dev/ic/rt2661.c

1.29.16.1     skrll /*	$NetBSD: rt2661.c,v 1.29.16.1 2015/04/06 15:18:09 skrll Exp $	*/
      1.1    rpaulo /*	$OpenBSD: rt2661.c,v 1.17 2006/05/01 08:41:11 damien Exp $	*/
      1.1    rpaulo /*	$FreeBSD: rt2560.c,v 1.5 2006/06/02 19:59:31 csjp Exp $	*/
      1.1    rpaulo
      1.1    rpaulo /*-
      1.1    rpaulo  * Copyright (c) 2006
      1.1    rpaulo  *	Damien Bergamini <damien.bergamini (at) free.fr>
      1.1    rpaulo  *
      1.1    rpaulo  * Permission to use, copy, modify, and distribute this software for any
      1.1    rpaulo  * purpose with or without fee is hereby granted, provided that the above
      1.1    rpaulo  * copyright notice and this permission notice appear in all copies.
      1.1    rpaulo  *
      1.1    rpaulo  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      1.1    rpaulo  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
      1.1    rpaulo  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
      1.1    rpaulo  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
      1.1    rpaulo  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
      1.1    rpaulo  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
      1.1    rpaulo  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
      1.1    rpaulo  */
      1.1    rpaulo
      1.1    rpaulo /*-
      1.1    rpaulo  * Ralink Technology RT2561, RT2561S and RT2661 chipset driver
      1.1    rpaulo  * http://www.ralinktech.com/
      1.1    rpaulo  */
      1.1    rpaulo
      1.1    rpaulo #include <sys/cdefs.h>
1.29.16.1     skrll __KERNEL_RCSID(0, "$NetBSD: rt2661.c,v 1.29.16.1 2015/04/06 15:18:09 skrll Exp $");
      1.1    rpaulo
      1.1    rpaulo
      1.1    rpaulo #include <sys/param.h>
      1.1    rpaulo #include <sys/sockio.h>
      1.1    rpaulo #include <sys/sysctl.h>
      1.1    rpaulo #include <sys/mbuf.h>
      1.1    rpaulo #include <sys/kernel.h>
      1.1    rpaulo #include <sys/socket.h>
      1.1    rpaulo #include <sys/systm.h>
      1.1    rpaulo #include <sys/malloc.h>
      1.1    rpaulo #include <sys/callout.h>
      1.1    rpaulo #include <sys/conf.h>
      1.1    rpaulo #include <sys/device.h>
      1.1    rpaulo
     1.19        ad #include <sys/bus.h>
      1.1    rpaulo #include <machine/endian.h>
     1.19        ad #include <sys/intr.h>
      1.1    rpaulo
      1.1    rpaulo #include <net/bpf.h>
      1.1    rpaulo #include <net/if.h>
      1.1    rpaulo #include <net/if_arp.h>
      1.1    rpaulo #include <net/if_dl.h>
      1.1    rpaulo #include <net/if_media.h>
      1.1    rpaulo #include <net/if_types.h>
      1.1    rpaulo #include <net/if_ether.h>
      1.1    rpaulo
      1.1    rpaulo #include <netinet/in.h>
      1.1    rpaulo #include <netinet/in_systm.h>
      1.1    rpaulo #include <netinet/in_var.h>
      1.1    rpaulo #include <netinet/ip.h>
      1.1    rpaulo
      1.1    rpaulo #include <net80211/ieee80211_var.h>
     1.24       scw #include <net80211/ieee80211_amrr.h>
      1.1    rpaulo #include <net80211/ieee80211_radiotap.h>
      1.1    rpaulo
      1.1    rpaulo #include <dev/ic/rt2661reg.h>
      1.1    rpaulo #include <dev/ic/rt2661var.h>
      1.1    rpaulo
      1.1    rpaulo #include <dev/pci/pcireg.h>
      1.1    rpaulo #include <dev/pci/pcivar.h>
      1.1    rpaulo #include <dev/pci/pcidevs.h>
      1.1    rpaulo
      1.1    rpaulo #include <dev/firmload.h>
      1.1    rpaulo
      1.1    rpaulo #ifdef RAL_DEBUG
      1.1    rpaulo #define DPRINTF(x)	do { if (rt2661_debug > 0) printf x; } while (0)
      1.1    rpaulo #define DPRINTFN(n, x)	do { if (rt2661_debug >= (n)) printf x; } while (0)
      1.1    rpaulo int rt2661_debug = 0;
      1.1    rpaulo #else
      1.1    rpaulo #define DPRINTF(x)
      1.1    rpaulo #define DPRINTFN(n, x)
      1.1    rpaulo #endif
      1.1    rpaulo
      1.1    rpaulo static int	rt2661_alloc_tx_ring(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_tx_ring *, int);
      1.1    rpaulo static void	rt2661_reset_tx_ring(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_tx_ring *);
      1.1    rpaulo static void	rt2661_free_tx_ring(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_tx_ring *);
      1.1    rpaulo static int	rt2661_alloc_rx_ring(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_rx_ring *, int);
      1.1    rpaulo static void	rt2661_reset_rx_ring(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_rx_ring *);
      1.1    rpaulo static void	rt2661_free_rx_ring(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_rx_ring *);
      1.1    rpaulo static struct ieee80211_node *
      1.1    rpaulo 		rt2661_node_alloc(struct ieee80211_node_table *);
      1.1    rpaulo static int	rt2661_media_change(struct ifnet *);
      1.1    rpaulo static void	rt2661_next_scan(void *);
      1.1    rpaulo static void	rt2661_iter_func(void *, struct ieee80211_node *);
     1.24       scw static void	rt2661_updatestats(void *);
     1.24       scw static void	rt2661_newassoc(struct ieee80211_node *, int);
      1.1    rpaulo static int	rt2661_newstate(struct ieee80211com *, enum ieee80211_state,
      1.1    rpaulo 		    int);
      1.1    rpaulo static uint16_t	rt2661_eeprom_read(struct rt2661_softc *, uint8_t);
      1.1    rpaulo static void	rt2661_tx_intr(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_tx_dma_intr(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_tx_ring *);
      1.1    rpaulo static void	rt2661_rx_intr(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_mcu_beacon_expire(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_mcu_wakeup(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_mcu_cmd_intr(struct rt2661_softc *);
      1.1    rpaulo int		rt2661_intr(void *);
      1.1    rpaulo static uint8_t	rt2661_rxrate(struct rt2661_rx_desc *);
      1.1    rpaulo static int	rt2661_ack_rate(struct ieee80211com *, int);
      1.1    rpaulo static uint16_t	rt2661_txtime(int, int, uint32_t);
      1.1    rpaulo static uint8_t	rt2661_plcp_signal(int);
      1.1    rpaulo static void	rt2661_setup_tx_desc(struct rt2661_softc *,
      1.1    rpaulo 		    struct rt2661_tx_desc *, uint32_t, uint16_t, int, int,
      1.1    rpaulo 		    const bus_dma_segment_t *, int, int);
      1.1    rpaulo static int	rt2661_tx_mgt(struct rt2661_softc *, struct mbuf *,
      1.1    rpaulo 		    struct ieee80211_node *);
      1.1    rpaulo static struct mbuf *
      1.1    rpaulo 		rt2661_get_rts(struct rt2661_softc *,
      1.1    rpaulo 		    struct ieee80211_frame *, uint16_t);
      1.1    rpaulo static int	rt2661_tx_data(struct rt2661_softc *, struct mbuf *,
      1.1    rpaulo 		    struct ieee80211_node *, int);
      1.1    rpaulo static void	rt2661_start(struct ifnet *);
      1.1    rpaulo static void	rt2661_watchdog(struct ifnet *);
      1.1    rpaulo static int	rt2661_reset(struct ifnet *);
     1.14  christos static int	rt2661_ioctl(struct ifnet *, u_long, void *);
      1.1    rpaulo static void	rt2661_bbp_write(struct rt2661_softc *, uint8_t, uint8_t);
      1.1    rpaulo static uint8_t	rt2661_bbp_read(struct rt2661_softc *, uint8_t);
      1.1    rpaulo static void	rt2661_rf_write(struct rt2661_softc *, uint8_t, uint32_t);
      1.1    rpaulo static int	rt2661_tx_cmd(struct rt2661_softc *, uint8_t, uint16_t);
      1.1    rpaulo static void	rt2661_select_antenna(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_enable_mrr(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_set_txpreamble(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_set_basicrates(struct rt2661_softc *,
      1.1    rpaulo 			const struct ieee80211_rateset *);
      1.1    rpaulo static void	rt2661_select_band(struct rt2661_softc *,
      1.1    rpaulo 		    struct ieee80211_channel *);
      1.1    rpaulo static void	rt2661_set_chan(struct rt2661_softc *,
      1.1    rpaulo 		    struct ieee80211_channel *);
      1.1    rpaulo static void	rt2661_set_bssid(struct rt2661_softc *, const uint8_t *);
      1.1    rpaulo static void	rt2661_set_macaddr(struct rt2661_softc *, const uint8_t *);
      1.1    rpaulo static void	rt2661_update_promisc(struct rt2661_softc *);
     1.13  christos #if 0
     1.13  christos static int	rt2661_wme_update(struct ieee80211com *);
     1.13  christos #endif
      1.1    rpaulo
     1.24       scw static void	rt2661_updateslot(struct ifnet *);
     1.24       scw static void	rt2661_set_slottime(struct rt2661_softc *);
      1.1    rpaulo static const char *
      1.1    rpaulo 		rt2661_get_rf(int);
      1.1    rpaulo static void	rt2661_read_eeprom(struct rt2661_softc *);
      1.1    rpaulo static int	rt2661_bbp_init(struct rt2661_softc *);
      1.1    rpaulo static int     	rt2661_init(struct ifnet *);
      1.1    rpaulo static void	rt2661_stop(struct ifnet *, int);
      1.1    rpaulo static int	rt2661_load_microcode(struct rt2661_softc *, const uint8_t *,
      1.1    rpaulo 		    int);
     1.24       scw static void	rt2661_rx_tune(struct rt2661_softc *);
      1.7    rpaulo #ifdef notyet
      1.1    rpaulo static void	rt2661_radar_start(struct rt2661_softc *);
      1.1    rpaulo static int	rt2661_radar_stop(struct rt2661_softc *);
      1.1    rpaulo #endif
      1.1    rpaulo static int	rt2661_prepare_beacon(struct rt2661_softc *);
      1.1    rpaulo static void	rt2661_enable_tsf_sync(struct rt2661_softc *);
      1.1    rpaulo static int	rt2661_get_rssi(struct rt2661_softc *, uint8_t);
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Supported rates for 802.11a/b/g modes (in 500Kbps unit).
      1.1    rpaulo  */
      1.1    rpaulo static const struct ieee80211_rateset rt2661_rateset_11a =
      1.1    rpaulo 	{ 8, { 12, 18, 24, 36, 48, 72, 96, 108 } };
      1.1    rpaulo
      1.1    rpaulo static const struct ieee80211_rateset rt2661_rateset_11b =
      1.1    rpaulo 	{ 4, { 2, 4, 11, 22 } };
      1.1    rpaulo
      1.1    rpaulo static const struct ieee80211_rateset rt2661_rateset_11g =
      1.1    rpaulo 	{ 12, { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108 } };
      1.1    rpaulo
      1.1    rpaulo static const struct {
      1.1    rpaulo 	uint32_t	reg;
      1.1    rpaulo 	uint32_t	val;
      1.1    rpaulo } rt2661_def_mac[] = {
     1.24       scw 	RT2661_DEF_MAC
      1.1    rpaulo };
      1.1    rpaulo
      1.1    rpaulo static const struct {
      1.1    rpaulo 	uint8_t	reg;
      1.1    rpaulo 	uint8_t	val;
      1.1    rpaulo } rt2661_def_bbp[] = {
     1.24       scw 	RT2661_DEF_BBP
      1.1    rpaulo };
      1.1    rpaulo
      1.1    rpaulo static const struct rfprog {
      1.1    rpaulo 	uint8_t		chan;
     1.24       scw 	uint32_t	r1, r2, r3, r4;
      1.1    rpaulo } rt2661_rf5225_1[] = {
     1.24       scw 	RT2661_RF5225_1
      1.1    rpaulo }, rt2661_rf5225_2[] = {
     1.24       scw 	RT2661_RF5225_2
      1.1    rpaulo };
      1.1    rpaulo
      1.1    rpaulo int
      1.1    rpaulo rt2661_attach(void *xsc, int id)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = xsc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	struct ifnet *ifp = &sc->sc_if;
      1.1    rpaulo 	uint32_t val;
      1.1    rpaulo 	int error, i, ntries;
      1.1    rpaulo
      1.1    rpaulo 	sc->sc_id = id;
      1.1    rpaulo
     1.24       scw 	sc->amrr.amrr_min_success_threshold =  1;
     1.24       scw 	sc->amrr.amrr_max_success_threshold = 15;
     1.15        ad 	callout_init(&sc->scan_ch, 0);
     1.24       scw 	callout_init(&sc->amrr_ch, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* wait for NIC to initialize */
      1.1    rpaulo 	for (ntries = 0; ntries < 1000; ntries++) {
      1.1    rpaulo 		if ((val = RAL_READ(sc, RT2661_MAC_CSR0)) != 0)
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(1000);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 1000) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "timeout waiting for NIC to initialize\n");
      1.1    rpaulo 		return EIO;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* retrieve RF rev. no and various other things from EEPROM */
      1.1    rpaulo 	rt2661_read_eeprom(sc);
     1.29  drochner 	aprint_normal_dev(sc->sc_dev, "802.11 address %s\n",
      1.1    rpaulo 	    ether_sprintf(ic->ic_myaddr));
      1.1    rpaulo
     1.29  drochner 	aprint_normal_dev(sc->sc_dev, "MAC/BBP RT%X, RF %s\n", val,
      1.1    rpaulo 	    rt2661_get_rf(sc->rf_rev));
      1.1    rpaulo
      1.1    rpaulo 	/*
      1.1    rpaulo 	 * Allocate Tx and Rx rings.
