if_upgt.c revision 1.6.2.1
1 /* $NetBSD: if_upgt.c,v 1.6.2.1 2013/02/25 00:29:35 tls Exp $ */ 2 /* $OpenBSD: if_upgt.c,v 1.49 2010/04/20 22:05:43 tedu Exp $ */ 3 4 /* 5 * Copyright (c) 2007 Marcus Glocker <mglocker (at) openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #include <sys/cdefs.h> 21 __KERNEL_RCSID(0, "$NetBSD: if_upgt.c,v 1.6.2.1 2013/02/25 00:29:35 tls Exp $"); 22 23 #include <sys/param.h> 24 #include <sys/callout.h> 25 #include <sys/device.h> 26 #include <sys/errno.h> 27 #include <sys/kernel.h> 28 #include <sys/kthread.h> 29 #include <sys/mbuf.h> 30 #include <sys/proc.h> 31 #include <sys/sockio.h> 32 #include <sys/systm.h> 33 #include <sys/vnode.h> 34 #include <sys/bus.h> 35 #include <sys/endian.h> 36 #include <sys/intr.h> 37 38 #include <net/bpf.h> 39 #include <net/if.h> 40 #include <net/if_arp.h> 41 #include <net/if_dl.h> 42 #include <net/if_ether.h> 43 #include <net/if_media.h> 44 #include <net/if_types.h> 45 46 #include <net80211/ieee80211_var.h> 47 #include <net80211/ieee80211_radiotap.h> 48 49 #include <dev/firmload.h> 50 51 #include <dev/usb/usb.h> 52 #include <dev/usb/usbdi.h> 53 #include <dev/usb/usbdi_util.h> 54 #include <dev/usb/usbdivar.h> 55 #include <dev/usb/usbdevs.h> 56 57 #include <dev/usb/if_upgtvar.h> 58 59 /* 60 * Driver for the USB PrismGT devices. 61 * 62 * For now just USB 2.0 devices with the GW3887 chipset are supported. 63 * The driver has been written based on the firmware version 2.13.1.0_LM87. 64 * 65 * TODO's: 66 * - Fix MONITOR mode (MAC filter). 67 * - Add HOSTAP mode. 68 * - Add IBSS mode. 69 * - Support the USB 1.0 devices (NET2280, ISL3880, ISL3886 chipsets). 70 * 71 * Parts of this driver has been influenced by reading the p54u driver 72 * written by Jean-Baptiste Note <jean-baptiste.note (at) m4x.org> and 73 * Sebastien Bourdeauducq <lekernel (at) prism54.org>. 74 */ 75 76 #ifdef UPGT_DEBUG 77 int upgt_debug = 2; 78 #define DPRINTF(l, x...) do { if ((l) <= upgt_debug) printf(x); } while (0) 79 #else 80 #define DPRINTF(l, x...) 81 #endif 82 83 /* 84 * Prototypes. 85 */ 86 static int upgt_match(device_t, cfdata_t, void *); 87 static void upgt_attach(device_t, device_t, void *); 88 static int upgt_detach(device_t, int); 89 static int upgt_activate(device_t, devact_t); 90 91 static void upgt_attach_hook(device_t); 92 static int upgt_device_type(struct upgt_softc *, uint16_t, uint16_t); 93 static int upgt_device_init(struct upgt_softc *); 94 static int upgt_mem_init(struct upgt_softc *); 95 static uint32_t upgt_mem_alloc(struct upgt_softc *); 96 static void upgt_mem_free(struct upgt_softc *, uint32_t); 97 static int upgt_fw_alloc(struct upgt_softc *); 98 static void upgt_fw_free(struct upgt_softc *); 99 static int upgt_fw_verify(struct upgt_softc *); 100 static int upgt_fw_load(struct upgt_softc *); 101 static int upgt_fw_copy(char *, char *, int); 102 static int upgt_eeprom_read(struct upgt_softc *); 103 static int upgt_eeprom_parse(struct upgt_softc *); 104 static void upgt_eeprom_parse_hwrx(struct upgt_softc *, uint8_t *); 105 static void upgt_eeprom_parse_freq3(struct upgt_softc *, uint8_t *, int); 106 static void upgt_eeprom_parse_freq4(struct upgt_softc *, uint8_t *, int); 107 static void upgt_eeprom_parse_freq6(struct upgt_softc *, uint8_t *, int); 108 109 static int upgt_ioctl(struct ifnet *, u_long, void *); 110 static int upgt_init(struct ifnet *); 111 static void upgt_stop(struct upgt_softc *); 112 static int upgt_media_change(struct ifnet *); 113 static void upgt_newassoc(struct ieee80211_node *, int); 114 static int upgt_newstate(struct ieee80211com *, enum ieee80211_state, 115 int); 116 static void upgt_newstate_task(void *); 117 static void upgt_next_scan(void *); 118 static void upgt_start(struct ifnet *); 119 static void upgt_watchdog(struct ifnet *); 120 static void upgt_tx_task(void *); 121 static void upgt_tx_done(struct upgt_softc *, uint8_t *); 122 static void upgt_rx_cb(usbd_xfer_handle, usbd_private_handle, usbd_status); 123 static void upgt_rx(struct upgt_softc *, uint8_t *, int); 124 static void upgt_setup_rates(struct upgt_softc *); 125 static uint8_t upgt_rx_rate(struct upgt_softc *, const int); 126 static int upgt_set_macfilter(struct upgt_softc *, uint8_t state); 127 static int upgt_set_channel(struct upgt_softc *, unsigned); 128 static void upgt_set_led(struct upgt_softc *, int); 129 static void upgt_set_led_blink(void *); 130 static int upgt_get_stats(struct upgt_softc *); 131 132 static int upgt_alloc_tx(struct upgt_softc *); 133 static int upgt_alloc_rx(struct upgt_softc *); 134 static int upgt_alloc_cmd(struct upgt_softc *); 135 static void upgt_free_tx(struct upgt_softc *); 136 static void upgt_free_rx(struct upgt_softc *); 137 static void upgt_free_cmd(struct upgt_softc *); 138 static int upgt_bulk_xmit(struct upgt_softc *, struct upgt_data *, 139 usbd_pipe_handle, uint32_t *, int); 140 141 #if 0 142 static void upgt_hexdump(void *, int); 143 #endif 144 static uint32_t upgt_crc32_le(const void *, size_t); 145 static uint32_t upgt_chksum_le(const uint32_t *, size_t); 146 147 CFATTACH_DECL_NEW(upgt, sizeof(struct upgt_softc), 148 upgt_match, upgt_attach, upgt_detach, upgt_activate); 149 150 static const struct usb_devno upgt_devs_1[] = { 151 /* version 1 devices */ 152 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST120G } 153 }; 154 155 static const struct usb_devno upgt_devs_2[] = { 156 /* version 2 devices */ 157 { USB_VENDOR_ACCTON, USB_PRODUCT_ACCTON_PRISM_GT }, 158 { USB_VENDOR_ALCATELT, USB_PRODUCT_ALCATELT_ST121G }, 159 { USB_VENDOR_BELKIN, USB_PRODUCT_BELKIN_F5D7050 }, 160 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54AG }, 161 { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_WUSB54GV2 }, 162 { USB_VENDOR_CONCEPTRONIC2, USB_PRODUCT_CONCEPTRONIC2_PRISM_GT }, 163 { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_CGWLUSB2GTST }, 164 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_1 }, 165 { USB_VENDOR_DELL, USB_PRODUCT_DELL_PRISM_GT_2 }, 166 { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWLG122A2 }, 167 { USB_VENDOR_FSC, USB_PRODUCT_FSC_E5400 }, 168 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_1 }, 169 { USB_VENDOR_GLOBESPAN, USB_PRODUCT_GLOBESPAN_PRISM_GT_2 }, 170 { USB_VENDOR_INTERSIL, USB_PRODUCT_INTERSIL_PRISM_GT }, 171 { USB_VENDOR_PHEENET, USB_PRODUCT_PHEENET_GWU513 }, 172 { USB_VENDOR_PHILIPS, USB_PRODUCT_PHILIPS_CPWUA054 }, 173 { USB_VENDOR_SHARP, USB_PRODUCT_SHARP_RUITZ1016YCZZ }, 174 { USB_VENDOR_SMC, USB_PRODUCT_SMC_2862WG }, 175 { USB_VENDOR_USR, USB_PRODUCT_USR_USR5422 }, 176 { USB_VENDOR_WISTRONNEWEB, USB_PRODUCT_WISTRONNEWEB_UR045G }, 177 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_1 }, 178 { USB_VENDOR_XYRATEX, USB_PRODUCT_XYRATEX_PRISM_GT_2 }, 179 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_MD40900 }, 180 { USB_VENDOR_ZCOM, USB_PRODUCT_ZCOM_XG703A } 181 }; 182 183 static int 184 firmware_load(const char *dname, const char *iname, uint8_t **ucodep, 185 size_t *sizep) 186 { 187 firmware_handle_t fh; 188 int error; 189 190 if ((error = firmware_open(dname, iname, &fh)) != 0) 191 return error; 192 *sizep = firmware_get_size(fh); 193 if ((*ucodep = firmware_malloc(*sizep)) == NULL) { 194 firmware_close(fh); 195 return ENOMEM; 196 } 197 if ((error = firmware_read(fh, 0, *ucodep, *sizep)) != 0) 198 firmware_free(*ucodep, *sizep); 199 firmware_close(fh); 200 201 return error; 202 } 203 204 static int 205 upgt_match(device_t parent, cfdata_t match, void *aux) 206 { 207 struct usb_attach_arg *uaa = aux; 208 209 if (usb_lookup(upgt_devs_1, uaa->vendor, uaa->product) != NULL) 210 return UMATCH_VENDOR_PRODUCT; 211 212 if (usb_lookup(upgt_devs_2, uaa->vendor, uaa->product) != NULL) 213 return UMATCH_VENDOR_PRODUCT; 214 215 return UMATCH_NONE; 216 } 217 218 static void 219 upgt_attach(device_t parent, device_t self, void *aux) 220 { 221 struct upgt_softc *sc = device_private(self); 222 struct usb_attach_arg *uaa = aux; 223 usb_interface_descriptor_t *id; 224 usb_endpoint_descriptor_t *ed; 225 usbd_status error; 226 char *devinfop; 227 int i; 228 229 aprint_naive("\n"); 230 aprint_normal("\n"); 231 232 /* 233 * Attach USB device. 