linux/drivers/net/wireless/airo.c
<<
>>
Prefs
   1/*======================================================================
   2
   3    Aironet driver for 4500 and 4800 series cards
   4
   5    This code is released under both the GPL version 2 and BSD licenses.
   6    Either license may be used.  The respective licenses are found at
   7    the end of this file.
   8
   9    This code was developed by Benjamin Reed <breed@users.sourceforge.net>
  10    including portions of which come from the Aironet PC4500
  11    Developer's Reference Manual and used with permission.  Copyright
  12    (C) 1999 Benjamin Reed.  All Rights Reserved.  Permission to use
  13    code in the Developer's manual was granted for this driver by
  14    Aironet.  Major code contributions were received from Javier Achirica
  15    <achirica@users.sourceforge.net> and Jean Tourrilhes <jt@hpl.hp.com>.
  16    Code was also integrated from the Cisco Aironet driver for Linux.
  17    Support for MPI350 cards was added by Fabrice Bellet
  18    <fabrice@bellet.info>.
  19
  20======================================================================*/
  21
  22#include <linux/err.h>
  23#include <linux/init.h>
  24
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/proc_fs.h>
  28
  29#include <linux/sched.h>
  30#include <linux/ptrace.h>
  31#include <linux/slab.h>
  32#include <linux/string.h>
  33#include <linux/timer.h>
  34#include <linux/interrupt.h>
  35#include <linux/in.h>
  36#include <linux/bitops.h>
  37#include <linux/scatterlist.h>
  38#include <linux/crypto.h>
  39#include <asm/io.h>
  40#include <asm/system.h>
  41#include <asm/unaligned.h>
  42
  43#include <linux/netdevice.h>
  44#include <linux/etherdevice.h>
  45#include <linux/skbuff.h>
  46#include <linux/if_arp.h>
  47#include <linux/ioport.h>
  48#include <linux/pci.h>
  49#include <asm/uaccess.h>
  50#include <net/ieee80211.h>
  51#include <linux/kthread.h>
  52#include <linux/freezer.h>
  53
  54#include "airo.h"
  55
  56#define DRV_NAME "airo"
  57
  58#ifdef CONFIG_PCI
  59static struct pci_device_id card_ids[] = {
  60        { 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, },
  61        { 0x14b9, 0x4500, PCI_ANY_ID, PCI_ANY_ID },
  62        { 0x14b9, 0x4800, PCI_ANY_ID, PCI_ANY_ID, },
  63        { 0x14b9, 0x0340, PCI_ANY_ID, PCI_ANY_ID, },
  64        { 0x14b9, 0x0350, PCI_ANY_ID, PCI_ANY_ID, },
  65        { 0x14b9, 0x5000, PCI_ANY_ID, PCI_ANY_ID, },
  66        { 0x14b9, 0xa504, PCI_ANY_ID, PCI_ANY_ID, },
  67        { 0, }
  68};
  69MODULE_DEVICE_TABLE(pci, card_ids);
  70
  71static int airo_pci_probe(struct pci_dev *, const struct pci_device_id *);
  72static void airo_pci_remove(struct pci_dev *);
  73static int airo_pci_suspend(struct pci_dev *pdev, pm_message_t state);
  74static int airo_pci_resume(struct pci_dev *pdev);
  75
  76static struct pci_driver airo_driver = {
  77        .name     = DRV_NAME,
  78        .id_table = card_ids,
  79        .probe    = airo_pci_probe,
  80        .remove   = __devexit_p(airo_pci_remove),
  81        .suspend  = airo_pci_suspend,
  82        .resume   = airo_pci_resume,
  83};
  84#endif /* CONFIG_PCI */
  85
  86/* Include Wireless Extension definition and check version - Jean II */
  87#include <linux/wireless.h>
  88#define WIRELESS_SPY            // enable iwspy support
  89#include <net/iw_handler.h>     // New driver API
  90
  91#define CISCO_EXT               // enable Cisco extensions
  92#ifdef CISCO_EXT
  93#include <linux/delay.h>
  94#endif
  95
  96/* Hack to do some power saving */
  97#define POWER_ON_DOWN
  98
  99/* As you can see this list is HUGH!
 100   I really don't know what a lot of these counts are about, but they
 101   are all here for completeness.  If the IGNLABEL macro is put in
 102   infront of the label, that statistic will not be included in the list
 103   of statistics in the /proc filesystem */
 104
 105#define IGNLABEL(comment) NULL
 106static char *statsLabels[] = {
 107        "RxOverrun",
 108        IGNLABEL("RxPlcpCrcErr"),
 109        IGNLABEL("RxPlcpFormatErr"),
 110        IGNLABEL("RxPlcpLengthErr"),
 111        "RxMacCrcErr",
 112        "RxMacCrcOk",
 113        "RxWepErr",
 114        "RxWepOk",
 115        "RetryLong",
 116        "RetryShort",
 117        "MaxRetries",
 118        "NoAck",
 119        "NoCts",
 120        "RxAck",
 121        "RxCts",
 122        "TxAck",
 123        "TxRts",
 124        "TxCts",
 125        "TxMc",
 126        "TxBc",
 127        "TxUcFrags",
 128        "TxUcPackets",
 129        "TxBeacon",
 130        "RxBeacon",
 131        "TxSinColl",
 132        "TxMulColl",
 133        "DefersNo",
 134        "DefersProt",
 135        "DefersEngy",
 136        "DupFram",
 137        "RxFragDisc",
 138        "TxAged",
 139        "RxAged",
 140        "LostSync-MaxRetry",
 141        "LostSync-MissedBeacons",
 142        "LostSync-ArlExceeded",
 143        "LostSync-Deauth",
 144        "LostSync-Disassoced",
 145        "LostSync-TsfTiming",
 146        "HostTxMc",
 147        "HostTxBc",
 148        "HostTxUc",
 149        "HostTxFail",
 150        "HostRxMc",
 151        "HostRxBc",
 152        "HostRxUc",
 153        "HostRxDiscard",
 154        IGNLABEL("HmacTxMc"),
 155        IGNLABEL("HmacTxBc"),
 156        IGNLABEL("HmacTxUc"),
 157        IGNLABEL("HmacTxFail"),
 158        IGNLABEL("HmacRxMc"),
 159        IGNLABEL("HmacRxBc"),
 160        IGNLABEL("HmacRxUc"),
 161        IGNLABEL("HmacRxDiscard"),
 162        IGNLABEL("HmacRxAccepted"),
 163        "SsidMismatch",
 164        "ApMismatch",
 165        "RatesMismatch",
 166        "AuthReject",
 167        "AuthTimeout",
 168        "AssocReject",
 169        "AssocTimeout",
 170        IGNLABEL("ReasonOutsideTable"),
 171        IGNLABEL("ReasonStatus1"),
 172        IGNLABEL("ReasonStatus2"),
 173        IGNLABEL("ReasonStatus3"),
 174        IGNLABEL("ReasonStatus4"),
 175        IGNLABEL("ReasonStatus5"),
 176        IGNLABEL("ReasonStatus6"),
 177        IGNLABEL("ReasonStatus7"),
 178        IGNLABEL("ReasonStatus8"),
 179        IGNLABEL("ReasonStatus9"),
 180        IGNLABEL("ReasonStatus10"),
 181        IGNLABEL("ReasonStatus11"),
 182        IGNLABEL("ReasonStatus12"),
 183        IGNLABEL("ReasonStatus13"),
 184        IGNLABEL("ReasonStatus14"),
 185        IGNLABEL("ReasonStatus15"),
 186        IGNLABEL("ReasonStatus16"),
 187        IGNLABEL("ReasonStatus17"),
 188        IGNLABEL("ReasonStatus18"),
 189        IGNLABEL("ReasonStatus19"),
 190        "RxMan",
 191        "TxMan",
 192        "RxRefresh",
 193        "TxRefresh",
 194        "RxPoll",
 195        "TxPoll",
 196        "HostRetries",
 197        "LostSync-HostReq",
 198        "HostTxBytes",
 199        "HostRxBytes",
 200        "ElapsedUsec",
 201        "ElapsedSec",
 202        "LostSyncBetterAP",
 203        "PrivacyMismatch",
 204        "Jammed",
 205        "DiscRxNotWepped",
 206        "PhyEleMismatch",
 207        (char*)-1 };
 208#ifndef RUN_AT
 209#define RUN_AT(x) (jiffies+(x))
 210#endif
 211
 212
 213/* These variables are for insmod, since it seems that the rates
 214   can only be set in setup_card.  Rates should be a comma separated
 215   (no spaces) list of rates (up to 8). */
 216
 217static int rates[8];
 218static int basic_rate;
 219static char *ssids[3];
 220
 221static int io[4];
 222static int irq[4];
 223
 224static
 225int maxencrypt /* = 0 */; /* The highest rate that the card can encrypt at.