      1.1    rpaulo 	 */
      1.1    rpaulo 	error = rt2661_alloc_tx_ring(sc, &sc->txq[0], RT2661_TX_RING_COUNT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate Tx ring 0\n");
      1.1    rpaulo 		goto fail1;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = rt2661_alloc_tx_ring(sc, &sc->txq[1], RT2661_TX_RING_COUNT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate Tx ring 1\n");
      1.1    rpaulo 		goto fail2;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = rt2661_alloc_tx_ring(sc, &sc->txq[2], RT2661_TX_RING_COUNT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate Tx ring 2\n");
      1.1    rpaulo 		goto fail3;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = rt2661_alloc_tx_ring(sc, &sc->txq[3], RT2661_TX_RING_COUNT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate Tx ring 3\n");
      1.1    rpaulo 		goto fail4;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = rt2661_alloc_tx_ring(sc, &sc->mgtq, RT2661_MGT_RING_COUNT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate Mgt ring\n");
      1.1    rpaulo 		goto fail5;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = rt2661_alloc_rx_ring(sc, &sc->rxq, RT2661_RX_RING_COUNT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate Rx ring\n");
      1.1    rpaulo 		goto fail6;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	ifp->if_softc = sc;
      1.1    rpaulo 	ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST;
      1.1    rpaulo 	ifp->if_init = rt2661_init;
     1.21  jmcneill 	ifp->if_stop = rt2661_stop;
      1.1    rpaulo 	ifp->if_ioctl = rt2661_ioctl;
      1.1    rpaulo 	ifp->if_start = rt2661_start;
      1.1    rpaulo 	ifp->if_watchdog = rt2661_watchdog;
      1.1    rpaulo 	IFQ_SET_READY(&ifp->if_snd);
     1.29  drochner 	memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ);
      1.1    rpaulo
      1.1    rpaulo 	ic->ic_ifp = ifp;
      1.1    rpaulo 	ic->ic_phytype = IEEE80211_T_OFDM; /* not only, but not used */
      1.1    rpaulo 	ic->ic_opmode = IEEE80211_M_STA; /* default to BSS mode */
      1.1    rpaulo 	ic->ic_state = IEEE80211_S_INIT;
      1.1    rpaulo
      1.1    rpaulo 	/* set device capabilities */
      1.1    rpaulo 	ic->ic_caps =
      1.1    rpaulo 	    IEEE80211_C_IBSS |		/* IBSS mode supported */
      1.1    rpaulo 	    IEEE80211_C_MONITOR |	/* monitor mode supported */
     1.24       scw 	    IEEE80211_C_HOSTAP |	/* HostAP mode supported */
      1.1    rpaulo 	    IEEE80211_C_TXPMGT |	/* tx power management */
      1.1    rpaulo 	    IEEE80211_C_SHPREAMBLE |	/* short preamble supported */
      1.1    rpaulo 	    IEEE80211_C_SHSLOT |	/* short slot time supported */
      1.1    rpaulo 	    IEEE80211_C_WPA;		/* 802.11i */
      1.1    rpaulo
      1.1    rpaulo 	if (sc->rf_rev == RT2661_RF_5225 || sc->rf_rev == RT2661_RF_5325) {
      1.1    rpaulo 		/* set supported .11a rates */
      1.1    rpaulo 		ic->ic_sup_rates[IEEE80211_MODE_11A] = rt2661_rateset_11a;
      1.1    rpaulo
      1.1    rpaulo 		/* set supported .11a channels */
      1.1    rpaulo 		for (i = 36; i <= 64; i += 4) {
      1.1    rpaulo 			ic->ic_channels[i].ic_freq =
      1.1    rpaulo 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
      1.1    rpaulo 			ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
      1.1    rpaulo 		}
      1.1    rpaulo 		for (i = 100; i <= 140; i += 4) {
      1.1    rpaulo 			ic->ic_channels[i].ic_freq =
      1.1    rpaulo 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
      1.1    rpaulo 			ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
      1.1    rpaulo 		}
      1.1    rpaulo 		for (i = 149; i <= 165; i += 4) {
      1.1    rpaulo 			ic->ic_channels[i].ic_freq =
      1.1    rpaulo 			    ieee80211_ieee2mhz(i, IEEE80211_CHAN_5GHZ);
      1.1    rpaulo 			ic->ic_channels[i].ic_flags = IEEE80211_CHAN_A;
      1.1    rpaulo 		}
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* set supported .11b and .11g rates */
      1.1    rpaulo 	ic->ic_sup_rates[IEEE80211_MODE_11B] = rt2661_rateset_11b;
      1.1    rpaulo 	ic->ic_sup_rates[IEEE80211_MODE_11G] = rt2661_rateset_11g;
      1.1    rpaulo
      1.1    rpaulo 	/* set supported .11b and .11g channels (1 through 14) */
      1.1    rpaulo 	for (i = 1; i <= 14; i++) {
      1.1    rpaulo 		ic->ic_channels[i].ic_freq =
      1.1    rpaulo 		    ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ);
      1.1    rpaulo 		ic->ic_channels[i].ic_flags =
      1.1    rpaulo 		    IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM |
      1.1    rpaulo 		    IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if_attach(ifp);
      1.1    rpaulo 	ieee80211_ifattach(ic);
      1.1    rpaulo 	ic->ic_node_alloc = rt2661_node_alloc;
     1.24       scw 	ic->ic_newassoc = rt2661_newassoc;
     1.24       scw 	ic->ic_updateslot = rt2661_updateslot;
      1.1    rpaulo 	ic->ic_reset = rt2661_reset;
      1.1    rpaulo
      1.1    rpaulo 	/* override state transition machine */
      1.1    rpaulo 	sc->sc_newstate = ic->ic_newstate;
      1.1    rpaulo 	ic->ic_newstate = rt2661_newstate;
      1.1    rpaulo 	ieee80211_media_init(ic, rt2661_media_change, ieee80211_media_status);
      1.1    rpaulo
     1.28     joerg 	bpf_attach2(ifp, DLT_IEEE802_11_RADIO,
     1.27     pooka 	    sizeof(struct ieee80211_frame) + sizeof(sc->sc_txtap),
     1.24       scw 	    &sc->sc_drvbpf);
      1.1    rpaulo
     1.24       scw 	sc->sc_rxtap_len = roundup(sizeof(sc->sc_rxtap), sizeof(u_int32_t));
      1.1    rpaulo 	sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len);
      1.1    rpaulo 	sc->sc_rxtap.wr_ihdr.it_present = htole32(RT2661_RX_RADIOTAP_PRESENT);
      1.1    rpaulo
     1.24       scw 	sc->sc_txtap_len = roundup(sizeof(sc->sc_txtap), sizeof(u_int32_t));
      1.1    rpaulo 	sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len);
      1.1    rpaulo 	sc->sc_txtap.wt_ihdr.it_present = htole32(RT2661_TX_RADIOTAP_PRESENT);
      1.1    rpaulo
      1.1    rpaulo 	ieee80211_announce(ic);
      1.1    rpaulo
     1.29  drochner 	if (pmf_device_register(sc->sc_dev, NULL, NULL))
     1.29  drochner 		pmf_class_network_register(sc->sc_dev, ifp);
     1.21  jmcneill 	else
     1.29  drochner 		aprint_error_dev(sc->sc_dev,
     1.26   tsutsui 		    "couldn't establish power handler\n");
     1.21  jmcneill
      1.1    rpaulo 	return 0;
      1.1    rpaulo
      1.1    rpaulo fail6:	rt2661_free_tx_ring(sc, &sc->mgtq);
      1.1    rpaulo fail5:	rt2661_free_tx_ring(sc, &sc->txq[3]);
      1.1    rpaulo fail4:	rt2661_free_tx_ring(sc, &sc->txq[2]);
      1.1    rpaulo fail3:	rt2661_free_tx_ring(sc, &sc->txq[1]);
      1.1    rpaulo fail2:	rt2661_free_tx_ring(sc, &sc->txq[0]);
      1.1    rpaulo fail1:	return ENXIO;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo int
      1.1    rpaulo rt2661_detach(void *xsc)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = xsc;
      1.1    rpaulo 	struct ifnet *ifp = &sc->sc_if;
      1.1    rpaulo
      1.1    rpaulo 	callout_stop(&sc->scan_ch);
     1.24       scw 	callout_stop(&sc->amrr_ch);
      1.1    rpaulo
     1.29  drochner 	pmf_device_deregister(sc->sc_dev);
     1.21  jmcneill
      1.1    rpaulo 	ieee80211_ifdetach(&sc->sc_ic);
      1.1    rpaulo 	if_detach(ifp);
      1.1    rpaulo
      1.1    rpaulo 	rt2661_free_tx_ring(sc, &sc->txq[0]);
      1.1    rpaulo 	rt2661_free_tx_ring(sc, &sc->txq[1]);
      1.1    rpaulo 	rt2661_free_tx_ring(sc, &sc->txq[2]);
      1.1    rpaulo 	rt2661_free_tx_ring(sc, &sc->txq[3]);
      1.1    rpaulo 	rt2661_free_tx_ring(sc, &sc->mgtq);
      1.1    rpaulo 	rt2661_free_rx_ring(sc, &sc->rxq);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_alloc_tx_ring(struct rt2661_softc *sc, struct rt2661_tx_ring *ring,
      1.1    rpaulo     int count)
      1.1    rpaulo {
      1.1    rpaulo 	int i, nsegs, error;
      1.1    rpaulo
      1.1    rpaulo 	ring->count = count;
      1.1    rpaulo 	ring->queued = 0;
      1.1    rpaulo 	ring->cur = ring->next = ring->stat = 0;
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamap_create(sc->sc_dmat, count * RT2661_TX_DESC_SIZE, 1,
      1.1    rpaulo 	    count * RT2661_TX_DESC_SIZE, 0, BUS_DMA_NOWAIT, &ring->map);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not create desc DMA map\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamem_alloc(sc->sc_dmat, count * RT2661_TX_DESC_SIZE,
      1.1    rpaulo 	    PAGE_SIZE, 0, &ring->seg, 1, &nsegs, BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate DMA memory\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamem_map(sc->sc_dmat, &ring->seg, nsegs,
     1.14  christos 	    count * RT2661_TX_DESC_SIZE, (void **)&ring->desc,
      1.1    rpaulo 	    BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not map desc DMA memory\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamap_load(sc->sc_dmat, ring->map, ring->desc,
      1.1    rpaulo 	    count * RT2661_TX_DESC_SIZE, NULL, BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not load desc DMA map\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	memset(ring->desc, 0, count * RT2661_TX_DESC_SIZE);
      1.1    rpaulo 	ring->physaddr = ring->map->dm_segs->ds_addr;
      1.1    rpaulo
      1.1    rpaulo 	ring->data = malloc(count * sizeof (struct rt2661_tx_data), M_DEVBUF,
      1.1    rpaulo 	    M_NOWAIT);
      1.1    rpaulo 	if (ring->data == NULL) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate soft data\n");
      1.1    rpaulo 		error = ENOMEM;
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	memset(ring->data, 0, count * sizeof (struct rt2661_tx_data));
      1.1    rpaulo 	for (i = 0; i < count; i++) {
      1.1    rpaulo 		error = bus_dmamap_create(sc->sc_dmat, MCLBYTES,
      1.1    rpaulo 		    RT2661_MAX_SCATTER, MCLBYTES, 0, BUS_DMA_NOWAIT,
      1.1    rpaulo 		    &ring->data[i].map);
      1.1    rpaulo 		if (error != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not create DMA map\n");
      1.1    rpaulo 			goto fail;
      1.1    rpaulo 		}
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo
      1.1    rpaulo fail:	rt2661_free_tx_ring(sc, ring);
      1.1    rpaulo 	return error;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_reset_tx_ring(struct rt2661_softc *sc, struct rt2661_tx_ring *ring)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_tx_desc *desc;
      1.1    rpaulo 	struct rt2661_tx_data *data;
      1.1    rpaulo 	int i;
      1.1    rpaulo
      1.1    rpaulo 	for (i = 0; i < ring->count; i++) {
      1.1    rpaulo 		desc = &ring->desc[i];
      1.1    rpaulo 		data = &ring->data[i];
      1.1    rpaulo
      1.1    rpaulo 		if (data->m != NULL) {
      1.1    rpaulo 			bus_dmamap_sync(sc->sc_dmat, data->map, 0,
      1.1    rpaulo 			    data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
      1.1    rpaulo 			bus_dmamap_unload(sc->sc_dmat, data->map);
      1.1    rpaulo 			m_freem(data->m);
      1.1    rpaulo 			data->m = NULL;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if (data->ni != NULL) {
      1.1    rpaulo 			ieee80211_free_node(data->ni);
      1.1    rpaulo 			data->ni = NULL;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		desc->flags = 0;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, ring->map, 0, ring->map->dm_mapsize,
      1.1    rpaulo 	    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 	ring->queued = 0;
      1.1    rpaulo 	ring->cur = ring->next = ring->stat = 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_free_tx_ring(struct rt2661_softc *sc, struct rt2661_tx_ring *ring)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_tx_data *data;
      1.1    rpaulo 	int i;
      1.1    rpaulo
      1.1    rpaulo 	if (ring->desc != NULL) {
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, ring->map, 0,
      1.1    rpaulo 		    ring->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
      1.1    rpaulo 		bus_dmamap_unload(sc->sc_dmat, ring->map);
     1.14  christos 		bus_dmamem_unmap(sc->sc_dmat, (void *)ring->desc,
      1.1    rpaulo 		    ring->count * RT2661_TX_DESC_SIZE);
      1.1    rpaulo 		bus_dmamem_free(sc->sc_dmat, &ring->seg, 1);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (ring->data != NULL) {
      1.1    rpaulo 		for (i = 0; i < ring->count; i++) {
      1.1    rpaulo 			data = &ring->data[i];
      1.1    rpaulo
      1.1    rpaulo 			if (data->m != NULL) {
      1.1    rpaulo 				bus_dmamap_sync(sc->sc_dmat, data->map, 0,
      1.1    rpaulo 				    data->map->dm_mapsize,
      1.1    rpaulo 				    BUS_DMASYNC_POSTWRITE);
      1.1    rpaulo 				bus_dmamap_unload(sc->sc_dmat, data->map);
      1.1    rpaulo 				m_freem(data->m);
      1.1    rpaulo 			}
      1.1    rpaulo
      1.1    rpaulo 			if (data->ni != NULL)
      1.1    rpaulo 				ieee80211_free_node(data->ni);
      1.1    rpaulo
      1.1    rpaulo 			if (data->map != NULL)
      1.1    rpaulo 				bus_dmamap_destroy(sc->sc_dmat, data->map);
      1.1    rpaulo 		}
      1.1    rpaulo 		free(ring->data, M_DEVBUF);
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_alloc_rx_ring(struct rt2661_softc *sc, struct rt2661_rx_ring *ring,
      1.1    rpaulo     int count)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_rx_desc *desc;
      1.1    rpaulo 	struct rt2661_rx_data *data;
      1.1    rpaulo 	int i, nsegs, error;
      1.1    rpaulo
      1.1    rpaulo 	ring->count = count;
      1.1    rpaulo 	ring->cur = ring->next = 0;
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamap_create(sc->sc_dmat, count * RT2661_RX_DESC_SIZE, 1,
      1.1    rpaulo 	    count * RT2661_RX_DESC_SIZE, 0, BUS_DMA_NOWAIT, &ring->map);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not create desc DMA map\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamem_alloc(sc->sc_dmat, count * RT2661_RX_DESC_SIZE,
      1.1    rpaulo 	    PAGE_SIZE, 0, &ring->seg, 1, &nsegs, BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate DMA memory\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamem_map(sc->sc_dmat, &ring->seg, nsegs,
     1.14  christos 	    count * RT2661_RX_DESC_SIZE, (void **)&ring->desc,
      1.1    rpaulo 	    BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not map desc DMA memory\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamap_load(sc->sc_dmat, ring->map, ring->desc,
      1.1    rpaulo 	    count * RT2661_RX_DESC_SIZE, NULL, BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not load desc DMA map\n");
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	memset(ring->desc, 0, count * RT2661_RX_DESC_SIZE);
      1.1    rpaulo 	ring->physaddr = ring->map->dm_segs->ds_addr;
      1.1    rpaulo
      1.1    rpaulo 	ring->data = malloc(count * sizeof (struct rt2661_rx_data), M_DEVBUF,
      1.1    rpaulo 	    M_NOWAIT);
      1.1    rpaulo 	if (ring->data == NULL) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate soft data\n");
      1.1    rpaulo 		error = ENOMEM;
      1.1    rpaulo 		goto fail;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/*
      1.1    rpaulo 	 * Pre-allocate Rx buffers and populate Rx ring.
      1.1    rpaulo 	 */
      1.1    rpaulo 	memset(ring->data, 0, count * sizeof (struct rt2661_rx_data));
      1.1    rpaulo 	for (i = 0; i < count; i++) {
      1.1    rpaulo 		desc = &sc->rxq.desc[i];
      1.1    rpaulo 		data = &sc->rxq.data[i];
      1.1    rpaulo
      1.1    rpaulo 		error = bus_dmamap_create(sc->sc_dmat, MCLBYTES, 1, MCLBYTES,
      1.1    rpaulo 		    0, BUS_DMA_NOWAIT, &data->map);
      1.1    rpaulo 		if (error != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not create DMA map\n");
      1.1    rpaulo 			goto fail;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		MGETHDR(data->m, M_DONTWAIT, MT_DATA);
      1.1    rpaulo 		if (data->m == NULL) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not allocate rx mbuf\n");
      1.1    rpaulo 			error = ENOMEM;
      1.1    rpaulo 			goto fail;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		MCLGET(data->m, M_DONTWAIT);
      1.1    rpaulo 		if (!(data->m->m_flags & M_EXT)) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not allocate rx mbuf cluster\n");
      1.1    rpaulo 			error = ENOMEM;
      1.1    rpaulo 			goto fail;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		error = bus_dmamap_load(sc->sc_dmat, data->map,
      1.1    rpaulo 		    mtod(data->m, void *), MCLBYTES, NULL, BUS_DMA_NOWAIT);
      1.1    rpaulo 		if (error != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not load rx buf DMA map");
      1.1    rpaulo 			goto fail;
      1.1    rpaulo 		}
      1.1    rpaulo
     1.24       scw 		desc->physaddr = htole32(data->map->dm_segs->ds_addr);
      1.1    rpaulo 		desc->flags = htole32(RT2661_RX_BUSY);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, ring->map, 0, ring->map->dm_mapsize,
      1.1    rpaulo 	    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo
      1.1    rpaulo fail:	rt2661_free_rx_ring(sc, ring);
      1.1    rpaulo 	return error;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_reset_rx_ring(struct rt2661_softc *sc, struct rt2661_rx_ring *ring)
      1.1    rpaulo {
      1.1    rpaulo 	int i;
      1.1    rpaulo
      1.1    rpaulo 	for (i = 0; i < ring->count; i++)
      1.1    rpaulo 		ring->desc[i].flags = htole32(RT2661_RX_BUSY);
      1.1    rpaulo
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, ring->map, 0, ring->map->dm_mapsize,
      1.1    rpaulo 	    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 	ring->cur = ring->next = 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_free_rx_ring(struct rt2661_softc *sc, struct rt2661_rx_ring *ring)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_rx_data *data;
      1.1    rpaulo 	int i;
      1.1    rpaulo
      1.1    rpaulo 	if (ring->desc != NULL) {
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, ring->map, 0,
      1.1    rpaulo 		    ring->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
      1.1    rpaulo 		bus_dmamap_unload(sc->sc_dmat, ring->map);
     1.14  christos 		bus_dmamem_unmap(sc->sc_dmat, (void *)ring->desc,
      1.1    rpaulo 		    ring->count * RT2661_RX_DESC_SIZE);
      1.1    rpaulo 		bus_dmamem_free(sc->sc_dmat, &ring->seg, 1);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (ring->data != NULL) {
      1.1    rpaulo 		for (i = 0; i < ring->count; i++) {
      1.1    rpaulo 			data = &ring->data[i];
      1.1    rpaulo
      1.1    rpaulo 			if (data->m != NULL) {
      1.1    rpaulo 				bus_dmamap_sync(sc->sc_dmat, data->map, 0,
      1.1    rpaulo 				    data->map->dm_mapsize,
      1.1    rpaulo 				    BUS_DMASYNC_POSTREAD);
      1.1    rpaulo 				bus_dmamap_unload(sc->sc_dmat, data->map);
      1.1    rpaulo 				m_freem(data->m);
      1.1    rpaulo 			}
      1.1    rpaulo
      1.1    rpaulo 			if (data->map != NULL)
      1.1    rpaulo 				bus_dmamap_destroy(sc->sc_dmat, data->map);
      1.1    rpaulo 		}
      1.1    rpaulo 		free(ring->data, M_DEVBUF);
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static struct ieee80211_node *
     1.13  christos rt2661_node_alloc(struct ieee80211_node_table *nt)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_node *rn;
      1.1    rpaulo
      1.1    rpaulo 	rn = malloc(sizeof (struct rt2661_node), M_80211_NODE,
      1.1    rpaulo 	    M_NOWAIT | M_ZERO);
      1.1    rpaulo
      1.1    rpaulo 	return (rn != NULL) ? &rn->ni : NULL;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_media_change(struct ifnet *ifp)
      1.1    rpaulo {
      1.1    rpaulo 	int error;
      1.1    rpaulo
      1.1    rpaulo 	error = ieee80211_media_change(ifp);
      1.1    rpaulo 	if (error != ENETRESET)
      1.1    rpaulo 		return error;
      1.1    rpaulo
      1.1    rpaulo 	if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == (IFF_UP | IFF_RUNNING))
      1.1    rpaulo 		rt2661_init(ifp);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * This function is called periodically (every 200ms) during scanning to
      1.1    rpaulo  * switch from one channel to another.
      1.1    rpaulo  */
      1.1    rpaulo static void
      1.1    rpaulo rt2661_next_scan(void *arg)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = arg;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
     1.24       scw 	int s;
      1.1    rpaulo
     1.24       scw 	s = splnet();
      1.1    rpaulo 	if (ic->ic_state == IEEE80211_S_SCAN)
      1.1    rpaulo 		ieee80211_next_scan(ic);
     1.24       scw 	splx(s);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * This function is called for each neighbor node.
      1.1    rpaulo  */
      1.1    rpaulo static void
     1.13  christos rt2661_iter_func(void *arg, struct ieee80211_node *ni)
      1.1    rpaulo {
     1.24       scw 	struct rt2661_softc *sc = arg;
      1.1    rpaulo 	struct rt2661_node *rn = (struct rt2661_node *)ni;
      1.1    rpaulo
     1.24       scw 	ieee80211_amrr_choose(&sc->amrr, ni, &rn->amn);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
     1.24       scw  * This function is called periodically (every 500ms) in RUN state to update
     1.24       scw  * various settings like rate control statistics or Rx sensitivity.