234 */ 235 sc->sc_dev = self; 236 sc->sc_udev = uaa->device; 237 238 devinfop = usbd_devinfo_alloc(sc->sc_udev, 0); 239 aprint_normal_dev(sc->sc_dev, "%s\n", devinfop); 240 usbd_devinfo_free(devinfop); 241 242 /* check device type */ 243 if (upgt_device_type(sc, uaa->vendor, uaa->product) != 0) 244 return; 245 246 /* set configuration number */ 247 error = usbd_set_config_no(sc->sc_udev, UPGT_CONFIG_NO, 0); 248 if (error != 0) { 249 aprint_error_dev(sc->sc_dev, "failed to set configuration" 250 ", err=%s\n", usbd_errstr(error)); 251 return; 252 } 253 254 /* get the first interface handle */ 255 error = usbd_device2interface_handle(sc->sc_udev, UPGT_IFACE_INDEX, 256 &sc->sc_iface); 257 if (error != 0) { 258 aprint_error_dev(sc->sc_dev, 259 "could not get interface handle\n"); 260 return; 261 } 262 263 /* find endpoints */ 264 id = usbd_get_interface_descriptor(sc->sc_iface); 265 sc->sc_rx_no = sc->sc_tx_no = -1; 266 for (i = 0; i < id->bNumEndpoints; i++) { 267 ed = usbd_interface2endpoint_descriptor(sc->sc_iface, i); 268 if (ed == NULL) { 269 aprint_error_dev(sc->sc_dev, 270 "no endpoint descriptor for iface %d\n", i); 271 return; 272 } 273 274 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_OUT && 275 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 276 sc->sc_tx_no = ed->bEndpointAddress; 277 if (UE_GET_DIR(ed->bEndpointAddress) == UE_DIR_IN && 278 UE_GET_XFERTYPE(ed->bmAttributes) == UE_BULK) 279 sc->sc_rx_no = ed->bEndpointAddress; 280 281 /* 282 * 0x01 TX pipe 283 * 0x81 RX pipe 284 * 285 * Deprecated scheme (not used with fw version >2.5.6.x): 286 * 0x02 TX MGMT pipe 287 * 0x82 TX MGMT pipe 288 */ 289 if (sc->sc_tx_no != -1 && sc->sc_rx_no != -1) 290 break; 291 } 292 if (sc->sc_rx_no == -1 || sc->sc_tx_no == -1) { 293 aprint_error_dev(sc->sc_dev, "missing endpoint\n"); 294 return; 295 } 296 297 /* setup tasks and timeouts */ 298 usb_init_task(&sc->sc_task_newstate, upgt_newstate_task, sc, 0); 299 usb_init_task(&sc->sc_task_tx, upgt_tx_task, sc, 0); 300 callout_init(&sc->scan_to, 0); 301 callout_setfunc(&sc->scan_to, upgt_next_scan, sc); 302 callout_init(&sc->led_to, 0); 303 callout_setfunc(&sc->led_to, upgt_set_led_blink, sc); 304 305 /* 306 * Open TX and RX USB bulk pipes. 307 */ 308 error = usbd_open_pipe(sc->sc_iface, sc->sc_tx_no, USBD_EXCLUSIVE_USE, 309 &sc->sc_tx_pipeh); 310 if (error != 0) { 311 aprint_error_dev(sc->sc_dev, 312 "could not open TX pipe: %s\n", usbd_errstr(error)); 313 goto fail; 314 } 315 error = usbd_open_pipe(sc->sc_iface, sc->sc_rx_no, USBD_EXCLUSIVE_USE, 316 &sc->sc_rx_pipeh); 317 if (error != 0) { 318 aprint_error_dev(sc->sc_dev, "could not open RX pipe: %s\n", 319 usbd_errstr(error)); 320 goto fail; 321 } 322 323 /* 324 * Allocate TX, RX, and CMD xfers. 325 */ 326 if (upgt_alloc_tx(sc) != 0) 327 goto fail; 328 if (upgt_alloc_rx(sc) != 0) 329 goto fail; 330 if (upgt_alloc_cmd(sc) != 0) 331 goto fail; 332 333 /* 334 * We need the firmware loaded from file system to complete the attach. 335 */ 336 config_mountroot(self, upgt_attach_hook); 337 338 return; 339 fail: 340 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 341 } 342 343 static void 344 upgt_attach_hook(device_t arg) 345 { 346 struct upgt_softc *sc = device_private(arg); 347 struct ieee80211com *ic = &sc->sc_ic; 348 struct ifnet *ifp = &sc->sc_if; 349 usbd_status error; 350 int i; 351 352 /* 353 * Load firmware file into memory. 354 */ 355 if (upgt_fw_alloc(sc) != 0) 356 goto fail; 357 358 /* 359 * Initialize the device. 360 */ 361 if (upgt_device_init(sc) != 0) 362 goto fail; 363 364 /* 365 * Verify the firmware. 366 */ 367 if (upgt_fw_verify(sc) != 0) 368 goto fail; 369 370 /* 371 * Calculate device memory space. 372 */ 373 if (sc->sc_memaddr_frame_start == 0 || sc->sc_memaddr_frame_end == 0) { 374 aprint_error_dev(sc->sc_dev, 375 "could not find memory space addresses on FW\n"); 376 goto fail; 377 } 378 sc->sc_memaddr_frame_end -= UPGT_MEMSIZE_RX + 1; 379 sc->sc_memaddr_rx_start = sc->sc_memaddr_frame_end + 1; 380 381 DPRINTF(1, "%s: memory address frame start=0x%08x\n", 382 device_xname(sc->sc_dev), sc->sc_memaddr_frame_start); 383 DPRINTF(1, "%s: memory address frame end=0x%08x\n", 384 device_xname(sc->sc_dev), sc->sc_memaddr_frame_end); 385 DPRINTF(1, "%s: memory address rx start=0x%08x\n", 386 device_xname(sc->sc_dev), sc->sc_memaddr_rx_start); 387 388 upgt_mem_init(sc); 389 390 /* 391 * Load the firmware. 392 */ 393 if (upgt_fw_load(sc) != 0) 394 goto fail; 395 396 /* 397 * Startup the RX pipe. 398 */ 399 struct upgt_data *data_rx = &sc->rx_data; 400 401 usbd_setup_xfer(data_rx->xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, 402 MCLBYTES, USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 403 error = usbd_transfer(data_rx->xfer); 404 if (error != USBD_NORMAL_COMPLETION && error != USBD_IN_PROGRESS) { 405 aprint_error_dev(sc->sc_dev, 406 "could not queue RX transfer\n"); 407 goto fail; 408 } 409 usbd_delay_ms(sc->sc_udev, 100); 410 411 /* 412 * Read the whole EEPROM content and parse it. 413 */ 414 if (upgt_eeprom_read(sc) != 0) 415 goto fail; 416 if (upgt_eeprom_parse(sc) != 0) 417 goto fail; 418 419 /* 420 * Setup the 802.11 device. 421 */ 422 ic->ic_ifp = ifp; 423 ic->ic_phytype = IEEE80211_T_OFDM; 424 ic->ic_opmode = IEEE80211_M_STA; 425 ic->ic_state = IEEE80211_S_INIT; 426 ic->ic_caps = 427 IEEE80211_C_MONITOR | 428 IEEE80211_C_SHPREAMBLE | 429 IEEE80211_C_SHSLOT; 430 431 ic->ic_sup_rates[IEEE80211_MODE_11B] = ieee80211_std_rateset_11b; 432 ic->ic_sup_rates[IEEE80211_MODE_11G] = ieee80211_std_rateset_11g; 433 434 for (i = 1; i <= 14; i++) { 435 ic->ic_channels[i].ic_freq = 436 ieee80211_ieee2mhz(i, IEEE80211_CHAN_2GHZ); 437 ic->ic_channels[i].ic_flags = 438 IEEE80211_CHAN_CCK | IEEE80211_CHAN_OFDM | 439 IEEE80211_CHAN_DYN | IEEE80211_CHAN_2GHZ; 440 } 441 442 ifp->if_softc = sc; 443 ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; 444 ifp->if_init = upgt_init; 445 ifp->if_ioctl = upgt_ioctl; 446 ifp->if_start = upgt_start; 447 ifp->if_watchdog = upgt_watchdog; 448 IFQ_SET_READY(&ifp->if_snd); 449 memcpy(ifp->if_xname, device_xname(sc->sc_dev), IFNAMSIZ); 450 451 if_attach(ifp); 452 ieee80211_ifattach(ic); 453 ic->ic_newassoc = upgt_newassoc; 454 455 sc->sc_newstate = ic->ic_newstate; 456 ic->ic_newstate = upgt_newstate; 457 ieee80211_media_init(ic, upgt_media_change, ieee80211_media_status); 458 459 bpf_attach2(ifp, DLT_IEEE802_11_RADIO, 460 sizeof(struct ieee80211_frame) + IEEE80211_RADIOTAP_HDRLEN, 461 &sc->sc_drvbpf); 462 463 sc->sc_rxtap_len = sizeof(sc->sc_rxtapu); 464 sc->sc_rxtap.wr_ihdr.it_len = htole16(sc->sc_rxtap_len); 465 sc->sc_rxtap.wr_ihdr.it_present = htole32(UPGT_RX_RADIOTAP_PRESENT); 466 467 sc->sc_txtap_len = sizeof(sc->sc_txtapu); 468 sc->sc_txtap.wt_ihdr.it_len = htole16(sc->sc_txtap_len); 469 sc->sc_txtap.wt_ihdr.it_present = htole32(UPGT_TX_RADIOTAP_PRESENT); 470 471 aprint_normal_dev(sc->sc_dev, "address %s\n", 472 ether_sprintf(ic->ic_myaddr)); 473 474 ieee80211_announce(ic); 475 476 usbd_add_drv_event(USB_EVENT_DRIVER_ATTACH, sc->sc_udev, sc->sc_dev); 477 478 /* device attached */ 479 sc->sc_flags |= UPGT_DEVICE_ATTACHED; 480 481 return; 482 fail: 483 aprint_error_dev(sc->sc_dev, "%s failed\n", __func__); 484 } 485 486 static int 487 upgt_detach(device_t self, int flags) 488 { 489 struct upgt_softc *sc = device_private(self); 490 struct ifnet *ifp = &sc->sc_if; 491 struct ieee80211com *ic = &sc->sc_ic; 492 int s; 493 494 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 495 496 s = splnet(); 497 498 if (ifp->if_flags & IFF_RUNNING) 499 upgt_stop(sc); 500 501 /* remove tasks and timeouts */ 502 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 503 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 504 callout_destroy(&sc->scan_to); 505 callout_destroy(&sc->led_to); 506 507 /* abort and close TX / RX pipes */ 508 if (sc->sc_tx_pipeh != NULL) { 509 usbd_abort_pipe(sc->sc_tx_pipeh); 510 usbd_close_pipe(sc->sc_tx_pipeh); 511 } 512 if (sc->sc_rx_pipeh != NULL) { 513 usbd_abort_pipe(sc->sc_rx_pipeh); 514 usbd_close_pipe(sc->sc_rx_pipeh); 515 } 516 517 /* free xfers */ 518 upgt_free_tx(sc); 519 upgt_free_rx(sc); 520 upgt_free_cmd(sc); 521 522 /* free firmware */ 523 upgt_fw_free(sc); 524 525 if (sc->sc_flags & UPGT_DEVICE_ATTACHED) { 526 /* detach interface */ 527 bpf_detach(ifp); 528 ieee80211_ifdetach(ic); 529 if_detach(ifp); 530 } 531 532 splx(s); 533 534 usbd_add_drv_event(USB_EVENT_DRIVER_DETACH, sc->sc_udev, sc->sc_dev); 535 536 return 0; 537 } 538 539 static int 540 upgt_activate(device_t self, devact_t act) 541 { 542 struct upgt_softc *sc = device_private(self); 543 544 switch (act) { 545 case DVACT_DEACTIVATE: 546 if_deactivate(&sc->sc_if); 547 return 0; 548 default: 549 return EOPNOTSUPP; 550 } 551 } 552 553 static int 554 upgt_device_type(struct upgt_softc *sc, uint16_t vendor, uint16_t product) 555 { 556 557 if (usb_lookup(upgt_devs_1, vendor, product) != NULL) { 558 sc->sc_device_type = 1; 559 /* XXX */ 560 aprint_error_dev(sc->sc_dev, 