The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/dev/otus/if_otus.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $OpenBSD: if_otus.c,v 1.49 2015/11/24 13:33:18 mpi Exp $        */
    2 
    3 /*-
    4  * Copyright (c) 2009 Damien Bergamini <damien.bergamini@free.fr>
    5  * Copyright (c) 2015 Adrian Chadd <adrian@FreeBSD.org>
    6  *
    7  * Permission to use, copy, modify, and distribute this software for any
    8  * purpose with or without fee is hereby granted, provided that the above
    9  * copyright notice and this permission notice appear in all copies.
   10  *
   11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
   12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
   13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
   14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   18  */
   19 
   20 /*
   21  * Driver for Atheros AR9001U chipset.
   22  */
   23 
   24 #include <sys/cdefs.h>
   25 __FBSDID("$FreeBSD$");
   26 
   27 #include "opt_wlan.h"
   28 
   29 #include <sys/param.h>
   30 #include <sys/endian.h>
   31 #include <sys/sockio.h>
   32 #include <sys/mbuf.h>
   33 #include <sys/kernel.h>
   34 #include <sys/malloc.h>
   35 #include <sys/socket.h>
   36 #include <sys/systm.h>
   37 #include <sys/conf.h>
   38 #include <sys/bus.h>
   39 #include <sys/rman.h>
   40 #include <sys/firmware.h>
   41 #include <sys/module.h>
   42 #include <sys/taskqueue.h>
   43 
   44 #include <machine/bus.h>
   45 #include <machine/resource.h>
   46 
   47 #include <net/bpf.h>
   48 #include <net/if.h>
   49 #include <net/if_var.h>
   50 #include <net/if_arp.h>
   51 #include <net/if_dl.h>
   52 #include <net/if_media.h>
   53 
   54 #include <netinet/in.h>
   55 #include <netinet/in_systm.h>
   56 #include <netinet/in_var.h>
   57 #include <netinet/if_ether.h>
   58 #include <netinet/ip.h>
   59 
   60 #include <net80211/ieee80211_var.h>
   61 #include <net80211/ieee80211_regdomain.h>
   62 #include <net80211/ieee80211_radiotap.h>
   63 #include <net80211/ieee80211_ratectl.h>
   64 #ifdef  IEEE80211_SUPPORT_SUPERG
   65 #include <net80211/ieee80211_superg.h>
   66 #endif
   67 
   68 #include <dev/usb/usb.h>
   69 #include <dev/usb/usbdi.h>
   70 #include "usbdevs.h"
   71 
   72 #define USB_DEBUG_VAR otus_debug
   73 #include <dev/usb/usb_debug.h>
   74 
   75 #include "if_otusreg.h"
   76 
   77 static int otus_debug = 0;
   78 static SYSCTL_NODE(_hw_usb, OID_AUTO, otus, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
   79     "USB otus");
   80 SYSCTL_INT(_hw_usb_otus, OID_AUTO, debug, CTLFLAG_RWTUN, &otus_debug, 0,
   81     "Debug level");
   82 #define OTUS_DEBUG_XMIT         0x00000001
   83 #define OTUS_DEBUG_RECV         0x00000002
   84 #define OTUS_DEBUG_TXDONE       0x00000004
   85 #define OTUS_DEBUG_RXDONE       0x00000008
   86 #define OTUS_DEBUG_CMD          0x00000010
   87 #define OTUS_DEBUG_CMDDONE      0x00000020
   88 #define OTUS_DEBUG_RESET        0x00000040
   89 #define OTUS_DEBUG_STATE        0x00000080
   90 #define OTUS_DEBUG_CMDNOTIFY    0x00000100
   91 #define OTUS_DEBUG_REGIO        0x00000200
   92 #define OTUS_DEBUG_IRQ          0x00000400
   93 #define OTUS_DEBUG_TXCOMP       0x00000800
   94 #define OTUS_DEBUG_RX_BUFFER    0x00001000
   95 #define OTUS_DEBUG_ANY          0xffffffff
   96 
   97 #define OTUS_DPRINTF(sc, dm, ...) \
   98         do { \
   99                 if ((dm == OTUS_DEBUG_ANY) || (dm & otus_debug)) \
  100                         device_printf(sc->sc_dev, __VA_ARGS__); \
  101         } while (0)
  102 #define OTUS_DEV(v, p) { USB_VPI(v, p, 0) }
  103 static const STRUCT_USB_HOST_ID otus_devs[] = {
  104         OTUS_DEV(USB_VENDOR_ACCTON,             USB_PRODUCT_ACCTON_WN7512),
  105         OTUS_DEV(USB_VENDOR_ATHEROS2,           USB_PRODUCT_ATHEROS2_3CRUSBN275),
  106         OTUS_DEV(USB_VENDOR_ATHEROS2,           USB_PRODUCT_ATHEROS2_TG121N),
  107         OTUS_DEV(USB_VENDOR_ATHEROS2,           USB_PRODUCT_ATHEROS2_AR9170),
  108         OTUS_DEV(USB_VENDOR_ATHEROS2,           USB_PRODUCT_ATHEROS2_WN612),
  109         OTUS_DEV(USB_VENDOR_ATHEROS2,           USB_PRODUCT_ATHEROS2_WN821NV2),
  110         OTUS_DEV(USB_VENDOR_AVM,                USB_PRODUCT_AVM_FRITZWLAN),
  111         OTUS_DEV(USB_VENDOR_CACE,               USB_PRODUCT_CACE_AIRPCAPNX),
  112         OTUS_DEV(USB_VENDOR_DLINK2,             USB_PRODUCT_DLINK2_DWA130D1),
  113         OTUS_DEV(USB_VENDOR_DLINK2,             USB_PRODUCT_DLINK2_DWA160A1),
  114         OTUS_DEV(USB_VENDOR_DLINK2,             USB_PRODUCT_DLINK2_DWA160A2),
  115         OTUS_DEV(USB_VENDOR_IODATA,             USB_PRODUCT_IODATA_WNGDNUS2),
  116         OTUS_DEV(USB_VENDOR_NEC,                USB_PRODUCT_NEC_WL300NUG),
  117         OTUS_DEV(USB_VENDOR_NETGEAR,            USB_PRODUCT_NETGEAR_WN111V2),
  118         OTUS_DEV(USB_VENDOR_NETGEAR,            USB_PRODUCT_NETGEAR_WNA1000),
  119         OTUS_DEV(USB_VENDOR_NETGEAR,            USB_PRODUCT_NETGEAR_WNDA3100),
  120         OTUS_DEV(USB_VENDOR_PLANEX2,            USB_PRODUCT_PLANEX2_GW_US300),
  121         OTUS_DEV(USB_VENDOR_WISTRONNEWEB,       USB_PRODUCT_WISTRONNEWEB_O8494),
  122         OTUS_DEV(USB_VENDOR_WISTRONNEWEB,       USB_PRODUCT_WISTRONNEWEB_WNC0600),
  123         OTUS_DEV(USB_VENDOR_ZCOM,               USB_PRODUCT_ZCOM_UB81),
  124         OTUS_DEV(USB_VENDOR_ZCOM,               USB_PRODUCT_ZCOM_UB82),
  125         OTUS_DEV(USB_VENDOR_ZYDAS,              USB_PRODUCT_ZYDAS_ZD1221),
  126         OTUS_DEV(USB_VENDOR_ZYXEL,              USB_PRODUCT_ZYXEL_NWD271N),
  127 };
  128 
  129 static device_probe_t otus_match;
  130 static device_attach_t otus_attach;
  131 static device_detach_t otus_detach;
  132 
  133 static int      otus_attachhook(struct otus_softc *);
  134 static void     otus_getradiocaps(struct ieee80211com *, int, int *,
  135                     struct ieee80211_channel[]);
  136 int             otus_load_firmware(struct otus_softc *, const char *,
  137                     uint32_t);
  138 int             otus_open_pipes(struct otus_softc *);
  139 void            otus_close_pipes(struct otus_softc *);
  140 
  141 static int      otus_alloc_tx_cmd_list(struct otus_softc *);
  142 static void     otus_free_tx_cmd_list(struct otus_softc *);
  143 
  144 static int      otus_alloc_rx_list(struct otus_softc *);
  145 static void     otus_free_rx_list(struct otus_softc *);
  146 static int      otus_alloc_tx_list(struct otus_softc *);
  147 static void     otus_free_tx_list(struct otus_softc *);
  148 static void     otus_free_list(struct otus_softc *, struct otus_data [], int);
  149 static struct otus_data *_otus_getbuf(struct otus_softc *);
  150 static struct otus_data *otus_getbuf(struct otus_softc *);
  151 static void     otus_freebuf(struct otus_softc *, struct otus_data *);
  152 
  153 static struct otus_tx_cmd *_otus_get_txcmd(struct otus_softc *);
  154 static struct otus_tx_cmd *otus_get_txcmd(struct otus_softc *);
  155 static void     otus_free_txcmd(struct otus_softc *, struct otus_tx_cmd *);
  156 
  157 void            otus_next_scan(void *, int);
  158 static void     otus_tx_task(void *, int pending);
  159 void            otus_do_async(struct otus_softc *,
  160                     void (*)(struct otus_softc *, void *), void *, int);
  161 int             otus_newstate(struct ieee80211vap *, enum ieee80211_state,
  162                     int);
  163 int             otus_cmd(struct otus_softc *, uint8_t, const void *, int,
  164                     void *, int);
  165 void            otus_write(struct otus_softc *, uint32_t, uint32_t);
  166 int             otus_write_barrier(struct otus_softc *);
  167 static struct   ieee80211_node *otus_node_alloc(struct ieee80211vap *vap,
  168                     const uint8_t mac[IEEE80211_ADDR_LEN]);
  169 int             otus_read_eeprom(struct otus_softc *);
  170 void            otus_newassoc(struct ieee80211_node *, int);
  171 void            otus_cmd_rxeof(struct otus_softc *, uint8_t *, int);
  172 void            otus_sub_rxeof(struct otus_softc *, uint8_t *, int,
  173                     struct mbufq *);
  174 static int      otus_tx(struct otus_softc *, struct ieee80211_node *,
  175                     struct mbuf *, struct otus_data *,
  176                     const struct ieee80211_bpf_params *);
  177 int             otus_ioctl(struct ifnet *, u_long, caddr_t);
  178 int             otus_set_multi(struct otus_softc *);
  179 static int      otus_updateedca(struct ieee80211com *);
  180 static void     otus_updateedca_locked(struct otus_softc *);
  181 static void     otus_updateslot(struct otus_softc *);
  182 static void     otus_set_operating_mode(struct otus_softc *sc);
  183 static void     otus_set_rx_filter(struct otus_softc *sc);
  184 int             otus_init_mac(struct otus_softc *);
  185 uint32_t        otus_phy_get_def(struct otus_softc *, uint32_t);
  186 int             otus_set_board_values(struct otus_softc *,
  187                     struct ieee80211_channel *);
  188 int             otus_program_phy(struct otus_softc *,
  189                     struct ieee80211_channel *);
  190 int             otus_set_rf_bank4(struct otus_softc *,
  191                     struct ieee80211_channel *);
  192 void            otus_get_delta_slope(uint32_t, uint32_t *, uint32_t *);
  193 static int      otus_set_chan(struct otus_softc *, struct ieee80211_channel *,
  194                     int);
  195 int             otus_set_key(struct ieee80211com *, struct ieee80211_node *,
  196                     struct ieee80211_key *);
  197 void            otus_set_key_cb(struct otus_softc *, void *);
  198 void            otus_delete_key(struct ieee80211com *, struct ieee80211_node *,
  199                     struct ieee80211_key *);
  200 void            otus_delete_key_cb(struct otus_softc *, void *);
  201 void            otus_calibrate_to(void *, int);
  202 int             otus_set_bssid(struct otus_softc *, const uint8_t *);
  203 int             otus_set_macaddr(struct otus_softc *, const uint8_t *);
  204 void            otus_led_newstate_type1(struct otus_softc *);
  205 void            otus_led_newstate_type2(struct otus_softc *);
  206 void            otus_led_newstate_type3(struct otus_softc *);
  207 int             otus_init(struct otus_softc *sc);
  208 void            otus_stop(struct otus_softc *sc);
  209 
  210 static device_method_t otus_methods[] = {
  211         DEVMETHOD(device_probe,         otus_match),
  212         DEVMETHOD(device_attach,        otus_attach),
  213         DEVMETHOD(device_detach,        otus_detach),
  214 
  215         DEVMETHOD_END
  216 };
  217 
  218 static driver_t otus_driver = {
  219         .name = "otus",
  220         .methods = otus_methods,
  221         .size = sizeof(struct otus_softc)
  222 };
  223 
  224 static devclass_t otus_devclass;
  225 
  226 DRIVER_MODULE(otus, uhub, otus_driver, otus_devclass, NULL, 0);
  227 MODULE_DEPEND(otus, wlan, 1, 1, 1);
  228 MODULE_DEPEND(otus, usb, 1, 1, 1);
  229 MODULE_DEPEND(otus, firmware, 1, 1, 1);
  230 MODULE_VERSION(otus, 1);
  231 
  232 static usb_callback_t   otus_bulk_tx_callback;
  233 static usb_callback_t   otus_bulk_rx_callback;
  234 static usb_callback_t   otus_bulk_irq_callback;
  235 static usb_callback_t   otus_bulk_cmd_callback;
  236 
  237 static const struct usb_config otus_config[OTUS_N_XFER] = {
  238         [OTUS_BULK_TX] = {
  239         .type = UE_BULK,
  240         .endpoint = UE_ADDR_ANY,
  241         .direction = UE_DIR_OUT,
  242         .bufsize = 0x200,
  243         .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
  244         .callback = otus_bulk_tx_callback,
  245         .timeout = 5000,        /* ms */
  246         },
  247         [OTUS_BULK_RX] = {
  248         .type = UE_BULK,
  249         .endpoint = UE_ADDR_ANY,
  250         .direction = UE_DIR_IN,
  251         .bufsize = OTUS_RXBUFSZ,
  252         .flags = { .ext_buffer = 1, .pipe_bof = 1,.short_xfer_ok = 1,},
  253         .callback = otus_bulk_rx_callback,
  254         },
  255         [OTUS_BULK_IRQ] = {
  256         .type = UE_INTERRUPT,
  257         .endpoint = UE_ADDR_ANY,
  258         .direction = UE_DIR_IN,
  259         .bufsize = OTUS_MAX_CTRLSZ,
  260         .flags = {.pipe_bof = 1,.short_xfer_ok = 1,},
  261         .callback = otus_bulk_irq_callback,
  262         },
  263         [OTUS_BULK_CMD] = {
  264         .type = UE_INTERRUPT,
  265         .endpoint = UE_ADDR_ANY,
  266         .direction = UE_DIR_OUT,
  267         .bufsize = OTUS_MAX_CTRLSZ,
  268         .flags = {.pipe_bof = 1,.force_short_xfer = 1,},
  269         .callback = otus_bulk_cmd_callback,
  270         .timeout = 5000,        /* ms */
  271         },
  272 };
  273 
  274 static int
  275 otus_match(device_t self)
  276 {
  277         struct usb_attach_arg *uaa = device_get_ivars(self);
  278 
  279         if (uaa->usb_mode != USB_MODE_HOST ||
  280             uaa->info.bIfaceIndex != 0 ||
  281             uaa->info.bConfigIndex != 0)
  282         return (ENXIO);
  283 
  284         return (usbd_lookup_id_by_uaa(otus_devs, sizeof(otus_devs), uaa));
  285 }
  286 
  287 static int
  288 otus_attach(device_t self)
  289 {
  290         struct usb_attach_arg *uaa = device_get_ivars(self);
  291         struct otus_softc *sc = device_get_softc(self);
  292         int error;
  293         uint8_t iface_index;
  294 
  295         device_set_usb_desc(self);
  296         sc->sc_udev = uaa->device;
  297         sc->sc_dev = self;
  298 
  299         mtx_init(&sc->sc_mtx, device_get_nameunit(self), MTX_NETWORK_LOCK,
  300             MTX_DEF);
  301 
  302         TIMEOUT_TASK_INIT(taskqueue_thread, &sc->scan_to, 0, otus_next_scan, sc);
  303         TIMEOUT_TASK_INIT(taskqueue_thread, &sc->calib_to, 0, otus_calibrate_to, sc);
  304         TASK_INIT(&sc->tx_task, 0, otus_tx_task, sc);
  305         mbufq_init(&sc->sc_snd, ifqmaxlen);
  306 
  307         iface_index = 0;
  308         error = usbd_transfer_setup(uaa->device, &iface_index, sc->sc_xfer,
  309             otus_config, OTUS_N_XFER, sc, &sc->sc_mtx);
  310         if (error) {
  311                 device_printf(sc->sc_dev,
  312                     "could not allocate USB transfers, err=%s\n",
  313                     usbd_errstr(error));
  314                 goto fail_usb;
  315         }
  316 
  317         if ((error = otus_open_pipes(sc)) != 0) {
  318                 device_printf(sc->sc_dev, "%s: could not open pipes\n",
  319                     __func__);
  320                 goto fail;
  321         }
  322 
  323         /* XXX check return status; fail out if appropriate */
  324         if (otus_attachhook(sc) != 0)
  325                 goto fail;
  326 
  327         return (0);
  328 
  329 fail:
  330         otus_close_pipes(sc);
  331 fail_usb:
  332         mtx_destroy(&sc->sc_mtx);
  333         return (ENXIO);
  334 }
  335 
  336 static int
  337 otus_detach(device_t self)
  338 {
  339         struct otus_softc *sc = device_get_softc(self);
  340         struct ieee80211com *ic = &sc->sc_ic;
  341 
  342         otus_stop(sc);
  343 
  344         usbd_transfer_unsetup(sc->sc_xfer, OTUS_N_XFER);
  345 
  346         taskqueue_drain_timeout(taskqueue_thread, &sc->scan_to);
  347         taskqueue_drain_timeout(taskqueue_thread, &sc->calib_to);
  348         taskqueue_drain(taskqueue_thread, &sc->tx_task);
  349 
  350         otus_close_pipes(sc);
  351 #if 0
  352         /* Wait for all queued asynchronous commands to complete. */
  353         usb_rem_wait_task(sc->sc_udev, &sc->sc_task);
  354 
  355         usbd_ref_wait(sc->sc_udev);
  356 #endif
  357 
  358         ieee80211_ifdetach(ic);
  359         mtx_destroy(&sc->sc_mtx);
  360         return 0;
  361 }
  362 
  363 static void
  364 otus_delay_ms(struct otus_softc *sc, int ms)
  365 {
  366 
  367         DELAY(1000 * ms);
  368 }
  369 
  370 static struct ieee80211vap *
  371 otus_vap_create(struct ieee80211com *ic, const char name[IFNAMSIZ], int unit,
  372     enum ieee80211_opmode opmode, int flags,
  373     const uint8_t bssid[IEEE80211_ADDR_LEN],
  374     const uint8_t mac[IEEE80211_ADDR_LEN])
  375 {
  376         struct otus_vap *uvp;
  377         struct ieee80211vap *vap;
  378 
  379         if (!TAILQ_EMPTY(&ic->ic_vaps))  /* only one at a time */
  380                 return (NULL);
  381 
  382         uvp =  malloc(sizeof(struct otus_vap), M_80211_VAP, M_WAITOK | M_ZERO);
  383         vap = &uvp->vap;
  384 
  385         if (ieee80211_vap_setup(ic, vap, name, unit, opmode,
  386             flags, bssid) != 0) {
  387                 /* out of memory */
  388                 free(uvp, M_80211_VAP);
  389                 return (NULL);
  390         }
  391 
  392         /* override state transition machine */
  393         uvp->newstate = vap->iv_newstate;
  394         vap->iv_newstate = otus_newstate;
  395 
  396         vap->iv_ampdu_density = IEEE80211_HTCAP_MPDUDENSITY_8;
  397         vap->iv_ampdu_rxmax = IEEE80211_HTCAP_MAXRXAMPDU_64K;
  398 
  399         ieee80211_ratectl_init(vap);
  400 
  401         /* complete setup */
  402         ieee80211_vap_attach(vap, ieee80211_media_change,
  403             ieee80211_media_status, mac);
  404         ic->ic_opmode = opmode;
  405 
  406         return (vap);
  407 }
  408 
  409 static void
  410 otus_vap_delete(struct ieee80211vap *vap)
  411 {
  412         struct otus_vap *uvp = OTUS_VAP(vap);
  413 
  414         ieee80211_ratectl_deinit(vap);
  415         ieee80211_vap_detach(vap);
  416         free(uvp, M_80211_VAP);
  417 }
  418 
  419 static void
  420 otus_parent(struct ieee80211com *ic)
  421 {
  422         struct otus_softc *sc = ic->ic_softc;
  423         int startall = 0;
  424 
  425         if (ic->ic_nrunning > 0) {
  426                 if (!sc->sc_running) {
  427                         otus_init(sc);
  428                         startall = 1;
  429                 } else {
  430                         (void) otus_set_multi(sc);
  431                 }
  432         } else if (sc->sc_running)
  433                 otus_stop(sc);
  434 
  435         if (startall)
  436                 ieee80211_start_all(ic);
  437 }
  438 
  439 static void
  440 otus_drain_mbufq(struct otus_softc *sc)
  441 {
  442         struct mbuf *m;
  443         struct ieee80211_node *ni;
  444 
  445         OTUS_LOCK_ASSERT(sc);