      1.1    rpaulo  */
      1.1    rpaulo static void
     1.24       scw rt2661_updatestats(void *arg)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = arg;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
     1.24       scw 	int s;
      1.1    rpaulo
     1.24       scw 	s = splnet();
     1.24       scw 	if (ic->ic_opmode == IEEE80211_M_STA)
     1.24       scw 		rt2661_iter_func(sc, ic->ic_bss);
     1.24       scw 	else
     1.24       scw 		ieee80211_iterate_nodes(&ic->ic_sta, rt2661_iter_func, arg);
      1.1    rpaulo
     1.24       scw 	/* update rx sensitivity every 1 sec */
     1.24       scw 	if (++sc->ncalls & 1)
     1.24       scw 		rt2661_rx_tune(sc);
     1.24       scw 	splx(s);
     1.24       scw
     1.24       scw 	callout_reset(&sc->amrr_ch, hz / 2, rt2661_updatestats, sc);
     1.24       scw }
     1.24       scw
     1.24       scw static void
     1.24       scw rt2661_newassoc(struct ieee80211_node *ni, int isnew)
     1.24       scw {
     1.24       scw 	struct rt2661_softc *sc = ni->ni_ic->ic_ifp->if_softc;
     1.24       scw 	int i;
     1.24       scw
     1.24       scw 	ieee80211_amrr_node_init(&sc->amrr, &((struct rt2661_node *)ni)->amn);
     1.24       scw
     1.24       scw 	/* set rate to some reasonable initial value */
     1.24       scw 	for (i = ni->ni_rates.rs_nrates - 1;
     1.24       scw 	     i > 0 && (ni->ni_rates.rs_rates[i] & IEEE80211_RATE_VAL) > 72;
     1.24       scw 	     i--);
     1.24       scw 	ni->ni_txrate = i;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ic->ic_ifp->if_softc;
      1.1    rpaulo 	enum ieee80211_state ostate;
      1.1    rpaulo 	struct ieee80211_node *ni;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	ostate = ic->ic_state;
      1.1    rpaulo 	callout_stop(&sc->scan_ch);
      1.1    rpaulo
      1.1    rpaulo 	switch (nstate) {
      1.1    rpaulo 	case IEEE80211_S_INIT:
     1.24       scw 		callout_stop(&sc->amrr_ch);
      1.1    rpaulo
      1.1    rpaulo 		if (ostate == IEEE80211_S_RUN) {
      1.1    rpaulo 			/* abort TSF synchronization */
      1.1    rpaulo 			tmp = RAL_READ(sc, RT2661_TXRX_CSR9);
      1.1    rpaulo 			RAL_WRITE(sc, RT2661_TXRX_CSR9, tmp & ~0x00ffffff);
      1.1    rpaulo 		}
      1.1    rpaulo 		break;
      1.1    rpaulo
      1.1    rpaulo 	case IEEE80211_S_SCAN:
      1.1    rpaulo 		rt2661_set_chan(sc, ic->ic_curchan);
      1.1    rpaulo 		callout_reset(&sc->scan_ch, hz / 5, rt2661_next_scan, sc);
      1.1    rpaulo 		break;
      1.1    rpaulo
      1.1    rpaulo 	case IEEE80211_S_AUTH:
      1.1    rpaulo 	case IEEE80211_S_ASSOC:
      1.1    rpaulo 		rt2661_set_chan(sc, ic->ic_curchan);
      1.1    rpaulo 		break;
      1.1    rpaulo
      1.1    rpaulo 	case IEEE80211_S_RUN:
      1.1    rpaulo 		rt2661_set_chan(sc, ic->ic_curchan);
      1.1    rpaulo
      1.1    rpaulo 		ni = ic->ic_bss;
      1.1    rpaulo
      1.1    rpaulo 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
     1.24       scw 			rt2661_set_slottime(sc);
      1.1    rpaulo 			rt2661_enable_mrr(sc);
      1.1    rpaulo 			rt2661_set_txpreamble(sc);
      1.1    rpaulo 			rt2661_set_basicrates(sc, &ni->ni_rates);
      1.1    rpaulo 			rt2661_set_bssid(sc, ni->ni_bssid);
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if (ic->ic_opmode == IEEE80211_M_HOSTAP ||
     1.24       scw 		    ic->ic_opmode == IEEE80211_M_IBSS)
     1.24       scw 			rt2661_prepare_beacon(sc);
     1.24       scw
     1.24       scw 		if (ic->ic_opmode == IEEE80211_M_STA) {
     1.24       scw 			/* fake a join to init the tx rate */
     1.24       scw 			rt2661_newassoc(ni, 1);
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if (ic->ic_opmode != IEEE80211_M_MONITOR) {
     1.24       scw 			sc->ncalls = 0;
     1.24       scw 			sc->avg_rssi = -95;	/* reset EMA */
     1.24       scw 			callout_reset(&sc->amrr_ch, hz / 2,
     1.24       scw 			    rt2661_updatestats, sc);
      1.1    rpaulo 			rt2661_enable_tsf_sync(sc);
      1.1    rpaulo 		}
      1.1    rpaulo 		break;
      1.1    rpaulo 	}
      1.1    rpaulo
     1.24       scw 	return sc->sc_newstate(ic, nstate, arg);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Read 16 bits at address 'addr' from the serial EEPROM (either 93C46 or
      1.1    rpaulo  * 93C66).
      1.1    rpaulo  */
      1.1    rpaulo static uint16_t
      1.1    rpaulo rt2661_eeprom_read(struct rt2661_softc *sc, uint8_t addr)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo 	uint16_t val;
      1.1    rpaulo 	int n;
      1.1    rpaulo
      1.1    rpaulo 	/* clock C once before the first command */
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, 0);
      1.1    rpaulo
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_C);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S);
      1.1    rpaulo
      1.1    rpaulo 	/* write start bit (1) */
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_D);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_D | RT2661_C);
      1.1    rpaulo
      1.1    rpaulo 	/* write READ opcode (10) */
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_D);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_D | RT2661_C);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_C);
      1.1    rpaulo
      1.1    rpaulo 	/* write address (A5-A0 or A7-A0) */
      1.1    rpaulo 	n = (RAL_READ(sc, RT2661_E2PROM_CSR) & RT2661_93C46) ? 5 : 7;
      1.1    rpaulo 	for (; n >= 0; n--) {
      1.1    rpaulo 		RT2661_EEPROM_CTL(sc, RT2661_S |
      1.1    rpaulo 		    (((addr >> n) & 1) << RT2661_SHIFT_D));
      1.1    rpaulo 		RT2661_EEPROM_CTL(sc, RT2661_S |
      1.1    rpaulo 		    (((addr >> n) & 1) << RT2661_SHIFT_D) | RT2661_C);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S);
      1.1    rpaulo
      1.1    rpaulo 	/* read data Q15-Q0 */
      1.1    rpaulo 	val = 0;
      1.1    rpaulo 	for (n = 15; n >= 0; n--) {
      1.1    rpaulo 		RT2661_EEPROM_CTL(sc, RT2661_S | RT2661_C);
      1.1    rpaulo 		tmp = RAL_READ(sc, RT2661_E2PROM_CSR);
      1.1    rpaulo 		val |= ((tmp & RT2661_Q) >> RT2661_SHIFT_Q) << n;
      1.1    rpaulo 		RT2661_EEPROM_CTL(sc, RT2661_S);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* clear Chip Select and clock C */
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_S);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, 0);
      1.1    rpaulo 	RT2661_EEPROM_CTL(sc, RT2661_C);
      1.1    rpaulo
      1.1    rpaulo 	return val;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_tx_intr(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ifnet *ifp = &sc->sc_if;
      1.1    rpaulo 	struct rt2661_tx_ring *txq;
      1.1    rpaulo 	struct rt2661_tx_data *data;
      1.1    rpaulo 	struct rt2661_node *rn;
      1.1    rpaulo 	uint32_t val;
      1.1    rpaulo 	int qid, retrycnt;
      1.1    rpaulo
      1.1    rpaulo 	for (;;) {
      1.1    rpaulo 		val = RAL_READ(sc, RT2661_STA_CSR4);
      1.1    rpaulo 		if (!(val & RT2661_TX_STAT_VALID))
      1.1    rpaulo 			break;
      1.1    rpaulo
      1.1    rpaulo 		/* retrieve the queue in which this frame was sent */
      1.1    rpaulo 		qid = RT2661_TX_QID(val);
      1.1    rpaulo 		txq = (qid <= 3) ? &sc->txq[qid] : &sc->mgtq;
      1.1    rpaulo
      1.1    rpaulo 		/* retrieve rate control algorithm context */
      1.1    rpaulo 		data = &txq->data[txq->stat];
      1.1    rpaulo 		rn = (struct rt2661_node *)data->ni;
      1.1    rpaulo
      1.1    rpaulo 		/* if no frame has been sent, ignore */
      1.1    rpaulo 		if (rn == NULL)
      1.1    rpaulo 			continue;
      1.1    rpaulo
      1.1    rpaulo 		switch (RT2661_TX_RESULT(val)) {
      1.1    rpaulo 		case RT2661_TX_SUCCESS:
      1.1    rpaulo 			retrycnt = RT2661_TX_RETRYCNT(val);
      1.1    rpaulo
      1.1    rpaulo 			DPRINTFN(10, ("data frame sent successfully after "
      1.1    rpaulo 			    "%d retries\n", retrycnt));
     1.24       scw 			rn->amn.amn_txcnt++;
     1.24       scw 			if (retrycnt > 0)
     1.24       scw 				rn->amn.amn_retrycnt++;
      1.1    rpaulo 			ifp->if_opackets++;
      1.1    rpaulo 			break;
      1.1    rpaulo
      1.1    rpaulo 		case RT2661_TX_RETRY_FAIL:
      1.1    rpaulo 			DPRINTFN(9, ("sending data frame failed (too much "
      1.1    rpaulo 			    "retries)\n"));
     1.24       scw 			rn->amn.amn_txcnt++;
     1.24       scw 			rn->amn.amn_retrycnt++;
      1.1    rpaulo 			ifp->if_oerrors++;
      1.1    rpaulo 			break;
      1.1    rpaulo
      1.1    rpaulo 		default:
      1.1    rpaulo 			/* other failure */
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "sending data frame failed 0x%08x\n", val);
      1.1    rpaulo 			ifp->if_oerrors++;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		ieee80211_free_node(data->ni);
      1.1    rpaulo 		data->ni = NULL;
      1.1    rpaulo
      1.1    rpaulo 		DPRINTFN(15, ("tx done q=%d idx=%u\n", qid, txq->stat));
      1.1    rpaulo
      1.1    rpaulo 		txq->queued--;
      1.1    rpaulo 		if (++txq->stat >= txq->count)	/* faster than % count */
      1.1    rpaulo 			txq->stat = 0;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	sc->sc_tx_timer = 0;
      1.1    rpaulo 	ifp->if_flags &= ~IFF_OACTIVE;
      1.1    rpaulo 	rt2661_start(ifp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_tx_dma_intr(struct rt2661_softc *sc, struct rt2661_tx_ring *txq)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_tx_desc *desc;
      1.1    rpaulo 	struct rt2661_tx_data *data;
      1.1    rpaulo
      1.1    rpaulo 	for (;;) {
      1.1    rpaulo 		desc = &txq->desc[txq->next];
      1.1    rpaulo 		data = &txq->data[txq->next];
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, txq->map,
      1.1    rpaulo 		    txq->next * RT2661_TX_DESC_SIZE, RT2661_TX_DESC_SIZE,
      1.1    rpaulo 		    BUS_DMASYNC_POSTREAD);
      1.1    rpaulo
      1.1    rpaulo 		if ((le32toh(desc->flags) & RT2661_TX_BUSY) ||
      1.1    rpaulo 		    !(le32toh(desc->flags) & RT2661_TX_VALID))
      1.1    rpaulo 			break;
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, data->map, 0,
      1.1    rpaulo 		    data->map->dm_mapsize, BUS_DMASYNC_POSTWRITE);
      1.1    rpaulo 		bus_dmamap_unload(sc->sc_dmat, data->map);
      1.1    rpaulo 		m_freem(data->m);
      1.1    rpaulo 		data->m = NULL;
      1.1    rpaulo 		/* node reference is released in rt2661_tx_intr() */
      1.1    rpaulo
      1.1    rpaulo 		/* descriptor is no longer valid */
      1.1    rpaulo 		desc->flags &= ~htole32(RT2661_TX_VALID);
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, txq->map,
      1.1    rpaulo 		    txq->next * RT2661_TX_DESC_SIZE, RT2661_TX_DESC_SIZE,
      1.1    rpaulo 		    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 		DPRINTFN(15, ("tx dma done q=%p idx=%u\n", txq, txq->next));
      1.1    rpaulo
      1.1    rpaulo 		if (++txq->next >= txq->count)	/* faster than % count */
      1.1    rpaulo 			txq->next = 0;
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_rx_intr(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	struct ifnet *ifp = &sc->sc_if;
      1.1    rpaulo 	struct rt2661_rx_desc *desc;
      1.1    rpaulo 	struct rt2661_rx_data *data;
      1.1    rpaulo 	struct ieee80211_frame *wh;
      1.1    rpaulo 	struct ieee80211_node *ni;
      1.1    rpaulo 	struct mbuf *mnew, *m;
     1.24       scw 	int error, rssi;
      1.1    rpaulo
      1.1    rpaulo 	for (;;) {
      1.1    rpaulo 		desc = &sc->rxq.desc[sc->rxq.cur];
      1.1    rpaulo 		data = &sc->rxq.data[sc->rxq.cur];
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, sc->rxq.map,
      1.1    rpaulo 		    sc->rxq.cur * RT2661_RX_DESC_SIZE, RT2661_RX_DESC_SIZE,
      1.1    rpaulo 		    BUS_DMASYNC_POSTREAD);
      1.1    rpaulo
      1.1    rpaulo 		if (le32toh(desc->flags) & RT2661_RX_BUSY)
      1.1    rpaulo 			break;
      1.1    rpaulo
      1.1    rpaulo 		if ((le32toh(desc->flags) & RT2661_RX_PHY_ERROR) ||
      1.1    rpaulo 		    (le32toh(desc->flags) & RT2661_RX_CRC_ERROR)) {
      1.1    rpaulo 			/*
      1.1    rpaulo 			 * This should not happen since we did not request
      1.1    rpaulo 			 * to receive those frames when we filled TXRX_CSR0.
      1.1    rpaulo 			 */
      1.1    rpaulo 			DPRINTFN(5, ("PHY or CRC error flags 0x%08x\n",
      1.1    rpaulo 			    le32toh(desc->flags)));
      1.1    rpaulo 			ifp->if_ierrors++;
      1.1    rpaulo 			goto skip;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if ((le32toh(desc->flags) & RT2661_RX_CIPHER_MASK) != 0) {
      1.1    rpaulo 			ifp->if_ierrors++;
      1.1    rpaulo 			goto skip;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		/*
      1.1    rpaulo 		 * Try to allocate a new mbuf for this ring element and load it
      1.1    rpaulo 		 * before processing the current mbuf. If the ring element
      1.1    rpaulo 		 * cannot be loaded, drop the received packet and reuse the old
      1.1    rpaulo 		 * mbuf. In the unlikely case that the old mbuf can't be
      1.1    rpaulo 		 * reloaded either, explicitly panic.
      1.1    rpaulo 		 */
      1.1    rpaulo 		MGETHDR(mnew, M_DONTWAIT, MT_DATA);
      1.1    rpaulo 		if (mnew == NULL) {
      1.1    rpaulo 			ifp->if_ierrors++;
      1.1    rpaulo 			goto skip;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		MCLGET(mnew, M_DONTWAIT);
      1.1    rpaulo 		if (!(mnew->m_flags & M_EXT)) {
      1.1    rpaulo 			m_freem(mnew);
      1.1    rpaulo 			ifp->if_ierrors++;
      1.1    rpaulo 			goto skip;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, data->map, 0,
      1.1    rpaulo 		    data->map->dm_mapsize, BUS_DMASYNC_POSTREAD);
      1.1    rpaulo 		bus_dmamap_unload(sc->sc_dmat, data->map);
      1.1    rpaulo
      1.1    rpaulo 		error = bus_dmamap_load(sc->sc_dmat, data->map,
      1.1    rpaulo 		    mtod(mnew, void *), MCLBYTES, NULL, BUS_DMA_NOWAIT);
      1.1    rpaulo 		if (error != 0) {
      1.1    rpaulo 			m_freem(mnew);
      1.1    rpaulo
      1.1    rpaulo 			/* try to reload the old mbuf */
      1.1    rpaulo 			error = bus_dmamap_load(sc->sc_dmat, data->map,
      1.1    rpaulo 			    mtod(data->m, void *), MCLBYTES, NULL,
      1.1    rpaulo 			    BUS_DMA_NOWAIT);
      1.1    rpaulo 			if (error != 0) {
      1.1    rpaulo 				/* very unlikely that it will fail... */
      1.1    rpaulo 				panic("%s: could not load old rx mbuf",
     1.29  drochner 				    device_xname(sc->sc_dev));
      1.1    rpaulo 			}
     1.22   xtraeme 			/* physical address may have changed */
     1.22   xtraeme 			desc->physaddr = htole32(data->map->dm_segs->ds_addr);
      1.1    rpaulo 			ifp->if_ierrors++;
      1.1    rpaulo 			goto skip;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		/*
      1.1    rpaulo 	 	 * New mbuf successfully loaded, update Rx ring and continue
      1.1    rpaulo 		 * processing.
      1.1    rpaulo 		 */
      1.1    rpaulo 		m = data->m;
      1.1    rpaulo 		data->m = mnew;
      1.1    rpaulo 		desc->physaddr = htole32(data->map->dm_segs->ds_addr);
      1.1    rpaulo
      1.1    rpaulo 		/* finalize mbuf */
      1.1    rpaulo 		m->m_pkthdr.rcvif = ifp;
      1.1    rpaulo 		m->m_pkthdr.len = m->m_len =
      1.1    rpaulo 		    (le32toh(desc->flags) >> 16) & 0xfff;
      1.1    rpaulo
      1.1    rpaulo 		if (sc->sc_drvbpf != NULL) {
      1.1    rpaulo 			struct rt2661_rx_radiotap_header *tap = &sc->sc_rxtap;
      1.1    rpaulo 			uint32_t tsf_lo, tsf_hi;
      1.1    rpaulo
      1.1    rpaulo 			/* get timestamp (low and high 32 bits) */
      1.1    rpaulo 			tsf_hi = RAL_READ(sc, RT2661_TXRX_CSR13);
      1.1    rpaulo 			tsf_lo = RAL_READ(sc, RT2661_TXRX_CSR12);
      1.1    rpaulo
      1.1    rpaulo 			tap->wr_tsf =
      1.1    rpaulo 			    htole64(((uint64_t)tsf_hi << 32) | tsf_lo);
      1.1    rpaulo 			tap->wr_flags = 0;
      1.1    rpaulo 			tap->wr_rate = rt2661_rxrate(desc);
     1.24       scw 			tap->wr_chan_freq = htole16(sc->sc_curchan->ic_freq);
     1.24       scw 			tap->wr_chan_flags = htole16(sc->sc_curchan->ic_flags);
      1.1    rpaulo 			tap->wr_antsignal = desc->rssi;
      1.1    rpaulo
     1.28     joerg 			bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m);
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		wh = mtod(m, struct ieee80211_frame *);
      1.1    rpaulo 		ni = ieee80211_find_rxnode(ic,
      1.1    rpaulo 		    (struct ieee80211_frame_min *)wh);
      1.1    rpaulo
      1.1    rpaulo 		/* send the frame to the 802.11 layer */
      1.1    rpaulo 		ieee80211_input(ic, m, ni, desc->rssi, 0);
      1.1    rpaulo
     1.24       scw 		/*-
     1.24       scw 		 * Keep track of the average RSSI using an Exponential Moving
     1.24       scw 		 * Average (EMA) of 8 Wilder's days:
     1.24       scw 		 *     avg = (1 / N) x rssi + ((N - 1) / N) x avg
     1.24       scw 		 */
     1.24       scw 		rssi = rt2661_get_rssi(sc, desc->rssi);
     1.24       scw 		sc->avg_rssi = (rssi + 7 * sc->avg_rssi) / 8;
      1.1    rpaulo
      1.1    rpaulo 		/* node is no longer needed */
      1.1    rpaulo 		ieee80211_free_node(ni);
      1.1    rpaulo
      1.1    rpaulo skip:		desc->flags |= htole32(RT2661_RX_BUSY);
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, sc->rxq.map,
      1.1    rpaulo 		    sc->rxq.cur * RT2661_RX_DESC_SIZE, RT2661_RX_DESC_SIZE,
      1.1    rpaulo 		    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
     1.24       scw 		DPRINTFN(16, ("rx intr idx=%u\n", sc->rxq.cur));
      1.1    rpaulo
      1.1    rpaulo 		sc->rxq.cur = (sc->rxq.cur + 1) % RT2661_RX_RING_COUNT;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/*
      1.1    rpaulo 	 * In HostAP mode, ieee80211_input() will enqueue packets in if_snd
      1.1    rpaulo 	 * without calling if_start().
