uint8_t cr;
  538         int i;
  539 
  540         RTW_WRITE8(regs, RTW_CR, RTW_CR_RST);
  541 
  542         RTW_WBR(regs, RTW_CR, RTW_CR);
  543 
  544         for (i = 0; i < 1000; i++) {
  545                 if ((cr = RTW_READ8(regs, RTW_CR) & RTW_CR_RST) == 0) {
  546                         RTW_DPRINTF(RTW_DEBUG_RESET,
  547                             ("%s: reset in %dus\n",
  548                              sc->sc_ic.ic_if.if_xname, i));
  549                         return 0;
  550                 }
  551                 RTW_RBR(regs, RTW_CR, RTW_CR);
  552                 DELAY(10); /* 10us */
  553         }
  554 
  555         if_printf(&sc->sc_ic.ic_if, "reset failed\n");
  556         return ETIMEDOUT;
  557 }
  558 
  559 static int
  560 rtw_chip_reset(struct rtw_softc *sc)
  561 {
  562         struct rtw_regs *regs = &sc->sc_regs;
  563         uint32_t tcr;
  564 
  565         /* from Linux driver */
  566         tcr = RTW_TCR_CWMIN | RTW_TCR_MXDMA_2048 |
  567               __SHIFTIN(7, RTW_TCR_SRL_MASK) | __SHIFTIN(7, RTW_TCR_LRL_MASK);
  568 
  569         RTW_WRITE(regs, RTW_TCR, tcr);
  570 
  571         RTW_WBW(regs, RTW_CR, RTW_TCR);
  572 
  573         return rtw_chip_reset1(sc);
  574 }
  575 
  576 static int
  577 rtw_wep_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen)
  578 {
  579         struct ieee80211_key keycopy;
  580         const struct ieee80211_cipher *wep_cipher;
  581 
  582         RTW_DPRINTF(RTW_DEBUG_KEY, ("%s:\n", __func__));
  583 
  584         keycopy = *k;
  585         keycopy.wk_flags &= ~IEEE80211_KEY_SWCRYPT;
  586 
  587         wep_cipher = ieee80211_crypto_cipher(IEEE80211_CIPHER_WEP);
  588         KKASSERT(wep_cipher != NULL);
  589 
  590         return wep_cipher->ic_decap(&keycopy, m, hdrlen);
  591 }
  592 
  593 static int
  594 rtw_key_delete(struct ieee80211com *ic, const struct ieee80211_key *k)
  595 {
  596         struct rtw_softc *sc = ic->ic_ifp->if_softc;
  597         u_int keyix = k->wk_keyix;
  598 
  599         DPRINTF(sc, RTW_DEBUG_KEY, ("%s: delete key %u\n", __func__, keyix));
  600 
  601         if (keyix >= IEEE80211_WEP_NKID)
  602                 return 0;
  603         if (k->wk_keylen != 0)
  604                 sc->sc_flags &= ~RTW_F_DK_VALID;
  605         return 1;
  606 }
  607 
  608 static int
  609 rtw_key_set(struct ieee80211com *ic, const struct ieee80211_key *k,
  610             const u_int8_t mac[IEEE80211_ADDR_LEN])
  611 {
  612         struct rtw_softc *sc = ic->ic_ifp->if_softc;
  613 
  614         DPRINTF(sc, RTW_DEBUG_KEY, ("%s: set key %u\n", __func__, k->wk_keyix));
  615 
  616         if (k->wk_keyix >= IEEE80211_WEP_NKID)
  617                 return 0;
  618 
  619         sc->sc_flags &= ~RTW_F_DK_VALID;
  620         return 1;
  621 }
  622 
  623 static void
  624 rtw_key_update_begin(struct ieee80211com *ic)
  625 {
  626 #ifdef RTW_DEBUG
  627         struct ifnet *ifp = ic->ic_ifp;
  628         struct rtw_softc *sc = ifp->if_softc;
  629 #endif
  630 
  631         DPRINTF(sc, RTW_DEBUG_KEY, ("%s:\n", __func__));
  632 }
  633 
  634 static void
  635 rtw_key_update_end(struct ieee80211com *ic)
  636 {
  637         struct ifnet *ifp = ic->ic_ifp;
  638         struct rtw_softc *sc = ifp->if_softc;
  639 
  640         DPRINTF(sc, RTW_DEBUG_KEY, ("%s:\n", __func__));
  641 
  642         if ((sc->sc_flags & RTW_F_DK_VALID) != 0 ||
  643             (sc->sc_flags & RTW_F_ENABLED) == 0 ||
  644             (sc->sc_flags & RTW_F_INVALID) != 0)
  645                 return;
  646 
  647         rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE, 0);
  648         rtw_wep_setkeys(sc);
  649         rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE,
  650                       (ifp->if_flags & IFF_RUNNING) != 0);
  651 }
  652 
  653 static __inline int
  654 rtw_key_hwsupp(uint32_t flags, const struct ieee80211_key *k)
  655 {
  656         if (k->wk_cipher->ic_cipher != IEEE80211_CIPHER_WEP)
  657                 return 0;
  658 
  659         return ((flags & RTW_C_RXWEP_40) != 0 && k->wk_keylen == 5) ||
  660                ((flags & RTW_C_RXWEP_104) != 0 && k->wk_keylen == 13);
  661 }
  662 
  663 static void
  664 rtw_wep_setkeys(struct rtw_softc *sc)
  665 {
  666         struct ieee80211com *ic = &sc->sc_ic;
  667         struct ieee80211_key *wk = ic->ic_nw_keys;
  668         const struct ieee80211_cipher *wep_cipher;
  669         struct rtw_regs *regs = &sc->sc_regs;
  670         union rtw_keys *rk = &sc->sc_keys;
  671         uint8_t psr, scr;
  672         int i, keylen;
  673 
  674         memset(rk->rk_keys, 0, sizeof(rk->rk_keys));
  675 
  676         wep_cipher = ieee80211_crypto_cipher(IEEE80211_CIPHER_WEP);
  677         KKASSERT(wep_cipher != NULL);
  678 
  679         /* Temporarily use software crypto for all keys. */
  680         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  681                 if (wk[i].wk_cipher == &rtw_cipher_wep)
  682                         wk[i].wk_cipher = wep_cipher;
  683         }
  684 
  685         rtw_set_access(sc, RTW_ACCESS_CONFIG);
  686 
  687         psr = RTW_READ8(regs, RTW_PSR);
  688         scr = RTW_READ8(regs, RTW_SCR);
  689         scr &= ~(RTW_SCR_KM_MASK | RTW_SCR_TXSECON | RTW_SCR_RXSECON);
  690 
  691         if ((sc->sc_ic.ic_flags & IEEE80211_F_PRIVACY) == 0)
  692                 goto out;
  693 
  694         for (keylen = i = 0; i < IEEE80211_WEP_NKID; i++) {
  695                 if (!rtw_key_hwsupp(sc->sc_flags, &wk[i]))
  696                         continue;
  697                 if (i == ic->ic_def_txkey) {
  698                         keylen = wk[i].wk_keylen;
  699                         break;
  700                 }
  701                 keylen = MAX(keylen, wk[i].wk_keylen);
  702         }
  703 
  704         if (keylen == 5)
  705                 scr |= RTW_SCR_KM_WEP40 | RTW_SCR_RXSECON;
  706         else if (keylen == 13)
  707                 scr |= RTW_SCR_KM_WEP104 | RTW_SCR_RXSECON;
  708 
  709         for (i = 0; i < IEEE80211_WEP_NKID; i++) {
  710                 if (wk[i].wk_keylen != keylen ||
  711                     wk[i].wk_cipher->ic_cipher != IEEE80211_CIPHER_WEP)
  712                         continue;
  713                 /* h/w will decrypt, s/w still strips headers */
  714                 wk[i].wk_cipher = &rtw_cipher_wep;
  715                 memcpy(rk->rk_keys[i], wk[i].wk_key, wk[i].wk_keylen);
  716         }
  717 out:
  718         RTW_WRITE8(regs, RTW_PSR, psr & ~RTW_PSR_PSEN);
  719 
  720         bus_space_write_region_4(regs->r_bt, regs->r_bh, RTW_DK0, rk->rk_words,
  721                 NELEM(rk->rk_words));
  722 
  723         RTW_WBW(regs, RTW_DK0, RTW_PSR);
  724         RTW_WRITE8(regs, RTW_PSR, psr);
  725         RTW_WBW(regs, RTW_PSR, RTW_SCR);
  726         RTW_WRITE8(regs, RTW_SCR, scr);
  727         RTW_SYNC(regs, RTW_SCR, RTW_SCR);
  728         rtw_set_access(sc, RTW_ACCESS_NONE);
  729         sc->sc_flags |= RTW_F_DK_VALID;
  730 }
  731 
  732 static int
  733 rtw_recall_eeprom(struct rtw_softc *sc)
  734 {
  735         struct rtw_regs *regs = &sc->sc_regs;
  736         int i;
  737         uint8_t ecr;
  738 
  739         ecr = RTW_READ8(regs, RTW_9346CR);
  740         ecr = (ecr & ~RTW_9346CR_EEM_MASK) | RTW_9346CR_EEM_AUTOLOAD;
  741         RTW_WRITE8(regs, RTW_9346CR, ecr);
  742 
  743         RTW_WBR(regs, RTW_9346CR, RTW_9346CR);
  744 
  745         /* wait 25ms for completion */
  746         for (i = 0; i < 250; i++) {
  747                 ecr = RTW_READ8(regs, RTW_9346CR);
  748                 if ((ecr & RTW_9346CR_EEM_MASK) == RTW_9346CR_EEM_NORMAL) {
  749                         RTW_DPRINTF(RTW_DEBUG_RESET,
  750                             ("%s: recall EEPROM in %dus\n",
  751                              sc->sc_ic.ic_if.if_xname, i * 100));
  752                         return 0;
  753                 }
  754                 RTW_RBR(regs, RTW_9346CR, RTW_9346CR);
  755                 DELAY(100);
  756         }
  757         if_printf(&sc->sc_ic.ic_if, "recall EEPROM failed\n");
  758         return ETIMEDOUT;
  759 }
  760 
  761 static int
  762 rtw_reset(struct rtw_softc *sc)
  763 {
  764         struct rtw_regs *regs = &sc->sc_regs;
  765         uint8_t config1;
  766         int rc;
  767 
  768         sc->sc_flags &= ~RTW_F_DK_VALID;
  769 
  770         rc = rtw_chip_reset(sc);
  771         if (rc)
  772                 return rc;
  773 
  774         rtw_recall_eeprom(sc);  /* ignore err */
  775 
  776         config1 = RTW_READ8(regs, RTW_CONFIG1);
  777         RTW_WRITE8(regs, RTW_CONFIG1, config1 & ~RTW_CONFIG1_PMEN);
  778         /* TBD turn off maximum power saving? */
  779         return 0;
  780 }
  781 
  782 static int
  783 rtw_srom_parse(struct rtw_softc *sc)
  784 {
  785         struct rtw_srom *sr = &sc->sc_srom;
  786         char scratch[sizeof("unknown 0xXX")];
  787         uint8_t mac[IEEE80211_ADDR_LEN];
  788         const char *rfname, *paname;
  789         uint16_t srom_version;
  790         char ethstr[ETHER_ADDRSTRLEN + 1];
  791         int i;
  792 
  793         sc->sc_flags &= ~(RTW_F_DIGPHY | RTW_F_DFLANTB | RTW_F_ANTDIV);
  794         sc->sc_rcr &= ~(RTW_RCR_ENCS1 | RTW_RCR_ENCS2);
  795 
  796         srom_version = RTW_SR_GET16(sr, RTW_SR_VERSION);
  797         if_printf(&sc->sc_ic.ic_if, "SROM version %d.%d",
  798                   srom_version >> 8, srom_version & 0xff);
  799 
  800         if (srom_version <= 0x0101) {
  801                 kprintf(" is not understood, limping along with defaults\n");
  802 
  803                 /* Default values */
  804                 sc->sc_flags |= (RTW_F_DIGPHY | RTW_F_ANTDIV);
  805                 sc->sc_csthr = RTW_SR_ENERGYDETTHR_DEFAULT;
  806                 sc->sc_rcr |= RTW_RCR_ENCS1;
  807                 sc->sc_rfchipid = RTW_RFCHIPID_PHILIPS;
  808                 return 0;
  809         }
  810         kprintf("\n");
  811 
  812         for (i = 0; i < IEEE80211_ADDR_LEN; i++)
  813                 mac[i] = RTW_SR_GET(sr, RTW_SR_MAC + i);
  814 
  815         RTW_DPRINTF(RTW_DEBUG_ATTACH,
  816             ("%s: EEPROM MAC %s\n", sc->sc_ic.ic_if.if_xname, kether_addr(mac, ethstr)));
  817 
  818         sc->sc_csthr = RTW_SR_GET(sr, RTW_SR_ENERGYDETTHR);
  819 
  820         if ((RTW_SR_GET(sr, RTW_SR_CONFIG2) & RTW_CONFIG2_ANT) != 0)
  821                 sc->sc_flags |= RTW_F_ANTDIV;
  822 
  823         /*
  824          * Note well: the sense of the RTW_SR_RFPARM_DIGPHY bit seems
  825          * to be reversed.
  826          */
  827         if ((RTW_SR_GET(sr, RTW_SR_RFPARM) & RTW_SR_RFPARM_DIGPHY) == 0)
  828                 sc->sc_flags |= RTW_F_DIGPHY;
  829         if ((RTW_SR_GET(sr, RTW_SR_RFPARM) & RTW_SR_RFPARM_DFLANTB) != 0)
  830                 sc->sc_flags |= RTW_F_DFLANTB;
  831 
  832         sc->sc_rcr |= __SHIFTIN(__SHIFTOUT(RTW_SR_GET(sr, RTW_SR_RFPARM),
  833                                 RTW_SR_RFPARM_CS_MASK), RTW_RCR_ENCS1);
  834 
  835         if ((RTW_SR_GET(sr, RTW_SR_CONFIG0) & RTW_CONFIG0_WEP104) != 0)
  836                 sc->sc_flags |= RTW_C_RXWEP_104;
  837 
  838         sc->sc_flags |= RTW_C_RXWEP_40; /* XXX */
  839 
  840         sc->sc_rfchipid = RTW_SR_GET(sr, RTW_SR_RFCHIPID);
  841         switch (sc->sc_rfchipid) {
  842         case RTW_RFCHIPID_GCT:          /* this combo seen in the wild */
  843                 rfname = "GCT GRF5101";
  844                 paname = "Winspring WS9901";
  845                 break;
  846         case RTW_RFCHIPID_MAXIM:
  847                 rfname = "Maxim MAX2820";       /* guess */
  848                 paname = "Maxim MAX2422";       /* guess */
  849                 break;
  850         case RTW_RFCHIPID_INTERSIL:
  851                 rfname = "Intersil HFA3873";    /* guess */
  852                 paname = "Intersil <unknown>";
  853                 break;
  854         case RTW_RFCHIPID_PHILIPS:      /* this combo seen in the wild */
  855                 rfname = "Philips SA2400A";
  856                 paname = "Philips SA2411";
  857                 break;
  858         case RTW_RFCHIPID_RFMD:
  859                 /* this is the same front-end as an atw(4)! */
  860                 rfname = "RFMD RF2948B, "       /* mentioned in Realtek docs */
  861                          "LNA: RFMD RF2494, "   /* mentioned in Realtek docs */
  862                          "SYN: Silicon Labs Si4126";    /* inferred from
  863                                                          * reference driver
  864                                                          */
  865                 paname = "RFMD RF2189";         /* mentioned in Realtek docs */
  866                 break;
  867         case RTW_RFCHIPID_RESERVED:
  868                 rfname = paname = "reserved";
  869                 break;
  870         default:
  871                 ksnprintf(scratch, sizeof(scratch), "unknown 0x%02x",
  872                          sc->sc_rfchipid);
  873                 rfname = paname = scratch;
  874         }
  875         if_printf(&sc->sc_ic.ic_if, "RF: %s, PA: %s\n", rfname, paname);
  876 
  877         switch (RTW_SR_GET(sr, RTW_SR_CONFIG0) & RTW_CONFIG0_GL_MASK) {
  878         case RTW_CONFIG0_GL_USA:
  879         case _RTW_CONFIG0_GL_USA:
  880                 sc->sc_locale = RTW_LOCALE_USA;
  881                 break;
  882         case RTW_CONFIG0_GL_EUROPE:
  883                 sc->sc_locale = RTW_LOCALE_EUROPE;
  884                 break;
  885         case RTW_CONFIG0_GL_JAPAN:
  886                 sc->sc_locale = RTW_LOCALE_JAPAN;
  887                 break;
  888         default:
  889                 sc->sc_locale = RTW_LOCALE_UNKNOWN;
  890                 break;
  891         }
  892         return 0;
  893 }
  894 
  895 static int
  896 rtw_srom_read(struct rtw_softc *sc)
  897 {
  898         struct rtw_regs *regs = &sc->sc_regs;
  899         struct rtw_srom *sr = &sc->sc_srom;
  900         struct seeprom_descriptor sd;
  901         uint8_t ecr;
  902         int rc;
  903 
  904         memset(&sd, 0, sizeof(sd));
  905 
  906         ecr = RTW_READ8(regs, RTW_9346CR);
  907 
  908         if ((sc->sc_flags & RTW_F_9356SROM) != 0) {
  909                 RTW_DPRINTF(RTW_DEBUG_ATTACH,
  910                             ("%s: 93c56 SROM\n", sc->sc_ic.ic_if.if_xname));
  911                 sr->sr_size = 256;
  912                 sd.sd_chip = C56_66;
  913         } else {
  914                 RTW_DPRINTF(RTW_DEBUG_ATTACH,
  915                             ("%s: 93c46 SROM\n", sc->sc_ic.ic_if.if_xname));
  916                 sr->sr_size = 128;
  917                 sd.sd_chip = C46;
  918         }
  919 
  920         ecr &= ~(RTW_9346CR_EEDI | RTW_9346CR_EEDO | RTW_9346CR_EESK |
  921             RTW_9346CR_EEM_MASK | RTW_9346CR_EECS);
  922         ecr |= RTW_9346CR_EEM_PROGRAM;
  923 
  924         RTW_WRITE8(regs, RTW_9346CR, ecr);
  925 
  926         sr->sr_content = kmalloc(sr->sr_size, M_DEVBUF, M_WAITOK | M_ZERO);
  927 
  928         /*
  929          * RTL8180 has a single 8-bit register for controlling the
  930          * 93cx6 SROM.  There is no "ready" bit. The RTL8180
  931          * input/output sense is the reverse of read_seeprom's.