  446         while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
  447                 ni = (struct ieee80211_node *) m->m_pkthdr.rcvif;
  448                 m->m_pkthdr.rcvif = NULL;
  449                 ieee80211_free_node(ni);
  450                 m_freem(m);
  451         }
  452 }
  453 
  454 static void
  455 otus_tx_start(struct otus_softc *sc)
  456 {
  457 
  458         taskqueue_enqueue(taskqueue_thread, &sc->tx_task);
  459 }
  460 
  461 static int
  462 otus_transmit(struct ieee80211com *ic, struct mbuf *m)
  463 {
  464         struct otus_softc *sc = ic->ic_softc;
  465         int error;
  466 
  467         OTUS_LOCK(sc);
  468         if (! sc->sc_running) {
  469                 OTUS_UNLOCK(sc);
  470                 return (ENXIO);
  471         }
  472 
  473         /* XXX TODO: handle fragments */
  474         error = mbufq_enqueue(&sc->sc_snd, m);
  475         if (error) {
  476                 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
  477                     "%s: mbufq_enqueue failed: %d\n",
  478                     __func__,
  479                     error);
  480                 OTUS_UNLOCK(sc);
  481                 return (error);
  482         }
  483         OTUS_UNLOCK(sc);
  484 
  485         /* Kick TX */
  486         otus_tx_start(sc);
  487 
  488         return (0);
  489 }
  490 
  491 static void
  492 _otus_start(struct otus_softc *sc)
  493 {
  494         struct ieee80211_node *ni;
  495         struct otus_data *bf;
  496         struct mbuf *m;
  497 
  498         OTUS_LOCK_ASSERT(sc);
  499 
  500         while ((m = mbufq_dequeue(&sc->sc_snd)) != NULL) {
  501                 bf = otus_getbuf(sc);
  502                 if (bf == NULL) {
  503                         OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
  504                             "%s: failed to get buffer\n", __func__);
  505                         mbufq_prepend(&sc->sc_snd, m);
  506                         break;
  507                 }
  508 
  509                 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif;
  510                 m->m_pkthdr.rcvif = NULL;
  511 
  512                 if (otus_tx(sc, ni, m, bf, NULL) != 0) {
  513                         OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
  514                             "%s: failed to transmit\n", __func__);
  515                         if_inc_counter(ni->ni_vap->iv_ifp,
  516                             IFCOUNTER_OERRORS, 1);
  517                         otus_freebuf(sc, bf);
  518                         ieee80211_free_node(ni);
  519                         m_freem(m);
  520                         break;
  521                 }
  522         }
  523 }
  524 
  525 static void
  526 otus_tx_task(void *arg, int pending)
  527 {
  528         struct otus_softc *sc = arg;
  529 
  530         OTUS_LOCK(sc);
  531         _otus_start(sc);
  532         OTUS_UNLOCK(sc);
  533 }
  534 
  535 static int
  536 otus_raw_xmit(struct ieee80211_node *ni, struct mbuf *m,
  537     const struct ieee80211_bpf_params *params)
  538 {
  539         struct ieee80211com *ic= ni->ni_ic;
  540         struct otus_softc *sc = ic->ic_softc;
  541         struct otus_data *bf = NULL;
  542         int error = 0;
  543 
  544         /* Don't transmit if we're not running */
  545         OTUS_LOCK(sc);
  546         if (! sc->sc_running) {
  547                 error = ENETDOWN;
  548                 goto error;
  549         }
  550 
  551         bf = otus_getbuf(sc);
  552         if (bf == NULL) {
  553                 error = ENOBUFS;
  554                 goto error;
  555         }
  556 
  557         if (otus_tx(sc, ni, m, bf, params) != 0) {
  558                 error = EIO;
  559                 goto error;
  560         }
  561 
  562         OTUS_UNLOCK(sc);
  563         return (0);
  564 error:
  565         if (bf)
  566                 otus_freebuf(sc, bf);
  567         OTUS_UNLOCK(sc);
  568         m_freem(m);
  569         return (ENXIO);
  570 }
  571 
  572 static void
  573 otus_update_chw(struct ieee80211com *ic)
  574 {
  575 
  576         printf("%s: TODO\n", __func__);
  577 }
  578 
  579 static void
  580 otus_set_channel(struct ieee80211com *ic)
  581 {
  582         struct otus_softc *sc = ic->ic_softc;
  583         OTUS_DPRINTF(sc, OTUS_DEBUG_RESET, "%s: set channel: %d\n",
  584             __func__,
  585             ic->ic_curchan->ic_freq);
  586 
  587         OTUS_LOCK(sc);
  588         (void) otus_set_chan(sc, ic->ic_curchan, 0);
  589         OTUS_UNLOCK(sc);
  590 }
  591 
  592 static int
  593 otus_ampdu_enable(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap)
  594 {
  595 
  596         /* For now, no A-MPDU TX support in the driver */
  597         return (0);
  598 }
  599 
  600 static void
  601 otus_scan_start(struct ieee80211com *ic)
  602 {
  603 
  604 //      printf("%s: TODO\n", __func__);
  605 }
  606 
  607 static void
  608 otus_scan_end(struct ieee80211com *ic)
  609 {
  610 
  611 //      printf("%s: TODO\n", __func__);
  612 }
  613 
  614 static void
  615 otus_update_mcast(struct ieee80211com *ic)
  616 {
  617         struct otus_softc *sc = ic->ic_softc;
  618 
  619         (void) otus_set_multi(sc);
  620 }
  621 
  622 static int
  623 otus_attachhook(struct otus_softc *sc)
  624 {
  625         struct ieee80211com *ic = &sc->sc_ic;
  626         usb_device_request_t req;
  627         uint32_t in, out;
  628         int error;
  629 
  630         /* Not locked */
  631         error = otus_load_firmware(sc, "otusfw_init", AR_FW_INIT_ADDR);
  632         if (error != 0) {
  633                 device_printf(sc->sc_dev, "%s: could not load %s firmware\n",
  634                     __func__, "init");
  635                 return (ENXIO);
  636         }
  637 
  638         /* XXX not locked? */
  639         otus_delay_ms(sc, 1000);
  640 
  641         /* Not locked */
  642         error = otus_load_firmware(sc, "otusfw_main", AR_FW_MAIN_ADDR);
  643         if (error != 0) {
  644                 device_printf(sc->sc_dev, "%s: could not load %s firmware\n",
  645                     __func__, "main");
  646                 return (ENXIO);
  647         }
  648 
  649         OTUS_LOCK(sc);
  650 
  651         /* Tell device that firmware transfer is complete. */
  652         req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
  653         req.bRequest = AR_FW_DOWNLOAD_COMPLETE;
  654         USETW(req.wValue, 0);
  655         USETW(req.wIndex, 0);
  656         USETW(req.wLength, 0);
  657         if (usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx, &req, NULL,
  658             0, NULL, 250) != 0) {
  659                 OTUS_UNLOCK(sc);
  660                 device_printf(sc->sc_dev,
  661                     "%s: firmware initialization failed\n",
  662                     __func__);
  663                 return (ENXIO);
  664         }
  665 
  666         /* Send an ECHO command to check that everything is settled. */
  667         in = 0xbadc0ffe;
  668         if (otus_cmd(sc, AR_CMD_ECHO, &in, sizeof in, &out, sizeof(out)) != 0) {
  669                 OTUS_UNLOCK(sc);
  670                 device_printf(sc->sc_dev,
  671                     "%s: echo command failed\n", __func__);
  672                 return (ENXIO);
  673         }
  674         if (in != out) {
  675                 OTUS_UNLOCK(sc);
  676                 device_printf(sc->sc_dev,
  677                     "%s: echo reply mismatch: 0x%08x!=0x%08x\n",
  678                     __func__, in, out);
  679                 return (ENXIO);
  680         }
  681 
  682         /* Read entire EEPROM. */
  683         if (otus_read_eeprom(sc) != 0) {
  684                 OTUS_UNLOCK(sc);
  685                 device_printf(sc->sc_dev,
  686                     "%s: could not read EEPROM\n",
  687                     __func__);
  688                 return (ENXIO);
  689         }
  690 
  691         OTUS_UNLOCK(sc);
  692 
  693         sc->txmask = sc->eeprom.baseEepHeader.txMask;
  694         sc->rxmask = sc->eeprom.baseEepHeader.rxMask;
  695         sc->capflags = sc->eeprom.baseEepHeader.opCapFlags;
  696         IEEE80211_ADDR_COPY(ic->ic_macaddr, sc->eeprom.baseEepHeader.macAddr);
  697         sc->sc_led_newstate = otus_led_newstate_type3;  /* XXX */
  698 
  699         if (sc->txmask == 0x5)
  700                 ic->ic_txstream = 2;
  701         else
  702                 ic->ic_txstream = 1;
  703 
  704         if (sc->rxmask == 0x5)
  705                 ic->ic_rxstream = 2;
  706         else
  707                 ic->ic_rxstream = 1;
  708 
  709         device_printf(sc->sc_dev,
  710             "MAC/BBP AR9170, RF AR%X, MIMO %dT%dR, address %s\n",
  711             (sc->capflags & AR5416_OPFLAGS_11A) ?
  712                 0x9104 : ((sc->txmask == 0x5) ? 0x9102 : 0x9101),
  713             (sc->txmask == 0x5) ? 2 : 1, (sc->rxmask == 0x5) ? 2 : 1,
  714             ether_sprintf(ic->ic_macaddr));
  715 
  716         ic->ic_softc = sc;
  717         ic->ic_name = device_get_nameunit(sc->sc_dev);
  718         ic->ic_phytype = IEEE80211_T_OFDM;      /* not only, but not used */
  719         ic->ic_opmode = IEEE80211_M_STA;        /* default to BSS mode */
  720 
  721         /* Set device capabilities. */
  722         ic->ic_caps =
  723             IEEE80211_C_STA |           /* station mode */
  724 #if 0
  725             IEEE80211_C_BGSCAN |        /* Background scan. */
  726 #endif
  727             IEEE80211_C_SHPREAMBLE |    /* Short preamble supported. */
  728             IEEE80211_C_WME |           /* WME/QoS */
  729             IEEE80211_C_SHSLOT |        /* Short slot time supported. */
  730             IEEE80211_C_FF |            /* Atheros fast-frames supported. */
  731             IEEE80211_C_MONITOR |       /* Enable monitor mode */
  732             IEEE80211_C_SWAMSDUTX |     /* Do software A-MSDU TX */
  733             IEEE80211_C_WPA;            /* WPA/RSN. */
  734 
  735         ic->ic_htcaps =
  736             IEEE80211_HTC_HT |
  737 #if 0
  738             IEEE80211_HTC_AMPDU |
  739 #endif
  740             IEEE80211_HTC_AMSDU |
  741             IEEE80211_HTCAP_MAXAMSDU_3839 |
  742             IEEE80211_HTCAP_SMPS_OFF;
  743 
  744         otus_getradiocaps(ic, IEEE80211_CHAN_MAX, &ic->ic_nchans,
  745             ic->ic_channels);
  746 
  747         ieee80211_ifattach(ic);
  748         ic->ic_raw_xmit = otus_raw_xmit;
  749         ic->ic_scan_start = otus_scan_start;
  750         ic->ic_scan_end = otus_scan_end;
  751         ic->ic_set_channel = otus_set_channel;
  752         ic->ic_getradiocaps = otus_getradiocaps;
  753         ic->ic_vap_create = otus_vap_create;
  754         ic->ic_vap_delete = otus_vap_delete;
  755         ic->ic_update_mcast = otus_update_mcast;
  756         ic->ic_update_promisc = otus_update_mcast;
  757         ic->ic_parent = otus_parent;
  758         ic->ic_transmit = otus_transmit;
  759         ic->ic_update_chw = otus_update_chw;
  760         ic->ic_ampdu_enable = otus_ampdu_enable;
  761         ic->ic_wme.wme_update = otus_updateedca;
  762         ic->ic_newassoc = otus_newassoc;
  763         ic->ic_node_alloc = otus_node_alloc;
  764 
  765 #ifdef notyet
  766         ic->ic_set_key = otus_set_key;
  767         ic->ic_delete_key = otus_delete_key;
  768 #endif
  769 
  770         ieee80211_radiotap_attach(ic, &sc->sc_txtap.wt_ihdr,
  771             sizeof(sc->sc_txtap), OTUS_TX_RADIOTAP_PRESENT,
  772             &sc->sc_rxtap.wr_ihdr, sizeof(sc->sc_rxtap),
  773             OTUS_RX_RADIOTAP_PRESENT);
  774 
  775         return (0);
  776 }
  777 
  778 static void
  779 otus_getradiocaps(struct ieee80211com *ic,
  780     int maxchans, int *nchans, struct ieee80211_channel chans[])
  781 {
  782         struct otus_softc *sc = ic->ic_softc;
  783         uint8_t bands[IEEE80211_MODE_BYTES];
  784 
  785         /* Set supported .11b and .11g rates. */
  786         memset(bands, 0, sizeof(bands));
  787         if (sc->eeprom.baseEepHeader.opCapFlags & AR5416_OPFLAGS_11G) {
  788                 setbit(bands, IEEE80211_MODE_11B);
  789                 setbit(bands, IEEE80211_MODE_11G);
  790                 setbit(bands, IEEE80211_MODE_11NG);
  791                 ieee80211_add_channel_list_2ghz(chans, maxchans, nchans,
  792                     ar_chans, 14, bands, 0);
  793         }
  794         if (sc->eeprom.baseEepHeader.opCapFlags & AR5416_OPFLAGS_11A) {
  795                 setbit(bands, IEEE80211_MODE_11A);
  796                 setbit(bands, IEEE80211_MODE_11NA);
  797                 ieee80211_add_channel_list_5ghz(chans, maxchans, nchans,
  798                     &ar_chans[14], nitems(ar_chans) - 14, bands, 0);
  799         }
  800 }
  801 
  802 int
  803 otus_load_firmware(struct otus_softc *sc, const char *name, uint32_t addr)
  804 {
  805         usb_device_request_t req;
  806         char *ptr;
  807         const struct firmware *fw;
  808         int mlen, error, size;
  809 
  810         error = 0;
  811 
  812         /* Read firmware image from the filesystem. */
  813         if ((fw = firmware_get(name)) == NULL) {
  814                 device_printf(sc->sc_dev,
  815                     "%s: failed loadfirmware of file %s\n", __func__, name);
  816                 return (ENXIO);
  817         }
  818         req.bmRequestType = UT_WRITE_VENDOR_DEVICE;
  819         req.bRequest = AR_FW_DOWNLOAD;
  820         USETW(req.wIndex, 0);
  821 
  822         OTUS_LOCK(sc);
  823 
  824         /* XXX const */
  825         ptr = __DECONST(char *, fw->data);
  826         size = fw->datasize;
  827         addr >>= 8;
  828         while (size > 0) {
  829                 mlen = MIN(size, 4096);
  830 
  831                 USETW(req.wValue, addr);
  832                 USETW(req.wLength, mlen);
  833                 if (usbd_do_request_flags(sc->sc_udev, &sc->sc_mtx,
  834                     &req, ptr, 0, NULL, 250) != 0) {
  835                         error = EIO;
  836                         break;
  837                 }
  838                 addr += mlen >> 8;
  839                 ptr  += mlen;
  840                 size -= mlen;
  841         }
  842 
  843         OTUS_UNLOCK(sc);
  844 
  845         firmware_put(fw, FIRMWARE_UNLOAD);
  846         if (error != 0)
  847                 device_printf(sc->sc_dev,
  848                     "%s: %s: error=%d\n", __func__, name, error);
  849         return error;
  850 }
  851 
  852 int
  853 otus_open_pipes(struct otus_softc *sc)
  854 {
  855 #if 0
  856         int isize, error;
  857         int i;
  858 #endif
  859         int error;
  860 
  861         OTUS_UNLOCK_ASSERT(sc);
  862 
  863         if ((error = otus_alloc_tx_cmd_list(sc)) != 0) {
  864                 device_printf(sc->sc_dev,
  865                     "%s: could not allocate command xfer\n",
  866                     __func__);
  867                 goto fail;
  868         }
  869 
  870         if ((error = otus_alloc_tx_list(sc)) != 0) {
  871                 device_printf(sc->sc_dev, "%s: could not allocate Tx xfers\n",
  872                     __func__);
  873                 goto fail;
  874         }
  875 
  876         if ((error = otus_alloc_rx_list(sc)) != 0) {
  877                 device_printf(sc->sc_dev, "%s: could not allocate Rx xfers\n",
  878                     __func__);
  879                 goto fail;
  880         }
  881 
  882         /* Enable RX transfers; needed for initial firmware messages */
  883         OTUS_LOCK(sc);
  884         usbd_transfer_start(sc->sc_xfer[OTUS_BULK_RX]);
  885         usbd_transfer_start(sc->sc_xfer[OTUS_BULK_IRQ]);
  886         OTUS_UNLOCK(sc);
  887         return 0;
  888 
  889 fail:   otus_close_pipes(sc);
  890         return error;
  891 }
  892 
  893 void
  894 otus_close_pipes(struct otus_softc *sc)
  895 {
  896 
  897         OTUS_LOCK(sc);
  898         otus_free_tx_cmd_list(sc);
  899         otus_free_tx_list(sc);
  900         otus_free_rx_list(sc);
  901         OTUS_UNLOCK(sc);
  902 
  903         usbd_transfer_unsetup(sc->sc_xfer, OTUS_N_XFER);
  904 }
  905 
  906 static void
  907 otus_free_cmd_list(struct otus_softc *sc, struct otus_tx_cmd cmd[], int ndata)
  908 {
  909         int i;
  910 
  911         /* XXX TODO: someone has to have waken up waiters! */
  912         for (i = 0; i < ndata; i++) {
  913                 struct otus_tx_cmd *dp = &cmd[i];
  914 
  915                 if (dp->buf != NULL) {
  916                         free(dp->buf, M_USBDEV);
  917                         dp->buf = NULL;
  918                 }
  919         }
  920 }
  921 
  922 static int
  923 otus_alloc_cmd_list(struct otus_softc *sc, struct otus_tx_cmd cmd[],
  924     int ndata, int maxsz)
  925 {
  926         int i, error;
  927 
  928         for (i = 0; i < ndata; i++) {
  929                 struct otus_tx_cmd *dp = &cmd[i];
  930                 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT | M_ZERO);
  931                 dp->odata = NULL;
  932                 if (dp->buf == NULL) {
  933                         device_printf(sc->sc_dev,
  934                             "could not allocate buffer\n");
  935                         error = ENOMEM;
  936                         goto fail;
  937                 }
  938         }
  939 
  940         return (0);
  941 fail:
  942         otus_free_cmd_list(sc, cmd, ndata);
  943         return (error);
  944 }
  945 
  946 static int
  947 otus_alloc_tx_cmd_list(struct otus_softc *sc)
  948 {
  949         int error, i;
  950 
  951         error = otus_alloc_cmd_list(sc, sc->sc_cmd, OTUS_CMD_LIST_COUNT,
  952             OTUS_MAX_TXCMDSZ);
  953         if (error != 0)
  954                 return (error);
  955 
  956         STAILQ_INIT(&sc->sc_cmd_active);
  957         STAILQ_INIT(&sc->sc_cmd_inactive);
  958         STAILQ_INIT(&sc->sc_cmd_pending);
  959         STAILQ_INIT(&sc->sc_cmd_waiting);
  960 
  961         for (i = 0; i < OTUS_CMD_LIST_COUNT; i++)
  962                 STAILQ_INSERT_HEAD(&sc->sc_cmd_inactive, &sc->sc_cmd[i],
  963                     next_cmd);
  964 
  965         return (0);
  966 }
  967 
  968 static void
  969 otus_free_tx_cmd_list(struct otus_softc *sc)
  970 {
  971 
  972         /*
  973          * XXX TODO: something needs to wake up any pending/sleeping
  974          * waiters!