561 "version 1 devices not supported yet\n"); 562 return 1; 563 } else 564 sc->sc_device_type = 2; 565 566 return 0; 567 } 568 569 static int 570 upgt_device_init(struct upgt_softc *sc) 571 { 572 struct upgt_data *data_cmd = &sc->cmd_data; 573 const uint8_t init_cmd[] = { 0x7e, 0x7e, 0x7e, 0x7e }; 574 int len; 575 576 len = sizeof(init_cmd); 577 memcpy(data_cmd->buf, init_cmd, len); 578 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 579 aprint_error_dev(sc->sc_dev, 580 "could not send device init string\n"); 581 return EIO; 582 } 583 usbd_delay_ms(sc->sc_udev, 100); 584 585 DPRINTF(1, "%s: device initialized\n", device_xname(sc->sc_dev)); 586 587 return 0; 588 } 589 590 static int 591 upgt_mem_init(struct upgt_softc *sc) 592 { 593 int i; 594 595 for (i = 0; i < UPGT_MEMORY_MAX_PAGES; i++) { 596 sc->sc_memory.page[i].used = 0; 597 598 if (i == 0) { 599 /* 600 * The first memory page is always reserved for 601 * command data. 602 */ 603 sc->sc_memory.page[i].addr = 604 sc->sc_memaddr_frame_start + MCLBYTES; 605 } else { 606 sc->sc_memory.page[i].addr = 607 sc->sc_memory.page[i - 1].addr + MCLBYTES; 608 } 609 610 if (sc->sc_memory.page[i].addr + MCLBYTES >= 611 sc->sc_memaddr_frame_end) 612 break; 613 614 DPRINTF(2, "%s: memory address page %d=0x%08x\n", 615 device_xname(sc->sc_dev), i, sc->sc_memory.page[i].addr); 616 } 617 618 sc->sc_memory.pages = i; 619 620 DPRINTF(2, "%s: memory pages=%d\n", 621 device_xname(sc->sc_dev), sc->sc_memory.pages); 622 623 return 0; 624 } 625 626 static uint32_t 627 upgt_mem_alloc(struct upgt_softc *sc) 628 { 629 int i; 630 631 for (i = 0; i < sc->sc_memory.pages; i++) { 632 if (sc->sc_memory.page[i].used == 0) { 633 sc->sc_memory.page[i].used = 1; 634 return sc->sc_memory.page[i].addr; 635 } 636 } 637 638 return 0; 639 } 640 641 static void 642 upgt_mem_free(struct upgt_softc *sc, uint32_t addr) 643 { 644 int i; 645 646 for (i = 0; i < sc->sc_memory.pages; i++) { 647 if (sc->sc_memory.page[i].addr == addr) { 648 sc->sc_memory.page[i].used = 0; 649 return; 650 } 651 } 652 653 aprint_error_dev(sc->sc_dev, "could not free memory address 0x%08x\n", 654 addr); 655 } 656 657 658 static int 659 upgt_fw_alloc(struct upgt_softc *sc) 660 { 661 const char *name = "upgt-gw3887"; 662 int error; 663 664 if (sc->sc_fw == NULL) { 665 error = firmware_load("upgt", name, &sc->sc_fw, 666 &sc->sc_fw_size); 667 if (error != 0) { 668 if (error == ENOENT) { 669 /* 670 * The firmware file for upgt(4) is not in 671 * the default distribution due to its lisence 672 * so explicitly notify it if the firmware file 673 * is not found. 674 */ 675 aprint_error_dev(sc->sc_dev, 676 "firmware file %s is not installed\n", 677 name); 678 aprint_error_dev(sc->sc_dev, 679 "(it is not included in the default" 680 " distribution)\n"); 681 aprint_error_dev(sc->sc_dev, 682 "see upgt(4) man page for details about " 683 "firmware installation\n"); 684 } else { 685 aprint_error_dev(sc->sc_dev, 686 "could not read firmware %s\n", name); 687 } 688 return EIO; 689 } 690 } 691 692 DPRINTF(1, "%s: firmware %s allocated\n", device_xname(sc->sc_dev), 693 name); 694 695 return 0; 696 } 697 698 static void 699 upgt_fw_free(struct upgt_softc *sc) 700 { 701 702 if (sc->sc_fw != NULL) { 703 firmware_free(sc->sc_fw, sc->sc_fw_size); 704 sc->sc_fw = NULL; 705 DPRINTF(1, "%s: firmware freed\n", device_xname(sc->sc_dev)); 706 } 707 } 708 709 static int 710 upgt_fw_verify(struct upgt_softc *sc) 711 { 712 struct upgt_fw_bra_option *bra_option; 713 uint32_t bra_option_type, bra_option_len; 714 uint32_t *uc; 715 int offset, bra_end = 0; 716 717 /* 718 * Seek to beginning of Boot Record Area (BRA). 719 */ 720 for (offset = 0; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 721 uc = (uint32_t *)(sc->sc_fw + offset); 722 if (*uc == 0) 723 break; 724 } 725 for (; offset < sc->sc_fw_size; offset += sizeof(*uc)) { 726 uc = (uint32_t *)(sc->sc_fw + offset); 727 if (*uc != 0) 728 break; 729 } 730 if (offset == sc->sc_fw_size) { 731 aprint_error_dev(sc->sc_dev, 732 "firmware Boot Record Area not found\n"); 733 return EIO; 734 } 735 DPRINTF(1, "%s: firmware Boot Record Area found at offset %d\n", 736 device_xname(sc->sc_dev), offset); 737 738 /* 739 * Parse Boot Record Area (BRA) options. 740 */ 741 while (offset < sc->sc_fw_size && bra_end == 0) { 742 /* get current BRA option */ 743 bra_option = (struct upgt_fw_bra_option *)(sc->sc_fw + offset); 744 bra_option_type = le32toh(bra_option->type); 745 bra_option_len = le32toh(bra_option->len) * sizeof(*uc); 746 747 switch (bra_option_type) { 748 case UPGT_BRA_TYPE_FW: 749 DPRINTF(1, "%s: UPGT_BRA_TYPE_FW len=%d\n", 750 device_xname(sc->sc_dev), bra_option_len); 751 752 if (bra_option_len != UPGT_BRA_FWTYPE_SIZE) { 753 aprint_error_dev(sc->sc_dev, 754 "wrong UPGT_BRA_TYPE_FW len\n"); 755 return EIO; 756 } 757 if (memcmp(UPGT_BRA_FWTYPE_LM86, bra_option->data, 758 bra_option_len) == 0) { 759 sc->sc_fw_type = UPGT_FWTYPE_LM86; 760 break; 761 } 762 if (memcmp(UPGT_BRA_FWTYPE_LM87, bra_option->data, 763 bra_option_len) == 0) { 764 sc->sc_fw_type = UPGT_FWTYPE_LM87; 765 break; 766 } 767 if (memcmp(UPGT_BRA_FWTYPE_FMAC, bra_option->data, 768 bra_option_len) == 0) { 769 sc->sc_fw_type = UPGT_FWTYPE_FMAC; 770 break; 771 } 772 aprint_error_dev(sc->sc_dev, 773 "unsupported firmware type\n"); 774 return EIO; 775 case UPGT_BRA_TYPE_VERSION: 776 DPRINTF(1, "%s: UPGT_BRA_TYPE_VERSION len=%d\n", 777 device_xname(sc->sc_dev), bra_option_len); 778 break; 779 case UPGT_BRA_TYPE_DEPIF: 780 DPRINTF(1, "%s: UPGT_BRA_TYPE_DEPIF len=%d\n", 781 device_xname(sc->sc_dev), bra_option_len); 782 break; 783 case UPGT_BRA_TYPE_EXPIF: 784 DPRINTF(1, "%s: UPGT_BRA_TYPE_EXPIF len=%d\n", 785 device_xname(sc->sc_dev), bra_option_len); 786 break; 787 case UPGT_BRA_TYPE_DESCR: 788 DPRINTF(1, "%s: UPGT_BRA_TYPE_DESCR len=%d\n", 789 device_xname(sc->sc_dev), bra_option_len); 790 791 struct upgt_fw_bra_descr *descr = 792 (struct upgt_fw_bra_descr *)bra_option->data; 793 794 sc->sc_memaddr_frame_start = 795 le32toh(descr->memaddr_space_start); 796 sc->sc_memaddr_frame_end = 797 le32toh(descr->memaddr_space_end); 798 799 DPRINTF(2, "%s: memory address space start=0x%08x\n", 800 device_xname(sc->sc_dev), 801 sc->sc_memaddr_frame_start); 802 DPRINTF(2, "%s: memory address space end=0x%08x\n", 803 device_xname(sc->sc_dev), 804 sc->sc_memaddr_frame_end); 805 break; 806 case UPGT_BRA_TYPE_END: 807 DPRINTF(1, "%s: UPGT_BRA_TYPE_END len=%d\n", 808 device_xname(sc->sc_dev), bra_option_len); 809 bra_end = 1; 810 break; 811 default: 812 DPRINTF(1, "%s: unknown BRA option len=%d\n", 813 device_xname(sc->sc_dev), bra_option_len); 814 return EIO; 815 } 816 817 /* jump to next BRA option */ 818 offset += sizeof(struct upgt_fw_bra_option) + bra_option_len; 819 } 820 821 DPRINTF(1, "%s: firmware verified\n", device_xname(sc->sc_dev)); 822 823 return 0; 824 } 825 826 static int 827 upgt_fw_load(struct upgt_softc *sc) 828 { 829 struct upgt_data *data_cmd = &sc->cmd_data; 830 struct upgt_data *data_rx = &sc->rx_data; 831 struct upgt_fw_x2_header *x2; 832 const uint8_t start_fwload_cmd[] = { 0x3c, 0x0d }; 833 int offset, bsize, n, i, len; 834 uint32_t crc; 835 836 /* send firmware start load command */ 837 len = sizeof(start_fwload_cmd); 838 memcpy(data_cmd->buf, start_fwload_cmd, len); 839 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 840 aprint_error_dev(sc->sc_dev, 841 "could not send start_firmware_load command\n"); 842 return EIO; 843 } 844 845 /* send X2 header */ 846 len = sizeof(struct upgt_fw_x2_header); 847 x2 = (struct upgt_fw_x2_header *)data_cmd->buf; 848 memcpy(x2->signature, UPGT_X2_SIGNATURE, UPGT_X2_SIGNATURE_SIZE); 849 x2->startaddr = htole32(UPGT_MEMADDR_FIRMWARE_START); 850 x2->len = htole32(sc->sc_fw_size); 851 x2->crc = upgt_crc32_le(data_cmd->buf + UPGT_X2_SIGNATURE_SIZE, 852 sizeof(struct upgt_fw_x2_header) - UPGT_X2_SIGNATURE_SIZE - 853 sizeof(uint32_t)); 854 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 855 aprint_error_dev(sc->sc_dev, 856 "could not send firmware X2 header\n"); 857 return EIO; 858 } 859 860 /* download firmware */ 861 for (offset = 0; offset < sc->sc_fw_size; offset += bsize) { 862 if (sc->sc_fw_size - offset > UPGT_FW_BLOCK_SIZE) 863 bsize = UPGT_FW_BLOCK_SIZE; 864 else 865 bsize = sc->sc_fw_size - offset; 866 867 n = upgt_fw_copy(sc->sc_fw + offset, data_cmd->buf, bsize); 868 869 DPRINTF(1, "%s: FW offset=%d, read=%d, sent=%d\n", 870 device_xname(sc->sc_dev), offset, n, bsize); 871 872 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &bsize, 0) 873 != 0) { 874 