if_upgt.c revision 1.3.10.3
1 /* $NetBSD: if_upgt.c,v 1.3.10.3 2014/05/22 11:40:36 yamt Exp $ */ 2 /* $OpenBSD: if_upgt.c,v 1.49 2010/04/20 22:05:43 tedu Exp $ */ 3 4 /* 5 * Copyright (c) 2007 Marcus Glocker <mglocker (at) openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_upgt.c,v 1.3.10.3 2014/05/22 11:40:36 yamt Exp $"); 22 23 #include <sys/param.h> 24 #include <sys/callout.h> 25 #include <sys/device.h> 26 #include <sys/errno.h> 27 #include <sys/kernel.h> 28 #include <sys/kthread.h> 29 #include <sys/mbuf.h> 30 #include <sys/proc.h> 31 #include <sys/sockio.h> 32 #include <sys/systm.h> 33 #include <sys/vnode.h> 34 #include <sys/bus.h> 35 #include <sys/endian.h> 36 #include <sys/intr.h> 37 38 #include <net/bpf.h> 39 #include <net/if.h> 40 #include <net/if_arp.h> 41 #include <net/if_dl.h> 42 #include <net/if_ether.h> 43 #include <net/if_media.h> 44 #include <net/if_types.h> 45 46 #include <net80211/ieee80211_var.h> 47 #include <net80211/ieee80211_radiotap.h> 48 49 #include <dev/firmload.h> 50 51 #include <dev/usb/usb.h> 52 #include <dev/usb/usbdi.h> 53 #include <dev/usb/usbdi_util.h> 54 #include <dev/usb/usbdivar.h> 55 #include <dev/usb/usbdevs.h> 56 57 #include <dev/usb/if_upgtvar.h> 58 59 /* 60 * Driver for the USB PrismGT devices. 61 * 62 * For now just USB 2.0 devices with the GW3887 chipset are supported. 63 * The driver has been written based on the firmware version 2.13.1.0_LM87. 64 * 65 * TODO's: 66 * - Fix MONITOR mode (MAC filter). 67 * - Add HOSTAP mode. 68 * - Add IBSS mode. 69 * - Support the USB 1.0 devices (NET2280, ISL3880, ISL3886 chipsets). 70 * 71 * Parts of this driver has been influenced by reading the p54u driver 72 * written by Jean-Baptiste Note <jean-baptiste.note (at) m4x.org> and 73 * Sebastien Bourdeauducq <lekernel (at) prism54.org>. 74 */ 75 76 #ifdef UPGT_DEBUG 77 int upgt_debug = 2; 78 #define DPRINTF(l, x...) do { if ((l) <= upgt_debug) printf(x); } while (0) 79 #else 80 #define DPRINTF(l, x...) 81 #endif 82 83 /* 84 * Prototypes. 85 */ 86 static int upgt_match(device_t, cfdata_t, void *); 87 static void upgt_attach(device_t, device_t, void *); 88 static int upgt_detach(device_t, int); 89 static int upgt_activate(device_t, devact_t); 90 91 static void upgt_attach_hook(device_t); 92 static int upgt_device_type(struct upgt_softc *, uint16_t, uint16_t); 93 static int upgt_device_init(struct upgt_softc *); 94 static int upgt_mem_init(struct upgt_softc *); 95 static uint32_t upgt_mem_alloc(struct upgt_softc *); 96 static void upgt_mem_free(struct upgt_softc *, uint32_t); 97 static int upgt_fw_alloc(struct upgt_softc *); 98 static void upgt_fw_free(struct upgt_softc *); 99 static int upgt_fw_verify(struct upgt_softc *); 100 static int upgt_fw_load(struct upgt_softc *); 101 static int upgt_fw_copy(char *, char *, int); 102 static int upgt_eeprom_read(struct upgt_softc *); 103 static int upgt_eeprom_parse(struct upgt_softc *); 104 static void upgt_eeprom_parse_hwrx(struct upgt_softc *, uint8_t *); 105 static void upgt_eeprom_parse_freq3(struct upgt_softc *, uint8_t *, int); 106 static void upgt_eeprom_parse_freq4(struct upgt_softc *, uint8_t *, int); 107 static void upgt_eeprom_parse_freq6(struct upgt_softc *, uint8_t *, int); 108 109 static int upgt_ioctl(struct ifnet *, u_long, void *); 110 static int upgt_init(struct ifnet *); 111 static void upgt_stop(struct upgt_softc *); 112 static int upgt_media_change(struct ifnet *); 113 static void upgt_newassoc(struct ieee80211_node *, int); 114 static int upgt_newstate(struct ieee80211com *, enum ieee80211_state, 115 int); 116 static void upgt_newstate_task(void *); 117 static void upgt_next_scan(void *); 118 static void upgt_start(struct ifnet *); 119 static void upgt_watchdog(struct ifnet *); 120 static void upgt_tx_task(void *); 121 static void upgt_tx_done(struct upgt_softc *, uint8_t *); 122 static void upgt_rx_cb(usbd_xfer_handle, usbd_private_handle, usbd_status); 123 static void upgt_rx(struct upgt_softc *, uint8_t *, int); 124 static void upgt_setup_rates(struct upgt_softc *); 125 static uint8_t upgt_rx_rate(struct upgt_softc *, const int); 126 static int upgt_set_macfilter(struct upgt_softc *, uint8_t state); 127 static int upgt_set_channel(struct upgt_softc *, unsigned); 128 static void upgt_set_led(struct upgt_softc *, int); 129 static void upgt_set_led_blink(void *); 130 static int upgt_get_stats(struct upgt_softc *); 131 132 static int upgt_alloc_tx(struct upgt_softc *); 133 static int upgt_alloc_rx(struct upgt_softc *); 134 static int upgt_alloc_cmd(struct upgt_softc *); 135 static void upgt_free_tx(struct upgt_softc *); 136 static void upgt_free_rx(struct upgt_softc *); 137 static void upgt_free_cmd(struct upgt_softc *); 138 static int upgt_bulk_xmit(struct upgt_softc *, struct upgt_data *, 139 usbd_pipe_handle, uint32_t *, int); 140 141 #if 0 142 static void upgt_hexdump(void *, int); 143 #endif 144 static uint32_t upgt_crc32_le(const void *, size_t); 145 static uint32_t upgt_chksum_le(const uint32_t *, size_t); 146 147 CFATTACH_DECL_NEW(upgt, sizeof(struct upgt_softc), 148 upgt_match, upgt_attach, upgt_detach, upgt_activate); 149 150 static const struct usb_devno upgt_devs_1[] = { 151 /* version 1 devices */ 152 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST120G } 153 }; 154 155 static const struct usb_devno upgt_devs_2[] = { 156 /* version 2 devices */ 157 { USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_PRISM_GT }, 158 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST121G }, 159 { USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D7050 }, 160 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54AG }, 161 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54GV2 }, 162 { USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_PRISM_GT }, 163 { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_CGWLUSB2GTST }, 164 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_1 }, 165 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_2 }, 166 { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWLG122A2 }, 167 { USB_VENDOR_FSC, USB_PRODUCT_FSC_E5400 }, 168 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_1 }, 169 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_2 }, 170 { USB_VENDOR_INTERSIL, USB_PRODUCT_INTERSIL_PRISM_GT }, 171 { USB_VENDOR_PHEENET, USB_PRODUCT_PHEENET_GWU513 }, 172 { USB_VENDOR_PHILIPS, USB_PRODUCT_PHILIPS_CPWUA054 }, 173 { USB_VENDOR_SHARP, USB_PRODUCT_SHARP_RUITZ1016YCZZ }, 174 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG }, 175 { USB_VENDOR_USR, USB_PRODUCT_USR_USR5422 }, 176 { USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_UR045G }, 177 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_1 }, 178 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_2 }, 179 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_MD40900 }, 180 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_XG703A } 181 }; 182 183 static int 184 firmware_load(const char *dname, const char *iname, uint8_t **ucodep, 185 size_t *sizep) 186 { 187 firmware_handle_t fh; 188 int error; 189 190 if ((error = firmware_open(dname, iname, &fh)) != 0) 191 return error; 192 *sizep = firmware_get_size(fh); 193 if ((*ucodep = firmware_malloc(*sizep)) == NULL) { 194 firmware_close(fh); 195 return ENOMEM; 196 } 197 if ((error = firmware_read(fh, 0, *ucodep, *sizep)) != 0) 198 firmware_free(*ucodep, *sizep); 199 firmware_close(fh); 200 201 return error; 202 } 203 204 static int 205 upgt_match(device_t parent, cfdata_t match, void *aux) 206 { 207 struct usb_attach_arg *uaa = aux; 208 209 if (usb_lookup(upgt_devs_1, uaa->vendor, uaa->product) != NULL) 210 return UMATCH_VENDOR_PRODUCT; 211 212 if (usb_lookup(upgt_devs_2, uaa->vendor, uaa->product) != NULL) 213 return UMATCH_VENDOR_PRODUCT; 214 215 return UMATCH_NONE; 216 } 217 218 static void 219 upgt_attach(device_t parent, device_t self, void *aux) 220 { 221 struct upgt_softc *sc = device_private(self); 222 struct usb_attach_arg *uaa = aux; 223 usb_interface_descriptor_t *id; 224 usb_endpoint_descriptor_t *ed; 225 usbd_status error; 226 char *devinfop; 227 int i; 228 229 aprint_naive("\n"); 230 aprint_normal("\n"); 231 232 /* 233 * Attach USB device. 