  975          */
  976         STAILQ_INIT(&sc->sc_cmd_active);
  977         STAILQ_INIT(&sc->sc_cmd_inactive);
  978         STAILQ_INIT(&sc->sc_cmd_pending);
  979         STAILQ_INIT(&sc->sc_cmd_waiting);
  980 
  981         otus_free_cmd_list(sc, sc->sc_cmd, OTUS_CMD_LIST_COUNT);
  982 }
  983 
  984 static int
  985 otus_alloc_list(struct otus_softc *sc, struct otus_data data[],
  986     int ndata, int maxsz)
  987 {
  988         int i, error;
  989 
  990         for (i = 0; i < ndata; i++) {
  991                 struct otus_data *dp = &data[i];
  992                 dp->sc = sc;
  993                 dp->m = NULL;
  994                 dp->buf = malloc(maxsz, M_USBDEV, M_NOWAIT | M_ZERO);
  995                 if (dp->buf == NULL) {
  996                         device_printf(sc->sc_dev,
  997                             "could not allocate buffer\n");
  998                         error = ENOMEM;
  999                         goto fail;
 1000                 }
 1001                 dp->ni = NULL;
 1002         }
 1003 
 1004         return (0);
 1005 fail:
 1006         otus_free_list(sc, data, ndata);
 1007         return (error);
 1008 }
 1009 
 1010 static int
 1011 otus_alloc_rx_list(struct otus_softc *sc)
 1012 {
 1013         int error, i;
 1014 
 1015         error = otus_alloc_list(sc, sc->sc_rx, OTUS_RX_LIST_COUNT,
 1016             OTUS_RXBUFSZ);
 1017         if (error != 0)
 1018                 return (error);
 1019 
 1020         STAILQ_INIT(&sc->sc_rx_active);
 1021         STAILQ_INIT(&sc->sc_rx_inactive);
 1022 
 1023         for (i = 0; i < OTUS_RX_LIST_COUNT; i++)
 1024                 STAILQ_INSERT_HEAD(&sc->sc_rx_inactive, &sc->sc_rx[i], next);
 1025 
 1026         return (0);
 1027 }
 1028 
 1029 static int
 1030 otus_alloc_tx_list(struct otus_softc *sc)
 1031 {
 1032         int error, i;
 1033 
 1034         error = otus_alloc_list(sc, sc->sc_tx, OTUS_TX_LIST_COUNT,
 1035             OTUS_TXBUFSZ);
 1036         if (error != 0)
 1037                 return (error);
 1038 
 1039         STAILQ_INIT(&sc->sc_tx_inactive);
 1040 
 1041         for (i = 0; i != OTUS_N_XFER; i++) {
 1042                 STAILQ_INIT(&sc->sc_tx_active[i]);
 1043                 STAILQ_INIT(&sc->sc_tx_pending[i]);
 1044         }
 1045 
 1046         for (i = 0; i < OTUS_TX_LIST_COUNT; i++) {
 1047                 STAILQ_INSERT_HEAD(&sc->sc_tx_inactive, &sc->sc_tx[i], next);
 1048         }
 1049 
 1050         return (0);
 1051 }
 1052 
 1053 static void
 1054 otus_free_tx_list(struct otus_softc *sc)
 1055 {
 1056         int i;
 1057 
 1058         /* prevent further allocations from TX list(s) */
 1059         STAILQ_INIT(&sc->sc_tx_inactive);
 1060 
 1061         for (i = 0; i != OTUS_N_XFER; i++) {
 1062                 STAILQ_INIT(&sc->sc_tx_active[i]);
 1063                 STAILQ_INIT(&sc->sc_tx_pending[i]);
 1064         }
 1065 
 1066         otus_free_list(sc, sc->sc_tx, OTUS_TX_LIST_COUNT);
 1067 }
 1068 
 1069 static void
 1070 otus_free_rx_list(struct otus_softc *sc)
 1071 {
 1072         /* prevent further allocations from RX list(s) */
 1073         STAILQ_INIT(&sc->sc_rx_inactive);
 1074         STAILQ_INIT(&sc->sc_rx_active);
 1075 
 1076         otus_free_list(sc, sc->sc_rx, OTUS_RX_LIST_COUNT);
 1077 }
 1078 
 1079 static void
 1080 otus_free_list(struct otus_softc *sc, struct otus_data data[], int ndata)
 1081 {
 1082         int i;
 1083 
 1084         for (i = 0; i < ndata; i++) {
 1085                 struct otus_data *dp = &data[i];
 1086 
 1087                 if (dp->buf != NULL) {
 1088                         free(dp->buf, M_USBDEV);
 1089                         dp->buf = NULL;
 1090                 }
 1091                 if (dp->ni != NULL) {
 1092                         ieee80211_free_node(dp->ni);
 1093                         dp->ni = NULL;
 1094                 }
 1095         }
 1096 }
 1097 
 1098 static struct otus_data *
 1099 _otus_getbuf(struct otus_softc *sc)
 1100 {
 1101         struct otus_data *bf;
 1102 
 1103         bf = STAILQ_FIRST(&sc->sc_tx_inactive);
 1104         if (bf != NULL)
 1105                 STAILQ_REMOVE_HEAD(&sc->sc_tx_inactive, next);
 1106         else
 1107                 bf = NULL;
 1108         /* XXX bzero? */
 1109         return (bf);
 1110 }
 1111 
 1112 static struct otus_data *
 1113 otus_getbuf(struct otus_softc *sc)
 1114 {
 1115         struct otus_data *bf;
 1116 
 1117         OTUS_LOCK_ASSERT(sc);
 1118 
 1119         bf = _otus_getbuf(sc);
 1120         return (bf);
 1121 }
 1122 
 1123 static void
 1124 otus_freebuf(struct otus_softc *sc, struct otus_data *bf)
 1125 {
 1126 
 1127         OTUS_LOCK_ASSERT(sc);
 1128         STAILQ_INSERT_TAIL(&sc->sc_tx_inactive, bf, next);
 1129 }
 1130 
 1131 static struct otus_tx_cmd *
 1132 _otus_get_txcmd(struct otus_softc *sc)
 1133 {
 1134         struct otus_tx_cmd *bf;
 1135 
 1136         bf = STAILQ_FIRST(&sc->sc_cmd_inactive);
 1137         if (bf != NULL)
 1138                 STAILQ_REMOVE_HEAD(&sc->sc_cmd_inactive, next_cmd);
 1139         else
 1140                 bf = NULL;
 1141         return (bf);
 1142 }
 1143 
 1144 static struct otus_tx_cmd *
 1145 otus_get_txcmd(struct otus_softc *sc)
 1146 {
 1147         struct otus_tx_cmd *bf;
 1148 
 1149         OTUS_LOCK_ASSERT(sc);
 1150 
 1151         bf = _otus_get_txcmd(sc);
 1152         if (bf == NULL) {
 1153                 device_printf(sc->sc_dev, "%s: no tx cmd buffers\n",
 1154                     __func__);
 1155         }
 1156         return (bf);
 1157 }
 1158 
 1159 static void
 1160 otus_free_txcmd(struct otus_softc *sc, struct otus_tx_cmd *bf)
 1161 {
 1162 
 1163         OTUS_LOCK_ASSERT(sc);
 1164         STAILQ_INSERT_TAIL(&sc->sc_cmd_inactive, bf, next_cmd);
 1165 }
 1166 
 1167 void
 1168 otus_next_scan(void *arg, int pending)
 1169 {
 1170 #if 0
 1171         struct otus_softc *sc = arg;
 1172 
 1173         if (usbd_is_dying(sc->sc_udev))
 1174                 return;
 1175 
 1176         usbd_ref_incr(sc->sc_udev);
 1177 
 1178         if (sc->sc_ic.ic_state == IEEE80211_S_SCAN)
 1179                 ieee80211_next_scan(&sc->sc_ic.ic_if);
 1180 
 1181         usbd_ref_decr(sc->sc_udev);
 1182 #endif
 1183 }
 1184 
 1185 int
 1186 otus_newstate(struct ieee80211vap *vap, enum ieee80211_state nstate, int arg)
 1187 {
 1188         struct otus_vap *uvp = OTUS_VAP(vap);
 1189         struct ieee80211com *ic = vap->iv_ic;
 1190         struct otus_softc *sc = ic->ic_softc;
 1191         enum ieee80211_state ostate;
 1192 
 1193         ostate = vap->iv_state;
 1194         OTUS_DPRINTF(sc, OTUS_DEBUG_STATE, "%s: %s -> %s\n", __func__,
 1195             ieee80211_state_name[ostate],
 1196             ieee80211_state_name[nstate]);
 1197 
 1198         IEEE80211_UNLOCK(ic);
 1199 
 1200         OTUS_LOCK(sc);
 1201 
 1202         /* XXX TODO: more fleshing out! */
 1203 
 1204         switch (nstate) {
 1205         case IEEE80211_S_INIT:
 1206                 otus_set_operating_mode(sc);
 1207                 otus_set_rx_filter(sc);
 1208                 break;
 1209         case IEEE80211_S_RUN:
 1210                 if (ic->ic_opmode == IEEE80211_M_STA) {
 1211                         otus_updateslot(sc);
 1212                         otus_set_operating_mode(sc);
 1213                         otus_set_rx_filter(sc);
 1214 
 1215                         /* Start calibration timer. */
 1216                         taskqueue_enqueue_timeout(taskqueue_thread,
 1217                             &sc->calib_to, hz);
 1218                 }
 1219                 break;
 1220         default:
 1221                 break;
 1222         }
 1223 
 1224         /* XXX TODO: calibration? */
 1225 
 1226         sc->sc_led_newstate(sc);
 1227 
 1228         OTUS_UNLOCK(sc);
 1229         IEEE80211_LOCK(ic);
 1230         return (uvp->newstate(vap, nstate, arg));
 1231 }
 1232 
 1233 int
 1234 otus_cmd(struct otus_softc *sc, uint8_t code, const void *idata, int ilen,
 1235     void *odata, int odatalen)
 1236 {
 1237         struct otus_tx_cmd *cmd;
 1238         struct ar_cmd_hdr *hdr;
 1239         int xferlen, error;
 1240 
 1241         OTUS_LOCK_ASSERT(sc);
 1242 
 1243         /* Always bulk-out a multiple of 4 bytes. */
 1244         xferlen = (sizeof (*hdr) + ilen + 3) & ~3;
 1245         if (xferlen > OTUS_MAX_TXCMDSZ) {
 1246                 device_printf(sc->sc_dev, "%s: command (0x%02x) size (%d) > %d\n",
 1247                     __func__,
 1248                     code,
 1249                     xferlen,
 1250                     OTUS_MAX_TXCMDSZ);
 1251                 return (EIO);
 1252         }
 1253 
 1254         cmd = otus_get_txcmd(sc);
 1255         if (cmd == NULL) {
 1256                 device_printf(sc->sc_dev, "%s: failed to get buf\n",
 1257                     __func__);
 1258                 return (EIO);
 1259         }
 1260 
 1261         hdr = (struct ar_cmd_hdr *)cmd->buf;
 1262         hdr->code  = code;
 1263         hdr->len   = ilen;
 1264         hdr->token = ++sc->token;       /* Don't care about endianness. */
 1265         cmd->token = hdr->token;
 1266         /* XXX TODO: check max cmd length? */
 1267         memcpy((uint8_t *)&hdr[1], idata, ilen);
 1268 
 1269         OTUS_DPRINTF(sc, OTUS_DEBUG_CMD,
 1270             "%s: sending command code=0x%02x len=%d token=%d\n",
 1271             __func__, code, ilen, hdr->token);
 1272 
 1273         cmd->odata = odata;
 1274         cmd->odatalen = odatalen;
 1275         cmd->buflen = xferlen;
 1276 
 1277         /* Queue the command to the endpoint */
 1278         STAILQ_INSERT_TAIL(&sc->sc_cmd_pending, cmd, next_cmd);
 1279         usbd_transfer_start(sc->sc_xfer[OTUS_BULK_CMD]);
 1280 
 1281         /* Sleep on the command; wait for it to complete */
 1282         error = msleep(cmd, &sc->sc_mtx, PCATCH, "otuscmd", hz);
 1283 
 1284         /*
 1285          * At this point we don't own cmd any longer; it'll be
 1286          * freed by the cmd bulk path or the RX notification
 1287          * path.  If the data is made available then it'll be copied
 1288          * to the caller.  All that is left to do is communicate
 1289          * status back to the caller.