aprint_error_dev(sc->sc_dev, 875 "error while downloading firmware block\n"); 876 return EIO; 877 } 878 879 bsize = n; 880 } 881 DPRINTF(1, "%s: firmware downloaded\n", device_xname(sc->sc_dev)); 882 883 /* load firmware */ 884 crc = upgt_crc32_le(sc->sc_fw, sc->sc_fw_size); 885 *((uint32_t *)(data_cmd->buf) ) = crc; 886 *((uint8_t *)(data_cmd->buf) + 4) = 'g'; 887 *((uint8_t *)(data_cmd->buf) + 5) = '\r'; 888 len = 6; 889 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 890 aprint_error_dev(sc->sc_dev, 891 "could not send load_firmware command\n"); 892 return EIO; 893 } 894 895 for (i = 0; i < UPGT_FIRMWARE_TIMEOUT; i++) { 896 len = UPGT_FW_BLOCK_SIZE; 897 memset(data_rx->buf, 0, 2); 898 if (upgt_bulk_xmit(sc, data_rx, sc->sc_rx_pipeh, &len, 899 USBD_SHORT_XFER_OK) != 0) { 900 aprint_error_dev(sc->sc_dev, 901 "could not read firmware response\n"); 902 return EIO; 903 } 904 905 if (memcmp(data_rx->buf, "OK", 2) == 0) 906 break; /* firmware load was successful */ 907 } 908 if (i == UPGT_FIRMWARE_TIMEOUT) { 909 aprint_error_dev(sc->sc_dev, "firmware load failed\n"); 910 return EIO; 911 } 912 DPRINTF(1, "%s: firmware loaded\n", device_xname(sc->sc_dev)); 913 914 return 0; 915 } 916 917 /* 918 * While copying the version 2 firmware, we need to replace two characters: 919 * 920 * 0x7e -> 0x7d 0x5e 921 * 0x7d -> 0x7d 0x5d 922 */ 923 static int 924 upgt_fw_copy(char *src, char *dst, int size) 925 { 926 int i, j; 927 928 for (i = 0, j = 0; i < size && j < size; i++) { 929 switch (src[i]) { 930 case 0x7e: 931 dst[j] = 0x7d; 932 j++; 933 dst[j] = 0x5e; 934 j++; 935 break; 936 case 0x7d: 937 dst[j] = 0x7d; 938 j++; 939 dst[j] = 0x5d; 940 j++; 941 break; 942 default: 943 dst[j] = src[i]; 944 j++; 945 break; 946 } 947 } 948 949 return i; 950 } 951 952 static int 953 upgt_eeprom_read(struct upgt_softc *sc) 954 { 955 struct upgt_data *data_cmd = &sc->cmd_data; 956 struct upgt_lmac_mem *mem; 957 struct upgt_lmac_eeprom *eeprom; 958 int offset, block, len; 959 960 offset = 0; 961 block = UPGT_EEPROM_BLOCK_SIZE; 962 while (offset < UPGT_EEPROM_SIZE) { 963 DPRINTF(1, "%s: request EEPROM block (offset=%d, len=%d)\n", 964 device_xname(sc->sc_dev), offset, block); 965 966 /* 967 * Transmit the URB containing the CMD data. 968 */ 969 len = sizeof(*mem) + sizeof(*eeprom) + block; 970 971 memset(data_cmd->buf, 0, len); 972 973 mem = (struct upgt_lmac_mem *)data_cmd->buf; 974 mem->addr = htole32(sc->sc_memaddr_frame_start + 975 UPGT_MEMSIZE_FRAME_HEAD); 976 977 eeprom = (struct upgt_lmac_eeprom *)(mem + 1); 978 eeprom->header1.flags = 0; 979 eeprom->header1.type = UPGT_H1_TYPE_CTRL; 980 eeprom->header1.len = htole16(( 981 sizeof(struct upgt_lmac_eeprom) - 982 sizeof(struct upgt_lmac_header)) + block); 983 984 eeprom->header2.reqid = htole32(sc->sc_memaddr_frame_start); 985 eeprom->header2.type = htole16(UPGT_H2_TYPE_EEPROM); 986 eeprom->header2.flags = 0; 987 988 eeprom->offset = htole16(offset); 989 eeprom->len = htole16(block); 990 991 mem->chksum = upgt_chksum_le((uint32_t *)eeprom, 992 len - sizeof(*mem)); 993 994 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 995 USBD_FORCE_SHORT_XFER) != 0) { 996 aprint_error_dev(sc->sc_dev, 997 "could not transmit EEPROM data URB\n"); 998 return EIO; 999 } 1000 if (tsleep(sc, 0, "eeprom_request", UPGT_USB_TIMEOUT)) { 1001 aprint_error_dev(sc->sc_dev, 1002 "timeout while waiting for EEPROM data\n"); 1003 return EIO; 1004 } 1005 1006 offset += block; 1007 if (UPGT_EEPROM_SIZE - offset < block) 1008 block = UPGT_EEPROM_SIZE - offset; 1009 } 1010 1011 return 0; 1012 } 1013 1014 static int 1015 upgt_eeprom_parse(struct upgt_softc *sc) 1016 { 1017 struct ieee80211com *ic = &sc->sc_ic; 1018 struct upgt_eeprom_header *eeprom_header; 1019 struct upgt_eeprom_option *eeprom_option; 1020 uint16_t option_len; 1021 uint16_t option_type; 1022 uint16_t preamble_len; 1023 int option_end = 0; 1024 1025 /* calculate eeprom options start offset */ 1026 eeprom_header = (struct upgt_eeprom_header *)sc->sc_eeprom; 1027 preamble_len = le16toh(eeprom_header->preamble_len); 1028 eeprom_option = (struct upgt_eeprom_option *)(sc->sc_eeprom + 1029 (sizeof(struct upgt_eeprom_header) + preamble_len)); 1030 1031 while (!option_end) { 1032 /* the eeprom option length is stored in words */ 1033 option_len = 1034 (le16toh(eeprom_option->len) - 1) * sizeof(uint16_t); 1035 option_type = 1036 le16toh(eeprom_option->type); 1037 1038 switch (option_type) { 1039 case UPGT_EEPROM_TYPE_NAME: 1040 DPRINTF(1, "%s: EEPROM name len=%d\n", 1041 device_xname(sc->sc_dev), option_len); 1042 break; 1043 case UPGT_EEPROM_TYPE_SERIAL: 1044 DPRINTF(1, "%s: EEPROM serial len=%d\n", 1045 device_xname(sc->sc_dev), option_len); 1046 break; 1047 case UPGT_EEPROM_TYPE_MAC: 1048 DPRINTF(1, "%s: EEPROM mac len=%d\n", 1049 device_xname(sc->sc_dev), option_len); 1050 1051 IEEE80211_ADDR_COPY(ic->ic_myaddr, eeprom_option->data); 1052 break; 1053 case UPGT_EEPROM_TYPE_HWRX: 1054 DPRINTF(1, "%s: EEPROM hwrx len=%d\n", 1055 device_xname(sc->sc_dev), option_len); 1056 1057 upgt_eeprom_parse_hwrx(sc, eeprom_option->data); 1058 break; 1059 case UPGT_EEPROM_TYPE_CHIP: 1060 DPRINTF(1, "%s: EEPROM chip len=%d\n", 1061 device_xname(sc->sc_dev), option_len); 1062 break; 1063 case UPGT_EEPROM_TYPE_FREQ3: 1064 DPRINTF(1, "%s: EEPROM freq3 len=%d\n", 1065 device_xname(sc->sc_dev), option_len); 1066 1067 upgt_eeprom_parse_freq3(sc, eeprom_option->data, 1068 option_len); 1069 break; 1070 case UPGT_EEPROM_TYPE_FREQ4: 1071 DPRINTF(1, "%s: EEPROM freq4 len=%d\n", 1072 device_xname(sc->sc_dev), option_len); 1073 1074 upgt_eeprom_parse_freq4(sc, eeprom_option->data, 1075 option_len); 1076 break; 1077 case UPGT_EEPROM_TYPE_FREQ5: 1078 DPRINTF(1, "%s: EEPROM freq5 len=%d\n", 1079 device_xname(sc->sc_dev), option_len); 1080 break; 1081 case UPGT_EEPROM_TYPE_FREQ6: 1082 DPRINTF(1, "%s: EEPROM freq6 len=%d\n", 1083 device_xname(sc->sc_dev), option_len); 1084 1085 upgt_eeprom_parse_freq6(sc, eeprom_option->data, 1086 option_len); 1087 break; 1088 case UPGT_EEPROM_TYPE_END: 1089 DPRINTF(1, "%s: EEPROM end len=%d\n", 1090 device_xname(sc->sc_dev), option_len); 1091 option_end = 1; 1092 break; 1093 case UPGT_EEPROM_TYPE_OFF: 1094 DPRINTF(1, "%s: EEPROM off without end option\n", 1095 device_xname(sc->sc_dev)); 1096 return EIO; 1097 default: 1098 DPRINTF(1, "%s: EEPROM unknown type 0x%04x len=%d\n", 1099 device_xname(sc->sc_dev), option_type, option_len); 1100 break; 1101 } 1102 1103 /* jump to next EEPROM option */ 1104 eeprom_option = (struct upgt_eeprom_option *) 1105 (eeprom_option->data + option_len); 1106 } 1107 1108 return 0; 1109 } 1110 1111 static void 1112 upgt_eeprom_parse_hwrx(struct upgt_softc *sc, uint8_t *data) 1113 { 1114 struct upgt_eeprom_option_hwrx *option_hwrx; 1115 1116 option_hwrx = (struct upgt_eeprom_option_hwrx *)data; 1117 1118 sc->sc_eeprom_hwrx = option_hwrx->rxfilter - UPGT_EEPROM_RX_CONST; 1119 1120 DPRINTF(2, "%s: hwrx option value=0x%04x\n", 1121 device_xname(sc->sc_dev), sc->sc_eeprom_hwrx); 1122 } 1123 1124 static void 1125 upgt_eeprom_parse_freq3(struct upgt_softc *sc, uint8_t *data, int len) 1126 { 1127 struct upgt_eeprom_freq3_header *freq3_header; 1128 struct upgt_lmac_freq3 *freq3; 1129 int i, elements, flags; 1130 unsigned channel; 1131 1132 freq3_header = (struct upgt_eeprom_freq3_header *)data; 1133 freq3 = (struct upgt_lmac_freq3 *)(freq3_header + 1); 1134 1135 flags = freq3_header->flags; 1136 elements = freq3_header->elements; 1137 1138 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1139 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1140 1141 for (i = 0; i < elements; i++) { 1142 channel = ieee80211_mhz2ieee(le16toh(freq3[i].freq), 0); 1143 1144 sc->sc_eeprom_freq3[channel] = freq3[i]; 1145 1146 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1147 device_xname(sc->sc_dev), 1148 le16toh(sc->sc_eeprom_freq3[channel].freq), channel); 1149 } 1150 } 1151 1152 static void 1153 upgt_eeprom_parse_freq4(struct upgt_softc *sc, uint8_t *data, int len) 1154 { 1155 struct upgt_eeprom_freq4_header *freq4_header; 1156 struct upgt_eeprom_freq4_1 *freq4_1; 1157 struct upgt_eeprom_freq4_2 *freq4_2; 1158 int i, j, elements, settings, flags; 1159 unsigned channel; 1160 1161 freq4_header = (struct upgt_eeprom_freq4_header *)data; 1162 freq4_1 = (struct upgt_eeprom_freq4_1 *)(freq4_header + 1); 1163 1164 flags = freq4_header->flags; 1165 elements = freq4_header->elements; 1166 settings = freq4_header->settings; 1167 1168 /* we need this value later */ 1169 sc->sc_eeprom_freq6_settings = freq4_header->settings; 1170 1171 DPRINTF(2, "%s: flags=0x%02x\n", device_xname(sc->sc_dev), flags); 1172 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1173 DPRINTF(2, "%s: settings=%d\n", device_xname(sc->sc_dev), settings); 1174 1175 for (i = 0; i < elements; i++) { 1176 channel = ieee80211_mhz2ieee(le16toh(freq4_1[i].freq), 0); 1177 1178 freq4_2 = (struct upgt_eeprom_freq4_2 *)freq4_1[i].data; 1179 1180 for (j = 0; j < settings; j++) { 1181 sc->sc_eeprom_freq4[channel][j].cmd = freq4_2[j]; 1182 sc->sc_eeprom_freq4[channel][j].pad = 0; 1183 } 1184 1185 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1186 device_xname(sc->sc_dev), 1187 le16toh(freq4_1[i].freq), channel); 1188 } 1189 } 1190 1191 static void 1192 upgt_eeprom_parse_freq6(struct upgt_softc *sc, uint8_t *data, int len) 1193 { 1194 struct upgt_lmac_freq6 *freq6; 1195 int i, elements; 1196 unsigned channel; 1197 1198 freq6 = (struct upgt_lmac_freq6 *)data; 1199 1200 elements = len / sizeof(struct upgt_lmac_freq6); 1201 1202 DPRINTF(2, "%s: elements=%d\n", device_xname(sc->sc_dev), elements); 1203 1204 for (i = 0; i < elements; i++) { 1205 channel = ieee80211_mhz2ieee(le16toh(freq6[i].freq), 0); 1206 1207 sc->sc_eeprom_freq6[channel] = freq6[i]; 1208 1209 DPRINTF(2, "%s: frequence=%d, channel=%d\n", 1210 device_xname(sc->sc_dev), 1211 le16toh(sc->sc_eeprom_freq6[channel].freq), channel); 1212 } 1213 } 1214 1215 static int 1216 upgt_ioctl(struct ifnet *ifp, u_long cmd, void *data) 1217 { 1218 struct upgt_softc *sc = ifp->if_softc; 1219 struct ieee80211com *ic = &sc->sc_ic; 1220 int s, error = 0; 1221 1222 s = splnet(); 1223 1224 switch (cmd) { 1225 case SIOCSIFFLAGS: 1226 if ((error = ifioctl_common(ifp, cmd, data)) != 0) 1227 break; 1228 if (ifp->if_flags & IFF_UP) { 1229 if ((ifp->if_flags & IFF_RUNNING) == 0) 1230 upgt_init(ifp); 1231 } else { 1232 if (ifp->if_flags & IFF_RUNNING) 1233 upgt_stop(sc); 1234 } 1235 break; 1236 case SIOCADDMULTI: 1237 case SIOCDELMULTI: 1238 if ((error = ether_ioctl(ifp, cmd, data)) == ENETRESET) { 1239 /* setup multicast filter, etc */ 1240 error = 0; 1241 } 1242 break; 1243 default: 1244 error = ieee80211_ioctl(ic, cmd, data); 1245 break; 1246 } 1247 1248 if (error == ENETRESET) { 1249 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1250 (IFF_UP | IFF_RUNNING)) 1251 upgt_init(ifp); 1252 error = 0; 1253 } 1254 1255 splx(s); 1256 1257 return error; 1258 } 1259 1260 static int 1261 upgt_init(struct ifnet *ifp) 1262 { 1263 struct upgt_softc *sc = ifp->if_softc; 1264 struct ieee80211com *ic = &sc->sc_ic; 1265 1266 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1267 1268 if (ifp->if_flags & IFF_RUNNING) 1269 upgt_stop(sc); 1270 1271 ifp->if_flags |= IFF_RUNNING; 1272 ifp->if_flags &= ~IFF_OACTIVE; 1273 1274 IEEE80211_ADDR_COPY(ic->ic_myaddr, CLLADDR(ifp->if_sadl)); 1275 1276 /* setup device rates */ 1277 upgt_setup_rates(sc); 1278 1279 if (ic->ic_opmode == IEEE80211_M_MONITOR) 1280 ieee80211_new_state(ic, IEEE80211_S_RUN, -1); 1281 else 1282 ieee80211_new_state(ic, IEEE80211_S_SCAN, -1); 1283 1284 return 0; 1285 } 1286 1287 static void 1288 upgt_stop(struct upgt_softc *sc) 1289 { 1290 struct ieee80211com *ic = &sc->sc_ic; 1291 struct ifnet *ifp = &sc->sc_if; 1292 1293 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1294 1295 /* device down */ 1296 ifp->if_timer = 0; 1297 ifp->if_flags &= ~(IFF_RUNNING | IFF_OACTIVE); 1298 1299 /* change device back to initial state */ 1300 ieee80211_new_state(ic, IEEE80211_S_INIT, -1); 1301 } 1302 1303 static int 1304 upgt_media_change(struct ifnet *ifp) 1305 { 1306 struct upgt_softc *sc = ifp->if_softc; 1307 int error; 1308 1309 DPRINTF(1, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1310 1311 if ((error = ieee80211_media_change(ifp) != ENETRESET)) 1312 return error; 1313 1314 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 1315 (IFF_UP | IFF_RUNNING)) { 1316 /* give pending USB transfers a chance to finish */ 1317 usbd_delay_ms(sc->sc_udev, 100); 1318 upgt_init(ifp); 1319 } 1320 1321 return 0; 1322 } 1323 1324 static void 1325 upgt_newassoc(struct ieee80211_node *ni, int isnew) 1326 { 1327 1328 ni->ni_txrate = 0; 1329 } 1330 1331 static int 1332 upgt_newstate(struct ieee80211com *ic, enum ieee80211_state nstate, int arg) 1333 { 1334 struct upgt_softc *sc = ic->ic_ifp->if_softc; 1335 1336 usb_rem_task(sc->sc_udev, &sc->sc_task_newstate); 1337 callout_stop(&sc->scan_to); 1338 1339 /* do it in a process context */ 1340 sc->sc_state = nstate; 1341 sc->sc_arg = arg; 1342 usb_add_task(sc->sc_udev, &sc->sc_task_newstate, USB_TASKQ_DRIVER); 1343 1344 return 0; 1345 } 1346 1347 static void 1348 upgt_newstate_task(void *arg) 1349 { 1350 struct upgt_softc *sc = arg; 1351 struct ieee80211com *ic = &sc->sc_ic; 1352 struct ieee80211_node *ni; 1353 unsigned channel; 1354 1355 mutex_enter(&sc->sc_mtx); 1356 1357 switch (sc->sc_state) { 1358 case IEEE80211_S_INIT: 1359 DPRINTF(1, "%s: newstate is IEEE80211_S_INIT\n", 1360 device_xname(sc->sc_dev)); 1361 1362 /* do not accept any frames if the device is down */ 1363 upgt_set_macfilter(sc, IEEE80211_S_INIT); 1364 upgt_set_led(sc, UPGT_LED_OFF); 1365 break; 1366 case IEEE80211_S_SCAN: 1367 DPRINTF(1, "%s: newstate is IEEE80211_S_SCAN\n", 1368 device_xname(sc->sc_dev)); 1369 1370 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1371 upgt_set_channel(sc, channel); 1372 upgt_set_macfilter(sc, IEEE80211_S_SCAN); 1373 callout_schedule(&sc->scan_to, hz / 5); 1374 break; 1375 case IEEE80211_S_AUTH: 1376 DPRINTF(1, "%s: newstate is IEEE80211_S_AUTH\n", 1377 device_xname(sc->sc_dev)); 1378 1379 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1380 upgt_set_channel(sc, channel); 1381 break; 1382 case IEEE80211_S_ASSOC: 1383 DPRINTF(1, "%s: newstate is IEEE80211_S_ASSOC\n", 1384 device_xname(sc->sc_dev)); 1385 1386 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1387 upgt_set_channel(sc, channel); 1388 break; 1389 case IEEE80211_S_RUN: 1390 DPRINTF(1, "%s: newstate is IEEE80211_S_RUN\n", 1391 device_xname(sc->sc_dev)); 1392 1393 channel = ieee80211_chan2ieee(ic, ic->ic_curchan); 1394 upgt_set_channel(sc, channel); 1395 1396 ni = ic->ic_bss; 1397 1398 /* 1399 * TX rate control is done by the firmware. 1400 * Report the maximum rate which is available therefore. 1401 */ 1402 ni->ni_txrate = ni->ni_rates.rs_nrates - 1; 1403 1404 if (ic->ic_opmode != IEEE80211_M_MONITOR) 1405 upgt_set_macfilter(sc, IEEE80211_S_RUN); 1406 upgt_set_led(sc, UPGT_LED_ON); 1407 break; 1408 } 1409 1410 mutex_exit(&sc->sc_mtx); 1411 1412 sc->sc_newstate(ic, sc->sc_state, sc->sc_arg); 1413 } 1414 1415 static void 1416 upgt_next_scan(void *arg) 1417 { 1418 struct upgt_softc *sc = arg; 1419 struct ieee80211com *ic = &sc->sc_ic; 1420 1421 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1422 1423 if (ic->ic_state == IEEE80211_S_SCAN) 1424 ieee80211_next_scan(ic); 1425 } 1426 1427 static void 1428 upgt_start(struct ifnet *ifp) 1429 { 1430 struct upgt_softc *sc = ifp->if_softc; 1431 struct ieee80211com *ic = &sc->sc_ic; 1432 struct ether_header *eh; 1433 struct ieee80211_node *ni; 1434 struct mbuf *m; 1435 int i; 1436 1437 /* don't transmit packets if interface is busy or down */ 1438 if ((ifp->if_flags & (IFF_RUNNING | IFF_OACTIVE)) != IFF_RUNNING) 1439 return; 1440 1441 DPRINTF(2, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1442 1443 for (i = 0; i < UPGT_TX_COUNT; i++) { 1444 struct upgt_data *data_tx = &sc->tx_data[i]; 1445 1446 if (data_tx->m != NULL) 1447 continue; 1448 1449 IF_POLL(&ic->ic_mgtq, m); 1450 if (m != NULL) { 1451 /* management frame */ 1452 IF_DEQUEUE(&ic->ic_mgtq, m); 1453 1454 ni = (struct ieee80211_node *)m->m_pkthdr.rcvif; 1455 m->m_pkthdr.rcvif = NULL; 1456 1457 bpf_mtap3(ic->ic_rawbpf, m); 1458 1459 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1460 aprint_error_dev(sc->sc_dev, 1461 "no free prism memory\n"); 1462 m_freem(m); 1463 ifp->if_oerrors++; 1464 break; 1465 } 1466 data_tx->ni = ni; 1467 data_tx->m = m; 1468 sc->tx_queued++; 1469 } else { 1470 /* data frame */ 1471 if (ic->ic_state != IEEE80211_S_RUN) 1472 break; 1473 1474 IFQ_POLL(&ifp->if_snd, m); 1475 if (m == NULL) 1476 break; 1477 1478 IFQ_DEQUEUE(&ifp->if_snd, m); 1479 if (m->m_len < sizeof(struct ether_header) && 1480 !