234 */ 235 sc->sc_dev = self; 236 sc->sc_udev = uaa->device; 237 238 devinfop = usbd_devinfo_alloc(sc->sc_udev, 0); 239 aprint_normal_dev(sc->sc_dev, "%s\n", devinfop); 240 usbd_devinfo_free(devinfop); 241 242 /* check device type */ 243 if (upgt_device_type(sc, uaa->vendor, uaa->product) != 0) 244 return; 245 246 /* set configuration number */ 247 error = usbd_set_config_no(sc->sc_udev, UPGT_CONFIG_NO, 0); 248 if (error != 0) { 249 aprint_error_dev(sc->sc_dev, "failed to set configuration" 250 ", err=%s\n", usbd_errstr(error)); 251 return; 252 } 253 254 /* get the first interface handle */ 255 error = usbd_device2interface_handle(sc->sc_udev, UPGT_IFACE_INDEX, 256 &sc->sc_iface); 257 if (error != 0) { 258 aprint_error_dev(sc->sc_dev, 259 "could not get interface handle\n"); 260 return; 261 } 262 263 /* find endpoints */ 264 id = usbd_get_interface_descriptor(sc->sc_iface); 265 sc->sc_rx_no = sc->sc_tx_no = -1; 266 for (i = 0; i < id->bNumEndpoints; i++) { 267 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 268 if (ed == NULL) { 269 aprint_error_dev(sc->sc_dev, 270 "no endpoint descriptor for iface %d\n", i); 271 return; 272 } 273 274 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 275 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 276 sc->sc_tx_no = ed->bEndpointAddress; 277 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 278 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 279 sc->sc_rx_no = ed->bEndpointAddress; 280 281 /* 282 * 0x01 TX pipe 283 * 0x81 RX pipe 284 * 285 * Deprecated scheme (not used with fw version >2.5.6.x): 286 * 0x02 TX MGMT pipe 287 * 0x82 TX MGMT pipe 288 */ 289 if (sc->sc_tx_no != -1 && sc->sc_rx_no != -1) 290 break; 291 } 292 if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) { 293 aprint_error_dev(sc->sc_dev, "missing endpoint\n"); 294 return; 295 } 296 297 /* setup tasks and timeouts */ 298 usb_init_task(&sc->sc_task_newstate, upgt_newstate_task, sc, 0); 299 usb_init_task(&sc->sc_task_tx, upgt_tx_task, sc, 0); 300 callout_init(&sc->scan_to, 0); 301 callout_setfunc(&sc->scan_to, upgt_next_scan, sc); 302 callout_init(&sc->led_to, 0); 303 callout_setfunc(&sc->led_to, upgt_set_led_blink, sc); 304 305 /* 306 * Open TX and RX USB bulk pipes. 307 */ 308 error = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE, 309 &sc->sc_tx_pipeh); 310 if (error != 0) { 311 aprint_error_dev(sc->sc_dev, 312 "could not open TX pipe: %s\n", usbd_errstr(error)); 313 goto fail; 314 } 315 error = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE, 316 &sc->sc_rx_pipeh); 317 if (error != 0) { 318 aprint_error_dev(sc->sc_dev, "could not open RX pipe: %s\n", 319 usbd_errstr(error)); 320 goto fail; 321 } 322 323 /* 324 * Allocate TX, RX, and CMD xfers. 325 */ 326 if (upgt_alloc_tx(sc) != 0) 327 goto fail; 328 if (upgt_alloc_rx(sc) != 0) 329 goto fail; 330 if (upgt_alloc_cmd(sc) != 0) 331 goto fail; 332 333 /* 334 * We need the firmware loaded from file system to complete the attach. 335 */ 336 config_mountroot(self, upgt_attach_hook); 337 338 return; 339 fail: 340 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 341 } 342 343 static void 344 upgt_attach_hook(device_t arg) 345 { 346 struct upgt_softc *sc = device_private(arg); 347 struct ieee80211com *ic = &sc->sc_ic; 348 struct ifnet *ifp = &sc->sc_if; 349 usbd_status error; 350 int i; 351 352 /* 353 * Load firmware file into memory. 354 */ 355 if (upgt_fw_alloc(sc) != 0) 356 goto fail; 357 358 /* 359 * Initialize the device. 360 */ 361 if (upgt_device_init(sc) != 0) 362 goto fail; 363 364 /* 365 * Verify the firmware. 366 */ 367 if (upgt_fw_verify(sc) != 0) 368 goto fail; 369 370 /* 371 * Calculate device memory space. 372 */ 373 if (sc->sc_memaddr_frame_start == 0 || sc->sc_memaddr_frame_end == 0) { 374 aprint_error_dev(sc->sc_dev, 375 "could not find memory space addresses on FW\n"); 376 goto fail; 377 } 378 sc->sc_memaddr_frame_end -= UPGT_MEMSIZE_RX + 1; 379 sc->sc_memaddr_rx_start = sc->sc_memaddr_frame_end + 1; 380 381 DPRINTF(1, "%s: memory address frame start=0x%08x\n", 382 device_xname(sc->sc_dev), sc->sc_memaddr_frame_start); 383 DPRINTF(1, "%s: memory address frame end=0x%08x\n", 384 device_xname(sc->sc_dev), sc->sc_memaddr_frame_end); 385 DPRINTF(1, "%s: memory address rx start=0x%08x\n", 386 device_xname(sc->sc_dev), sc->sc_memaddr_rx_start); 387 388 upgt_mem_init(sc); 389 390 /* 391 * Load the firmware. 392 */ 393 if (upgt_fw_load(sc) != 0) 394 goto fail; 395 396 /* 397 * Startup the RX pipe. 398 */ 399 struct upgt_data *data_rx = &sc->rx_data; 400 401 usbd_setup_xfer(data_rx->xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, 402 MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 403 error = usbd_transfer(data_rx->xfer); 404 if (error != USBD_NORMAL_COMPLETION && error != USBD_IN_PROGRESS) { 405 aprint_error_dev(sc->sc_dev, 406 "could not queue RX transfer\n"); 407 goto fail; 408 } 409 usbd_delay_ms(sc->sc_udev, 100); 410 411 /* 412 * Read the whole EEPROM content and parse it. 413 */ 414 if (upgt_eeprom_read(sc) != 0) 415 goto fail; 416 if (upgt_eeprom_parse(sc) != 0) 417 goto fail; 418 419 /* 420 * Setup the 802.11 device. 421 */ 422 ic->ic_ifp = ifp; 423 ic->ic_phytype = IEEE80211_T_OFDM; 424 ic->ic_opmode = IEEE80211_M_STA; 425 ic->ic_state = IEEE80211_S_INIT; 426 ic->ic_caps = 427 IEEE80211_C_MONITOR | 428 IEEE80211_C_SHPREAMBLE | 429 IEEE80211_C_SHSLOT; 430 431 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 432 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 433 434 for (i = 1; i <= 14; i++) { 435 ic->ic_channels[i].ic_freq = 436 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 437 ic->ic_channels[i].ic_flags = 438 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 439 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 440 } 441 442 ifp->if_softc = sc; 443 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 444 ifp->if_init = upgt_init; 445 ifp->if_ioctl = upgt_ioctl; 446 ifp->if_start = upgt_start; 447 ifp->if_watchdog = upgt_watchdog; 448 IFQ_SET_READY(&ifp->if_snd); 449 memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ); 450 451 if_attach(ifp); 452 ieee80211_ifattach(ic); 453 ic->ic_newassoc = upgt_newassoc; 454 455 sc->sc_newstate = ic->ic_newstate; 456 ic->ic_newstate = upgt_newstate; 457 ieee80211_media_init(ic, upgt_media_change, ieee80211_media_status); 458 459 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 460 sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 461 &sc->sc_drvbpf); 462 463 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 464 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 465 sc->sc_rxtap.wr_ihdr.it_present = htole32(UPGT_RX_RADIOTAP_PRESENT); 466 467 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 468 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 469 sc->sc_txtap.wt_ihdr.it_present = htole32(UPGT_TX_RADIOTAP_PRESENT); 470 471 aprint_normal_dev(sc->sc_dev, "address %s\n", 472 ether_sprintf(ic->ic_myaddr)); 473 474 ieee80211_announce(ic); 475 476 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, sc->sc_dev); 477 478 /* device attached */ 479 sc->sc_flags |= UPGT_DEVICE_ATTACHED; 480 481 return; 482 fail: 483 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 484 } 485 486 static int 487 upgt_detach(device_t self, int flags) 488 { 489 struct upgt_softc *sc = device_private(self); 490 struct ifnet *ifp = &sc->sc_if; 491 struct ieee80211com *ic = &sc->sc_ic; 492 int s; 493 494 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 495 496 s = splnet(); 497 498 if (ifp->if_flags & IFF_RUNNING) 499 upgt_stop(sc); 500 501 /* remove tasks and timeouts */ 502 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 503 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 504 callout_destroy(&sc->scan_to); 505 callout_destroy(&sc->led_to); 506 507 /* abort and close TX / RX pipes */ 508 if (sc->sc_tx_pipeh != NULL) { 509 usbd_abort_pipe(sc->sc_tx_pipeh); 510 usbd_close_pipe(sc->sc_tx_pipeh); 511 } 512 if (sc->sc_rx_pipeh != NULL) { 513 usbd_abort_pipe(sc->sc_rx_pipeh); 514 usbd_close_pipe(sc->sc_rx_pipeh); 515 } 516 517 /* free xfers */ 518 upgt_free_tx(sc); 519 upgt_free_rx(sc); 520 upgt_free_cmd(sc); 521 522 /* free firmware */ 523 upgt_fw_free(sc); 524 525 if (sc->sc_flags & UPGT_DEVICE_ATTACHED) { 526 /* detach interface */ 527 bpf_detach(ifp); 528 ieee80211_ifdetach(ic); 529 if_detach(ifp); 530 } 531 532 splx(s); 533 534 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, sc->sc_dev); 535 536 return 0; 537 } 538 539 static int 540 upgt_activate(device_t self, devact_t act) 541 { 542 struct upgt_softc *sc = device_private(self); 543 544 switch (act) { 545 case DVACT_DEACTIVATE: 546 if_deactivate(&sc->sc_if); 547 return 0; 548 default: 549 return EOPNOTSUPP; 550 } 551 } 552 553 static int 554 upgt_device_type(struct upgt_softc *sc, uint16_t vendor, uint16_t product) 555 { 556 557 if (usb_lookup(upgt_devs_1, vendor, product) != NULL) { 558 sc->sc_device_type = 1; 559 /* XXX */ 560 