 226                       0 means no limit.  For old cards this was 4 */
 227
 228static int auto_wep /* = 0 */; /* If set, it tries to figure out the wep mode */
 229static int aux_bap /* = 0 */; /* Checks to see if the aux ports are needed to read
 230                    the bap, needed on some older cards and buses. */
 231static int adhoc;
 232
 233static int probe = 1;
 234
 235static int proc_uid /* = 0 */;
 236
 237static int proc_gid /* = 0 */;
 238
 239static int airo_perm = 0555;
 240
 241static int proc_perm = 0644;
 242
 243MODULE_AUTHOR("Benjamin Reed");
 244MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet \
 245cards.  Direct support for ISA/PCI/MPI cards and support \
 246for PCMCIA when used with airo_cs.");
 247MODULE_LICENSE("Dual BSD/GPL");
 248MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350");
 249module_param_array(io, int, NULL, 0);
 250module_param_array(irq, int, NULL, 0);
 251module_param(basic_rate, int, 0);
 252module_param_array(rates, int, NULL, 0);
 253module_param_array(ssids, charp, NULL, 0);
 254module_param(auto_wep, int, 0);
 255MODULE_PARM_DESC(auto_wep, "If non-zero, the driver will keep looping through \
 256the authentication options until an association is made.  The value of \
 257auto_wep is number of the wep keys to check.  A value of 2 will try using \
 258the key at index 0 and index 1.");
 259module_param(aux_bap, int, 0);
 260MODULE_PARM_DESC(aux_bap, "If non-zero, the driver will switch into a mode \
 261than seems to work better for older cards with some older buses.  Before \
 262switching it checks that the switch is needed.");
 263module_param(maxencrypt, int, 0);
 264MODULE_PARM_DESC(maxencrypt, "The maximum speed that the card can do \
 265encryption.  Units are in 512kbs.  Zero (default) means there is no limit. \
 266Older cards used to be limited to 2mbs (4).");
 267module_param(adhoc, int, 0);
 268MODULE_PARM_DESC(adhoc, "If non-zero, the card will start in adhoc mode.");
 269module_param(probe, int, 0);
 270MODULE_PARM_DESC(probe, "If zero, the driver won't start the card.");
 271
 272module_param(proc_uid, int, 0);
 273MODULE_PARM_DESC(proc_uid, "The uid that the /proc files will belong to.");
 274module_param(proc_gid, int, 0);
 275MODULE_PARM_DESC(proc_gid, "The gid that the /proc files will belong to.");
 276module_param(airo_perm, int, 0);
 277MODULE_PARM_DESC(airo_perm, "The permission bits of /proc/[driver/]aironet.");
 278module_param(proc_perm, int, 0);
 279MODULE_PARM_DESC(proc_perm, "The permission bits of the files in /proc");
 280
 281/* This is a kind of sloppy hack to get this information to OUT4500 and
 282   IN4500.  I would be extremely interested in the situation where this
 283   doesn't work though!!! */
 284static int do8bitIO = 0;
 285
 286/* Return codes */
 287#define SUCCESS 0
 288#define ERROR -1
 289#define NO_PACKET -2
 290
 291/* Commands */
 292#define NOP2            0x0000
 293#define MAC_ENABLE      0x0001
 294#define MAC_DISABLE     0x0002
 295#define CMD_LOSE_SYNC   0x0003 /* Not sure what this does... */
 296#define CMD_SOFTRESET   0x0004
 297#define HOSTSLEEP       0x0005
 298#define CMD_MAGIC_PKT   0x0006
 299#define CMD_SETWAKEMASK 0x0007
 300#define CMD_READCFG     0x0008
 301#define CMD_SETMODE     0x0009
 302#define CMD_ALLOCATETX  0x000a
 303#define CMD_TRANSMIT    0x000b
 304#define CMD_DEALLOCATETX 0x000c
 305#define NOP             0x0010
 306#define CMD_WORKAROUND  0x0011
 307#define CMD_ALLOCATEAUX 0x0020
 308#define CMD_ACCESS      0x0021
 309#define CMD_PCIBAP      0x0022
 310#define CMD_PCIAUX      0x0023
 311#define CMD_ALLOCBUF    0x0028
 312#define CMD_GETTLV      0x0029
 313#define CMD_PUTTLV      0x002a
 314#define CMD_DELTLV      0x002b
 315#define CMD_FINDNEXTTLV 0x002c
 316#define CMD_PSPNODES    0x0030
 317#define CMD_SETCW       0x0031    
 318#define CMD_SETPCF      0x0032    
 319#define CMD_SETPHYREG   0x003e
 320#define CMD_TXTEST      0x003f
 321#define MAC_ENABLETX    0x0101
 322#define CMD_LISTBSS     0x0103
 323#define CMD_SAVECFG     0x0108
 324#define CMD_ENABLEAUX   0x0111
 325#define CMD_WRITERID    0x0121
 326#define CMD_USEPSPNODES 0x0130
 327#define MAC_ENABLERX    0x0201
 328
 329/* Command errors */
 330#define ERROR_QUALIF 0x00
 331#define ERROR_ILLCMD 0x01
 332#define ERROR_ILLFMT 0x02
 333#define ERROR_INVFID 0x03
 334#define ERROR_INVRID 0x04
 335#define ERROR_LARGE 0x05
 336#define ERROR_NDISABL 0x06
 337#define ERROR_ALLOCBSY 0x07
 338#define ERROR_NORD 0x0B
 339#define ERROR_NOWR 0x0C
 340#define ERROR_INVFIDTX 0x0D
 341#define ERROR_TESTACT 0x0E
 342#define ERROR_TAGNFND 0x12
 343#define ERROR_DECODE 0x20
 344#define ERROR_DESCUNAV 0x21
 345#define ERROR_BADLEN 0x22
 346#define ERROR_MODE 0x80
 347#define ERROR_HOP 0x81
 348#define ERROR_BINTER 0x82
 349#define ERROR_RXMODE 0x83
 350#define ERROR_MACADDR 0x84
 351#define ERROR_RATES 0x85
 352#define ERROR_ORDER 0x86
 353#define ERROR_SCAN 0x87
 354#define ERROR_AUTH 0x88
 355#define ERROR_PSMODE 0x89
 356#define ERROR_RTYPE 0x8A
 357#define ERROR_DIVER 0x8B
 358#define ERROR_SSID 0x8C
 359#define ERROR_APLIST 0x8D
 360#define ERROR_AUTOWAKE 0x8E
 361#define ERROR_LEAP 0x8F
 362
 363/* Registers */
 364#define COMMAND 0x00
 365#define PARAM0 0x02
 366#define PARAM1 0x04
 367#define PARAM2 0x06
 368#define STATUS 0x08
 369#define RESP0 0x0a
 370#define RESP1 0x0c
 371#define RESP2 0x0e
 372#define LINKSTAT 0x10
 373#define SELECT0 0x18
 374#define OFFSET0 0x1c
 375#define RXFID 0x20
 376#define TXALLOCFID 0x22
 377#define TXCOMPLFID 0x24
 378#define DATA0 0x36
 379#define EVSTAT 0x30
 380#define EVINTEN 0x32
 381#define EVACK 0x34
 382#define SWS0 0x28
 383#define SWS1 0x2a
 384#define SWS2 0x2c
 385#define SWS3 0x2e
 386#define AUXPAGE 0x3A
 387#define AUXOFF 0x3C
 388#define AUXDATA 0x3E
 389
 390#define FID_TX 1
 391#define FID_RX 2
 392/* Offset into aux memory for descriptors */
 393#define AUX_OFFSET 0x800
 394/* Size of allocated packets */
 395#define PKTSIZE 1840
 396#define RIDSIZE 2048
 397/* Size of the transmit queue */
 398#define MAXTXQ 64
 399
 400/* BAP selectors */
 401#define BAP0 0 // Used for receiving packets
 402#define BAP1 2 // Used for xmiting packets and working with RIDS
 403
 404/* Flags */
 405#define COMMAND_BUSY 0x8000
 406
 407#define BAP_BUSY 0x8000
 408#define BAP_ERR 0x4000
 409#define BAP_DONE 0x2000
 410
 411#define PROMISC 0xffff
 412#define NOPROMISC 0x0000
 413
 414#define EV_CMD 0x10
 415#define EV_CLEARCOMMANDBUSY 0x4000
 416#define EV_RX 0x01
 417#define EV_TX 0x02
 418#define EV_TXEXC 0x04
 419#define EV_ALLOC 0x08
 420#define EV_LINK 0x80
 421#define EV_AWAKE 0x100
 422#define EV_TXCPY 0x400
 423#define EV_UNKNOWN 0x800
 424#define EV_MIC 0x1000 /* Message Integrity Check Interrupt */
 425#define EV_AWAKEN 0x2000
 426#define STATUS_INTS (EV_AWAKE|EV_LINK|EV_TXEXC|EV_TX|EV_TXCPY|EV_RX|EV_MIC)
 427
 428#ifdef CHECK_UNKNOWN_INTS
 429#define IGNORE_INTS ( EV_CMD | EV_UNKNOWN)
 430#else
 431#define IGNORE_INTS (~STATUS_INTS)
 432#endif
 433
 434/* RID TYPES */
 435#define RID_RW 0x20
 436
 437/* The RIDs */
 438#define RID_CAPABILITIES 0xFF00
 439#define RID_APINFO     0xFF01
 440#define RID_RADIOINFO  0xFF02
 441#define RID_UNKNOWN3   0xFF03
 442#define RID_RSSI       0xFF04
 443#define RID_CONFIG     0xFF10
 444#define RID_SSID       0xFF11
 445#define RID_APLIST     0xFF12
 446#define RID_DRVNAME    0xFF13
 447#define RID_ETHERENCAP 0xFF14
 448#define RID_WEP_TEMP   0xFF15
 449#define RID_WEP_PERM   0xFF16
 450#define RID_MODULATION 0xFF17
 451#define RID_OPTIONS    0xFF18
 452#define RID_ACTUALCONFIG 0xFF20 /*readonly*/
 453#define RID_FACTORYCONFIG 0xFF21
 454#define RID_UNKNOWN22  0xFF22
 455#define RID_LEAPUSERNAME 0xFF23
 456#define RID_LEAPPASSWORD 0xFF24
 457#define RID_STATUS     0xFF50
 458#define RID_BEACON_HST 0xFF51
 459#define RID_BUSY_HST   0xFF52
 460#define RID_RETRIES_HST 0xFF53
 461#define RID_UNKNOWN54  0xFF54
 462#define RID_UNKNOWN55  0xFF55
 463#define RID_UNKNOWN56  0xFF56
 464#define RID_MIC        0xFF57
 465#define RID_STATS16    0xFF60
 466#define RID_STATS16DELTA 0xFF61
 467#define RID_STATS16DELTACLEAR 0xFF62
 468#define RID_STATS      0xFF68
 469#define RID_STATSDELTA 0xFF69
 470#define RID_STATSDELTACLEAR 0xFF6A
 471#define RID_ECHOTEST_RID 0xFF70
 472#define RID_ECHOTEST_RESULTS 0xFF71
 473#define RID_BSSLISTFIRST 0xFF72
 474#define RID_BSSLISTNEXT  0xFF73
 475#define RID_WPA_BSSLISTFIRST 0xFF74
 476#define RID_WPA_BSSLISTNEXT  0xFF75
 477
 478typedef struct {
 479        u16 cmd;
 480        u16 parm0;
 481        u16 parm1;
 482        u16 parm2;
 483} Cmd;
 484
 485typedef struct {
 486        u16 status;
 487        u16 rsp0;
 488        u16 rsp1;
 489        u16 rsp2;
 490} Resp;
 491
 492/*
 493 * Rids and endian-ness:  The Rids will always be in cpu endian, since
 494 * this all the patches from the big-endian guys end up doing that.
 495 * so all rid access should use the read/writeXXXRid routines.