(m = m_pullup(m, sizeof(struct ether_header)))) 1481 continue; 1482 1483 eh = mtod(m, struct ether_header *); 1484 ni = ieee80211_find_txnode(ic, eh->ether_dhost); 1485 if (ni == NULL) { 1486 m_freem(m); 1487 continue; 1488 } 1489 1490 bpf_mtap(ifp, m); 1491 1492 m = ieee80211_encap(ic, m, ni); 1493 if (m == NULL) { 1494 ieee80211_free_node(ni); 1495 continue; 1496 } 1497 1498 bpf_mtap3(ic->ic_rawbpf, m); 1499 1500 if ((data_tx->addr = upgt_mem_alloc(sc)) == 0) { 1501 aprint_error_dev(sc->sc_dev, 1502 "no free prism memory\n"); 1503 m_freem(m); 1504 ieee80211_free_node(ni); 1505 ifp->if_oerrors++; 1506 break; 1507 } 1508 data_tx->ni = ni; 1509 data_tx->m = m; 1510 sc->tx_queued++; 1511 } 1512 } 1513 1514 if (sc->tx_queued > 0) { 1515 DPRINTF(2, "%s: tx_queued=%d\n", 1516 device_xname(sc->sc_dev), sc->tx_queued); 1517 /* process the TX queue in process context */ 1518 ifp->if_timer = 5; 1519 ifp->if_flags |= IFF_OACTIVE; 1520 usb_rem_task(sc->sc_udev, &sc->sc_task_tx); 1521 usb_add_task(sc->sc_udev, &sc->sc_task_tx, USB_TASKQ_DRIVER); 1522 } 1523 } 1524 1525 static void 1526 upgt_watchdog(struct ifnet *ifp) 1527 { 1528 struct upgt_softc *sc = ifp->if_softc; 1529 struct ieee80211com *ic = &sc->sc_ic; 1530 1531 if (ic->ic_state == IEEE80211_S_INIT) 1532 return; 1533 1534 aprint_error_dev(sc->sc_dev, "watchdog timeout\n"); 1535 1536 /* TODO: what shall we do on TX timeout? */ 1537 1538 ieee80211_watchdog(ic); 1539 } 1540 1541 static void 1542 upgt_tx_task(void *arg) 1543 { 1544 struct upgt_softc *sc = arg; 1545 struct ieee80211com *ic = &sc->sc_ic; 1546 struct ieee80211_frame *wh; 1547 struct ieee80211_key *k; 1548 struct ifnet *ifp = &sc->sc_if; 1549 struct upgt_lmac_mem *mem; 1550 struct upgt_lmac_tx_desc *txdesc; 1551 struct mbuf *m; 1552 uint32_t addr; 1553 int i, len, pad, s; 1554 usbd_status error; 1555 1556 mutex_enter(&sc->sc_mtx); 1557 upgt_set_led(sc, UPGT_LED_BLINK); 1558 mutex_exit(&sc->sc_mtx); 1559 1560 s = splnet(); 1561 1562 for (i = 0; i < UPGT_TX_COUNT; i++) { 1563 struct upgt_data *data_tx = &sc->tx_data[i]; 1564 1565 if (data_tx->m == NULL) 1566 continue; 1567 1568 m = data_tx->m; 1569 addr = data_tx->addr + UPGT_MEMSIZE_FRAME_HEAD; 1570 1571 /* 1572 * Software crypto. 1573 */ 1574 wh = mtod(m, struct ieee80211_frame *); 1575 1576 if (wh->i_fc[1] & IEEE80211_FC1_WEP) { 1577 k = ieee80211_crypto_encap(ic, data_tx->ni, m); 1578 if (k == NULL) { 1579 m_freem(m); 1580 data_tx->m = NULL; 1581 ieee80211_free_node(data_tx->ni); 1582 data_tx->ni = NULL; 1583 ifp->if_oerrors++; 1584 break; 1585 } 1586 1587 /* in case packet header moved, reset pointer */ 1588 wh = mtod(m, struct ieee80211_frame *); 1589 } 1590 1591 /* 1592 * Transmit the URB containing the TX data. 1593 */ 1594 memset(data_tx->buf, 0, sizeof(*mem) + sizeof(*txdesc)); 1595 1596 mem = (struct upgt_lmac_mem *)data_tx->buf; 1597 mem->addr = htole32(addr); 1598 1599 txdesc = (struct upgt_lmac_tx_desc *)(mem + 1); 1600 1601 /* XXX differ between data and mgmt frames? */ 1602 txdesc->header1.flags = UPGT_H1_FLAGS_TX_DATA; 1603 txdesc->header1.type = UPGT_H1_TYPE_TX_DATA; 1604 txdesc->header1.len = htole16(m->m_pkthdr.len); 1605 1606 txdesc->header2.reqid = htole32(data_tx->addr); 1607 txdesc->header2.type = htole16(UPGT_H2_TYPE_TX_ACK_YES); 1608 txdesc->header2.flags = htole16(UPGT_H2_FLAGS_TX_ACK_YES); 1609 1610 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == 1611 IEEE80211_FC0_TYPE_MGT) { 1612 /* always send mgmt frames at lowest rate (DS1) */ 1613 memset(txdesc->rates, 0x10, sizeof(txdesc->rates)); 1614 } else { 1615 memcpy(txdesc->rates, sc->sc_cur_rateset, 1616 sizeof(txdesc->rates)); 1617 } 1618 txdesc->type = htole32(UPGT_TX_DESC_TYPE_DATA); 1619 txdesc->pad3[0] = UPGT_TX_DESC_PAD3_SIZE; 1620 1621 if (sc->sc_drvbpf != NULL) { 1622 struct upgt_tx_radiotap_header *tap = &sc->sc_txtap; 1623 1624 tap->wt_flags = 0; 1625 tap->wt_rate = 0; /* TODO: where to get from? */ 1626 tap->wt_chan_freq = htole16(ic->ic_curchan->ic_freq); 1627 tap->wt_chan_flags = htole16(ic->ic_curchan->ic_flags); 1628 1629 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_txtap_len, m); 1630 } 1631 1632 /* copy frame below our TX descriptor header */ 1633 m_copydata(m, 0, m->m_pkthdr.len, 1634 data_tx->buf + sizeof(*mem) + sizeof(*txdesc)); 1635 1636 /* calculate frame size */ 1637 len = sizeof(*mem) + sizeof(*txdesc) + m->m_pkthdr.len; 1638 1639 if (len & 3) { 1640 /* we need to align the frame to a 4 byte boundary */ 1641 pad = 4 - (len & 3); 1642 memset(data_tx->buf + len, 0, pad); 1643 len += pad; 1644 } 1645 1646 /* calculate frame checksum */ 1647 mem->chksum = upgt_chksum_le((uint32_t *)txdesc, 1648 len - sizeof(*mem)); 1649 1650 /* we do not need the mbuf anymore */ 1651 m_freem(m); 1652 data_tx->m = NULL; 1653 1654 ieee80211_free_node(data_tx->ni); 1655 data_tx->ni = NULL; 1656 1657 DPRINTF(2, "%s: TX start data sending\n", 1658 device_xname(sc->sc_dev)); 1659 1660 usbd_setup_xfer(data_tx->xfer, sc->sc_tx_pipeh, data_tx, 1661 data_tx->buf, len, USBD_FORCE_SHORT_XFER | USBD_NO_COPY, 1662 UPGT_USB_TIMEOUT, NULL); 1663 error = usbd_transfer(data_tx->xfer); 1664 if (error != USBD_NORMAL_COMPLETION && 1665 error != USBD_IN_PROGRESS) { 1666 aprint_error_dev(sc->sc_dev, 1667 "could not transmit TX data URB\n"); 1668 ifp->if_oerrors++; 1669 break; 1670 } 1671 1672 DPRINTF(2, "%s: TX sent (%d bytes)\n", 1673 device_xname(sc->sc_dev), len); 1674 } 1675 1676 splx(s); 1677 1678 /* 1679 * If we don't regulary read the device statistics, the RX queue 1680 * will stall. It's strange, but it works, so we keep reading 1681 * the statistics here. *shrug* 1682 */ 1683 mutex_enter(&sc->sc_mtx); 1684 upgt_get_stats(sc); 1685 mutex_exit(&sc->sc_mtx); 1686 } 1687 1688 static void 1689 upgt_tx_done(struct upgt_softc *sc, uint8_t *data) 1690 { 1691 struct ifnet *ifp = &sc->sc_if; 1692 struct upgt_lmac_tx_done_desc *desc; 1693 int i, s; 1694 1695 s = splnet(); 1696 1697 desc = (struct upgt_lmac_tx_done_desc *)data; 1698 1699 for (i = 0; i < UPGT_TX_COUNT; i++) { 1700 struct upgt_data *data_tx = &sc->tx_data[i]; 1701 1702 if (data_tx->addr == le32toh(desc->header2.reqid)) { 1703 upgt_mem_free(sc, data_tx->addr); 1704 data_tx->addr = 0; 1705 1706 sc->tx_queued--; 1707 ifp->if_opackets++; 1708 1709 DPRINTF(2, "%s: TX done: ", device_xname(sc->sc_dev)); 1710 DPRINTF(2, "memaddr=0x%08x, status=0x%04x, rssi=%d, ", 1711 le32toh(desc->header2.reqid), 1712 le16toh(desc->status), 1713 le16toh(desc->rssi)); 1714 DPRINTF(2, "seq=%d\n", le16toh(desc->seq)); 1715 break; 1716 } 1717 } 1718 1719 if (sc->tx_queued == 0) { 1720 /* TX queued was processed, continue */ 1721 ifp->if_timer = 0; 1722 ifp->if_flags &= ~IFF_OACTIVE; 1723 upgt_start(ifp); 1724 } 1725 1726 splx(s); 1727 } 1728 1729 static void 1730 upgt_rx_cb(usbd_xfer_handle xfer, usbd_private_handle priv, usbd_status status) 1731 { 1732 struct upgt_data *data_rx = priv; 1733 struct upgt_softc *sc = data_rx->sc; 1734 int len; 1735 struct upgt_lmac_header *header; 1736 struct upgt_lmac_eeprom *eeprom; 1737 uint8_t h1_type; 1738 uint16_t h2_type; 1739 1740 DPRINTF(3, "%s: %s\n", device_xname(sc->sc_dev), __func__); 1741 1742 if (status != USBD_NORMAL_COMPLETION) { 1743 if (status == USBD_NOT_STARTED || status == USBD_CANCELLED) 1744 return; 1745 if (status == USBD_STALLED) 1746 usbd_clear_endpoint_stall_async(sc->sc_rx_pipeh); 1747 goto skip; 1748 } 1749 usbd_get_xfer_status(xfer, NULL, NULL, &len, NULL); 1750 1751 /* 1752 * Check what type of frame came in. 1753 */ 1754 header = (struct upgt_lmac_header *)(data_rx->buf + 4); 1755 1756 h1_type = header->header1.type; 1757 h2_type = le16toh(header->header2.type); 1758 1759 if (h1_type == UPGT_H1_TYPE_CTRL && 1760 h2_type == UPGT_H2_TYPE_EEPROM) { 1761 eeprom = (struct upgt_lmac_eeprom *)(data_rx->buf + 4); 1762 uint16_t eeprom_offset = le16toh(eeprom->offset); 1763 uint16_t eeprom_len = le16toh(eeprom->len); 1764 1765 DPRINTF(2, "%s: received EEPROM block (offset=%d, len=%d)\n", 1766 device_xname(sc->sc_dev), eeprom_offset, eeprom_len); 1767 1768 memcpy(sc->sc_eeprom + eeprom_offset, 1769 data_rx->buf + sizeof(struct upgt_lmac_eeprom) + 4, 1770 eeprom_len); 1771 1772 /* EEPROM data has arrived in time, wakeup tsleep() */ 1773 wakeup(sc); 1774 } else 1775 if (h1_type == UPGT_H1_TYPE_CTRL && 1776 h2_type == UPGT_H2_TYPE_TX_DONE) { 1777 DPRINTF(2, "%s: received 802.11 TX done\n", 1778 device_xname(sc->sc_dev)); 1779 1780 upgt_tx_done(sc, data_rx->buf + 4); 1781 } else 1782 if (h1_type == UPGT_H1_TYPE_RX_DATA || 1783 h1_type == UPGT_H1_TYPE_RX_DATA_MGMT) { 1784 DPRINTF(3, "%s: received 802.11 RX data\n", 1785 device_xname(sc->sc_dev)); 1786 1787 upgt_rx(sc, data_rx->buf + 4, le16toh(header->header1.len)); 1788 } else 1789 if (h1_type == UPGT_H1_TYPE_CTRL && 1790 h2_type == UPGT_H2_TYPE_STATS) { 1791 DPRINTF(2, "%s: received statistic data\n", 1792 device_xname(sc->sc_dev)); 1793 1794 /* TODO: what could we do with the statistic data? */ 