aprint_error_dev(sc->sc_dev, 561 "version 1 devices not supported yet\n"); 562 return 1; 563 } else 564 sc->sc_device_type = 2; 565 566 return 0; 567 } 568 569 static int 570 upgt_device_init(struct upgt_softc *sc) 571 { 572 struct upgt_data *data_cmd = &sc->cmd_data; 573 const uint8_t init_cmd[] = { 0x7e, 0x7e, 0x7e, 0x7e }; 574 int len; 575 576 len = sizeof(init_cmd); 577 memcpy(data_cmd->buf, init_cmd, len); 578 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 579 aprint_error_dev(sc->sc_dev, 580 "could not send device init string\n"); 581 return EIO; 582 } 583 usbd_delay_ms(sc->sc_udev, 100); 584 585 DPRINTF(1, "%s: device initialized\n", device_xname(sc->sc_dev)); 586 587 return 0; 588 } 589 590 static int 591 upgt_mem_init(struct upgt_softc *sc) 592 { 593 int i; 594 595 for (i = 0; i < UPGT_MEMORY_MAX_PAGES; i++) { 596 sc->sc_memory.page[i].used = 0; 597 598 if (i == 0) { 599 /* 600 * The first memory page is always reserved for 601 * command data. 602 */ 603 sc->sc_memory.page[i].addr = 604 sc->sc_memaddr_frame_start + MCLBYTES; 605 } else { 606 sc->sc_memory.page[i].addr = 607 sc->sc_memory.page[i - 1].addr + MCLBYTES; 608 } 609 610 if (sc->sc_memory.page[i].addr + MCLBYTES >= 611 sc->sc_memaddr_frame_end) 612 break; 613 614 DPRINTF(2, "%s: memory address page %d=0x%08x\n", 615 device_xname(sc->sc_dev), i, sc->sc_memory.page[i].addr); 616 } 617 618 sc->sc_memory.pages = i; 619 620 DPRINTF(2, "%s: memory pages=%d\n", 621 device_xname(sc->sc_dev), sc->sc_memory.pages); 622 623 return 0; 624 } 625 626 static uint32_t 627 upgt_mem_alloc(struct upgt_softc *sc) 628 { 629 int i; 630 631 for (i = 0; i < sc->sc_memory.pages; i++) { 632 if (sc->sc_memory.page[i].used == 0) { 633 sc->sc_memory.page[i].used = 1; 634 return sc->sc_memory.page[i].addr; 635 } 636 } 637 638 return 0; 639 } 640 641 static void 642 upgt_mem_free(struct upgt_softc *sc, uint32_t addr) 643 { 644 int i; 645 646 for (i = 0; i < sc->sc_memory.pages; i++) { 647 if (sc->sc_memory.page[i].addr == addr) { 648 sc->sc_memory.page[i].used = 0; 649 return; 650 } 651 } 652 653 aprint_error_dev(sc->sc_dev, "could not free memory address 0x%08x\n", 654 addr); 655 } 656 657 658 static int 659 upgt_fw_alloc(struct upgt_softc *sc) 660 { 661 const char *name = "upgt-gw3887"; 662 int error; 663 664 if (sc->sc_fw == NULL) { 665 error = firmware_load("upgt", name, &sc->sc_fw, 666 &sc->sc_fw_size); 667 if (error != 0) { 668 if (error == ENOENT) { 669 /* 670 * The firmware file for upgt(4) is not in 671 * the default distribution due to its lisence 672 * so explicitly notify it if the firmware file 673 * is not found. 674 */ 675 aprint_error_dev(sc->sc_dev, 676 "firmware file %s is not installed\n", 677 name); 678 aprint_error_dev(sc->sc_dev, 679 "(it is not included in the default" 680 " distribution)\n"); 681 aprint_error_dev(sc->sc_dev, 682 "see upgt(4) man page for details about " 683 "firmware installation\n"); 684 } else { 685 aprint_error_dev(sc->sc_dev, 686 "could not read firmware %s\n", name); 687 } 688 return EIO; 689 } 690 } 691 692 DPRINTF(1, "%s: firmware %s allocated\n", device_xname(sc->sc_dev), 693 name); 694 695 return 0; 696 } 697 698 static void 699 upgt_fw_free(struct upgt_softc *sc) 700 { 701 702 if (sc->sc_fw != NULL) { 703 firmware_free(sc->sc_fw, sc->sc_fw_size); 704 sc->sc_fw = NULL; 705 DPRINTF(1, "%s: firmware freed\n", device_xname(sc->sc_dev)); 706 } 707 } 708 709 static int 710 upgt_fw_verify(struct upgt_softc *sc) 711 { 712 struct upgt_fw_bra_option *bra_option; 713 uint32_t bra_option_type, bra_option_len; 714 uint32_t *uc; 715 int offset, bra_end = 0; 716 717 /* 718 * Seek to beginning of Boot Record Area (BRA). 719 */ 720 for (offset = 0; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 721 uc = (uint32_t *)(sc->sc_fw + offset); 722 if (*uc == 0) 723 break; 724 } 725 for (; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 726 uc = (uint32_t *)(sc->sc_fw + offset); 727 if (*uc != 0) 728 break; 729 } 730 if (offset == sc->sc_fw_size) { 731 aprint_error_dev(sc->sc_dev, 732 "firmware Boot Record Area not found\n"); 733 return EIO; 734 } 735 DPRINTF(1, "%s: firmware Boot Record Area found at offset %d\n", 736 device_xname(sc->sc_dev), offset); 737 738 /* 739 * Parse Boot Record Area (BRA) options. 740 */ 741 while (offset < sc->sc_fw_size && bra_end == 0) { 742 /* get current BRA option */ 743 bra_option = (struct upgt_fw_bra_option *)(sc->sc_fw + offset); 744 bra_option_type = le32toh(bra_option->type); 745 bra_option_len = le32toh(bra_option->len) * sizeof(*uc); 746 747 switch (bra_option_type) { 748 case UPGT_BRA_TYPE_FW: 749 DPRINTF(1, "%s: UPGT_BRA_TYPE_FW len=%d\n", 750 device_xname(sc->sc_dev), bra_option_len); 751 752 if (bra_option_len != UPGT_BRA_FWTYPE_SIZE) { 753 aprint_error_dev(sc->sc_dev, 754 "wrong UPGT_BRA_TYPE_FW len\n"); 755 return EIO; 756 } 757 if (memcmp(UPGT_BRA_FWTYPE_LM86, bra_option->data, 758 bra_option_len) == 0) { 759 sc->sc_fw_type = UPGT_FWTYPE_LM86; 760 break; 761 } 762 if (memcmp(UPGT_BRA_FWTYPE_LM87, bra_option->data, 763 bra_option_len) == 0) { 764 sc->sc_fw_type = UPGT_FWTYPE_LM87; 765 break; 766 } 767 if (memcmp(UPGT_BRA_FWTYPE_FMAC, bra_option->data, 768 bra_option_len) == 0) { 769 sc->sc_fw_type = UPGT_FWTYPE_FMAC; 770 break; 771 } 772 aprint_error_dev(sc->sc_dev, 773 "unsupported firmware type\n"); 774 return EIO; 775 case UPGT_BRA_TYPE_VERSION: 776 DPRINTF(1, "%s: UPGT_BRA_TYPE_VERSION len=%d\n", 777 device_xname(sc->sc_dev), bra_option_len); 778 break; 779 case UPGT_BRA_TYPE_DEPIF: 780 DPRINTF(1, "%s: UPGT_BRA_TYPE_DEPIF len=%d\n", 781 device_xname(sc->sc_dev), bra_option_len); 782 break; 783 case UPGT_BRA_TYPE_EXPIF: 784 DPRINTF(1, "%s: UPGT_BRA_TYPE_EXPIF len=%d\n", 785 device_xname(sc->sc_dev), bra_option_len); 786 break; 787 case UPGT_BRA_TYPE_DESCR: 788 DPRINTF(1, "%s: UPGT_BRA_TYPE_DESCR len=%d\n", 789 device_xname(sc->sc_dev), bra_option_len); 790 791 struct upgt_fw_bra_descr *descr = 792 (struct upgt_fw_bra_descr *)bra_option->data; 793 794 sc->sc_memaddr_frame_start = 795 le32toh(descr->memaddr_space_start); 796 sc->sc_memaddr_frame_end = 797 le32toh(descr->memaddr_space_end); 798 799 DPRINTF(2, "%s: memory address space start=0x%08x\n", 800 device_xname(sc->sc_dev), 801 sc->sc_memaddr_frame_start); 802 DPRINTF(2, "%s: memory address space end=0x%08x\n", 803 device_xname(sc->sc_dev), 804 sc->sc_memaddr_frame_end); 805 break; 806 case UPGT_BRA_TYPE_END: 807 DPRINTF(1, "%s: UPGT_BRA_TYPE_END len=%d\n", 808 device_xname(sc->sc_dev), bra_option_len); 809 bra_end = 1; 810 break; 811 default: 812 DPRINTF(1, "%s: unknown BRA option len=%d\n", 813 device_xname(sc->sc_dev), bra_option_len); 814 return EIO; 815 } 816 817 /* jump to next BRA option */ 818 offset += sizeof(struct upgt_fw_bra_option) + bra_option_len; 819 } 820 821 DPRINTF(1, "%s: firmware verified\n", device_xname(sc->sc_dev)); 822 823 return 0; 824 } 825 826 static int 827 upgt_fw_load(struct upgt_softc *sc) 828 { 829 struct upgt_data *data_cmd = &sc->cmd_data; 830 struct upgt_data *data_rx = &sc->rx_data; 831 struct upgt_fw_x2_header *x2; 832 const uint8_t start_fwload_cmd[] = { 0x3c, 0x0d }; 833 int offset, bsize, n, i, len; 834 uint32_t crc; 835 836 /* send firmware start load command */ 837 len = sizeof(start_fwload_cmd); 838 memcpy(data_cmd->buf, start_fwload_cmd, len); 839 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 840 aprint_error_dev(sc->sc_dev, 841 "could not send start_firmware_load command\n"); 842 return EIO; 843 } 844 845 /* send X2 header */ 846 len = sizeof(struct upgt_fw_x2_header); 847 x2 = (struct upgt_fw_x2_header *)data_cmd->buf; 848 memcpy(x2->signature, UPGT_X2_SIGNATURE, UPGT_X2_SIGNATURE_SIZE); 849 x2->startaddr = htole32(UPGT_MEMADDR_FIRMWARE_START); 850 x2->len = htole32(sc->sc_fw_size); 851 x2->crc = upgt_crc32_le(data_cmd->buf + UPGT_X2_SIGNATURE_SIZE, 852 sizeof(struct upgt_fw_x2_header) - UPGT_X2_SIGNATURE_SIZE - 853 sizeof(uint32_t)); 854 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 855 aprint_error_dev(sc->sc_dev, 856 "could not send firmware X2 header\n"); 857 return EIO; 858 } 859 860 /* download firmware */ 861 for (offset = 0; offset < sc->sc_fw_size; offset += bsize) { 862 if (sc->sc_fw_size - offset > UPGT_FW_BLOCK_SIZE) 863 bsize = UPGT_FW_BLOCK_SIZE; 864 else 865 bsize = sc->sc_fw_size - offset; 866 867 n = upgt_fw_copy(sc->sc_fw + offset, data_cmd->buf, bsize); 868 869 DPRINTF(1, "%s: FW offset=%d, read=%d, sent=%d\n", 870 device_xname(sc->sc_dev), offset, n, bsize); 871 872 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &bsize, 0) 873 != 0) { 874 aprint_error_dev(sc->sc_dev, 