 1290          */
 1291         if (error != 0) {
 1292                 device_printf(sc->sc_dev,
 1293                     "%s: timeout waiting for command 0x%02x reply\n",
 1294                     __func__, code);
 1295         }
 1296         return error;
 1297 }
 1298 
 1299 void
 1300 otus_write(struct otus_softc *sc, uint32_t reg, uint32_t val)
 1301 {
 1302 
 1303         OTUS_LOCK_ASSERT(sc);
 1304 
 1305         sc->write_buf[sc->write_idx].reg = htole32(reg);
 1306         sc->write_buf[sc->write_idx].val = htole32(val);
 1307 
 1308         if (++sc->write_idx > (AR_MAX_WRITE_IDX-1))
 1309                 (void)otus_write_barrier(sc);
 1310 }
 1311 
 1312 int
 1313 otus_write_barrier(struct otus_softc *sc)
 1314 {
 1315         int error;
 1316 
 1317         OTUS_LOCK_ASSERT(sc);
 1318 
 1319         if (sc->write_idx == 0)
 1320                 return 0;       /* Nothing to flush. */
 1321 
 1322         OTUS_DPRINTF(sc, OTUS_DEBUG_REGIO, "%s: called; %d updates\n",
 1323             __func__,
 1324             sc->write_idx);
 1325 
 1326         error = otus_cmd(sc, AR_CMD_WREG, sc->write_buf,
 1327             sizeof (sc->write_buf[0]) * sc->write_idx, NULL, 0);
 1328         sc->write_idx = 0;
 1329         return error;
 1330 }
 1331 
 1332 static struct ieee80211_node *
 1333 otus_node_alloc(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])
 1334 {
 1335 
 1336         return malloc(sizeof (struct otus_node), M_80211_NODE,
 1337             M_NOWAIT | M_ZERO);
 1338 }
 1339 
 1340 int
 1341 otus_read_eeprom(struct otus_softc *sc)
 1342 {
 1343         uint32_t regs[8], reg;
 1344         uint8_t *eep;
 1345         int i, j, error;
 1346 
 1347         OTUS_LOCK_ASSERT(sc);
 1348 
 1349         /* Read EEPROM by blocks of 32 bytes. */
 1350         eep = (uint8_t *)&sc->eeprom;
 1351         reg = AR_EEPROM_OFFSET;
 1352         for (i = 0; i < sizeof (sc->eeprom) / 32; i++) {
 1353                 for (j = 0; j < 8; j++, reg += 4)
 1354                         regs[j] = htole32(reg);
 1355                 error = otus_cmd(sc, AR_CMD_RREG, regs, sizeof regs, eep, 32);
 1356                 if (error != 0)
 1357                         break;
 1358                 eep += 32;
 1359         }
 1360         return error;
 1361 }
 1362 
 1363 void
 1364 otus_newassoc(struct ieee80211_node *ni, int isnew)
 1365 {
 1366         struct ieee80211com *ic = ni->ni_ic;
 1367         struct otus_softc *sc = ic->ic_softc;
 1368         struct otus_node *on = OTUS_NODE(ni);
 1369 
 1370         OTUS_DPRINTF(sc, OTUS_DEBUG_STATE, "new assoc isnew=%d addr=%s\n",
 1371             isnew, ether_sprintf(ni->ni_macaddr));
 1372 
 1373         on->tx_done = 0;
 1374         on->tx_err = 0;
 1375         on->tx_retries = 0;
 1376 }
 1377 
 1378 static void
 1379 otus_cmd_handle_response(struct otus_softc *sc, struct ar_cmd_hdr *hdr)
 1380 {
 1381         struct otus_tx_cmd *cmd;
 1382 
 1383         OTUS_LOCK_ASSERT(sc);
 1384 
 1385         OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
 1386             "%s: received reply code=0x%02x len=%d token=%d\n",
 1387             __func__,
 1388             hdr->code, hdr->len, hdr->token);
 1389 
 1390         /*
 1391          * Walk the list, freeing items that aren't ours,
 1392          * stopping when we hit our token.
 1393          */
 1394         while ((cmd = STAILQ_FIRST(&sc->sc_cmd_waiting)) != NULL) {
 1395                 STAILQ_REMOVE_HEAD(&sc->sc_cmd_waiting, next_cmd);
 1396                 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
 1397                     "%s: cmd=%p; hdr.token=%d, cmd.token=%d\n",
 1398                     __func__,
 1399                     cmd,
 1400                     (int) hdr->token,
 1401                     (int) cmd->token);
 1402                 if (hdr->token == cmd->token) {
 1403                         /* Copy answer into caller's supplied buffer. */
 1404                         if (cmd->odata != NULL) {
 1405                                 if (hdr->len != cmd->odatalen) {
 1406                                         device_printf(sc->sc_dev,
 1407                                             "%s: code 0x%02x, len=%d, olen=%d\n",
 1408                                             __func__,
 1409                                             (int) hdr->code,
 1410                                             (int) hdr->len,
 1411                                             (int) cmd->odatalen);
 1412                                 }
 1413                                 memcpy(cmd->odata, &hdr[1],
 1414                                     MIN(cmd->odatalen, hdr->len));
 1415                         }
 1416                         wakeup(cmd);
 1417                 }
 1418 
 1419                 STAILQ_INSERT_TAIL(&sc->sc_cmd_inactive, cmd, next_cmd);
 1420         }
 1421 }
 1422 
 1423 void
 1424 otus_cmd_rxeof(struct otus_softc *sc, uint8_t *buf, int len)
 1425 {
 1426         struct ieee80211com *ic = &sc->sc_ic;
 1427         struct ar_cmd_hdr *hdr;
 1428 
 1429         OTUS_LOCK_ASSERT(sc);
 1430 
 1431         if (__predict_false(len < sizeof (*hdr))) {
 1432                 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
 1433                     "cmd too small %d\n", len);
 1434                 return;
 1435         }
 1436         hdr = (struct ar_cmd_hdr *)buf;
 1437         if (__predict_false(sizeof (*hdr) + hdr->len > len ||
 1438             sizeof (*hdr) + hdr->len > 64)) {
 1439                 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
 1440                     "cmd too large %d\n", hdr->len);
 1441                 return;
 1442         }
 1443 
 1444         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1445             "%s: code=%.02x\n",
 1446             __func__,
 1447             hdr->code);
 1448 
 1449         /*
 1450          * This has to reach into the cmd queue "waiting for
 1451          * an RX response" list, grab the head entry and check
 1452          * if we need to wake anyone up.
 1453          */
 1454         if ((hdr->code & 0xc0) != 0xc0) {
 1455                 otus_cmd_handle_response(sc, hdr);
 1456                 return;
 1457         }
 1458 
 1459         /* Received unsolicited notification. */
 1460         switch (hdr->code & 0x3f) {
 1461         case AR_EVT_BEACON:
 1462                 break;
 1463         case AR_EVT_TX_COMP:
 1464         {
 1465                 struct ar_evt_tx_comp *tx = (struct ar_evt_tx_comp *)&hdr[1];
 1466                 struct ieee80211_node *ni;
 1467 
 1468                 ni = ieee80211_find_node(&ic->ic_sta, tx->macaddr);
 1469                 if (ni == NULL) {
 1470                         device_printf(sc->sc_dev,
 1471                             "%s: txcomp on unknown node (%s)\n",
 1472                             __func__,
 1473                             ether_sprintf(tx->macaddr));
 1474                         break;
 1475                 }
 1476 
 1477                 OTUS_DPRINTF(sc, OTUS_DEBUG_TXCOMP,
 1478                     "tx completed %s status=%d phy=0x%x\n",
 1479                     ether_sprintf(tx->macaddr), le16toh(tx->status),
 1480                     le32toh(tx->phy));
 1481 
 1482                 switch (le16toh(tx->status)) {
 1483                 case AR_TX_STATUS_COMP:
 1484 #if 0
 1485                         ackfailcnt = 0;
 1486                         ieee80211_ratectl_tx_complete(ni->ni_vap, ni,
 1487                             IEEE80211_RATECTL_TX_SUCCESS, &ackfailcnt, NULL);
 1488 #endif
 1489                         /*
 1490                          * We don't get the above; only error notifications.
 1491                          * Sigh.  So, don't worry about this.
 1492                          */
 1493                         break;
 1494                 case AR_TX_STATUS_RETRY_COMP:
 1495                         OTUS_NODE(ni)->tx_retries++;
 1496                         break;
 1497                 case AR_TX_STATUS_FAILED:
 1498                         OTUS_NODE(ni)->tx_err++;
 1499                         break;
 1500                 }
 1501                 ieee80211_free_node(ni);
 1502                 break;
 1503         }
 1504         case AR_EVT_TBTT:
 1505                 break;
 1506         case AR_EVT_DO_BB_RESET:
 1507                 /*
 1508                  * This is "tell driver to reset baseband" from ar9170-fw.
 1509                  *
 1510                  * I'm not sure what we should do here, so I'm going to
 1511                  * fall through; it gets generated when RTSRetryCnt internally
 1512                  * reaches '5' - I guess the firmware authors thought that
 1513                  * meant that the BB may have gone deaf or something.
 1514                  */
 1515         default:
 1516                 device_printf(sc->sc_dev,
 1517                     "%s: received notification code=0x%02x len=%d\n",
 1518                     __func__,
 1519                     hdr->code, hdr->len);
 1520         }
 1521 }
 1522 
 1523 /*
 1524  * Handle a single MPDU.
 1525  *
 1526  * This may be a single MPDU, or it may be a sub-frame from an A-MPDU.
 1527  * In the latter case some of the header details need to be adjusted.
 1528  */
 1529 void
 1530 otus_sub_rxeof(struct otus_softc *sc, uint8_t *buf, int len, struct mbufq *rxq)
 1531 {
 1532         struct ieee80211com *ic = &sc->sc_ic;
 1533         struct ieee80211_rx_stats rxs;
 1534 #if 0
 1535         struct ieee80211_node *ni;
 1536 #endif
 1537         struct ar_rx_macstatus *mac_status = NULL;
 1538         struct ar_rx_phystatus *phy_status = NULL;
 1539         struct ieee80211_frame *wh;
 1540         struct mbuf *m;
 1541 //      int s;
 1542 
 1543         if (otus_debug & OTUS_DEBUG_RX_BUFFER) {
 1544                 device_printf(sc->sc_dev, "%s: %*D\n",
 1545                     __func__, len, buf, "-");
 1546         }
 1547 
 1548         /*
 1549          * Before any data path stuff - check to see if this is a command
 1550          * response.
 1551          *
 1552          * All bits in the PLCP header are set to 1 for non-MPDU.
 1553          */
 1554         if ((len >= AR_PLCP_HDR_LEN) &&
 1555             memcmp(buf, AR_PLCP_HDR_INTR, AR_PLCP_HDR_LEN) == 0) {
 1556                 otus_cmd_rxeof(sc, buf + AR_PLCP_HDR_LEN,
 1557                     len - AR_PLCP_HDR_LEN);
 1558                 return;
 1559         }
 1560 
 1561         /*
 1562          * First step - get the status for the given frame.
 1563          * This will tell us whether it's a single MPDU or
 1564          * an A-MPDU subframe.
 1565          */
 1566         if (len < sizeof(*mac_status)) {
 1567                 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1568                     "%s: sub-xfer too short (no mac_status) (len %d)\n",
 1569                     __func__, len);
 1570                 counter_u64_add(ic->ic_ierrors, 1);
 1571                 return;
 1572         }
 1573         /*
 1574          * Remove the mac_status from the payload length.
 1575          *
 1576          * Note: cheating, don't reallocate the buffer!
 1577          */
 1578         mac_status = (struct ar_rx_macstatus *)(buf + len - sizeof(*mac_status));
 1579         len -= sizeof(*mac_status);
 1580 
 1581         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "%s: mac status=0x%x\n",
 1582             __func__, mac_status->status);
 1583 
 1584         /*
 1585          * Next - check the MAC status before doing anything else.
 1586          * Extract out the PLCP header for single and first frames;
 1587          * since there's a single RX path we can shove PLCP headers
 1588          * from both into sc->ar_last_rx_plcp[] so it can be reused.
 1589          */
 1590         if (((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_SINGLE) ||
 1591             ((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_FIRST)) {
 1592                 /*
 1593                  * Ok, we need to at least have a PLCP header at
 1594                  * this point.
 1595                  */
 1596                 if (len < AR_PLCP_HDR_LEN) {
 1597                         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1598                             "%s sub-xfer too short (no mac+plcp) (len %d\n)",
 1599                             __func__, len);
 1600                         counter_u64_add(ic->ic_ierrors, 1);
 1601                         return;
 1602                 }
 1603                 memcpy(sc->ar_last_rx_plcp, buf, AR_PLCP_HDR_LEN);
 1604 
 1605                 /*
 1606                  * At this point we can just consume the PLCP header.
 1607                  * The beginning of the frame should thus be data.
 1608                  */
 1609                 buf += AR_PLCP_HDR_LEN;
 1610                 len -= AR_PLCP_HDR_LEN;
 1611         }
 1612 
 1613         /*
 1614          * Next - see if we have a PHY status.
 1615          *
 1616          * The PHY status is at the end of the final A-MPDU subframe
 1617          * or a single MPDU frame.
 1618          *
 1619          * We'll use this to tag frames with noise floor / RSSI
 1620          * if they have valid information.
 1621          */
 1622         if (((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_SINGLE) ||
 1623             ((mac_status->status & AR_RX_STATUS_MPDU_MASK) == AR_RX_STATUS_MPDU_LAST)) {
 1624                 if (len < sizeof(*phy_status)) {
 1625                         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1626                             "%s sub-xfer too short (no phy status) (len %d\n)",
 1627                             __func__, len);
 1628                         counter_u64_add(ic->ic_ierrors, 1);
 1629                         return;
 1630                 }
 1631                 /*
 1632                  * Take a pointer to the phy status and remove the length
 1633                  * from the end of the buffer.
 1634                  *
 1635                  * Note: we're cheating here; don't reallocate the buffer!
 1636                  */
 1637                 phy_status = (struct ar_rx_phystatus *)
 1638                     (buf + len - sizeof(*phy_status));
 1639                 len -= sizeof(*phy_status);
 1640         }
 1641 
 1642         /*
 1643          * Middle frames just have a MAC status (stripped above.)
 1644          * No PHY status, and PLCP is from ar_last_rx_plcp.
 1645          */
 1646 
 1647         /*
 1648          * Discard error frames; don't discard BAD_RA (eg monitor mode);
 1649          * let net80211 do that
 1650          */
 1651         if (__predict_false((mac_status->error & ~AR_RX_ERROR_BAD_RA) != 0)) {
 1652                 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "error frame 0x%02x\n", mac_status->error);
 1653                 if (mac_status->error & AR_RX_ERROR_FCS) {
 1654                         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "bad FCS\n");
 1655                 } else if (mac_status->error & AR_RX_ERROR_MMIC) {
 1656                         /* Report Michael MIC failures to net80211. */
 1657 #if 0
 1658                         ieee80211_notify_michael_failure(ni->ni_vap, wh, keyidx);
 1659 #endif
 1660                         device_printf(sc->sc_dev, "%s: MIC failure\n", __func__);
 1661                 }
 1662                 counter_u64_add(ic->ic_ierrors, 1);
 1663                 return;
 1664         }
 1665 
 1666         /*
 1667          * Make sure there's room for an 802.11 header + FCS.
 1668          *
 1669          * Note: a CTS/ACK is 14 bytes (FC, DUR, RA, FCS).
 1670          * Making it IEEE80211_MIN_LEN misses CTS/ACKs.
 1671          *
 1672          * This won't be tossed at this point; eventually once
 1673          * rx radiotap is implemented this will allow for
 1674          * CTS/ACK frames.  Passing them up to net80211 will
 1675          * currently make it angry (too short packets.)
 1676          */
 1677         if (len < 2 + 2 + IEEE80211_ADDR_LEN + IEEE80211_CRC_LEN) {
 1678                 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1679                     "%s: too short for 802.11 (len %d)\n",
 1680                     __func__, len);
 1681                 counter_u64_add(ic->ic_ierrors, 1);
 1682                 return;
 1683         }
 1684 
 1685         len -= IEEE80211_CRC_LEN;       /* strip 802.11 FCS */
 1686         wh = (struct ieee80211_frame *) buf;
 1687 
 1688         /*
 1689          * The firmware does seem to spit out a bunch of frames
 1690          * with invalid frame control values here.  Just toss them
 1691          * rather than letting net80211 get angry and log.
 1692          */
 1693         if ((wh->i_fc[0] & IEEE80211_FC0_VERSION_MASK) !=
 1694             IEEE80211_FC0_VERSION_0) {
 1695                 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1696                     "%s: invalid 802.11 fc version (firmware bug?)\n",
 1697                         __func__);
 1698                 counter_u64_add(ic->ic_ierrors, 1);
 1699                 return;
 1700         }
 1701 
 1702         m = m_get2(len, M_NOWAIT, MT_DATA, M_PKTHDR);
 1703         if (m == NULL) {
 1704                 device_printf(sc->sc_dev, "%s: failed m_get2() (len=%d)\n",
 1705                     __func__, len);
 1706                 counter_u64_add(ic->ic_ierrors, 1);
 1707                 return;
 1708         }
 1709 
 1710         /* Finalize mbuf. */
 1711         memcpy(mtod(m, uint8_t *), wh, len);
 1712         m->m_pkthdr.len = m->m_len = len;
 1713 
 1714         /* XXX TODO: add setting rx radiotap fields here */
 1715 
 1716         /*
 1717          * Ok, check the frame length and toss if it's too short
 1718          * for net80211.  This will toss ACK/CTS.