  932          */
  933         sd.sd_tag = regs->r_bt;
  934         sd.sd_bsh = regs->r_bh;
  935         sd.sd_regsize = 1;
  936         sd.sd_control_offset = RTW_9346CR;
  937         sd.sd_status_offset = RTW_9346CR;
  938         sd.sd_dataout_offset = RTW_9346CR;
  939         sd.sd_CK = RTW_9346CR_EESK;
  940         sd.sd_CS = RTW_9346CR_EECS;
  941         sd.sd_DI = RTW_9346CR_EEDO;
  942         sd.sd_DO = RTW_9346CR_EEDI;
  943         /* make read_seeprom enter EEPROM read/write mode */
  944         sd.sd_MS = ecr;
  945         sd.sd_RDY = 0;
  946 
  947         /* TBD bus barriers */
  948         if (!read_seeprom(&sd, sr->sr_content, 0, sr->sr_size / 2)) {
  949                 if_printf(&sc->sc_ic.ic_if, "could not read SROM\n");
  950                 kfree(sr->sr_content, M_DEVBUF);
  951                 sr->sr_content = NULL;
  952                 return EIO;     /* XXX */
  953         }
  954 
  955         /* end EEPROM read/write mode */
  956         RTW_WRITE8(regs, RTW_9346CR,
  957                    (ecr & ~RTW_9346CR_EEM_MASK) | RTW_9346CR_EEM_NORMAL);
  958         RTW_WBRW(regs, RTW_9346CR, RTW_9346CR);
  959 
  960         rc = rtw_recall_eeprom(sc);
  961         if (rc)
  962                 return rc;
  963 
  964 #ifdef RTW_DEBUG
  965         {
  966                 int i;
  967                 RTW_DPRINTF(RTW_DEBUG_ATTACH,
  968                     ("\n%s: serial ROM:\n\t", sc->sc_ic.ic_if.if_xname));
  969                 for (i = 0; i < sr->sr_size/2; i++) {
  970                         if (((i % 8) == 0) && (i != 0))
  971                                 RTW_DPRINTF(RTW_DEBUG_ATTACH, ("\n\t"));
  972                         RTW_DPRINTF(RTW_DEBUG_ATTACH,
  973                             (" %04x", sr->sr_content[i]));
  974                 }
  975                 RTW_DPRINTF(RTW_DEBUG_ATTACH, ("\n"));
  976         }
  977 #endif /* RTW_DEBUG */
  978         return 0;
  979 }
  980 
  981 static void
  982 rtw_set_rfprog(struct rtw_softc *sc)
  983 {
  984         struct rtw_regs *regs = &sc->sc_regs;
  985         const char *method;
  986         uint8_t cfg4;
  987 
  988         cfg4 = RTW_READ8(regs, RTW_CONFIG4) & ~RTW_CONFIG4_RFTYPE_MASK;
  989 
  990         switch (sc->sc_rfchipid) {
  991         default:
  992                 cfg4 |= __SHIFTIN(rtw_rfprog_fallback, RTW_CONFIG4_RFTYPE_MASK);
  993                 method = "fallback";
  994                 break;
  995         case RTW_RFCHIPID_INTERSIL:
  996                 cfg4 |= RTW_CONFIG4_RFTYPE_INTERSIL;
  997                 method = "Intersil";
  998                 break;
  999         case RTW_RFCHIPID_PHILIPS:
 1000                 cfg4 |= RTW_CONFIG4_RFTYPE_PHILIPS;
 1001                 method = "Philips";
 1002                 break;
 1003         case RTW_RFCHIPID_GCT:  /* XXX a guess */
 1004         case RTW_RFCHIPID_RFMD:
 1005                 cfg4 |= RTW_CONFIG4_RFTYPE_RFMD;
 1006                 method = "RFMD";
 1007                 break;
 1008         }
 1009 
 1010         RTW_WRITE8(regs, RTW_CONFIG4, cfg4);
 1011 
 1012         RTW_WBR(regs, RTW_CONFIG4, RTW_CONFIG4);
 1013 
 1014         RTW_DPRINTF(RTW_DEBUG_INIT,
 1015                     ("%s: %s RF programming method, %#02x\n",
 1016                      sc->sc_ic.ic_if.if_xname, method,
 1017                      RTW_READ8(regs, RTW_CONFIG4)));
 1018 }
 1019 
 1020 static __inline void
 1021 rtw_init_channels(struct rtw_softc *sc)
 1022 {
 1023         const char *name = NULL;
 1024         struct ieee80211_channel *chans = sc->sc_ic.ic_channels;
 1025         int i;
 1026 #define ADD_CHANNEL(_chans, _chan) do {                         \
 1027         _chans[_chan].ic_flags = IEEE80211_CHAN_B;              \
 1028         _chans[_chan].ic_freq =                                 \
 1029             ieee80211_ieee2mhz(_chan, _chans[_chan].ic_flags);  \
 1030 } while (0)
 1031 
 1032         switch (sc->sc_locale) {
 1033         case RTW_LOCALE_USA:    /* 1-11 */
 1034                 name = "USA";
 1035                 for (i = 1; i <= 11; i++)
 1036                         ADD_CHANNEL(chans, i);
 1037                 break;
 1038         case RTW_LOCALE_JAPAN:  /* 1-14 */
 1039                 name = "Japan";
 1040                 ADD_CHANNEL(chans, 14);
 1041                 for (i = 1; i <= 14; i++)
 1042                         ADD_CHANNEL(chans, i);
 1043                 break;
 1044         case RTW_LOCALE_EUROPE: /* 1-13 */
 1045                 name = "Europe";
 1046                 for (i = 1; i <= 13; i++)
 1047                         ADD_CHANNEL(chans, i);
 1048                 break;
 1049         default:                        /* 10-11 allowed by most countries */
 1050                 name = "<unknown>";
 1051                 for (i = 10; i <= 11; i++)
 1052                         ADD_CHANNEL(chans, i);
 1053                 break;
 1054         }
 1055         if_printf(&sc->sc_ic.ic_if, "Geographic Location %s\n", name);
 1056 #undef ADD_CHANNEL
 1057 }
 1058 
 1059 
 1060 static void
 1061 rtw_identify_country(struct rtw_softc *sc)
 1062 {
 1063         uint8_t cfg0;
 1064 
 1065         cfg0 = RTW_READ8(&sc->sc_regs, RTW_CONFIG0);
 1066         switch (cfg0 & RTW_CONFIG0_GL_MASK) {
 1067         case RTW_CONFIG0_GL_USA:
 1068         case _RTW_CONFIG0_GL_USA:
 1069                 sc->sc_locale = RTW_LOCALE_USA;
 1070                 break;
 1071         case RTW_CONFIG0_GL_JAPAN:
 1072                 sc->sc_locale = RTW_LOCALE_JAPAN;
 1073                 break;
 1074         case RTW_CONFIG0_GL_EUROPE:
 1075                 sc->sc_locale = RTW_LOCALE_EUROPE;
 1076                 break;
 1077         default:
 1078                 sc->sc_locale = RTW_LOCALE_UNKNOWN;
 1079                 break;
 1080         }
 1081 }
 1082 
 1083 static int
 1084 rtw_identify_sta(struct rtw_softc *sc)
 1085 {
 1086         static const uint8_t empty_macaddr[IEEE80211_ADDR_LEN] = {
 1087                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 1088         };
 1089         struct rtw_regs *regs = &sc->sc_regs;
 1090         uint8_t *addr = sc->sc_ic.ic_myaddr;
 1091         uint32_t idr0, idr1;
 1092 
 1093         idr0 = RTW_READ(regs, RTW_IDR0);
 1094         idr1 = RTW_READ(regs, RTW_IDR1);
 1095 
 1096         addr[0] = __SHIFTOUT(idr0, __BITS(0,  7));
 1097         addr[1] = __SHIFTOUT(idr0, __BITS(8,  15));
 1098         addr[2] = __SHIFTOUT(idr0, __BITS(16, 23));
 1099         addr[3] = __SHIFTOUT(idr0, __BITS(24 ,31));
 1100 
 1101         addr[4] = __SHIFTOUT(idr1, __BITS(0,  7));
 1102         addr[5] = __SHIFTOUT(idr1, __BITS(8, 15));
 1103 
 1104         if (IEEE80211_ADDR_EQ(addr, empty_macaddr)) {
 1105                 if_printf(&sc->sc_ic.ic_if, "could not get mac address\n");
 1106                 return ENXIO;
 1107         }
 1108         return 0;
 1109 }
 1110 
 1111 static uint8_t
 1112 rtw_chan2txpower(struct rtw_srom *sr, struct ieee80211com *ic,
 1113                  struct ieee80211_channel *chan)
 1114 {
 1115         u_int idx = RTW_SR_TXPOWER1 + ieee80211_chan2ieee(ic, chan) - 1;
 1116 
 1117         KASSERT(idx >= RTW_SR_TXPOWER1 && idx <= RTW_SR_TXPOWER14,
 1118                 ("%s: channel %d out of range", __func__,
 1119                  idx - RTW_SR_TXPOWER1 + 1));
 1120         return RTW_SR_GET(sr, idx);
 1121 }
 1122 
 1123 static void
 1124 rtw_txdesc_blk_init_all(struct rtw_softc *sc)
 1125 {
 1126         /* nfree: the number of free descriptors in each ring.
 1127          * The beacon ring is a special case: I do not let the
 1128          * driver use all of the descriptors on the beacon ring.
 1129          * The reasons are two-fold:
 1130          *
 1131          * (1) A BEACON descriptor's OWN bit is (apparently) not
 1132          * updated, so the driver cannot easily know if the descriptor
 1133          * belongs to it, or if it is racing the NIC.  If the NIC
 1134          * does not OWN every descriptor, then the driver can safely
 1135          * update the descriptors when RTW_TBDA points at tdb_next.
 1136          *
 1137          * (2) I hope that the NIC will process more than one BEACON
 1138          * descriptor in a single beacon interval, since that will
 1139          * enable multiple-BSS support.  Since the NIC does not
 1140          * clear the OWN bit, there is no natural place for it to
 1141          * stop processing BEACON desciptors.  Maybe it will *not*
 1142          * stop processing them!  I do not want to chance the NIC
 1143          * looping around and around a saturated beacon ring, so
 1144          * I will leave one descriptor unOWNed at all times.
 1145          */
 1146         int nfree[RTW_NTXPRI] = {
 1147                 RTW_NTXDESCLO,
 1148                 RTW_NTXDESCMD,
 1149                 RTW_NTXDESCHI,
 1150                 RTW_NTXDESCBCN - 1
 1151         };
 1152         struct rtw_txdesc_blk *tdb;
 1153         int pri;
 1154 
 1155         for (tdb = sc->sc_txdesc_blk, pri = 0; pri < RTW_NTXPRI; tdb++, pri++) {
 1156                 tdb->tdb_nfree = nfree[pri];
 1157                 tdb->tdb_next = 0;
 1158 
 1159                 bus_dmamap_sync(tdb->tdb_dmat, tdb->tdb_dmamap,
 1160                                 BUS_DMASYNC_PREWRITE);
 1161         }
 1162 }
 1163 
 1164 static void
 1165 rtw_txsoft_blk_init_all(struct rtw_softc *sc)
 1166 {
 1167         struct rtw_txsoft_blk *tsb;
 1168         int pri;
 1169 
 1170         for (tsb = sc->sc_txsoft_blk, pri = 0; pri < RTW_NTXPRI; tsb++, pri++) {
 1171                 int i;
 1172 
 1173                 STAILQ_INIT(&tsb->tsb_dirtyq);
 1174                 STAILQ_INIT(&tsb->tsb_freeq);
 1175                 for (i = 0; i < tsb->tsb_ndesc; i++) {
 1176                         struct rtw_txsoft *ts;
 1177 
 1178                         ts = &tsb->tsb_desc[i];
 1179                         ts->ts_mbuf = NULL;
 1180                         STAILQ_INSERT_TAIL(&tsb->tsb_freeq, ts, ts_q);
 1181                 }
 1182                 tsb->tsb_tx_timer = 0;
 1183         }
 1184 }
 1185 
 1186 static void
 1187 rtw_rxbuf_dma_map(void *arg, bus_dma_segment_t *seg, int nseg,
 1188                   bus_size_t mapsize, int error)
 1189 {
 1190         if (error)
 1191                 return;
 1192 
 1193         KASSERT(nseg == 1, ("too many rx mbuf seg"));
 1194 
 1195         *((bus_addr_t *)arg) = seg->ds_addr;
 1196 }
 1197 
 1198 static int
 1199 rtw_rxsoft_alloc(struct rtw_softc *sc, struct rtw_rxsoft *rs, int waitok)
 1200 {
 1201         bus_addr_t paddr;
 1202         bus_dmamap_t map;
 1203         struct mbuf *m;
 1204         int rc;
 1205 
 1206         m = m_getcl(waitok ? MB_WAIT : MB_DONTWAIT, MT_DATA, M_PKTHDR);
 1207         if (m == NULL)
 1208                 return ENOBUFS;
 1209 
 1210         m->m_pkthdr.len = m->m_len = MCLBYTES;
 1211 
 1212         rc = bus_dmamap_load_mbuf(sc->sc_rxsoft_dmat, sc->sc_rxsoft_dmamap, m,
 1213                                   rtw_rxbuf_dma_map, &paddr,
 1214                                   waitok ? BUS_DMA_NOWAIT : BUS_DMA_WAITOK);
 1215         if (rc) {
 1216                 if_printf(&sc->sc_ic.ic_if, "can't load rx mbuf\n");
 1217                 m_freem(m);
 1218                 return rc;
 1219         }
 1220 
 1221         if (rs->rs_mbuf != NULL)
 1222                 bus_dmamap_unload(sc->sc_rxsoft_dmat, rs->rs_dmamap);
 1223 
 1224         /* Swap DMA map */
 1225         map = rs->rs_dmamap;
 1226         rs->rs_dmamap = sc->sc_rxsoft_dmamap;
 1227         sc->sc_rxsoft_dmamap = map;
 1228 
 1229         rs->rs_mbuf = m;
 1230         rs->rs_phyaddr = paddr;
 1231 
 1232         bus_dmamap_sync(sc->sc_rxsoft_dmat, rs->rs_dmamap, BUS_DMASYNC_PREREAD);
 1233         return 0;
 1234 }
 1235 
 1236 static int
 1237 rtw_rxsoft_blk_init_all(struct rtw_softc *sc)
 1238 {
 1239         int i, rc = 0;
 1240 
 1241         for (i = 0; i < RTW_RXQLEN; i++) {
 1242                 struct rtw_rxsoft *rs;
 1243 
 1244                 rs = &sc->sc_rxsoft[i];
 1245                 /* we're in rtw_init, so there should be no mbufs allocated */
 1246                 KKASSERT(rs->rs_mbuf == NULL);
 1247 #ifdef RTW_DEBUG
 1248                 if (i == rtw_rxbufs_limit) {
 1249                         if_printf(&sc->sc_ic.ic_if,
 1250                                   "TEST hit %d-buffer limit\n", i);
 1251                         rc = ENOBUFS;
 1252                         break;
 1253                 }
 1254 #endif /* RTW_DEBUG */
 1255                 rc = rtw_rxsoft_alloc(sc, rs, 1);
 1256                 if (rc)
 1257                         break;
 1258         }
 1259         return rc;
 1260 }
 1261 
 1262 static void
 1263 rtw_rxdesc_init(struct rtw_softc *sc, int idx, int kick)
 1264 {
 1265         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 1266         struct rtw_rxdesc *rd = &rdb->rdb_desc[idx];
 1267         struct rtw_rxsoft *rs = &sc->sc_rxsoft[idx];
 1268         uint32_t ctl;
 1269 
 1270 #ifdef RTW_DEBUG
 1271         uint32_t octl, obuf;
 1272 
 1273         obuf = rd->rd_buf;
 1274         octl = rd->rd_ctl;
 1275 #endif  /* RTW_DEBUG */
 1276 
 1277         rd->rd_buf = htole32(rs->rs_phyaddr);
 1278 
 1279         ctl = __SHIFTIN(rs->rs_mbuf->m_len, RTW_RXCTL_LENGTH_MASK) |
 1280               RTW_RXCTL_OWN | RTW_RXCTL_FS | RTW_RXCTL_LS;
 1281 
 1282         if (idx == rdb->rdb_ndesc - 1)
 1283                 ctl |= RTW_RXCTL_EOR;
 1284 
 1285         rd->rd_ctl = htole32(ctl);
 1286 
 1287         RTW_DPRINTF(kick ? (RTW_DEBUG_RECV_DESC | RTW_DEBUG_IO_KICK)
 1288                          : RTW_DEBUG_RECV_DESC,
 1289                     ("%s: rd %p buf %08x -> %08x ctl %08x -> %08x\n",
 1290                      sc->sc_ic.ic_if.if_xname, rd, le32toh(obuf),
 1291                      le32toh(rd->rd_buf), le32toh(octl), le32toh(rd->rd_ctl)));
 1292 }
 1293 
 1294 static void
 1295 rtw_rxdesc_blk_init_all(struct rtw_softc *sc)
 1296 {
 1297         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 1298         int i;
 1299 
 1300         for (i = 0; i < rdb->rdb_ndesc; i++)
 1301                 rtw_rxdesc_init(sc, i, 1);
 1302 
 1303         bus_dmamap_sync(rdb->rdb_dmat, rdb->rdb_dmamap, BUS_DMASYNC_PREWRITE);
 1304 }
 1305 
 1306 static void
 1307 rtw_io_enable(struct rtw_softc *sc, uint8_t flags, int enable)
 1308 {
 1309         struct rtw_regs *regs = &sc->sc_regs;
 1310         uint8_t cr;
 1311 
 1312         RTW_DPRINTF(RTW_DEBUG_IOSTATE,
 1313                     ("%s: %s 0x%02x\n", sc->sc_ic.ic_if.if_xname,
 1314                      enable ? "enable" : "disable", flags));
 1315 
 1316         cr = RTW_READ8(regs, RTW_CR);
 1317 
 1318         /* XXX reference source does not enable MULRW */
 1319 #if 0
 1320         /* enable PCI Read/Write Multiple */
 1321         cr |= RTW_CR_MULRW;
 1322 #endif
 1323 
 1324         RTW_RBW(regs, RTW_CR, RTW_CR);  /* XXX paranoia? */
 1325         if (enable)
 1326                 cr |= flags;
 1327         else
 1328                 cr &= ~flags;
 1329         RTW_WRITE8(regs, RTW_CR, cr);
 1330         RTW_SYNC(regs, RTW_CR, RTW_CR);
 1331 }
 1332 
 1333 static void
 1334 rtw_intr_rx(struct rtw_softc *sc, uint16_t isr)
 1335 {
 1336 #define IS_BEACON(__fc0)                                                \
 1337     ((__fc0 & (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==\
 1338      (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_BEACON))
 1339 
 1340         /*
 1341          * convert rates:
 1342          * hardware -> net80211
 1343          */
 1344         static const int ratetbl[4] = { 2, 4, 11, 22 };
 1345         struct ifnet *ifp = &sc->sc_if;
 1346         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 1347         int next, nproc = 0, sync = 0;
 1348 
 1349         KKASSERT(rdb->rdb_next < rdb->rdb_ndesc);
 1350 
 1351         bus_dmamap_sync(rdb->rdb_dmat, rdb->rdb_dmamap, BUS_DMASYNC_POSTREAD);
 1352 
 1353         for (next = rdb->rdb_next; ; next = (next + 1) % rdb->rdb_ndesc) {
 1354                 struct ieee80211_node *ni;
 1355                 struct ieee80211_frame_min *wh;
 1356                 struct rtw_rxdesc *rd;
 1357                 struct rtw_rxsoft *rs;
 1358                 struct mbuf *m;
 1359                 int hwrate, len, rate, rssi, sq, error;
 1360                 uint32_t hrssi, hstat, htsfth, htsftl;
 1361 
 1362                 rd = &rdb->rdb_desc[next];
 1363                 rs = &sc->sc_rxsoft[next];
 1364 
 1365                 hstat = le32toh(rd->rd_stat);
 1366                 hrssi = le32toh(rd->rd_rssi);
 1367                 htsfth = le32toh(rd->rd_tsfth);
 1368                 htsftl = le32toh(rd->rd_tsftl);
 1369 
 1370                 RTW_DPRINTF(RTW_DEBUG_RECV_DESC,
 1371                             ("%s: rxdesc[%d] hstat %08x hrssi %08x "
 1372                              "htsft %08x%08x\n", ifp->if_xname,
 1373                              next, hstat, hrssi, htsfth, htsftl));
 1374 
 1375                 ++nproc;
 1376 
 1377                 /* still belongs to NIC */
 1378                 if (hstat & RTW_RXSTAT_OWN) {
 1379                         if (nproc > 1)
 1380                                 break;
 1381 
 1382                         /* sometimes the NIC skips to the 0th descriptor */
 1383                         rd = &rdb->rdb_desc[0];
 1384                         if (rd->rd_stat & htole32(RTW_RXSTAT_OWN))
 1385                                 break;
 1386                         RTW_DPRINTF(RTW_DEBUG_BUGS,
 1387                                     ("%s: NIC skipped from rxdesc[%u] "
 1388                                      "to rxdesc[0]\n", ifp->if_xname, next));
 1389                         next = rdb->rdb_ndesc - 1;
 1390                         continue;
 1391                 }
 1392 
 1393 #ifdef RTW_DEBUG
 1394 #define PRINTSTAT(flag) do { \
 1395         if ((hstat & flag) != 0) { \
 1396                 kprintf("%s" #flag, delim); \
 1397                 delim = ","; \
 1398         } \
 1399 } while (0)
 1400                 if (rtw_debug & RTW_DEBUG_RECV_DESC) {
 1401                         const char *delim = "<";
 1402 
 1403                         if_printf(ifp, "%s", "");
 1404                         if ((hstat & RTW_RXSTAT_DEBUG) != 0) {
 1405                                 kprintf("status %08x", hstat);
 1406                                 PRINTSTAT(RTW_RXSTAT_SPLCP);
 1407                                 PRINTSTAT(RTW_RXSTAT_MAR);
 1408                                 PRINTSTAT(RTW_RXSTAT_PAR);
 1409                                 PRINTSTAT(RTW_RXSTAT_BAR);
 1410                                 PRINTSTAT(RTW_RXSTAT_PWRMGT);
 1411                                 PRINTSTAT(RTW_RXSTAT_CRC32);
 1412                                 PRINTSTAT(RTW_RXSTAT_ICV);
 1413                                 kprintf(">, ");
 1414                         }
 1415                 }
 1416 #endif /* RTW_DEBUG */
 1417 
 1418                 if (hstat & RTW_RXSTAT_IOERROR) {
 1419                         if_printf(ifp, "DMA error/FIFO overflow %08x, "
 1420                                   "rx descriptor %d\n",
 1421                                   hstat & RTW_RXSTAT_IOERROR, next);
 1422                         IFNET_STAT_INC(ifp, ierrors, 1);
 1423                         goto next;
 1424                 }
 1425 
 1426                 len = __SHIFTOUT(hstat, RTW_RXSTAT_LENGTH_MASK);
 1427                 if (len < IEEE80211_MIN_LEN) {
 1428                         sc->sc_ic.ic_stats.is_rx_tooshort++;
 1429                         goto next;
 1430                 }
 1431 
 1432                 /* CRC is included with the packet; trim it off. */
 1433                 len -= IEEE80211_CRC_LEN;
 1434 
 1435                 hwrate = __SHIFTOUT(hstat, RTW_RXSTAT_RATE_MASK);
 1436                 if (hwrate >= NELEM(ratetbl)) {
 1437                         if_printf(ifp, "unknown rate #%d\n",
 1438                                   __SHIFTOUT(hstat, RTW_RXSTAT_RATE_MASK));
 1439                         IFNET_STAT_INC(ifp, ierrors, 1);
 1440                         goto next;
 1441                 }
 1442                 rate = ratetbl[hwrate];
 1443 
 1444 #ifdef RTW_DEBUG
 1445                 RTW_DPRINTF(RTW_DEBUG_RECV_DESC,
 1446                             ("%s rate %d.%d Mb/s, time %08x%08x\n",
 1447                              ifp->if_xname, (rate * 5) / 10,
 1448                              (rate * 5) % 10, htsfth, htsftl));
 1449 #endif /* RTW_DEBUG */
 1450 
 1451                 if ((hstat & RTW_RXSTAT_RES) &&
 1452                     sc->sc_ic.ic_opmode != IEEE80211_M_MONITOR)
 1453                         goto next;
 1454 
 1455                 /* if bad flags, skip descriptor */
 1456                 if ((hstat & RTW_RXSTAT_ONESEG) != RTW_RXSTAT_ONESEG) {
 1457                         if_printf(ifp, "too many rx segments\n");
 1458                         goto next;
 1459                 }
 1460 
 1461                 bus_dmamap_sync(sc->sc_rxsoft_dmat, rs->rs_dmamap,
 1462                                 BUS_DMASYNC_POSTREAD);
 1463 
 1464                 m = rs->rs_mbuf;
 1465 
 1466                 /* if temporarily out of memory, re-use mbuf */
 1467                 error = rtw_rxsoft_alloc(sc, rs, 0);
 1468                 if (error) {
 1469                         if_printf(ifp, "%s: rtw_rxsoft_alloc(, %d) failed, "
 1470                             "dropping packet\n", ifp->if_xname, next);
 1471                         goto next;
 1472                 }
 1473 
 1474                 rssi = __SHIFTOUT(hrssi, RTW_RXRSSI_RSSI);
 1475                 sq = __SHIFTOUT(hrssi, RTW_RXRSSI_SQ);
 1476 
 1477                 rssi = rtw_get_rssi(sc, rssi, sq);
 1478 
 1479                 /*
 1480                  * Note well: now we cannot recycle the rs_mbuf unless
 1481                  * we restore its original length.