875 "error while downloading firmware block\n"); 876 return EIO; 877 } 878 879 bsize = n; 880 } 881 DPRINTF(1, "%s: firmware downloaded\n", device_xname(sc->sc_dev)); 882 883 /* load firmware */ 884 crc = upgt_crc32_le(sc->sc_fw, sc->sc_fw_size); 885 *((uint32_t *)(data_cmd->buf) ) = crc; 886 *((uint8_t *)(data_cmd->buf) + 4) = 'g'; 887 *((uint8_t *)(data_cmd->buf) + 5) = '\r'; 888 len = 6; 889 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 890 aprint_error_dev(sc->sc_dev, 891 "could not send load_firmware command\n"); 892 return EIO; 893 } 894 895 for (i = 0; i < UPGT_FIRMWARE_TIMEOUT; i++) { 896 len = UPGT_FW_BLOCK_SIZE; 897 memset(data_rx->buf, 0, 2); 898 if (upgt_bulk_xmit(sc, data_rx, sc->sc_rx_pipeh, &len, 899 USBD_SHORT_XFER_OK) != 0) { 900 aprint_error_dev(sc->sc_dev, 901 "could not read firmware response\n"); 902 return EIO; 903 } 904 905 if (memcmp(data_rx->buf, "OK", 2) == 0) 906 break; /* firmware load was successful */ 907 } 908 if (i == UPGT_FIRMWARE_TIMEOUT) { 909 aprint_error_dev(sc->sc_dev, "firmware load failed\n"); 910 return EIO; 911 } 912 DPRINTF(1, "%s: firmware loaded\n", device_xname(sc->sc_dev)); 913 914 return 0; 915 } 916 917 /* 918 * While copying the version 2 firmware, we need to replace two characters: 919 * 920 * 0x7e -> 0x7d 0x5e 921 * 0x7d -> 0x7d 0x5d 922 */ 923 static int 924 upgt_fw_copy(char *src, char *dst, int size) 925 { 926 int i, j; 927 928 for (i = 0, j = 0; i < size && j < size; i++) { 929 switch (src[i]) { 930 case 0x7e: 931 dst[j] = 0x7d; 932 j++; 933 dst[j] = 0x5e; 934 j++; 935 break; 936 case 0x7d: 937 dst[j] = 0x7d; 938 j++; 939 dst[j] = 0x5d; 940 j++; 941 break; 942 default: 943 dst[j] = src[i]; 944 j++; 945 break; 946 } 947 } 948 949 return i; 950 } 951 952 static int 953 upgt_eeprom_read(struct upgt_softc *sc) 954 { 955 struct upgt_data *data_cmd = &sc->cmd_data; 956 struct upgt_lmac_mem *mem; 957 struct upgt_lmac_eeprom *eeprom; 958 int offset, block, len; 959 960 offset = 0; 961 block = UPGT_EEPROM_BLOCK_SIZE; 962 while (offset < UPGT_EEPROM_SIZE) { 963 DPRINTF(1, "%s: request EEPROM block (offset=%d, len=%d)\n", 964 device_xname(sc->sc_dev), offset, block); 965 966 /* 967 * Transmit the URB containing the CMD data. 968 */ 969 len = sizeof(*mem) + sizeof(*eeprom) + block; 970 971 memset(data_cmd->buf, 0, len); 972 973 mem = (struct upgt_lmac_mem *)data_cmd->buf; 974 mem->addr = htole32(sc->sc_memaddr_frame_start + 975 UPGT_MEMSIZE_FRAME_HEAD); 976 977 eeprom = (struct upgt_lmac_eeprom *)(mem + 1); 978 eeprom->header1.flags = 0; 979 eeprom->header1.type = UPGT_H1_TYPE_CTRL; 980 eeprom->header1.len = htole16(( 981 sizeof(struct upgt_lmac_eeprom) - 982 sizeof(struct upgt_lmac_header)) + block); 983 984 eeprom->header2.reqid = htole32(sc->sc_memaddr_frame_start); 985 eeprom->header2.type = htole16(UPGT_H2_TYPE_EEPROM); 986 eeprom->header2.flags = 0; 987 988 eeprom->offset = htole16(offset); 989 eeprom->len = htole16(block); 990 991 mem->chksum = upgt_chksum_le((uint32_t *)eeprom, 992 len - sizeof(*mem)); 993 994 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 995 USBD_FORCE_SHORT_XFER) != 0) { 996 aprint_error_dev(sc->sc_dev, 997 "could not transmit EEPROM data URB\n"); 998 return EIO; 999 } 1000 if (tsleep(sc, 0, "eeprom_request", UPGT_USB_TIMEOUT)) { 1001 aprint_error_dev(sc->sc_dev, 1002 "timeout while waiting for EEPROM data\n"); 1003 return EIO; 1004 } 1005 1006 offset += block; 1007 if (UPGT_EEPROM_SIZE - offset < block) 1008 block = UPGT_EEPROM_SIZE - offset; 1009 } 1010 1011 return 0; 1012 } 1013 1014 static int 1015 upgt_eeprom_parse(struct upgt_softc *sc) 1016 { 1017 struct ieee80211com *ic = &sc->sc_ic; 1018 struct upgt_eeprom_header *eeprom_header; 1019 struct upgt_eeprom_option *eeprom_option; 1020 uint16_t option_len; 1021 uint16_t option_type; 1022 uint16_t preamble_len; 1023 int option_end = 0; 1024 1025 /* calculate eeprom options start offset */ 1026 eeprom_header = (struct upgt_eeprom_header *)sc->sc_eeprom; 1027 preamble_len = le16toh(eeprom_header->preamble_len); 1028 eeprom_option = (struct upgt_eeprom_option *)(sc->sc_eeprom + 1029 (sizeof(struct upgt_eeprom_header) + preamble_len)); 1030 1031 while (!option_end) { 1032 /* the eeprom option length is stored in words */ 1033 option_len = 1034 (le16toh(eeprom_option->len) - 1) * sizeof(uint16_t); 1035 option_type = 1036 le16toh(eeprom_option->type); 1037 1038 switch (option_type) { 1039 case UPGT_EEPROM_TYPE_NAME: 1040 DPRINTF(1, "%s: EEPROM name len=%d\n", 1041 device_xname(sc->sc_dev), option_len); 1042 break; 1043 case UPGT_EEPROM_TYPE_SERIAL: 1044 DPRINTF(1, "%s: EEPROM serial len=%d\n", 1045 device_xname(sc->sc_dev), option_len); 1046 break; 1047 case UPGT_EEPROM_TYPE_MAC: 1048 DPRINTF(1, "%s: EEPROM mac len=%d\n", 1049 device_xname(sc->sc_dev), option_len); 1050 1051 IEEE80211_ADDR_COPY(ic->ic_myaddr, eeprom_option->data); 1052 break; 1053 case UPGT_EEPROM_TYPE_HWRX: 1054 DPRINTF(1, "%s: EEPROM hwrx len=%d\n", 1055 device_xname(sc->sc_dev), option_len); 1056 1057 upgt_eeprom_parse_hwrx(sc, eeprom_option->data); 1058 break; 1059 case UPGT_EEPROM_TYPE_CHIP: 1060 DPRINTF(1, "%s: EEPROM chip len=%d\n", 1061 device_xname(sc->sc_dev), option_len); 1062 break; 1063 case UPGT_EEPROM_TYPE_FREQ3: 1064 DPRINTF(1, "%s: EEPROM freq3 len=%d\n", 1065 device_xname(sc->sc_dev), option_len); 1066 1067 upgt_eeprom_parse_freq3(sc, eeprom_option->data, 1068 option_len); 1069 break; 1070 case UPGT_EEPROM_TYPE_FREQ4: 1071 DPRINTF(1, "%s: EEPROM freq4 len=%d\n", 1072 device_xname(sc->sc_dev), option_len); 1073 1074 upgt_eeprom_parse_freq4(sc, eeprom_option->data, 1075 option_len); 1076 break; 1077 case UPGT_EEPROM_TYPE_FREQ5: 1078 DPRINTF(1, "%s: EEPROM freq5 len=%d\n", 1079 device_xname(sc->sc_dev), option_len); 1080 break; 1081 case UPGT_EEPROM_TYPE_FREQ6: 1082 DPRINTF(1, "%s: EEPROM freq6 len=%d\n", 1083 device_xname(sc->sc_dev), option_len); 1084 1085 upgt_eeprom_parse_freq6(sc, eeprom_option->data, 1086 option_len); 1087 break; 1088 case UPGT_EEPROM_TYPE_END: 1089 DPRINTF(1, "%s: EEPROM end len=%d\n", 1090 device_xname(sc->sc_dev), option_len); 1091 option_end = 1; 1092 break; 1093 case UPGT_EEPROM_TYPE_OFF: 1094 DPRINTF(1, "%s: EEPROM off without end option\n", 1095 device_xname(sc->sc_dev)); 1096 return EIO; 1097 default: 1098 DPRINTF(1, "%s: EEPROM unknown type 0x%04x len=%d\n", 1099 device_xname(sc->sc_dev), option_type, option_len); 1100 break; 1101 } 1102 1103 /* jump to next EEPROM option */ 1104 eeprom_option = (struct upgt_eeprom_option *) 1105 (eeprom_option->data + option_len); 1106 } 1107 1108 return 0; 1109 } 1110 1111 static void 1112 upgt_eeprom_parse_hwrx(struct upgt_softc *sc, uint8_t *data) 1113 { 1114 struct upgt_eeprom_option_hwrx *option_hwrx; 1115 1116 option_hwrx = (struct upgt_eeprom_option_hwrx *)data; 1117 1118 sc->sc_eeprom_hwrx = option_hwrx->rxfilter - UPGT_EEPROM_RX_CONST; 1119 1120 DPRINTF(2, "%s: hwrx option value=0x%04x\n", 1121 device_xname(sc->sc_dev), sc->sc_eeprom_hwrx); 1122 } 1123 1124 static void 1125 upgt_eeprom_parse_freq3(struct upgt_softc *sc, uint8_t *data, int len) 1126 { 1127 struct upgt_eeprom_freq3_header *freq3_header; 1128 struct upgt_lmac_freq3 *freq3; 1129 int i, elements, flags; 1130 unsigned channel; 1131 1132 freq3_header = (struct upgt_eeprom_freq3_header *)data; 1133 freq3 = (struct upgt_lmac_freq3 *)(freq3_header + 1); 1134 1135 flags = freq3_header->flags; 1136 elements = freq3_header->elements; 1137 1138 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1139 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1140 __USE(flags); 1141 1142 for (i = 0; i < elements; i++) { 1143 channel = ieee80211_mhz2ieee(le16toh(freq3[i].freq), 0); 1144 1145 sc->sc_eeprom_freq3[channel] = freq3[i]; 1146 1147 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1148 device_xname(sc->sc_dev), 1149 le16toh(sc->sc_eeprom_freq3[channel].freq), channel); 1150 } 1151 } 1152 1153 static void 1154 upgt_eeprom_parse_freq4(struct upgt_softc *sc, uint8_t *data, int len) 1155 { 1156 struct upgt_eeprom_freq4_header *freq4_header; 1157 struct upgt_eeprom_freq4_1 *freq4_1; 1158 struct upgt_eeprom_freq4_2 *freq4_2; 1159 int i, j, elements, settings, flags; 1160 unsigned channel; 1161 1162 freq4_header = (struct upgt_eeprom_freq4_header *)data; 1163 freq4_1 = (struct upgt_eeprom_freq4_1 *)(freq4_header + 1); 1164 1165 flags = freq4_header->flags; 1166 elements = freq4_header->elements; 1167 settings = freq4_header->settings; 1168 1169 /* we need this value later */ 1170 sc->sc_eeprom_freq6_settings = freq4_header->settings; 1171 1172 