1795 } else { 1796 /* ignore unknown frame types */ 1797 DPRINTF(1, "%s: received unknown frame type 0x%02x\n", 1798 device_xname(sc->sc_dev), header->header1.type); 1799 } 1800 1801 skip: /* setup new transfer */ 1802 usbd_setup_xfer(xfer, sc->sc_rx_pipeh, data_rx, data_rx->buf, MCLBYTES, 1803 USBD_SHORT_XFER_OK, USBD_NO_TIMEOUT, upgt_rx_cb); 1804 (void)usbd_transfer(xfer); 1805 } 1806 1807 static void 1808 upgt_rx(struct upgt_softc *sc, uint8_t *data, int pkglen) 1809 { 1810 struct ieee80211com *ic = &sc->sc_ic; 1811 struct ifnet *ifp = &sc->sc_if; 1812 struct upgt_lmac_rx_desc *rxdesc; 1813 struct ieee80211_frame *wh; 1814 struct ieee80211_node *ni; 1815 struct mbuf *m; 1816 int s; 1817 1818 /* access RX packet descriptor */ 1819 rxdesc = (struct upgt_lmac_rx_desc *)data; 1820 1821 /* create mbuf which is suitable for strict alignment archs */ 1822 #define ETHER_ALIGN 0 1823 m = m_devget(rxdesc->data, pkglen, ETHER_ALIGN, ifp, NULL); 1824 if (m == NULL) { 1825 DPRINTF(1, "%s: could not create RX mbuf\n", 1826 device_xname(sc->sc_dev)); 1827 ifp->if_ierrors++; 1828 return; 1829 } 1830 1831 s = splnet(); 1832 1833 if (sc->sc_drvbpf != NULL) { 1834 struct upgt_rx_radiotap_header *tap = &sc->sc_rxtap; 1835 1836 tap->wr_flags = IEEE80211_RADIOTAP_F_FCS; 1837 tap->wr_rate = upgt_rx_rate(sc, rxdesc->rate); 1838 tap->wr_chan_freq = htole16(ic->ic_curchan->ic_freq); 1839 tap->wr_chan_flags = htole16(ic->ic_curchan->ic_flags); 1840 tap->wr_antsignal = rxdesc->rssi; 1841 1842 bpf_mtap2(sc->sc_drvbpf, tap, sc->sc_rxtap_len, m); 1843 } 1844 1845 /* trim FCS */ 1846 m_adj(m, -IEEE80211_CRC_LEN); 1847 1848 wh = mtod(m, struct ieee80211_frame *); 1849 ni = ieee80211_find_rxnode(ic, (struct ieee80211_frame_min *)wh); 1850 1851 /* push the frame up to the 802.11 stack */ 1852 ieee80211_input(ic, m, ni, rxdesc->rssi, 0); 1853 1854 /* node is no longer needed */ 1855 ieee80211_free_node(ni); 1856 1857 splx(s); 1858 1859 DPRINTF(3, "%s: RX done\n", device_xname(sc->sc_dev)); 1860 } 1861 1862 static void 1863 upgt_setup_rates(struct upgt_softc *sc) 1864 { 1865 struct ieee80211com *ic = &sc->sc_ic; 1866 1867 /* 1868 * 0x01 = OFMD6 0x10 = DS1 1869 * 0x04 = OFDM9 0x11 = DS2 1870 * 0x06 = OFDM12 0x12 = DS5 1871 * 0x07 = OFDM18 0x13 = DS11 1872 * 0x08 = OFDM24 1873 * 0x09 = OFDM36 1874 * 0x0a = OFDM48 1875 * 0x0b = OFDM54 1876 */ 1877 const uint8_t rateset_auto_11b[] = 1878 { 0x13, 0x13, 0x12, 0x11, 0x11, 0x10, 0x10, 0x10 }; 1879 const uint8_t rateset_auto_11g[] = 1880 { 0x0b, 0x0a, 0x09, 0x08, 0x07, 0x06, 0x04, 0x01 }; 1881 const uint8_t rateset_fix_11bg[] = 1882 { 0x10, 0x11, 0x12, 0x13, 0x01, 0x04, 0x06, 0x07, 1883 0x08, 0x09, 0x0a, 0x0b }; 1884 1885 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1886 /* 1887 * Automatic rate control is done by the device. 1888 * We just pass the rateset from which the device 1889 * will pickup a rate. 1890 */ 1891 if (ic->ic_curmode == IEEE80211_MODE_11B) 1892 memcpy(sc->sc_cur_rateset, rateset_auto_11b, 1893 sizeof(sc->sc_cur_rateset)); 1894 if (ic->ic_curmode == IEEE80211_MODE_11G || 1895 ic->ic_curmode == IEEE80211_MODE_AUTO) 1896 memcpy(sc->sc_cur_rateset, rateset_auto_11g, 1897 sizeof(sc->sc_cur_rateset)); 1898 } else { 1899 /* set a fixed rate */ 1900 memset(sc->sc_cur_rateset, rateset_fix_11bg[ic->ic_fixed_rate], 1901 sizeof(sc->sc_cur_rateset)); 1902 } 1903 } 1904 1905 static uint8_t 1906 upgt_rx_rate(struct upgt_softc *sc, const int rate) 1907 { 1908 struct ieee80211com *ic = &sc->sc_ic; 1909 1910 if (ic->ic_curmode == IEEE80211_MODE_11B) { 1911 if (rate < 0 || rate > 3) 1912 /* invalid rate */ 1913 return 0; 1914 1915 switch (rate) { 1916 case 0: 1917 return 2; 1918 case 1: 1919 return 4; 1920 case 2: 1921 return 11; 1922 case 3: 1923 return 22; 1924 default: 1925 return 0; 1926 } 1927 } 1928 1929 if (ic->ic_curmode == IEEE80211_MODE_11G) { 1930 if (rate < 0 || rate > 11) 1931 /* invalid rate */ 1932 return 0; 1933 1934 switch (rate) { 1935 case 0: 1936 return 2; 1937 case 1: 1938 return 4; 1939 case 2: 1940 return 11; 1941 case 3: 1942 return 22; 1943 case 4: 1944 return 12; 1945 case 5: 1946 return 18; 1947 case 6: 1948 return 24; 1949 case 7: 1950 return 36; 1951 case 8: 1952 return 48; 1953 case 9: 1954 return 72; 1955 case 10: 1956 return 96; 1957 case 11: 1958 return 108; 1959 default: 1960 return 0; 1961 } 1962 } 1963 1964 return 0; 1965 } 1966 1967 static int 1968 upgt_set_macfilter(struct upgt_softc *sc, uint8_t state) 1969 { 1970 struct ieee80211com *ic = &sc->sc_ic; 1971 struct ieee80211_node *ni = ic->ic_bss; 1972 struct upgt_data *data_cmd = &sc->cmd_data; 1973 struct upgt_lmac_mem *mem; 1974 struct upgt_lmac_filter *filter; 1975 int len; 1976 const uint8_t broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1977 1978 /* 1979 * Transmit the URB containing the CMD data. 1980 */ 1981 len = sizeof(*mem) + sizeof(*filter); 1982 1983 memset(data_cmd->buf, 0, len); 1984 1985 mem = (struct upgt_lmac_mem *)data_cmd->buf; 1986 mem->addr = htole32(sc->sc_memaddr_frame_start + 1987 UPGT_MEMSIZE_FRAME_HEAD); 1988 1989 filter = (struct upgt_lmac_filter *)(mem + 1); 1990 1991 filter->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 1992 filter->header1.type = UPGT_H1_TYPE_CTRL; 1993 filter->header1.len = htole16( 1994 sizeof(struct upgt_lmac_filter) - 1995 sizeof(struct upgt_lmac_header)); 1996 1997 filter->header2.reqid = htole32(sc->sc_memaddr_frame_start); 1998 filter->header2.type = htole16(UPGT_H2_TYPE_MACFILTER); 1999 filter->header2.flags = 0; 2000 2001 switch (state) { 2002 case IEEE80211_S_INIT: 2003 DPRINTF(1, "%s: set MAC filter to INIT\n", 2004 device_xname(sc->sc_dev)); 2005 2006 filter->type = htole16(UPGT_FILTER_TYPE_RESET); 2007 break; 2008 case IEEE80211_S_SCAN: 2009 DPRINTF(1, "%s: set MAC filter to SCAN (bssid %s)\n", 2010 device_xname(sc->sc_dev), ether_sprintf(broadcast)); 2011 2012 filter->type = htole16(UPGT_FILTER_TYPE_NONE); 2013 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2014 IEEE80211_ADDR_COPY(filter->src, broadcast); 2015 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2016 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2017 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2018 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2019 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2020 break; 2021 case IEEE80211_S_RUN: 2022 DPRINTF(1, "%s: set MAC filter to RUN (bssid %s)\n", 2023 device_xname(sc->sc_dev), ether_sprintf(ni->ni_bssid)); 2024 2025 filter->type = htole16(UPGT_FILTER_TYPE_STA); 2026 IEEE80211_ADDR_COPY(filter->dst, ic->ic_myaddr); 2027 IEEE80211_ADDR_COPY(filter->src, ni->ni_bssid); 2028 filter->unknown1 = htole16(UPGT_FILTER_UNKNOWN1); 2029 filter->rxaddr = htole32(sc->sc_memaddr_rx_start); 2030 filter->unknown2 = htole16(UPGT_FILTER_UNKNOWN2); 2031 filter->rxhw = htole32(sc->sc_eeprom_hwrx); 2032 filter->unknown3 = htole16(UPGT_FILTER_UNKNOWN3); 2033 break; 2034 default: 2035 aprint_error_dev(sc->sc_dev, 2036 "MAC filter does not know that state\n"); 2037 break; 2038 } 2039 2040 mem->chksum = upgt_chksum_le((uint32_t *)filter, sizeof(*filter)); 2041 2042 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2043 aprint_error_dev(sc->sc_dev, 2044 "could not transmit macfilter CMD data URB\n"); 2045 return EIO; 2046 } 2047 2048 return 0; 2049 } 2050 2051 static int 2052 upgt_set_channel(struct upgt_softc *sc, unsigned channel) 2053 { 2054 struct upgt_data *data_cmd = &sc->cmd_data; 2055 struct upgt_lmac_mem *mem; 2056 struct upgt_lmac_channel *chan; 2057 int len; 2058 2059 DPRINTF(1, "%s: %s: %d\n", device_xname(sc->sc_dev), __func__, 2060 channel); 2061 2062 /* 2063 * Transmit the URB containing the CMD data. 2064 */ 2065 len = sizeof(*mem) + sizeof(*chan); 2066 2067 memset(data_cmd->buf, 0, len); 2068 2069 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2070 mem->addr = htole32(sc->sc_memaddr_frame_start + 2071 UPGT_MEMSIZE_FRAME_HEAD); 2072 2073 chan = (struct upgt_lmac_channel *)(mem + 1); 2074 2075 chan->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2076 chan->header1.type = UPGT_H1_TYPE_CTRL; 2077 chan->header1.len = htole16( 2078 sizeof(struct upgt_lmac_channel) - 2079 sizeof(struct upgt_lmac_header)); 2080 2081 chan->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2082 chan->header2.type = htole16(UPGT_H2_TYPE_CHANNEL); 2083 chan->header2.flags = 0; 2084 2085 chan->unknown1 = htole16(UPGT_CHANNEL_UNKNOWN1); 2086 chan->unknown2 = htole16(UPGT_CHANNEL_UNKNOWN2); 2087 chan->freq6 = sc->sc_eeprom_freq6[channel]; 2088 chan->settings = sc->sc_eeprom_freq6_settings; 2089 