 1482                  */
 1483                 m->m_pkthdr.rcvif = ifp;
 1484                 m->m_pkthdr.len = m->m_len = len;
 1485 
 1486                 wh = mtod(m, struct ieee80211_frame_min *);
 1487 
 1488                 if (!IS_BEACON(wh->i_fc[0]))
 1489                         sc->sc_led_state.ls_event |= RTW_LED_S_RX;
 1490 
 1491                 /* TBD use _MAR, _BAR, _PAR flags as hints to _find_rxnode? */
 1492                 ni = ieee80211_find_rxnode(&sc->sc_ic, wh);
 1493 
 1494                 sc->sc_tsfth = htsfth;
 1495 
 1496 #ifdef RTW_DEBUG
 1497                 if ((ifp->if_flags & (IFF_DEBUG | IFF_LINK2)) ==
 1498                     (IFF_DEBUG | IFF_LINK2)) {
 1499                         ieee80211_dump_pkt(mtod(m, uint8_t *), m->m_pkthdr.len,
 1500                                            rate, rssi);
 1501                 }
 1502 #endif /* RTW_DEBUG */
 1503 
 1504                 if (sc->sc_radiobpf != NULL) {
 1505                         struct rtw_rx_radiotap_header *rr = &sc->sc_rxtap;
 1506 
 1507                         rr->rr_tsft =
 1508                             htole64(((uint64_t)htsfth << 32) | htsftl);
 1509 
 1510                         if ((hstat & RTW_RXSTAT_SPLCP) != 0)
 1511                                 rr->rr_flags = IEEE80211_RADIOTAP_F_SHORTPRE;
 1512 
 1513                         rr->rr_flags = 0;
 1514                         rr->rr_rate = rate;
 1515                         rr->rr_antsignal = rssi;
 1516                         rr->rr_barker_lock = htole16(sq);
 1517 
 1518                         bpf_ptap(sc->sc_radiobpf, m, rr, sizeof(sc->sc_rxtapu));
 1519                 }
 1520 
 1521                 ieee80211_input(&sc->sc_ic, m, ni, rssi, htsftl);
 1522                 ieee80211_free_node(ni);
 1523 next:
 1524                 rtw_rxdesc_init(sc, next, 0);
 1525                 sync = 1;
 1526         }
 1527 
 1528         if (sync) {
 1529                 bus_dmamap_sync(rdb->rdb_dmat, rdb->rdb_dmamap,
 1530                                 BUS_DMASYNC_PREWRITE);
 1531         }
 1532 
 1533         rdb->rdb_next = next;
 1534         KKASSERT(rdb->rdb_next < rdb->rdb_ndesc);
 1535 #undef IS_BEACON
 1536 }
 1537 
 1538 static __inline void
 1539 rtw_txsoft_release(bus_dma_tag_t dmat, struct rtw_txsoft *ts,
 1540                    int data_retry, int rts_retry, int error, int ratectl)
 1541 {
 1542         struct mbuf *m;
 1543         struct ieee80211_node *ni;
 1544 
 1545         if (!ts->ts_ratectl)
 1546                 ratectl = 0;
 1547 
 1548         m = ts->ts_mbuf;
 1549         ni = ts->ts_ni;
 1550         KKASSERT(m != NULL);
 1551         KKASSERT(ni != NULL);
 1552         ts->ts_mbuf = NULL;
 1553         ts->ts_ni = NULL;
 1554 
 1555         if (ratectl) {
 1556                 struct ieee80211_ratectl_res rc_res;
 1557 
 1558                 rc_res.rc_res_rateidx = ts->ts_rateidx;
 1559                 rc_res.rc_res_tries = data_retry + 1;
 1560 
 1561                 ieee80211_ratectl_tx_complete(ni, m->m_pkthdr.len,
 1562                                               &rc_res, 1,
 1563                                               data_retry, rts_retry,
 1564                                               error);
 1565         }
 1566 
 1567         bus_dmamap_sync(dmat, ts->ts_dmamap, BUS_DMASYNC_POSTWRITE);
 1568         bus_dmamap_unload(dmat, ts->ts_dmamap);
 1569         m_freem(m);
 1570         ieee80211_free_node(ni);
 1571 }
 1572 
 1573 static __inline void
 1574 rtw_collect_txpkt(struct rtw_softc *sc, struct rtw_txdesc_blk *tdb,
 1575                   struct rtw_txsoft *ts, int ndesc)
 1576 {
 1577         uint32_t hstat;
 1578         int data_retry, rts_retry, error;
 1579         struct rtw_txdesc *tdn;
 1580         const char *condstring;
 1581         struct ifnet *ifp = &sc->sc_if;
 1582 
 1583         tdb->tdb_nfree += ndesc;
 1584 
 1585         tdn = &tdb->tdb_desc[ts->ts_last];
 1586 
 1587         hstat = le32toh(tdn->td_stat);
 1588         rts_retry = __SHIFTOUT(hstat, RTW_TXSTAT_RTSRETRY_MASK);
 1589         data_retry = __SHIFTOUT(hstat, RTW_TXSTAT_DRC_MASK);
 1590 
 1591         ifp->if_collisions += rts_retry + data_retry;
 1592 
 1593         if ((hstat & RTW_TXSTAT_TOK) != 0) {
 1594                 condstring = "ok";
 1595                 error = 0;
 1596         } else {
 1597                 IFNET_STAT_INC(ifp, oerrors, 1);
 1598                 condstring = "error";
 1599                 error = 1;
 1600         }
 1601 
 1602         rtw_txsoft_release(sc->sc_txsoft_dmat, ts, data_retry, rts_retry,
 1603                            error, 1);
 1604 
 1605         DPRINTF(sc, RTW_DEBUG_XMIT_DESC,
 1606                 ("%s: ts %p txdesc[%d, %d] %s tries rts %u data %u\n",
 1607                  ifp->if_xname, ts, ts->ts_first, ts->ts_last,
 1608                  condstring, rts_retry, data_retry));
 1609 }
 1610 
 1611 static void
 1612 rtw_reset_oactive(struct rtw_softc *sc)
 1613 {
 1614         int pri;
 1615 #ifdef RTW_DEBUG
 1616         short oflags = sc->sc_if.if_flags;
 1617 #endif
 1618 
 1619         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 1620                 struct rtw_txsoft_blk *tsb = &sc->sc_txsoft_blk[pri];
 1621                 struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[pri];
 1622 
 1623                 if (!STAILQ_EMPTY(&tsb->tsb_freeq) && tdb->tdb_nfree > 0)
 1624                         ifq_clr_oactive(&sc->sc_if.if_snd);
 1625         }
 1626 
 1627 #ifdef RTW_DEBUG
 1628         if (oflags != sc->sc_if.if_flags) {
 1629                 DPRINTF(sc, RTW_DEBUG_OACTIVE,
 1630                         ("%s: reset OACTIVE\n", sc->sc_ic.ic_if.if_xname));
 1631         }
 1632 #endif
 1633 }
 1634 
 1635 /* Collect transmitted packets. */
 1636 static __inline void
 1637 rtw_collect_txring(struct rtw_softc *sc, struct rtw_txsoft_blk *tsb,
 1638                    struct rtw_txdesc_blk *tdb, int force)
 1639 {
 1640         struct rtw_txsoft *ts;
 1641         int ndesc;
 1642 
 1643         while ((ts = STAILQ_FIRST(&tsb->tsb_dirtyq)) != NULL) {
 1644                 ndesc = 1 + ts->ts_last - ts->ts_first;
 1645                 if (ts->ts_last < ts->ts_first)
 1646                         ndesc += tdb->tdb_ndesc;
 1647 
 1648                 KKASSERT(ndesc > 0);
 1649 
 1650                 bus_dmamap_sync(tdb->tdb_dmat, tdb->tdb_dmamap,
 1651                                 BUS_DMASYNC_POSTREAD);
 1652 
 1653                 if (force) {
 1654                         int i;
 1655 
 1656                         for (i = ts->ts_first; ; i = RTW_NEXT_IDX(tdb, i)) {
 1657                                 tdb->tdb_desc[i].td_stat &=
 1658                                         ~htole32(RTW_TXSTAT_OWN);
 1659                                 if (i == ts->ts_last)
 1660                                         break;
 1661                         }
 1662                         bus_dmamap_sync(tdb->tdb_dmat, tdb->tdb_dmamap,
 1663                                         BUS_DMASYNC_PREWRITE);
 1664                 } else if ((tdb->tdb_desc[ts->ts_last].td_stat &
 1665                             htole32(RTW_TXSTAT_OWN)) != 0) {
 1666                         break;
 1667                 }
 1668 
 1669                 rtw_collect_txpkt(sc, tdb, ts, ndesc);
 1670                 STAILQ_REMOVE_HEAD(&tsb->tsb_dirtyq, ts_q);
 1671                 STAILQ_INSERT_TAIL(&tsb->tsb_freeq, ts, ts_q);
 1672         }
 1673         /* no more pending transmissions, cancel watchdog */ 
 1674         if (ts == NULL)
 1675                 tsb->tsb_tx_timer = 0;
 1676         rtw_reset_oactive(sc);
 1677 }
 1678 
 1679 static void
 1680 rtw_intr_tx(struct rtw_softc *sc, uint16_t isr)
 1681 {
 1682         int pri;
 1683 
 1684         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 1685                 rtw_collect_txring(sc, &sc->sc_txsoft_blk[pri],
 1686                                    &sc->sc_txdesc_blk[pri], 0);
 1687         }
 1688         if (isr) {
 1689                 rtw_start(&sc->sc_ic.ic_if,
 1690                     ifq_get_subq_default(&sc->sc_ic.ic_if.if_snd));
 1691         }
 1692 }
 1693 
 1694 static __inline struct mbuf *
 1695 rtw_beacon_alloc(struct rtw_softc *sc, struct ieee80211_node *ni)
 1696 {
 1697         struct ieee80211com *ic = &sc->sc_ic;
 1698         struct ieee80211_beacon_offsets boff;
 1699         struct mbuf *m;
 1700 
 1701         m = ieee80211_beacon_alloc(ic, ni, &boff);
 1702         if (m != NULL) {
 1703                 RTW_DPRINTF(RTW_DEBUG_BEACON,
 1704                             ("%s: m %p len %u\n", ic->ic_if.if_xname, m,
 1705                              m->m_len));
 1706         }
 1707         return m;
 1708 }
 1709 
 1710 static void
 1711 rtw_intr_beacon(struct rtw_softc *sc, uint16_t isr)
 1712 {
 1713         struct ieee80211com *ic = &sc->sc_ic;
 1714         struct rtw_regs *regs = &sc->sc_regs;
 1715         struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[RTW_TXPRIBCN];
 1716         struct rtw_txsoft_blk *tsb = &sc->sc_txsoft_blk[RTW_TXPRIBCN];
 1717 
 1718 #ifdef RTW_DEBUG
 1719         uint32_t tsfth, tsftl;
 1720 
 1721         tsfth = RTW_READ(regs, RTW_TSFTRH);
 1722         tsftl = RTW_READ(regs, RTW_TSFTRL);
 1723 #endif
 1724 
 1725         if (isr & (RTW_INTR_TBDOK | RTW_INTR_TBDER)) {
 1726 #ifdef RTW_DEBUG
 1727                 int next = rtw_txring_next(regs, tdb);
 1728 #endif
 1729 
 1730                 RTW_DPRINTF(RTW_DEBUG_BEACON,
 1731                             ("%s: beacon ring %sprocessed, "
 1732                              "isr = %#04x, next %d expected %d, %llu\n",
 1733                              ic->ic_if.if_xname,
 1734                              (next == tdb->tdb_next) ? "" : "un",
 1735                              isr, next, tdb->tdb_next,
 1736                              (uint64_t)tsfth << 32 | tsftl));
 1737 
 1738                 if ((RTW_READ8(regs, RTW_TPPOLL) & RTW_TPPOLL_BQ) == 0){
 1739                         rtw_collect_txring(sc, tsb, tdb, 1);
 1740                         tdb->tdb_next = 0;
 1741                 }
 1742         }
 1743         /* Start beacon transmission. */
 1744 
 1745         if ((isr & RTW_INTR_BCNINT) && ic->ic_state == IEEE80211_S_RUN &&
 1746             STAILQ_EMPTY(&tsb->tsb_dirtyq)) {
 1747                 struct mbuf *m;
 1748 
 1749                 RTW_DPRINTF(RTW_DEBUG_BEACON,
 1750                             ("%s: beacon prep. time, isr = %#04x, %llu\n",
 1751                              ic->ic_if.if_xname, isr,
 1752                              (uint64_t)tsfth << 32 | tsftl));
 1753 
 1754                 m = rtw_beacon_alloc(sc, ic->ic_bss);
 1755                 if (m == NULL) {
 1756                         if_printf(&ic->ic_if, "could not allocate beacon\n");
 1757                         return;
 1758                 }
 1759 
 1760                 m->m_pkthdr.rcvif = (void *)ieee80211_ref_node(ic->ic_bss);
 1761 
 1762                 IF_ENQUEUE(&sc->sc_beaconq, m);
 1763 
 1764                 rtw_start(&ic->ic_if, ifq_get_subq_default(&ic->ic_if.if_snd));
 1765         }
 1766 }
 1767 
 1768 static void
 1769 rtw_intr_atim(struct rtw_softc *sc)
 1770 {
 1771         /* TBD */
 1772         return;
 1773 }
 1774 
 1775 #ifdef RTW_DEBUG
 1776 static void
 1777 rtw_dump_rings(struct rtw_softc *sc)
 1778 {
 1779         struct rtw_rxdesc_blk *rdb;
 1780         int desc, pri;
 1781 
 1782         if ((rtw_debug & RTW_DEBUG_IO_KICK) == 0)
 1783                 return;
 1784 
 1785         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 1786                 struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[pri];
 1787 
 1788                 if_printf(&sc->sc_ic.ic_if, "txpri %d ndesc %d nfree %d\n",
 1789                           pri, tdb->tdb_ndesc, tdb->tdb_nfree);
 1790                 for (desc = 0; desc < tdb->tdb_ndesc; desc++)
 1791                         rtw_print_txdesc(sc, ".", NULL, tdb, desc);
 1792         }
 1793 
 1794         rdb = &sc->sc_rxdesc_blk;
 1795 
 1796         for (desc = 0; desc < RTW_RXQLEN; desc++) {
 1797                 struct rtw_rxdesc *rd = &rdb->rdb_desc[desc];
 1798 
 1799                 if_printf(&sc->sc_ic.ic_if,
 1800                           "%sctl %08x rsvd0/rssi %08x buf/tsftl %08x "
 1801                           "rsvd1/tsfth %08x\n",
 1802                           (desc >= rdb->rdb_ndesc) ? "UNUSED " : "",
 1803                           le32toh(rd->rd_ctl), le32toh(rd->rd_rssi),
 1804                           le32toh(rd->rd_buf), le32toh(rd->rd_tsfth));
 1805         }
 1806 }
 1807 #endif /* RTW_DEBUG */
 1808 
 1809 static void
 1810 rtw_hwring_setup(struct rtw_softc *sc)
 1811 {
 1812         struct rtw_regs *regs = &sc->sc_regs;
 1813         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 1814         int pri;
 1815 
 1816         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 1817                 struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[pri];
 1818 
 1819                 RTW_WRITE(regs, tdb->tdb_basereg, tdb->tdb_base);
 1820                 RTW_DPRINTF(RTW_DEBUG_XMIT_DESC,
 1821                             ("%s: reg[tdb->tdb_basereg] <- %u\n",
 1822                              sc->sc_ic.ic_if.if_xname, tdb->tdb_base));
 1823         }
 1824 
 1825         RTW_WRITE(regs, RTW_RDSAR, rdb->rdb_base);
 1826         RTW_DPRINTF(RTW_DEBUG_RECV_DESC,
 1827                     ("%s: reg[RDSAR] <- %u\n", sc->sc_ic.ic_if.if_xname,
 1828                      rdb->rdb_base));
 1829 
 1830         RTW_SYNC(regs, RTW_TLPDA, RTW_RDSAR);
 1831 }
 1832 
 1833 static int
 1834 rtw_swring_setup(struct rtw_softc *sc)
 1835 {
 1836         int rc;
 1837 
 1838         rtw_txdesc_blk_init_all(sc);
 1839         rtw_txsoft_blk_init_all(sc);
 1840 
 1841         rc = rtw_rxsoft_blk_init_all(sc);
 1842         if (rc) {
 1843                 if_printf(&sc->sc_ic.ic_if, "could not allocate rx buffers\n");
 1844                 return rc;
 1845         }
 1846 
 1847         rtw_rxdesc_blk_init_all(sc);
 1848         sc->sc_rxdesc_blk.rdb_next = 0;
 1849         return 0;
 1850 }
 1851 
 1852 static int
 1853 rtw_txring_next(struct rtw_regs *regs, struct rtw_txdesc_blk *tdb)
 1854 {
 1855         return (le32toh(RTW_READ(regs, tdb->tdb_basereg)) - tdb->tdb_base) /
 1856                 sizeof(struct rtw_txdesc);
 1857 }
 1858 
 1859 static void
 1860 rtw_txring_fixup(struct rtw_softc *sc)
 1861 {
 1862         struct rtw_regs *regs = &sc->sc_regs;
 1863         int pri;
 1864 
 1865         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 1866                 struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[pri];
 1867                 int next;
 1868 
 1869                 next = rtw_txring_next(regs, tdb);
 1870                 if (tdb->tdb_next == next)
 1871                         continue;
 1872                 if_printf(&sc->sc_ic.ic_if,
 1873                           "tx-ring %d expected next %d, read %d\n",
 1874                           pri, tdb->tdb_next, next);
 1875                 tdb->tdb_next = MIN(next, tdb->tdb_ndesc - 1);
 1876         }
 1877 }
 1878 
 1879 static void
 1880 rtw_rxring_fixup(struct rtw_softc *sc)
 1881 {
 1882         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 1883         uint32_t rdsar;
 1884         int next;
 1885 
 1886         rdsar = le32toh(RTW_READ(&sc->sc_regs, RTW_RDSAR));
 1887         next = (rdsar - rdb->rdb_base) / sizeof(struct rtw_rxdesc);
 1888 
 1889         if (rdb->rdb_next != next) {
 1890                 if_printf(&sc->sc_ic.ic_if,
 1891                           "rx-ring expected next %d, read %d\n",
 1892                           rdb->rdb_next, next);
 1893                 rdb->rdb_next = MIN(next, rdb->rdb_ndesc - 1);
 1894         }
 1895 }
 1896 
 1897 static void
 1898 rtw_txdesc_blk_reset_all(struct rtw_softc *sc)
 1899 {
 1900         int pri;
 1901 
 1902         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 1903                 rtw_collect_txring(sc, &sc->sc_txsoft_blk[pri],
 1904                                    &sc->sc_txdesc_blk[pri], 1);
 1905         }
 1906 }
 1907 
 1908 static void
 1909 rtw_intr_ioerror(struct rtw_softc *sc, uint16_t isr)
 1910 {
 1911         struct rtw_regs *regs = &sc->sc_regs;
 1912         int xmtr = 0, rcvr = 0;
 1913         uint8_t cr = 0;
 1914 
 1915         if (isr & RTW_INTR_TXFOVW) {
 1916                 if_printf(&sc->sc_ic.ic_if, "tx fifo underflow\n");
 1917                 rcvr = xmtr = 1;
 1918                 cr |= RTW_CR_TE | RTW_CR_RE;
 1919         }
 1920 
 1921         if (isr & (RTW_INTR_RDU | RTW_INTR_RXFOVW)) {
 1922                 cr |= RTW_CR_RE;
 1923                 rcvr = 1;
 1924         }
 1925 
 1926         RTW_DPRINTF(RTW_DEBUG_BUGS,
 1927                     ("%s: restarting xmit/recv, isr %04x\n",
 1928                      sc->sc_ic.ic_if.if_xname, isr));
 1929 
 1930 #ifdef RTW_DEBUG
 1931         rtw_dump_rings(sc);
 1932 #endif /* RTW_DEBUG */
 1933 
 1934         rtw_io_enable(sc, cr, 0);
 1935 
 1936         /* Collect rx'd packets.  Refresh rx buffers. */
 1937         if (rcvr)
 1938                 rtw_intr_rx(sc, 0);
 1939 
 1940         /*
 1941          * Collect tx'd packets.
 1942          * XXX let's hope this stops the transmit timeouts.
 1943          */
 1944         if (xmtr)
 1945                 rtw_txdesc_blk_reset_all(sc);
 1946 
 1947         RTW_WRITE16(regs, RTW_IMR, 0);
 1948         RTW_SYNC(regs, RTW_IMR, RTW_IMR);
 1949 
 1950         if (rtw_do_chip_reset) {
 1951                 rtw_chip_reset1(sc);
 1952                 rtw_wep_setkeys(sc);
 1953         }
 1954 
 1955         rtw_rxdesc_blk_init_all(sc);
 1956 
 1957 #ifdef RTW_DEBUG
 1958         rtw_dump_rings(sc);
 1959 #endif /* RTW_DEBUG */
 1960 
 1961         RTW_WRITE16(regs, RTW_IMR, sc->sc_inten);
 1962         RTW_SYNC(regs, RTW_IMR, RTW_IMR);
 1963 
 1964         if (rcvr)
 1965                 rtw_rxring_fixup(sc);
 1966 
 1967         rtw_io_enable(sc, cr, 1);
 1968 
 1969         if (xmtr)
 1970                 rtw_txring_fixup(sc);
 1971 }
 1972 
 1973 static __inline void
 1974 rtw_suspend_ticks(struct rtw_softc *sc)
 1975 {
 1976         RTW_DPRINTF(RTW_DEBUG_TIMEOUT,
 1977                     ("%s: suspending ticks\n", sc->sc_ic.ic_if.if_xname));
 1978         sc->sc_do_tick = 0;
 1979 }
 1980 
 1981 static void
 1982 rtw_resume_ticks(struct rtw_softc *sc)
 1983 {
 1984         uint32_t tsftrl0, tsftrl1, next_tick;
 1985         struct rtw_regs *regs = &sc->sc_regs;
 1986 
 1987         tsftrl0 = RTW_READ(regs, RTW_TSFTRL);
 1988 
 1989         tsftrl1 = RTW_READ(regs, RTW_TSFTRL);
 1990         next_tick = tsftrl1 + 1000000;
 1991         RTW_WRITE(regs, RTW_TINT, next_tick);
 1992 
 1993         sc->sc_do_tick = 1;
 1994 
 1995         RTW_DPRINTF(RTW_DEBUG_TIMEOUT,
 1996                     ("%s: resume ticks delta %#08x now %#08x next %#08x\n",
 1997                      sc->sc_ic.ic_if.if_xname, tsftrl1 - tsftrl0, tsftrl1,
 1998                      next_tick));
 1999 }
 2000 
 2001 static void
 2002 rtw_intr_timeout(struct rtw_softc *sc)
 2003 {
 2004         RTW_DPRINTF(RTW_DEBUG_TIMEOUT,
 2005                     ("%s: timeout\n", sc->sc_ic.ic_if.if_xname));
 2006         if (sc->sc_do_tick)
 2007                 rtw_resume_ticks(sc);
 2008 }
 2009 
 2010 static void
 2011 rtw_intr(void *arg)
 2012 {
 2013         struct rtw_softc *sc = arg;
 2014         struct rtw_regs *regs = &sc->sc_regs;
 2015         struct ifnet *ifp = &sc->sc_if;
 2016         int i;
 2017 
 2018         /*
 2019          * If the interface isn't running, the interrupt couldn't
 2020          * possibly have come from us.