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1173 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1174 DPRINTF(2, "%s: settings=%d\n", device_xname(sc->sc_dev), settings); 1175 __USE(flags); 1176 1177 for (i = 0; i < elements; i++) { 1178 channel = ieee80211_mhz2ieee(le16toh(freq4_1[i].freq), 0); 1179 1180 freq4_2 = (struct upgt_eeprom_freq4_2 *)freq4_1[i].data; 1181 1182 for (j = 0; j < settings; j++) { 1183 sc->sc_eeprom_freq4[channel][j].cmd = freq4_2[j]; 1184 sc->sc_eeprom_freq4[channel][j].pad = 0; 1185 } 1186 1187 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1188 device_xname(sc->sc_dev), 1189 le16toh(freq4_1[i].freq), channel); 1190 } 1191 } 1192 1193 static void 1194 upgt_eeprom_parse_freq6(struct upgt_softc *sc, uint8_t *data, int len) 1195 { 1196 struct upgt_lmac_freq6 *freq6; 1197 int i, elements; 1198 unsigned channel; 1199 1200 freq6 = (struct upgt_lmac_freq6 *)data; 1201 1202 elements = len / sizeof(struct upgt_lmac_freq6); 1203 1204 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1205 1206 for (i = 0; i < elements; i++) { 1207 channel = ieee80211_mhz2ieee(le16toh(freq6[i].freq), 0); 1208 1209 sc->sc_eeprom_freq6[channel] = freq6[i]; 1210 1211 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1212 device_xname(sc->sc_dev), 1213 le16toh(sc->sc_eeprom_freq6[channel].freq), channel); 1214 } 1215 } 1216 1217 static int 1218 upgt_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1219 { 1220 struct upgt_softc *sc = ifp->if_softc; 1221 struct ieee80211com *ic = &sc->sc_ic; 1222 int s, error = 0; 1223 1224 s = splnet(); 1225 1226 switch (cmd) { 1227 case SIOCSIFFLAGS: 1228 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1229 break; 1230 if (ifp->if_flags & IFF_UP) { 1231 if ((ifp->if_flags & IFF_RUNNING) == 0) 1232 upgt_init(ifp); 1233 } else { 1234 if (ifp->if_flags & IFF_RUNNING) 1235 upgt_stop(sc); 1236 } 1237 break; 1238 case SIOCADDMULTI: 1239 case SIOCDELMULTI: 1240 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 1241 /* setup multicast filter, etc */ 1242 error = 0; 1243 } 1244 break; 1245 default: 1246 error = ieee80211_ioctl(ic, cmd, data); 1247 break; 1248 } 1249 1250 if (error == ENETRESET) { 1251 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1252 (IFF_UP | IFF_RUNNING)) 1253 upgt_init(ifp); 1254 error = 0; 1255 } 1256 1257 splx(s); 1258 1259 return error; 1260 } 1261 1262 static int 1263 upgt_init(struct ifnet *ifp) 1264 { 1265 struct upgt_softc *sc = ifp->if_softc; 1266 struct ieee80211com *ic = &sc->sc_ic; 1267 1268 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1269 1270 if (ifp->if_flags & IFF_RUNNING) 1271 upgt_stop(sc); 1272 1273 ifp->if_flags |= IFF_RUNNING; 1274 ifp->if_flags &= ~IFF_OACTIVE; 1275 1276 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 1277 1278 /* setup device rates */ 1279 upgt_setup_rates(sc); 1280 1281 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1282 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1283 else 1284 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1285 1286 return 0; 1287 } 1288 1289 static void 1290 upgt_stop(struct upgt_softc *sc) 1291 { 1292 struct ieee80211com *ic = &sc->sc_ic; 1293 struct ifnet *ifp = &sc->sc_if; 1294 1295 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1296 1297 /* device down */ 1298 ifp->if_timer = 0; 1299 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1300 1301 /* change device back to initial state */ 1302 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1303 } 1304 1305 static int 1306 upgt_media_change(struct ifnet *ifp) 1307 { 1308 struct upgt_softc *sc = ifp->if_softc; 1309 int error; 1310 1311 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1312 1313 if ((error = ieee80211_media_change(ifp) != ENETRESET)) 1314 return error; 1315 1316 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1317 (IFF_UP | IFF_RUNNING)) { 1318 /* give pending USB transfers a chance to finish */ 1319 usbd_delay_ms(sc->sc_udev, 100); 1320 upgt_init(ifp); 1321 } 1322 1323 return 0; 1324 } 1325 1326 static void 1327 upgt_newassoc(struct ieee80211_node *ni, int isnew) 1328 { 1329 1330 ni->ni_txrate = 0; 1331 } 1332 1333 static int 1334 upgt_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1335 { 1336 struct upgt_softc *sc = ic->ic_ifp->if_softc; 1337 1338 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 1339 callout_stop(&sc->scan_to); 1340 1341 /* do it in a process context */ 1342 sc->sc_state = nstate; 1343 sc->sc_arg = arg; 1344 usb_add_task(sc->sc_udev, &sc->sc_task_newstate, USB_TASKQ_DRIVER); 1345 1346 return 0; 1347 } 1348 1349 static void 1350 upgt_newstate_task(void *arg) 1351 { 1352 struct upgt_softc *sc = arg; 1353 struct ieee80211com *ic = &sc->sc_ic; 1354 struct ieee80211_node *ni; 1355 unsigned channel; 1356 1357 mutex_enter(&sc->sc_mtx); 1358 1359 switch (sc->sc_state) { 1360 case IEEE80211_S_INIT: 1361 DPRINTF(1, "%s: newstate is IEEE80211_S_INIT\n", 1362 device_xname(sc->sc_dev)); 1363 1364 /* do not accept any frames if the device is down */ 1365 upgt_set_macfilter(sc, IEEE80211_S_INIT); 1366 upgt_set_led(sc, UPGT_LED_OFF); 1367 break; 1368 case IEEE80211_S_SCAN: 1369 DPRINTF(1, "%s: newstate is IEEE80211_S_SCAN\n", 1370 device_xname(sc->sc_dev)); 1371 1372 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1373 upgt_set_channel(sc, channel); 1374 upgt_set_macfilter(sc, IEEE80211_S_SCAN); 1375 callout_schedule(&sc->scan_to, hz / 5); 1376 break; 1377 case IEEE80211_S_AUTH: 1378 DPRINTF(1, "%s: newstate is IEEE80211_S_AUTH\n", 1379 device_xname(sc->sc_dev)); 1380 1381 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1382 upgt_set_channel(sc, channel); 1383 break; 1384 case IEEE80211_S_ASSOC: 1385 DPRINTF(1, "%s: newstate is IEEE80211_S_ASSOC\n", 1386 device_xname(sc->sc_dev)); 1387 1388 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1389 upgt_set_channel(sc, channel); 1390 break; 1391 case IEEE80211_S_RUN: 1392 DPRINTF(1, "%s: newstate is IEEE80211_S_RUN\n", 1393 device_xname(sc->sc_dev)); 1394 1395 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1396 upgt_set_channel(sc, channel); 1397 1398 ni = ic->ic_bss; 1399 1400 /* 1401 * TX rate control is done by the firmware. 1402 * Report the maximum rate which is available therefore. 1403 */ 1404 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 1405 1406 if (ic->ic_opmode != IEEE80211_M_MONITOR) 1407 upgt_set_macfilter(sc, IEEE80211_S_RUN); 1408 upgt_set_led(sc, UPGT_LED_ON); 1409 break; 1410 } 1411 1412 mutex_exit(&sc->sc_mtx); 1413 1414 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 1415 } 1416 1417 static void 1418 upgt_next_scan(void *arg) 1419 { 1420 struct upgt_softc *sc = arg; 1421 struct ieee80211com *ic = &sc->sc_ic; 1422 1423 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1424 1425 if (ic->ic_state == IEEE80211_S_SCAN) 1426 ieee80211_next_scan(ic); 1427 } 1428 1429 static void 1430 upgt_start(struct ifnet *ifp) 1431 { 1432 struct upgt_softc *sc = ifp->if_softc; 1433 struct ieee80211com *ic = &sc->sc_ic; 1434 struct ether_header *eh; 1435 struct ieee80211_node *ni; 1436 struct mbuf *m; 1437 int i; 1438 1439 /* don't transmit packets if interface is busy or down */ 1440 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1441 return; 1442 1443 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1444 1445 for (i = 0; i < UPGT_TX_COUNT; i++) { 1446 struct upgt_data *data_tx = &sc->tx_data[i]; 1447 1448 if (data_tx->m != NULL) 1449 continue; 1450 1451 IF_POLL(&ic->ic_mgtq, m); 1452 if (m != NULL) { 1453 /* management frame */ 1454 IF_DEQUEUE(&ic->ic_mgtq, m); 1455 1456 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 1457 m->m_pkthdr.rcvif = NULL; 1458 1459 bpf_mtap3(ic->ic_rawbpf, m); 1460 1461 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1462 aprint_error_dev(sc->sc_dev, 1463 "no free prism memory\n"); 1464 m_freem(m); 1465 ifp->if_oerrors++; 1466 break; 1467 } 1468 data_tx->ni = ni; 1469 data_tx->m = m; 1470 sc->tx_queued++; 1471 } else { 1472 /* data frame */ 1473 if (ic->ic_state != IEEE80211_S_RUN) 1474 break; 1475 1476 IFQ_POLL(&ifp->if_snd, m); 1477 if (m == NULL) 1478 break; 1479 1480 IFQ_DEQUEUE(&ifp->if_snd, m); 1481 if (m->m_len < sizeof(struct ether_header) && 1482 !