 496 */
 497
 498/* This is redundant for x86 archs, but it seems necessary for ARM */
 499#pragma pack(1)
 500
 501/* This structure came from an email sent to me from an engineer at
 502   aironet for inclusion into this driver */
 503typedef struct {
 504        __le16 len;
 505        __le16 kindex;
 506        u8 mac[ETH_ALEN];
 507        __le16 klen;
 508        u8 key[16];
 509} WepKeyRid;
 510
 511/* These structures are from the Aironet's PC4500 Developers Manual */
 512typedef struct {
 513        __le16 len;
 514        u8 ssid[32];
 515} Ssid;
 516
 517typedef struct {
 518        __le16 len;
 519        Ssid ssids[3];
 520} SsidRid;
 521
 522typedef struct {
 523        __le16 len;
 524        __le16 modulation;
 525#define MOD_DEFAULT cpu_to_le16(0)
 526#define MOD_CCK cpu_to_le16(1)
 527#define MOD_MOK cpu_to_le16(2)
 528} ModulationRid;
 529
 530typedef struct {
 531        __le16 len; /* sizeof(ConfigRid) */
 532        __le16 opmode; /* operating mode */
 533#define MODE_STA_IBSS cpu_to_le16(0)
 534#define MODE_STA_ESS cpu_to_le16(1)
 535#define MODE_AP cpu_to_le16(2)
 536#define MODE_AP_RPTR cpu_to_le16(3)
 537#define MODE_CFG_MASK cpu_to_le16(0xff)
 538#define MODE_ETHERNET_HOST cpu_to_le16(0<<8) /* rx payloads converted */
 539#define MODE_LLC_HOST cpu_to_le16(1<<8) /* rx payloads left as is */
 540#define MODE_AIRONET_EXTEND cpu_to_le16(1<<9) /* enable Aironet extenstions */
 541#define MODE_AP_INTERFACE cpu_to_le16(1<<10) /* enable ap interface extensions */
 542#define MODE_ANTENNA_ALIGN cpu_to_le16(1<<11) /* enable antenna alignment */
 543#define MODE_ETHER_LLC cpu_to_le16(1<<12) /* enable ethernet LLC */
 544#define MODE_LEAF_NODE cpu_to_le16(1<<13) /* enable leaf node bridge */
 545#define MODE_CF_POLLABLE cpu_to_le16(1<<14) /* enable CF pollable */
 546#define MODE_MIC cpu_to_le16(1<<15) /* enable MIC */
 547        __le16 rmode; /* receive mode */
 548#define RXMODE_BC_MC_ADDR cpu_to_le16(0)
 549#define RXMODE_BC_ADDR cpu_to_le16(1) /* ignore multicasts */
 550#define RXMODE_ADDR cpu_to_le16(2) /* ignore multicast and broadcast */
 551#define RXMODE_RFMON cpu_to_le16(3) /* wireless monitor mode */
 552#define RXMODE_RFMON_ANYBSS cpu_to_le16(4)
 553#define RXMODE_LANMON cpu_to_le16(5) /* lan style monitor -- data packets only */
 554#define RXMODE_MASK cpu_to_le16(255)
 555#define RXMODE_DISABLE_802_3_HEADER cpu_to_le16(1<<8) /* disables 802.3 header on rx */
 556#define RXMODE_FULL_MASK (RXMODE_MASK | RXMODE_DISABLE_802_3_HEADER)
 557#define RXMODE_NORMALIZED_RSSI cpu_to_le16(1<<9) /* return normalized RSSI */
 558        __le16 fragThresh;
 559        __le16 rtsThres;
 560        u8 macAddr[ETH_ALEN];
 561        u8 rates[8];
 562        __le16 shortRetryLimit;
 563        __le16 longRetryLimit;
 564        __le16 txLifetime; /* in kusec */
 565        __le16 rxLifetime; /* in kusec */
 566        __le16 stationary;
 567        __le16 ordering;
 568        __le16 u16deviceType; /* for overriding device type */
 569        __le16 cfpRate;
 570        __le16 cfpDuration;
 571        __le16 _reserved1[3];
 572        /*---------- Scanning/Associating ----------*/
 573        __le16 scanMode;
 574#define SCANMODE_ACTIVE cpu_to_le16(0)
 575#define SCANMODE_PASSIVE cpu_to_le16(1)
 576#define SCANMODE_AIROSCAN cpu_to_le16(2)
 577        __le16 probeDelay; /* in kusec */
 578        __le16 probeEnergyTimeout; /* in kusec */
 579        __le16 probeResponseTimeout;
 580        __le16 beaconListenTimeout;
 581        __le16 joinNetTimeout;
 582        __le16 authTimeout;
 583        __le16 authType;
 584#define AUTH_OPEN cpu_to_le16(0x1)
 585#define AUTH_ENCRYPT cpu_to_le16(0x101)
 586#define AUTH_SHAREDKEY cpu_to_le16(0x102)
 587#define AUTH_ALLOW_UNENCRYPTED cpu_to_le16(0x200)
 588        __le16 associationTimeout;
 589        __le16 specifiedApTimeout;
 590        __le16 offlineScanInterval;
 591        __le16 offlineScanDuration;
 592        __le16 linkLossDelay;
 593        __le16 maxBeaconLostTime;
 594        __le16 refreshInterval;
 595#define DISABLE_REFRESH cpu_to_le16(0xFFFF)
 596        __le16 _reserved1a[1];
 597        /*---------- Power save operation ----------*/
 598        __le16 powerSaveMode;
 599#define POWERSAVE_CAM cpu_to_le16(0)
 600#define POWERSAVE_PSP cpu_to_le16(1)
 601#define POWERSAVE_PSPCAM cpu_to_le16(2)
 602        __le16 sleepForDtims;
 603        __le16 listenInterval;
 604        __le16 fastListenInterval;
 605        __le16 listenDecay;
 606        __le16 fastListenDelay;
 607        __le16 _reserved2[2];
 608        /*---------- Ap/Ibss config items ----------*/
 609        __le16 beaconPeriod;
 610        __le16 atimDuration;
 611        __le16 hopPeriod;
 612        __le16 channelSet;
 613        __le16 channel;
 614        __le16 dtimPeriod;
 615        __le16 bridgeDistance;
 616        __le16 radioID;
 617        /*---------- Radio configuration ----------*/
 618        __le16 radioType;
 619#define RADIOTYPE_DEFAULT cpu_to_le16(0)
 620#define RADIOTYPE_802_11 cpu_to_le16(1)
 621#define RADIOTYPE_LEGACY cpu_to_le16(2)
 622        u8 rxDiversity;
 623        u8 txDiversity;
 624        __le16 txPower;
 625#define TXPOWER_DEFAULT 0
 626        __le16 rssiThreshold;
 627#define RSSI_DEFAULT 0
 628        __le16 modulation;
 629#define PREAMBLE_AUTO cpu_to_le16(0)
 630#define PREAMBLE_LONG cpu_to_le16(1)
 631#define PREAMBLE_SHORT cpu_to_le16(2)
 632        __le16 preamble;
 633        __le16 homeProduct;
 634        __le16 radioSpecific;
 635        /*---------- Aironet Extensions ----------*/
 636        u8 nodeName[16];
 637        __le16 arlThreshold;
 638        __le16 arlDecay;
 639        __le16 arlDelay;
 640        __le16 _reserved4[1];
 641        /*---------- Aironet Extensions ----------*/
 642        u8 magicAction;
 643#define MAGIC_ACTION_STSCHG 1
 644#define MAGIC_ACTION_RESUME 2
 645#define MAGIC_IGNORE_MCAST (1<<8)
 646#define MAGIC_IGNORE_BCAST (1<<9)
 647#define MAGIC_SWITCH_TO_PSP (0<<10)
 648#define MAGIC_STAY_IN_CAM (1<<10)
 649        u8 magicControl;
 650        __le16 autoWake;
 651} ConfigRid;
 652
 653typedef struct {
 654        __le16 len;
 655        u8 mac[ETH_ALEN];
 656        __le16 mode;
 657        __le16 errorCode;
 658        __le16 sigQuality;
 659        __le16 SSIDlen;
 660        char SSID[32];
 661        char apName[16];
 662        u8 bssid[4][ETH_ALEN];
 663        __le16 beaconPeriod;
 664        __le16 dimPeriod;
 665        __le16 atimDuration;
 666        __le16 hopPeriod;
 667        __le16 channelSet;
 668        __le16 channel;
 669        __le16 hopsToBackbone;
 670        __le16 apTotalLoad;
 671        __le16 generatedLoad;
 672        __le16 accumulatedArl;
 673        __le16 signalQuality;
 674        __le16 currentXmitRate;
 675        __le16 apDevExtensions;
 676        __le16 normalizedSignalStrength;
 677        __le16 shortPreamble;
 678        u8 apIP[4];
 679        u8 noisePercent; /* Noise percent in last second */
 680        u8 noisedBm; /* Noise dBm in last second */
 681        u8 noiseAvePercent; /* Noise percent in last minute */
 682        u8 noiseAvedBm; /* Noise dBm in last minute */
 683        u8 noiseMaxPercent; /* Highest noise percent in last minute */
 684        u8 noiseMaxdBm; /* Highest noise dbm in last minute */
 685        __le16 load;
 686        u8 carrier[4];
 687        __le16 assocStatus;
 688#define STAT_NOPACKETS 0
 689#define STAT_NOCARRIERSET 10
 690#define STAT_GOTCARRIERSET 11
 691#define STAT_WRONGSSID 20
 692#define STAT_BADCHANNEL 25
 693#define STAT_BADBITRATES 30
 694#define STAT_BADPRIVACY 35
 695#define STAT_APFOUND 40
 696#define STAT_APREJECTED 50
 697#define STAT_AUTHENTICATING 60
 698#define STAT_DEAUTHENTICATED 61
 699#define STAT_AUTHTIMEOUT 62
 700#define STAT_ASSOCIATING 70
 701#define STAT_DEASSOCIATED 71
 702#define STAT_ASSOCTIMEOUT 72
 703#define STAT_NOTAIROAP 73
 704#define STAT_ASSOCIATED 80
 705#define STAT_LEAPING 90
 706#define STAT_LEAPFAILED 91
 707#define STAT_LEAPTIMEDOUT 92
 708#define STAT_LEAPCOMPLETE 93
 709} StatusRid;
 710
 711typedef struct {
 712        __le16 len;
 713        __le16 spacer;
 714        __le32 vals[100];
 715} StatsRid;
 716
 717
 718typedef struct {
 719        __le16 len;
 720        u8 ap[4][ETH_ALEN];
 721} APListRid;
 722
 723typedef struct {
 724        __le16 len;
 725        char oui[3];
 726        char zero;
 727        __le16 prodNum;
 728        char manName[32];
 729        char prodName[16];
 730        char prodVer[8];
 731        char factoryAddr[ETH_ALEN];
 732        char aironetAddr[ETH_ALEN];
 733        __le16 radioType;
 734        __le16 country;
 735        char callid[ETH_ALEN];
 736        char supportedRates[8];
 737        char rxDiversity;
 738        char txDiversity;
 739        __le16 txPowerLevels[8];
 740        __le16 hardVer;
 741        __le16 hardCap;
 742        __le16 tempRange;
 743        __le16 softVer;
 744        __le16 softSubVer;
 745        __le16 interfaceVer;
 746        __le16 softCap;
 747        __le16 bootBlockVer;
 748        __le16 requiredHard;
 749        __le16 extSoftCap;
 750} CapabilityRid;
 751
 752
 753/* Only present on firmware >= 5.30.17 */
 754typedef struct {
 755  __le16 unknown[4];
 756  u8 fixed[12]; /* WLAN management frame */
 757  u8 iep[624];
 758} BSSListRidExtra;
 759
 760typedef struct {
 761  __le16 len;
 762  __le16 index; /* First is 0 and 0xffff means end of list */