 2021          */
 2022         if ((sc->sc_flags & RTW_F_ENABLED) == 0 ||
 2023             (ifp->if_flags & IFF_RUNNING) == 0) {
 2024                 RTW_DPRINTF(RTW_DEBUG_INTR,
 2025                             ("%s: stray interrupt\n", ifp->if_xname));
 2026                 return;
 2027         }
 2028 
 2029         for (i = 0; i < 10; i++) {
 2030                 uint16_t isr;
 2031 
 2032                 isr = RTW_READ16(regs, RTW_ISR);
 2033 
 2034                 RTW_WRITE16(regs, RTW_ISR, isr);
 2035                 RTW_WBR(regs, RTW_ISR, RTW_ISR);
 2036 
 2037                 if (sc->sc_intr_ack != NULL)
 2038                         sc->sc_intr_ack(regs);
 2039 
 2040                 if (isr == 0)
 2041                         break;
 2042 
 2043 #ifdef RTW_DEBUG
 2044 #define PRINTINTR(flag) do { \
 2045         if ((isr & flag) != 0) { \
 2046                 kprintf("%s" #flag, delim); \
 2047                 delim = ","; \
 2048         } \
 2049 } while (0)
 2050 
 2051                 if ((rtw_debug & RTW_DEBUG_INTR) != 0 && isr != 0) {
 2052                         const char *delim = "<";
 2053 
 2054                         if_printf(ifp, "reg[ISR] = %x", isr);
 2055 
 2056                         PRINTINTR(RTW_INTR_TXFOVW);
 2057                         PRINTINTR(RTW_INTR_TIMEOUT);
 2058                         PRINTINTR(RTW_INTR_BCNINT);
 2059                         PRINTINTR(RTW_INTR_ATIMINT);
 2060                         PRINTINTR(RTW_INTR_TBDER);
 2061                         PRINTINTR(RTW_INTR_TBDOK);
 2062                         PRINTINTR(RTW_INTR_THPDER);
 2063                         PRINTINTR(RTW_INTR_THPDOK);
 2064                         PRINTINTR(RTW_INTR_TNPDER);
 2065                         PRINTINTR(RTW_INTR_TNPDOK);
 2066                         PRINTINTR(RTW_INTR_RXFOVW);
 2067                         PRINTINTR(RTW_INTR_RDU);
 2068                         PRINTINTR(RTW_INTR_TLPDER);
 2069                         PRINTINTR(RTW_INTR_TLPDOK);
 2070                         PRINTINTR(RTW_INTR_RER);
 2071                         PRINTINTR(RTW_INTR_ROK);
 2072 
 2073                         kprintf(">\n");
 2074                 }
 2075 #undef PRINTINTR
 2076 #endif /* RTW_DEBUG */
 2077 
 2078                 if (isr & RTW_INTR_RX)
 2079                         rtw_intr_rx(sc, isr & RTW_INTR_RX);
 2080                 if (isr & RTW_INTR_TX)
 2081                         rtw_intr_tx(sc, isr & RTW_INTR_TX);
 2082                 if (isr & RTW_INTR_BEACON)
 2083                         rtw_intr_beacon(sc, isr & RTW_INTR_BEACON);
 2084                 if (isr & RTW_INTR_ATIMINT)
 2085                         rtw_intr_atim(sc);
 2086                 if (isr & RTW_INTR_IOERROR)
 2087                         rtw_intr_ioerror(sc, isr & RTW_INTR_IOERROR);
 2088                 if (isr & RTW_INTR_TIMEOUT)
 2089                         rtw_intr_timeout(sc);
 2090         }
 2091 }
 2092 
 2093 /* Must be called at splnet. */
 2094 void
 2095 rtw_stop(struct rtw_softc *sc, int disable)
 2096 {
 2097         struct ieee80211com *ic = &sc->sc_ic;
 2098         struct ifnet *ifp = &ic->ic_if;
 2099         struct rtw_regs *regs = &sc->sc_regs;
 2100         int i;
 2101 
 2102         if ((sc->sc_flags & RTW_F_ENABLED) == 0)
 2103                 return;
 2104 
 2105         rtw_suspend_ticks(sc);
 2106 
 2107         ieee80211_new_state(ic, IEEE80211_S_INIT, -1);
 2108 
 2109         if ((sc->sc_flags & RTW_F_INVALID) == 0) {
 2110                 /* Disable interrupts. */
 2111                 RTW_WRITE16(regs, RTW_IMR, 0);
 2112 
 2113                 RTW_WBW(regs, RTW_TPPOLL, RTW_IMR);
 2114 
 2115                 /*
 2116                  * Stop the transmit and receive processes. First stop DMA,
 2117                  * then disable receiver and transmitter.
 2118                  */
 2119                 RTW_WRITE8(regs, RTW_TPPOLL, RTW_TPPOLL_SALL);
 2120 
 2121                 RTW_SYNC(regs, RTW_TPPOLL, RTW_IMR);
 2122 
 2123                 rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE, 0);
 2124         }
 2125 
 2126         /* Free pending TX mbufs */
 2127         for (i = 0; i < RTW_NTXPRI; ++i) {
 2128                 struct rtw_txsoft_blk *tsb = &sc->sc_txsoft_blk[i];
 2129                 struct rtw_txsoft *ts;
 2130 
 2131                 while ((ts = STAILQ_FIRST(&tsb->tsb_dirtyq)) != NULL) {
 2132                         rtw_txsoft_release(sc->sc_txsoft_dmat, ts, 0, 0, 0, 0);
 2133                         STAILQ_REMOVE_HEAD(&tsb->tsb_dirtyq, ts_q);
 2134                         STAILQ_INSERT_TAIL(&tsb->tsb_freeq, ts, ts_q);
 2135                 }
 2136                 tsb->tsb_tx_timer = 0;
 2137         }
 2138 
 2139         /* Free pending RX mbufs */
 2140         for (i = 0; i < RTW_RXQLEN; i++) {
 2141                 struct rtw_rxsoft *rs = &sc->sc_rxsoft[i];
 2142 
 2143                 if (rs->rs_mbuf != NULL) {
 2144                         bus_dmamap_sync(sc->sc_rxsoft_dmat, rs->rs_dmamap,
 2145                                         BUS_DMASYNC_POSTREAD);
 2146                         bus_dmamap_unload(sc->sc_rxsoft_dmat, rs->rs_dmamap);
 2147                         m_freem(rs->rs_mbuf);
 2148                         rs->rs_mbuf = NULL;
 2149                 }
 2150         }
 2151 
 2152         if (disable)
 2153                 rtw_disable(sc);
 2154 
 2155         /* Mark the interface as not running.  Cancel the watchdog timer. */
 2156         ifp->if_flags &= ~IFF_RUNNING;
 2157         ifq_clr_oactive(&ifp->if_snd);
 2158         ifp->if_timer = 0;
 2159 }
 2160 
 2161 #ifdef RTW_DEBUG
 2162 const char *
 2163 rtw_pwrstate_string(enum rtw_pwrstate power)
 2164 {
 2165         switch (power) {
 2166         case RTW_ON:
 2167                 return "on";
 2168         case RTW_SLEEP:
 2169                 return "sleep";
 2170         case RTW_OFF:
 2171                 return "off";
 2172         default:
 2173                 return "unknown";
 2174         }
 2175 }
 2176 #endif  /* RTW_DEBUG */
 2177 
 2178 /*
 2179  * XXX For Maxim, I am using the RFMD settings gleaned from the
 2180  * reference driver, plus a magic Maxim "ON" value that comes from
 2181  * the Realtek document "Windows PG for Rtl8180."
 2182  */
 2183 static void
 2184 rtw_maxim_pwrstate(struct rtw_regs *regs, enum rtw_pwrstate power,
 2185                    int before_rf, int digphy)
 2186 {
 2187         uint32_t anaparm;
 2188 
 2189         anaparm = RTW_READ(regs, RTW_ANAPARM);
 2190         anaparm &= ~(RTW_ANAPARM_RFPOW_MASK | RTW_ANAPARM_TXDACOFF);
 2191 
 2192         switch (power) {
 2193         case RTW_OFF:
 2194                 if (before_rf)
 2195                         return;
 2196                 anaparm |= RTW_ANAPARM_RFPOW_MAXIM_OFF;
 2197                 anaparm |= RTW_ANAPARM_TXDACOFF;
 2198                 break;
 2199         case RTW_SLEEP:
 2200                 if (!before_rf)
 2201                         return;
 2202                 anaparm |= RTW_ANAPARM_RFPOW_MAXIM_SLEEP;
 2203                 anaparm |= RTW_ANAPARM_TXDACOFF;
 2204                 break;
 2205         case RTW_ON:
 2206                 if (!before_rf)
 2207                         return;
 2208                 anaparm |= RTW_ANAPARM_RFPOW_MAXIM_ON;
 2209                 break;
 2210         }
 2211         RTW_DPRINTF(RTW_DEBUG_PWR,
 2212             ("%s: power state %s, %s RF, reg[ANAPARM] <- %08x\n",
 2213             __func__, rtw_pwrstate_string(power),
 2214             (before_rf) ? "before" : "after", anaparm));
 2215 
 2216         RTW_WRITE(regs, RTW_ANAPARM, anaparm);
 2217         RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
 2218 }
 2219 
 2220 /* XXX I am using the RFMD settings gleaned from the reference
 2221  * driver.  They agree
 2222  */
 2223 static void
 2224 rtw_rfmd_pwrstate(struct rtw_regs *regs, enum rtw_pwrstate power,
 2225                   int before_rf, int digphy)
 2226 {
 2227         uint32_t anaparm;
 2228 
 2229         anaparm = RTW_READ(regs, RTW_ANAPARM);
 2230         anaparm &= ~(RTW_ANAPARM_RFPOW_MASK | RTW_ANAPARM_TXDACOFF);
 2231 
 2232         switch (power) {
 2233         case RTW_OFF:
 2234                 if (before_rf)
 2235                         return;
 2236                 anaparm |= RTW_ANAPARM_RFPOW_RFMD_OFF;
 2237                 anaparm |= RTW_ANAPARM_TXDACOFF;
 2238                 break;
 2239         case RTW_SLEEP:
 2240                 if (!before_rf)
 2241                         return;
 2242                 anaparm |= RTW_ANAPARM_RFPOW_RFMD_SLEEP;
 2243                 anaparm |= RTW_ANAPARM_TXDACOFF;
 2244                 break;
 2245         case RTW_ON:
 2246                 if (!before_rf)
 2247                         return;
 2248                 anaparm |= RTW_ANAPARM_RFPOW_RFMD_ON;
 2249                 break;
 2250         }
 2251         RTW_DPRINTF(RTW_DEBUG_PWR,
 2252             ("%s: power state %s, %s RF, reg[ANAPARM] <- %08x\n",
 2253             __func__, rtw_pwrstate_string(power),
 2254             (before_rf) ? "before" : "after", anaparm));
 2255 
 2256         RTW_WRITE(regs, RTW_ANAPARM, anaparm);
 2257         RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
 2258 }
 2259 
 2260 static void
 2261 rtw_philips_pwrstate(struct rtw_regs *regs, enum rtw_pwrstate power,
 2262                      int before_rf, int digphy)
 2263 {
 2264         uint32_t anaparm;
 2265 
 2266         anaparm = RTW_READ(regs, RTW_ANAPARM);
 2267         anaparm &= ~(RTW_ANAPARM_RFPOW_MASK | RTW_ANAPARM_TXDACOFF);
 2268 
 2269         switch (power) {
 2270         case RTW_OFF:
 2271                 if (before_rf)
 2272                         return;
 2273                 anaparm |= RTW_ANAPARM_RFPOW_PHILIPS_OFF;
 2274                 anaparm |= RTW_ANAPARM_TXDACOFF;
 2275                 break;
 2276         case RTW_SLEEP:
 2277                 if (!before_rf)
 2278                         return;
 2279                 anaparm |= RTW_ANAPARM_RFPOW_PHILIPS_SLEEP;
 2280                 anaparm |= RTW_ANAPARM_TXDACOFF;
 2281                 break;
 2282         case RTW_ON:
 2283                 if (!before_rf)
 2284                         return;
 2285                 if (digphy) {
 2286                         anaparm |= RTW_ANAPARM_RFPOW_DIG_PHILIPS_ON;
 2287                         /* XXX guess */
 2288                         anaparm |= RTW_ANAPARM_TXDACOFF;
 2289                 } else
 2290                         anaparm |= RTW_ANAPARM_RFPOW_ANA_PHILIPS_ON;
 2291                 break;
 2292         }
 2293         RTW_DPRINTF(RTW_DEBUG_PWR,
 2294             ("%s: power state %s, %s RF, reg[ANAPARM] <- %08x\n",
 2295             __func__, rtw_pwrstate_string(power),
 2296             (before_rf) ? "before" : "after", anaparm));
 2297 
 2298         RTW_WRITE(regs, RTW_ANAPARM, anaparm);
 2299         RTW_SYNC(regs, RTW_ANAPARM, RTW_ANAPARM);
 2300 }
 2301 
 2302 static __inline void
 2303 rtw_pwrstate0(struct rtw_softc *sc, enum rtw_pwrstate power, int before_rf,
 2304               int digphy)
 2305 {
 2306         rtw_set_access(sc, RTW_ACCESS_ANAPARM);
 2307         sc->sc_pwrstate_cb(&sc->sc_regs, power, before_rf, digphy);
 2308         rtw_set_access(sc, RTW_ACCESS_NONE);
 2309 }
 2310 
 2311 static int
 2312 rtw_pwrstate(struct rtw_softc *sc, enum rtw_pwrstate power)
 2313 {
 2314         int rc;
 2315 
 2316         RTW_DPRINTF(RTW_DEBUG_PWR,
 2317                     ("%s: %s->%s\n", sc->sc_ic.ic_if.if_xname,
 2318                     rtw_pwrstate_string(sc->sc_pwrstate),
 2319                     rtw_pwrstate_string(power)));
 2320 
 2321         if (sc->sc_pwrstate == power)
 2322                 return 0;
 2323 
 2324         rtw_pwrstate0(sc, power, 1, sc->sc_flags & RTW_F_DIGPHY);
 2325         rc = rtw_rf_pwrstate(sc->sc_rf, power);
 2326         rtw_pwrstate0(sc, power, 0, sc->sc_flags & RTW_F_DIGPHY);
 2327 
 2328         switch (power) {
 2329         case RTW_ON:
 2330                 /* TBD set LEDs */
 2331                 break;
 2332         case RTW_SLEEP:
 2333                 /* TBD */
 2334                 break;
 2335         case RTW_OFF:
 2336                 /* TBD */
 2337                 break;
 2338         }
 2339         if (rc == 0)
 2340                 sc->sc_pwrstate = power;
 2341         else
 2342                 sc->sc_pwrstate = RTW_OFF;
 2343         return rc;
 2344 }
 2345 
 2346 static int
 2347 rtw_tune(struct rtw_softc *sc)
 2348 {
 2349         struct ieee80211com *ic = &sc->sc_ic;
 2350         struct rtw_tx_radiotap_header *rt = &sc->sc_txtap;
 2351         struct rtw_rx_radiotap_header *rr = &sc->sc_rxtap;
 2352         u_int chan;
 2353         int rc, antdiv, dflantb;
 2354 
 2355         antdiv = sc->sc_flags & RTW_F_ANTDIV;
 2356         dflantb = sc->sc_flags & RTW_F_DFLANTB;
 2357 
 2358         chan = ieee80211_chan2ieee(ic, ic->ic_curchan);
 2359         if (chan == IEEE80211_CHAN_ANY)
 2360                 panic("%s: chan == IEEE80211_CHAN_ANY", ic->ic_if.if_xname);
 2361 
 2362         rt->rt_chan_freq = htole16(ic->ic_curchan->ic_freq);
 2363         rt->rt_chan_flags = htole16(ic->ic_curchan->ic_flags);
 2364 
 2365         rr->rr_chan_freq = htole16(ic->ic_curchan->ic_freq);
 2366         rr->rr_chan_flags = htole16(ic->ic_curchan->ic_flags);
 2367 
 2368         if (chan == sc->sc_cur_chan) {
 2369                 RTW_DPRINTF(RTW_DEBUG_TUNE,
 2370                             ("%s: already tuned chan #%d\n",
 2371                              ic->ic_if.if_xname, chan));
 2372                 return 0;
 2373         }
 2374 
 2375         rtw_suspend_ticks(sc);
 2376 
 2377         rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE, 0);
 2378 
 2379         /* TBD wait for Tx to complete */
 2380 
 2381         KKASSERT((sc->sc_flags & RTW_F_ENABLED) != 0);
 2382 
 2383         rc = rtw_phy_init(&sc->sc_regs, sc->sc_rf,
 2384                           rtw_chan2txpower(&sc->sc_srom, ic, ic->ic_curchan),
 2385                           sc->sc_csthr, ic->ic_curchan->ic_freq, antdiv,
 2386                           dflantb, RTW_ON);
 2387         if (rc != 0) {
 2388                 /* XXX condition on powersaving */
 2389                 kprintf("%s: phy init failed\n", ic->ic_if.if_xname);
 2390         }
 2391 
 2392         sc->sc_cur_chan = chan;
 2393 
 2394         rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE, 1);
 2395 
 2396         rtw_resume_ticks(sc);
 2397 
 2398         return rc;
 2399 }
 2400 
 2401 static void
 2402 rtw_disable(struct rtw_softc *sc)
 2403 {
 2404         int rc;
 2405 
 2406         if ((sc->sc_flags & RTW_F_ENABLED) == 0)
 2407                 return;
 2408 
 2409         /* turn off PHY */
 2410         if ((sc->sc_flags & RTW_F_INVALID) == 0 &&
 2411             (rc = rtw_pwrstate(sc, RTW_OFF)) != 0)
 2412                 if_printf(&sc->sc_ic.ic_if, "failed to turn off PHY\n");
 2413 
 2414         sc->sc_flags &= ~RTW_F_ENABLED;
 2415 }
 2416 
 2417 static int
 2418 rtw_enable(struct rtw_softc *sc)
 2419 {
 2420         if ((sc->sc_flags & RTW_F_ENABLED) == 0) {
 2421                 sc->sc_flags |= RTW_F_ENABLED;
 2422                 /*
 2423                  * Power may have been removed, and WEP keys thus reset.
 2424                  */
 2425                 sc->sc_flags &= ~RTW_F_DK_VALID;
 2426         }
 2427         return (0);
 2428 }
 2429 
 2430 static void
 2431 rtw_transmit_config(struct rtw_regs *regs)
 2432 {
 2433         uint32_t tcr;
 2434 
 2435         tcr = RTW_READ(regs, RTW_TCR);
 2436 
 2437         tcr |= RTW_TCR_CWMIN;
 2438         tcr &= ~RTW_TCR_MXDMA_MASK;
 2439         tcr |= RTW_TCR_MXDMA_256;
 2440         tcr |= RTW_TCR_SAT;             /* send ACK as fast as possible */
 2441         tcr &= ~RTW_TCR_LBK_MASK;
 2442         tcr |= RTW_TCR_LBK_NORMAL;      /* normal operating mode */
 2443 
 2444         /* set short/long retry limits */
 2445         tcr &= ~(RTW_TCR_SRL_MASK|RTW_TCR_LRL_MASK);
 2446         tcr |= __SHIFTIN(4, RTW_TCR_SRL_MASK) | __SHIFTIN(4, RTW_TCR_LRL_MASK);
 2447 
 2448         tcr &= ~RTW_TCR_CRC;    /* NIC appends CRC32 */
 2449 
 2450         RTW_WRITE(regs, RTW_TCR, tcr);
 2451         RTW_SYNC(regs, RTW_TCR, RTW_TCR);
 2452 }
 2453 
 2454 static void
 2455 rtw_enable_interrupts(struct rtw_softc *sc)
 2456 {
 2457         struct rtw_regs *regs = &sc->sc_regs;
 2458 
 2459         sc->sc_inten = RTW_INTR_RX|RTW_INTR_TX|RTW_INTR_BEACON|RTW_INTR_ATIMINT;
 2460         sc->sc_inten |= RTW_INTR_IOERROR|RTW_INTR_TIMEOUT;
 2461 
 2462         RTW_WRITE16(regs, RTW_IMR, sc->sc_inten);
 2463         RTW_WBW(regs, RTW_IMR, RTW_ISR);
 2464         RTW_WRITE16(regs, RTW_ISR, 0xffff);
 2465         RTW_SYNC(regs, RTW_IMR, RTW_ISR);
 2466 
 2467         /* XXX necessary? */
 2468         if (sc->sc_intr_ack != NULL)
 2469                 sc->sc_intr_ack(regs);
 2470 }
 2471 
 2472 static void
 2473 rtw_set_nettype(struct rtw_softc *sc, enum ieee80211_opmode opmode)
 2474 {
 2475         struct rtw_regs *regs = &sc->sc_regs;
 2476         uint8_t msr;
 2477 
 2478         /* I'm guessing that MSR is protected as CONFIG[0123] are. */
 2479         rtw_set_access(sc, RTW_ACCESS_CONFIG);
 2480 
 2481         msr = RTW_READ8(regs, RTW_MSR) & ~RTW_MSR_NETYPE_MASK;
 2482 
 2483         switch (opmode) {
 2484         case IEEE80211_M_AHDEMO:
 2485         case IEEE80211_M_IBSS:
 2486                 msr |= RTW_MSR_NETYPE_ADHOC_OK;
 2487                 break;
 2488         case IEEE80211_M_HOSTAP:
 2489                 msr |= RTW_MSR_NETYPE_AP_OK;
 2490                 break;
 2491         case IEEE80211_M_MONITOR:
 2492                 /* XXX */
 2493                 msr |= RTW_MSR_NETYPE_NOLINK;
 2494                 break;
 2495         case IEEE80211_M_STA:
 2496                 msr |= RTW_MSR_NETYPE_INFRA_OK;
 2497                 break;
 2498         }
 2499         RTW_WRITE8(regs, RTW_MSR, msr);
 2500 
 2501         rtw_set_access(sc, RTW_ACCESS_NONE);
 2502 }
 2503 
 2504 #define rtw_calchash(addr) \
 2505         (ether_crc32_be((addr), IEEE80211_ADDR_LEN) >> 26)
 2506 
 2507 static void
 2508 rtw_pktfilt_load(struct rtw_softc *sc)
 2509 {
 2510         struct rtw_regs *regs = &sc->sc_regs;
 2511         struct ieee80211com *ic = &sc->sc_ic;
 2512         struct ifnet *ifp = &ic->ic_if;
 2513         struct ifmultiaddr *ifma;
 2514         uint32_t hashes[2] = { 0, 0 };
 2515         int hash;
 2516 
 2517         /* XXX might be necessary to stop Rx/Tx engines while setting filters */
 2518 
 2519         sc->sc_rcr &= ~RTW_RCR_PKTFILTER_MASK;
 2520         sc->sc_rcr &= ~(RTW_RCR_MXDMA_MASK | RTW_RCR_RXFTH_MASK);
 2521 
 2522         sc->sc_rcr |= RTW_RCR_PKTFILTER_DEFAULT;
 2523         /* MAC auto-reset PHY (huh?) */
 2524         sc->sc_rcr |= RTW_RCR_ENMARP;
 2525         /* DMA whole Rx packets, only.  Set Tx DMA burst size to 1024 bytes. */
 2526         sc->sc_rcr |= RTW_RCR_MXDMA_1024 | RTW_RCR_RXFTH_WHOLE;
 2527 
 2528         switch (ic->ic_opmode) {
 2529         case IEEE80211_M_MONITOR:
 2530                 sc->sc_rcr |= RTW_RCR_MONITOR;
 2531                 break;
 2532         case IEEE80211_M_AHDEMO:
 2533         case IEEE80211_M_IBSS:
 2534                 /* receive broadcasts in our BSS */
 2535                 sc->sc_rcr |= RTW_RCR_ADD3;
 2536                 break;
 2537         default:
 2538                 break;
 2539         }
 2540 
 2541         ifp->if_flags &= ~IFF_ALLMULTI;
 2542 
 2543         /* XXX accept all broadcast if scanning */
 2544         if ((ifp->if_flags & IFF_BROADCAST) != 0)
 2545                 sc->sc_rcr |= RTW_RCR_AB;       /* accept all broadcast */
 2546 
 2547         if (ifp->if_flags & IFF_PROMISC) {
 2548                 sc->sc_rcr |= RTW_RCR_AB;       /* accept all broadcast */
 2549 allmulti:
 2550                 ifp->if_flags |= IFF_ALLMULTI;
 2551                 goto setit;
 2552         }
 2553 
 2554         /*
 2555          * Program the 64-bit multicast hash filter.