(m = m_pullup(m, sizeof(struct ether_header)))) 1483 continue; 1484 1485 eh = mtod(m, struct ether_header *); 1486 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 1487 if (ni == NULL) { 1488 m_freem(m); 1489 continue; 1490 } 1491 1492 bpf_mtap(ifp, m); 1493 1494 m = ieee80211_encap(ic, m, ni); 1495 if (m == NULL) { 1496 ieee80211_free_node(ni); 1497 continue; 1498 } 1499 1500 bpf_mtap3(ic->ic_rawbpf, m); 1501 1502 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1503 aprint_error_dev(sc->sc_dev, 1504 "no free prism memory\n"); 1505 m_freem(m); 1506 ieee80211_free_node(ni); 1507 ifp->if_oerrors++; 1508 break; 1509 } 1510 data_tx->ni = ni; 1511 data_tx->m = m; 1512 sc->tx_queued++; 1513 } 1514 } 1515 1516 if (sc->tx_queued > 0) { 1517 DPRINTF(2, "%s: tx_queued=%d\n", 1518 device_xname(sc->sc_dev), sc->tx_queued); 1519 /* process the TX queue in process context */ 1520 ifp->if_timer = 5; 1521 ifp->if_flags |= IFF_OACTIVE; 1522 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 1523 usb_add_task(sc->sc_udev, &sc->sc_task_tx, USB_TASKQ_DRIVER); 1524 } 1525 } 1526 1527 static void 1528 upgt_watchdog(struct ifnet *ifp) 1529 { 1530 struct upgt_softc *sc = ifp->if_softc; 1531 struct ieee80211com *ic = &sc->sc_ic; 1532 1533 if (ic->ic_state == IEEE80211_S_INIT) 1534 return; 1535 1536 aprint_error_dev(sc->sc_dev, "watchdog timeout\n"); 1537 1538 /* TODO: what shall we do on TX timeout? */ 1539 1540 ieee80211_watchdog(ic); 1541 } 1542 1543 static void 1544 upgt_tx_task(void *arg) 1545 { 1546 struct upgt_softc *sc = arg; 1547 struct ieee80211com *ic = &sc->sc_ic; 1548 struct ieee80211_frame *wh; 1549 struct ieee80211_key *k; 1550 struct ifnet *ifp = &sc->sc_if; 1551 struct upgt_lmac_mem *mem; 1552 struct upgt_lmac_tx_desc *txdesc; 1553 struct mbuf *m; 1554 uint32_t addr; 1555 int i, len, pad, s; 1556 usbd_status error; 1557 1558 mutex_enter(&sc->sc_mtx); 1559 upgt_set_led(sc, UPGT_LED_BLINK); 1560 mutex_exit(&sc->sc_mtx); 1561 1562 s = splnet(); 1563 1564 for (i = 0; i < UPGT_TX_COUNT; i++) { 1565 struct upgt_data *data_tx = &sc->tx_data[i]; 1566 1567 if (data_tx->m == NULL) 1568 continue; 1569 1570 m = data_tx->m; 1571 addr = data_tx->addr + UPGT_MEMSIZE_FRAME_HEAD; 1572 1573 /* 1574 * Software crypto. 1575 */ 1576 wh = mtod(m, struct ieee80211_frame *); 1577 1578 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1579 k = ieee80211_crypto_encap(ic, data_tx->ni, m); 1580 if (k == NULL) { 1581 m_freem(m); 1582 data_tx->m = NULL; 1583 ieee80211_free_node(data_tx->ni); 1584 data_tx->ni = NULL; 1585 ifp->if_oerrors++; 1586 break; 1587 } 1588 1589 /* in case packet header moved, reset pointer */ 1590 wh = mtod(m, struct ieee80211_frame *); 1591 } 1592 1593 /* 1594 * Transmit the URB containing the TX data. 1595 */ 1596 memset(data_tx->buf, 0, sizeof(*mem) + sizeof(*txdesc)); 1597 1598 mem = (struct upgt_lmac_mem *)data_tx->buf; 1599 mem->addr = htole32(addr); 1600 1601 txdesc = (struct upgt_lmac_tx_desc *)(mem + 1); 1602 1603 /* XXX differ between data and mgmt frames? */ 1604 txdesc->header1.flags = UPGT_H1_FLAGS_TX_DATA; 1605 txdesc->header1.type = UPGT_H1_TYPE_TX_DATA; 1606 txdesc->header1.len = htole16(m->m_pkthdr.len); 1607 1608 txdesc->header2.reqid = htole32(data_tx->addr); 1609 txdesc->header2.type = htole16(UPGT_H2_TYPE_TX_ACK_YES); 1610 txdesc->header2.flags = htole16(UPGT_H2_FLAGS_TX_ACK_YES); 1611 1612 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1613 IEEE80211_FC0_TYPE_MGT) { 1614 /* always send mgmt frames at lowest rate (DS1) */ 1615 memset(txdesc->rates, 0x10, sizeof(txdesc->rates)); 1616 } else { 1617 memcpy(txdesc->rates, sc->sc_cur_rateset, 1618 sizeof(txdesc->rates)); 1619 } 1620 txdesc->type = htole32(UPGT_TX_DESC_TYPE_DATA); 1621 txdesc->pad3[0] = UPGT_TX_DESC_PAD3_SIZE; 1622 1623 if (sc->sc_drvbpf != NULL) { 1624 struct upgt_tx_radiotap_header *tap = &sc->sc_txtap; 1625 1626 tap->wt_flags = 0; 1627 tap->wt_rate = 0; /* TODO: where to get from? */ 1628 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 1629 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 1630 1631 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m); 1632 } 1633 1634 /* copy frame below our TX descriptor header */ 1635 m_copydata(m, 0, m->m_pkthdr.len, 1636 data_tx->buf + sizeof(*mem) + sizeof(*txdesc)); 1637 1638 /* calculate frame size */ 1639 len = sizeof(*mem) + sizeof(*txdesc) + m->m_pkthdr.len; 1640 1641 if (len & 3) { 1642 /* we need to align the frame to a 4 byte boundary */ 1643 pad = 4 - (len & 3); 1644 memset(data_tx->buf + len, 0, pad); 1645 len += pad; 1646 } 1647 1648 /* calculate frame checksum */ 1649 mem->chksum = upgt_chksum_le((uint32_t *)txdesc, 1650 len - sizeof(*mem)); 1651 1652 /* we do not need the mbuf anymore */ 1653 m_freem(m); 1654 data_tx->m = NULL; 1655 1656 ieee80211_free_node(data_tx->ni); 1657 data_tx->ni = NULL; 1658 1659 DPRINTF(2, "%s: TX start data sending\n", 1660 device_xname(sc->sc_dev)); 1661 1662 usbd_setup_xfer(data_tx->xfer, sc->sc_tx_pipeh, data_tx, 1663 data_tx->buf, len, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 1664 UPGT_USB_TIMEOUT, NULL); 1665 error = usbd_transfer(data_tx->xfer); 1666 if (error != USBD_NORMAL_COMPLETION && 1667 error != USBD_IN_PROGRESS) { 1668 aprint_error_dev(sc->sc_dev, 1669 "could not transmit TX data URB\n"); 1670 ifp->if_oerrors++; 1671 break; 1672 } 1673 1674 DPRINTF(2, "%s: TX sent (%d bytes)\n", 1675 device_xname(sc->sc_dev), len); 1676 } 1677 1678 splx(s); 1679 1680 /* 1681 * If we don't regulary read the device statistics, the RX queue 1682 * will stall. It's strange, but it works, so we keep reading 1683 * the statistics here. *shrug* 1684 */ 1685 mutex_enter(&sc->sc_mtx); 1686 upgt_get_stats(sc); 1687 mutex_exit(&sc->sc_mtx); 1688 } 1689 1690 static void 1691 upgt_tx_done(struct upgt_softc *sc, uint8_t *data) 1692 { 1693 struct ifnet *ifp = &sc->sc_if; 1694 struct upgt_lmac_tx_done_desc *desc; 1695 int i, s; 1696 1697 s = splnet(); 1698 1699 desc = (struct upgt_lmac_tx_done_desc *)data; 1700 1701 for (i = 0; i < UPGT_TX_COUNT; i++) { 1702 struct upgt_data *data_tx = &sc->tx_data[i]; 1703 1704 if (data_tx->addr == le32toh(desc->header2.reqid)) { 1705 upgt_mem_free(sc, data_tx->addr); 1706 data_tx->addr = 0; 1707 1708 sc->tx_queued--; 1709 ifp->if_opackets++; 1710 1711 DPRINTF(2, "%s: TX done: ", device_xname(sc->sc_dev)); 1712 DPRINTF(2, "memaddr=0x%08x, status=0x%04x, rssi=%d, ", 1713 le32toh(desc->header2.reqid), 1714 le16toh(desc->status), 1715 le16toh(desc->rssi)); 1716 DPRINTF(2, "seq=%d\n", le16toh(desc->seq)); 1717 break; 1718 } 1719 } 1720 1721 if (sc->tx_queued == 0) { 1722 /* TX queued was processed, continue */ 1723 ifp->if_timer = 0; 1724 ifp->if_flags &= ~IFF_OACTIVE; 1725 upgt_start(ifp); 1726 } 1727 1728 splx(s); 1729 } 1730 1731 static void 1732 upgt_rx_cb(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status) 1733 { 1734 struct upgt_data *data_rx = priv; 1735 struct upgt_softc *sc = data_rx->sc; 1736 int len; 1737 struct upgt_lmac_header *header; 1738 struct upgt_lmac_eeprom *eeprom; 1739 uint8_t h1_type; 1740 uint16_t h2_type; 1741 1742 DPRINTF(3, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1743 1744 if (status != USBD_NORMAL_COMPLETION) { 1745 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1746 return; 1747 if (status == USBD_STALLED) 1748 usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh); 1749 goto skip; 1750 } 1751 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1752 1753 /* 1754 * Check what type of frame came in. 1755 */ 1756 header = (struct upgt_lmac_header *)(data_rx->buf + 4); 1757 1758 h1_type = header->header1.type; 1759 h2_type = le16toh(header->header2.type); 1760 1761 if (h1_type == UPGT_H1_TYPE_CTRL && 1762 h2_type == UPGT_H2_TYPE_EEPROM) { 1763 eeprom = (struct upgt_lmac_eeprom *)(data_rx->buf + 4); 1764 uint16_t eeprom_offset = le16toh(eeprom->offset); 1765 uint16_t eeprom_len = le16toh(eeprom->len); 1766 1767 DPRINTF(2, "%s: received EEPROM block (offset=%d, len=%d)\n", 1768 device_xname(sc->sc_dev), eeprom_offset, eeprom_len); 1769 1770 memcpy(sc->sc_eeprom + eeprom_offset, 1771 data_rx->buf + sizeof(struct upgt_lmac_eeprom) + 4, 1772 eeprom_len); 1773 1774 /* EEPROM data has arrived in time, wakeup tsleep() */ 1775 wakeup(sc); 1776 } else 1777 if (h1_type == UPGT_H1_TYPE_CTRL && 1778 h2_type == UPGT_H2_TYPE_TX_DONE) { 1779 DPRINTF(2, "%s: received 802.11 TX done\n", 1780 device_xname(sc->sc_dev)); 1781 1782 upgt_tx_done(sc, data_rx->buf + 4); 1783 } else 1784 if (h1_type == UPGT_H1_TYPE_RX_DATA || 1785 h1_type == UPGT_H1_TYPE_RX_DATA_MGMT) { 1786 DPRINTF(3, "%s: received 802.11 RX data\n", 1787 device_xname(sc->sc_dev)); 1788 1789 upgt_rx(sc, data_rx->buf + 4, le16toh(header->header1.len)); 1790 } else 1791 if (h1_type == UPGT_H1_TYPE_CTRL && 1792 h2_type == UPGT_H2_TYPE_STATS) { 1793 DPRINTF(2, "%s: received statistic data\n", 1794 device_xname(sc->sc_dev)); 1795 1796 /* TODO: what could we do with the statistic data? */ 1797 } else { 1798 /* ignore unknown frame types */ 1799 DPRINTF(1, "%s: received unknown frame type 0x%02x\n", 1800 device_xname(sc->sc_dev), header->header1.type); 1801 } 1802 1803 skip: /* setup new transfer */ 1804 usbd_setup_xfer(xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, MCLBYTES, 1805 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 1806 (void)usbd_transfer(xfer); 1807 } 1808 1809 static void 1810 upgt_rx(struct upgt_softc *sc, uint8_t *data, int pkglen) 1811 { 1812 struct ieee80211com *ic = &sc->sc_ic; 1813 struct ifnet *ifp = &sc->sc_if; 1814 struct upgt_lmac_rx_desc *rxdesc; 1815 struct ieee80211_frame *wh; 1816 struct ieee80211_node *ni; 1817 struct mbuf *m; 1818 int s; 1819 1820 /* access RX packet descriptor */ 1821 rxdesc = (struct upgt_lmac_rx_desc *)data; 1822 1823 /* create mbuf which is suitable for strict alignment archs */ 1824 #define ETHER_ALIGN 0 1825 m = m_devget(rxdesc->data, pkglen, ETHER_ALIGN, ifp, NULL); 1826 if (m == NULL) { 1827 DPRINTF(1, "%s: could not create RX mbuf\n", 1828 device_xname(sc->sc_dev)); 1829 ifp->if_ierrors++; 1830 return; 1831 } 1832 1833 s = splnet(); 1834 1835 if (sc->sc_drvbpf != NULL) { 1836 struct upgt_rx_radiotap_header *tap = &sc->sc_rxtap; 1837 1838 tap->wr_flags = IEEE80211_RADIOTAP_F_FCS; 1839 tap->wr_rate = upgt_rx_rate(sc, rxdesc->rate); 1840 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 1841 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 1842 tap->wr_antsignal = rxdesc->rssi; 1843 1844 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1845 } 1846 1847 /* trim FCS */ 1848 m_adj(m, -IEEE80211_CRC_LEN); 1849 1850 wh = mtod(m, struct ieee80211_frame *); 1851 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1852 1853 /* push the frame up to the 802.11 stack */ 1854 ieee80211_input(ic, m, ni, rxdesc->rssi, 0); 1855 1856 /* node is no longer needed */ 1857 ieee80211_free_node(ni); 1858 1859 splx(s); 1860 1861 DPRINTF(3, "%s: RX done\n", device_xname(sc->sc_dev)); 1862 } 1863 1864 static void 1865 upgt_setup_rates(struct upgt_softc *sc) 1866 { 1867 struct ieee80211com *ic = &sc->sc_ic; 1868 1869 /* 1870 * 0x01 = OFMD6 0x10 = DS1 1871 * 0x04 = OFDM9 0x11 = DS2 1872 * 0x06 = OFDM12 0x12 = DS5 1873 * 0x07 = OFDM18 0x13 = DS11 1874 * 0x08 = OFDM24 1875 * 0x09 = OFDM36 1876 * 0x0a = OFDM48 1877 * 0x0b = OFDM54 1878 */ 1879 const uint8_t rateset_auto_11b[] = 1880 { 0x13, 0x13, 0x12, 0x11, 0x11, 0x10, 0x10, 0x10 }; 1881 const uint8_t rateset_auto_11g[] = 1882 { 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x04, 0x01 }; 1883 const uint8_t rateset_fix_11bg[] = 1884 { 0x10, 0x11, 0x12, 0x13, 0x01, 0x04, 0x06, 0x07, 1885 0x08, 0x09, 0x0a, 0x0b }; 1886 1887 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1888 /* 1889 * Automatic rate control is done by the device. 1890 * We just pass the rateset from which the device 1891 * will pickup a rate. 1892 */ 1893 if (ic->ic_curmode == IEEE80211_MODE_11B) 1894 memcpy(sc->sc_cur_rateset, rateset_auto_11b, 1895 sizeof(sc->sc_cur_rateset)); 1896 if (ic->ic_curmode == IEEE80211_MODE_11G || 1897 ic->ic_curmode == IEEE80211_MODE_AUTO) 1898 memcpy(sc->sc_cur_rateset, rateset_auto_11g, 1899 sizeof(sc->sc_cur_rateset)); 1900 } else { 1901 /* set a fixed rate */ 1902 memset(sc->sc_cur_rateset, rateset_fix_11bg[ic->ic_fixed_rate], 1903 sizeof(sc->sc_cur_rateset)); 1904 } 1905 } 1906 1907 static uint8_t 1908 upgt_rx_rate(struct upgt_softc *sc, const int rate) 1909 { 1910 struct ieee80211com *ic = &sc->sc_ic; 1911 1912 if (ic->ic_curmode == IEEE80211_MODE_11B) { 1913 if (rate < 0 || rate > 3) 1914 /* invalid rate */ 1915 return 0; 1916 1917 switch (rate) { 1918 case 0: 1919 return 2; 1920 case 1: 1921 return 4; 1922 case 2: 1923 return 11; 1924 case 3: 1925 return 22; 1926 default: 1927 return 0; 1928 } 1929 } 1930 1931 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1932 if (rate < 0 || rate > 11) 1933 /* invalid rate */ 1934 return 0; 1935 1936 switch (rate) { 1937 case 0: 1938 return 2; 1939 case 1: 1940 return 4; 1941 case 2: 1942 return 11; 1943 case 3: 1944 return 22; 1945 case 4: 1946 return 12; 1947 case 5: 1948 return 18; 1949 case 6: 1950 return 24; 1951 case 7: 1952 return 36; 1953 case 8: 1954 return 48; 1955 case 9: 1956 return 72; 1957 case 10: 1958 return 96; 1959 case 11: 1960 return 108; 1961 default: 1962 return 0; 1963 } 1964 } 1965 1966 return 0; 1967 } 1968 1969 static int 1970 upgt_set_macfilter(struct upgt_softc *sc, uint8_t state) 1971 { 1972 struct ieee80211com *ic = &sc->sc_ic; 1973 struct ieee80211_node *ni = ic->ic_bss; 1974 struct upgt_data *data_cmd = &sc->cmd_data; 1975 struct upgt_lmac_mem *mem; 1976 struct upgt_lmac_filter *filter; 1977 int len; 1978 const uint8_t broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1979 1980 /* 1981 * Transmit the URB containing the CMD data. 1982 */ 1983 len = sizeof(*mem) + sizeof(*filter); 1984 1985 memset(data_cmd->buf, 0, len); 1986 1987 mem = (struct upgt_lmac_mem *)data_cmd->buf; 1988 mem->addr = htole32(sc->sc_memaddr_frame_start + 1989 UPGT_MEMSIZE_FRAME_HEAD); 1990 1991 filter = (struct upgt_lmac_filter *)(mem + 1); 1992 1993 filter->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 1994 filter->header1.type = UPGT_H1_TYPE_CTRL; 1995 filter->header1.len = htole16( 1996 sizeof(struct upgt_lmac_filter) - 1997 sizeof(struct upgt_lmac_header)); 1998 1999 filter->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2000 filter->header2.type = htole16(UPGT_H2_TYPE_MACFILTER); 2001 filter->header2.flags = 0; 2002 2003 switch (state) { 2004 case IEEE80211_S_INIT: 2005 DPRINTF(1, "%s: set MAC filter to INIT\n", 2006 device_xname(sc->sc_dev)); 2007 2008 filter->type = htole16(UPGT_FILTER_TYPE_RESET); 2009 break; 2010 case IEEE80211_S_SCAN: 2011 DPRINTF(1, "%s: set MAC filter to SCAN (bssid %s)\n", 2012 device_xname(sc->sc_dev), ether_sprintf(broadcast)); 2013 2014 filter->type = htole16(UPGT_FILTER_TYPE_NONE); 2015 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2016 IEEE80211_ADDR_COPY(filter->src, broadcast); 2017 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2018 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2019 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2020 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2021 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2022 break; 2023 case IEEE80211_S_RUN: 2024 DPRINTF(1, "%s: set MAC filter to RUN (bssid %s)\n", 2025 device_xname(sc->sc_dev), ether_sprintf(ni->ni_bssid)); 2026 2027 filter->type = htole16(UPGT_FILTER_TYPE_STA); 2028 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2029 IEEE80211_ADDR_COPY(filter->src, ni->ni_bssid); 2030 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2031 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2032 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2033 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2034 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2035 break; 2036 default: 2037 aprint_error_dev(sc->sc_dev, 2038 "MAC filter does not know that state\n"); 2039 break; 2040 } 2041 2042 mem->chksum = upgt_chksum_le((uint32_t *)filter, sizeof(*filter)); 2043 2044 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2045 aprint_error_dev(sc->sc_dev, 2046 "could not transmit macfilter CMD data URB\n"); 2047 return EIO; 2048 } 2049 2050 return 0; 2051 } 2052 2053 static int 2054 upgt_set_channel(struct upgt_softc *sc, unsigned channel) 2055 { 2056 struct upgt_data *data_cmd = &sc->cmd_data; 2057 struct upgt_lmac_mem *mem; 2058 struct upgt_lmac_channel *chan; 2059 int len; 2060 2061 DPRINTF(1, "%s: %s: %d\n", device_xname(sc->sc_dev), __func__, 2062 channel); 2063 2064 /* 2065 * Transmit the URB containing the CMD data. 2066 */ 2067 len = sizeof(*mem) + sizeof(*chan); 2068 2069 memset(data_cmd->buf, 0, len); 2070 2071 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2072 mem->addr = htole32(sc->sc_memaddr_frame_start + 2073 UPGT_MEMSIZE_FRAME_HEAD); 2074 2075 chan = (struct upgt_lmac_channel *)(mem + 1); 2076 2077 chan->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2078 chan->header1.type = UPGT_H1_TYPE_CTRL; 2079 chan->header1.len = htole16( 2080 sizeof(struct upgt_lmac_channel) - 2081 sizeof(struct upgt_lmac_header)); 2082 2083 chan->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2084 chan->header2.type = htole16(UPGT_H2_TYPE_CHANNEL); 2085 chan->header2.flags = 0; 2086 2087 chan->unknown1 = htole16(UPGT_CHANNEL_UNKNOWN1); 2088 chan->unknown2 = htole16(UPGT_CHANNEL_UNKNOWN2); 2089 chan->freq6 = sc->sc_eeprom_freq6[channel]; 2090 chan->settings = sc->sc_eeprom_freq6_settings; 