 763#define RADIO_FH 1 /* Frequency hopping radio type */
 764#define RADIO_DS 2 /* Direct sequence radio type */
 765#define RADIO_TMA 4 /* Proprietary radio used in old cards (2500) */
 766  __le16 radioType;
 767  u8 bssid[ETH_ALEN]; /* Mac address of the BSS */
 768  u8 zero;
 769  u8 ssidLen;
 770  u8 ssid[32];
 771  __le16 dBm;
 772#define CAP_ESS cpu_to_le16(1<<0)
 773#define CAP_IBSS cpu_to_le16(1<<1)
 774#define CAP_PRIVACY cpu_to_le16(1<<4)
 775#define CAP_SHORTHDR cpu_to_le16(1<<5)
 776  __le16 cap;
 777  __le16 beaconInterval;
 778  u8 rates[8]; /* Same as rates for config rid */
 779  struct { /* For frequency hopping only */
 780    __le16 dwell;
 781    u8 hopSet;
 782    u8 hopPattern;
 783    u8 hopIndex;
 784    u8 fill;
 785  } fh;
 786  __le16 dsChannel;
 787  __le16 atimWindow;
 788
 789  /* Only present on firmware >= 5.30.17 */
 790  BSSListRidExtra extra;
 791} BSSListRid;
 792
 793typedef struct {
 794  BSSListRid bss;
 795  struct list_head list;
 796} BSSListElement;
 797
 798typedef struct {
 799  u8 rssipct;
 800  u8 rssidBm;
 801} tdsRssiEntry;
 802
 803typedef struct {
 804  u16 len;
 805  tdsRssiEntry x[256];
 806} tdsRssiRid;
 807
 808typedef struct {
 809        u16 len;
 810        u16 state;
 811        u16 multicastValid;
 812        u8  multicast[16];
 813        u16 unicastValid;
 814        u8  unicast[16];
 815} MICRid;
 816
 817typedef struct {
 818        __be16 typelen;
 819
 820        union {
 821            u8 snap[8];
 822            struct {
 823                u8 dsap;
 824                u8 ssap;
 825                u8 control;
 826                u8 orgcode[3];
 827                u8 fieldtype[2];
 828            } llc;
 829        } u;
 830        __be32 mic;
 831        __be32 seq;
 832} MICBuffer;
 833
 834typedef struct {
 835        u8 da[ETH_ALEN];
 836        u8 sa[ETH_ALEN];
 837} etherHead;
 838
 839#pragma pack()
 840
 841#define TXCTL_TXOK (1<<1) /* report if tx is ok */
 842#define TXCTL_TXEX (1<<2) /* report if tx fails */
 843#define TXCTL_802_3 (0<<3) /* 802.3 packet */
 844#define TXCTL_802_11 (1<<3) /* 802.11 mac packet */
 845#define TXCTL_ETHERNET (0<<4) /* payload has ethertype */
 846#define TXCTL_LLC (1<<4) /* payload is llc */
 847#define TXCTL_RELEASE (0<<5) /* release after completion */
 848#define TXCTL_NORELEASE (1<<5) /* on completion returns to host */
 849
 850#define BUSY_FID 0x10000
 851
 852#ifdef CISCO_EXT
 853#define AIROMAGIC       0xa55a
 854/* Warning : SIOCDEVPRIVATE may disapear during 2.5.X - Jean II */
 855#ifdef SIOCIWFIRSTPRIV
 856#ifdef SIOCDEVPRIVATE
 857#define AIROOLDIOCTL    SIOCDEVPRIVATE
 858#define AIROOLDIDIFC    AIROOLDIOCTL + 1
 859#endif /* SIOCDEVPRIVATE */
 860#else /* SIOCIWFIRSTPRIV */
 861#define SIOCIWFIRSTPRIV SIOCDEVPRIVATE
 862#endif /* SIOCIWFIRSTPRIV */
 863/* This may be wrong. When using the new SIOCIWFIRSTPRIV range, we probably
 864 * should use only "GET" ioctls (last bit set to 1). "SET" ioctls are root
 865 * only and don't return the modified struct ifreq to the application which
 866 * is usually a problem. - Jean II */
 867#define AIROIOCTL       SIOCIWFIRSTPRIV
 868#define AIROIDIFC       AIROIOCTL + 1
 869
 870/* Ioctl constants to be used in airo_ioctl.command */
 871
 872#define AIROGCAP                0       // Capability rid
 873#define AIROGCFG                1       // USED A LOT
 874#define AIROGSLIST              2       // System ID list
 875#define AIROGVLIST              3       // List of specified AP's
 876#define AIROGDRVNAM             4       //  NOTUSED
 877#define AIROGEHTENC             5       // NOTUSED
 878#define AIROGWEPKTMP            6
 879#define AIROGWEPKNV             7
 880#define AIROGSTAT               8
 881#define AIROGSTATSC32           9
 882#define AIROGSTATSD32           10
 883#define AIROGMICRID             11
 884#define AIROGMICSTATS           12
 885#define AIROGFLAGS              13
 886#define AIROGID                 14
 887#define AIRORRID                15
 888#define AIRORSWVERSION          17
 889
 890/* Leave gap of 40 commands after AIROGSTATSD32 for future */
 891
 892#define AIROPCAP                AIROGSTATSD32 + 40
 893#define AIROPVLIST              AIROPCAP      + 1
 894#define AIROPSLIST              AIROPVLIST    + 1
 895#define AIROPCFG                AIROPSLIST    + 1
 896#define AIROPSIDS               AIROPCFG      + 1
 897#define AIROPAPLIST             AIROPSIDS     + 1
 898#define AIROPMACON              AIROPAPLIST   + 1       /* Enable mac  */
 899#define AIROPMACOFF             AIROPMACON    + 1       /* Disable mac */
 900#define AIROPSTCLR              AIROPMACOFF   + 1
 901#define AIROPWEPKEY             AIROPSTCLR    + 1
 902#define AIROPWEPKEYNV           AIROPWEPKEY   + 1
 903#define AIROPLEAPPWD            AIROPWEPKEYNV + 1
 904#define AIROPLEAPUSR            AIROPLEAPPWD  + 1
 905
 906/* Flash codes */
 907
 908#define AIROFLSHRST            AIROPWEPKEYNV  + 40
 909#define AIROFLSHGCHR           AIROFLSHRST    + 1
 910#define AIROFLSHSTFL           AIROFLSHGCHR   + 1
 911#define AIROFLSHPCHR           AIROFLSHSTFL   + 1
 912#define AIROFLPUTBUF           AIROFLSHPCHR   + 1
 913#define AIRORESTART            AIROFLPUTBUF   + 1
 914
 915#define FLASHSIZE       32768
 916#define AUXMEMSIZE      (256 * 1024)
 917
 918typedef struct aironet_ioctl {
 919        unsigned short command;         // What to do
 920        unsigned short len;             // Len of data
 921        unsigned short ridnum;          // rid number
 922        unsigned char __user *data;     // d-data
 923} aironet_ioctl;
 924
 925static char swversion[] = "2.1";
 926#endif /* CISCO_EXT */
 927
 928#define NUM_MODULES       2
 929#define MIC_MSGLEN_MAX    2400
 930#define EMMH32_MSGLEN_MAX MIC_MSGLEN_MAX
 931#define AIRO_DEF_MTU      2312
 932
 933typedef struct {
 934        u32   size;            // size
 935        u8    enabled;         // MIC enabled or not
 936        u32   rxSuccess;       // successful packets received
 937        u32   rxIncorrectMIC;  // pkts dropped due to incorrect MIC comparison
 938        u32   rxNotMICed;      // pkts dropped due to not being MIC'd
 939        u32   rxMICPlummed;    // pkts dropped due to not having a MIC plummed
 940        u32   rxWrongSequence; // pkts dropped due to sequence number violation
 941        u32   reserve[32];
 942} mic_statistics;
 943
 944typedef struct {
 945        u32 coeff[((EMMH32_MSGLEN_MAX)+3)>>2];
 946        u64 accum;      // accumulated mic, reduced to u32 in final()
 947        int position;   // current position (byte offset) in message
 948        union {
 949                u8  d8[4];
 950                __be32 d32;
 951        } part; // saves partial message word across update() calls
 952} emmh32_context;
 953
 954typedef struct {
 955        emmh32_context seed;        // Context - the seed
 956        u32              rx;        // Received sequence number
 957        u32              tx;        // Tx sequence number
 958        u32              window;    // Start of window
 959        u8               valid;     // Flag to say if context is valid or not
 960        u8               key[16];
 961} miccntx;
 962
 963typedef struct {
 964        miccntx mCtx;           // Multicast context
 965        miccntx uCtx;           // Unicast context
 966} mic_module;
 967
 968typedef struct {
 969        unsigned int  rid: 16;
 970        unsigned int  len: 15;
 971        unsigned int  valid: 1;
 972        dma_addr_t host_addr;
 973} Rid;
 974
 975typedef struct {
 976        unsigned int  offset: 15;
 977        unsigned int  eoc: 1;
 978        unsigned int  len: 15;
 979        unsigned int  valid: 1;
 980        dma_addr_t host_addr;
 981} TxFid;
 982
 983typedef struct {
 984        unsigned int  ctl: 15;
 985        unsigned int  rdy: 1;
 986        unsigned int  len: 15;
 987        unsigned int  valid: 1;
 988        dma_addr_t host_addr;
 989} RxFid;
 990
 991/*
 992 * Host receive descriptor
 993 */
 994typedef struct {
 995        unsigned char __iomem *card_ram_off; /* offset into card memory of the
 996                                                desc */
 997        RxFid         rx_desc;               /* card receive descriptor */
 998        char          *virtual_host_addr;    /* virtual address of host receive
 999                                                buffer */
1000        int           pending;
1001} HostRxDesc;
1002
1003/*
1004 * Host transmit descriptor
1005 */
1006typedef struct {
1007        unsigned char __iomem *card_ram_off;         /* offset into card memory of the
1008                                                desc */
1009        TxFid         tx_desc;               /* card transmit descriptor */
1010        char          *virtual_host_addr;    /* virtual address of host receive
1011                                                buffer */
1012        int           pending;
1013} HostTxDesc;
1014
1015/*
1016 * Host RID descriptor
1017 */
1018typedef struct {
1019        unsigned char __iomem *card_ram_off;      /* offset into card memory of the
1020                                             descriptor */
1021        Rid           rid_desc;           /* card RID descriptor */
1022        char          *virtual_host_addr; /* virtual address of host receive
1023                                             buffer */
1024} HostRidDesc;
1025
1026typedef struct {
1027        u16 sw0;