 2556          */
 2557         TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
 2558                 if (ifma->ifma_addr->sa_family != AF_LINK)
 2559                         continue;
 2560 
 2561                 hash = rtw_calchash(
 2562                         LLADDR((struct sockaddr_dl *)ifma->ifma_addr));
 2563                 hashes[hash >> 5] |= (1 << (hash & 0x1f));
 2564                 sc->sc_rcr |= RTW_RCR_AM;
 2565         }
 2566 
 2567         /* all bits set => hash is useless */
 2568         if (~(hashes[0] & hashes[1]) == 0)
 2569                 goto allmulti;
 2570 
 2571 setit:
 2572         if (ifp->if_flags & IFF_ALLMULTI) {
 2573                 sc->sc_rcr |= RTW_RCR_AM;       /* accept all multicast */
 2574                 hashes[0] = hashes[1] = 0xffffffff;
 2575         }
 2576 
 2577         RTW_WRITE(regs, RTW_MAR0, hashes[0]);
 2578         RTW_WRITE(regs, RTW_MAR1, hashes[1]);
 2579         RTW_WRITE(regs, RTW_RCR, sc->sc_rcr);
 2580         RTW_SYNC(regs, RTW_MAR0, RTW_RCR); /* RTW_MAR0 < RTW_MAR1 < RTW_RCR */
 2581 
 2582         DPRINTF(sc, RTW_DEBUG_PKTFILT,
 2583                 ("%s: RTW_MAR0 %08x RTW_MAR1 %08x RTW_RCR %08x\n",
 2584                  ifp->if_xname, RTW_READ(regs, RTW_MAR0),
 2585                  RTW_READ(regs, RTW_MAR1), RTW_READ(regs, RTW_RCR)));
 2586 }
 2587 
 2588 /* Must be called at splnet. */
 2589 static void
 2590 rtw_init(void *xsc)
 2591 {
 2592         struct rtw_softc *sc = xsc;
 2593         struct ieee80211com *ic = &sc->sc_ic;
 2594         struct ifnet *ifp = &ic->ic_if;
 2595         struct rtw_regs *regs = &sc->sc_regs;
 2596         int rc = 0;
 2597 
 2598         rc = rtw_enable(sc);
 2599         if (rc)
 2600                 goto out;
 2601 
 2602         /* Cancel pending I/O and reset. */
 2603         rtw_stop(sc, 0);
 2604 
 2605         DPRINTF(sc, RTW_DEBUG_TUNE,
 2606                 ("%s: channel %d freq %d flags 0x%04x\n", ifp->if_xname,
 2607                 ieee80211_chan2ieee(ic, ic->ic_curchan),
 2608                 ic->ic_curchan->ic_freq, ic->ic_curchan->ic_flags));
 2609 
 2610         rc = rtw_pwrstate(sc, RTW_OFF);
 2611         if (rc)
 2612                 goto out;
 2613 
 2614         rc = rtw_swring_setup(sc);
 2615         if (rc)
 2616                 goto out;
 2617 
 2618         rtw_transmit_config(regs);
 2619 
 2620         rtw_set_access(sc, RTW_ACCESS_CONFIG);
 2621 
 2622         RTW_WRITE8(regs, RTW_MSR, 0x0); /* no link */
 2623         RTW_WBW(regs, RTW_MSR, RTW_BRSR);
 2624 
 2625         /* long PLCP header, 1Mb/2Mb basic rate */
 2626         RTW_WRITE16(regs, RTW_BRSR, RTW_BRSR_MBR8180_2MBPS);
 2627         RTW_SYNC(regs, RTW_BRSR, RTW_BRSR);
 2628 
 2629         rtw_set_access(sc, RTW_ACCESS_ANAPARM);
 2630         rtw_set_access(sc, RTW_ACCESS_NONE);
 2631 
 2632         /* XXX from reference sources */
 2633         RTW_WRITE(regs, RTW_FEMR, 0xffff);
 2634         RTW_SYNC(regs, RTW_FEMR, RTW_FEMR);
 2635 
 2636         rtw_set_rfprog(sc);
 2637 
 2638         RTW_WRITE8(regs, RTW_PHYDELAY, sc->sc_phydelay);
 2639         /* from Linux driver */
 2640         RTW_WRITE8(regs, RTW_CRCOUNT, RTW_CRCOUNT_MAGIC);
 2641 
 2642         RTW_SYNC(regs, RTW_PHYDELAY, RTW_CRCOUNT);
 2643 
 2644         rtw_enable_interrupts(sc);
 2645 
 2646         rtw_pktfilt_load(sc);
 2647 
 2648         rtw_hwring_setup(sc);
 2649 
 2650         rtw_wep_setkeys(sc);
 2651 
 2652         rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE, 1);
 2653 
 2654         ifp->if_flags |= IFF_RUNNING;
 2655         ic->ic_state = IEEE80211_S_INIT;
 2656 
 2657         RTW_WRITE16(regs, RTW_BSSID16, 0x0);
 2658         RTW_WRITE(regs, RTW_BSSID32, 0x0);
 2659 
 2660         rtw_resume_ticks(sc);
 2661 
 2662         rtw_set_nettype(sc, IEEE80211_M_MONITOR);
 2663 
 2664         if (ic->ic_opmode == IEEE80211_M_MONITOR)
 2665                 ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
 2666         else
 2667                 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
 2668 
 2669 out:
 2670         if (rc)
 2671                 if_printf(ifp, "interface not running\n");
 2672 }
 2673 
 2674 static void
 2675 rtw_led_init(struct rtw_softc *sc)
 2676 {
 2677         struct rtw_regs *regs = &sc->sc_regs;
 2678         uint8_t cfg0, cfg1;
 2679 
 2680         rtw_set_access(sc, RTW_ACCESS_CONFIG);
 2681 
 2682         cfg0 = RTW_READ8(regs, RTW_CONFIG0);
 2683         cfg0 |= RTW_CONFIG0_LEDGPOEN;
 2684         RTW_WRITE8(regs, RTW_CONFIG0, cfg0);
 2685 
 2686         cfg1 = RTW_READ8(regs, RTW_CONFIG1);
 2687         RTW_DPRINTF(RTW_DEBUG_LED,
 2688                     ("%s: read %02x from reg[CONFIG1]\n",
 2689                      sc->sc_ic.ic_if.if_xname, cfg1));
 2690 
 2691         cfg1 &= ~RTW_CONFIG1_LEDS_MASK;
 2692         cfg1 |= RTW_CONFIG1_LEDS_TX_RX;
 2693         RTW_WRITE8(regs, RTW_CONFIG1, cfg1);
 2694 
 2695         rtw_set_access(sc, RTW_ACCESS_NONE);
 2696 }
 2697 
 2698 /*
 2699  * IEEE80211_S_INIT:            LED1 off
 2700  *
 2701  * IEEE80211_S_AUTH,
 2702  * IEEE80211_S_ASSOC,
 2703  * IEEE80211_S_SCAN:            LED1 blinks @ 1 Hz, blinks at 5Hz for tx/rx
 2704  *
 2705  * IEEE80211_S_RUN:             LED1 on, blinks @ 5Hz for tx/rx
 2706  */
 2707 static void
 2708 rtw_led_newstate(struct rtw_softc *sc, enum ieee80211_state nstate)
 2709 {
 2710         struct rtw_led_state *ls = &sc->sc_led_state;
 2711 
 2712         switch (nstate) {
 2713         case IEEE80211_S_INIT:
 2714                 rtw_led_init(sc);
 2715                 callout_stop(&ls->ls_slow_ch);
 2716                 callout_stop(&ls->ls_fast_ch);
 2717                 ls->ls_slowblink = 0;
 2718                 ls->ls_actblink = 0;
 2719                 ls->ls_default = 0;
 2720                 break;
 2721         case IEEE80211_S_SCAN:
 2722                 callout_reset(&ls->ls_slow_ch, RTW_LED_SLOW_TICKS,
 2723                               rtw_led_slowblink, sc);
 2724                 callout_reset(&ls->ls_fast_ch, RTW_LED_FAST_TICKS,
 2725                               rtw_led_fastblink, sc);
 2726                 /*FALLTHROUGH*/
 2727         case IEEE80211_S_AUTH:
 2728         case IEEE80211_S_ASSOC:
 2729                 ls->ls_default = RTW_LED1;
 2730                 ls->ls_actblink = RTW_LED1;
 2731                 ls->ls_slowblink = RTW_LED1;
 2732                 break;
 2733         case IEEE80211_S_RUN:
 2734                 ls->ls_slowblink = 0;
 2735                 break;
 2736         }
 2737         rtw_led_set(sc);
 2738 }
 2739 
 2740 static void
 2741 rtw_led_set(struct rtw_softc *sc)
 2742 {
 2743         struct rtw_led_state *ls = &sc->sc_led_state;
 2744         struct rtw_regs *regs = &sc->sc_regs;
 2745         uint8_t led_condition, mask, newval, val;
 2746         bus_size_t ofs;
 2747 
 2748         led_condition = ls->ls_default;
 2749 
 2750         if (ls->ls_state & RTW_LED_S_SLOW)
 2751                 led_condition ^= ls->ls_slowblink;
 2752         if (ls->ls_state & (RTW_LED_S_RX|RTW_LED_S_TX))
 2753                 led_condition ^= ls->ls_actblink;
 2754 
 2755         RTW_DPRINTF(RTW_DEBUG_LED,
 2756                     ("%s: LED condition %02x\n", sc->sc_ic.ic_if.if_xname,
 2757                      led_condition));
 2758 
 2759         switch (sc->sc_hwverid) {
 2760         default:
 2761         case 'F':
 2762                 ofs = RTW_PSR;
 2763                 newval = mask = RTW_PSR_LEDGPO0 | RTW_PSR_LEDGPO1;
 2764                 if (led_condition & RTW_LED0)
 2765                         newval &= ~RTW_PSR_LEDGPO0;
 2766                 if (led_condition & RTW_LED1)
 2767                         newval &= ~RTW_PSR_LEDGPO1;
 2768                 break;
 2769         case 'D':
 2770                 ofs = RTW_9346CR;
 2771                 mask = RTW_9346CR_EEM_MASK | RTW_9346CR_EEDI | RTW_9346CR_EECS;
 2772                 newval = RTW_9346CR_EEM_PROGRAM;
 2773                 if (led_condition & RTW_LED0)
 2774                         newval |= RTW_9346CR_EEDI;
 2775                 if (led_condition & RTW_LED1)
 2776                         newval |= RTW_9346CR_EECS;
 2777                 break;
 2778         }
 2779         val = RTW_READ8(regs, ofs);
 2780         RTW_DPRINTF(RTW_DEBUG_LED,
 2781                     ("%s: read %02x from reg[%02x]\n",
 2782                      sc->sc_ic.ic_if.if_xname, val, ofs));
 2783         val &= ~mask;
 2784         val |= newval;
 2785         RTW_WRITE8(regs, ofs, val);
 2786         RTW_DPRINTF(RTW_DEBUG_LED,
 2787                     ("%s: wrote %02x to reg[%02x]\n",
 2788                      sc->sc_ic.ic_if.if_xname, val, ofs));
 2789         RTW_SYNC(regs, ofs, ofs);
 2790 }
 2791 
 2792 static void
 2793 rtw_led_fastblink(void *arg)
 2794 {
 2795         struct rtw_softc *sc = arg;
 2796         struct ifnet *ifp = &sc->sc_ic.ic_if;
 2797         struct rtw_led_state *ls = &sc->sc_led_state;
 2798         int ostate;
 2799 
 2800         lwkt_serialize_enter(ifp->if_serializer);
 2801 
 2802         ostate = ls->ls_state;
 2803         ls->ls_state ^= ls->ls_event;
 2804 
 2805         if ((ls->ls_event & RTW_LED_S_TX) == 0)
 2806                 ls->ls_state &= ~RTW_LED_S_TX;
 2807 
 2808         if ((ls->ls_event & RTW_LED_S_RX) == 0)
 2809                 ls->ls_state &= ~RTW_LED_S_RX;
 2810 
 2811         ls->ls_event = 0;
 2812 
 2813         if (ostate != ls->ls_state)
 2814                 rtw_led_set(sc);
 2815 
 2816         callout_reset(&ls->ls_fast_ch, RTW_LED_FAST_TICKS,
 2817                       rtw_led_fastblink, sc);
 2818 
 2819         lwkt_serialize_exit(ifp->if_serializer);
 2820 }
 2821 
 2822 static void
 2823 rtw_led_slowblink(void *arg)
 2824 {
 2825         struct rtw_softc *sc = arg;
 2826         struct ifnet *ifp = &sc->sc_ic.ic_if;
 2827         struct rtw_led_state *ls = &sc->sc_led_state;
 2828 
 2829         lwkt_serialize_enter(ifp->if_serializer);
 2830 
 2831         ls->ls_state ^= RTW_LED_S_SLOW;
 2832         rtw_led_set(sc);
 2833         callout_reset(&ls->ls_slow_ch, RTW_LED_SLOW_TICKS,
 2834                       rtw_led_slowblink, sc);
 2835 
 2836         lwkt_serialize_exit(ifp->if_serializer);
 2837 }
 2838 
 2839 static int
 2840 rtw_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
 2841 {
 2842         struct rtw_softc *sc = ifp->if_softc;
 2843         int rc = 0;
 2844 
 2845         switch (cmd) {
 2846         case SIOCSIFFLAGS:
 2847                 if (ifp->if_flags & IFF_UP) {
 2848                         if ((ifp->if_flags & IFF_RUNNING) == 0)
 2849                                 rtw_init(sc);
 2850                         RTW_PRINT_REGS(&sc->sc_regs, ifp->if_xname, __func__);
 2851                 } else if (sc->sc_flags & RTW_F_ENABLED) {
 2852                         RTW_PRINT_REGS(&sc->sc_regs, ifp->if_xname, __func__);
 2853                         rtw_stop(sc, 1);
 2854                 }
 2855                 break;
 2856         case SIOCADDMULTI:
 2857         case SIOCDELMULTI:
 2858                 if (ifp->if_flags & IFF_RUNNING)
 2859                         rtw_pktfilt_load(sc);
 2860                 break;
 2861         default:
 2862                 rc = ieee80211_ioctl(&sc->sc_ic, cmd, data, cr);
 2863                 if (rc == ENETRESET) {
 2864                         if (sc->sc_flags & RTW_F_ENABLED)
 2865                                 rtw_init(sc);
 2866                         rc = 0;
 2867                 }
 2868                 break;
 2869         }
 2870         return rc;
 2871 }
 2872 
 2873 /*
 2874  * Select a transmit ring with at least one h/w and s/w descriptor free.
 2875  * Return 0 on success, -1 on failure.
 2876  */
 2877 static __inline int
 2878 rtw_txring_choose(struct rtw_softc *sc, struct rtw_txsoft_blk **tsbp,
 2879                   struct rtw_txdesc_blk **tdbp, int pri)
 2880 {
 2881         struct rtw_txsoft_blk *tsb;
 2882         struct rtw_txdesc_blk *tdb;
 2883 
 2884         KKASSERT(pri >= 0 && pri < RTW_NTXPRI);
 2885 
 2886         tsb = &sc->sc_txsoft_blk[pri];
 2887         tdb = &sc->sc_txdesc_blk[pri];
 2888 
 2889         if (STAILQ_EMPTY(&tsb->tsb_freeq) || tdb->tdb_nfree == 0) {
 2890                 if (tsb->tsb_tx_timer == 0)
 2891                         tsb->tsb_tx_timer = 5;
 2892                 *tsbp = NULL;
 2893                 *tdbp = NULL;
 2894                 return -1;
 2895         }
 2896         *tsbp = tsb;
 2897         *tdbp = tdb;
 2898         return 0;
 2899 }
 2900 
 2901 static __inline struct mbuf *
 2902 rtw_80211_dequeue(struct rtw_softc *sc, struct ifqueue *ifq, int pri,
 2903                   struct rtw_txsoft_blk **tsbp, struct rtw_txdesc_blk **tdbp,
 2904                   struct ieee80211_node **nip)
 2905 {
 2906         struct mbuf *m;
 2907         struct ifnet *ifp = &sc->sc_if;
 2908 
 2909         if (IF_QEMPTY(ifq))
 2910                 return NULL;
 2911         if (rtw_txring_choose(sc, tsbp, tdbp, pri) == -1) {
 2912                 DPRINTF(sc, RTW_DEBUG_XMIT_RSRC,
 2913                         ("%s: no ring %d descriptor\n", ifp->if_xname, pri));
 2914                 ifq_set_oactive(&ifp->if_snd);
 2915                 ifp->if_timer = 1;
 2916                 return NULL;
 2917         }
 2918         IF_DEQUEUE(ifq, m);
 2919         *nip = (struct ieee80211_node *)m->m_pkthdr.rcvif;
 2920         m->m_pkthdr.rcvif = NULL;
 2921         KKASSERT(*nip != NULL);
 2922         return m;
 2923 }
 2924 
 2925 /*
 2926  * Point *mp at the next 802.11 frame to transmit.  Point *tsbp
 2927  * at the driver's selection of transmit control block for the packet.