      1.1    rpaulo 	 */
      1.1    rpaulo 	if (!IFQ_IS_EMPTY(&ifp->if_snd) && !(ifp->if_flags & IFF_OACTIVE))
      1.1    rpaulo 		rt2661_start(ifp);
      1.1    rpaulo }
      1.1    rpaulo
     1.24       scw /*
     1.24       scw  * This function is called in HostAP or IBSS modes when it's time to send a
     1.24       scw  * new beacon (every ni_intval milliseconds).
     1.24       scw  */
      1.1    rpaulo static void
     1.13  christos rt2661_mcu_beacon_expire(struct rt2661_softc *sc)
      1.1    rpaulo {
     1.24       scw 	struct ieee80211com *ic = &sc->sc_ic;
     1.24       scw
     1.24       scw 	if (sc->sc_flags & RT2661_UPDATE_SLOT) {
     1.24       scw 		sc->sc_flags &= ~RT2661_UPDATE_SLOT;
     1.24       scw 		sc->sc_flags |= RT2661_SET_SLOTTIME;
     1.24       scw 	} else if (sc->sc_flags & RT2661_SET_SLOTTIME) {
     1.24       scw 		sc->sc_flags &= ~RT2661_SET_SLOTTIME;
     1.24       scw 		rt2661_set_slottime(sc);
     1.24       scw 	}
     1.24       scw
     1.24       scw 	if (ic->ic_curmode == IEEE80211_MODE_11G) {
     1.24       scw 		/* update ERP Information Element */
     1.24       scw 		RAL_WRITE_1(sc, sc->erp_csr, ic->ic_bss->ni_erp);
     1.24       scw 		RAL_RW_BARRIER_1(sc, sc->erp_csr);
     1.24       scw 	}
     1.24       scw
     1.24       scw 	DPRINTFN(15, ("beacon expired\n"));
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_mcu_wakeup(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR11, 5 << 16);
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_SOFT_RESET_CSR, 0x7);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_IO_CNTL_CSR, 0x18);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_PCI_USEC_CSR, 0x20);
      1.1    rpaulo
      1.1    rpaulo 	/* send wakeup command to MCU */
      1.1    rpaulo 	rt2661_tx_cmd(sc, RT2661_MCU_CMD_WAKEUP, 0);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_mcu_cmd_intr(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	RAL_READ(sc, RT2661_M2H_CMD_DONE_CSR);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_M2H_CMD_DONE_CSR, 0xffffffff);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo int
      1.1    rpaulo rt2661_intr(void *arg)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = arg;
      1.1    rpaulo 	struct ifnet *ifp = &sc->sc_if;
      1.1    rpaulo 	uint32_t r1, r2;
     1.24       scw 	int rv = 0;
      1.1    rpaulo
     1.24       scw 	/* don't re-enable interrupts if we're shutting down */
     1.24       scw 	if (!(ifp->if_flags & IFF_RUNNING)) {
     1.24       scw 		/* disable MAC and MCU interrupts */
     1.24       scw 		RAL_WRITE(sc, RT2661_INT_MASK_CSR, 0xffffff7f);
     1.24       scw 		RAL_WRITE(sc, RT2661_MCU_INT_MASK_CSR, 0xffffffff);
     1.24       scw 		return 0;
     1.24       scw 	}
     1.22   xtraeme
     1.24       scw 	for (;;) {
     1.24       scw 		r1 = RAL_READ(sc, RT2661_INT_SOURCE_CSR);
     1.24       scw 		r2 = RAL_READ(sc, RT2661_MCU_INT_SOURCE_CSR);
      1.1    rpaulo
     1.24       scw 		if ((r1 & RT2661_INT_CSR_ALL) == 0 &&
     1.24       scw 		    (r2 & RT2661_MCU_INT_ALL) == 0)
     1.24       scw 			break;
     1.22   xtraeme
     1.24       scw 		RAL_WRITE(sc, RT2661_INT_SOURCE_CSR, r1);
     1.24       scw 		RAL_WRITE(sc, RT2661_MCU_INT_SOURCE_CSR, r2);
      1.1    rpaulo
     1.24       scw 		rv = 1;
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_MGT_DONE)
     1.24       scw 			rt2661_tx_dma_intr(sc, &sc->mgtq);
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_RX_DONE)
     1.24       scw 			rt2661_rx_intr(sc);
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_TX0_DMA_DONE)
     1.24       scw 			rt2661_tx_dma_intr(sc, &sc->txq[0]);
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_TX1_DMA_DONE)
     1.24       scw 			rt2661_tx_dma_intr(sc, &sc->txq[1]);
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_TX2_DMA_DONE)
     1.24       scw 			rt2661_tx_dma_intr(sc, &sc->txq[2]);
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_TX3_DMA_DONE)
     1.24       scw 			rt2661_tx_dma_intr(sc, &sc->txq[3]);
      1.1    rpaulo
     1.24       scw 		if (r1 & RT2661_TX_DONE)
     1.24       scw 			rt2661_tx_intr(sc);
      1.1    rpaulo
     1.24       scw 		if (r2 & RT2661_MCU_CMD_DONE)
     1.24       scw 			rt2661_mcu_cmd_intr(sc);
      1.1    rpaulo
     1.24       scw 		if (r2 & RT2661_MCU_BEACON_EXPIRE)
     1.24       scw 			rt2661_mcu_beacon_expire(sc);
      1.1    rpaulo
     1.24       scw 		if (r2 & RT2661_MCU_WAKEUP)
     1.24       scw 			rt2661_mcu_wakeup(sc);
     1.24       scw 	}
      1.1    rpaulo
     1.24       scw 	return rv;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /* quickly determine if a given rate is CCK or OFDM */
      1.1    rpaulo #define RAL_RATE_IS_OFDM(rate) ((rate) >= 12 && (rate) != 22)
      1.1    rpaulo
      1.1    rpaulo #define RAL_ACK_SIZE	14	/* 10 + 4(FCS) */
      1.1    rpaulo #define RAL_CTS_SIZE	14	/* 10 + 4(FCS) */
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * This function is only used by the Rx radiotap code. It returns the rate at
      1.1    rpaulo  * which a given frame was received.
      1.1    rpaulo  */
      1.1    rpaulo static uint8_t
      1.1    rpaulo rt2661_rxrate(struct rt2661_rx_desc *desc)
      1.1    rpaulo {
      1.1    rpaulo 	if (le32toh(desc->flags) & RT2661_RX_OFDM) {
      1.1    rpaulo 		/* reverse function of rt2661_plcp_signal */
      1.1    rpaulo 		switch (desc->rate & 0xf) {
      1.1    rpaulo 		case 0xb:	return 12;
      1.1    rpaulo 		case 0xf:	return 18;
      1.1    rpaulo 		case 0xa:	return 24;
      1.1    rpaulo 		case 0xe:	return 36;
      1.1    rpaulo 		case 0x9:	return 48;
      1.1    rpaulo 		case 0xd:	return 72;
      1.1    rpaulo 		case 0x8:	return 96;
      1.1    rpaulo 		case 0xc:	return 108;
      1.1    rpaulo 		}
      1.1    rpaulo 	} else {
      1.1    rpaulo 		if (desc->rate == 10)
      1.1    rpaulo 			return 2;
      1.1    rpaulo 		if (desc->rate == 20)
      1.1    rpaulo 			return 4;
      1.1    rpaulo 		if (desc->rate == 55)
      1.1    rpaulo 			return 11;
      1.1    rpaulo 		if (desc->rate == 110)
      1.1    rpaulo 			return 22;
      1.1    rpaulo 	}
      1.1    rpaulo 	return 2;	/* should not get there */
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Return the expected ack rate for a frame transmitted at rate `rate'.
      1.1    rpaulo  * XXX: this should depend on the destination node basic rate set.
      1.1    rpaulo  */
      1.1    rpaulo static int
      1.1    rpaulo rt2661_ack_rate(struct ieee80211com *ic, int rate)
      1.1    rpaulo {
      1.1    rpaulo 	switch (rate) {
      1.1    rpaulo 	/* CCK rates */
      1.1    rpaulo 	case 2:
      1.1    rpaulo 		return 2;
      1.1    rpaulo 	case 4:
      1.1    rpaulo 	case 11:
      1.1    rpaulo 	case 22:
      1.1    rpaulo 		return (ic->ic_curmode == IEEE80211_MODE_11B) ? 4 : rate;
      1.1    rpaulo
      1.1    rpaulo 	/* OFDM rates */
      1.1    rpaulo 	case 12:
      1.1    rpaulo 	case 18:
      1.1    rpaulo 		return 12;
      1.1    rpaulo 	case 24:
      1.1    rpaulo 	case 36:
      1.1    rpaulo 		return 24;
      1.1    rpaulo 	case 48:
      1.1    rpaulo 	case 72:
      1.1    rpaulo 	case 96:
      1.1    rpaulo 	case 108:
      1.1    rpaulo 		return 48;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* default to 1Mbps */
      1.1    rpaulo 	return 2;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Compute the duration (in us) needed to transmit `len' bytes at rate `rate'.
      1.1    rpaulo  * The function automatically determines the operating mode depending on the
      1.1    rpaulo  * given rate. `flags' indicates whether short preamble is in use or not.
      1.1    rpaulo  */
      1.1    rpaulo static uint16_t
      1.1    rpaulo rt2661_txtime(int len, int rate, uint32_t flags)
      1.1    rpaulo {
      1.1    rpaulo 	uint16_t txtime;
      1.1    rpaulo
      1.1    rpaulo 	if (RAL_RATE_IS_OFDM(rate)) {
     1.24       scw 		/* IEEE Std 802.11g-2003, pp. 44 */
      1.1    rpaulo 		txtime = (8 + 4 * len + 3 + rate - 1) / rate;
      1.1    rpaulo 		txtime = 16 + 4 + 4 * txtime + 6;
      1.1    rpaulo 	} else {
      1.1    rpaulo 		/* IEEE Std 802.11b-1999, pp. 28 */
      1.1    rpaulo 		txtime = (16 * len + rate - 1) / rate;
      1.1    rpaulo 		if (rate != 2 && (flags & IEEE80211_F_SHPREAMBLE))
      1.1    rpaulo 			txtime +=  72 + 24;
      1.1    rpaulo 		else
      1.1    rpaulo 			txtime += 144 + 48;
      1.1    rpaulo 	}
      1.1    rpaulo 	return txtime;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static uint8_t
      1.1    rpaulo rt2661_plcp_signal(int rate)
      1.1    rpaulo {
      1.1    rpaulo 	switch (rate) {
      1.1    rpaulo 	/* CCK rates (returned values are device-dependent) */
      1.1    rpaulo 	case 2:		return 0x0;
      1.1    rpaulo 	case 4:		return 0x1;
      1.1    rpaulo 	case 11:	return 0x2;
      1.1    rpaulo 	case 22:	return 0x3;
      1.1    rpaulo
      1.1    rpaulo 	/* OFDM rates (cf IEEE Std 802.11a-1999, pp. 14 Table 80) */
      1.1    rpaulo 	case 12:	return 0xb;
      1.1    rpaulo 	case 18:	return 0xf;
      1.1    rpaulo 	case 24:	return 0xa;
      1.1    rpaulo 	case 36:	return 0xe;
      1.1    rpaulo 	case 48:	return 0x9;
      1.1    rpaulo 	case 72:	return 0xd;
      1.1    rpaulo 	case 96:	return 0x8;
      1.1    rpaulo 	case 108:	return 0xc;
      1.1    rpaulo
      1.1    rpaulo 	/* unsupported rates (should not get there) */
      1.1    rpaulo 	default:	return 0xff;
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_setup_tx_desc(struct rt2661_softc *sc, struct rt2661_tx_desc *desc,
      1.1    rpaulo     uint32_t flags, uint16_t xflags, int len, int rate,
      1.1    rpaulo     const bus_dma_segment_t *segs, int nsegs, int ac)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	uint16_t plcp_length;
      1.1    rpaulo 	int i, remainder;
      1.1    rpaulo
      1.1    rpaulo 	desc->flags = htole32(flags);
      1.1    rpaulo 	desc->flags |= htole32(len << 16);
      1.1    rpaulo
      1.1    rpaulo 	desc->xflags = htole16(xflags);
      1.1    rpaulo 	desc->xflags |= htole16(nsegs << 13);
      1.1    rpaulo
      1.1    rpaulo 	desc->wme = htole16(
      1.1    rpaulo 	    RT2661_QID(ac) |
      1.1    rpaulo 	    RT2661_AIFSN(2) |
      1.1    rpaulo 	    RT2661_LOGCWMIN(4) |
      1.1    rpaulo 	    RT2661_LOGCWMAX(10));
      1.1    rpaulo
      1.1    rpaulo 	/*
      1.1    rpaulo 	 * Remember in which queue this frame was sent. This field is driver
      1.1    rpaulo 	 * private data only. It will be made available by the NIC in STA_CSR4
      1.1    rpaulo 	 * on Tx interrupts.
      1.1    rpaulo 	 */
      1.1    rpaulo 	desc->qid = ac;
      1.1    rpaulo
      1.1    rpaulo 	/* setup PLCP fields */
      1.1    rpaulo 	desc->plcp_signal  = rt2661_plcp_signal(rate);
      1.1    rpaulo 	desc->plcp_service = 4;
      1.1    rpaulo
      1.1    rpaulo 	len += IEEE80211_CRC_LEN;
      1.1    rpaulo 	if (RAL_RATE_IS_OFDM(rate)) {
      1.1    rpaulo 		desc->flags |= htole32(RT2661_TX_OFDM);
      1.1    rpaulo
      1.1    rpaulo 		plcp_length = len & 0xfff;
      1.1    rpaulo 		desc->plcp_length_hi = plcp_length >> 6;
      1.1    rpaulo 		desc->plcp_length_lo = plcp_length & 0x3f;
      1.1    rpaulo 	} else {
      1.1    rpaulo 		plcp_length = (16 * len + rate - 1) / rate;
      1.1    rpaulo 		if (rate == 22) {
      1.1    rpaulo 			remainder = (16 * len) % 22;
      1.1    rpaulo 			if (remainder != 0 && remainder < 7)
      1.1    rpaulo 				desc->plcp_service |= RT2661_PLCP_LENGEXT;
      1.1    rpaulo 		}
      1.1    rpaulo 		desc->plcp_length_hi = plcp_length >> 8;
      1.1    rpaulo 		desc->plcp_length_lo = plcp_length & 0xff;
      1.1    rpaulo
      1.1    rpaulo 		if (rate != 2 && (ic->ic_flags & IEEE80211_F_SHPREAMBLE))
      1.1    rpaulo 			desc->plcp_signal |= 0x08;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* RT2x61 supports scatter with up to 5 segments */
      1.1    rpaulo 	for (i = 0; i < nsegs; i++) {
      1.1    rpaulo 		desc->addr[i] = htole32(segs[i].ds_addr);
      1.1    rpaulo 		desc->len [i] = htole16(segs[i].ds_len);
      1.1    rpaulo 	}
     1.24       scw
     1.24       scw 	desc->flags |= htole32(RT2661_TX_BUSY | RT2661_TX_VALID);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_tx_mgt(struct rt2661_softc *sc, struct mbuf *m0,
      1.1    rpaulo     struct ieee80211_node *ni)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	struct rt2661_tx_desc *desc;
      1.1    rpaulo 	struct rt2661_tx_data *data;
      1.1    rpaulo 	struct ieee80211_frame *wh;
      1.1    rpaulo 	uint16_t dur;
      1.1    rpaulo 	uint32_t flags = 0;
      1.1    rpaulo 	int rate, error;
      1.1    rpaulo
      1.1    rpaulo 	desc = &sc->mgtq.desc[sc->mgtq.cur];
      1.1    rpaulo 	data = &sc->mgtq.data[sc->mgtq.cur];
      1.1    rpaulo
      1.1    rpaulo 	/* send mgt frames at the lowest available rate */
      1.1    rpaulo 	rate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
      1.1    rpaulo
     1.20  degroote 	wh = mtod(m0, struct ieee80211_frame *);
     1.20  degroote
     1.20  degroote 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
     1.24       scw 		if (ieee80211_crypto_encap(ic, ni, m0) == NULL) {
     1.20  degroote 			m_freem(m0);
     1.20  degroote 			return ENOBUFS;
     1.20  degroote 		}
     1.24       scw
     1.24       scw 		/* packet header may have moved, reset our local pointer */
     1.24       scw 		wh = mtod(m0, struct ieee80211_frame *);
     1.20  degroote 	}
     1.20  degroote
      1.1    rpaulo 	error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0,
      1.1    rpaulo 	    BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n",
     1.23    cegger 		    error);
      1.1    rpaulo 		m_freem(m0);
      1.1    rpaulo 		return error;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (sc->sc_drvbpf != NULL) {
      1.1    rpaulo 		struct rt2661_tx_radiotap_header *tap = &sc->sc_txtap;
      1.1    rpaulo
      1.1    rpaulo 		tap->wt_flags = 0;
      1.1    rpaulo 		tap->wt_rate = rate;
     1.24       scw 		tap->wt_chan_freq = htole16(sc->sc_curchan->ic_freq);
     1.24       scw 		tap->wt_chan_flags = htole16(sc->sc_curchan->ic_flags);
      1.1    rpaulo
     1.28     joerg 		bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	data->m = m0;
      1.1    rpaulo 	data->ni = ni;
      1.1    rpaulo
      1.1    rpaulo 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
      1.1    rpaulo 		flags |= RT2661_TX_NEED_ACK;
      1.1    rpaulo
      1.1    rpaulo 		dur = rt2661_txtime(RAL_ACK_SIZE, rate, ic->ic_flags) +
     1.24       scw 		    sc->sifs;
      1.1    rpaulo 		*(uint16_t *)wh->i_dur = htole16(dur);
      1.1    rpaulo
     1.24       scw 		/* tell hardware to set timestamp in probe responses */
      1.1    rpaulo 		if ((wh->i_fc[0] &
      1.1    rpaulo 		    (IEEE80211_FC0_TYPE_MASK | IEEE80211_FC0_SUBTYPE_MASK)) ==
      1.1    rpaulo 		    (IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_PROBE_RESP))
      1.1    rpaulo 			flags |= RT2661_TX_TIMESTAMP;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	rt2661_setup_tx_desc(sc, desc, flags, 0 /* XXX HWSEQ */,
      1.1    rpaulo 	    m0->m_pkthdr.len, rate, data->map->dm_segs, data->map->dm_nsegs,
      1.1    rpaulo 	    RT2661_QID_MGT);
      1.1    rpaulo
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize,
      1.1    rpaulo 	    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, sc->mgtq.map,
      1.1    rpaulo 	    sc->mgtq.cur * RT2661_TX_DESC_SIZE, RT2661_TX_DESC_SIZE,
      1.1    rpaulo 	    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 	DPRINTFN(10, ("sending mgt frame len=%u idx=%u rate=%u\n",
      1.1    rpaulo 	    m0->m_pkthdr.len, sc->mgtq.cur, rate));
      1.1    rpaulo
      1.1    rpaulo 	/* kick mgt */
      1.1    rpaulo 	sc->mgtq.queued++;
      1.1    rpaulo 	sc->mgtq.cur = (sc->mgtq.cur + 1) % RT2661_MGT_RING_COUNT;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TX_CNTL_CSR, RT2661_KICK_MGT);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Build a RTS control frame.