1028        u16 sw1;
1029        u16 status;
1030        u16 len;
1031#define HOST_SET (1 << 0)
1032#define HOST_INT_TX (1 << 1) /* Interrupt on successful TX */
1033#define HOST_INT_TXERR (1 << 2) /* Interrupt on unseccessful TX */
1034#define HOST_LCC_PAYLOAD (1 << 4) /* LLC payload, 0 = Ethertype */
1035#define HOST_DONT_RLSE (1 << 5) /* Don't release buffer when done */
1036#define HOST_DONT_RETRY (1 << 6) /* Don't retry trasmit */
1037#define HOST_CLR_AID (1 << 7) /* clear AID failure */
1038#define HOST_RTS (1 << 9) /* Force RTS use */
1039#define HOST_SHORT (1 << 10) /* Do short preamble */
1040        u16 ctl;
1041        u16 aid;
1042        u16 retries;
1043        u16 fill;
1044} TxCtlHdr;
1045
1046typedef struct {
1047        u16 ctl;
1048        u16 duration;
1049        char addr1[6];
1050        char addr2[6];
1051        char addr3[6];
1052        u16 seq;
1053        char addr4[6];
1054} WifiHdr;
1055
1056
1057typedef struct {
1058        TxCtlHdr ctlhdr;
1059        u16 fill1;
1060        u16 fill2;
1061        WifiHdr wifihdr;
1062        u16 gaplen;
1063        u16 status;
1064} WifiCtlHdr;
1065
1066static WifiCtlHdr wifictlhdr8023 = {
1067        .ctlhdr = {
1068                .ctl    = HOST_DONT_RLSE,
1069        }
1070};
1071
1072// Frequency list (map channels to frequencies)
1073static const long frequency_list[] = { 2412, 2417, 2422, 2427, 2432, 2437, 2442,
1074                                2447, 2452, 2457, 2462, 2467, 2472, 2484 };
1075
1076// A few details needed for WEP (Wireless Equivalent Privacy)
1077#define MAX_KEY_SIZE 13                 // 128 (?) bits
1078#define MIN_KEY_SIZE  5                 // 40 bits RC4 - WEP
1079typedef struct wep_key_t {
1080        u16     len;
1081        u8      key[16];        /* 40-bit and 104-bit keys */
1082} wep_key_t;
1083
1084/* Backward compatibility */
1085#ifndef IW_ENCODE_NOKEY
1086#define IW_ENCODE_NOKEY         0x0800  /* Key is write only, so not present */
1087#define IW_ENCODE_MODE  (IW_ENCODE_DISABLED | IW_ENCODE_RESTRICTED | IW_ENCODE_OPEN)
1088#endif /* IW_ENCODE_NOKEY */
1089
1090/* List of Wireless Handlers (new API) */
1091static const struct iw_handler_def      airo_handler_def;
1092
1093static const char version[] = "airo.c 0.6 (Ben Reed & Javier Achirica)";
1094
1095struct airo_info;
1096
1097static int get_dec_u16( char *buffer, int *start, int limit );
1098static void OUT4500( struct airo_info *, u16 register, u16 value );
1099static unsigned short IN4500( struct airo_info *, u16 register );
1100static u16 setup_card(struct airo_info*, u8 *mac, int lock);
1101static int enable_MAC(struct airo_info *ai, int lock);
1102static void disable_MAC(struct airo_info *ai, int lock);
1103static void enable_interrupts(struct airo_info*);
1104static void disable_interrupts(struct airo_info*);
1105static u16 issuecommand(struct airo_info*, Cmd *pCmd, Resp *pRsp);
1106static int bap_setup(struct airo_info*, u16 rid, u16 offset, int whichbap);
1107static int aux_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
1108                        int whichbap);
1109static int fast_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
1110                         int whichbap);
1111static int bap_write(struct airo_info*, const __le16 *pu16Src, int bytelen,
1112                     int whichbap);
1113static int PC4500_accessrid(struct airo_info*, u16 rid, u16 accmd);
1114static int PC4500_readrid(struct airo_info*, u16 rid, void *pBuf, int len, int lock);
1115static int PC4500_writerid(struct airo_info*, u16 rid, const void
1116                           *pBuf, int len, int lock);
1117static int do_writerid( struct airo_info*, u16 rid, const void *rid_data,
1118                        int len, int dummy );
1119static u16 transmit_allocate(struct airo_info*, int lenPayload, int raw);
1120static int transmit_802_3_packet(struct airo_info*, int len, char *pPacket);
1121static int transmit_802_11_packet(struct airo_info*, int len, char *pPacket);
1122
1123static int mpi_send_packet (struct net_device *dev);
1124static void mpi_unmap_card(struct pci_dev *pci);
1125static void mpi_receive_802_3(struct airo_info *ai);
1126static void mpi_receive_802_11(struct airo_info *ai);
1127static int waitbusy (struct airo_info *ai);
1128
1129static irqreturn_t airo_interrupt( int irq, void* dev_id);
1130static int airo_thread(void *data);
1131static void timer_func( struct net_device *dev );
1132static int airo_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
1133static struct iw_statistics *airo_get_wireless_stats (struct net_device *dev);
1134static void airo_read_wireless_stats (struct airo_info *local);
1135#ifdef CISCO_EXT
1136static int readrids(struct net_device *dev, aironet_ioctl *comp);
1137static int writerids(struct net_device *dev, aironet_ioctl *comp);
1138static int flashcard(struct net_device *dev, aironet_ioctl *comp);
1139#endif /* CISCO_EXT */
1140static void micinit(struct airo_info *ai);
1141static int micsetup(struct airo_info *ai);
1142static int encapsulate(struct airo_info *ai, etherHead *pPacket, MICBuffer *buffer, int len);
1143static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *pPacket, u16 payLen);
1144
1145static u8 airo_rssi_to_dbm (tdsRssiEntry *rssi_rid, u8 rssi);
1146static u8 airo_dbm_to_pct (tdsRssiEntry *rssi_rid, u8 dbm);
1147
1148static void airo_networks_free(struct airo_info *ai);
1149
1150struct airo_info {
1151        struct net_device_stats stats;
1152        struct net_device             *dev;
1153        struct list_head              dev_list;
1154        /* Note, we can have MAX_FIDS outstanding.  FIDs are 16-bits, so we
1155           use the high bit to mark whether it is in use. */
1156#define MAX_FIDS 6
1157#define MPI_MAX_FIDS 1
1158        int                           fids[MAX_FIDS];
1159        ConfigRid config;
1160        char keyindex; // Used with auto wep
1161        char defindex; // Used with auto wep
1162        struct proc_dir_entry *proc_entry;
1163        spinlock_t aux_lock;
1164#define FLAG_RADIO_OFF  0       /* User disabling of MAC */
1165#define FLAG_RADIO_DOWN 1       /* ifup/ifdown disabling of MAC */
1166#define FLAG_RADIO_MASK 0x03
1167#define FLAG_ENABLED    2
1168#define FLAG_ADHOC      3       /* Needed by MIC */
1169#define FLAG_MIC_CAPABLE 4
1170#define FLAG_UPDATE_MULTI 5
1171#define FLAG_UPDATE_UNI 6
1172#define FLAG_802_11     7
1173#define FLAG_PROMISC    8       /* IFF_PROMISC 0x100 - include/linux/if.h */
1174#define FLAG_PENDING_XMIT 9
1175#define FLAG_PENDING_XMIT11 10
1176#define FLAG_MPI        11
1177#define FLAG_REGISTERED 12
1178#define FLAG_COMMIT     13
1179#define FLAG_RESET      14
1180#define FLAG_FLASHING   15
1181#define FLAG_WPA_CAPABLE        16
1182        unsigned long flags;
1183#define JOB_DIE 0
1184#define JOB_XMIT        1
1185#define JOB_XMIT11      2
1186#define JOB_STATS       3
1187#define JOB_PROMISC     4
1188#define JOB_MIC 5
1189#define JOB_EVENT       6
1190#define JOB_AUTOWEP     7
1191#define JOB_WSTATS      8
1192#define JOB_SCAN_RESULTS  9
1193        unsigned long jobs;
1194        int (*bap_read)(struct airo_info*, __le16 *pu16Dst, int bytelen,
1195                        int whichbap);
1196        unsigned short *flash;
1197        tdsRssiEntry *rssi;
1198        struct task_struct *list_bss_task;
1199        struct task_struct *airo_thread_task;
1200        struct semaphore sem;
1201        wait_queue_head_t thr_wait;
1202        unsigned long expires;
1203        struct {
1204                struct sk_buff *skb;
1205                int fid;
1206        } xmit, xmit11;
1207        struct net_device *wifidev;
1208        struct iw_statistics    wstats;         // wireless stats
1209        unsigned long           scan_timeout;   /* Time scan should be read */
1210        struct iw_spy_data      spy_data;
1211        struct iw_public_data   wireless_data;
1212        /* MIC stuff */
1213        struct crypto_cipher    *tfm;
1214        mic_module              mod[2];
1215        mic_statistics          micstats;
1216        HostRxDesc rxfids[MPI_MAX_FIDS]; // rx/tx/config MPI350 descriptors
1217        HostTxDesc txfids[MPI_MAX_FIDS];
1218        HostRidDesc config_desc;
1219        unsigned long ridbus; // phys addr of config_desc
1220        struct sk_buff_head txq;// tx queue used by mpi350 code
1221        struct pci_dev          *pci;
1222        unsigned char           __iomem *pcimem;
1223        unsigned char           __iomem *pciaux;
1224        unsigned char           *shared;
1225        dma_addr_t              shared_dma;
1226        pm_message_t            power;
1227        SsidRid                 *SSID;
1228        APListRid               *APList;
1229#define PCI_SHARED_LEN          2*MPI_MAX_FIDS*PKTSIZE+RIDSIZE
1230        char                    proc_name[IFNAMSIZ];
1231
1232        /* WPA-related stuff */
1233        unsigned int bssListFirst;
1234        unsigned int bssListNext;
1235        unsigned int bssListRidLen;
1236
1237        struct list_head network_list;
1238        struct list_head network_free_list;
1239        BSSListElement *networks;
1240};
1241
1242static inline int bap_read(struct airo_info *ai, __le16 *pu16Dst, int bytelen,
1243                           int whichbap)
1244{
1245        return ai->bap_read(ai, pu16Dst, bytelen, whichbap);
1246}
1247
1248static int setup_proc_entry( struct net_device *dev,