 2928  */
 2929 static int
 2930 rtw_dequeue(struct ifnet *ifp, struct rtw_txsoft_blk **tsbp,
 2931             struct rtw_txdesc_blk **tdbp, struct mbuf **mp,
 2932             struct ieee80211_node **nip)
 2933 {
 2934         struct rtw_softc *sc = ifp->if_softc;
 2935         struct ether_header *eh;
 2936         struct mbuf *m0;
 2937         int pri;
 2938 
 2939         DPRINTF(sc, RTW_DEBUG_XMIT,
 2940                 ("%s: enter %s\n", ifp->if_xname, __func__));
 2941 
 2942         if (sc->sc_ic.ic_state == IEEE80211_S_RUN &&
 2943             (*mp = rtw_80211_dequeue(sc, &sc->sc_beaconq, RTW_TXPRIBCN, tsbp,
 2944                                      tdbp, nip)) != NULL) {
 2945                 DPRINTF(sc, RTW_DEBUG_XMIT,
 2946                         ("%s: dequeue beacon frame\n", ifp->if_xname));
 2947                 return 0;
 2948         }
 2949 
 2950         if ((*mp = rtw_80211_dequeue(sc, &sc->sc_ic.ic_mgtq, RTW_TXPRIMD, tsbp,
 2951                                      tdbp, nip)) != NULL) {
 2952                 DPRINTF(sc, RTW_DEBUG_XMIT,
 2953                         ("%s: dequeue mgt frame\n", ifp->if_xname));
 2954                 return 0;
 2955         }
 2956 
 2957         *mp = NULL;
 2958 
 2959         if (sc->sc_ic.ic_state != IEEE80211_S_RUN) {
 2960                 ifq_purge(&ifp->if_snd);
 2961                 DPRINTF(sc, RTW_DEBUG_XMIT,
 2962                         ("%s: not running\n", ifp->if_xname));
 2963                 return 0;
 2964         }
 2965 
 2966         m0 = ifq_dequeue(&ifp->if_snd);
 2967         if (m0 == NULL) {
 2968                 DPRINTF(sc, RTW_DEBUG_XMIT,
 2969                         ("%s: no frame ready\n", ifp->if_xname));
 2970                 return 0;
 2971         }
 2972         DPRINTF(sc, RTW_DEBUG_XMIT,
 2973                 ("%s: dequeue data frame\n", ifp->if_xname));
 2974 
 2975         pri = ((m0->m_flags & M_PWR_SAV) != 0) ? RTW_TXPRIHI : RTW_TXPRIMD;
 2976 
 2977         if (rtw_txring_choose(sc, tsbp, tdbp, pri) == -1) {
 2978                 DPRINTF(sc, RTW_DEBUG_XMIT_RSRC,
 2979                         ("%s: no ring %d descriptor\n", ifp->if_xname, pri));
 2980                 ifq_set_oactive(&ifp->if_snd);
 2981                 ifq_prepend(&ifp->if_snd, m0);
 2982                 sc->sc_if.if_timer = 1;
 2983                 return 0;
 2984         }
 2985 
 2986         BPF_MTAP(ifp, m0);
 2987 
 2988         eh = mtod(m0, struct ether_header *);
 2989         *nip = ieee80211_find_txnode(&sc->sc_ic, eh->ether_dhost);
 2990         if (*nip == NULL) {
 2991                 /* NB: ieee80211_find_txnode does stat+msg */
 2992                 m_freem(m0);
 2993                 return -1;
 2994         }
 2995 
 2996         if ((m0 = ieee80211_encap(&sc->sc_ic, m0, *nip)) == NULL) {
 2997                 DPRINTF(sc, RTW_DEBUG_XMIT,
 2998                         ("%s: encap error\n", ifp->if_xname));
 2999                 ieee80211_free_node(*nip);
 3000                 IFNET_STAT_INC(ifp, oerrors, 1);
 3001                 return -1;
 3002         }
 3003 
 3004         IFNET_STAT_INC(ifp, opackets, 1);
 3005         DPRINTF(sc, RTW_DEBUG_XMIT,
 3006                 ("%s: leave %s\n", ifp->if_xname, __func__));
 3007         *mp = m0;
 3008         return 0;
 3009 }
 3010 
 3011 static __inline int
 3012 rtw_txsegs_too_short(struct rtw_txsegs *segs)
 3013 {
 3014         int i;
 3015 
 3016         for (i = 0; i < segs->nseg; i++) {
 3017                 if (segs->segs[i].ds_len < 4)
 3018                         return 1;
 3019         }
 3020         return 0;
 3021 }
 3022 
 3023 static __inline int
 3024 rtw_txsegs_too_long(struct rtw_txsegs *segs)
 3025 {
 3026         int i;
 3027 
 3028         for (i = 0; i < segs->nseg; i++) {
 3029                 if (segs->segs[i].ds_len > RTW_TXLEN_LENGTH_MASK)
 3030                         return 1;
 3031         }
 3032         return 0;
 3033 }
 3034 
 3035 static void
 3036 rtw_txbuf_dma_map(void *arg, bus_dma_segment_t *seg, int nseg,
 3037                   bus_size_t mapsize, int error)
 3038 {
 3039         struct rtw_txsegs *s = arg;
 3040 
 3041         if (error)
 3042                 return;
 3043 
 3044         KASSERT(nseg <= RTW_MAXPKTSEGS, ("too many tx mbuf seg"));
 3045 
 3046         s->nseg = nseg;
 3047         bcopy(seg, s->segs, sizeof(*seg) * nseg);
 3048 }
 3049 
 3050 static struct mbuf *
 3051 rtw_load_txbuf(struct rtw_softc *sc, struct rtw_txsoft *ts,
 3052                struct rtw_txsegs *segs, int ndesc_free, struct mbuf *m)
 3053 {
 3054         int unload = 0, error;
 3055 
 3056         error = bus_dmamap_load_mbuf(sc->sc_txsoft_dmat, ts->ts_dmamap, m,
 3057                                      rtw_txbuf_dma_map, segs, BUS_DMA_NOWAIT);
 3058         if (error && error != EFBIG) {
 3059                 if_printf(&sc->sc_ic.ic_if, "can't load tx mbuf1\n");
 3060                 goto back;
 3061         }
 3062 
 3063         if (error || segs->nseg > ndesc_free || rtw_txsegs_too_short(segs)) {
 3064                 struct mbuf *m_new;
 3065 
 3066                 if (error == 0)
 3067                         bus_dmamap_unload(sc->sc_txsoft_dmat, ts->ts_dmamap);
 3068 
 3069                 m_new = m_defrag(m, MB_DONTWAIT);
 3070                 if (m_new == NULL) {
 3071                         if_printf(&sc->sc_ic.ic_if, "can't defrag tx mbuf\n");
 3072                         error = ENOBUFS;
 3073                         goto back;
 3074                 }
 3075                 m = m_new;
 3076 
 3077                 error = bus_dmamap_load_mbuf(sc->sc_txsoft_dmat, ts->ts_dmamap,
 3078                                              m, rtw_txbuf_dma_map, segs,
 3079                                              BUS_DMA_NOWAIT);
 3080                 if (error) {
 3081                         if_printf(&sc->sc_ic.ic_if, "can't load tx mbuf2\n");
 3082                         goto back;
 3083                 }
 3084                 unload = 1;
 3085 
 3086                 error = EFBIG;
 3087                 if (segs->nseg > ndesc_free) {
 3088                         if_printf(&sc->sc_ic.ic_if, "not enough free txdesc\n");
 3089                         goto back;
 3090                 }
 3091                 if (rtw_txsegs_too_short(segs)) {
 3092                         if_printf(&sc->sc_ic.ic_if, "segment too short\n");
 3093                         goto back;
 3094                 }
 3095                 error = 0;
 3096         }
 3097 
 3098         if (rtw_txsegs_too_long(segs)) {
 3099                 if_printf(&sc->sc_ic.ic_if, "segment too long\n");
 3100                 unload = 1;
 3101                 error = EFBIG;
 3102         }
 3103 
 3104 back:
 3105         if (error) {
 3106                 if (unload)
 3107                         bus_dmamap_unload(sc->sc_txsoft_dmat, ts->ts_dmamap);
 3108                 m_freem(m);
 3109                 m = NULL;
 3110         } else {
 3111                 bus_dmamap_sync(sc->sc_txsoft_dmat, ts->ts_dmamap,
 3112                                 BUS_DMASYNC_PREWRITE);
 3113         }
 3114         return m;
 3115 }
 3116 
 3117 #ifdef RTW_DEBUG
 3118 static void
 3119 rtw_print_txdesc(struct rtw_softc *sc, const char *action,
 3120                  struct rtw_txsoft *ts, struct rtw_txdesc_blk *tdb, int desc)
 3121 {
 3122         struct rtw_txdesc *td = &tdb->tdb_desc[desc];
 3123 
 3124         DPRINTF(sc, RTW_DEBUG_XMIT_DESC,
 3125                 ("%s: %p %s txdesc[%d] "
 3126                  "next %#08x buf %#08x "
 3127                  "ctl0 %#08x ctl1 %#08x len %#08x\n",
 3128                  sc->sc_ic.ic_if.if_xname, ts, action,
 3129                  desc, le32toh(td->td_buf), le32toh(td->td_next),
 3130                  le32toh(td->td_ctl0), le32toh(td->td_ctl1),
 3131                  le32toh(td->td_len)));
 3132 }
 3133 #endif /* RTW_DEBUG */
 3134 
 3135 static void
 3136 rtw_start(struct ifnet *ifp, struct ifaltq_subque *ifsq)
 3137 {
 3138         struct rtw_softc *sc = ifp->if_softc;
 3139         struct ieee80211com *ic = &sc->sc_ic;
 3140         struct ieee80211_node *ni;
 3141         struct rtw_txsoft *ts;
 3142         struct mbuf *m0;
 3143         uint32_t proto_ctl0;
 3144 
 3145         ASSERT_ALTQ_SQ_DEFAULT(ifp, ifsq);
 3146         DPRINTF(sc, RTW_DEBUG_XMIT,
 3147                 ("%s: enter %s\n", ifp->if_xname, __func__));
 3148 
 3149         if ((ifp->if_flags & IFF_RUNNING) == 0 || ifq_is_oactive(&ifp->if_snd))
 3150                 goto out;
 3151 
 3152         /* XXX do real rate control */
 3153         proto_ctl0 = RTW_TXCTL0_RTSRATE_1MBPS;
 3154 
 3155         if (ic->ic_flags & IEEE80211_F_SHPREAMBLE)
 3156                 proto_ctl0 |= RTW_TXCTL0_SPLCP;
 3157 
 3158         for (;;) {
 3159                 struct rtw_txsegs segs;
 3160                 struct rtw_duration *d0;
 3161                 struct ieee80211_frame_min *wh;
 3162                 struct rtw_txsoft_blk *tsb;
 3163                 struct rtw_txdesc_blk *tdb;
 3164                 struct rtw_txdesc *td;
 3165                 struct ieee80211_key *k;
 3166                 uint32_t ctl0, ctl1;
 3167                 uint8_t tppoll;
 3168                 int desc, i, lastdesc, npkt, rate, rateidx, ratectl;
 3169 
 3170                 if (rtw_dequeue(ifp, &tsb, &tdb, &m0, &ni) == -1)
 3171                         continue;
 3172                 if (m0 == NULL)
 3173                         break;
 3174 
 3175                 wh = mtod(m0, struct ieee80211_frame_min *);
 3176 
 3177                 if ((wh->i_fc[1] & IEEE80211_FC1_WEP) != 0 &&
 3178                     (k = ieee80211_crypto_encap(ic, ni, m0)) == NULL) {
 3179                         ieee80211_free_node(ni);
 3180                         m_freem(m0);
 3181                         break;
 3182                 } else {
 3183                         k = NULL;
 3184                 }
 3185 
 3186                 ts = STAILQ_FIRST(&tsb->tsb_freeq);
 3187 
 3188                 m0 = rtw_load_txbuf(sc, ts, &segs, tdb->tdb_nfree, m0);
 3189                 if (m0 == NULL || segs.nseg == 0) {
 3190                         DPRINTF(sc, RTW_DEBUG_XMIT,
 3191                                 ("%s: %s failed\n", ifp->if_xname, __func__));
 3192                         goto post_dequeue_err;
 3193                 }
 3194 
 3195                 /*
 3196                  * Note well: rtw_load_txbuf may have created a new chain,
 3197                  * so we must find the header once more.
 3198                  */
 3199                 wh = mtod(m0, struct ieee80211_frame_min *);
 3200 
 3201                 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
 3202                     IEEE80211_FC0_TYPE_MGT) {
 3203                         rateidx = 0;
 3204                         rate = 2;       /* 1Mbit/s */
 3205                         ratectl = 0;
 3206                 } else {
 3207                         ieee80211_ratectl_findrate(ni, m0->m_pkthdr.len,
 3208                                                    &rateidx, 1);
 3209                         rate = IEEE80211_RS_RATE(&ni->ni_rates, rateidx);
 3210                         ratectl =1;
 3211 
 3212                         if (rate == 0) {
 3213                                 if_printf(ifp, "incorrect rate\n");
 3214                                 rateidx = 0;
 3215                                 rate = 2;       /* 1Mbit/s */
 3216                                 ratectl = 0;
 3217                         }
 3218                 }
 3219 
 3220 #ifdef RTW_DEBUG
 3221                 if ((ifp->if_flags & (IFF_DEBUG | IFF_LINK2)) ==
 3222                     (IFF_DEBUG | IFF_LINK2)) {
 3223                         ieee80211_dump_pkt(mtod(m0, uint8_t *),
 3224                                            (segs.nseg == 1) ? m0->m_pkthdr.len
 3225                                                             : sizeof(wh),
 3226                                            rate, 0);
 3227                 }
 3228 #endif /* RTW_DEBUG */
 3229                 ctl0 = proto_ctl0 |
 3230                        __SHIFTIN(m0->m_pkthdr.len, RTW_TXCTL0_TPKTSIZE_MASK);
 3231 
 3232                 switch (rate) {
 3233                 default:
 3234                 case 2:
 3235                         ctl0 |= RTW_TXCTL0_RATE_1MBPS;
 3236                         break;
 3237                 case 4:
 3238                         ctl0 |= RTW_TXCTL0_RATE_2MBPS;
 3239                         break;
 3240                 case 11:
 3241                         ctl0 |= RTW_TXCTL0_RATE_5MBPS;
 3242                         break;
 3243                 case 22:
 3244                         ctl0 |= RTW_TXCTL0_RATE_11MBPS;
 3245                         break;
 3246                 }
 3247                 /* XXX >= ? Compare after fragmentation? */
 3248                 if (m0->m_pkthdr.len > ic->ic_rtsthreshold)
 3249                         ctl0 |= RTW_TXCTL0_RTSEN;
 3250 
 3251                 /*
 3252                  * XXX Sometimes writes a bogus keyid; h/w doesn't
 3253                  * seem to care, since we don't activate h/w Tx
 3254                  * encryption.
 3255                  */
 3256                 if (k != NULL) {
 3257                         ctl0 |= __SHIFTIN(k->wk_keyix, RTW_TXCTL0_KEYID_MASK) &
 3258                                 RTW_TXCTL0_KEYID_MASK;
 3259                 }
 3260 
 3261                 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
 3262                     IEEE80211_FC0_TYPE_MGT) {
 3263                         ctl0 &= ~(RTW_TXCTL0_SPLCP | RTW_TXCTL0_RTSEN);
 3264                         if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) ==
 3265                             IEEE80211_FC0_SUBTYPE_BEACON)
 3266                                 ctl0 |= RTW_TXCTL0_BEACON;
 3267                 }
 3268 
 3269                 if (rtw_compute_duration(wh, k, m0->m_pkthdr.len,
 3270                     ic->ic_flags, ic->ic_fragthreshold,
 3271                     rate, &ts->ts_d0, &ts->ts_dn, &npkt,
 3272                     (ifp->if_flags & (IFF_DEBUG|IFF_LINK2)) ==
 3273                     (IFF_DEBUG|IFF_LINK2)) == -1) {
 3274                         DPRINTF(sc, RTW_DEBUG_XMIT,
 3275                             ("%s: fail compute duration\n", __func__));
 3276                         goto post_load_err;
 3277                 }
 3278 
 3279                 d0 = &ts->ts_d0;
 3280 
 3281                 *(uint16_t*)wh->i_dur = htole16(d0->d_data_dur);
 3282 
 3283                 ctl1 = __SHIFTIN(d0->d_plcp_len, RTW_TXCTL1_LENGTH_MASK) |
 3284                        __SHIFTIN(d0->d_rts_dur, RTW_TXCTL1_RTSDUR_MASK);
 3285 
 3286                 if (d0->d_residue)
 3287                         ctl1 |= RTW_TXCTL1_LENGEXT;
 3288 
 3289                 /* TBD fragmentation */
 3290 
 3291                 ts->ts_first = tdb->tdb_next;
 3292                 KKASSERT(ts->ts_first < tdb->tdb_ndesc);
 3293 
 3294                 if (ic->ic_rawbpf != NULL)
 3295                         bpf_mtap(ic->ic_rawbpf, m0);
 3296 
 3297                 if (sc->sc_radiobpf != NULL) {
 3298                         struct rtw_tx_radiotap_header *rt = &sc->sc_txtap;
 3299 
 3300                         rt->rt_flags = 0;
 3301                         rt->rt_rate = rate;
 3302 
 3303                         bpf_ptap(sc->sc_radiobpf, m0, rt,
 3304                                  sizeof(sc->sc_txtapu));
 3305                 }
 3306 
 3307                 for (i = 0, lastdesc = desc = ts->ts_first; i < segs.nseg;
 3308                      i++, desc = RTW_NEXT_IDX(tdb, desc)) {
 3309                         td = &tdb->tdb_desc[desc];
 3310                         td->td_ctl0 = htole32(ctl0);
 3311                         if (i != 0)
 3312                                 td->td_ctl0 |= htole32(RTW_TXCTL0_OWN);
 3313                         td->td_ctl1 = htole32(ctl1);
 3314                         td->td_buf = htole32(segs.segs[i].ds_addr);
 3315                         td->td_len = htole32(segs.segs[i].ds_len);
 3316                         lastdesc = desc;
 3317 #ifdef RTW_DEBUG
 3318                         rtw_print_txdesc(sc, "load", ts, tdb, desc);
 3319 #endif /* RTW_DEBUG */
 3320                 }
 3321 
 3322                 KKASSERT(desc < tdb->tdb_ndesc);
 3323 
 3324                 ts->ts_ni = ni;
 3325                 KKASSERT(ni != NULL);
 3326                 ts->ts_mbuf = m0;
 3327                 ts->ts_rateidx = rateidx;
 3328                 ts->ts_ratectl = ratectl;
 3329                 ts->ts_last = lastdesc;
 3330                 tdb->tdb_desc[ts->ts_last].td_ctl0 |= htole32(RTW_TXCTL0_LS);
 3331                 tdb->tdb_desc[ts->ts_first].td_ctl0 |= htole32(RTW_TXCTL0_FS);
 3332 
 3333 #ifdef RTW_DEBUG
 3334                 rtw_print_txdesc(sc, "FS on", ts, tdb, ts->ts_first);
 3335                 rtw_print_txdesc(sc, "LS on", ts, tdb, ts->ts_last);
 3336 #endif /* RTW_DEBUG */
 3337 
 3338                 tdb->tdb_nfree -= segs.nseg;
 3339                 tdb->tdb_next = desc;
 3340 
 3341                 tdb->tdb_desc[ts->ts_first].td_ctl0 |= htole32(RTW_TXCTL0_OWN);
 3342 
 3343 #ifdef RTW_DEBUG
 3344                 rtw_print_txdesc(sc, "OWN on", ts, tdb, ts->ts_first);
 3345 #endif /* RTW_DEBUG */
 3346 
 3347                 STAILQ_REMOVE_HEAD(&tsb->tsb_freeq, ts_q);
 3348                 STAILQ_INSERT_TAIL(&tsb->tsb_dirtyq, ts, ts_q);
 3349 
 3350                 if (tsb != &sc->sc_txsoft_blk[RTW_TXPRIBCN])
 3351                         sc->sc_led_state.ls_event |= RTW_LED_S_TX;
 3352                 tsb->tsb_tx_timer = 5;
 3353                 ifp->if_timer = 1;
 3354                 tppoll = RTW_READ8(&sc->sc_regs, RTW_TPPOLL);
 3355                 tppoll &= ~RTW_TPPOLL_SALL;
 3356                 tppoll |= tsb->tsb_poll & RTW_TPPOLL_ALL;
 3357                 RTW_WRITE8(&sc->sc_regs, RTW_TPPOLL, tppoll);
 3358                 RTW_SYNC(&sc->sc_regs, RTW_TPPOLL, RTW_TPPOLL);
 3359 
 3360                 bus_dmamap_sync(tdb->tdb_dmat, tdb->tdb_dmamap,
 3361                                 BUS_DMASYNC_PREWRITE);
 3362         }
 3363 out:
 3364         DPRINTF(sc, RTW_DEBUG_XMIT,
 3365                 ("%s: leave %s\n", ifp->if_xname, __func__));
 3366         return;
 3367 
 3368 post_load_err:
 3369         bus_dmamap_unload(sc->sc_txsoft_dmat, ts->ts_dmamap);
 3370         m_freem(m0);
 3371 post_dequeue_err:
 3372         ieee80211_free_node(ni);
 3373 
 3374         DPRINTF(sc, RTW_DEBUG_XMIT,
 3375                 ("%s: leave %s\n", ifp->if_xname, __func__));
 3376 }
 3377 
 3378 static void
 3379 rtw_idle(struct rtw_softc *sc)
 3380 {
 3381         struct rtw_regs *regs = &sc->sc_regs;
 3382         int active;
 3383 
 3384         /* request stop DMA; wait for packets to stop transmitting. */
 3385 
 3386         RTW_WRITE8(regs, RTW_TPPOLL, RTW_TPPOLL_SALL);
 3387         RTW_WBR(regs, RTW_TPPOLL, RTW_TPPOLL);
 3388 
 3389         for (active = 0;
 3390              active < 300 &&
 3391              (RTW_READ8(regs, RTW_TPPOLL) & RTW_TPPOLL_ACTIVE) != 0;
 3392              active++)
 3393                 DELAY(10);
 3394         if_printf(&sc->sc_ic.ic_if, "transmit DMA idle in %dus\n", active * 10);
 3395 }
 3396 
 3397 static void
 3398 rtw_watchdog(struct ifnet *ifp)
 3399 {
 3400         int pri, tx_timeouts = 0;
 3401         struct rtw_softc *sc = ifp->if_softc;
 3402 
 3403         ifp->if_timer = 0;
 3404 
 3405         if ((sc->sc_flags & RTW_F_ENABLED) == 0)
 3406                 return;
 3407 
 3408         for (pri = 0; pri < RTW_NTXPRI; pri++) {
 3409                 struct rtw_txsoft_blk *tsb = &sc->sc_txsoft_blk[pri];
 3410 
 3411                 if (tsb->tsb_tx_timer == 0)
 3412                         continue;
 3413                 else if (--tsb->tsb_tx_timer == 0) {
 3414                         if (STAILQ_EMPTY(&tsb->tsb_dirtyq))
 3415                                 continue;
 3416                         if_printf(ifp, "transmit timeout, priority %d\n", pri);
 3417                         IFNET_STAT_INC(ifp, oerrors, 1);
 3418                         tx_timeouts++;
 3419                 } else {
 3420                         ifp->if_timer = 1;
 3421                 }
 3422         }
 3423 
 3424         if (tx_timeouts > 0) {
 3425                 /*
 3426                  * Stop Tx DMA, disable xmtr, flush Tx rings, enable xmtr,
 3427                  * reset s/w tx-ring pointers, and start transmission.
 3428                  *
 3429                  * TBD Stop/restart just the broken rings?