      1.1    rpaulo  */
      1.1    rpaulo static struct mbuf *
      1.1    rpaulo rt2661_get_rts(struct rt2661_softc *sc, struct ieee80211_frame *wh,
      1.1    rpaulo     uint16_t dur)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211_frame_rts *rts;
      1.1    rpaulo 	struct mbuf *m;
      1.1    rpaulo
      1.1    rpaulo 	MGETHDR(m, M_DONTWAIT, MT_DATA);
      1.1    rpaulo 	if (m == NULL) {
      1.1    rpaulo 		sc->sc_ic.ic_stats.is_tx_nobuf++;
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate RTS frame\n");
      1.1    rpaulo 		return NULL;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	rts = mtod(m, struct ieee80211_frame_rts *);
      1.1    rpaulo
      1.1    rpaulo 	rts->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_CTL |
      1.1    rpaulo 	    IEEE80211_FC0_SUBTYPE_RTS;
      1.1    rpaulo 	rts->i_fc[1] = IEEE80211_FC1_DIR_NODS;
      1.1    rpaulo 	*(uint16_t *)rts->i_dur = htole16(dur);
      1.1    rpaulo 	IEEE80211_ADDR_COPY(rts->i_ra, wh->i_addr1);
      1.1    rpaulo 	IEEE80211_ADDR_COPY(rts->i_ta, wh->i_addr2);
      1.1    rpaulo
      1.1    rpaulo 	m->m_pkthdr.len = m->m_len = sizeof (struct ieee80211_frame_rts);
      1.1    rpaulo
      1.1    rpaulo 	return m;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_tx_data(struct rt2661_softc *sc, struct mbuf *m0,
      1.1    rpaulo     struct ieee80211_node *ni, int ac)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	struct rt2661_tx_ring *txq = &sc->txq[ac];
      1.1    rpaulo 	struct rt2661_tx_desc *desc;
      1.1    rpaulo 	struct rt2661_tx_data *data;
      1.1    rpaulo 	struct ieee80211_frame *wh;
      1.1    rpaulo 	struct ieee80211_key *k;
      1.1    rpaulo 	struct mbuf *mnew;
      1.1    rpaulo 	uint16_t dur;
      1.1    rpaulo 	uint32_t flags = 0;
     1.24       scw 	int rate, useprot, error, tid;
      1.1    rpaulo
      1.1    rpaulo 	wh = mtod(m0, struct ieee80211_frame *);
      1.1    rpaulo
      1.1    rpaulo 	if (ic->ic_fixed_rate != IEEE80211_FIXED_RATE_NONE) {
     1.24       scw 		rate = ic->ic_sup_rates[ic->ic_curmode].
     1.24       scw 		    rs_rates[ic->ic_fixed_rate];
     1.24       scw 	} else
     1.24       scw 		rate = ni->ni_rates.rs_rates[ni->ni_txrate];
      1.1    rpaulo 	rate &= IEEE80211_RATE_VAL;
     1.24       scw 	if (rate == 0)
     1.24       scw 		rate = 2;	/* XXX should not happen */
      1.1    rpaulo
      1.1    rpaulo 	if (wh->i_fc[1] & IEEE80211_FC1_WEP) {
      1.1    rpaulo 		k = ieee80211_crypto_encap(ic, ni, m0);
      1.1    rpaulo 		if (k == NULL) {
      1.1    rpaulo 			m_freem(m0);
      1.1    rpaulo 			return ENOBUFS;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		/* packet header may have moved, reset our local pointer */
      1.1    rpaulo 		wh = mtod(m0, struct ieee80211_frame *);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/*
     1.24       scw 	 * Packet Bursting: backoff after ppb=8 frames to give other STAs a
     1.24       scw 	 * chance to contend for the wireless medium.
     1.24       scw 	 */
     1.24       scw 	tid = WME_AC_TO_TID(M_WME_GETAC(m0));
     1.24       scw 	if (ic->ic_opmode == IEEE80211_M_STA && (ni->ni_txseqs[tid] & 7))
     1.24       scw 		flags |= RT2661_TX_IFS_SIFS;
     1.24       scw
     1.24       scw 	/*
      1.1    rpaulo 	 * IEEE Std 802.11-1999, pp 82: "A STA shall use an RTS/CTS exchange
      1.1    rpaulo 	 * for directed frames only when the length of the MPDU is greater
     1.24       scw 	 * than the length threshold indicated by" ic_rtsthreshold.
     1.24       scw 	 *
     1.24       scw 	 * IEEE Std 802.11-2003g, pp 13: "ERP STAs shall use protection
     1.24       scw 	 * mechanism (such as RTS/CTS or CTS-to-self) for ERP-OFDM MPDUs of
     1.24       scw 	 * type Data or an MMPDU".
      1.1    rpaulo 	 */
     1.24       scw 	useprot = !IEEE80211_IS_MULTICAST(wh->i_addr1) &&
     1.24       scw 	    (m0->m_pkthdr.len + IEEE80211_CRC_LEN > ic->ic_rtsthreshold ||
     1.24       scw 	    ((ic->ic_flags & IEEE80211_F_USEPROT) && RAL_RATE_IS_OFDM(rate)));
     1.24       scw 	if (useprot) {
      1.1    rpaulo 		struct mbuf *m;
      1.1    rpaulo 		int rtsrate, ackrate;
      1.1    rpaulo
      1.1    rpaulo 		rtsrate = IEEE80211_IS_CHAN_5GHZ(ic->ic_curchan) ? 12 : 2;
      1.1    rpaulo 		ackrate = rt2661_ack_rate(ic, rate);
      1.1    rpaulo
      1.1    rpaulo 		dur = rt2661_txtime(m0->m_pkthdr.len + 4, rate, ic->ic_flags) +
      1.1    rpaulo 		      rt2661_txtime(RAL_CTS_SIZE, rtsrate, ic->ic_flags) +
      1.1    rpaulo 		      rt2661_txtime(RAL_ACK_SIZE, ackrate, ic->ic_flags) +
     1.24       scw 		      3 * sc->sifs;
      1.1    rpaulo
      1.1    rpaulo 		m = rt2661_get_rts(sc, wh, dur);
     1.24       scw 		if (m == NULL) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not allocate RTS "
     1.24       scw 			    "frame\n");
     1.24       scw 			m_freem(m0);
     1.24       scw 			return ENOBUFS;
     1.24       scw 		}
      1.1    rpaulo
      1.1    rpaulo 		desc = &txq->desc[txq->cur];
      1.1    rpaulo 		data = &txq->data[txq->cur];
      1.1    rpaulo
      1.1    rpaulo 		error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m,
      1.1    rpaulo 		    BUS_DMA_NOWAIT);
      1.1    rpaulo 		if (error != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error);
      1.1    rpaulo 			m_freem(m);
      1.1    rpaulo 			m_freem(m0);
      1.1    rpaulo 			return error;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		/* avoid multiple free() of the same node for each fragment */
      1.1    rpaulo 		ieee80211_ref_node(ni);
      1.1    rpaulo
      1.1    rpaulo 		data->m = m;
      1.1    rpaulo 		data->ni = ni;
      1.1    rpaulo
      1.1    rpaulo 		rt2661_setup_tx_desc(sc, desc, RT2661_TX_NEED_ACK |
      1.1    rpaulo 		    RT2661_TX_MORE_FRAG, 0, m->m_pkthdr.len, rtsrate,
      1.1    rpaulo 		    data->map->dm_segs, data->map->dm_nsegs, ac);
      1.1    rpaulo
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, data->map, 0,
      1.1    rpaulo 		    data->map->dm_mapsize, BUS_DMASYNC_PREWRITE);
      1.1    rpaulo 		bus_dmamap_sync(sc->sc_dmat, txq->map,
      1.1    rpaulo 		    txq->cur * RT2661_TX_DESC_SIZE, RT2661_TX_DESC_SIZE,
      1.1    rpaulo 		    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 		txq->queued++;
      1.1    rpaulo 		txq->cur = (txq->cur + 1) % RT2661_TX_RING_COUNT;
      1.1    rpaulo
     1.24       scw 		flags |= RT2661_TX_LONG_RETRY | RT2661_TX_IFS_SIFS;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	data = &txq->data[txq->cur];
      1.1    rpaulo 	desc = &txq->desc[txq->cur];
      1.1    rpaulo
      1.1    rpaulo 	error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0,
      1.1    rpaulo 	    BUS_DMA_NOWAIT);
      1.1    rpaulo 	if (error != 0 && error != EFBIG) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n",
     1.23    cegger 		    error);
      1.1    rpaulo 		m_freem(m0);
      1.1    rpaulo 		return error;
      1.1    rpaulo 	}
      1.1    rpaulo 	if (error != 0) {
      1.1    rpaulo 		/* too many fragments, linearize */
      1.1    rpaulo
      1.1    rpaulo 		MGETHDR(mnew, M_DONTWAIT, MT_DATA);
      1.1    rpaulo 		if (mnew == NULL) {
      1.1    rpaulo 			m_freem(m0);
      1.1    rpaulo 			return ENOMEM;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		M_COPY_PKTHDR(mnew, m0);
      1.1    rpaulo 		if (m0->m_pkthdr.len > MHLEN) {
      1.1    rpaulo 			MCLGET(mnew, M_DONTWAIT);
      1.1    rpaulo 			if (!(mnew->m_flags & M_EXT)) {
      1.1    rpaulo 				m_freem(m0);
      1.1    rpaulo 				m_freem(mnew);
      1.1    rpaulo 				return ENOMEM;
      1.1    rpaulo 			}
      1.1    rpaulo 		}
      1.1    rpaulo
     1.14  christos 		m_copydata(m0, 0, m0->m_pkthdr.len, mtod(mnew, void *));
      1.1    rpaulo 		m_freem(m0);
      1.1    rpaulo 		mnew->m_len = mnew->m_pkthdr.len;
      1.1    rpaulo 		m0 = mnew;
      1.1    rpaulo
      1.1    rpaulo 		error = bus_dmamap_load_mbuf(sc->sc_dmat, data->map, m0,
      1.1    rpaulo 		    BUS_DMA_NOWAIT);
      1.1    rpaulo 		if (error != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not map mbuf (error %d)\n", error);
      1.1    rpaulo 			m_freem(m0);
      1.1    rpaulo 			return error;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		/* packet header have moved, reset our local pointer */
      1.1    rpaulo 		wh = mtod(m0, struct ieee80211_frame *);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (sc->sc_drvbpf != NULL) {
      1.1    rpaulo 		struct rt2661_tx_radiotap_header *tap = &sc->sc_txtap;
      1.1    rpaulo
      1.1    rpaulo 		tap->wt_flags = 0;
      1.1    rpaulo 		tap->wt_rate = rate;
     1.24       scw 		tap->wt_chan_freq = htole16(sc->sc_curchan->ic_freq);
     1.24       scw 		tap->wt_chan_flags = htole16(sc->sc_curchan->ic_flags);
      1.1    rpaulo
     1.28     joerg 		bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m0);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	data->m = m0;
      1.1    rpaulo 	data->ni = ni;
      1.1    rpaulo
      1.1    rpaulo 	if (!IEEE80211_IS_MULTICAST(wh->i_addr1)) {
      1.1    rpaulo 		flags |= RT2661_TX_NEED_ACK;
      1.1    rpaulo
      1.1    rpaulo 		dur = rt2661_txtime(RAL_ACK_SIZE, rt2661_ack_rate(ic, rate),
     1.24       scw 		    ic->ic_flags) + sc->sifs;
      1.1    rpaulo 		*(uint16_t *)wh->i_dur = htole16(dur);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	rt2661_setup_tx_desc(sc, desc, flags, 0, m0->m_pkthdr.len, rate,
      1.1    rpaulo 	    data->map->dm_segs, data->map->dm_nsegs, ac);
      1.1    rpaulo
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, data->map, 0, data->map->dm_mapsize,
      1.1    rpaulo 	    BUS_DMASYNC_PREWRITE);
      1.1    rpaulo 	bus_dmamap_sync(sc->sc_dmat, txq->map, txq->cur * RT2661_TX_DESC_SIZE,
      1.1    rpaulo 	    RT2661_TX_DESC_SIZE, BUS_DMASYNC_PREWRITE);
      1.1    rpaulo
      1.1    rpaulo 	DPRINTFN(10, ("sending data frame len=%u idx=%u rate=%u\n",
      1.1    rpaulo 	    m0->m_pkthdr.len, txq->cur, rate));
      1.1    rpaulo
      1.1    rpaulo 	/* kick Tx */
      1.1    rpaulo 	txq->queued++;
      1.1    rpaulo 	txq->cur = (txq->cur + 1) % RT2661_TX_RING_COUNT;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TX_CNTL_CSR, 1);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_start(struct ifnet *ifp)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	struct mbuf *m0;
      1.1    rpaulo 	struct ether_header *eh;
      1.1    rpaulo 	struct ieee80211_node *ni = NULL;
      1.1    rpaulo
      1.1    rpaulo 	/*
      1.1    rpaulo 	 * net80211 may still try to send management frames even if the
      1.1    rpaulo 	 * IFF_RUNNING flag is not set...
      1.1    rpaulo 	 */
      1.1    rpaulo 	if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING)
      1.1    rpaulo 		return;
      1.1    rpaulo
      1.1    rpaulo 	for (;;) {
      1.1    rpaulo 		IF_POLL(&ic->ic_mgtq, m0);
      1.1    rpaulo 		if (m0 != NULL) {
      1.1    rpaulo 			if (sc->mgtq.queued >= RT2661_MGT_RING_COUNT) {
      1.1    rpaulo 				ifp->if_flags |= IFF_OACTIVE;
      1.1    rpaulo 				break;
      1.1    rpaulo 			}
      1.1    rpaulo 			IF_DEQUEUE(&ic->ic_mgtq, m0);
      1.8    rpaulo 			if (m0 == NULL)
      1.8    rpaulo 				break;
      1.1    rpaulo
      1.1    rpaulo 			ni = (struct ieee80211_node *)m0->m_pkthdr.rcvif;
      1.1    rpaulo 			m0->m_pkthdr.rcvif = NULL;
     1.28     joerg 			bpf_mtap3(ic->ic_rawbpf, m0);
      1.1    rpaulo 			if (rt2661_tx_mgt(sc, m0, ni) != 0)
      1.1    rpaulo 				break;
      1.1    rpaulo
      1.1    rpaulo 		} else {
     1.24       scw 			IF_POLL(&ifp->if_snd, m0);
     1.24       scw 			if (m0 == NULL || ic->ic_state != IEEE80211_S_RUN)
      1.1    rpaulo 				break;
     1.24       scw
     1.24       scw 			if (sc->txq[0].queued >= RT2661_TX_RING_COUNT - 1) {
     1.24       scw 				/* there is no place left in this ring */
     1.24       scw 				ifp->if_flags |= IFF_OACTIVE;
     1.24       scw 				break;
     1.24       scw 			}
     1.24       scw
      1.1    rpaulo 			IFQ_DEQUEUE(&ifp->if_snd, m0);
      1.1    rpaulo
      1.1    rpaulo 			if (m0->m_len < sizeof (struct ether_header) &&
      1.1    rpaulo 			    !(m0 = m_pullup(m0, sizeof (struct ether_header))))
      1.1    rpaulo 				continue;
      1.1    rpaulo
      1.1    rpaulo 			eh = mtod(m0, struct ether_header *);
      1.1    rpaulo 			ni = ieee80211_find_txnode(ic, eh->ether_dhost);
      1.1    rpaulo 			if (ni == NULL) {
      1.1    rpaulo 				m_freem(m0);
      1.1    rpaulo 				ifp->if_oerrors++;
      1.1    rpaulo 				continue;
      1.1    rpaulo 			}
      1.1    rpaulo
     1.28     joerg 			bpf_mtap3(ifp->if_bpf, m0);
      1.1    rpaulo 			m0 = ieee80211_encap(ic, m0, ni);
      1.1    rpaulo 			if (m0 == NULL) {
      1.1    rpaulo 				ieee80211_free_node(ni);
      1.1    rpaulo 				ifp->if_oerrors++;
      1.1    rpaulo 				continue;
      1.1    rpaulo 			}
     1.28     joerg 			bpf_mtap3(ic->ic_rawbpf, m0);
      1.1    rpaulo 			if (rt2661_tx_data(sc, m0, ni, 0) != 0) {
      1.1    rpaulo 				if (ni != NULL)
      1.1    rpaulo 					ieee80211_free_node(ni);
      1.1    rpaulo 				ifp->if_oerrors++;
      1.1    rpaulo 				break;
      1.1    rpaulo 			}
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		sc->sc_tx_timer = 5;
      1.1    rpaulo 		ifp->if_timer = 1;
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_watchdog(struct ifnet *ifp)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo
      1.1    rpaulo 	ifp->if_timer = 0;
      1.1    rpaulo
      1.1    rpaulo 	if (sc->sc_tx_timer > 0) {
      1.1    rpaulo 		if (--sc->sc_tx_timer == 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "device timeout\n");
      1.1    rpaulo 			rt2661_init(ifp);
      1.1    rpaulo 			ifp->if_oerrors++;
      1.1    rpaulo 			return;
      1.1    rpaulo 		}
      1.1    rpaulo 		ifp->if_timer = 1;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	ieee80211_watchdog(&sc->sc_ic);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * This function allows for fast channel switching in monitor mode (used by
      1.1    rpaulo  * kismet). In IBSS mode, we must explicitly reset the interface to
      1.1    rpaulo  * generate a new beacon frame.