1249                             struct airo_info *apriv );
1250static int takedown_proc_entry( struct net_device *dev,
1251                                struct airo_info *apriv );
1252
1253static int cmdreset(struct airo_info *ai);
1254static int setflashmode (struct airo_info *ai);
1255static int flashgchar(struct airo_info *ai,int matchbyte,int dwelltime);
1256static int flashputbuf(struct airo_info *ai);
1257static int flashrestart(struct airo_info *ai,struct net_device *dev);
1258
1259#define airo_print(type, name, fmt, args...) \
1260        printk(type DRV_NAME "(%s): " fmt "\n", name, ##args)
1261
1262#define airo_print_info(name, fmt, args...) \
1263        airo_print(KERN_INFO, name, fmt, ##args)
1264
1265#define airo_print_dbg(name, fmt, args...) \
1266        airo_print(KERN_DEBUG, name, fmt, ##args)
1267
1268#define airo_print_warn(name, fmt, args...) \
1269        airo_print(KERN_WARNING, name, fmt, ##args)
1270
1271#define airo_print_err(name, fmt, args...) \
1272        airo_print(KERN_ERR, name, fmt, ##args)
1273
1274
1275/***********************************************************************
1276 *                              MIC ROUTINES                           *
1277 ***********************************************************************
1278 */
1279
1280static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq);
1281static void MoveWindow(miccntx *context, u32 micSeq);
1282static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
1283                           struct crypto_cipher *tfm);
1284static void emmh32_init(emmh32_context *context);
1285static void emmh32_update(emmh32_context *context, u8 *pOctets, int len);
1286static void emmh32_final(emmh32_context *context, u8 digest[4]);
1287static int flashpchar(struct airo_info *ai,int byte,int dwelltime);
1288
1289/* micinit - Initialize mic seed */
1290
1291static void micinit(struct airo_info *ai)
1292{
1293        MICRid mic_rid;
1294
1295        clear_bit(JOB_MIC, &ai->jobs);
1296        PC4500_readrid(ai, RID_MIC, &mic_rid, sizeof(mic_rid), 0);
1297        up(&ai->sem);
1298
1299        ai->micstats.enabled = (mic_rid.state & 0x00FF) ? 1 : 0;
1300
1301        if (ai->micstats.enabled) {
1302                /* Key must be valid and different */
1303                if (mic_rid.multicastValid && (!ai->mod[0].mCtx.valid ||
1304                    (memcmp (ai->mod[0].mCtx.key, mic_rid.multicast,
1305                             sizeof(ai->mod[0].mCtx.key)) != 0))) {
1306                        /* Age current mic Context */
1307                        memcpy(&ai->mod[1].mCtx,&ai->mod[0].mCtx,sizeof(miccntx));
1308                        /* Initialize new context */
1309                        memcpy(&ai->mod[0].mCtx.key,mic_rid.multicast,sizeof(mic_rid.multicast));
1310                        ai->mod[0].mCtx.window  = 33; //Window always points to the middle
1311                        ai->mod[0].mCtx.rx      = 0;  //Rx Sequence numbers
1312                        ai->mod[0].mCtx.tx      = 0;  //Tx sequence numbers
1313                        ai->mod[0].mCtx.valid   = 1;  //Key is now valid
1314  
1315                        /* Give key to mic seed */
1316                        emmh32_setseed(&ai->mod[0].mCtx.seed,mic_rid.multicast,sizeof(mic_rid.multicast), ai->tfm);
1317                }
1318
1319                /* Key must be valid and different */
1320                if (mic_rid.unicastValid && (!ai->mod[0].uCtx.valid || 
1321                    (memcmp(ai->mod[0].uCtx.key, mic_rid.unicast,
1322                            sizeof(ai->mod[0].uCtx.key)) != 0))) {
1323                        /* Age current mic Context */
1324                        memcpy(&ai->mod[1].uCtx,&ai->mod[0].uCtx,sizeof(miccntx));
1325                        /* Initialize new context */
1326                        memcpy(&ai->mod[0].uCtx.key,mic_rid.unicast,sizeof(mic_rid.unicast));
1327        
1328                        ai->mod[0].uCtx.window  = 33; //Window always points to the middle
1329                        ai->mod[0].uCtx.rx      = 0;  //Rx Sequence numbers
1330                        ai->mod[0].uCtx.tx      = 0;  //Tx sequence numbers
1331                        ai->mod[0].uCtx.valid   = 1;  //Key is now valid
1332        
1333                        //Give key to mic seed
1334                        emmh32_setseed(&ai->mod[0].uCtx.seed, mic_rid.unicast, sizeof(mic_rid.unicast), ai->tfm);
1335                }
1336        } else {
1337      /* So next time we have a valid key and mic is enabled, we will update
1338       * the sequence number if the key is the same as before.
1339       */
1340                ai->mod[0].uCtx.valid = 0;
1341                ai->mod[0].mCtx.valid = 0;
1342        }
1343}
1344
1345/* micsetup - Get ready for business */
1346
1347static int micsetup(struct airo_info *ai) {
1348        int i;
1349
1350        if (ai->tfm == NULL)
1351                ai->tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
1352
1353        if (IS_ERR(ai->tfm)) {
1354                airo_print_err(ai->dev->name, "failed to load transform for AES");
1355                ai->tfm = NULL;
1356                return ERROR;
1357        }
1358
1359        for (i=0; i < NUM_MODULES; i++) {
1360                memset(&ai->mod[i].mCtx,0,sizeof(miccntx));
1361                memset(&ai->mod[i].uCtx,0,sizeof(miccntx));
1362        }
1363        return SUCCESS;
1364}
1365
1366static char micsnap[] = {0xAA,0xAA,0x03,0x00,0x40,0x96,0x00,0x02};
1367
1368/*===========================================================================
1369 * Description: Mic a packet
1370 *    
1371 *      Inputs: etherHead * pointer to an 802.3 frame
1372 *    
1373 *     Returns: BOOLEAN if successful, otherwise false.
1374 *             PacketTxLen will be updated with the mic'd packets size.
1375 *
1376 *    Caveats: It is assumed that the frame buffer will already
1377 *             be big enough to hold the largets mic message possible.
1378 *            (No memory allocation is done here).
1379 *  
1380 *    Author: sbraneky (10/15/01)
1381 *    Merciless hacks by rwilcher (1/14/02)
1382 */
1383
1384static int encapsulate(struct airo_info *ai ,etherHead *frame, MICBuffer *mic, int payLen)
1385{
1386        miccntx   *context;
1387
1388        // Determine correct context
1389        // If not adhoc, always use unicast key
1390
1391        if (test_bit(FLAG_ADHOC, &ai->flags) && (frame->da[0] & 0x1))
1392                context = &ai->mod[0].mCtx;
1393        else
1394                context = &ai->mod[0].uCtx;
1395  
1396        if (!context->valid)
1397                return ERROR;
1398
1399        mic->typelen = htons(payLen + 16); //Length of Mic'd packet
1400
1401        memcpy(&mic->u.snap, micsnap, sizeof(micsnap)); // Add Snap
1402
1403        // Add Tx sequence
1404        mic->seq = htonl(context->tx);
1405        context->tx += 2;
1406
1407        emmh32_init(&context->seed); // Mic the packet
1408        emmh32_update(&context->seed,frame->da,ETH_ALEN * 2); // DA,SA
1409        emmh32_update(&context->seed,(u8*)&mic->typelen,10); // Type/Length and Snap
1410        emmh32_update(&context->seed,(u8*)&mic->seq,sizeof(mic->seq)); //SEQ
1411        emmh32_update(&context->seed,frame->da + ETH_ALEN * 2,payLen); //payload
1412        emmh32_final(&context->seed, (u8*)&mic->mic);
1413
1414        /*    New Type/length ?????????? */
1415        mic->typelen = 0; //Let NIC know it could be an oversized packet
1416        return SUCCESS;
1417}
1418
1419typedef enum {
1420    NONE,
1421    NOMIC,
1422    NOMICPLUMMED,
1423    SEQUENCE,
1424    INCORRECTMIC,
1425} mic_error;
1426
1427/*===========================================================================
1428 *  Description: Decapsulates a MIC'd packet and returns the 802.3 packet
1429 *               (removes the MIC stuff) if packet is a valid packet.
1430 *      
1431 *       Inputs: etherHead  pointer to the 802.3 packet             
1432 *     
1433 *      Returns: BOOLEAN - TRUE if packet should be dropped otherwise FALSE
1434 *     
1435 *      Author: sbraneky (10/15/01)
1436 *    Merciless hacks by rwilcher (1/14/02)
1437 *---------------------------------------------------------------------------
1438 */
1439
1440static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *eth, u16 payLen)
1441{
1442        int      i;
1443        u32      micSEQ;
1444        miccntx  *context;
1445        u8       digest[4];
1446        mic_error micError = NONE;
1447
1448        // Check if the packet is a Mic'd packet
1449
1450        if (!ai->micstats.enabled) {
1451                //No Mic set or Mic OFF but we received a MIC'd packet.
1452                if (memcmp ((u8*)eth + 14, micsnap, sizeof(micsnap)) == 0) {
1453                        ai->micstats.rxMICPlummed++;
1454                        return ERROR;
1455                }
1456                return SUCCESS;
1457        }
1458
1459        if (ntohs(mic->typelen) == 0x888E)
1460                return SUCCESS;
1461
1462        if (memcmp (mic->u.snap, micsnap, sizeof(micsnap)) != 0) {
1463            // Mic enabled but packet isn't Mic'd
1464                ai->micstats.rxMICPlummed++;
1465                return ERROR;
1466        }
1467
1468        micSEQ = ntohl(mic->seq);            //store SEQ as CPU order
1469
1470        //At this point we a have a mic'd packet and mic is enabled
1471        //Now do the mic error checking.