 3430                  */
 3431                 rtw_idle(sc);
 3432                 rtw_io_enable(sc, RTW_CR_TE, 0);
 3433                 rtw_txdesc_blk_reset_all(sc);
 3434                 rtw_io_enable(sc, RTW_CR_TE, 1);
 3435                 rtw_txring_fixup(sc);
 3436                 rtw_start(ifp, ifq_get_subq_default(&ifp->if_snd));
 3437         }
 3438         ieee80211_watchdog(&sc->sc_ic);
 3439 }
 3440 
 3441 static void
 3442 rtw_next_scan(void *arg)
 3443 {
 3444         struct ieee80211com *ic = arg;
 3445         struct ifnet *ifp = &ic->ic_if;
 3446 
 3447         lwkt_serialize_enter(ifp->if_serializer);
 3448 
 3449         /* don't call rtw_start w/o network interrupts blocked */
 3450         if (ic->ic_state == IEEE80211_S_SCAN)
 3451                 ieee80211_next_scan(ic);
 3452 
 3453         lwkt_serialize_exit(ifp->if_serializer);
 3454 }
 3455 
 3456 static void
 3457 rtw_join_bss(struct rtw_softc *sc, uint8_t *bssid, uint16_t intval0)
 3458 {
 3459         uint16_t bcnitv, bintritv, intval;
 3460         int i;
 3461         struct rtw_regs *regs = &sc->sc_regs;
 3462 
 3463         for (i = 0; i < IEEE80211_ADDR_LEN; i++)
 3464                 RTW_WRITE8(regs, RTW_BSSID + i, bssid[i]);
 3465 
 3466         RTW_SYNC(regs, RTW_BSSID16, RTW_BSSID32);
 3467 
 3468         rtw_set_access(sc, RTW_ACCESS_CONFIG);
 3469 
 3470         intval = MIN(intval0, __SHIFTOUT_MASK(RTW_BCNITV_BCNITV_MASK));
 3471 
 3472         bcnitv = RTW_READ16(regs, RTW_BCNITV) & ~RTW_BCNITV_BCNITV_MASK;
 3473         bcnitv |= __SHIFTIN(intval, RTW_BCNITV_BCNITV_MASK);
 3474         RTW_WRITE16(regs, RTW_BCNITV, bcnitv);
 3475         /* interrupt host 1ms before the TBTT */
 3476         bintritv = RTW_READ16(regs, RTW_BINTRITV) & ~RTW_BINTRITV_BINTRITV;
 3477         bintritv |= __SHIFTIN(1000, RTW_BINTRITV_BINTRITV);
 3478         RTW_WRITE16(regs, RTW_BINTRITV, bintritv);
 3479         /* magic from Linux */
 3480         RTW_WRITE16(regs, RTW_ATIMWND, __SHIFTIN(1, RTW_ATIMWND_ATIMWND));
 3481         RTW_WRITE16(regs, RTW_ATIMTRITV, __SHIFTIN(2, RTW_ATIMTRITV_ATIMTRITV));
 3482         rtw_set_access(sc, RTW_ACCESS_NONE);
 3483 
 3484         rtw_io_enable(sc, RTW_CR_RE | RTW_CR_TE, 1);
 3485 }
 3486 
 3487 /* Synchronize the hardware state with the software state. */
 3488 static int
 3489 rtw_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
 3490 {
 3491         struct ifnet *ifp = ic->ic_ifp;
 3492         struct rtw_softc *sc = ifp->if_softc;
 3493         enum ieee80211_state ostate;
 3494         int error;
 3495 
 3496         ostate = ic->ic_state;
 3497 
 3498         ieee80211_ratectl_newstate(ic, nstate);
 3499         rtw_led_newstate(sc, nstate);
 3500 
 3501         if (nstate == IEEE80211_S_INIT) {
 3502                 callout_stop(&sc->sc_scan_ch);
 3503                 sc->sc_cur_chan = IEEE80211_CHAN_ANY;
 3504                 return sc->sc_mtbl.mt_newstate(ic, nstate, arg);
 3505         }
 3506 
 3507         if (ostate == IEEE80211_S_INIT && nstate != IEEE80211_S_INIT)
 3508                 rtw_pwrstate(sc, RTW_ON);
 3509 
 3510         error = rtw_tune(sc);
 3511         if (error != 0)
 3512                 return error;
 3513 
 3514         switch (nstate) {
 3515         case IEEE80211_S_INIT:
 3516                 panic("%s: unexpected state IEEE80211_S_INIT", __func__);
 3517                 break;
 3518         case IEEE80211_S_SCAN:
 3519                 if (ostate != IEEE80211_S_SCAN) {
 3520                         memset(ic->ic_bss->ni_bssid, 0, IEEE80211_ADDR_LEN);
 3521                         rtw_set_nettype(sc, IEEE80211_M_MONITOR);
 3522                 }
 3523 
 3524                 callout_reset(&sc->sc_scan_ch, rtw_dwelltime * hz / 1000,
 3525                               rtw_next_scan, ic);
 3526 
 3527                 break;
 3528         case IEEE80211_S_RUN:
 3529                 switch (ic->ic_opmode) {
 3530                 case IEEE80211_M_HOSTAP:
 3531                 case IEEE80211_M_IBSS:
 3532                         rtw_set_nettype(sc, IEEE80211_M_MONITOR);
 3533                         /*FALLTHROUGH*/
 3534                 case IEEE80211_M_AHDEMO:
 3535                 case IEEE80211_M_STA:
 3536                         rtw_join_bss(sc, ic->ic_bss->ni_bssid,
 3537                                      ic->ic_bss->ni_intval);
 3538                         break;
 3539                 case IEEE80211_M_MONITOR:
 3540                         break;
 3541                 }
 3542                 rtw_set_nettype(sc, ic->ic_opmode);
 3543                 break;
 3544         case IEEE80211_S_ASSOC:
 3545         case IEEE80211_S_AUTH:
 3546                 break;
 3547         }
 3548 
 3549         if (nstate != IEEE80211_S_SCAN)
 3550                 callout_stop(&sc->sc_scan_ch);
 3551 
 3552         return sc->sc_mtbl.mt_newstate(ic, nstate, arg);
 3553 }
 3554 
 3555 /* Extend a 32-bit TSF timestamp to a 64-bit timestamp. */
 3556 static uint64_t
 3557 rtw_tsf_extend(struct rtw_regs *regs, uint32_t rstamp)
 3558 {
 3559         uint32_t tsftl, tsfth;
 3560 
 3561         tsfth = RTW_READ(regs, RTW_TSFTRH);
 3562         tsftl = RTW_READ(regs, RTW_TSFTRL);
 3563         if (tsftl < rstamp)     /* Compensate for rollover. */
 3564                 tsfth--;
 3565         return ((uint64_t)tsfth << 32) | rstamp;
 3566 }
 3567 
 3568 static void
 3569 rtw_recv_mgmt(struct ieee80211com *ic, struct mbuf *m,
 3570               struct ieee80211_node *ni, int subtype, int rssi, uint32_t rstamp)
 3571 {
 3572         struct ifnet *ifp = &ic->ic_if;
 3573         struct rtw_softc *sc = ifp->if_softc;
 3574 
 3575         sc->sc_mtbl.mt_recv_mgmt(ic, m, ni, subtype, rssi, rstamp);
 3576 
 3577         switch (subtype) {
 3578         case IEEE80211_FC0_SUBTYPE_PROBE_RESP:
 3579         case IEEE80211_FC0_SUBTYPE_BEACON:
 3580                 if (ic->ic_opmode == IEEE80211_M_IBSS &&
 3581                     ic->ic_state == IEEE80211_S_RUN) {
 3582                         uint64_t tsf = rtw_tsf_extend(&sc->sc_regs, rstamp);
 3583 
 3584                         if (le64toh(ni->ni_tstamp.tsf) >= tsf)
 3585                                 ieee80211_ibss_merge(ni);
 3586                 }
 3587                 break;
 3588         default:
 3589                 break;
 3590         }
 3591 }
 3592 
 3593 #ifdef foo
 3594 static struct ieee80211_node *
 3595 rtw_node_alloc(struct ieee80211_node_table *nt)
 3596 {
 3597         struct ifnet *ifp = nt->nt_ic->ic_ifp;
 3598         struct rtw_softc *sc = (struct rtw_softc *)ifp->if_softc;
 3599         struct ieee80211_node *ni = (*sc->sc_mtbl.mt_node_alloc)(nt);
 3600 
 3601         DPRINTF(sc, RTW_DEBUG_NODE,
 3602             ("%s: alloc node %p\n", sc->sc_dev.dv_xname, ni));
 3603         return ni;
 3604 }
 3605 
 3606 static void
 3607 rtw_node_free(struct ieee80211_node *ni)
 3608 {
 3609         struct ieee80211com *ic = ni->ni_ic;
 3610         struct ifnet *ifp = ic->ic_ifp;
 3611         struct rtw_softc *sc = (struct rtw_softc *)ifp->if_softc;
 3612         char ethstr[ETHER_ADDRSTRLEN + 1];
 3613 
 3614         DPRINTF(sc, RTW_DEBUG_NODE,
 3615             ("%s: freeing node %p %s\n", sc->sc_dev.dv_xname, ni,
 3616             kether_ntoa(ni->ni_bssid, ethstr)));
 3617         sc->sc_mtbl.mt_node_free(ni);
 3618 }
 3619 #endif
 3620 
 3621 static int
 3622 rtw_media_change(struct ifnet *ifp)
 3623 {
 3624         int error;
 3625 
 3626         error = ieee80211_media_change(ifp);
 3627         if (error == ENETRESET) {
 3628                 if ((ifp->if_flags & (IFF_RUNNING|IFF_UP)) ==
 3629                     (IFF_RUNNING|IFF_UP))
 3630                         rtw_init(ifp);          /* XXX lose error */
 3631                 error = 0;
 3632         }
 3633         return error;
 3634 }
 3635 
 3636 static void
 3637 rtw_media_status(struct ifnet *ifp, struct ifmediareq *imr)
 3638 {
 3639         struct rtw_softc *sc = ifp->if_softc;
 3640 
 3641         if ((sc->sc_flags & RTW_F_ENABLED) == 0) {
 3642                 imr->ifm_active = IFM_IEEE80211 | IFM_NONE;
 3643                 imr->ifm_status = 0;
 3644                 return;
 3645         }
 3646         ieee80211_media_status(ifp, imr);
 3647 }
 3648 
 3649 static __inline void
 3650 rtw_set80211methods(struct rtw_mtbl *mtbl, struct ieee80211com *ic)
 3651 {
 3652         mtbl->mt_newstate = ic->ic_newstate;
 3653         ic->ic_newstate = rtw_newstate;
 3654 
 3655         mtbl->mt_recv_mgmt = ic->ic_recv_mgmt;
 3656         ic->ic_recv_mgmt = rtw_recv_mgmt;
 3657 
 3658 #ifdef foo
 3659         mtbl->mt_node_free = ic->ic_node_free;
 3660         ic->ic_node_free = rtw_node_free;
 3661 
 3662         mtbl->mt_node_alloc = ic->ic_node_alloc;
 3663         ic->ic_node_alloc = rtw_node_alloc;
 3664 #endif
 3665 
 3666         ic->ic_crypto.cs_key_delete = rtw_key_delete;
 3667         ic->ic_crypto.cs_key_set = rtw_key_set;
 3668         ic->ic_crypto.cs_key_update_begin = rtw_key_update_begin;
 3669         ic->ic_crypto.cs_key_update_end = rtw_key_update_end;
 3670 }
 3671 
 3672 static __inline void
 3673 rtw_init_radiotap(struct rtw_softc *sc)
 3674 {
 3675         sc->sc_rxtap.rr_ihdr.it_len = htole16(sizeof(sc->sc_rxtapu));
 3676         sc->sc_rxtap.rr_ihdr.it_present = htole32(RTW_RX_RADIOTAP_PRESENT);
 3677 
 3678         sc->sc_txtap.rt_ihdr.it_len = htole16(sizeof(sc->sc_txtapu));
 3679         sc->sc_txtap.rt_ihdr.it_present = htole32(RTW_TX_RADIOTAP_PRESENT);
 3680 }
 3681 
 3682 static struct rtw_rf *
 3683 rtw_rf_attach(struct rtw_softc *sc, enum rtw_rfchipid rfchipid, int digphy)
 3684 {
 3685         rtw_rf_write_t rf_write;
 3686         struct rtw_rf *rf;
 3687 
 3688         switch (rfchipid) {
 3689         default:
 3690                 rf_write = rtw_rf_hostwrite;
 3691                 break;
 3692         case RTW_RFCHIPID_INTERSIL:
 3693         case RTW_RFCHIPID_PHILIPS:
 3694         case RTW_RFCHIPID_GCT:  /* XXX a guess */
 3695         case RTW_RFCHIPID_RFMD:
 3696                 rf_write = (rtw_host_rfio) ? rtw_rf_hostwrite : rtw_rf_macwrite;
 3697                 break;
 3698         }
 3699 
 3700         switch (rfchipid) {
 3701         case RTW_RFCHIPID_GCT:
 3702                 rf = rtw_grf5101_create(&sc->sc_regs, rf_write, 0);
 3703                 sc->sc_pwrstate_cb = rtw_maxim_pwrstate;
 3704                 sc->sc_getrssi = rtw_gct_getrssi;
 3705                 break;
 3706         case RTW_RFCHIPID_MAXIM:
 3707                 rf = rtw_max2820_create(&sc->sc_regs, rf_write, 0);
 3708                 sc->sc_pwrstate_cb = rtw_maxim_pwrstate;
 3709                 sc->sc_getrssi = rtw_maxim_getrssi;
 3710                 break;
 3711         case RTW_RFCHIPID_PHILIPS:
 3712                 rf = rtw_sa2400_create(&sc->sc_regs, rf_write, digphy);
 3713                 sc->sc_pwrstate_cb = rtw_philips_pwrstate;
 3714                 sc->sc_getrssi = rtw_philips_getrssi;
 3715                 break;
 3716         case RTW_RFCHIPID_RFMD:
 3717                 /* XXX RFMD has no RF constructor */
 3718                 sc->sc_pwrstate_cb = rtw_rfmd_pwrstate;
 3719                 /*FALLTHROUGH*/
 3720         default:
 3721                 return NULL;
 3722         }
 3723         rf->rf_continuous_tx_cb =
 3724             (rtw_continuous_tx_cb_t)rtw_continuous_tx_enable;
 3725         rf->rf_continuous_tx_arg = sc;
 3726         return rf;
 3727 }
 3728 
 3729 /* Revision C and later use a different PHY delay setting than
 3730  * revisions A and B.
 3731  */
 3732 static uint8_t
 3733 rtw_check_phydelay(struct rtw_regs *regs, uint32_t old_rcr)
 3734 {
 3735 #define REVAB (RTW_RCR_MXDMA_UNLIMITED | RTW_RCR_AICV)
 3736 #define REVC (REVAB | RTW_RCR_RXFTH_WHOLE)
 3737 
 3738         uint8_t phydelay = __SHIFTIN(0x6, RTW_PHYDELAY_PHYDELAY);
 3739 
 3740         RTW_WRITE(regs, RTW_RCR, REVAB);
 3741         RTW_WBW(regs, RTW_RCR, RTW_RCR);
 3742         RTW_WRITE(regs, RTW_RCR, REVC);
 3743 
 3744         RTW_WBR(regs, RTW_RCR, RTW_RCR);
 3745         if ((RTW_READ(regs, RTW_RCR) & REVC) == REVC)
 3746                 phydelay |= RTW_PHYDELAY_REVC_MAGIC;
 3747 
 3748         RTW_WRITE(regs, RTW_RCR, old_rcr);      /* restore RCR */
 3749         RTW_SYNC(regs, RTW_RCR, RTW_RCR);
 3750 
 3751         return phydelay;
 3752 #undef REVC
 3753 #undef REVAB
 3754 }
 3755 
 3756 int
 3757 rtw_attach(device_t dev)
 3758 {
 3759         struct rtw_softc *sc = device_get_softc(dev);
 3760         struct ieee80211com *ic = &sc->sc_ic;
 3761         const struct ieee80211_cipher *wep_cipher;
 3762         struct ifnet *ifp = &ic->ic_if;
 3763         int rc;
 3764 
 3765         wep_cipher = ieee80211_crypto_cipher(IEEE80211_CIPHER_WEP);
 3766         KKASSERT(wep_cipher != NULL);
 3767 
 3768         memcpy(&rtw_cipher_wep, wep_cipher, sizeof(rtw_cipher_wep));
 3769         rtw_cipher_wep.ic_decap = rtw_wep_decap;
 3770 
 3771         if_initname(ifp, device_get_name(dev), device_get_unit(dev));
 3772 
 3773         switch (RTW_READ(&sc->sc_regs, RTW_TCR) & RTW_TCR_HWVERID_MASK) {
 3774         case RTW_TCR_HWVERID_F:
 3775                 sc->sc_hwverid = 'F';
 3776                 break;
 3777         case RTW_TCR_HWVERID_D:
 3778                 sc->sc_hwverid = 'D';
 3779                 break;
 3780         default:
 3781                 sc->sc_hwverid = '?';
 3782                 break;
 3783         }
 3784 
 3785         sc->sc_irq_res = bus_alloc_resource_any(dev, SYS_RES_IRQ,
 3786                                                 &sc->sc_irq_rid,
 3787                                                 RF_ACTIVE | RF_SHAREABLE);
 3788         if (sc->sc_irq_res == NULL) {
 3789                 device_printf(dev, "could not alloc irq res\n");
 3790                 return ENXIO;
 3791         }
 3792 
 3793         /* Allocate h/w desc blocks */
 3794         rc = rtw_desc_blk_alloc(sc);
 3795         if (rc)
 3796                 goto err;
 3797 
 3798         /* Allocate s/w desc blocks */
 3799         rc = rtw_soft_blk_alloc(sc);
 3800         if (rc)
 3801                 goto err;
 3802 
 3803         /* Reset the chip to a known state. */
 3804         rc = rtw_reset(sc);
 3805         if (rc) {
 3806                 device_printf(dev, "could not reset\n");
 3807                 goto err;
 3808         }
 3809 
 3810         sc->sc_rcr = RTW_READ(&sc->sc_regs, RTW_RCR);
 3811 
 3812         if ((sc->sc_rcr & RTW_RCR_9356SEL) != 0)
 3813                 sc->sc_flags |= RTW_F_9356SROM;
 3814 
 3815         rc = rtw_srom_read(sc);
 3816         if (rc)
 3817                 goto err;
 3818 
 3819         rc = rtw_srom_parse(sc);
 3820         if (rc) {
 3821                 device_printf(dev, "malformed serial ROM\n");
 3822                 goto err;
 3823         }
 3824 
 3825         device_printf(dev, "%s PHY\n",
 3826                       ((sc->sc_flags & RTW_F_DIGPHY) != 0) ? "digital"
 3827                                                            : "analog");
 3828 
 3829         device_printf(dev, "CS threshold %u\n", sc->sc_csthr);
 3830 
 3831         sc->sc_rf = rtw_rf_attach(sc, sc->sc_rfchipid,
 3832                                   sc->sc_flags & RTW_F_DIGPHY);
 3833         if (sc->sc_rf == NULL) {
 3834                 device_printf(dev, "could not attach RF\n");
 3835                 rc = ENXIO;
 3836                 goto err;
 3837         }
 3838 
 3839         sc->sc_phydelay = rtw_check_phydelay(&sc->sc_regs, sc->sc_rcr);
 3840 
 3841         RTW_DPRINTF(RTW_DEBUG_ATTACH,
 3842                     ("%s: PHY delay %d\n", ifp->if_xname, sc->sc_phydelay));
 3843 
 3844         if (sc->sc_locale == RTW_LOCALE_UNKNOWN)
 3845                 rtw_identify_country(sc);
 3846 
 3847         rtw_init_channels(sc);
 3848 
 3849         rc = rtw_identify_sta(sc);
 3850         if (rc)
 3851                 goto err;
 3852 
 3853         ifp->if_softc = sc;
 3854         ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST | IFF_MULTICAST;
 3855         ifp->if_init = rtw_init;
 3856         ifp->if_ioctl = rtw_ioctl;
 3857         ifp->if_start = rtw_start;
 3858         ifp->if_watchdog = rtw_watchdog;
 3859         ifq_set_maxlen(&ifp->if_snd, IFQ_MAXLEN);
 3860 #ifdef notyet
 3861         ifq_set_ready(&ifp->if_snd);
 3862 #endif
 3863 
 3864         ic->ic_phytype = IEEE80211_T_DS;
 3865         ic->ic_opmode = IEEE80211_M_STA;
 3866         ic->ic_caps = IEEE80211_C_PMGT |
 3867                       IEEE80211_C_IBSS |
 3868                       IEEE80211_C_HOSTAP |
 3869                       IEEE80211_C_MONITOR;
 3870         ic->ic_sup_rates[IEEE80211_MODE_11B] = rtw_rates_11b;
 3871 
 3872         /* initialize led callout */
 3873         callout_init(&sc->sc_led_state.ls_fast_ch);
 3874         callout_init(&sc->sc_led_state.ls_slow_ch);
 3875 
 3876         IEEE80211_ONOE_PARAM_SETUP(&sc->sc_onoe_param);
 3877         ic->ic_ratectl.rc_st_ratectl_cap = IEEE80211_RATECTL_CAP_ONOE;
 3878         ic->ic_ratectl.rc_st_ratectl = IEEE80211_RATECTL_ONOE;
 3879         ic->ic_ratectl.rc_st_attach = rtw_ratectl_attach;
 3880 
 3881         /*
 3882          * Call MI attach routines.
 3883          */
 3884         ieee80211_ifattach(&sc->sc_ic);
 3885 
 3886         /* Override some ieee80211 methods */
 3887         rtw_set80211methods(&sc->sc_mtbl, &sc->sc_ic);
 3888 
 3889         /*
 3890          * possibly we should fill in our own sc_send_prresp, since
 3891          * the RTL8180 is probably sending probe responses in ad hoc
 3892          * mode.