      1.1    rpaulo  */
      1.1    rpaulo static int
      1.1    rpaulo rt2661_reset(struct ifnet *ifp)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo
      1.1    rpaulo 	if (ic->ic_opmode != IEEE80211_M_MONITOR)
      1.1    rpaulo 		return ENETRESET;
      1.1    rpaulo
      1.1    rpaulo 	rt2661_set_chan(sc, ic->ic_curchan);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
     1.14  christos rt2661_ioctl(struct ifnet *ifp, u_long cmd, void *data)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	int s, error = 0;
      1.1    rpaulo
      1.1    rpaulo 	s = splnet();
      1.1    rpaulo
      1.1    rpaulo 	switch (cmd) {
      1.1    rpaulo 	case SIOCSIFFLAGS:
     1.25    dyoung 		if ((error = ifioctl_common(ifp, cmd, data)) != 0)
     1.25    dyoung 			break;
      1.1    rpaulo 		if (ifp->if_flags & IFF_UP) {
      1.1    rpaulo 			if (ifp->if_flags & IFF_RUNNING)
      1.1    rpaulo 				rt2661_update_promisc(sc);
      1.1    rpaulo 			else
      1.1    rpaulo 				rt2661_init(ifp);
      1.1    rpaulo 		} else {
      1.1    rpaulo 			if (ifp->if_flags & IFF_RUNNING)
      1.1    rpaulo 				rt2661_stop(ifp, 1);
      1.1    rpaulo 		}
      1.1    rpaulo 		break;
      1.1    rpaulo
      1.1    rpaulo 	case SIOCADDMULTI:
      1.1    rpaulo 	case SIOCDELMULTI:
     1.17    dyoung 		/* XXX no h/w multicast filter? --dyoung */
     1.17    dyoung 		if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET)
      1.1    rpaulo 			error = 0;
      1.1    rpaulo 		break;
      1.1    rpaulo
      1.1    rpaulo 	case SIOCS80211CHANNEL:
      1.1    rpaulo 		/*
      1.1    rpaulo 		 * This allows for fast channel switching in monitor mode
      1.1    rpaulo 		 * (used by kismet). In IBSS mode, we must explicitly reset
      1.1    rpaulo 		 * the interface to generate a new beacon frame.
      1.1    rpaulo 		 */
      1.1    rpaulo 		error = ieee80211_ioctl(ic, cmd, data);
      1.1    rpaulo 		if (error == ENETRESET &&
      1.1    rpaulo 		    ic->ic_opmode == IEEE80211_M_MONITOR) {
     1.22   xtraeme 			if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
     1.22   xtraeme 			     (IFF_UP | IFF_RUNNING))
     1.22   xtraeme 				rt2661_set_chan(sc, ic->ic_ibss_chan);
      1.1    rpaulo 			error = 0;
      1.1    rpaulo 		}
      1.1    rpaulo 		break;
      1.1    rpaulo
      1.1    rpaulo 	default:
      1.1    rpaulo 		error = ieee80211_ioctl(ic, cmd, data);
      1.1    rpaulo
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (error == ENETRESET) {
      1.1    rpaulo 		if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) ==
      1.1    rpaulo 		    (IFF_UP | IFF_RUNNING))
      1.1    rpaulo 			rt2661_init(ifp);
      1.1    rpaulo 		error = 0;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	splx(s);
      1.1    rpaulo
      1.1    rpaulo 	return error;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_bbp_write(struct rt2661_softc *sc, uint8_t reg, uint8_t val)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo 	int ntries;
      1.1    rpaulo
      1.1    rpaulo 	for (ntries = 0; ntries < 100; ntries++) {
      1.1    rpaulo 		if (!(RAL_READ(sc, RT2661_PHY_CSR3) & RT2661_BBP_BUSY))
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(1);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 100) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not write to BBP\n");
      1.1    rpaulo 		return;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	tmp = RT2661_BBP_BUSY | (reg & 0x7f) << 8 | val;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_PHY_CSR3, tmp);
      1.1    rpaulo
      1.1    rpaulo 	DPRINTFN(15, ("BBP R%u <- 0x%02x\n", reg, val));
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static uint8_t
      1.1    rpaulo rt2661_bbp_read(struct rt2661_softc *sc, uint8_t reg)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t val;
      1.1    rpaulo 	int ntries;
      1.1    rpaulo
      1.1    rpaulo 	for (ntries = 0; ntries < 100; ntries++) {
      1.1    rpaulo 		if (!(RAL_READ(sc, RT2661_PHY_CSR3) & RT2661_BBP_BUSY))
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(1);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 100) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not read from BBP\n");
      1.1    rpaulo 		return 0;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	val = RT2661_BBP_BUSY | RT2661_BBP_READ | reg << 8;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_PHY_CSR3, val);
      1.1    rpaulo
      1.1    rpaulo 	for (ntries = 0; ntries < 100; ntries++) {
      1.1    rpaulo 		val = RAL_READ(sc, RT2661_PHY_CSR3);
      1.1    rpaulo 		if (!(val & RT2661_BBP_BUSY))
      1.1    rpaulo 			return val & 0xff;
      1.1    rpaulo 		DELAY(1);
      1.1    rpaulo 	}
      1.1    rpaulo
     1.29  drochner 	aprint_error_dev(sc->sc_dev, "could not read from BBP\n");
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_rf_write(struct rt2661_softc *sc, uint8_t reg, uint32_t val)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo 	int ntries;
      1.1    rpaulo
      1.1    rpaulo 	for (ntries = 0; ntries < 100; ntries++) {
      1.1    rpaulo 		if (!(RAL_READ(sc, RT2661_PHY_CSR4) & RT2661_RF_BUSY))
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(1);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 100) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not write to RF\n");
      1.1    rpaulo 		return;
      1.1    rpaulo 	}
      1.1    rpaulo 	tmp = RT2661_RF_BUSY | RT2661_RF_21BIT | (val & 0x1fffff) << 2 |
      1.1    rpaulo 	    (reg & 3);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_PHY_CSR4, tmp);
      1.1    rpaulo
      1.1    rpaulo 	/* remember last written value in sc */
      1.1    rpaulo 	sc->rf_regs[reg] = val;
      1.1    rpaulo
      1.1    rpaulo 	DPRINTFN(15, ("RF R[%u] <- 0x%05x\n", reg & 3, val & 0x1fffff));
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_tx_cmd(struct rt2661_softc *sc, uint8_t cmd, uint16_t arg)
      1.1    rpaulo {
      1.1    rpaulo 	if (RAL_READ(sc, RT2661_H2M_MAILBOX_CSR) & RT2661_H2M_BUSY)
      1.1    rpaulo 		return EIO;	/* there is already a command pending */
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_H2M_MAILBOX_CSR,
      1.1    rpaulo 	    RT2661_H2M_BUSY | RT2661_TOKEN_NO_INTR << 16 | arg);
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_HOST_CMD_CSR, RT2661_KICK_CMD | cmd);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_select_antenna(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	uint8_t bbp4, bbp77;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	bbp4  = rt2661_bbp_read(sc,  4);
      1.1    rpaulo 	bbp77 = rt2661_bbp_read(sc, 77);
      1.1    rpaulo
      1.1    rpaulo 	/* TBD */
      1.1    rpaulo
      1.1    rpaulo 	/* make sure Rx is disabled before switching antenna */
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR0);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp | RT2661_DISABLE_RX);
      1.1    rpaulo
      1.1    rpaulo 	rt2661_bbp_write(sc,  4, bbp4);
      1.1    rpaulo 	rt2661_bbp_write(sc, 77, bbp77);
      1.1    rpaulo
      1.1    rpaulo 	/* restore Rx filter */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Enable multi-rate retries for frames sent at OFDM rates.
      1.1    rpaulo  * In 802.11b/g mode, allow fallback to CCK rates.
      1.1    rpaulo  */
      1.1    rpaulo static void
      1.1    rpaulo rt2661_enable_mrr(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR4);
      1.1    rpaulo
      1.1    rpaulo 	tmp &= ~RT2661_MRR_CCK_FALLBACK;
      1.1    rpaulo 	if (!IEEE80211_IS_CHAN_5GHZ(ic->ic_bss->ni_chan))
      1.1    rpaulo 		tmp |= RT2661_MRR_CCK_FALLBACK;
      1.1    rpaulo 	tmp |= RT2661_MRR_ENABLED;
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR4, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_set_txpreamble(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR4);
      1.1    rpaulo
      1.1    rpaulo 	tmp &= ~RT2661_SHORT_PREAMBLE;
      1.1    rpaulo 	if (sc->sc_ic.ic_flags & IEEE80211_F_SHPREAMBLE)
      1.1    rpaulo 		tmp |= RT2661_SHORT_PREAMBLE;
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR4, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_set_basicrates(struct rt2661_softc *sc,
      1.1    rpaulo     const struct ieee80211_rateset *rs)
      1.1    rpaulo {
      1.1    rpaulo #define RV(r)	((r) & IEEE80211_RATE_VAL)
      1.1    rpaulo 	uint32_t mask = 0;
      1.1    rpaulo 	uint8_t rate;
      1.1    rpaulo 	int i, j;
      1.1    rpaulo
      1.1    rpaulo 	for (i = 0; i < rs->rs_nrates; i++) {
      1.1    rpaulo 		rate = rs->rs_rates[i];
      1.1    rpaulo
      1.1    rpaulo 		if (!(rate & IEEE80211_RATE_BASIC))
      1.1    rpaulo 			continue;
      1.1    rpaulo
      1.1    rpaulo 		/*
      1.1    rpaulo 		 * Find h/w rate index.  We know it exists because the rate
      1.1    rpaulo 		 * set has already been negotiated.
      1.1    rpaulo 		 */
      1.1    rpaulo 		for (j = 0; rt2661_rateset_11g.rs_rates[j] != RV(rate); j++);
      1.1    rpaulo
      1.1    rpaulo 		mask |= 1 << j;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR5, mask);
      1.1    rpaulo
      1.1    rpaulo 	DPRINTF(("Setting basic rate mask to 0x%x\n", mask));
      1.1    rpaulo #undef RV
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Reprogram MAC/BBP to switch to a new band.  Values taken from the reference
      1.1    rpaulo  * driver.
      1.1    rpaulo  */
      1.1    rpaulo static void
      1.1    rpaulo rt2661_select_band(struct rt2661_softc *sc, struct ieee80211_channel *c)
      1.1    rpaulo {
      1.1    rpaulo 	uint8_t bbp17, bbp35, bbp96, bbp97, bbp98, bbp104;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	/* update all BBP registers that depend on the band */
      1.1    rpaulo 	bbp17 = 0x20; bbp96 = 0x48; bbp104 = 0x2c;
      1.1    rpaulo 	bbp35 = 0x50; bbp97 = 0x48; bbp98  = 0x48;
      1.1    rpaulo 	if (IEEE80211_IS_CHAN_5GHZ(c)) {
      1.1    rpaulo 		bbp17 += 0x08; bbp96 += 0x10; bbp104 += 0x0c;
      1.1    rpaulo 		bbp35 += 0x10; bbp97 += 0x10; bbp98  += 0x10;
      1.1    rpaulo 	}
      1.1    rpaulo 	if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
      1.1    rpaulo 	    (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
      1.1    rpaulo 		bbp17 += 0x10; bbp96 += 0x10; bbp104 += 0x10;
      1.1    rpaulo 	}
      1.1    rpaulo
     1.24       scw 	sc->bbp17 = bbp17;
      1.1    rpaulo 	rt2661_bbp_write(sc,  17, bbp17);
      1.1    rpaulo 	rt2661_bbp_write(sc,  96, bbp96);
      1.1    rpaulo 	rt2661_bbp_write(sc, 104, bbp104);
      1.1    rpaulo
      1.1    rpaulo 	if ((IEEE80211_IS_CHAN_2GHZ(c) && sc->ext_2ghz_lna) ||
      1.1    rpaulo 	    (IEEE80211_IS_CHAN_5GHZ(c) && sc->ext_5ghz_lna)) {
      1.1    rpaulo 		rt2661_bbp_write(sc, 75, 0x80);
      1.1    rpaulo 		rt2661_bbp_write(sc, 86, 0x80);
      1.1    rpaulo 		rt2661_bbp_write(sc, 88, 0x80);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	rt2661_bbp_write(sc, 35, bbp35);
      1.1    rpaulo 	rt2661_bbp_write(sc, 97, bbp97);
      1.1    rpaulo 	rt2661_bbp_write(sc, 98, bbp98);
      1.1    rpaulo
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_PHY_CSR0);
      1.1    rpaulo 	tmp &= ~(RT2661_PA_PE_2GHZ | RT2661_PA_PE_5GHZ);
      1.1    rpaulo 	if (IEEE80211_IS_CHAN_2GHZ(c))
      1.1    rpaulo 		tmp |= RT2661_PA_PE_2GHZ;
      1.1    rpaulo 	else
      1.1    rpaulo 		tmp |= RT2661_PA_PE_5GHZ;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_PHY_CSR0, tmp);
     1.24       scw
     1.24       scw 	/* 802.11a uses a 16 microseconds short interframe space */
     1.24       scw 	sc->sifs = IEEE80211_IS_CHAN_5GHZ(c) ? 16 : 10;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_set_chan(struct rt2661_softc *sc, struct ieee80211_channel *c)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	const struct rfprog *rfprog;
      1.1    rpaulo 	uint8_t bbp3, bbp94 = RT2661_BBPR94_DEFAULT;
      1.1    rpaulo 	int8_t power;
      1.1    rpaulo 	u_int i, chan;
      1.1    rpaulo
      1.1    rpaulo 	chan = ieee80211_chan2ieee(ic, c);
      1.1    rpaulo 	if (chan == 0 || chan == IEEE80211_CHAN_ANY)
      1.1    rpaulo 		return;
      1.1    rpaulo
      1.1    rpaulo 	/* select the appropriate RF settings based on what EEPROM says */
      1.1    rpaulo 	rfprog = (sc->rfprog == 0) ? rt2661_rf5225_1 : rt2661_rf5225_2;
      1.1    rpaulo
      1.1    rpaulo 	/* find the settings for this channel (we know it exists) */
      1.1    rpaulo 	for (i = 0; rfprog[i].chan != chan; i++);
      1.1    rpaulo
      1.1    rpaulo 	power = sc->txpow[i];
      1.1    rpaulo 	if (power < 0) {
      1.1    rpaulo 		bbp94 += power;
      1.1    rpaulo 		power = 0;
      1.1    rpaulo 	} else if (power > 31) {
      1.1    rpaulo 		bbp94 += power - 31;
      1.1    rpaulo 		power = 31;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/*
     1.18       scw 	 * If we've yet to select a channel, or we are switching from the
     1.18       scw 	 * 2GHz band to the 5GHz band or vice-versa, BBP registers need to
     1.18       scw 	 * be reprogrammed.
      1.1    rpaulo 	 */
     1.18       scw 	if (sc->sc_curchan == NULL || c->ic_flags != sc->sc_curchan->ic_flags) {
      1.1    rpaulo 		rt2661_select_band(sc, c);
      1.1    rpaulo 		rt2661_select_antenna(sc);
      1.1    rpaulo 	}
      1.1    rpaulo 	sc->sc_curchan = c;
      1.1    rpaulo
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF1, rfprog[i].r1);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF2, rfprog[i].r2);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF3, rfprog[i].r3 | power << 7);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF4, rfprog[i].r4 | sc->rffreq << 10);
      1.1    rpaulo
      1.1    rpaulo 	DELAY(200);
      1.1    rpaulo
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF1, rfprog[i].r1);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF2, rfprog[i].r2);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF3, rfprog[i].r3 | power << 7 | 1);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF4, rfprog[i].r4 | sc->rffreq << 10);
      1.1    rpaulo
      1.1    rpaulo 	DELAY(200);
      1.1    rpaulo
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF1, rfprog[i].r1);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF2, rfprog[i].r2);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF3, rfprog[i].r3 | power << 7);
      1.1    rpaulo 	rt2661_rf_write(sc, RAL_RF4, rfprog[i].r4 | sc->rffreq << 10);
      1.1    rpaulo
      1.1    rpaulo 	/* enable smart mode for MIMO-capable RFs */
      1.1    rpaulo 	bbp3 = rt2661_bbp_read(sc, 3);
      1.1    rpaulo
      1.1    rpaulo 	bbp3 &= ~RT2661_SMART_MODE;
      1.1    rpaulo 	if (sc->rf_rev == RT2661_RF_5325 || sc->rf_rev == RT2661_RF_2529)
      1.1    rpaulo 		bbp3 |= RT2661_SMART_MODE;
      1.1    rpaulo
      1.1    rpaulo 	rt2661_bbp_write(sc, 3, bbp3);
      1.1    rpaulo
      1.1    rpaulo 	if (bbp94 != RT2661_BBPR94_DEFAULT)
      1.1    rpaulo 		rt2661_bbp_write(sc, 94, bbp94);
      1.1    rpaulo
      1.1    rpaulo 	/* 5GHz radio needs a 1ms delay here */
      1.1    rpaulo 	if (IEEE80211_IS_CHAN_5GHZ(c))
      1.1    rpaulo 		DELAY(1000);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_set_bssid(struct rt2661_softc *sc, const uint8_t *bssid)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	tmp = bssid[0] | bssid[1] << 8 | bssid[2] << 16 | bssid[3] << 24;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR4, tmp);
      1.1    rpaulo
      1.1    rpaulo 	tmp = bssid[4] | bssid[5] << 8 | RT2661_ONE_BSSID << 16;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR5, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_set_macaddr(struct rt2661_softc *sc, const uint8_t *addr)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	tmp = addr[0] | addr[1] << 8 | addr[2] << 16 | addr[3] << 24;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR2, tmp);
      1.1    rpaulo
     1.24       scw 	tmp = addr[4] | addr[5] << 8 | 0xff << 16;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR3, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_update_promisc(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ifnet *ifp = sc->sc_ic.ic_ifp;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR0);
      1.1    rpaulo
      1.1    rpaulo 	tmp &= ~RT2661_DROP_NOT_TO_ME;
      1.1    rpaulo 	if (!(ifp->if_flags & IFF_PROMISC))
      1.1    rpaulo 		tmp |= RT2661_DROP_NOT_TO_ME;
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp);
      1.1    rpaulo
      1.1    rpaulo 	DPRINTF(("%s promiscuous mode\n", (ifp->if_flags & IFF_PROMISC) ?
      1.1    rpaulo 	    "entering" : "leaving"));
      1.1    rpaulo }
      1.1    rpaulo
     1.13  christos #if 0
      1.1    rpaulo /*
      1.1    rpaulo  * Update QoS (802.11e) settings for each h/w Tx ring.