chan->unknown3 = UPGT_CHANNEL_UNKNOWN3; 2090 2091 memcpy(chan->freq3_1, &sc->sc_eeprom_freq3[channel].data, 2092 sizeof(chan->freq3_1)); 2093 2094 memcpy(chan->freq4, &sc->sc_eeprom_freq4[channel], 2095 sizeof(sc->sc_eeprom_freq4[channel])); 2096 2097 memcpy(chan->freq3_2, &sc->sc_eeprom_freq3[channel].data, 2098 sizeof(chan->freq3_2)); 2099 2100 mem->chksum = upgt_chksum_le((uint32_t *)chan, sizeof(*chan)); 2101 2102 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2103 aprint_error_dev(sc->sc_dev, 2104 "could not transmit channel CMD data URB\n"); 2105 return EIO; 2106 } 2107 2108 return 0; 2109 } 2110 2111 static void 2112 upgt_set_led(struct upgt_softc *sc, int action) 2113 { 2114 struct ieee80211com *ic = &sc->sc_ic; 2115 struct upgt_data *data_cmd = &sc->cmd_data; 2116 struct upgt_lmac_mem *mem; 2117 struct upgt_lmac_led *led; 2118 struct timeval t; 2119 int len; 2120 2121 /* 2122 * Transmit the URB containing the CMD data. 2123 */ 2124 len = sizeof(*mem) + sizeof(*led); 2125 2126 memset(data_cmd->buf, 0, len); 2127 2128 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2129 mem->addr = htole32(sc->sc_memaddr_frame_start + 2130 UPGT_MEMSIZE_FRAME_HEAD); 2131 2132 led = (struct upgt_lmac_led *)(mem + 1); 2133 2134 led->header1.flags = UPGT_H1_FLAGS_TX_NO_CALLBACK; 2135 led->header1.type = UPGT_H1_TYPE_CTRL; 2136 led->header1.len = htole16( 2137 sizeof(struct upgt_lmac_led) - 2138 sizeof(struct upgt_lmac_header)); 2139 2140 led->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2141 led->header2.type = htole16(UPGT_H2_TYPE_LED); 2142 led->header2.flags = 0; 2143 2144 switch (action) { 2145 case UPGT_LED_OFF: 2146 led->mode = htole16(UPGT_LED_MODE_SET); 2147 led->action_fix = 0; 2148 led->action_tmp = htole16(UPGT_LED_ACTION_OFF); 2149 led->action_tmp_dur = 0; 2150 break; 2151 case UPGT_LED_ON: 2152 led->mode = htole16(UPGT_LED_MODE_SET); 2153 led->action_fix = 0; 2154 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2155 led->action_tmp_dur = 0; 2156 break; 2157 case UPGT_LED_BLINK: 2158 if (ic->ic_state != IEEE80211_S_RUN) 2159 return; 2160 if (sc->sc_led_blink) 2161 /* previous blink was not finished */ 2162 return; 2163 led->mode = htole16(UPGT_LED_MODE_SET); 2164 led->action_fix = htole16(UPGT_LED_ACTION_OFF); 2165 led->action_tmp = htole16(UPGT_LED_ACTION_ON); 2166 led->action_tmp_dur = htole16(UPGT_LED_ACTION_TMP_DUR); 2167 /* lock blink */ 2168 sc->sc_led_blink = 1; 2169 t.tv_sec = 0; 2170 t.tv_usec = UPGT_LED_ACTION_TMP_DUR * 1000L; 2171 callout_schedule(&sc->led_to, tvtohz(&t)); 2172 break; 2173 default: 2174 return; 2175 } 2176 2177 mem->chksum = upgt_chksum_le((uint32_t *)led, sizeof(*led)); 2178 2179 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2180 aprint_error_dev(sc->sc_dev, 2181 "could not transmit led CMD URB\n"); 2182 } 2183 } 2184 2185 static void 2186 upgt_set_led_blink(void *arg) 2187 { 2188 struct upgt_softc *sc = arg; 2189 2190 /* blink finished, we are ready for a next one */ 2191 sc->sc_led_blink = 0; 2192 callout_stop(&sc->led_to); 2193 } 2194 2195 static int 2196 upgt_get_stats(struct upgt_softc *sc) 2197 { 2198 struct upgt_data *data_cmd = &sc->cmd_data; 2199 struct upgt_lmac_mem *mem; 2200 struct upgt_lmac_stats *stats; 2201 int len; 2202 2203 /* 2204 * Transmit the URB containing the CMD data. 2205 */ 2206 len = sizeof(*mem) + sizeof(*stats); 2207 2208 memset(data_cmd->buf, 0, len); 2209 2210 mem = (struct upgt_lmac_mem *)data_cmd->buf; 2211 mem->addr = htole32(sc->sc_memaddr_frame_start + 2212 UPGT_MEMSIZE_FRAME_HEAD); 2213 2214 stats = (struct upgt_lmac_stats *)(mem + 1); 2215 2216 stats->header1.flags = 0; 2217 stats->header1.type = UPGT_H1_TYPE_CTRL; 2218 stats->header1.len = htole16( 2219 sizeof(struct upgt_lmac_stats) - 2220 sizeof(struct upgt_lmac_header)); 2221 2222 stats->header2.reqid = htole32(sc->sc_memaddr_frame_start); 2223 stats->header2.type = htole16(UPGT_H2_TYPE_STATS); 2224 stats->header2.flags = 0; 2225 2226 mem->chksum = upgt_chksum_le((uint32_t *)stats, sizeof(*stats)); 2227 2228 if (upgt_bulk_xmit(sc, data_cmd, sc->sc_tx_pipeh, &len, 0) != 0) { 2229 aprint_error_dev(sc->sc_dev, 2230 "could not transmit statistics CMD data URB\n"); 2231 return EIO; 2232 } 2233 2234 return 0; 2235 2236 } 2237 2238 static int 2239 upgt_alloc_tx(struct upgt_softc *sc) 2240 { 2241 int i; 2242 2243 sc->tx_queued = 0; 2244 2245 for (i = 0; i < UPGT_TX_COUNT; i++) { 2246 struct upgt_data *data_tx = &sc->tx_data[i]; 2247 2248 data_tx->sc = sc; 2249 2250 data_tx->xfer = usbd_alloc_xfer(sc->sc_udev); 2251 if (data_tx->xfer == NULL) { 2252 aprint_error_dev(sc->sc_dev, 2253 "could not allocate TX xfer\n"); 2254 return ENOMEM; 2255 } 2256 2257 data_tx->buf = usbd_alloc_buffer(data_tx->xfer, MCLBYTES); 2258 if (data_tx->buf == NULL) { 2259 aprint_error_dev(sc->sc_dev, 2260 "could not allocate TX buffer\n"); 2261 return ENOMEM; 2262 } 2263 } 2264 2265 return 0; 2266 } 2267 2268 static int 2269 upgt_alloc_rx(struct upgt_softc *sc) 2270 { 2271 struct upgt_data *data_rx = &sc->rx_data; 2272 2273 data_rx->sc = sc; 2274 2275 data_rx->xfer = usbd_alloc_xfer(sc->sc_udev); 2276 if (data_rx->xfer == NULL) { 2277 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2278 return ENOMEM; 2279 } 2280 2281 data_rx->buf = usbd_alloc_buffer(data_rx->xfer, MCLBYTES); 2282 if (data_rx->buf == NULL) { 2283 aprint_error_dev(sc->sc_dev, 2284 "could not allocate RX buffer\n"); 2285 return ENOMEM; 2286 } 2287 2288 return 0; 2289 } 2290 2291 static int 2292 upgt_alloc_cmd(struct upgt_softc *sc) 2293 { 2294 struct upgt_data *data_cmd = &sc->cmd_data; 2295 2296 data_cmd->sc = sc; 2297 2298 data_cmd->xfer = usbd_alloc_xfer(sc->sc_udev); 2299 if (data_cmd->xfer == NULL) { 2300 aprint_error_dev(sc->sc_dev, "could not allocate RX xfer\n"); 2301 return ENOMEM; 2302 } 2303 2304 data_cmd->buf = usbd_alloc_buffer(data_cmd->xfer, MCLBYTES); 2305 if (data_cmd->buf == NULL) { 2306 aprint_error_dev(sc->sc_dev, 2307 "could not allocate RX buffer\n"); 2308 return ENOMEM; 2309 } 2310 2311 mutex_init(&sc->sc_mtx, MUTEX_DEFAULT, IPL_SOFTNET); 2312 2313 return 0; 2314 } 2315 2316 static void 2317 upgt_free_tx(struct upgt_softc *sc) 2318 { 2319 int i; 2320 2321 for (i = 0; i < UPGT_TX_COUNT; i++) { 2322 struct upgt_data *data_tx = &sc->tx_data[i]; 2323 2324 if (data_tx->xfer != NULL) { 2325 usbd_free_xfer(data_tx->xfer); 2326 data_tx->xfer = NULL; 2327 } 2328 2329 data_tx->ni = NULL; 2330 } 2331 } 2332 2333 static void 2334 upgt_free_rx(struct upgt_softc *sc) 2335 { 2336 struct upgt_data *data_rx = &sc->rx_data; 2337 2338 if (data_rx->xfer != NULL) { 2339 usbd_free_xfer(data_rx->xfer); 2340 data_rx->xfer = NULL; 2341 } 2342 2343 data_rx->ni = NULL; 2344 } 2345 2346 static void 2347 upgt_free_cmd(struct upgt_softc *sc) 2348 { 2349 struct upgt_data *data_cmd = &sc->cmd_data; 2350 2351 if (data_cmd->xfer != NULL) { 2352 usbd_free_xfer(data_cmd->xfer); 2353 data_cmd->xfer = NULL; 2354 } 2355 2356 mutex_destroy(&sc->sc_mtx); 2357 } 2358 2359 static int 2360 upgt_bulk_xmit(struct upgt_softc *sc, struct upgt_data *data, 2361 usbd_pipe_handle pipeh, uint32_t *size, int flags) 2362 { 2363 usbd_status status; 2364 2365 status = usbd_bulk_transfer(data->xfer, pipeh, 2366 USBD_NO_COPY | flags, UPGT_USB_TIMEOUT, data->buf, size, 2367 "upgt_bulk_xmit"); 2368 if (status != USBD_NORMAL_COMPLETION) { 2369 aprint_error_dev(sc->sc_dev, "%s: error %s\n", __func__, 2370 usbd_errstr(status)); 2371 return EIO; 2372 } 2373 2374 return 0; 2375 } 2376 2377 #if 0 2378 static void 2379 upgt_hexdump(void *buf, int len) 2380 { 2381 int i; 2382 2383 for (i = 0; i < len; i++) { 2384 if (i % 16 == 0) 2385 printf("%s%5i:", i ? "\n" : "", i); 2386 if (i % 4 == 0) 2387 printf(" "); 2388 printf("%02x", (int)*((uint8_t *)buf + i)); 2389 } 2390 printf("\n"); 2391 } 2392 #endif 2393 2394 static uint32_t 2395 upgt_crc32_le(const void *buf, size_t size) 2396 { 2397 uint32_t crc; 2398 2399 crc = ether_crc32_le(buf, size); 2400 2401 /* apply final XOR value as common for CRC-32 */ 2402 crc = htole32(crc ^ 0xffffffffU); 2403 2404 return crc; 2405 } 2406 2407 /* 2408 * The firmware awaits a checksum for each frame we send to it. 2409 * The algorithm used therefor is uncommon but somehow similar to CRC32. 2410 */ 2411 static uint32_t 2412 upgt_chksum_le(const uint32_t *buf, size_t size) 2413 { 2414 int i; 2415 uint32_t crc = 0; 2416 2417 for (i = 0; i < size; i += sizeof(uint32_t)) { 2418 crc = htole32(crc ^ *buf++); 2419 crc = htole32((crc >> 5) ^ (crc << 3)); 2420 } 2421 2422 return crc; 2423 } 2424
Indexes created Thu Oct 02 14:10:14 GMT 2025