 1719          */
 1720         if (m->m_len < IEEE80211_MIN_LEN) {
 1721                 /* XXX TODO: add radiotap receive here */
 1722                 m_free(m); m = NULL;
 1723                 return;
 1724         }
 1725 
 1726         /* Add RSSI to this mbuf if we have a PHY header */
 1727         bzero(&rxs, sizeof(rxs));
 1728         rxs.r_flags = IEEE80211_R_NF;
 1729         rxs.c_nf = sc->sc_nf[0];        /* XXX chain 0 != combined rssi/nf */
 1730         if (phy_status != NULL) {
 1731                 rxs.r_flags |= IEEE80211_R_RSSI;
 1732                 rxs.c_rssi = phy_status->rssi;
 1733         }
 1734         /* XXX TODO: add MIMO RSSI/NF as well */
 1735         if (ieee80211_add_rx_params(m, &rxs) == 0) {
 1736                 counter_u64_add(ic->ic_ierrors, 1);
 1737                 return;
 1738         }
 1739 
 1740         /* XXX make a method */
 1741         STAILQ_INSERT_TAIL(&rxq->mq_head, m, m_stailqpkt);
 1742 
 1743 #if 0
 1744         OTUS_UNLOCK(sc);
 1745         ni = ieee80211_find_rxnode(ic, wh);
 1746         rxi.rxi_flags = 0;
 1747         rxi.rxi_rssi = tail->rssi;
 1748         rxi.rxi_tstamp = 0;     /* unused */
 1749         ieee80211_input(ifp, m, ni, &rxi);
 1750 
 1751         /* Node is no longer needed. */
 1752         ieee80211_release_node(ic, ni);
 1753         OTUS_LOCK(sc);
 1754 #endif
 1755 }
 1756 
 1757 static void
 1758 otus_rxeof(struct usb_xfer *xfer, struct otus_data *data, struct mbufq *rxq)
 1759 {
 1760         struct otus_softc *sc = usbd_xfer_softc(xfer);
 1761         caddr_t buf = data->buf;
 1762         struct ar_rx_head *head;
 1763         uint16_t hlen;
 1764         int len, offset = 0;
 1765 
 1766         usbd_xfer_status(xfer, &len, NULL, NULL, NULL);
 1767 
 1768         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1769             "%s: transfer completed; len=%d\n",
 1770             __func__, len);
 1771         if (otus_debug & OTUS_DEBUG_RX_BUFFER) {
 1772                 device_printf(sc->sc_dev, "%s: %*D\n",
 1773                     __func__, len, buf, "-");
 1774         }
 1775 
 1776         while (len >= sizeof (*head)) {
 1777                 head = (struct ar_rx_head *)buf;
 1778                 if (__predict_false(head->tag != htole16(AR_RX_HEAD_TAG))) {
 1779                         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1780                             "tag not valid 0x%x\n", le16toh(head->tag));
 1781                         break;
 1782                 }
 1783                 hlen = le16toh(head->len);
 1784                 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "%s: hlen=%d\n",
 1785                     __func__, hlen);
 1786                 if (__predict_false(sizeof (*head) + hlen > len)) {
 1787                         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1788                             "xfer too short %d/%d\n", len, hlen);
 1789                         break;
 1790                 }
 1791                 /* Process sub-xfer. */
 1792                 otus_sub_rxeof(sc, (uint8_t *) (((uint8_t *) buf) + 4), hlen, rxq);
 1793 
 1794                 /* Next sub-xfer is aligned on a 32-bit boundary. */
 1795                 hlen = (sizeof (*head) + hlen + 3) & ~3;
 1796                 offset += hlen;
 1797                 OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE,
 1798                     "%s: rounded size is %d, next packet starts at %d\n",
 1799                     __func__, hlen, offset);
 1800                 buf += hlen;
 1801                 len -= hlen;
 1802         }
 1803         OTUS_DPRINTF(sc, OTUS_DEBUG_RXDONE, "%s: done!\n", __func__);
 1804 }
 1805 
 1806 static void
 1807 otus_bulk_rx_callback(struct usb_xfer *xfer, usb_error_t error)
 1808 {
 1809         struct epoch_tracker et;
 1810         struct otus_softc *sc = usbd_xfer_softc(xfer);
 1811         struct ieee80211com *ic = &sc->sc_ic;
 1812         struct ieee80211_frame *wh;
 1813         struct ieee80211_node *ni;
 1814         struct mbuf *m;
 1815         struct mbufq scrx;
 1816         struct otus_data *data;
 1817 
 1818         OTUS_LOCK_ASSERT(sc);
 1819 
 1820         mbufq_init(&scrx, 1024);
 1821 
 1822 #if 0
 1823         device_printf(sc->sc_dev, "%s: called; state=%d; error=%d\n",
 1824             __func__,
 1825             USB_GET_STATE(xfer),
 1826             error);
 1827 #endif
 1828 
 1829         switch (USB_GET_STATE(xfer)) {
 1830         case USB_ST_TRANSFERRED:
 1831                 data = STAILQ_FIRST(&sc->sc_rx_active);
 1832                 if (data == NULL)
 1833                         goto tr_setup;
 1834                 STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
 1835                 otus_rxeof(xfer, data, &scrx);
 1836                 STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
 1837                 /* FALLTHROUGH */
 1838         case USB_ST_SETUP:
 1839 tr_setup:
 1840                 /*
 1841                  * XXX TODO: what if sc_rx isn't empty, but data
 1842                  * is empty?  Then we leak mbufs.
 1843                  */
 1844                 data = STAILQ_FIRST(&sc->sc_rx_inactive);
 1845                 if (data == NULL) {
 1846                         //KASSERT(m == NULL, ("mbuf isn't NULL"));
 1847                         return;
 1848                 }
 1849                 STAILQ_REMOVE_HEAD(&sc->sc_rx_inactive, next);
 1850                 STAILQ_INSERT_TAIL(&sc->sc_rx_active, data, next);
 1851                 usbd_xfer_set_frame_data(xfer, 0, data->buf,
 1852                     usbd_xfer_max_len(xfer));
 1853                 usbd_transfer_submit(xfer);
 1854                 /*
 1855                  * To avoid LOR we should unlock our private mutex here to call
 1856                  * ieee80211_input() because here is at the end of a USB
 1857                  * callback and safe to unlock.
 1858                  */
 1859                 OTUS_UNLOCK(sc);
 1860                 NET_EPOCH_ENTER(et);
 1861                 while ((m = mbufq_dequeue(&scrx)) != NULL) {
 1862                         wh = mtod(m, struct ieee80211_frame *);
 1863                         ni = ieee80211_find_rxnode(ic,
 1864                             (struct ieee80211_frame_min *)wh);
 1865                         if (ni != NULL) {
 1866                                 if (ni->ni_flags & IEEE80211_NODE_HT)
 1867                                         m->m_flags |= M_AMPDU;
 1868                                 (void)ieee80211_input_mimo(ni, m);
 1869                                 ieee80211_free_node(ni);
 1870                         } else
 1871                                 (void)ieee80211_input_mimo_all(ic, m);
 1872                 }
 1873                 NET_EPOCH_EXIT(et);
 1874 #ifdef  IEEE80211_SUPPORT_SUPERG
 1875                 ieee80211_ff_age_all(ic, 100);
 1876 #endif
 1877                 OTUS_LOCK(sc);
 1878                 break;
 1879         default:
 1880                 /* needs it to the inactive queue due to a error. */
 1881                 data = STAILQ_FIRST(&sc->sc_rx_active);
 1882                 if (data != NULL) {
 1883                         STAILQ_REMOVE_HEAD(&sc->sc_rx_active, next);
 1884                         STAILQ_INSERT_TAIL(&sc->sc_rx_inactive, data, next);
 1885                 }
 1886                 if (error != USB_ERR_CANCELLED) {
 1887                         usbd_xfer_set_stall(xfer);
 1888                         counter_u64_add(ic->ic_ierrors, 1);
 1889                         goto tr_setup;
 1890                 }
 1891                 break;
 1892         }
 1893 }
 1894 
 1895 static void
 1896 otus_txeof(struct usb_xfer *xfer, struct otus_data *data)
 1897 {
 1898         struct otus_softc *sc = usbd_xfer_softc(xfer);
 1899 
 1900         OTUS_DPRINTF(sc, OTUS_DEBUG_TXDONE,
 1901             "%s: called; data=%p\n", __func__, data);
 1902 
 1903         OTUS_LOCK_ASSERT(sc);
 1904 
 1905         if (sc->sc_tx_n_active == 0) {
 1906                 device_printf(sc->sc_dev,
 1907                     "%s: completed but tx_active=0\n",
 1908                     __func__);
 1909         } else {
 1910                 sc->sc_tx_n_active--;
 1911         }
 1912 
 1913         if (data->m) {
 1914                 /* XXX status? */
 1915                 /* XXX we get TX status via the RX path.. */
 1916                 ieee80211_tx_complete(data->ni, data->m, 0);
 1917                 data->m = NULL;
 1918                 data->ni = NULL;
 1919         }
 1920 }
 1921 
 1922 static void
 1923 otus_txcmdeof(struct usb_xfer *xfer, struct otus_tx_cmd *cmd)
 1924 {
 1925         struct otus_softc *sc = usbd_xfer_softc(xfer);
 1926 
 1927         OTUS_LOCK_ASSERT(sc);
 1928 
 1929         OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
 1930             "%s: called; data=%p; odata=%p\n",
 1931             __func__, cmd, cmd->odata);
 1932 
 1933         /*
 1934          * Non-response commands still need wakeup so the caller
 1935          * knows it was submitted and completed OK; response commands should
 1936          * wait until they're ACKed by the firmware with a response.
 1937          */
 1938         if (cmd->odata) {
 1939                 STAILQ_INSERT_TAIL(&sc->sc_cmd_waiting, cmd, next_cmd);
 1940         } else {
 1941                 wakeup(cmd);
 1942                 otus_free_txcmd(sc, cmd);
 1943         }
 1944 }
 1945 
 1946 static void
 1947 otus_bulk_tx_callback(struct usb_xfer *xfer, usb_error_t error)
 1948 {
 1949         uint8_t which = OTUS_BULK_TX;
 1950         struct otus_softc *sc = usbd_xfer_softc(xfer);
 1951         struct ieee80211com *ic = &sc->sc_ic;
 1952         struct otus_data *data;
 1953 
 1954         OTUS_LOCK_ASSERT(sc);
 1955 
 1956         switch (USB_GET_STATE(xfer)) {
 1957         case USB_ST_TRANSFERRED:
 1958                 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
 1959                 if (data == NULL)
 1960                         goto tr_setup;
 1961                 OTUS_DPRINTF(sc, OTUS_DEBUG_TXDONE,
 1962                     "%s: transfer done %p\n", __func__, data);
 1963                 STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
 1964                 otus_txeof(xfer, data);
 1965                 otus_freebuf(sc, data);
 1966                 /* FALLTHROUGH */
 1967         case USB_ST_SETUP:
 1968 tr_setup:
 1969                 data = STAILQ_FIRST(&sc->sc_tx_pending[which]);
 1970                 if (data == NULL) {
 1971                         OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
 1972                             "%s: empty pending queue sc %p\n", __func__, sc);
 1973                         sc->sc_tx_n_active = 0;
 1974                         goto finish;
 1975                 }
 1976                 STAILQ_REMOVE_HEAD(&sc->sc_tx_pending[which], next);
 1977                 STAILQ_INSERT_TAIL(&sc->sc_tx_active[which], data, next);
 1978                 usbd_xfer_set_frame_data(xfer, 0, data->buf, data->buflen);
 1979                 OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
 1980                     "%s: submitting transfer %p\n", __func__, data);
 1981                 usbd_transfer_submit(xfer);
 1982                 sc->sc_tx_n_active++;
 1983                 break;
 1984         default:
 1985                 data = STAILQ_FIRST(&sc->sc_tx_active[which]);
 1986                 if (data != NULL) {
 1987                         STAILQ_REMOVE_HEAD(&sc->sc_tx_active[which], next);
 1988                         otus_txeof(xfer, data);
 1989                         otus_freebuf(sc, data);
 1990                 }
 1991                 counter_u64_add(ic->ic_oerrors, 1);
 1992 
 1993                 if (error != USB_ERR_CANCELLED) {
 1994                         usbd_xfer_set_stall(xfer);
 1995                         goto tr_setup;
 1996                 }
 1997                 break;
 1998         }
 1999 
 2000 finish:
 2001 #ifdef  IEEE80211_SUPPORT_SUPERG
 2002         /*
 2003          * If the TX active queue drops below a certain
 2004          * threshold, ensure we age fast-frames out so they're
 2005          * transmitted.
 2006          */
 2007         if (sc->sc_tx_n_active < 2) {
 2008                 /* XXX ew - net80211 should defer this for us! */
 2009                 OTUS_UNLOCK(sc);
 2010                 ieee80211_ff_flush(ic, WME_AC_VO);
 2011                 ieee80211_ff_flush(ic, WME_AC_VI);
 2012                 ieee80211_ff_flush(ic, WME_AC_BE);
 2013                 ieee80211_ff_flush(ic, WME_AC_BK);
 2014                 OTUS_LOCK(sc);
 2015         }
 2016 #endif
 2017         /* Kick TX */
 2018         otus_tx_start(sc);
 2019 }
 2020 
 2021 static void
 2022 otus_bulk_cmd_callback(struct usb_xfer *xfer, usb_error_t error)
 2023 {
 2024         struct otus_softc *sc = usbd_xfer_softc(xfer);
 2025 #if 0
 2026         struct ieee80211com *ic = &sc->sc_ic;
 2027 #endif
 2028         struct otus_tx_cmd *cmd;
 2029 
 2030         OTUS_LOCK_ASSERT(sc);
 2031 
 2032         switch (USB_GET_STATE(xfer)) {
 2033         case USB_ST_TRANSFERRED:
 2034                 cmd = STAILQ_FIRST(&sc->sc_cmd_active);
 2035                 if (cmd == NULL)
 2036                         goto tr_setup;
 2037                 OTUS_DPRINTF(sc, OTUS_DEBUG_CMDDONE,
 2038                     "%s: transfer done %p\n", __func__, cmd);
 2039                 STAILQ_REMOVE_HEAD(&sc->sc_cmd_active, next_cmd);
 2040                 otus_txcmdeof(xfer, cmd);
 2041                 /* FALLTHROUGH */
 2042         case USB_ST_SETUP:
 2043 tr_setup:
 2044                 cmd = STAILQ_FIRST(&sc->sc_cmd_pending);
 2045                 if (cmd == NULL) {
 2046                         OTUS_DPRINTF(sc, OTUS_DEBUG_CMD,
 2047                             "%s: empty pending queue sc %p\n", __func__, sc);
 2048                         return;
 2049                 }
 2050                 STAILQ_REMOVE_HEAD(&sc->sc_cmd_pending, next_cmd);
 2051                 STAILQ_INSERT_TAIL(&sc->sc_cmd_active, cmd, next_cmd);
 2052                 usbd_xfer_set_frame_data(xfer, 0, cmd->buf, cmd->buflen);
 2053                 OTUS_DPRINTF(sc, OTUS_DEBUG_CMD,
 2054                     "%s: submitting transfer %p; buf=%p, buflen=%d\n", __func__, cmd, cmd->buf, cmd->buflen);
 2055                 usbd_transfer_submit(xfer);
 2056                 break;
 2057         default:
 2058                 cmd = STAILQ_FIRST(&sc->sc_cmd_active);
 2059                 if (cmd != NULL) {
 2060                         STAILQ_REMOVE_HEAD(&sc->sc_cmd_active, next_cmd);
 2061                         otus_txcmdeof(xfer, cmd);
 2062                 }
 2063 
 2064                 if (error != USB_ERR_CANCELLED) {
 2065                         usbd_xfer_set_stall(xfer);
 2066                         goto tr_setup;
 2067                 }
 2068                 break;
 2069         }
 2070 }
 2071 
 2072 /*
 2073  * This isn't used by carl9170; it however may be used by the
 2074  * initial bootloader.
 2075  */
 2076 static void
 2077 otus_bulk_irq_callback(struct usb_xfer *xfer, usb_error_t error)
 2078 {
 2079         struct otus_softc *sc = usbd_xfer_softc(xfer);
 2080         int actlen;
 2081         int sumlen;
 2082 
 2083         usbd_xfer_status(xfer, &actlen, &sumlen, NULL, NULL);
 2084         OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ,
 2085             "%s: called; state=%d\n", __func__, USB_GET_STATE(xfer));
 2086 
 2087         switch (USB_GET_STATE(xfer)) {
 2088         case USB_ST_TRANSFERRED:
 2089                 /*
 2090                  * Read usb frame data, if any.
 2091                  * "actlen" has the total length for all frames
 2092                  * transferred.
 2093                  */
 2094                 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ,
 2095                     "%s: comp; %d bytes\n",
 2096                     __func__,
 2097                     actlen);
 2098 #if 0
 2099                 pc = usbd_xfer_get_frame(xfer, 0);
 2100                 otus_dump_usb_rx_page(sc, pc, actlen);
 2101 #endif
 2102                 /* XXX fallthrough */
 2103         case USB_ST_SETUP:
 2104                 /*
 2105                  * Setup xfer frame lengths/count and data
 2106                  */
 2107                 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ, "%s: setup\n", __func__);
 2108                 usbd_xfer_set_frame_len(xfer, 0, usbd_xfer_max_len(xfer));
 2109                 usbd_transfer_submit(xfer);
 2110                 break;
 2111 
 2112         default: /* Error */
 2113                 /*
 2114                  * Print error message and clear stall
 2115                  * for example.
 2116                  */
 2117                 OTUS_DPRINTF(sc, OTUS_DEBUG_IRQ, "%s: ERROR?\n", __func__);
 2118                 break;
 2119         }
 2120 }
 2121 
 2122 /*
 2123  * Map net80211 rate to hw rate for otus MAC/PHY.
 2124  */
 2125 static uint8_t
 2126 otus_rate_to_hw_rate(struct otus_softc *sc, uint8_t rate)
 2127 {
 2128         int is_2ghz;
 2129 
 2130         is_2ghz = !! (IEEE80211_IS_CHAN_2GHZ(sc->sc_ic.ic_curchan));
 2131 
 2132         /* MCS check */
 2133         if (rate & 0x80) {
 2134                 return rate;
 2135         }
 2136 
 2137         switch (rate) {
 2138         /* CCK */
 2139         case 2:
 2140                 return (0x0);
 2141         case 4:
 2142                 return (0x1);
 2143         case 11:
 2144                 return (0x2);
 2145         case 22:
 2146                 return (0x3);
 2147         /* OFDM */
 2148         case 12:
 2149                 return (0xb);
 2150         case 18:
 2151                 return (0xf);
 2152         case 24:
 2153                 return (0xa);
 2154         case 36:
 2155                 return (0xe);
 2156         case 48:
 2157                 return (0x9);
 2158         case 72:
 2159                 return (0xd);
 2160         case 96:
 2161                 return (0x8);
 2162         case 108:
 2163                 return (0xc);
 2164         default:
 2165                 device_printf(sc->sc_dev, "%s: unknown rate '%d'\n",
 2166                     __func__, (int) rate);
 2167         case 0:
 2168                 if (is_2ghz)
 2169                         return (0x0);   /* 1MB CCK */
 2170                 else
 2171                         return (0xb);   /* 6MB OFDM */
 2172         }
 2173 }
 2174 
 2175 static int
 2176 otus_hw_rate_is_ht(struct otus_softc *sc, uint8_t hw_rate)
 2177 {
 2178 
 2179         return !! (hw_rate & 0x80);
 2180 }
 2181 
 2182 static int
 2183 otus_hw_rate_is_ofdm(struct otus_softc *sc, uint8_t hw_rate)
 2184 {
 2185 
 2186         switch (hw_rate) {
 2187         case 0x0:
 2188         case 0x1:
 2189         case 0x2:
 2190         case 0x3:
 2191                 return (0);
 2192         default:
 2193                 return (1);
 2194         }
 2195 }
 2196 
 2197 static void
 2198 otus_tx_update_ratectl(struct otus_softc *sc, struct ieee80211_node *ni)
 2199 {
 2200         struct ieee80211_ratectl_tx_stats *txs = &sc->sc_txs;
 2201         struct otus_node *on = OTUS_NODE(ni);
 2202 
 2203         txs->flags = IEEE80211_RATECTL_TX_STATS_NODE |
 2204                      IEEE80211_RATECTL_TX_STATS_RETRIES;
 2205         txs->ni = ni;
 2206         txs->nframes = on->tx_done;
 2207         txs->nsuccess = on->tx_done - on->tx_err;
 2208         txs->nretries = on->tx_retries;
 2209 
 2210         ieee80211_ratectl_tx_update(ni->ni_vap, txs);
 2211         on->tx_done = on->tx_err = on->tx_retries = 0;
 2212 }
 2213 
 2214 /*
 2215  * XXX TODO: support tx bpf parameters for configuration!