1472
1473        //Receive seq must be odd
1474        if ( (micSEQ & 1) == 0 ) {
1475                ai->micstats.rxWrongSequence++;
1476                return ERROR;
1477        }
1478
1479        for (i = 0; i < NUM_MODULES; i++) {
1480                int mcast = eth->da[0] & 1;
1481                //Determine proper context 
1482                context = mcast ? &ai->mod[i].mCtx : &ai->mod[i].uCtx;
1483        
1484                //Make sure context is valid
1485                if (!context->valid) {
1486                        if (i == 0)
1487                                micError = NOMICPLUMMED;
1488                        continue;                
1489                }
1490                //DeMic it 
1491
1492                if (!mic->typelen)
1493                        mic->typelen = htons(payLen + sizeof(MICBuffer) - 2);
1494        
1495                emmh32_init(&context->seed);
1496                emmh32_update(&context->seed, eth->da, ETH_ALEN*2); 
1497                emmh32_update(&context->seed, (u8 *)&mic->typelen, sizeof(mic->typelen)+sizeof(mic->u.snap)); 
1498                emmh32_update(&context->seed, (u8 *)&mic->seq,sizeof(mic->seq));        
1499                emmh32_update(&context->seed, eth->da + ETH_ALEN*2,payLen);     
1500                //Calculate MIC
1501                emmh32_final(&context->seed, digest);
1502        
1503                if (memcmp(digest, &mic->mic, 4)) { //Make sure the mics match
1504                  //Invalid Mic
1505                        if (i == 0)
1506                                micError = INCORRECTMIC;
1507                        continue;
1508                }
1509
1510                //Check Sequence number if mics pass
1511                if (RxSeqValid(ai, context, mcast, micSEQ) == SUCCESS) {
1512                        ai->micstats.rxSuccess++;
1513                        return SUCCESS;
1514                }
1515                if (i == 0)
1516                        micError = SEQUENCE;
1517        }
1518
1519        // Update statistics
1520        switch (micError) {
1521                case NOMICPLUMMED: ai->micstats.rxMICPlummed++;   break;
1522                case SEQUENCE:    ai->micstats.rxWrongSequence++; break;
1523                case INCORRECTMIC: ai->micstats.rxIncorrectMIC++; break;
1524                case NONE:  break;
1525                case NOMIC: break;
1526        }
1527        return ERROR;
1528}
1529
1530/*===========================================================================
1531 * Description:  Checks the Rx Seq number to make sure it is valid
1532 *               and hasn't already been received
1533 *   
1534 *     Inputs: miccntx - mic context to check seq against
1535 *             micSeq  - the Mic seq number
1536 *   
1537 *    Returns: TRUE if valid otherwise FALSE. 
1538 *
1539 *    Author: sbraneky (10/15/01)
1540 *    Merciless hacks by rwilcher (1/14/02)
1541 *---------------------------------------------------------------------------
1542 */
1543
1544static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq)
1545{
1546        u32 seq,index;
1547
1548        //Allow for the ap being rebooted - if it is then use the next 
1549        //sequence number of the current sequence number - might go backwards
1550
1551        if (mcast) {
1552                if (test_bit(FLAG_UPDATE_MULTI, &ai->flags)) {
1553                        clear_bit (FLAG_UPDATE_MULTI, &ai->flags);
1554                        context->window = (micSeq > 33) ? micSeq : 33;
1555                        context->rx     = 0;        // Reset rx
1556                }
1557        } else if (test_bit(FLAG_UPDATE_UNI, &ai->flags)) {
1558                clear_bit (FLAG_UPDATE_UNI, &ai->flags);
1559                context->window = (micSeq > 33) ? micSeq : 33; // Move window
1560                context->rx     = 0;        // Reset rx
1561        }
1562
1563        //Make sequence number relative to START of window
1564        seq = micSeq - (context->window - 33);
1565
1566        //Too old of a SEQ number to check.
1567        if ((s32)seq < 0)
1568                return ERROR;
1569    
1570        if ( seq > 64 ) {
1571                //Window is infinite forward
1572                MoveWindow(context,micSeq);
1573                return SUCCESS;
1574        }
1575
1576        // We are in the window. Now check the context rx bit to see if it was already sent
1577        seq >>= 1;         //divide by 2 because we only have odd numbers
1578        index = 1 << seq;  //Get an index number
1579
1580        if (!(context->rx & index)) {
1581                //micSEQ falls inside the window.
1582                //Add seqence number to the list of received numbers.
1583                context->rx |= index;
1584
1585                MoveWindow(context,micSeq);
1586
1587                return SUCCESS;
1588        }
1589        return ERROR;
1590}
1591
1592static void MoveWindow(miccntx *context, u32 micSeq)
1593{
1594        u32 shift;
1595
1596        //Move window if seq greater than the middle of the window
1597        if (micSeq > context->window) {
1598                shift = (micSeq - context->window) >> 1;
1599    
1600                    //Shift out old
1601                if (shift < 32)
1602                        context->rx >>= shift;
1603                else
1604                        context->rx = 0;
1605
1606                context->window = micSeq;      //Move window
1607        }
1608}
1609
1610/*==============================================*/
1611/*========== EMMH ROUTINES  ====================*/
1612/*==============================================*/
1613
1614/* mic accumulate */
1615#define MIC_ACCUM(val)  \
1616        context->accum += (u64)(val) * context->coeff[coeff_position++];
1617
1618static unsigned char aes_counter[16];
1619
1620/* expand the key to fill the MMH coefficient array */
1621static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
1622                           struct crypto_cipher *tfm)
1623{
1624  /* take the keying material, expand if necessary, truncate at 16-bytes */
1625  /* run through AES counter mode to generate context->coeff[] */
1626  
1627        int i,j;
1628        u32 counter;
1629        u8 *cipher, plain[16];
1630
1631        crypto_cipher_setkey(tfm, pkey, 16);
1632        counter = 0;
1633        for (i = 0; i < ARRAY_SIZE(context->coeff); ) {
1634                aes_counter[15] = (u8)(counter >> 0);
1635                aes_counter[14] = (u8)(counter >> 8);
1636                aes_counter[13] = (u8)(counter >> 16);
1637                aes_counter[12] = (u8)(counter >> 24);
1638                counter++;
1639                memcpy (plain, aes_counter, 16);
1640                crypto_cipher_encrypt_one(tfm, plain, plain);
1641                cipher = plain;
1642                for (j = 0; (j < 16) && (i < ARRAY_SIZE(context->coeff)); ) {
1643                        context->coeff[i++] = ntohl(*(__be32 *)&cipher[j]);
1644                        j += 4;
1645                }
1646        }
1647}
1648
1649/* prepare for calculation of a new mic */
1650static void emmh32_init(emmh32_context *context)
1651{
1652        /* prepare for new mic calculation */
1653        context->accum = 0;
1654        context->position = 0;
1655}
1656
1657/* add some bytes to the mic calculation */
1658static void emmh32_update(emmh32_context *context, u8 *pOctets, int len)
1659{
1660        int     coeff_position, byte_position;
1661  
1662        if (len == 0) return;
1663  
1664        coeff_position = context->position >> 2;
1665  
1666        /* deal with partial 32-bit word left over from last update */
1667        byte_position = context->position & 3;
1668        if (byte_position) {
1669                /* have a partial word in part to deal with */
1670                do {
1671                        if (len == 0) return;
1672                        context->part.d8[byte_position++] = *pOctets++;
1673                        context->position++;
1674                        len--;
1675                } while (byte_position < 4);
1676                MIC_ACCUM(ntohl(context->part.d32));
1677        }
1678
1679        /* deal with full 32-bit words */
1680        while (len >= 4) {
1681                MIC_ACCUM(ntohl(*(__be32 *)pOctets));
1682                context->position += 4;
1683                pOctets += 4;
1684                len -= 4;
1685        }
1686
1687        /* deal with partial 32-bit word that will be left over from this update */
1688        byte_position = 0;
1689        while (len > 0) {
1690                context->part.d8[byte_position++] = *pOctets++;
1691                context->position++;
1692                len--;
1693        }
1694}
1695
1696/* mask used to zero empty bytes for final partial word */
1697static u32 mask32[4] = { 0x00000000L, 0xFF000000L, 0xFFFF0000L, 0xFFFFFF00L };
1698
1699/* calculate the mic */
1700static void emmh32_final(emmh32_context *context, u8 digest[4])
1701{
1702        int     coeff_position, byte_position;
1703        u32     val;
1704  
1705        u64 sum, utmp;
1706        s64 stmp;
1707
1708        coeff_position = context->position >> 2;
1709  
1710        /* deal with partial 32-bit word left over from last update */
1711        byte_position = context->position & 3;
1712        if (byte_position) {
1713                /* have a partial word in part to deal with */
1714                val = ntohl(context->part.d32);
1715                MIC_ACCUM(val & mask32[byte_position]); /* zero empty bytes */
1716        }
1717
1718        /* reduce the accumulated u64 to a 32-bit MIC */
1719        sum = context->accum;
1720        stmp = (sum  & 0xffffffffLL) - ((sum >> 32)  * 15);
1721        utmp = (stmp & 0xffffffffLL) - ((stmp >> 32) * 15);
1722        sum = utmp & 0xffffffffLL;
1723        if (utmp > 0x10000000fLL)
1724                sum -= 15;
1725
1726        val = (u32)sum;
1727        digest[0] = (val>>24) & 0xFF;
1728        digest[1] = (val>>16) & 0xFF;
1729        digest[2] = (val>>8) & 0xFF;
1730        digest[3] = val & 0xFF;
1731}
1732
1733static int readBSSListRid(struct airo_info *ai, int first,
1734                      BSSListRid *list)
1735{
1736        Cmd cmd;
1737        Resp rsp;
1738
1739        if (first == 1) {
1740                if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
1741                memset(&cmd, 0, sizeof(cmd));
1742                cmd.cmd=CMD_LISTBSS;
1743                if (down_interruptible(&ai->sem))
1744                        return -ERESTARTSYS;
1745                ai->list_bss_task = current;
1746                issuecommand(ai, &cmd, &rsp);
1747                up(&ai->sem);
1748                /* Let the command take effect */
1749                schedule_timeout_uninterruptible(3 * HZ);
1750                ai->list_bss_task = NULL;
1751        }
1752        return PC4500_readrid(ai, first ? ai->bssListFirst : ai->bssListNext,
1753                            list, ai->bssListRidLen, 1);
1754}
1755