2091 chan->unknown3 = UPGT_CHANNEL_UNKNOWN3; 2092 2093 memcpy(chan->freq3_1, &sc->sc_eeprom_freq3[channel].data, 2094 sizeof(chan->freq3_1)); 2095 2096 memcpy(chan->freq4, &sc->sc_eeprom_freq4[channel], 2097 sizeof(sc->sc_eeprom_freq4[channel])); 2098 2099 memcpy(chan->freq3_2, &sc->sc_eeprom_freq3[channel].data, 2100 sizeof(chan->freq3_2)); 2101 2102 mem->chksum = upgt_chksum_le((uint32_t *)chan, sizeof(*chan)); 2103 2104 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2105 aprint_error_dev(sc->sc_dev, 2106 "could not transmit channel CMD data URB\n"); 2107 return EIO; 2108 } 2109 2110 return 0; 2111 } 2112 2113 static void 2114 upgt_set_led(struct upgt_softc *sc, int action) 2115 { 2116 struct ieee80211com *ic = &sc->sc_ic; 2117 struct upgt_data *data_cmd = &sc->cmd_data; 2118 struct upgt_lmac_mem *mem; 2119 struct upgt_lmac_led *led; 2120 struct timeval t; 2121 int len; 2122 2123 /* 2124 * Transmit the URB containing the CMD data. 2125 */ 2126 len = sizeof(*mem) + sizeof(*led); 2127 2128 memset(data_cmd->buf, 0, len); 2129 2130 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2131 mem->addr = htole32(sc->sc_memaddr_frame_start + 2132 UPGT_MEMSIZE_FRAME_HEAD); 2133 2134 led = (struct upgt_lmac_led *)(mem + 1); 2135 2136 led->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2137 led->header1.type = UPGT_H1_TYPE_CTRL; 2138 led->header1.len = htole16( 2139 sizeof(struct upgt_lmac_led) - 2140 sizeof(struct upgt_lmac_header)); 2141 2142 led->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2143 led->header2.type = htole16(UPGT_H2_TYPE_LED); 2144 led->header2.flags = 0; 2145 2146 switch (action) { 2147 case UPGT_LED_OFF: 2148 led->mode = htole16(UPGT_LED_MODE_SET); 2149 led->action_fix = 0; 2150 led->action_tmp = htole16(UPGT_LED_ACTION_OFF); 2151 led->action_tmp_dur = 0; 2152 break; 2153 case UPGT_LED_ON: 2154 led->mode = htole16(UPGT_LED_MODE_SET); 2155 led->action_fix = 0; 2156 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2157 led->action_tmp_dur = 0; 2158 break; 2159 case UPGT_LED_BLINK: 2160 if (ic->ic_state != IEEE80211_S_RUN) 2161 return; 2162 if (sc->sc_led_blink) 2163 /* previous blink was not finished */ 2164 return; 2165 led->mode = htole16(UPGT_LED_MODE_SET); 2166 led->action_fix = htole16(UPGT_LED_ACTION_OFF); 2167 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2168 led->action_tmp_dur = htole16(UPGT_LED_ACTION_TMP_DUR); 2169 /* lock blink */ 2170 sc->sc_led_blink = 1; 2171 t.tv_sec = 0; 2172 t.tv_usec = UPGT_LED_ACTION_TMP_DUR * 1000L; 2173 callout_schedule(&sc->led_to, tvtohz(&t)); 2174 break; 2175 default: 2176 return; 2177 } 2178 2179 mem->chksum = upgt_chksum_le((uint32_t *)led, sizeof(*led)); 2180 2181 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2182 aprint_error_dev(sc->sc_dev, 2183 "could not transmit led CMD URB\n"); 2184 } 2185 } 2186 2187 static void 2188 upgt_set_led_blink(void *arg) 2189 { 2190 struct upgt_softc *sc = arg; 2191 2192 /* blink finished, we are ready for a next one */ 2193 sc->sc_led_blink = 0; 2194 callout_stop(&sc->led_to); 2195 } 2196 2197 static int 2198 upgt_get_stats(struct upgt_softc *sc) 2199 { 2200 struct upgt_data *data_cmd = &sc->cmd_data; 2201 struct upgt_lmac_mem *mem; 2202 struct upgt_lmac_stats *stats; 2203 int len; 2204 2205 /* 2206 * Transmit the URB containing the CMD data. 2207 */ 2208 len = sizeof(*mem) + sizeof(*stats); 2209 2210 memset(data_cmd->buf, 0, len); 2211 2212 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2213 mem->addr = htole32(sc->sc_memaddr_frame_start + 2214 UPGT_MEMSIZE_FRAME_HEAD); 2215 2216 stats = (struct upgt_lmac_stats *)(mem + 1); 2217 2218 stats->header1.flags = 0; 2219 stats->header1.type = UPGT_H1_TYPE_CTRL; 2220 stats->header1.len = htole16( 2221 sizeof(struct upgt_lmac_stats) - 2222 sizeof(struct upgt_lmac_header)); 2223 2224 stats->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2225 stats->header2.type = htole16(UPGT_H2_TYPE_STATS); 2226 stats->header2.flags = 0; 2227 2228 mem->chksum = upgt_chksum_le((uint32_t *)stats, sizeof(*stats)); 2229 2230 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2231 aprint_error_dev(sc->sc_dev, 2232 "could not transmit statistics CMD data URB\n"); 2233 return EIO; 2234 } 2235 2236 return 0; 2237 2238 } 2239 2240 static int 2241 upgt_alloc_tx(struct upgt_softc *sc) 2242 { 2243 int i; 2244 2245 sc->tx_queued = 0; 2246 2247 for (i = 0; i < UPGT_TX_COUNT; i++) { 2248 struct upgt_data *data_tx = &sc->tx_data[i]; 2249 2250 data_tx->sc = sc; 2251 2252 data_tx->xfer = usbd_alloc_xfer(sc->sc_udev); 2253 if (data_tx->xfer == NULL) { 2254 aprint_error_dev(sc->sc_dev, 2255 "could not allocate TX xfer\n"); 2256 return ENOMEM; 2257 } 2258 2259 data_tx->buf = usbd_alloc_buffer(data_tx->xfer, MCLBYTES); 2260 if (data_tx->buf == NULL) { 2261 aprint_error_dev(sc->sc_dev, 2262 "could not allocate TX buffer\n"); 2263 return ENOMEM; 2264 } 2265 } 2266 2267 return 0; 2268 } 2269 2270 static int 2271 upgt_alloc_rx(struct upgt_softc *sc) 2272 { 2273 struct upgt_data *data_rx = &sc->rx_data; 2274 2275 data_rx->sc = sc; 2276 2277 data_rx->xfer = usbd_alloc_xfer(sc->sc_udev); 2278 if (data_rx->xfer == NULL) { 2279 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2280 return ENOMEM; 2281 } 2282 2283 data_rx->buf = usbd_alloc_buffer(data_rx->xfer, MCLBYTES); 2284 if (data_rx->buf == NULL) { 2285 aprint_error_dev(sc->sc_dev, 2286 "could not allocate RX buffer\n"); 2287 return ENOMEM; 2288 } 2289 2290 return 0; 2291 } 2292 2293 static int 2294 upgt_alloc_cmd(struct upgt_softc *sc) 2295 { 2296 struct upgt_data *data_cmd = &sc->cmd_data; 2297 2298 data_cmd->sc = sc; 2299 2300 data_cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 2301 if (data_cmd->xfer == NULL) { 2302 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2303 return ENOMEM; 2304 } 2305 2306 data_cmd->buf = usbd_alloc_buffer(data_cmd->xfer, MCLBYTES); 2307 if (data_cmd->buf == NULL) { 2308 aprint_error_dev(sc->sc_dev, 2309 "could not allocate RX buffer\n"); 2310 return ENOMEM; 2311 } 2312 2313 mutex_init(&sc->sc_mtx, MUTEX_DEFAULT, IPL_SOFTNET); 2314 2315 return 0; 2316 } 2317 2318 static void 2319 upgt_free_tx(struct upgt_softc *sc) 2320 { 2321 int i; 2322 2323 for (i = 0; i < UPGT_TX_COUNT; i++) { 2324 struct upgt_data *data_tx = &sc->tx_data[i]; 2325 2326 if (data_tx->xfer != NULL) { 2327 usbd_free_xfer(data_tx->xfer); 2328 data_tx->xfer = NULL; 2329 } 2330 2331 data_tx->ni = NULL; 2332 } 2333 } 2334 2335 static void 2336 upgt_free_rx(struct upgt_softc *sc) 2337 { 2338 struct upgt_data *data_rx = &sc->rx_data; 2339 2340 if (data_rx->xfer != NULL) { 2341 usbd_free_xfer(data_rx->xfer); 2342 data_rx->xfer = NULL; 2343 } 2344 2345 data_rx->ni = NULL; 2346 } 2347 2348 static void 2349 upgt_free_cmd(struct upgt_softc *sc) 2350 { 2351 struct upgt_data *data_cmd = &sc->cmd_data; 2352 2353 if (data_cmd->xfer != NULL) { 2354 usbd_free_xfer(data_cmd->xfer); 2355 data_cmd->xfer = NULL; 2356 } 2357 2358 mutex_destroy(&sc->sc_mtx); 2359 } 2360 2361 static int 2362 upgt_bulk_xmit(struct upgt_softc *sc, struct upgt_data *data, 2363 usbd_pipe_handle pipeh, uint32_t *size, int flags) 2364 { 2365 usbd_status status; 2366 2367 status = usbd_bulk_transfer(data->xfer, pipeh, 2368 USBD_NO_COPY | flags, UPGT_USB_TIMEOUT, data->buf, size, 2369 "upgt_bulk_xmit"); 2370 if (status != USBD_NORMAL_COMPLETION) { 2371 aprint_error_dev(sc->sc_dev, "%s: error %s\n", __func__, 2372 usbd_errstr(status)); 2373 return EIO; 2374 } 2375 2376 return 0; 2377 } 2378 2379 #if 0 2380 static void 2381 upgt_hexdump(void *buf, int len) 2382 { 2383 int i; 2384 2385 for (i = 0; i < len; i++) { 2386 if (i % 16 == 0) 2387 printf("%s%5i:", i ? "\n" : "", i); 2388 if (i % 4 == 0) 2389 printf(" "); 2390 printf("%02x", (int)*((uint8_t *)buf + i)); 2391 } 2392 printf("\n"); 2393 } 2394 #endif 2395 2396 static uint32_t 2397 upgt_crc32_le(const void *buf, size_t size) 2398 { 2399 uint32_t crc; 2400 2401 crc = ether_crc32_le(buf, size); 2402 2403 /* apply final XOR value as common for CRC-32 */ 2404 crc = htole32(crc ^ 0xffffffffU); 2405 2406 return crc; 2407 } 2408 2409 /* 2410 * The firmware awaits a checksum for each frame we send to it. 2411 * The algorithm used therefor is uncommon but somehow similar to CRC32. 2412 */ 2413 static uint32_t 2414 upgt_chksum_le(const uint32_t *buf, size_t size) 2415 { 2416 int i; 2417 uint32_t crc = 0; 2418 2419 for (i = 0; i < size; i += sizeof(uint32_t)) { 2420 crc = htole32(crc ^ *buf++); 2421 crc = htole32((crc >> 5) ^ (crc << 3)); 2422 } 2423 2424 return crc; 2425 } 2426
Indexes created Thu Oct 02 14:10:14 GMT 2025