 2216  *
 2217  * Relevant pieces:
 2218  *
 2219  * ac = params->ibp_pri & 3;
 2220  * rate = params->ibp_rate0;
 2221  * params->ibp_flags & IEEE80211_BPF_NOACK
 2222  * params->ibp_flags & IEEE80211_BPF_RTS
 2223  * params->ibp_flags & IEEE80211_BPF_CTS
 2224  * tx->rts_ntries = params->ibp_try1;
 2225  * tx->data_ntries = params->ibp_try0;
 2226  */
 2227 static int
 2228 otus_tx(struct otus_softc *sc, struct ieee80211_node *ni, struct mbuf *m,
 2229     struct otus_data *data, const struct ieee80211_bpf_params *params)
 2230 {
 2231         const struct ieee80211_txparam *tp = ni->ni_txparms;
 2232         struct ieee80211com *ic = &sc->sc_ic;
 2233         struct ieee80211vap *vap = ni->ni_vap;
 2234         struct ieee80211_frame *wh;
 2235         struct ieee80211_key *k;
 2236         struct ar_tx_head *head;
 2237         uint32_t phyctl;
 2238         uint16_t macctl, qos;
 2239         uint8_t qid, rate;
 2240         int hasqos, xferlen, type, ismcast;
 2241 
 2242         wh = mtod(m, struct ieee80211_frame *);
 2243         if (wh->i_fc[1] & IEEE80211_FC1_PROTECTED) {
 2244                 k = ieee80211_crypto_encap(ni, m);
 2245                 if (k == NULL) {
 2246                         device_printf(sc->sc_dev,
 2247                             "%s: m=%p: ieee80211_crypto_encap returns NULL\n",
 2248                             __func__,
 2249                             m);
 2250                         return (ENOBUFS);
 2251                 }
 2252                 wh = mtod(m, struct ieee80211_frame *);
 2253         }
 2254 
 2255         /* Calculate transfer length; ensure data buffer is large enough */
 2256         xferlen = sizeof (*head) + m->m_pkthdr.len;
 2257         if (xferlen > OTUS_TXBUFSZ) {
 2258                 device_printf(sc->sc_dev,
 2259                     "%s: 802.11 TX frame is %d bytes, max %d bytes\n",
 2260                     __func__,
 2261                     xferlen,
 2262                     OTUS_TXBUFSZ);
 2263                 return (ENOBUFS);
 2264         }
 2265 
 2266         hasqos = !! IEEE80211_QOS_HAS_SEQ(wh);
 2267 
 2268         if (hasqos) {
 2269                 uint8_t tid;
 2270                 qos = ((const struct ieee80211_qosframe *)wh)->i_qos[0];
 2271                 tid = qos & IEEE80211_QOS_TID;
 2272                 qid = TID_TO_WME_AC(tid);
 2273         } else {
 2274                 qos = 0;
 2275                 qid = WME_AC_BE;
 2276         }
 2277 
 2278         type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK;
 2279         ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1);
 2280 
 2281         /* Pickup a rate index. */
 2282         if (params != NULL)
 2283                 rate = otus_rate_to_hw_rate(sc, params->ibp_rate0);
 2284         else if (!!(m->m_flags & M_EAPOL) || type != IEEE80211_FC0_TYPE_DATA)
 2285                 rate = otus_rate_to_hw_rate(sc, tp->mgmtrate);
 2286         else if (ismcast)
 2287                 rate = otus_rate_to_hw_rate(sc, tp->mcastrate);
 2288         else if (tp->ucastrate != IEEE80211_FIXED_RATE_NONE)
 2289                 rate = otus_rate_to_hw_rate(sc, tp->ucastrate);
 2290         else {
 2291                 (void) ieee80211_ratectl_rate(ni, NULL, 0);
 2292                 rate = otus_rate_to_hw_rate(sc, ni->ni_txrate);
 2293         }
 2294 
 2295         phyctl = 0;
 2296         macctl = AR_TX_MAC_BACKOFF | AR_TX_MAC_HW_DUR | AR_TX_MAC_QID(qid);
 2297 
 2298         /*
 2299          * XXX TODO: params for NOACK, ACK, RTS, CTS, etc
 2300          */
 2301         if (ismcast ||
 2302             (hasqos && ((qos & IEEE80211_QOS_ACKPOLICY) ==
 2303              IEEE80211_QOS_ACKPOLICY_NOACK)))
 2304                 macctl |= AR_TX_MAC_NOACK;
 2305 
 2306         if (!ismcast) {
 2307                 if (m->m_pkthdr.len + IEEE80211_CRC_LEN >= vap->iv_rtsthreshold)
 2308                         macctl |= AR_TX_MAC_RTS;
 2309                 else if (otus_hw_rate_is_ht(sc, rate)) {
 2310                         if (ic->ic_htprotmode == IEEE80211_PROT_RTSCTS)
 2311                                 macctl |= AR_TX_MAC_RTS;
 2312                 } else if (ic->ic_flags & IEEE80211_F_USEPROT) {
 2313                         if (ic->ic_protmode == IEEE80211_PROT_CTSONLY)
 2314                                 macctl |= AR_TX_MAC_CTS;
 2315                         else if (ic->ic_protmode == IEEE80211_PROT_RTSCTS)
 2316                                 macctl |= AR_TX_MAC_RTS;
 2317                 }
 2318         }
 2319 
 2320         phyctl |= AR_TX_PHY_MCS(rate & 0x7f); /* Note: MCS rates are 0x80 and above */
 2321         if (otus_hw_rate_is_ht(sc, rate)) {
 2322                 phyctl |= AR_TX_PHY_MT_HT;
 2323                 /* Always use all tx antennas for now, just to be safe */
 2324                 phyctl |= AR_TX_PHY_ANTMSK(sc->txmask);
 2325 
 2326                 /* Heavy clip */
 2327                 phyctl |= (rate & 0x7) << AR_TX_PHY_TX_HEAVY_CLIP_SHIFT;
 2328         } else if (otus_hw_rate_is_ofdm(sc, rate)) {
 2329                 phyctl |= AR_TX_PHY_MT_OFDM;
 2330                 /* Always use all tx antennas for now, just to be safe */
 2331                 phyctl |= AR_TX_PHY_ANTMSK(sc->txmask);
 2332         } else {        /* CCK */
 2333                 phyctl |= AR_TX_PHY_MT_CCK;
 2334                 phyctl |= AR_TX_PHY_ANTMSK(sc->txmask);
 2335         }
 2336 
 2337         /* Update net80211 with the current counters */
 2338         otus_tx_update_ratectl(sc, ni);
 2339 
 2340         /* Update rate control stats for frames that are ACK'ed. */
 2341         if (!(macctl & AR_TX_MAC_NOACK))
 2342                 OTUS_NODE(ni)->tx_done++;
 2343 
 2344         /* Fill Tx descriptor. */
 2345         head = (struct ar_tx_head *)data->buf;
 2346         head->len = htole16(m->m_pkthdr.len + IEEE80211_CRC_LEN);
 2347         head->macctl = htole16(macctl);
 2348         head->phyctl = htole32(phyctl);
 2349 
 2350         m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)&head[1]);
 2351 
 2352         data->buflen = xferlen;
 2353         data->ni = ni;
 2354         data->m = m;
 2355 
 2356         OTUS_DPRINTF(sc, OTUS_DEBUG_XMIT,
 2357             "%s: tx: m=%p; data=%p; len=%d mac=0x%04x phy=0x%08x rate=0x%02x, ni_txrate=%d\n",
 2358             __func__, m, data, le16toh(head->len), macctl, phyctl,
 2359             (int) rate, (int) ni->ni_txrate);
 2360 
 2361         /* Submit transfer */
 2362         STAILQ_INSERT_TAIL(&sc->sc_tx_pending[OTUS_BULK_TX], data, next);
 2363         usbd_transfer_start(sc->sc_xfer[OTUS_BULK_TX]);
 2364 
 2365         return 0;
 2366 }
 2367 
 2368 static u_int
 2369 otus_hash_maddr(void *arg, struct sockaddr_dl *sdl, u_int cnt)
 2370 {
 2371         uint32_t val, *hashes = arg;
 2372 
 2373         val = le32dec(LLADDR(sdl) + 4);
 2374         /* Get address byte 5 */
 2375         val = val & 0x0000ff00;
 2376         val = val >> 8;
 2377 
 2378         /* As per below, shift it >> 2 to get only 6 bits */
 2379         val = val >> 2;
 2380         if (val < 32)
 2381                 hashes[0] |= 1 << val;
 2382         else
 2383                 hashes[1] |= 1 << (val - 32);
 2384 
 2385         return (1);
 2386 }
 2387 
 2388 int
 2389 otus_set_multi(struct otus_softc *sc)
 2390 {
 2391         struct ieee80211com *ic = &sc->sc_ic;
 2392         uint32_t hashes[2];
 2393         int r;
 2394 
 2395         if (ic->ic_allmulti > 0 || ic->ic_promisc > 0 ||
 2396             ic->ic_opmode == IEEE80211_M_MONITOR) {
 2397                 hashes[0] = 0xffffffff;
 2398                 hashes[1] = 0xffffffff;
 2399         } else {
 2400                 struct ieee80211vap *vap;
 2401 
 2402                 hashes[0] = hashes[1] = 0;
 2403                 TAILQ_FOREACH(vap, &ic->ic_vaps, iv_next)
 2404                         if_foreach_llmaddr(vap->iv_ifp, otus_hash_maddr,
 2405                             hashes);
 2406         }
 2407 #if 0
 2408         /* XXX openbsd code */
 2409         while (enm != NULL) {
 2410                 bit = enm->enm_addrlo[5] >> 2;
 2411                 if (bit < 32)
 2412                         hashes[0] |= 1 << bit;
 2413                 else
 2414                         hashes[1] |= 1 << (bit - 32);
 2415                 ETHER_NEXT_MULTI(step, enm);
 2416         }
 2417 #endif
 2418 
 2419         hashes[1] |= 1U << 31;  /* Make sure the broadcast bit is set. */
 2420 
 2421         OTUS_LOCK(sc);
 2422         otus_write(sc, AR_MAC_REG_GROUP_HASH_TBL_L, hashes[0]);
 2423         otus_write(sc, AR_MAC_REG_GROUP_HASH_TBL_H, hashes[1]);
 2424         r = otus_write_barrier(sc);
 2425         /* XXX operating mode? filter? */
 2426         OTUS_UNLOCK(sc);
 2427         return (r);
 2428 }
 2429 
 2430 static int
 2431 otus_updateedca(struct ieee80211com *ic)
 2432 {
 2433         struct otus_softc *sc = ic->ic_softc;
 2434 
 2435         OTUS_LOCK(sc);
 2436         /*
 2437          * XXX TODO: take temporary copy of EDCA information
 2438          * when scheduling this so we have a more time-correct view
 2439          * of things.
 2440          * XXX TODO: this can be done on the net80211 level
 2441          */
 2442         otus_updateedca_locked(sc);
 2443         OTUS_UNLOCK(sc);
 2444         return (0);
 2445 }
 2446 
 2447 static void
 2448 otus_updateedca_locked(struct otus_softc *sc)
 2449 {
 2450 #define EXP2(val)       ((1 << (val)) - 1)
 2451 #define AIFS(val)       ((val) * 9 + 10)
 2452         struct chanAccParams chp;
 2453         struct ieee80211com *ic = &sc->sc_ic;
 2454         const struct wmeParams *edca;
 2455 
 2456         ieee80211_wme_ic_getparams(ic, &chp);
 2457 
 2458         OTUS_LOCK_ASSERT(sc);
 2459 
 2460         edca = chp.cap_wmeParams;
 2461 
 2462         /* Set CWmin/CWmax values. */
 2463         otus_write(sc, AR_MAC_REG_AC0_CW,
 2464             EXP2(edca[WME_AC_BE].wmep_logcwmax) << 16 |
 2465             EXP2(edca[WME_AC_BE].wmep_logcwmin));
 2466         otus_write(sc, AR_MAC_REG_AC1_CW,
 2467             EXP2(edca[WME_AC_BK].wmep_logcwmax) << 16 |
 2468             EXP2(edca[WME_AC_BK].wmep_logcwmin));
 2469         otus_write(sc, AR_MAC_REG_AC2_CW,
 2470             EXP2(edca[WME_AC_VI].wmep_logcwmax) << 16 |
 2471             EXP2(edca[WME_AC_VI].wmep_logcwmin));
 2472         otus_write(sc, AR_MAC_REG_AC3_CW,
 2473             EXP2(edca[WME_AC_VO].wmep_logcwmax) << 16 |
 2474             EXP2(edca[WME_AC_VO].wmep_logcwmin));
 2475         otus_write(sc, AR_MAC_REG_AC4_CW,               /* Special TXQ. */
 2476             EXP2(edca[WME_AC_VO].wmep_logcwmax) << 16 |
 2477             EXP2(edca[WME_AC_VO].wmep_logcwmin));
 2478 
 2479         /* Set AIFSN values. */
 2480         otus_write(sc, AR_MAC_REG_AC1_AC0_AIFS,
 2481             AIFS(edca[WME_AC_VI].wmep_aifsn) << 24 |
 2482             AIFS(edca[WME_AC_BK].wmep_aifsn) << 12 |
 2483             AIFS(edca[WME_AC_BE].wmep_aifsn));
 2484         otus_write(sc, AR_MAC_REG_AC3_AC2_AIFS,
 2485             AIFS(edca[WME_AC_VO].wmep_aifsn) << 16 |    /* Special TXQ. */
 2486             AIFS(edca[WME_AC_VO].wmep_aifsn) <<  4 |
 2487             AIFS(edca[WME_AC_VI].wmep_aifsn) >>  8);
 2488 
 2489         /* Set TXOP limit. */
 2490         otus_write(sc, AR_MAC_REG_AC1_AC0_TXOP,
 2491             edca[WME_AC_BK].wmep_txopLimit << 16 |
 2492             edca[WME_AC_BE].wmep_txopLimit);
 2493         otus_write(sc, AR_MAC_REG_AC3_AC2_TXOP,
 2494             edca[WME_AC_VO].wmep_txopLimit << 16 |
 2495             edca[WME_AC_VI].wmep_txopLimit);
 2496 
 2497         /* XXX ACK policy? */
 2498 
 2499         (void)otus_write_barrier(sc);
 2500 
 2501 #undef AIFS
 2502 #undef EXP2
 2503 }
 2504 
 2505 static void
 2506 otus_updateslot(struct otus_softc *sc)
 2507 {
 2508         struct ieee80211com *ic = &sc->sc_ic;
 2509         uint32_t slottime;
 2510 
 2511         OTUS_LOCK_ASSERT(sc);
 2512 
 2513         slottime = IEEE80211_GET_SLOTTIME(ic);
 2514         otus_write(sc, AR_MAC_REG_SLOT_TIME, slottime << 10);
 2515         (void)otus_write_barrier(sc);
 2516 }
 2517 
 2518 /*
 2519  * Things to do based on 2GHz or 5GHz:
 2520  *
 2521  * + slottime
 2522  * + dyn_sifs_ack
 2523  * + rts_cts_rate
 2524  * + slot time
 2525  * + mac_rates
 2526  * + mac_tpc
 2527  *
 2528  * And in the transmit path
 2529  * + tpc: carl9170_tx_rate_tpc_chains
 2530  * + carl9170_tx_physet()
 2531  * + disable short premable tx
 2532  */
 2533 
 2534 int
 2535 otus_init_mac(struct otus_softc *sc)
 2536 {
 2537         int error;
 2538 
 2539         OTUS_LOCK_ASSERT(sc);
 2540 
 2541         otus_write(sc, AR_MAC_REG_ACK_EXTENSION, 0x40);
 2542         otus_write(sc, AR_MAC_REG_RETRY_MAX, 0);
 2543         otus_write(sc, AR_MAC_REG_RX_THRESHOLD, 0xc1f80);
 2544         otus_write(sc, AR_MAC_REG_RX_PE_DELAY, 0x70);
 2545         otus_write(sc, AR_MAC_REG_EIFS_AND_SIFS, 0xa144000);
 2546         otus_write(sc, AR_MAC_REG_SLOT_TIME, 9 << 10);
 2547         otus_write(sc, AR_MAC_REG_TID_CFACK_CFEND_RATE, 0x19000000);
 2548         /* NAV protects ACK only (in TXOP). */
 2549         otus_write(sc, AR_MAC_REG_TXOP_DURATION, 0x201);
 2550         /* Set beacon Tx power to 0x7. */
 2551         otus_write(sc, AR_MAC_REG_BCN_HT1, 0x8000170);
 2552         otus_write(sc, AR_MAC_REG_BACKOFF_PROTECT, 0x105);
 2553         otus_write(sc, AR_MAC_REG_AMPDU_FACTOR, 0x10000a);
 2554 
 2555         otus_set_rx_filter(sc);
 2556 
 2557         otus_write(sc, AR_MAC_REG_BASIC_RATE, 0x150f);
 2558         otus_write(sc, AR_MAC_REG_MANDATORY_RATE, 0x150f);
 2559         otus_write(sc, AR_MAC_REG_RTS_CTS_RATE, 0x10b01bb);
 2560         otus_write(sc, AR_MAC_REG_ACK_TPC, 0x4003c1e);
 2561 
 2562         /* Enable LED0 and LED1. */
 2563         otus_write(sc, AR_GPIO_REG_PORT_TYPE, 0x3);
 2564         otus_write(sc, AR_GPIO_REG_PORT_DATA, 0x3);
 2565         /* Switch MAC to OTUS interface. */
 2566         otus_write(sc, 0x1c3600, 0x3);
 2567         otus_write(sc, AR_MAC_REG_AMPDU_RX_THRESH, 0xffff);
 2568         otus_write(sc, AR_MAC_REG_MISC_680, 0xf00008);
 2569         /* Disable Rx timeout (workaround). */
 2570         otus_write(sc, AR_MAC_REG_RX_TIMEOUT, 0);
 2571 
 2572         /* Set USB Rx stream mode maximum frame number to 2. */
 2573         otus_write(sc, 0x1e1110, 0x4);
 2574         /* Set USB Rx stream mode timeout to 10us. */
 2575         otus_write(sc, 0x1e1114, 0x80);
 2576 
 2577         /* Set clock frequency to 88/80MHz. */
 2578         otus_write(sc, AR_PWR_REG_CLOCK_SEL, 0x73);
 2579         /* Set WLAN DMA interrupt mode: generate intr per packet. */
 2580         otus_write(sc, AR_MAC_REG_TXRX_MPI, 0x110011);
 2581         otus_write(sc, AR_MAC_REG_FCS_SELECT, 0x4);
 2582         otus_write(sc, AR_MAC_REG_TXOP_NOT_ENOUGH_INDICATION, 0x141e0f48);
 2583 
 2584         /* Disable HW decryption for now. */
 2585         otus_write(sc, AR_MAC_REG_ENCRYPTION, 0x78);
 2586 
 2587         if ((error = otus_write_barrier(sc)) != 0)
 2588                 return error;
 2589 
 2590         /* Set default EDCA parameters. */
 2591         otus_updateedca_locked(sc);
 2592 
 2593         return 0;
 2594 }
 2595 
 2596 /*
 2597  * Return default value for PHY register based on current operating mode.