      1.1    rpaulo  */
      1.1    rpaulo static int
      1.1    rpaulo rt2661_wme_update(struct ieee80211com *ic)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ic->ic_ifp->if_softc;
      1.1    rpaulo 	const struct wmeParams *wmep;
      1.1    rpaulo
      1.1    rpaulo 	wmep = ic->ic_wme.wme_chanParams.cap_wmeParams;
      1.1    rpaulo
      1.1    rpaulo 	/* XXX: not sure about shifts. */
      1.1    rpaulo 	/* XXX: the reference driver plays with AC_VI settings too. */
      1.1    rpaulo
      1.1    rpaulo 	/* update TxOp */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AC_TXOP_CSR0,
      1.1    rpaulo 	    wmep[WME_AC_BE].wmep_txopLimit << 16 |
      1.1    rpaulo 	    wmep[WME_AC_BK].wmep_txopLimit);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AC_TXOP_CSR1,
      1.1    rpaulo 	    wmep[WME_AC_VI].wmep_txopLimit << 16 |
      1.1    rpaulo 	    wmep[WME_AC_VO].wmep_txopLimit);
      1.1    rpaulo
      1.1    rpaulo 	/* update CWmin */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_CWMIN_CSR,
      1.1    rpaulo 	    wmep[WME_AC_BE].wmep_logcwmin << 12 |
      1.1    rpaulo 	    wmep[WME_AC_BK].wmep_logcwmin <<  8 |
      1.1    rpaulo 	    wmep[WME_AC_VI].wmep_logcwmin <<  4 |
      1.1    rpaulo 	    wmep[WME_AC_VO].wmep_logcwmin);
      1.1    rpaulo
      1.1    rpaulo 	/* update CWmax */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_CWMAX_CSR,
      1.1    rpaulo 	    wmep[WME_AC_BE].wmep_logcwmax << 12 |
      1.1    rpaulo 	    wmep[WME_AC_BK].wmep_logcwmax <<  8 |
      1.1    rpaulo 	    wmep[WME_AC_VI].wmep_logcwmax <<  4 |
      1.1    rpaulo 	    wmep[WME_AC_VO].wmep_logcwmax);
      1.1    rpaulo
      1.1    rpaulo 	/* update Aifsn */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AIFSN_CSR,
      1.1    rpaulo 	    wmep[WME_AC_BE].wmep_aifsn << 12 |
      1.1    rpaulo 	    wmep[WME_AC_BK].wmep_aifsn <<  8 |
      1.1    rpaulo 	    wmep[WME_AC_VI].wmep_aifsn <<  4 |
      1.1    rpaulo 	    wmep[WME_AC_VO].wmep_aifsn);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
     1.13  christos #endif
      1.1    rpaulo
      1.1    rpaulo static void
     1.24       scw rt2661_updateslot(struct ifnet *ifp)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
     1.24       scw
     1.24       scw 	if (ic->ic_opmode == IEEE80211_M_HOSTAP) {
     1.24       scw 		/*
     1.24       scw 		 * In HostAP mode, we defer setting of new slot time until
     1.24       scw 		 * updated ERP Information Element has propagated to all
     1.24       scw 		 * associated STAs.
     1.24       scw 		 */
     1.24       scw 		sc->sc_flags |= RT2661_UPDATE_SLOT;
     1.24       scw 	} else
     1.24       scw 		rt2661_set_slottime(sc);
     1.24       scw }
     1.24       scw
     1.24       scw static void
     1.24       scw rt2661_set_slottime(struct rt2661_softc *sc)
     1.24       scw {
     1.24       scw 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	uint8_t slottime;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	slottime = (ic->ic_flags & IEEE80211_F_SHSLOT) ? 9 : 20;
      1.1    rpaulo
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_MAC_CSR9);
      1.1    rpaulo 	tmp = (tmp & ~0xff) | slottime;
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR9, tmp);
     1.24       scw
     1.24       scw 	DPRINTF(("setting slot time to %uus\n", slottime));
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static const char *
      1.1    rpaulo rt2661_get_rf(int rev)
      1.1    rpaulo {
      1.1    rpaulo 	switch (rev) {
      1.1    rpaulo 	case RT2661_RF_5225:	return "RT5225";
      1.1    rpaulo 	case RT2661_RF_5325:	return "RT5325 (MIMO XR)";
      1.1    rpaulo 	case RT2661_RF_2527:	return "RT2527";
      1.1    rpaulo 	case RT2661_RF_2529:	return "RT2529 (MIMO XR)";
      1.1    rpaulo 	default:		return "unknown";
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_read_eeprom(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	uint16_t val;
      1.1    rpaulo 	int i;
      1.1    rpaulo
      1.1    rpaulo 	/* read MAC address */
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_MAC01);
      1.1    rpaulo 	ic->ic_myaddr[0] = val & 0xff;
      1.1    rpaulo 	ic->ic_myaddr[1] = val >> 8;
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_MAC23);
      1.1    rpaulo 	ic->ic_myaddr[2] = val & 0xff;
      1.1    rpaulo 	ic->ic_myaddr[3] = val >> 8;
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_MAC45);
      1.1    rpaulo 	ic->ic_myaddr[4] = val & 0xff;
      1.1    rpaulo 	ic->ic_myaddr[5] = val >> 8;
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_ANTENNA);
      1.1    rpaulo 	/* XXX: test if different from 0xffff? */
      1.1    rpaulo 	sc->rf_rev   = (val >> 11) & 0x1f;
      1.1    rpaulo 	sc->hw_radio = (val >> 10) & 0x1;
      1.1    rpaulo 	sc->rx_ant   = (val >> 4)  & 0x3;
      1.1    rpaulo 	sc->tx_ant   = (val >> 2)  & 0x3;
      1.1    rpaulo 	sc->nb_ant   = val & 0x3;
      1.1    rpaulo
      1.1    rpaulo 	DPRINTF(("RF revision=%d\n", sc->rf_rev));
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_CONFIG2);
      1.1    rpaulo 	sc->ext_5ghz_lna = (val >> 6) & 0x1;
      1.1    rpaulo 	sc->ext_2ghz_lna = (val >> 4) & 0x1;
      1.1    rpaulo
      1.1    rpaulo 	DPRINTF(("External 2GHz LNA=%d\nExternal 5GHz LNA=%d\n",
      1.1    rpaulo 	    sc->ext_2ghz_lna, sc->ext_5ghz_lna));
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_RSSI_2GHZ_OFFSET);
      1.1    rpaulo 	if ((val & 0xff) != 0xff)
      1.1    rpaulo 		sc->rssi_2ghz_corr = (int8_t)(val & 0xff);	/* signed */
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_RSSI_5GHZ_OFFSET);
      1.1    rpaulo 	if ((val & 0xff) != 0xff)
      1.1    rpaulo 		sc->rssi_5ghz_corr = (int8_t)(val & 0xff);	/* signed */
      1.1    rpaulo
      1.1    rpaulo 	/* adjust RSSI correction for external low-noise amplifier */
      1.1    rpaulo 	if (sc->ext_2ghz_lna)
      1.1    rpaulo 		sc->rssi_2ghz_corr -= 14;
      1.1    rpaulo 	if (sc->ext_5ghz_lna)
      1.1    rpaulo 		sc->rssi_5ghz_corr -= 14;
      1.1    rpaulo
      1.1    rpaulo 	DPRINTF(("RSSI 2GHz corr=%d\nRSSI 5GHz corr=%d\n",
      1.1    rpaulo 	    sc->rssi_2ghz_corr, sc->rssi_5ghz_corr));
      1.1    rpaulo
      1.1    rpaulo 	val = rt2661_eeprom_read(sc, RT2661_EEPROM_FREQ_OFFSET);
      1.1    rpaulo 	if ((val >> 8) != 0xff)
      1.1    rpaulo 		sc->rfprog = (val >> 8) & 0x3;
      1.1    rpaulo 	if ((val & 0xff) != 0xff)
      1.1    rpaulo 		sc->rffreq = val & 0xff;
      1.1    rpaulo
      1.1    rpaulo 	DPRINTF(("RF prog=%d\nRF freq=%d\n", sc->rfprog, sc->rffreq));
      1.1    rpaulo
      1.1    rpaulo 	/* read Tx power for all a/b/g channels */
      1.1    rpaulo 	for (i = 0; i < 19; i++) {
      1.1    rpaulo 		val = rt2661_eeprom_read(sc, RT2661_EEPROM_TXPOWER + i);
      1.1    rpaulo 		sc->txpow[i * 2] = (int8_t)(val >> 8);		/* signed */
      1.1    rpaulo 		DPRINTF(("Channel=%d Tx power=%d\n",
      1.1    rpaulo 		    rt2661_rf5225_1[i * 2].chan, sc->txpow[i * 2]));
      1.1    rpaulo 		sc->txpow[i * 2 + 1] = (int8_t)(val & 0xff);	/* signed */
      1.1    rpaulo 		DPRINTF(("Channel=%d Tx power=%d\n",
      1.1    rpaulo 		    rt2661_rf5225_1[i * 2 + 1].chan, sc->txpow[i * 2 + 1]));
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* read vendor-specific BBP values */
      1.1    rpaulo 	for (i = 0; i < 16; i++) {
      1.1    rpaulo 		val = rt2661_eeprom_read(sc, RT2661_EEPROM_BBP_BASE + i);
      1.1    rpaulo 		if (val == 0 || val == 0xffff)
      1.1    rpaulo 			continue;	/* skip invalid entries */
      1.1    rpaulo 		sc->bbp_prom[i].reg = val >> 8;
      1.1    rpaulo 		sc->bbp_prom[i].val = val & 0xff;
      1.1    rpaulo 		DPRINTF(("BBP R%d=%02x\n", sc->bbp_prom[i].reg,
      1.1    rpaulo 		    sc->bbp_prom[i].val));
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_bbp_init(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo #define N(a)	(sizeof (a) / sizeof ((a)[0]))
      1.1    rpaulo 	int i, ntries;
      1.1    rpaulo 	uint8_t val;
      1.1    rpaulo
      1.1    rpaulo 	/* wait for BBP to be ready */
      1.1    rpaulo 	for (ntries = 0; ntries < 100; ntries++) {
      1.1    rpaulo 		val = rt2661_bbp_read(sc, 0);
      1.1    rpaulo 		if (val != 0 && val != 0xff)
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(100);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 100) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "timeout waiting for BBP\n");
      1.1    rpaulo 		return EIO;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* initialize BBP registers to default values */
      1.1    rpaulo 	for (i = 0; i < N(rt2661_def_bbp); i++) {
      1.1    rpaulo 		rt2661_bbp_write(sc, rt2661_def_bbp[i].reg,
      1.1    rpaulo 		    rt2661_def_bbp[i].val);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* write vendor-specific BBP values (from EEPROM) */
      1.1    rpaulo 	for (i = 0; i < 16; i++) {
      1.1    rpaulo 		if (sc->bbp_prom[i].reg == 0)
      1.1    rpaulo 			continue;
      1.1    rpaulo 		rt2661_bbp_write(sc, sc->bbp_prom[i].reg, sc->bbp_prom[i].val);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo #undef N
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_init(struct ifnet *ifp)
      1.1    rpaulo {
      1.1    rpaulo #define N(a)	(sizeof (a) / sizeof ((a)[0]))
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	const char *name = NULL;	/* make lint happy */
      1.1    rpaulo 	uint8_t *ucode;
      1.1    rpaulo 	size_t size;
      1.5    rpaulo 	uint32_t tmp, star[3];
      1.1    rpaulo 	int i, ntries;
      1.1    rpaulo 	firmware_handle_t fh;
      1.1    rpaulo
      1.1    rpaulo 	/* for CardBus, power on the socket */
      1.1    rpaulo 	if (!(sc->sc_flags & RT2661_ENABLED)) {
      1.1    rpaulo 		if (sc->sc_enable != NULL && (*sc->sc_enable)(sc) != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not enable device\n");
      1.1    rpaulo 			return EIO;
      1.1    rpaulo 		}
      1.1    rpaulo 		sc->sc_flags |= RT2661_ENABLED;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	rt2661_stop(ifp, 0);
      1.1    rpaulo
      1.1    rpaulo 	if (!(sc->sc_flags & RT2661_FWLOADED)) {
      1.1    rpaulo 		switch (sc->sc_id) {
      1.1    rpaulo 		case PCI_PRODUCT_RALINK_RT2561:
      1.1    rpaulo 			name = "ral-rt2561";
      1.1    rpaulo 			break;
      1.1    rpaulo 		case PCI_PRODUCT_RALINK_RT2561S:
      1.1    rpaulo 			name = "ral-rt2561s";
      1.1    rpaulo 			break;
      1.1    rpaulo 		case PCI_PRODUCT_RALINK_RT2661:
      1.1    rpaulo 			name = "ral-rt2661";
      1.1    rpaulo 			break;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if (firmware_open("ral", name, &fh) != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not open microcode %s\n", name);
      1.1    rpaulo 			rt2661_stop(ifp, 1);
      1.1    rpaulo 			return EIO;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		size = firmware_get_size(fh);
      1.1    rpaulo 		if (!(ucode = firmware_malloc(size))) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not alloc microcode memory\n");
     1.10    rpaulo 			firmware_close(fh);
      1.1    rpaulo 			rt2661_stop(ifp, 1);
      1.1    rpaulo 			return ENOMEM;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if (firmware_read(fh, 0, ucode, size) != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not read microcode %s\n", name);
1.29.16.1     skrll 			firmware_free(ucode, size);
     1.11    rpaulo 			firmware_close(fh);
      1.1    rpaulo 			rt2661_stop(ifp, 1);
      1.1    rpaulo 			return EIO;
      1.1    rpaulo 		}
      1.1    rpaulo
      1.1    rpaulo 		if (rt2661_load_microcode(sc, ucode, size) != 0) {
     1.29  drochner 			aprint_error_dev(sc->sc_dev, "could not load 8051 microcode\n");
1.29.16.1     skrll 			firmware_free(ucode, size);
     1.10    rpaulo 			firmware_close(fh);
      1.1    rpaulo 			rt2661_stop(ifp, 1);
      1.1    rpaulo 			return EIO;
      1.1    rpaulo 		}
      1.1    rpaulo
1.29.16.1     skrll 		firmware_free(ucode, size);
      1.2    rpaulo 		firmware_close(fh);
      1.1    rpaulo 		sc->sc_flags |= RT2661_FWLOADED;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* initialize Tx rings */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AC1_BASE_CSR, sc->txq[1].physaddr);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AC0_BASE_CSR, sc->txq[0].physaddr);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AC2_BASE_CSR, sc->txq[2].physaddr);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_AC3_BASE_CSR, sc->txq[3].physaddr);
      1.1    rpaulo
      1.1    rpaulo 	/* initialize Mgt ring */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MGT_BASE_CSR, sc->mgtq.physaddr);
      1.1    rpaulo
      1.1    rpaulo 	/* initialize Rx ring */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_RX_BASE_CSR, sc->rxq.physaddr);
      1.1    rpaulo
      1.1    rpaulo 	/* initialize Tx rings sizes */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TX_RING_CSR0,
      1.1    rpaulo 	    RT2661_TX_RING_COUNT << 24 |
      1.1    rpaulo 	    RT2661_TX_RING_COUNT << 16 |
      1.1    rpaulo 	    RT2661_TX_RING_COUNT <<  8 |
      1.1    rpaulo 	    RT2661_TX_RING_COUNT);
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TX_RING_CSR1,
      1.1    rpaulo 	    RT2661_TX_DESC_WSIZE << 16 |
      1.1    rpaulo 	    RT2661_TX_RING_COUNT <<  8 |	/* XXX: HCCA ring unused */
      1.1    rpaulo 	    RT2661_MGT_RING_COUNT);
      1.1    rpaulo
      1.1    rpaulo 	/* initialize Rx rings */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_RX_RING_CSR,
      1.1    rpaulo 	    RT2661_RX_DESC_BACK  << 16 |
      1.1    rpaulo 	    RT2661_RX_DESC_WSIZE <<  8 |
      1.1    rpaulo 	    RT2661_RX_RING_COUNT);
      1.1    rpaulo
      1.1    rpaulo 	/* XXX: some magic here */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TX_DMA_DST_CSR, 0xaa);
      1.1    rpaulo
      1.1    rpaulo 	/* load base addresses of all 5 Tx rings (4 data + 1 mgt) */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_LOAD_TX_RING_CSR, 0x1f);
      1.1    rpaulo
      1.1    rpaulo 	/* load base address of Rx ring */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_RX_CNTL_CSR, 2);
      1.1    rpaulo
      1.1    rpaulo 	/* initialize MAC registers to default values */
      1.1    rpaulo 	for (i = 0; i < N(rt2661_def_mac); i++)
      1.1    rpaulo 		RAL_WRITE(sc, rt2661_def_mac[i].reg, rt2661_def_mac[i].val);
      1.1    rpaulo
     1.16    dyoung 	IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl));
      1.1    rpaulo 	rt2661_set_macaddr(sc, ic->ic_myaddr);
      1.1    rpaulo
      1.1    rpaulo 	/* set host ready */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR1, 3);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR1, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* wait for BBP/RF to wakeup */
      1.1    rpaulo 	for (ntries = 0; ntries < 1000; ntries++) {
      1.1    rpaulo 		if (RAL_READ(sc, RT2661_MAC_CSR12) & 8)
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(1000);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 1000) {
      1.1    rpaulo 		printf("timeout waiting for BBP/RF to wakeup\n");
      1.1    rpaulo 		rt2661_stop(ifp, 1);
      1.1    rpaulo 		return EIO;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (rt2661_bbp_init(sc) != 0) {
      1.1    rpaulo 		rt2661_stop(ifp, 1);
      1.1    rpaulo 		return EIO;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* select default channel */
      1.1    rpaulo 	sc->sc_curchan = ic->ic_curchan;
      1.1    rpaulo 	rt2661_select_band(sc, sc->sc_curchan);
      1.1    rpaulo 	rt2661_select_antenna(sc);
      1.1    rpaulo 	rt2661_set_chan(sc, sc->sc_curchan);
      1.1    rpaulo
      1.1    rpaulo 	/* update Rx filter */
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR0) & 0xffff;
      1.1    rpaulo
      1.1    rpaulo 	tmp |= RT2661_DROP_PHY_ERROR | RT2661_DROP_CRC_ERROR;
      1.1    rpaulo 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