 3893          */
 3894 
 3895         /* complete initialization */
 3896         ieee80211_media_init(&sc->sc_ic, rtw_media_change, rtw_media_status);
 3897         callout_init(&sc->sc_scan_ch);
 3898 
 3899         rtw_init_radiotap(sc);
 3900 
 3901         bpfattach_dlt(ifp, DLT_IEEE802_11_RADIO,
 3902                       sizeof(struct ieee80211_frame) + 64, &sc->sc_radiobpf);
 3903 
 3904         ifq_set_cpuid(&ifp->if_snd, rman_get_cpuid(sc->sc_irq_res));
 3905 
 3906         rc = bus_setup_intr(dev, sc->sc_irq_res, INTR_MPSAFE, rtw_intr, sc,
 3907                             &sc->sc_irq_handle, ifp->if_serializer);
 3908         if (rc) {
 3909                 device_printf(dev, "can't set up interrupt\n");
 3910                 bpfdetach(ifp);
 3911                 ieee80211_ifdetach(ic);
 3912                 goto err;
 3913         }
 3914 
 3915         device_printf(dev, "hardware version %c\n", sc->sc_hwverid);
 3916         if (bootverbose)
 3917                 ieee80211_announce(ic);
 3918         return 0;
 3919 err:
 3920         rtw_detach(dev);
 3921         return rc;
 3922 }
 3923 
 3924 int
 3925 rtw_detach(device_t dev)
 3926 {
 3927         struct rtw_softc *sc = device_get_softc(dev);
 3928         struct ifnet *ifp = &sc->sc_ic.ic_if;
 3929 
 3930         if (device_is_attached(dev)) {
 3931                 lwkt_serialize_enter(ifp->if_serializer);
 3932 
 3933                 rtw_stop(sc, 1);
 3934                 sc->sc_flags |= RTW_F_INVALID;
 3935 
 3936                 callout_stop(&sc->sc_scan_ch);
 3937                 bus_teardown_intr(dev, sc->sc_irq_res, sc->sc_irq_handle);
 3938 
 3939                 lwkt_serialize_exit(ifp->if_serializer);
 3940 
 3941                 ieee80211_ifdetach(&sc->sc_ic);
 3942         }
 3943 
 3944         if (sc->sc_rf != NULL)
 3945                 rtw_rf_destroy(sc->sc_rf);
 3946 
 3947         if (sc->sc_srom.sr_content != NULL)
 3948                 kfree(sc->sc_srom.sr_content, M_DEVBUF);
 3949 
 3950         if (sc->sc_irq_res != NULL) {
 3951                 bus_release_resource(dev, SYS_RES_IRQ, sc->sc_irq_rid,
 3952                                      sc->sc_irq_res);
 3953         }
 3954 
 3955         rtw_soft_blk_free(sc);
 3956         rtw_desc_blk_free(sc);
 3957         return 0;
 3958 }
 3959 
 3960 static void
 3961 rtw_desc_dma_addr(void *arg, bus_dma_segment_t *seg, int nseg, int error)
 3962 {
 3963         if (error)
 3964                 return;
 3965 
 3966         KASSERT(nseg == 1, ("too many desc segments"));
 3967         *((uint32_t *)arg) = seg->ds_addr;      /* XXX bus_addr_t */
 3968 }
 3969 
 3970 static int
 3971 rtw_dma_alloc(struct rtw_softc *sc, bus_dma_tag_t *dmat, int len,
 3972               void **desc, uint32_t *phyaddr, bus_dmamap_t *dmamap)
 3973 {
 3974         int error;
 3975 
 3976         error = bus_dma_tag_create(NULL, RTW_DESC_ALIGNMENT, 0,
 3977                                    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR,
 3978                                    NULL, NULL, len, 1, len, 0, dmat);
 3979         if (error) {
 3980                 if_printf(&sc->sc_ic.ic_if, "could not alloc desc DMA tag");
 3981                 return error;
 3982         }
 3983 
 3984         error = bus_dmamem_alloc(*dmat, desc, BUS_DMA_WAITOK | BUS_DMA_ZERO,
 3985                                  dmamap);
 3986         if (error) {
 3987                 if_printf(&sc->sc_ic.ic_if, "could not alloc desc DMA mem");
 3988                 return error;
 3989         }
 3990 
 3991         error = bus_dmamap_load(*dmat, *dmamap, *desc, len,
 3992                                 rtw_desc_dma_addr, phyaddr, BUS_DMA_WAITOK);
 3993         if (error) {
 3994                 if_printf(&sc->sc_ic.ic_if, "could not load desc DMA mem");
 3995                 bus_dmamem_free(*dmat, *desc, *dmamap);
 3996                 *desc = NULL;
 3997                 return error;
 3998         }
 3999         return 0;
 4000 }
 4001 
 4002 static void
 4003 rtw_dma_free(struct rtw_softc *sc __unused, bus_dma_tag_t *dmat, void **desc,
 4004              bus_dmamap_t *dmamap)
 4005 {
 4006         if (*desc != NULL) {
 4007                 bus_dmamap_unload(*dmat, *dmamap);
 4008                 bus_dmamem_free(*dmat, *desc, *dmamap);
 4009                 *desc = NULL;
 4010         }
 4011 
 4012         if (*dmat != NULL) {
 4013                 bus_dma_tag_destroy(*dmat);
 4014                 *dmat = NULL;
 4015         }
 4016 }
 4017 
 4018 static void
 4019 rtw_txdesc_blk_free(struct rtw_softc *sc, int q_no)
 4020 {
 4021         struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[q_no];
 4022 
 4023         rtw_dma_free(sc, &tdb->tdb_dmat, (void **)&tdb->tdb_desc,
 4024                      &tdb->tdb_dmamap);
 4025 }
 4026 
 4027 static int
 4028 rtw_txdesc_blk_alloc(struct rtw_softc *sc, int q_len, int q_no,
 4029                      bus_size_t q_basereg)
 4030 {
 4031         struct rtw_txdesc_blk *tdb = &sc->sc_txdesc_blk[q_no];
 4032         int i, error;
 4033 
 4034         /*
 4035          * Setup TX h/w desc
 4036          */
 4037         error = rtw_dma_alloc(sc, &tdb->tdb_dmat,
 4038                               q_len * sizeof(*tdb->tdb_desc),
 4039                               (void **)&tdb->tdb_desc, &tdb->tdb_base,
 4040                               &tdb->tdb_dmamap);
 4041         if (error) {
 4042                 kprintf("%dth tx\n", q_no);
 4043                 return error;
 4044         }
 4045         tdb->tdb_basereg = q_basereg;
 4046 
 4047         tdb->tdb_ndesc = q_len;
 4048         for (i = 0; i < tdb->tdb_ndesc; ++i)
 4049                 tdb->tdb_desc[i].td_next = htole32(RTW_NEXT_DESC(tdb, i));
 4050 
 4051         return 0;
 4052 }
 4053 
 4054 static void
 4055 rtw_rxdesc_blk_free(struct rtw_softc *sc)
 4056 {
 4057         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 4058 
 4059         rtw_dma_free(sc, &rdb->rdb_dmat, (void **)&rdb->rdb_desc,
 4060                      &rdb->rdb_dmamap);
 4061 }
 4062 
 4063 static int
 4064 rtw_rxdesc_blk_alloc(struct rtw_softc *sc, int q_len)
 4065 {
 4066         struct rtw_rxdesc_blk *rdb = &sc->sc_rxdesc_blk;
 4067         int error;
 4068 
 4069         /*
 4070          * Setup RX h/w desc
 4071          */
 4072         error = rtw_dma_alloc(sc, &rdb->rdb_dmat,
 4073                               q_len * sizeof(*rdb->rdb_desc),
 4074                               (void **)&rdb->rdb_desc, &rdb->rdb_base,
 4075                               &rdb->rdb_dmamap);
 4076         if (error) {
 4077                 kprintf("rx\n");
 4078         } else {
 4079                 rdb->rdb_ndesc = q_len;
 4080         }
 4081 
 4082         return error;
 4083 }
 4084 
 4085 static void
 4086 rtw_txsoft_blk_free(struct rtw_softc *sc, int n_sd, int q_no)
 4087 {
 4088         struct rtw_txsoft_blk *tsb = &sc->sc_txsoft_blk[q_no];
 4089 
 4090         if (tsb->tsb_desc != NULL) {
 4091                 int i;
 4092 
 4093                 for (i = 0; i < n_sd; ++i) {
 4094                         bus_dmamap_destroy(sc->sc_txsoft_dmat,
 4095                                            tsb->tsb_desc[i].ts_dmamap);
 4096                 }
 4097                 kfree(tsb->tsb_desc, M_DEVBUF);
 4098                 tsb->tsb_desc = NULL;
 4099         }
 4100 }
 4101 
 4102 static int
 4103 rtw_txsoft_blk_alloc(struct rtw_softc *sc, int q_len, int q_no, uint8_t q_poll)
 4104 {
 4105         struct rtw_txsoft_blk *tsb = &sc->sc_txsoft_blk[q_no];
 4106         int i, error;
 4107 
 4108         STAILQ_INIT(&tsb->tsb_dirtyq);
 4109         STAILQ_INIT(&tsb->tsb_freeq);
 4110         tsb->tsb_ndesc = q_len;
 4111         tsb->tsb_desc = kmalloc(q_len * sizeof(*tsb->tsb_desc), M_DEVBUF,
 4112                                M_WAITOK | M_ZERO);
 4113         tsb->tsb_poll = q_poll;
 4114 
 4115         for (i = 0; i < tsb->tsb_ndesc; ++i) {
 4116                 error = bus_dmamap_create(sc->sc_txsoft_dmat, 0,
 4117                                           &tsb->tsb_desc[i].ts_dmamap);
 4118                 if (error) {
 4119                         if_printf(&sc->sc_ic.ic_if, "could not create DMA map "
 4120                                   "for soft tx desc\n");
 4121                         rtw_txsoft_blk_free(sc, i, q_no);
 4122                         return error;
 4123                 }
 4124         }
 4125         return 0;
 4126 }
 4127 
 4128 static void
 4129 rtw_rxsoft_blk_free(struct rtw_softc *sc, int n_sd)
 4130 {
 4131         if (sc->sc_rxsoft_free) {
 4132                 int i;
 4133 
 4134                 for (i = 0; i < n_sd; ++i) {
 4135                         bus_dmamap_destroy(sc->sc_rxsoft_dmat,
 4136                                            sc->sc_rxsoft[i].rs_dmamap);
 4137                 }
 4138                 sc->sc_rxsoft_free = 0;
 4139         }
 4140 }
 4141 
 4142 static int
 4143 rtw_rxsoft_blk_alloc(struct rtw_softc *sc, int q_len)
 4144 {
 4145         int i, error;
 4146 
 4147         sc->sc_rxsoft_free = 1;
 4148 
 4149         /*
 4150          * Setup RX s/w desc
 4151          */
 4152         for (i = 0; i < q_len; ++i) {
 4153                 error = bus_dmamap_create(sc->sc_rxsoft_dmat, 0,
 4154                                           &sc->sc_rxsoft[i].rs_dmamap);
 4155                 if (error) {
 4156                         if_printf(&sc->sc_ic.ic_if, "could not create DMA map "
 4157                                   "for soft rx desc\n");
 4158                         rtw_rxsoft_blk_free(sc, i);
 4159                         return error;
 4160                 }
 4161         }
 4162         return 0;
 4163 }
 4164 
 4165 #define TXQ_PARAM(q, poll, breg)                        \
 4166         [RTW_TXPRI ## q] = {                            \
 4167                 .txq_len        = RTW_TXQLEN ## q,      \
 4168                 .txq_poll       = poll,                 \
 4169                 .txq_basereg    = breg                  \
 4170         }
 4171 static const struct {
 4172         int             txq_len;
 4173         uint8_t         txq_poll;
 4174         bus_size_t      txq_basereg;
 4175 } txq_params[RTW_NTXPRI] = {
 4176         TXQ_PARAM(LO, RTW_TPPOLL_LPQ | RTW_TPPOLL_SLPQ, RTW_TLPDA),
 4177         TXQ_PARAM(MD, RTW_TPPOLL_NPQ | RTW_TPPOLL_SNPQ, RTW_TNPDA),
 4178         TXQ_PARAM(HI, RTW_TPPOLL_HPQ | RTW_TPPOLL_SHPQ, RTW_THPDA),
 4179         TXQ_PARAM(BCN, RTW_TPPOLL_BQ | RTW_TPPOLL_SBQ, RTW_TBDA)
 4180 };
 4181 #undef TXQ_PARAM
 4182 
 4183 static int
 4184 rtw_desc_blk_alloc(struct rtw_softc *sc)
 4185 {
 4186         int i, error;
 4187 
 4188         /* Create h/w TX desc */
 4189         for (i = 0; i < RTW_NTXPRI; ++i) {
 4190                 error = rtw_txdesc_blk_alloc(sc, txq_params[i].txq_len, i,
 4191                                              txq_params[i].txq_basereg);
 4192                 if (error)
 4193                         return error;
 4194         }
 4195 
 4196         /* Create h/w RX desc */
 4197         return rtw_rxdesc_blk_alloc(sc, RTW_RXQLEN);
 4198 }
 4199 
 4200 static void
 4201 rtw_desc_blk_free(struct rtw_softc *sc)
 4202 {
 4203         int i;
 4204 
 4205         for (i = 0; i < RTW_NTXPRI; ++i)
 4206                 rtw_txdesc_blk_free(sc, i);
 4207         rtw_rxdesc_blk_free(sc);
 4208 }
 4209 
 4210 static int
 4211 rtw_soft_blk_alloc(struct rtw_softc *sc)
 4212 {
 4213         int i, error;
 4214 
 4215         /* Create DMA tag for TX mbuf */
 4216         error = bus_dma_tag_create(NULL, 1, 0,
 4217                                    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR,
 4218                                    NULL, NULL,
 4219                                    MCLBYTES, RTW_MAXPKTSEGS, MCLBYTES,
 4220                                    0, &sc->sc_txsoft_dmat);
 4221         if (error) {
 4222                 if_printf(&sc->sc_ic.ic_if, "could not alloc txsoft DMA tag\n");
 4223                 return error;
 4224         }
 4225 
 4226         /* Create DMA tag for RX mbuf */
 4227         error = bus_dma_tag_create(NULL, 1, 0,
 4228                                    BUS_SPACE_MAXADDR_32BIT, BUS_SPACE_MAXADDR,
 4229                                    NULL, NULL,
 4230                                    MCLBYTES, 1, MCLBYTES,
 4231                                    0, &sc->sc_rxsoft_dmat);
 4232         if (error) {
 4233                 if_printf(&sc->sc_ic.ic_if, "could not alloc rxsoft DMA tag\n");
 4234                 return error;
 4235         }
 4236 
 4237         /* Create a spare DMA map for RX mbuf */
 4238         error = bus_dmamap_create(sc->sc_rxsoft_dmat, 0, &sc->sc_rxsoft_dmamap);
 4239         if (error) {
 4240                 if_printf(&sc->sc_ic.ic_if, "could not alloc spare rxsoft "
 4241                           "DMA map\n");
 4242                 bus_dma_tag_destroy(sc->sc_rxsoft_dmat);
 4243                 sc->sc_rxsoft_dmat = NULL;
 4244                 return error;
 4245         }
 4246 
 4247         /* Create s/w TX desc */
 4248         for (i = 0; i < RTW_NTXPRI; ++i) {
 4249                 error = rtw_txsoft_blk_alloc(sc, txq_params[i].txq_len, i,
 4250                                              txq_params[i].txq_poll);
 4251                 if (error)
 4252                         return error;
 4253         }
 4254 
 4255         /* Create s/w RX desc */
 4256         return rtw_rxsoft_blk_alloc(sc, RTW_RXQLEN);
 4257 }
 4258 
 4259 static void
 4260 rtw_soft_blk_free(struct rtw_softc *sc)
 4261 {
 4262         int i;
 4263 
 4264         for (i = 0; i < RTW_NTXPRI; ++i)
 4265                 rtw_txsoft_blk_free(sc, txq_params[i].txq_len, i);
 4266 
 4267         rtw_rxsoft_blk_free(sc, RTW_RXQLEN);
 4268 
 4269         if (sc->sc_txsoft_dmat != NULL) {
 4270                 bus_dma_tag_destroy(sc->sc_txsoft_dmat);
 4271                 sc->sc_txsoft_dmat = NULL;
 4272         }
 4273 
 4274         if (sc->sc_rxsoft_dmat != NULL) {
 4275                 bus_dmamap_destroy(sc->sc_rxsoft_dmat, sc->sc_rxsoft_dmamap);
 4276                 bus_dma_tag_destroy(sc->sc_rxsoft_dmat);
 4277                 sc->sc_rxsoft_dmat = NULL;
 4278         }
 4279 }
 4280 
 4281 /*
 4282  * Arguments in:
 4283  *
 4284  * paylen:  payload length (no FCS, no WEP header)
 4285  *
 4286  * hdrlen:  header length
 4287  *
 4288  * rate:    MSDU speed, units 500kb/s
 4289  *
 4290  * flags:   IEEE80211_F_SHPREAMBLE (use short preamble),
 4291  *          IEEE80211_F_SHSLOT (use short slot length)
 4292  *
 4293  * Arguments out:
 4294  *
 4295  * d:       802.11 Duration field for RTS,
 4296  *          802.11 Duration field for data frame,
 4297  *          PLCP Length for data frame,
 4298  *          residual octets at end of data slot
 4299  */
 4300 static int
 4301 rtw_compute_duration1(int len, int use_ack, uint32_t icflags, int rate,
 4302                       struct rtw_duration *d)
 4303 {
 4304         int pre, ctsrate;
 4305         int ack, bitlen, data_dur, remainder;
 4306 
 4307         /*
 4308          * RTS reserves medium for SIFS | CTS | SIFS | (DATA) | SIFS | ACK
 4309          * DATA reserves medium for SIFS | ACK
 4310          *
 4311          * XXXMYC: no ACK on multicast/broadcast or control packets
 4312          */
 4313 
 4314         bitlen = len * 8;
 4315 
 4316         pre = IEEE80211_DUR_DS_SIFS;
 4317         if (icflags & IEEE80211_F_SHPREAMBLE) {
 4318                 pre += IEEE80211_DUR_DS_SHORT_PREAMBLE +
 4319                        IEEE80211_DUR_DS_FAST_PLCPHDR;
 4320         } else {
 4321                 pre += IEEE80211_DUR_DS_LONG_PREAMBLE +
 4322                        IEEE80211_DUR_DS_SLOW_PLCPHDR;
 4323         }
 4324 
 4325         d->d_residue = 0;
 4326         data_dur = (bitlen * 2) / rate;
 4327         remainder = (bitlen * 2) % rate;
 4328         if (remainder != 0) {
 4329                 d->d_residue = (rate - remainder) / 16;
 4330                 data_dur++;
 4331         }
 4332 
 4333         switch (rate) {
 4334         case 2:         /* 1 Mb/s */
 4335         case 4:         /* 2 Mb/s */
 4336                 /* 1 - 2 Mb/s WLAN: send ACK/CTS at 1 Mb/s */
 4337                 ctsrate = 2;
 4338                 break;
 4339         case 11:        /* 5.5 Mb/s */
 4340         case 22:        /* 11  Mb/s */
 4341         case 44:        /* 22  Mb/s */
 4342                 /* 5.5 - 11 Mb/s WLAN: send ACK/CTS at 2 Mb/s */
 4343                 ctsrate = 4;
 4344                 break;
 4345         default:
 4346                 /* TBD */
 4347                 return -1;
 4348         }
 4349 
 4350         d->d_plcp_len = data_dur;
 4351 
 4352         ack = (use_ack) ? pre + (IEEE80211_DUR_DS_SLOW_ACK * 2) / ctsrate : 0;
 4353 
 4354         d->d_rts_dur = pre + (IEEE80211_DUR_DS_SLOW_CTS * 2) / ctsrate +
 4355                        pre + data_dur +
 4356                        ack;
 4357 
 4358         d->d_data_dur = ack;
 4359         return 0;
 4360 }
 4361 
 4362 /*
 4363  * Arguments in:
 4364  *
 4365  * wh:      802.11 header
 4366  *
 4367  * paylen:  payload length (no FCS, no WEP header)
 4368  *
 4369  * rate:    MSDU speed, units 500kb/s
 4370  *
 4371  * fraglen: fragment length, set to maximum (or higher) for no
 4372  *          fragmentation
 4373  *
 4374  * flags:   IEEE80211_F_PRIVACY (hardware adds WEP),
 4375  *          IEEE80211_F_SHPREAMBLE (use short preamble),
 4376  *          IEEE80211_F_SHSLOT (use short slot length)
 4377  *
 4378  * Arguments out:
 4379  *
 4380  * d0: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields
 4381  *     of first/only fragment
 4382  *
 4383  * dn: 802.11 Duration fields (RTS/Data), PLCP Length, Service fields
 4384  *     of last fragment
 4385  *
 4386  * rtw_compute_duration assumes crypto-encapsulation, if any,
 4387  * has already taken place.
 4388  */
 4389 static int
 4390 rtw_compute_duration(const struct ieee80211_frame_min *wh,
 4391                      const struct ieee80211_key *wk, int len,
 4392                      uint32_t icflags, int fraglen, int rate,
 4393                      struct rtw_duration *d0, struct rtw_duration *dn,
 4394                      int *npktp, int debug)
 4395 {
 4396         int ack, rc;
 4397         int cryptolen,  /* crypto overhead: header+trailer */
 4398             firstlen,   /* first fragment's payload + overhead length */
 4399             hdrlen,     /* header length w/o driver padding */
 4400             lastlen,    /* last fragment's payload length w/ overhead */
 4401             lastlen0,   /* last fragment's payload length w/o overhead */
 4402             npkt,       /* number of fragments */
 4403             overlen,    /* non-802.11 header overhead per fragment */
 4404             paylen;     /* payload length w/o overhead */
 4405 
 4406         hdrlen = ieee80211_anyhdrsize((const void *)wh);
 4407 
 4408         /* Account for padding required by the driver. */
 4409         if (icflags & IEEE80211_F_DATAPAD)
 4410                 paylen = len - roundup(hdrlen, sizeof(u_int32_t));
 4411         else
 4412                 paylen = len - hdrlen;
 4413 
 4414         overlen = IEEE80211_CRC_LEN;
 4415 
 4416         if (wk != NULL) {
 4417                 cryptolen = wk->wk_cipher->ic_header +
 4418                             wk->wk_cipher->ic_trailer;
 4419                 paylen -= cryptolen;
 4420                 overlen += cryptolen;
 4421         }
 4422 
 4423         npkt = paylen / fraglen;
 4424         lastlen0 = paylen % fraglen;
 4425 
 4426         if (npkt == 0) {                /* no fragments */
 4427                 lastlen = paylen + overlen;
 4428         } else if (lastlen0 != 0) {     /* a short "tail" fragment */
 4429                 lastlen = lastlen0 + overlen;
 4430                 npkt++;
 4431         } else {                        /* full-length "tail" fragment */
 4432                 lastlen = fraglen + overlen;
 4433         }
 4434 
 4435         if (npktp != NULL)
 4436                 *npktp = npkt;
 4437 
 4438         if (npkt > 1)
 4439                 firstlen = fraglen + overlen;
 4440         else
 4441                 firstlen = paylen + overlen;
 4442 
 4443         if (debug) {
 4444                 kprintf("%s: npkt %d firstlen %d lastlen0 %d lastlen %d "
 4445                     "fraglen %d overlen %d len %d rate %d icflags %08x\n",
 4446                     __func__, npkt, firstlen, lastlen0, lastlen, fraglen,
 4447                     overlen, len, rate, icflags);
 4448         }
 4449 
 4450         ack = (!IEEE80211_IS_MULTICAST(wh->i_addr1) &&
 4451                (wh->i_fc[1] & IEEE80211_FC0_TYPE_MASK) !=
 4452                IEEE80211_FC0_TYPE_CTL);
 4453 
 4454         rc = rtw_compute_duration1(firstlen + hdrlen, ack, icflags, rate, d0);
 4455         if (rc == -1)
 4456                 return rc;
 4457 
 4458         if (npkt <= 1) {
 4459                 *dn = *d0;
 4460                 return 0;
 4461         }
 4462         return rtw_compute_duration1(lastlen + hdrlen, ack, icflags, rate, dn);
 4463 }
 4464 
 4465 static int
 4466 rtw_get_rssi(struct rtw_softc *sc, uint8_t raw, uint8_t sq)
 4467 {
 4468         int rssi;
 4469 
 4470         rssi = sc->sc_getrssi(raw, sq);
 4471 
 4472         if (rssi == 0)
 4473                 rssi = 1;
 4474         else if (rssi > 100)
 4475                 rssi = 100;
 4476 
 4477         if (rssi > (RTW_NOISE_FLOOR + RTW_RSSI_CORR))
 4478                 rssi -= (RTW_NOISE_FLOOR + RTW_RSSI_CORR);
 4479         else
 4480                 rssi = 0;
 4481 
 4482         return rssi;
 4483 }
 4484 
 4485 static int
 4486 rtw_maxim_getrssi(uint8_t raw, uint8_t sq __unused)
 4487 {
 4488         int rssi = raw;
 4489 
 4490         rssi &= 0x7e;
 4491         rssi >>= 1;
 4492         rssi += 0x42;
 4493         if (raw & 0x1)
 4494                 rssi += 0xa;
 4495         rssi &= 0xff;
 4496 
 4497         return rssi;
 4498 }
 4499 
 4500 static int
 4501 rtw_gct_getrssi(uint8_t raw, uint8_t sq __unused)
 4502 {
 4503         int rssi = raw;
 4504 
 4505         rssi &= 0x7e;
 4506         if ((raw & 0x1) == 0 || rssi > 0x3c)
 4507                 rssi = 100;
 4508         else
 4509                 rssi = (100 * rssi) / 0x3c;
 4510         rssi &= 0xff;
 4511 
 4512         return rssi;
 4513 }
 4514 
 4515 static int
 4516 rtw_philips_getrssi(uint8_t raw, uint8_t sq)
 4517 {
 4518         static const uint8_t sq_rssi_map[SA2400_SQ_RSSI_MAP_MAX] =
 4519         { SA2400_SQ_RSSI_MAP };
 4520 
 4521         if (sq < SA2400_SQ_RSSI_MAP_MAX - 1)    /* NB: -1 is intended */
 4522                 return sq_rssi_map[sq];
 4523 
 4524         if (sq == 0x80)
 4525                 return 1;
 4526         else
 4527                 return 0x32;
 4528 }
 4529 
 4530 static void *
 4531 rtw_ratectl_attach(struct ieee80211com *ic, u_int rc)
 4532 {
 4533         struct rtw_softc *sc = ic->ic_if.if_softc;
 4534 
 4535         switch (rc) {
 4536         case IEEE80211_RATECTL_ONOE:
 4537                 return &sc->sc_onoe_param;
 4538         case IEEE80211_RATECTL_NONE:
 4539                 /* This could only happen during detaching */
 4540                 return NULL;
 4541         default:
 4542                 panic("unknown rate control algo %u", rc);
 4543                 return NULL;
 4544         }
 4545 }

Cache object: 01ae661a78ed6b0f5fbffe3423aaeaec


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.