 2598  */
 2599 uint32_t
 2600 otus_phy_get_def(struct otus_softc *sc, uint32_t reg)
 2601 {
 2602         int i;
 2603 
 2604         for (i = 0; i < nitems(ar5416_phy_regs); i++)
 2605                 if (AR_PHY(ar5416_phy_regs[i]) == reg)
 2606                         return sc->phy_vals[i];
 2607         return 0;       /* Register not found. */
 2608 }
 2609 
 2610 /*
 2611  * Update PHY's programming based on vendor-specific data stored in EEPROM.
 2612  * This is for FEM-type devices only.
 2613  */
 2614 int
 2615 otus_set_board_values(struct otus_softc *sc, struct ieee80211_channel *c)
 2616 {
 2617         const struct ModalEepHeader *eep;
 2618         uint32_t tmp, offset;
 2619 
 2620         if (IEEE80211_IS_CHAN_5GHZ(c))
 2621                 eep = &sc->eeprom.modalHeader[0];
 2622         else
 2623                 eep = &sc->eeprom.modalHeader[1];
 2624 
 2625         /* Offset of chain 2. */
 2626         offset = 2 * 0x1000;
 2627 
 2628         tmp = le32toh(eep->antCtrlCommon);
 2629         otus_write(sc, AR_PHY_SWITCH_COM, tmp);
 2630 
 2631         tmp = le32toh(eep->antCtrlChain[0]);
 2632         otus_write(sc, AR_PHY_SWITCH_CHAIN_0, tmp);
 2633 
 2634         tmp = le32toh(eep->antCtrlChain[1]);
 2635         otus_write(sc, AR_PHY_SWITCH_CHAIN_0 + offset, tmp);
 2636 
 2637         if (1 /* sc->sc_sco == AR_SCO_SCN */) {
 2638                 tmp = otus_phy_get_def(sc, AR_PHY_SETTLING);
 2639                 tmp &= ~(0x7f << 7);
 2640                 tmp |= (eep->switchSettling & 0x7f) << 7;
 2641                 otus_write(sc, AR_PHY_SETTLING, tmp);
 2642         }
 2643 
 2644         tmp = otus_phy_get_def(sc, AR_PHY_DESIRED_SZ);
 2645         tmp &= ~0xffff;
 2646         tmp |= eep->pgaDesiredSize << 8 | eep->adcDesiredSize;
 2647         otus_write(sc, AR_PHY_DESIRED_SZ, tmp);
 2648 
 2649         tmp = eep->txEndToXpaOff << 24 | eep->txEndToXpaOff << 16 |
 2650               eep->txFrameToXpaOn << 8 | eep->txFrameToXpaOn;
 2651         otus_write(sc, AR_PHY_RF_CTL4, tmp);
 2652 
 2653         tmp = otus_phy_get_def(sc, AR_PHY_RF_CTL3);
 2654         tmp &= ~(0xff << 16);
 2655         tmp |= eep->txEndToRxOn << 16;
 2656         otus_write(sc, AR_PHY_RF_CTL3, tmp);
 2657 
 2658         tmp = otus_phy_get_def(sc, AR_PHY_CCA);
 2659         tmp &= ~(0x7f << 12);
 2660         tmp |= (eep->thresh62 & 0x7f) << 12;
 2661         otus_write(sc, AR_PHY_CCA, tmp);
 2662 
 2663         tmp = otus_phy_get_def(sc, AR_PHY_RXGAIN);
 2664         tmp &= ~(0x3f << 12);
 2665         tmp |= (eep->txRxAttenCh[0] & 0x3f) << 12;
 2666         otus_write(sc, AR_PHY_RXGAIN, tmp);
 2667 
 2668         tmp = otus_phy_get_def(sc, AR_PHY_RXGAIN + offset);
 2669         tmp &= ~(0x3f << 12);
 2670         tmp |= (eep->txRxAttenCh[1] & 0x3f) << 12;
 2671         otus_write(sc, AR_PHY_RXGAIN + offset, tmp);
 2672 
 2673         tmp = otus_phy_get_def(sc, AR_PHY_GAIN_2GHZ);
 2674         tmp &= ~(0x3f << 18);
 2675         tmp |= (eep->rxTxMarginCh[0] & 0x3f) << 18;
 2676         if (IEEE80211_IS_CHAN_5GHZ(c)) {
 2677                 tmp &= ~(0xf << 10);
 2678                 tmp |= (eep->bswMargin[0] & 0xf) << 10;
 2679         }
 2680         otus_write(sc, AR_PHY_GAIN_2GHZ, tmp);
 2681 
 2682         tmp = otus_phy_get_def(sc, AR_PHY_GAIN_2GHZ + offset);
 2683         tmp &= ~(0x3f << 18);
 2684         tmp |= (eep->rxTxMarginCh[1] & 0x3f) << 18;
 2685         otus_write(sc, AR_PHY_GAIN_2GHZ + offset, tmp);
 2686 
 2687         tmp = otus_phy_get_def(sc, AR_PHY_TIMING_CTRL4);
 2688         tmp &= ~(0x3f << 5 | 0x1f);
 2689         tmp |= (eep->iqCalICh[0] & 0x3f) << 5 | (eep->iqCalQCh[0] & 0x1f);
 2690         otus_write(sc, AR_PHY_TIMING_CTRL4, tmp);
 2691 
 2692         tmp = otus_phy_get_def(sc, AR_PHY_TIMING_CTRL4 + offset);
 2693         tmp &= ~(0x3f << 5 | 0x1f);
 2694         tmp |= (eep->iqCalICh[1] & 0x3f) << 5 | (eep->iqCalQCh[1] & 0x1f);
 2695         otus_write(sc, AR_PHY_TIMING_CTRL4 + offset, tmp);
 2696 
 2697         tmp = otus_phy_get_def(sc, AR_PHY_TPCRG1);
 2698         tmp &= ~(0xf << 16);
 2699         tmp |= (eep->xpd & 0xf) << 16;
 2700         otus_write(sc, AR_PHY_TPCRG1, tmp);
 2701 
 2702         return otus_write_barrier(sc);
 2703 }
 2704 
 2705 int
 2706 otus_program_phy(struct otus_softc *sc, struct ieee80211_channel *c)
 2707 {
 2708         const uint32_t *vals;
 2709         int error, i;
 2710 
 2711         /* Select PHY programming based on band and bandwidth. */
 2712         if (IEEE80211_IS_CHAN_2GHZ(c)) {
 2713                 if (IEEE80211_IS_CHAN_HT40(c))
 2714                         vals = ar5416_phy_vals_2ghz_40mhz;
 2715                 else
 2716                         vals = ar5416_phy_vals_2ghz_20mhz;
 2717         } else {
 2718                 if (IEEE80211_IS_CHAN_HT40(c))
 2719                         vals = ar5416_phy_vals_5ghz_40mhz;
 2720                 else
 2721                         vals = ar5416_phy_vals_5ghz_20mhz;
 2722         }
 2723         for (i = 0; i < nitems(ar5416_phy_regs); i++)
 2724                 otus_write(sc, AR_PHY(ar5416_phy_regs[i]), vals[i]);
 2725         sc->phy_vals = vals;
 2726 
 2727         if (sc->eeprom.baseEepHeader.deviceType == 0x80)        /* FEM */
 2728                 if ((error = otus_set_board_values(sc, c)) != 0)
 2729                         return error;
 2730 
 2731         /* Initial Tx power settings. */
 2732         otus_write(sc, AR_PHY_POWER_TX_RATE_MAX, 0x7f);
 2733         otus_write(sc, AR_PHY_POWER_TX_RATE1, 0x3f3f3f3f);
 2734         otus_write(sc, AR_PHY_POWER_TX_RATE2, 0x3f3f3f3f);
 2735         otus_write(sc, AR_PHY_POWER_TX_RATE3, 0x3f3f3f3f);
 2736         otus_write(sc, AR_PHY_POWER_TX_RATE4, 0x3f3f3f3f);
 2737         otus_write(sc, AR_PHY_POWER_TX_RATE5, 0x3f3f3f3f);
 2738         otus_write(sc, AR_PHY_POWER_TX_RATE6, 0x3f3f3f3f);
 2739         otus_write(sc, AR_PHY_POWER_TX_RATE7, 0x3f3f3f3f);
 2740         otus_write(sc, AR_PHY_POWER_TX_RATE8, 0x3f3f3f3f);
 2741         otus_write(sc, AR_PHY_POWER_TX_RATE9, 0x3f3f3f3f);
 2742 
 2743         if (IEEE80211_IS_CHAN_2GHZ(c))
 2744                 otus_write(sc, AR_PWR_REG_PLL_ADDAC, 0x5163);
 2745         else
 2746                 otus_write(sc, AR_PWR_REG_PLL_ADDAC, 0x5143);
 2747 
 2748         return otus_write_barrier(sc);
 2749 }
 2750 
 2751 static __inline uint8_t
 2752 otus_reverse_bits(uint8_t v)
 2753 {
 2754         v = ((v >> 1) & 0x55) | ((v & 0x55) << 1);
 2755         v = ((v >> 2) & 0x33) | ((v & 0x33) << 2);
 2756         v = ((v >> 4) & 0x0f) | ((v & 0x0f) << 4);
 2757         return v;
 2758 }
 2759 
 2760 int
 2761 otus_set_rf_bank4(struct otus_softc *sc, struct ieee80211_channel *c)
 2762 {
 2763         uint8_t chansel, d0, d1;
 2764         uint16_t data;
 2765         int error;
 2766 
 2767         OTUS_LOCK_ASSERT(sc);
 2768 
 2769         d0 = 0;
 2770         if (IEEE80211_IS_CHAN_5GHZ(c)) {
 2771                 chansel = (c->ic_freq - 4800) / 5;
 2772                 if (chansel & 1)
 2773                         d0 |= AR_BANK4_AMODE_REFSEL(2);
 2774                 else
 2775                         d0 |= AR_BANK4_AMODE_REFSEL(1);
 2776         } else {
 2777                 d0 |= AR_BANK4_AMODE_REFSEL(2);
 2778                 if (c->ic_freq == 2484) {       /* CH 14 */
 2779                         d0 |= AR_BANK4_BMODE_LF_SYNTH_FREQ;
 2780                         chansel = 10 + (c->ic_freq - 2274) / 5;
 2781                 } else
 2782                         chansel = 16 + (c->ic_freq - 2272) / 5;
 2783                 chansel <<= 2;
 2784         }
 2785         d0 |= AR_BANK4_ADDR(1) | AR_BANK4_CHUP;
 2786         d1 = otus_reverse_bits(chansel);
 2787 
 2788         /* Write bits 0-4 of d0 and d1. */
 2789         data = (d1 & 0x1f) << 5 | (d0 & 0x1f);
 2790         otus_write(sc, AR_PHY(44), data);
 2791         /* Write bits 5-7 of d0 and d1. */
 2792         data = (d1 >> 5) << 5 | (d0 >> 5);
 2793         otus_write(sc, AR_PHY(58), data);
 2794 
 2795         if ((error = otus_write_barrier(sc)) == 0)
 2796                 otus_delay_ms(sc, 10);
 2797         return error;
 2798 }
 2799 
 2800 void
 2801 otus_get_delta_slope(uint32_t coeff, uint32_t *exponent, uint32_t *mantissa)
 2802 {
 2803 #define COEFF_SCALE_SHIFT       24
 2804         uint32_t exp, man;
 2805 
 2806         /* exponent = 14 - floor(log2(coeff)) */
 2807         for (exp = 31; exp > 0; exp--)
 2808                 if (coeff & (1 << exp))
 2809                         break;
 2810         KASSERT(exp != 0, ("exp"));
 2811         exp = 14 - (exp - COEFF_SCALE_SHIFT);
 2812 
 2813         /* mantissa = floor(coeff * 2^exponent + 0.5) */
 2814         man = coeff + (1 << (COEFF_SCALE_SHIFT - exp - 1));
 2815 
 2816         *mantissa = man >> (COEFF_SCALE_SHIFT - exp);
 2817         *exponent = exp - 16;
 2818 #undef COEFF_SCALE_SHIFT
 2819 }
 2820 
 2821 static int
 2822 otus_set_chan(struct otus_softc *sc, struct ieee80211_channel *c, int assoc)
 2823 {
 2824         struct ieee80211com *ic = &sc->sc_ic;
 2825         struct ar_cmd_frequency cmd;
 2826         struct ar_rsp_frequency rsp;
 2827         const uint32_t *vals;
 2828         uint32_t coeff, exp, man, tmp;
 2829         uint8_t code;
 2830         int error, chan, i;
 2831 
 2832         error = 0;
 2833         chan = ieee80211_chan2ieee(ic, c);
 2834 
 2835         OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
 2836             "setting channel %d (%dMHz)\n", chan, c->ic_freq);
 2837 
 2838         tmp = IEEE80211_IS_CHAN_2GHZ(c) ? 0x105 : 0x104;
 2839         otus_write(sc, AR_MAC_REG_DYNAMIC_SIFS_ACK, tmp);
 2840         if ((error = otus_write_barrier(sc)) != 0)
 2841                 goto finish;
 2842 
 2843         /* Disable BB Heavy Clip. */
 2844         otus_write(sc, AR_PHY_HEAVY_CLIP_ENABLE, 0x200);
 2845         if ((error = otus_write_barrier(sc)) != 0)
 2846                 goto finish;
 2847 
 2848         /* XXX Is that FREQ_START ? */
 2849         error = otus_cmd(sc, AR_CMD_FREQ_STRAT, NULL, 0, NULL, 0);
 2850         if (error != 0)
 2851                 goto finish;
 2852 
 2853         /* Reprogram PHY and RF on channel band or bandwidth changes. */
 2854         if (sc->bb_reset || c->ic_flags != sc->sc_curchan->ic_flags) {
 2855                 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET, "band switch\n");
 2856 
 2857                 /* Cold/Warm reset BB/ADDA. */
 2858                 otus_write(sc, AR_PWR_REG_RESET, sc->bb_reset ? 0x800 : 0x400);
 2859                 if ((error = otus_write_barrier(sc)) != 0)
 2860                         goto finish;
 2861                 otus_write(sc, AR_PWR_REG_RESET, 0);
 2862                 if ((error = otus_write_barrier(sc)) != 0)
 2863                         goto finish;
 2864                 sc->bb_reset = 0;
 2865 
 2866                 if ((error = otus_program_phy(sc, c)) != 0) {
 2867                         device_printf(sc->sc_dev,
 2868                             "%s: could not program PHY\n",
 2869                             __func__);
 2870                         goto finish;
 2871                 }
 2872 
 2873                 /* Select RF programming based on band. */
 2874                 if (IEEE80211_IS_CHAN_5GHZ(c))
 2875                         vals = ar5416_banks_vals_5ghz;
 2876                 else
 2877                         vals = ar5416_banks_vals_2ghz;
 2878                 for (i = 0; i < nitems(ar5416_banks_regs); i++)
 2879                         otus_write(sc, AR_PHY(ar5416_banks_regs[i]), vals[i]);
 2880                 if ((error = otus_write_barrier(sc)) != 0) {
 2881                         device_printf(sc->sc_dev,
 2882                             "%s: could not program RF\n",
 2883                             __func__);
 2884                         goto finish;
 2885                 }
 2886                 code = AR_CMD_RF_INIT;
 2887         } else {
 2888                 code = AR_CMD_FREQUENCY;
 2889         }
 2890 
 2891         if ((error = otus_set_rf_bank4(sc, c)) != 0)
 2892                 goto finish;
 2893 
 2894         tmp = (sc->txmask == 0x5) ? 0x340 : 0x240;
 2895         otus_write(sc, AR_PHY_TURBO, tmp);
 2896         if ((error = otus_write_barrier(sc)) != 0)
 2897                 goto finish;
 2898 
 2899         /* Send firmware command to set channel. */
 2900         cmd.freq = htole32((uint32_t)c->ic_freq * 1000);
 2901         cmd.dynht2040 = htole32(0);
 2902         cmd.htena = htole32(1);
 2903         /* Set Delta Slope (exponent and mantissa). */
 2904         coeff = (100 << 24) / c->ic_freq;
 2905         otus_get_delta_slope(coeff, &exp, &man);
 2906         cmd.dsc_exp = htole32(exp);
 2907         cmd.dsc_man = htole32(man);
 2908         OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
 2909             "ds coeff=%u exp=%u man=%u\n", coeff, exp, man);
 2910         /* For Short GI, coeff is 9/10 that of normal coeff. */
 2911         coeff = (9 * coeff) / 10;
 2912         otus_get_delta_slope(coeff, &exp, &man);
 2913         cmd.dsc_shgi_exp = htole32(exp);
 2914         cmd.dsc_shgi_man = htole32(man);
 2915         OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
 2916             "ds shgi coeff=%u exp=%u man=%u\n", coeff, exp, man);
 2917         /* Set wait time for AGC and noise calibration (100 or 200ms). */
 2918         cmd.check_loop_count = assoc ? htole32(2000) : htole32(1000);
 2919         OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
 2920             "%s\n", (code == AR_CMD_RF_INIT) ? "RF_INIT" : "FREQUENCY");
 2921         error = otus_cmd(sc, code, &cmd, sizeof cmd, &rsp, sizeof(rsp));
 2922         if (error != 0)
 2923                 goto finish;
 2924         if ((rsp.status & htole32(AR_CAL_ERR_AGC | AR_CAL_ERR_NF_VAL)) != 0) {
 2925                 OTUS_DPRINTF(sc, OTUS_DEBUG_RESET,
 2926                     "status=0x%x\n", le32toh(rsp.status));
 2927                 /* Force cold reset on next channel. */
 2928                 sc->bb_reset = 1;
 2929         }