      1.1    rpaulo 		tmp |= RT2661_DROP_CTL | RT2661_DROP_VER_ERROR |
      1.1    rpaulo 		       RT2661_DROP_ACKCTS;
      1.1    rpaulo 		if (ic->ic_opmode != IEEE80211_M_HOSTAP)
      1.1    rpaulo 			tmp |= RT2661_DROP_TODS;
      1.1    rpaulo 		if (!(ifp->if_flags & IFF_PROMISC))
      1.1    rpaulo 			tmp |= RT2661_DROP_NOT_TO_ME;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp);
      1.1    rpaulo
      1.1    rpaulo 	/* clear STA registers */
      1.5    rpaulo 	RAL_READ_REGION_4(sc, RT2661_STA_CSR0, star, N(star));
      1.1    rpaulo
      1.1    rpaulo 	/* initialize ASIC */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR1, 4);
      1.1    rpaulo
      1.1    rpaulo 	/* clear any pending interrupt */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_INT_SOURCE_CSR, 0xffffffff);
      1.1    rpaulo
      1.1    rpaulo 	/* enable interrupts */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_INT_MASK_CSR, 0x0000ff10);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_INT_MASK_CSR, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* kick Rx */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_RX_CNTL_CSR, 1);
      1.1    rpaulo
      1.1    rpaulo 	ifp->if_flags &= ~IFF_OACTIVE;
      1.1    rpaulo 	ifp->if_flags |= IFF_RUNNING;
      1.1    rpaulo
      1.1    rpaulo 	if (ic->ic_opmode != IEEE80211_M_MONITOR) {
      1.1    rpaulo 		if (ic->ic_roaming != IEEE80211_ROAMING_MANUAL)
      1.1    rpaulo 			ieee80211_new_state(ic, IEEE80211_S_SCAN, -1);
      1.1    rpaulo 	} else
      1.1    rpaulo 		ieee80211_new_state(ic, IEEE80211_S_RUN, -1);
      1.1    rpaulo
      1.1    rpaulo 	return 0;
      1.1    rpaulo #undef N
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static void
      1.1    rpaulo rt2661_stop(struct ifnet *ifp, int disable)
      1.1    rpaulo {
      1.1    rpaulo 	struct rt2661_softc *sc = ifp->if_softc;
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	sc->sc_tx_timer = 0;
      1.1    rpaulo 	ifp->if_timer = 0;
      1.1    rpaulo 	ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE);
      1.1    rpaulo
      1.1    rpaulo 	ieee80211_new_state(ic, IEEE80211_S_INIT, -1);	/* free all nodes */
      1.1    rpaulo
      1.1    rpaulo 	/* abort Tx (for all 5 Tx rings) */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TX_CNTL_CSR, 0x1f << 16);
      1.1    rpaulo
      1.1    rpaulo 	/* disable Rx (value remains after reset!) */
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR0);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp | RT2661_DISABLE_RX);
      1.1    rpaulo
      1.1    rpaulo 	/* reset ASIC */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR1, 3);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MAC_CSR1, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* disable interrupts */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_INT_MASK_CSR, 0xffffff7f);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_INT_MASK_CSR, 0xffffffff);
      1.1    rpaulo
      1.1    rpaulo 	/* clear any pending interrupt */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_INT_SOURCE_CSR, 0xffffffff);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_INT_SOURCE_CSR, 0xffffffff);
      1.1    rpaulo
      1.1    rpaulo 	/* reset Tx and Rx rings */
      1.1    rpaulo 	rt2661_reset_tx_ring(sc, &sc->txq[0]);
      1.1    rpaulo 	rt2661_reset_tx_ring(sc, &sc->txq[1]);
      1.1    rpaulo 	rt2661_reset_tx_ring(sc, &sc->txq[2]);
      1.1    rpaulo 	rt2661_reset_tx_ring(sc, &sc->txq[3]);
      1.1    rpaulo 	rt2661_reset_tx_ring(sc, &sc->mgtq);
      1.1    rpaulo 	rt2661_reset_rx_ring(sc, &sc->rxq);
      1.1    rpaulo
      1.1    rpaulo 	/* for CardBus, power down the socket */
      1.1    rpaulo 	if (disable && sc->sc_disable != NULL) {
      1.1    rpaulo 		if (sc->sc_flags & RT2661_ENABLED) {
      1.1    rpaulo 			(*sc->sc_disable)(sc);
      1.1    rpaulo 			sc->sc_flags &= ~(RT2661_ENABLED | RT2661_FWLOADED);
      1.1    rpaulo 		}
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_load_microcode(struct rt2661_softc *sc, const uint8_t *ucode, int size)
      1.1    rpaulo {
      1.1    rpaulo 	int ntries;
      1.1    rpaulo
      1.1    rpaulo 	/* reset 8051 */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_CNTL_CSR, RT2661_MCU_RESET);
      1.1    rpaulo
      1.1    rpaulo 	/* cancel any pending Host to MCU command */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_H2M_MAILBOX_CSR, 0);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_M2H_CMD_DONE_CSR, 0xffffffff);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_HOST_CMD_CSR, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* write 8051's microcode */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_CNTL_CSR, RT2661_MCU_RESET | RT2661_MCU_SEL);
      1.1    rpaulo 	RAL_WRITE_REGION_1(sc, RT2661_MCU_CODE_BASE, ucode, size);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_CNTL_CSR, RT2661_MCU_RESET);
      1.1    rpaulo
      1.1    rpaulo 	/* kick 8051's ass */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_MCU_CNTL_CSR, 0);
      1.1    rpaulo
      1.1    rpaulo 	/* wait for 8051 to initialize */
      1.1    rpaulo 	for (ntries = 0; ntries < 500; ntries++) {
      1.1    rpaulo 		if (RAL_READ(sc, RT2661_MCU_CNTL_CSR) & RT2661_MCU_READY)
      1.1    rpaulo 			break;
      1.1    rpaulo 		DELAY(100);
      1.1    rpaulo 	}
      1.1    rpaulo 	if (ntries == 500) {
      1.1    rpaulo 		printf("timeout waiting for MCU to initialize\n");
      1.1    rpaulo 		return EIO;
      1.1    rpaulo 	}
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Dynamically tune Rx sensitivity (BBP register 17) based on average RSSI and
      1.1    rpaulo  * false CCA count.  This function is called periodically (every seconds) when
      1.1    rpaulo  * in the RUN state.  Values taken from the reference driver.
      1.1    rpaulo  */
      1.1    rpaulo static void
      1.1    rpaulo rt2661_rx_tune(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	uint8_t bbp17;
      1.1    rpaulo 	uint16_t cca;
      1.1    rpaulo 	int lo, hi, dbm;
      1.1    rpaulo
      1.1    rpaulo 	/*
      1.1    rpaulo 	 * Tuning range depends on operating band and on the presence of an
      1.1    rpaulo 	 * external low-noise amplifier.
      1.1    rpaulo 	 */
      1.1    rpaulo 	lo = 0x20;
      1.1    rpaulo 	if (IEEE80211_IS_CHAN_5GHZ(sc->sc_curchan))
      1.1    rpaulo 		lo += 0x08;
      1.1    rpaulo 	if ((IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan) && sc->ext_2ghz_lna) ||
      1.1    rpaulo 	    (IEEE80211_IS_CHAN_5GHZ(sc->sc_curchan) && sc->ext_5ghz_lna))
      1.1    rpaulo 		lo += 0x10;
      1.1    rpaulo 	hi = lo + 0x20;
      1.1    rpaulo
     1.24       scw 	dbm = sc->avg_rssi;
      1.1    rpaulo 	/* retrieve false CCA count since last call (clear on read) */
      1.1    rpaulo 	cca = RAL_READ(sc, RT2661_STA_CSR1) & 0xffff;
      1.1    rpaulo
     1.24       scw 	DPRINTFN(2, ("RSSI=%ddBm false CCA=%d\n", dbm, cca));
      1.7    rpaulo
     1.24       scw 	if (dbm < -74) {
     1.24       scw 		/* very bad RSSI, tune using false CCA count */
      1.1    rpaulo 		bbp17 = sc->bbp17; /* current value */
      1.1    rpaulo
      1.1    rpaulo 		hi -= 2 * (-74 - dbm);
      1.1    rpaulo 		if (hi < lo)
      1.1    rpaulo 			hi = lo;
      1.1    rpaulo
     1.24       scw 		if (bbp17 > hi)
      1.1    rpaulo 			bbp17 = hi;
     1.24       scw 		else if (cca > 512)
     1.24       scw 			bbp17 = min(bbp17 + 1, hi);
     1.24       scw 		else if (cca < 100)
     1.24       scw 			bbp17 = max(bbp17 - 1, lo);
      1.7    rpaulo
     1.24       scw 	} else if (dbm < -66) {
     1.24       scw 		bbp17 = lo + 0x08;
     1.24       scw 	} else if (dbm < -58) {
     1.24       scw 		bbp17 = lo + 0x10;
     1.24       scw 	} else if (dbm < -35) {
     1.24       scw 		bbp17 = hi;
     1.24       scw 	} else {	/* very good RSSI >= -35dBm */
     1.24       scw 		bbp17 = 0x60;	/* very low sensitivity */
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	if (bbp17 != sc->bbp17) {
     1.24       scw 		DPRINTF(("BBP17 %x->%x\n", sc->bbp17, bbp17));
      1.1    rpaulo 		rt2661_bbp_write(sc, 17, bbp17);
      1.1    rpaulo 		sc->bbp17 = bbp17;
      1.1    rpaulo 	}
      1.1    rpaulo }
      1.1    rpaulo
     1.24       scw #ifdef notyet
      1.1    rpaulo /*
      1.1    rpaulo  * Enter/Leave radar detection mode.
      1.1    rpaulo  * This is for 802.11h additional regulatory domains.
      1.1    rpaulo  */
      1.1    rpaulo static void
      1.1    rpaulo rt2661_radar_start(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	/* disable Rx */
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR0);
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp | RT2661_DISABLE_RX);
      1.1    rpaulo
      1.1    rpaulo 	rt2661_bbp_write(sc, 82, 0x20);
      1.1    rpaulo 	rt2661_bbp_write(sc, 83, 0x00);
      1.1    rpaulo 	rt2661_bbp_write(sc, 84, 0x40);
      1.1    rpaulo
      1.1    rpaulo 	/* save current BBP registers values */
      1.1    rpaulo 	sc->bbp18 = rt2661_bbp_read(sc, 18);
      1.1    rpaulo 	sc->bbp21 = rt2661_bbp_read(sc, 21);
      1.1    rpaulo 	sc->bbp22 = rt2661_bbp_read(sc, 22);
      1.1    rpaulo 	sc->bbp16 = rt2661_bbp_read(sc, 16);
      1.1    rpaulo 	sc->bbp17 = rt2661_bbp_read(sc, 17);
      1.1    rpaulo 	sc->bbp64 = rt2661_bbp_read(sc, 64);
      1.1    rpaulo
      1.1    rpaulo 	rt2661_bbp_write(sc, 18, 0xff);
      1.1    rpaulo 	rt2661_bbp_write(sc, 21, 0x3f);
      1.1    rpaulo 	rt2661_bbp_write(sc, 22, 0x3f);
      1.1    rpaulo 	rt2661_bbp_write(sc, 16, 0xbd);
      1.1    rpaulo 	rt2661_bbp_write(sc, 17, sc->ext_5ghz_lna ? 0x44 : 0x34);
      1.1    rpaulo 	rt2661_bbp_write(sc, 64, 0x21);
      1.1    rpaulo
      1.1    rpaulo 	/* restore Rx filter */
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR0, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_radar_stop(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	uint8_t bbp66;
      1.1    rpaulo
      1.1    rpaulo 	/* read radar detection result */
      1.1    rpaulo 	bbp66 = rt2661_bbp_read(sc, 66);
      1.1    rpaulo
      1.1    rpaulo 	/* restore BBP registers values */
      1.1    rpaulo 	rt2661_bbp_write(sc, 16, sc->bbp16);
      1.1    rpaulo 	rt2661_bbp_write(sc, 17, sc->bbp17);
      1.1    rpaulo 	rt2661_bbp_write(sc, 18, sc->bbp18);
      1.1    rpaulo 	rt2661_bbp_write(sc, 21, sc->bbp21);
      1.1    rpaulo 	rt2661_bbp_write(sc, 22, sc->bbp22);
      1.1    rpaulo 	rt2661_bbp_write(sc, 64, sc->bbp64);
      1.1    rpaulo
      1.1    rpaulo 	return bbp66 == 1;
      1.1    rpaulo }
      1.1    rpaulo #endif
      1.1    rpaulo
      1.1    rpaulo static int
      1.1    rpaulo rt2661_prepare_beacon(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
     1.24       scw 	struct ieee80211_node *ni = ic->ic_bss;
      1.1    rpaulo 	struct rt2661_tx_desc desc;
      1.1    rpaulo 	struct mbuf *m0;
      1.1    rpaulo 	struct ieee80211_beacon_offsets bo;
      1.1    rpaulo 	int rate;
      1.1    rpaulo
     1.24       scw 	m0 = ieee80211_beacon_alloc(ic, ni, &bo);
      1.1    rpaulo 	if (m0 == NULL) {
     1.29  drochner 		aprint_error_dev(sc->sc_dev, "could not allocate beacon frame\n");
      1.1    rpaulo 		return ENOBUFS;
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	/* send beacons at the lowest available rate */
     1.24       scw 	rate = IEEE80211_IS_CHAN_5GHZ(ni->ni_chan) ? 12 : 2;
      1.1    rpaulo
      1.1    rpaulo 	rt2661_setup_tx_desc(sc, &desc, RT2661_TX_TIMESTAMP, RT2661_TX_HWSEQ,
      1.1    rpaulo 	    m0->m_pkthdr.len, rate, NULL, 0, RT2661_QID_MGT);
      1.1    rpaulo
      1.1    rpaulo 	/* copy the first 24 bytes of Tx descriptor into NIC memory */
      1.1    rpaulo 	RAL_WRITE_REGION_1(sc, RT2661_HW_BEACON_BASE0, (uint8_t *)&desc, 24);
      1.1    rpaulo
      1.1    rpaulo 	/* copy beacon header and payload into NIC memory */
      1.1    rpaulo 	RAL_WRITE_REGION_1(sc, RT2661_HW_BEACON_BASE0 + 24,
      1.1    rpaulo 	    mtod(m0, uint8_t *), m0->m_pkthdr.len);
      1.1    rpaulo
      1.1    rpaulo 	m_freem(m0);
      1.1    rpaulo
     1.24       scw 	/*
     1.24       scw 	 * Store offset of ERP Information Element so that we can update it
     1.24       scw 	 * dynamically when the slot time changes.
     1.24       scw 	 * XXX: this is ugly since it depends on how net80211 builds beacon
     1.24       scw 	 * frames but ieee80211_beacon_alloc() doesn't store offsets for us.
     1.24       scw 	 */
     1.24       scw 	if (ic->ic_curmode == IEEE80211_MODE_11G) {
     1.24       scw 		sc->erp_csr =
     1.24       scw 		    RT2661_HW_BEACON_BASE0 + 24 +
     1.24       scw 		    sizeof (struct ieee80211_frame) +
     1.24       scw 		    8 + 2 + 2 + 2 + ni->ni_esslen +
     1.24       scw 		    2 + min(ni->ni_rates.rs_nrates, IEEE80211_RATE_SIZE) +
     1.24       scw 		    2 + 1 +
     1.24       scw 		    ((ic->ic_opmode == IEEE80211_M_IBSS) ? 4 : 6) +
     1.24       scw 		    2;
     1.24       scw 	}
     1.24       scw
      1.1    rpaulo 	return 0;
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Enable TSF synchronization and tell h/w to start sending beacons for IBSS
      1.1    rpaulo  * and HostAP operating modes.
      1.1    rpaulo  */
      1.1    rpaulo static void
      1.1    rpaulo rt2661_enable_tsf_sync(struct rt2661_softc *sc)
      1.1    rpaulo {
      1.1    rpaulo 	struct ieee80211com *ic = &sc->sc_ic;
      1.1    rpaulo 	uint32_t tmp;
      1.1    rpaulo
      1.1    rpaulo 	if (ic->ic_opmode != IEEE80211_M_STA) {
      1.1    rpaulo 		/*
      1.1    rpaulo 		 * Change default 16ms TBTT adjustment to 8ms.
      1.1    rpaulo 		 * Must be done before enabling beacon generation.
      1.1    rpaulo 		 */
      1.1    rpaulo 		RAL_WRITE(sc, RT2661_TXRX_CSR10, 1 << 12 | 8);
      1.1    rpaulo 	}
      1.1    rpaulo
      1.1    rpaulo 	tmp = RAL_READ(sc, RT2661_TXRX_CSR9) & 0xff000000;
      1.1    rpaulo
      1.1    rpaulo 	/* set beacon interval (in 1/16ms unit) */
      1.1    rpaulo 	tmp |= ic->ic_bss->ni_intval * 16;
      1.1    rpaulo
      1.1    rpaulo 	tmp |= RT2661_TSF_TICKING | RT2661_ENABLE_TBTT;
      1.1    rpaulo 	if (ic->ic_opmode == IEEE80211_M_STA)
      1.1    rpaulo 		tmp |= RT2661_TSF_MODE(1);
      1.1    rpaulo 	else
      1.1    rpaulo 		tmp |= RT2661_TSF_MODE(2) | RT2661_GENERATE_BEACON;
      1.1    rpaulo
      1.1    rpaulo 	RAL_WRITE(sc, RT2661_TXRX_CSR9, tmp);
      1.1    rpaulo }
      1.1    rpaulo
      1.1    rpaulo /*
      1.1    rpaulo  * Retrieve the "Received Signal Strength Indicator" from the raw values
      1.1    rpaulo  * contained in Rx descriptors.  The computation depends on which band the
      1.1    rpaulo  * frame was received.  Correction values taken from the reference driver.
      1.1    rpaulo  */
      1.1    rpaulo static int
      1.1    rpaulo rt2661_get_rssi(struct rt2661_softc *sc, uint8_t raw)
      1.1    rpaulo {
      1.1    rpaulo 	int lna, agc, rssi;
      1.1    rpaulo
      1.1    rpaulo 	lna = (raw >> 5) & 0x3;
      1.1    rpaulo 	agc = raw & 0x1f;
      1.1    rpaulo
      1.1    rpaulo 	rssi = 2 * agc;
      1.1    rpaulo
      1.1    rpaulo 	if (IEEE80211_IS_CHAN_2GHZ(sc->sc_curchan)) {
      1.1    rpaulo 		rssi += sc->rssi_2ghz_corr;
      1.1    rpaulo
      1.1    rpaulo 		if (lna == 1)
      1.1    rpaulo 			rssi -= 64;
      1.1    rpaulo 		else if (lna == 2)
      1.1    rpaulo 			rssi -= 74;
      1.1    rpaulo 		else if (lna == 3)
      1.1    rpaulo 			rssi -= 90;
      1.1    rpaulo 	} else {
      1.1    rpaulo 		rssi += sc->rssi_5ghz_corr;
      1.1    rpaulo
      1.1    rpaulo 		if (lna == 1)
      1.1    rpaulo 			rssi -= 64;
      1.1    rpaulo 		else if (lna == 2)
      1.1    rpaulo 			rssi -= 86;
      1.1    rpaulo 		else if (lna == 3)
      1.1    rpaulo 			rssi -= 100;
      1.1    rpaulo 	}
      1.1    rpaulo 	return rssi;
      1.1    rpaulo }