 2930 #ifdef USB_DEBUG
 2931         if (otus_debug & OTUS_DEBUG_RESET) {
 2932                 device_printf(sc->sc_dev, "calibration status=0x%x\n",
 2933                     le32toh(rsp.status));
 2934                 for (i = 0; i < 2; i++) {       /* 2 Rx chains */
 2935                         /* Sign-extend 9-bit NF values. */
 2936                         device_printf(sc->sc_dev,
 2937                             "noisefloor chain %d=%d\n", i,
 2938                             (((int32_t)le32toh(rsp.nf[i])) << 4) >> 23);
 2939                         device_printf(sc->sc_dev,
 2940                             "noisefloor ext chain %d=%d\n", i,
 2941                             ((int32_t)le32toh(rsp.nf_ext[i])) >> 23);
 2942                 }
 2943         }
 2944 #endif
 2945         for (i = 0; i < OTUS_NUM_CHAINS; i++) {
 2946                 sc->sc_nf[i] = ((((int32_t)le32toh(rsp.nf[i])) << 4) >> 23);
 2947         }
 2948         sc->sc_curchan = c;
 2949 finish:
 2950         return (error);
 2951 }
 2952 
 2953 #ifdef notyet
 2954 int
 2955 otus_set_key(struct ieee80211com *ic, struct ieee80211_node *ni,
 2956     struct ieee80211_key *k)
 2957 {
 2958         struct otus_softc *sc = ic->ic_softc;
 2959         struct otus_cmd_key cmd;
 2960 
 2961         /* Defer setting of WEP keys until interface is brought up. */
 2962         if ((ic->ic_if.if_flags & (IFF_UP | IFF_RUNNING)) !=
 2963             (IFF_UP | IFF_RUNNING))
 2964                 return 0;
 2965 
 2966         /* Do it in a process context. */
 2967         cmd.key = *k;
 2968         cmd.associd = (ni != NULL) ? ni->ni_associd : 0;
 2969         otus_do_async(sc, otus_set_key_cb, &cmd, sizeof cmd);
 2970         return 0;
 2971 }
 2972 
 2973 void
 2974 otus_set_key_cb(struct otus_softc *sc, void *arg)
 2975 {
 2976         struct otus_cmd_key *cmd = arg;
 2977         struct ieee80211_key *k = &cmd->key;
 2978         struct ar_cmd_ekey key;
 2979         uint16_t cipher;
 2980         int error;
 2981 
 2982         memset(&key, 0, sizeof key);
 2983         if (k->k_flags & IEEE80211_KEY_GROUP) {
 2984                 key.uid = htole16(k->k_id);
 2985                 IEEE80211_ADDR_COPY(key.macaddr, sc->sc_ic.ic_myaddr);
 2986                 key.macaddr[0] |= 0x80;
 2987         } else {
 2988                 key.uid = htole16(OTUS_UID(cmd->associd));
 2989                 IEEE80211_ADDR_COPY(key.macaddr, ni->ni_macaddr);
 2990         }
 2991         key.kix = htole16(0);
 2992         /* Map net80211 cipher to hardware. */
 2993         switch (k->k_cipher) {
 2994         case IEEE80211_CIPHER_WEP40:
 2995                 cipher = AR_CIPHER_WEP64;
 2996                 break;
 2997         case IEEE80211_CIPHER_WEP104:
 2998                 cipher = AR_CIPHER_WEP128;
 2999                 break;
 3000         case IEEE80211_CIPHER_TKIP:
 3001                 cipher = AR_CIPHER_TKIP;
 3002                 break;
 3003         case IEEE80211_CIPHER_CCMP:
 3004                 cipher = AR_CIPHER_AES;
 3005                 break;
 3006         default:
 3007                 return;
 3008         }
 3009         key.cipher = htole16(cipher);
 3010         memcpy(key.key, k->k_key, MIN(k->k_len, 16));
 3011         error = otus_cmd(sc, AR_CMD_EKEY, &key, sizeof key, NULL, 0);
 3012         if (error != 0 || k->k_cipher != IEEE80211_CIPHER_TKIP)
 3013                 return;
 3014 
 3015         /* TKIP: set Tx/Rx MIC Key. */
 3016         key.kix = htole16(1);
 3017         memcpy(key.key, k->k_key + 16, 16);
 3018         (void)otus_cmd(sc, AR_CMD_EKEY, &key, sizeof key, NULL, 0);
 3019 }
 3020 
 3021 void
 3022 otus_delete_key(struct ieee80211com *ic, struct ieee80211_node *ni,
 3023     struct ieee80211_key *k)
 3024 {
 3025         struct otus_softc *sc = ic->ic_softc;
 3026         struct otus_cmd_key cmd;
 3027 
 3028         if (!(ic->ic_if.if_flags & IFF_RUNNING) ||
 3029             ic->ic_state != IEEE80211_S_RUN)
 3030                 return; /* Nothing to do. */
 3031 
 3032         /* Do it in a process context. */
 3033         cmd.key = *k;
 3034         cmd.associd = (ni != NULL) ? ni->ni_associd : 0;
 3035         otus_do_async(sc, otus_delete_key_cb, &cmd, sizeof cmd);
 3036 }
 3037 
 3038 void
 3039 otus_delete_key_cb(struct otus_softc *sc, void *arg)
 3040 {
 3041         struct otus_cmd_key *cmd = arg;
 3042         struct ieee80211_key *k = &cmd->key;
 3043         uint32_t uid;
 3044 
 3045         if (k->k_flags & IEEE80211_KEY_GROUP)
 3046                 uid = htole32(k->k_id);
 3047         else
 3048                 uid = htole32(OTUS_UID(cmd->associd));
 3049         (void)otus_cmd(sc, AR_CMD_DKEY, &uid, sizeof uid, NULL, 0);
 3050 }
 3051 #endif
 3052 
 3053 /*
 3054  * XXX TODO: check if we have to be doing any calibration in the host
 3055  * or whether it's purely a firmware thing.
 3056  */
 3057 void
 3058 otus_calibrate_to(void *arg, int pending)
 3059 {
 3060 #if 0
 3061         struct otus_softc *sc = arg;
 3062 
 3063         device_printf(sc->sc_dev, "%s: called\n", __func__);
 3064         struct ieee80211com *ic = &sc->sc_ic;
 3065         struct ieee80211_node *ni;
 3066         int s;
 3067 
 3068         if (usbd_is_dying(sc->sc_udev))
 3069                 return;
 3070 
 3071         usbd_ref_incr(sc->sc_udev);
 3072 
 3073         s = splnet();
 3074         ni = ic->ic_bss;
 3075         ieee80211_amrr_choose(&sc->amrr, ni, &((struct otus_node *)ni)->amn);
 3076         splx(s);
 3077 
 3078         if (!usbd_is_dying(sc->sc_udev))
 3079                 timeout_add_sec(&sc->calib_to, 1);
 3080 
 3081         usbd_ref_decr(sc->sc_udev);
 3082 #endif
 3083 }
 3084 
 3085 int
 3086 otus_set_bssid(struct otus_softc *sc, const uint8_t *bssid)
 3087 {
 3088 
 3089         OTUS_LOCK_ASSERT(sc);
 3090 
 3091         otus_write(sc, AR_MAC_REG_BSSID_L,
 3092             bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24);
 3093         otus_write(sc, AR_MAC_REG_BSSID_H,
 3094             bssid[4] | bssid[5] << 8);
 3095         return otus_write_barrier(sc);
 3096 }
 3097 
 3098 int
 3099 otus_set_macaddr(struct otus_softc *sc, const uint8_t *addr)
 3100 {
 3101         OTUS_LOCK_ASSERT(sc);
 3102 
 3103         otus_write(sc, AR_MAC_REG_MAC_ADDR_L,
 3104             addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24);
 3105         otus_write(sc, AR_MAC_REG_MAC_ADDR_H,
 3106             addr[4] | addr[5] << 8);
 3107         return otus_write_barrier(sc);
 3108 }
 3109 
 3110 /* Default single-LED. */
 3111 void
 3112 otus_led_newstate_type1(struct otus_softc *sc)
 3113 {
 3114         /* TBD */
 3115         device_printf(sc->sc_dev, "%s: TODO\n", __func__);
 3116 }
 3117 
 3118 /* NETGEAR, dual-LED. */
 3119 void
 3120 otus_led_newstate_type2(struct otus_softc *sc)
 3121 {
 3122         /* TBD */
 3123         device_printf(sc->sc_dev, "%s: TODO\n", __func__);
 3124 }
 3125 
 3126 /* NETGEAR, single-LED/3 colors (blue, red, purple.) */
 3127 void
 3128 otus_led_newstate_type3(struct otus_softc *sc)
 3129 {
 3130 #if 0
 3131         struct ieee80211com *ic = &sc->sc_ic;
 3132         struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps);
 3133 
 3134         uint32_t state = sc->led_state;
 3135 
 3136         OTUS_LOCK_ASSERT(sc);
 3137 
 3138         if (!vap) {
 3139                 state = 0;      /* led off */
 3140         } else if (vap->iv_state == IEEE80211_S_INIT) {
 3141                 state = 0;      /* LED off. */
 3142         } else if (vap->iv_state == IEEE80211_S_RUN) {
 3143                 /* Associated, LED always on. */
 3144                 if (IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan))
 3145                         state = AR_LED0_ON;     /* 2GHz=>Red. */
 3146                 else
 3147                         state = AR_LED1_ON;     /* 5GHz=>Blue. */
 3148         } else {
 3149                 /* Scanning, blink LED. */
 3150                 state ^= AR_LED0_ON | AR_LED1_ON;
 3151                 if (IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan))
 3152                         state &= ~AR_LED1_ON;
 3153                 else
 3154                         state &= ~AR_LED0_ON;
 3155         }
 3156         if (state != sc->led_state) {
 3157                 otus_write(sc, AR_GPIO_REG_PORT_DATA, state);
 3158                 if (otus_write_barrier(sc) == 0)
 3159                         sc->led_state = state;
 3160         }
 3161 #endif
 3162 }
 3163 
 3164 static uint8_t zero_macaddr[IEEE80211_ADDR_LEN] = { 0,0,0,0,0,0 };
 3165 
 3166 /*
 3167  * Set up operating mode, MAC/BSS address and RX filter.
 3168  */
 3169 static void
 3170 otus_set_operating_mode(struct otus_softc *sc)
 3171 {
 3172         struct ieee80211com *ic = &sc->sc_ic;
 3173         struct ieee80211vap *vap;
 3174         uint32_t cam_mode = AR_MAC_CAM_DEFAULTS;
 3175         uint32_t rx_ctrl = AR_MAC_RX_CTRL_DEAGG | AR_MAC_RX_CTRL_SHORT_FILTER;
 3176         uint32_t sniffer = AR_MAC_SNIFFER_DEFAULTS;
 3177         uint32_t enc_mode = 0x78; /* XXX */
 3178         const uint8_t *macaddr;
 3179         uint8_t bssid[IEEE80211_ADDR_LEN];
 3180         struct ieee80211_node *ni;
 3181 
 3182         OTUS_LOCK_ASSERT(sc);
 3183 
 3184         /*
 3185          * If we're in sniffer mode or we don't have a MAC
 3186          * address assigned, ensure it gets reset to all-zero.
 3187          */
 3188         IEEE80211_ADDR_COPY(bssid, zero_macaddr);
 3189         vap = TAILQ_FIRST(&ic->ic_vaps);
 3190         macaddr = vap ? vap->iv_myaddr : ic->ic_macaddr;
 3191 
 3192         switch (ic->ic_opmode) {
 3193         case IEEE80211_M_STA:
 3194                 if (vap) {
 3195                         ni = ieee80211_ref_node(vap->iv_bss);
 3196                         IEEE80211_ADDR_COPY(bssid, ni->ni_bssid);
 3197                         ieee80211_free_node(ni);
 3198                 }
 3199                 cam_mode |= AR_MAC_CAM_STA;
 3200                 rx_ctrl |= AR_MAC_RX_CTRL_PASS_TO_HOST;
 3201                 break;
 3202         case IEEE80211_M_MONITOR:
 3203                 /*
 3204                  * Note: monitor mode ends up causing the MAC to
 3205                  * generate ACK frames for everything it sees.
 3206                  * So don't do that; instead just put it in STA mode
 3207                  * and disable RX filters.
 3208                  */
 3209         default:
 3210                 cam_mode |= AR_MAC_CAM_STA;
 3211                 rx_ctrl |= AR_MAC_RX_CTRL_PASS_TO_HOST;
 3212                 break;
 3213         }
 3214 
 3215         /*
 3216          * TODO: if/when we do hardware encryption, ensure it's
 3217          * disabled if the NIC is in monitor mode.
 3218          */
 3219         otus_write(sc, AR_MAC_REG_SNIFFER, sniffer);
 3220         otus_write(sc, AR_MAC_REG_CAM_MODE, cam_mode);
 3221         otus_write(sc, AR_MAC_REG_ENCRYPTION, enc_mode);
 3222         otus_write(sc, AR_MAC_REG_RX_CONTROL, rx_ctrl);
 3223         otus_set_macaddr(sc, macaddr);
 3224         otus_set_bssid(sc, bssid);
 3225         /* XXX barrier? */
 3226 }
 3227 
 3228 static void
 3229 otus_set_rx_filter(struct otus_softc *sc)
 3230 {
 3231 //      struct ieee80211com *ic = &sc->sc_ic;
 3232 
 3233         OTUS_LOCK_ASSERT(sc);
 3234 
 3235 #if 0
 3236         if (ic->ic_allmulti > 0 || ic->ic_promisc > 0 ||
 3237             ic->ic_opmode == IEEE80211_M_MONITOR) {
 3238                 otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0xff00ffff);
 3239         } else {
 3240 #endif
 3241                 /* Filter any control frames, BAR is bit 24. */
 3242                 otus_write(sc, AR_MAC_REG_FRAMETYPE_FILTER, 0x0500ffff);
 3243 #if 0
 3244         }
 3245 #endif
 3246 }
 3247 
 3248 int
 3249 otus_init(struct otus_softc *sc)
 3250 {
 3251         struct ieee80211com *ic = &sc->sc_ic;
 3252         int error;
 3253 
 3254         OTUS_UNLOCK_ASSERT(sc);
 3255 
 3256         OTUS_LOCK(sc);
 3257 
 3258         /* Drain any pending TX frames */
 3259         otus_drain_mbufq(sc);
 3260 
 3261         /* Init MAC */
 3262         if ((error = otus_init_mac(sc)) != 0) {
 3263                 OTUS_UNLOCK(sc);
 3264                 device_printf(sc->sc_dev,
 3265                     "%s: could not initialize MAC\n", __func__);
 3266                 return error;
 3267         }
 3268 
 3269         otus_set_operating_mode(sc);
 3270         otus_set_rx_filter(sc);
 3271         (void) otus_set_operating_mode(sc);
 3272 
 3273         sc->bb_reset = 1;       /* Force cold reset. */
 3274 
 3275         if ((error = otus_set_chan(sc, ic->ic_curchan, 0)) != 0) {
 3276                 OTUS_UNLOCK(sc);
 3277                 device_printf(sc->sc_dev,
 3278                     "%s: could not set channel\n", __func__);
 3279                 return error;
 3280         }
 3281 
 3282         /* Start Rx. */
 3283         otus_write(sc, AR_MAC_REG_DMA_TRIGGER, 0x100);
 3284         (void)otus_write_barrier(sc);
 3285 
 3286         sc->sc_running = 1;
 3287 
 3288         OTUS_UNLOCK(sc);
 3289         return 0;
 3290 }
 3291 
 3292 void
 3293 otus_stop(struct otus_softc *sc)
 3294 {
 3295 #if 0
 3296         int s;
 3297 #endif
 3298 
 3299         OTUS_UNLOCK_ASSERT(sc);
 3300 
 3301         OTUS_LOCK(sc);
 3302         sc->sc_running = 0;
 3303         sc->sc_tx_timer = 0;
 3304         OTUS_UNLOCK(sc);
 3305 
 3306         taskqueue_drain_timeout(taskqueue_thread, &sc->scan_to);
 3307         taskqueue_drain_timeout(taskqueue_thread, &sc->calib_to);
 3308         taskqueue_drain(taskqueue_thread, &sc->tx_task);
 3309 
 3310         OTUS_LOCK(sc);
 3311         sc->sc_running = 0;
 3312         /* Stop Rx. */
 3313         otus_write(sc, AR_MAC_REG_DMA_TRIGGER, 0);
 3314         (void)otus_write_barrier(sc);
 3315 
 3316         /* Drain any pending TX frames */
 3317         otus_drain_mbufq(sc);
 3318 
 3319         OTUS_UNLOCK(sc);
 3320 }

Cache object: 2fbaf67e3816a9c14e7c786215598d7a


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.