1756static int readWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int temp, int lock)
1757{
1758        return PC4500_readrid(ai, temp ? RID_WEP_TEMP : RID_WEP_PERM,
1759                                wkr, sizeof(*wkr), lock);
1760}
1761
1762static int writeWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int perm, int lock)
1763{
1764        int rc;
1765        rc = PC4500_writerid(ai, RID_WEP_TEMP, wkr, sizeof(*wkr), lock);
1766        if (rc!=SUCCESS)
1767                airo_print_err(ai->dev->name, "WEP_TEMP set %x", rc);
1768        if (perm) {
1769                rc = PC4500_writerid(ai, RID_WEP_PERM, wkr, sizeof(*wkr), lock);
1770                if (rc!=SUCCESS)
1771                        airo_print_err(ai->dev->name, "WEP_PERM set %x", rc);
1772        }
1773        return rc;
1774}
1775
1776static int readSsidRid(struct airo_info*ai, SsidRid *ssidr)
1777{
1778        return PC4500_readrid(ai, RID_SSID, ssidr, sizeof(*ssidr), 1);
1779}
1780
1781static int writeSsidRid(struct airo_info*ai, SsidRid *pssidr, int lock)
1782{
1783        return PC4500_writerid(ai, RID_SSID, pssidr, sizeof(*pssidr), lock);
1784}
1785
1786static int readConfigRid(struct airo_info *ai, int lock)
1787{
1788        int rc;
1789        ConfigRid cfg;
1790
1791        if (ai->config.len)
1792                return SUCCESS;
1793
1794        rc = PC4500_readrid(ai, RID_ACTUALCONFIG, &cfg, sizeof(cfg), lock);
1795        if (rc != SUCCESS)
1796                return rc;
1797
1798        ai->config = cfg;
1799        return SUCCESS;
1800}
1801
1802static inline void checkThrottle(struct airo_info *ai)
1803{
1804        int i;
1805/* Old hardware had a limit on encryption speed */
1806        if (ai->config.authType != AUTH_OPEN && maxencrypt) {
1807                for(i=0; i<8; i++) {
1808                        if (ai->config.rates[i] > maxencrypt) {
1809                                ai->config.rates[i] = 0;
1810                        }
1811                }
1812        }
1813}
1814
1815static int writeConfigRid(struct airo_info *ai, int lock)
1816{
1817        ConfigRid cfgr;
1818
1819        if (!test_bit (FLAG_COMMIT, &ai->flags))
1820                return SUCCESS;
1821
1822        clear_bit (FLAG_COMMIT, &ai->flags);
1823        clear_bit (FLAG_RESET, &ai->flags);
1824        checkThrottle(ai);
1825        cfgr = ai->config;
1826
1827        if ((cfgr.opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
1828                set_bit(FLAG_ADHOC, &ai->flags);
1829        else
1830                clear_bit(FLAG_ADHOC, &ai->flags);
1831
1832        return PC4500_writerid( ai, RID_CONFIG, &cfgr, sizeof(cfgr), lock);
1833}
1834
1835static int readStatusRid(struct airo_info *ai, StatusRid *statr, int lock)
1836{
1837        return PC4500_readrid(ai, RID_STATUS, statr, sizeof(*statr), lock);
1838}
1839
1840static int readAPListRid(struct airo_info *ai, APListRid *aplr)
1841{
1842        return PC4500_readrid(ai, RID_APLIST, aplr, sizeof(*aplr), 1);
1843}
1844
1845static int writeAPListRid(struct airo_info *ai, APListRid *aplr, int lock)
1846{
1847        return PC4500_writerid(ai, RID_APLIST, aplr, sizeof(*aplr), lock);
1848}
1849
1850static int readCapabilityRid(struct airo_info *ai, CapabilityRid *capr, int lock)
1851{
1852        return PC4500_readrid(ai, RID_CAPABILITIES, capr, sizeof(*capr), lock);
1853}
1854
1855static int readStatsRid(struct airo_info*ai, StatsRid *sr, int rid, int lock)
1856{
1857        return PC4500_readrid(ai, rid, sr, sizeof(*sr), lock);
1858}
1859
1860static void try_auto_wep(struct airo_info *ai)
1861{
1862        if (auto_wep && !(ai->flags & FLAG_RADIO_DOWN)) {
1863                ai->expires = RUN_AT(3*HZ);
1864                wake_up_interruptible(&ai->thr_wait);
1865        }
1866}
1867
1868static int airo_open(struct net_device *dev) {
1869        struct airo_info *ai = dev->priv;
1870        int rc = 0;
1871
1872        if (test_bit(FLAG_FLASHING, &ai->flags))
1873                return -EIO;
1874
1875        /* Make sure the card is configured.
1876         * Wireless Extensions may postpone config changes until the card
1877         * is open (to pipeline changes and speed-up card setup). If
1878         * those changes are not yet commited, do it now - Jean II */
1879        if (test_bit(FLAG_COMMIT, &ai->flags)) {
1880                disable_MAC(ai, 1);
1881                writeConfigRid(ai, 1);
1882        }
1883
1884        if (ai->wifidev != dev) {
1885                clear_bit(JOB_DIE, &ai->jobs);
1886                ai->airo_thread_task = kthread_run(airo_thread, dev, dev->name);
1887                if (IS_ERR(ai->airo_thread_task))
1888                        return (int)PTR_ERR(ai->airo_thread_task);
1889
1890                rc = request_irq(dev->irq, airo_interrupt, IRQF_SHARED,
1891                        dev->name, dev);
1892                if (rc) {
1893                        airo_print_err(dev->name,
1894                                "register interrupt %d failed, rc %d",
1895                                dev->irq, rc);
1896                        set_bit(JOB_DIE, &ai->jobs);
1897                        kthread_stop(ai->airo_thread_task);
1898                        return rc;
1899                }
1900
1901                /* Power on the MAC controller (which may have been disabled) */
1902                clear_bit(FLAG_RADIO_DOWN, &ai->flags);
1903                enable_interrupts(ai);
1904
1905                try_auto_wep(ai);
1906        }
1907        enable_MAC(ai, 1);
1908
1909        netif_start_queue(dev);
1910        return 0;
1911}
1912
1913static int mpi_start_xmit(struct sk_buff *skb, struct net_device *dev) {
1914        int npacks, pending;
1915        unsigned long flags;
1916        struct airo_info *ai = dev->priv;
1917
1918        if (!skb) {
1919                airo_print_err(dev->name, "%s: skb == NULL!",__FUNCTION__);
1920                return 0;
1921        }
1922        npacks = skb_queue_len (&ai->txq);
1923
1924        if (npacks >= MAXTXQ - 1) {
1925                netif_stop_queue (dev);
1926                if (npacks > MAXTXQ) {
1927                        ai->stats.tx_fifo_errors++;
1928                        return 1;
1929                }
1930                skb_queue_tail (&ai->txq, skb);
1931                return 0;
1932        }
1933
1934        spin_lock_irqsave(&ai->aux_lock, flags);
1935        skb_queue_tail (&ai->txq, skb);
1936        pending = test_bit(FLAG_PENDING_XMIT, &ai->flags);
1937        spin_unlock_irqrestore(&ai->aux_lock,flags);
1938        netif_wake_queue (dev);
1939
1940        if (pending == 0) {
1941                set_bit(FLAG_PENDING_XMIT, &ai->flags);
1942                mpi_send_packet (dev);
1943        }
1944        return 0;
1945}
1946
1947/*
1948 * @mpi_send_packet
1949 *
1950 * Attempt to transmit a packet. Can be called from interrupt
1951 * or transmit . return number of packets we tried to send
1952 */
1953
1954static int mpi_send_packet (struct net_device *dev)
1955{
1956        struct sk_buff *skb;
1957        unsigned char *buffer;
1958        s16 len;
1959        __le16 *payloadLen;
1960        struct airo_info *ai = dev->priv;
1961        u8 *sendbuf;
1962
1963        /* get a packet to send */
1964
1965        if ((skb = skb_dequeue(&ai->txq)) == NULL) {
1966                airo_print_err(dev->name,
1967                        "%s: Dequeue'd zero in send_packet()",
1968                        __FUNCTION__);
1969                return 0;
1970        }
1971
1972        /* check min length*/
1973        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
1974        buffer = skb->data;
1975
1976        ai->txfids[0].tx_desc.offset = 0;
1977        ai->txfids[0].tx_desc.valid = 1;
1978        ai->txfids[0].tx_desc.eoc = 1;
1979        ai->txfids[0].tx_desc.len =len+sizeof(WifiHdr);
1980
1981/*
1982 * Magic, the cards firmware needs a length count (2 bytes) in the host buffer
1983 * right after  TXFID_HDR.The TXFID_HDR contains the status short so payloadlen
1984 * is immediatly after it. ------------------------------------------------
1985 *                         |TXFIDHDR+STATUS|PAYLOADLEN|802.3HDR|PACKETDATA|
1986 *                         ------------------------------------------------
1987 */
1988
1989        memcpy((char *)ai->txfids[0].virtual_host_addr,
1990                (char *)&wifictlhdr8023, sizeof(wifictlhdr8023));
1991
1992        payloadLen = (__le16 *)(ai->txfids[0].virtual_host_addr +
1993                sizeof(wifictlhdr8023));
1994        sendbuf = ai->txfids[0].virtual_host_addr +
1995                sizeof(wifictlhdr8023) + 2 ;
1996
1997        /*
1998         * Firmware automaticly puts 802 header on so
1999         * we don't need to account for it in the length
2000         */
2001        if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
2002                (ntohs(((__be16 *)buffer)[6]) != 0x888E)) {
2003                MICBuffer pMic;
2004
2005                if (encapsulate(ai, (etherHead *)buffer, &pMic, len - sizeof(etherHead)) != SUCCESS)
2006                        return ERROR;
2007
2008                *payloadLen = cpu_to_le16(len-sizeof(etherHead)+sizeof(pMic));
2009                ai->txfids[0].tx_desc.len += sizeof(pMic);
2010                /* copy data into airo dma buffer */
2011                memcpy (sendbuf, buffer, sizeof(etherHead));
2012                buffer += sizeof(etherHead);
2013                sendbuf += sizeof(etherHead);
2014                memcpy (sendbuf, &pMic, sizeof(pMic));
2015                sendbuf += sizeof(pMic);
2016                memcpy (sendbuf, buffer, len - sizeof(etherHead));
2017        } else {
2018                *payloadLen = cpu_to_le16(len - sizeof(etherHead));
2019
2020                dev->trans_start = jiffies;
2021
2022                /* copy data into airo dma buffer */
2023                memcpy(sendbuf, buffer, len);
2024        }
2025
2026        memcpy_toio(ai->txfids[0].card_ram_off,
2027                &ai->txfids[0].tx_desc, sizeof(TxFid));
2028
2029        OUT4500(ai, EVACK, 8);
2030
2031        dev_kfree_skb_any(skb);
2032        return 1;
2033}
2034
2035static void get_tx_error(struct airo_info *ai, s32 fid)
2036{
2037        __le16 status;
2038
2039        if (fid < 0)
2040                status = ((WifiCtlHdr *)ai->txfids[0].virtual_host_addr)->ctlhdr.status;
2041        else {
2042                if (bap_setup(ai, ai->fids[fid] & 0xffff, 4, BAP0) != SUCCESS)
2043                        return;
2044                bap_read(ai, &status, 2, BAP0);
2045        }
2046        if (le16_to_cpu(status) & 2) /* Too many retries */
2047                ai->stats.tx_aborted_errors++;
2048        if (le16_to_cpu(status) & 4) /* Transmit lifetime exceeded */
2049                ai->stats.tx_heartbeat_errors++;
2050        if (le16_to_cpu(status) & 8) /* Aid fail */
2051                { }
2052        if (le16_to_cpu(status) & 0x10) /* MAC disabled */
2053                ai->stats.tx_carrier_errors++;
2054        if (le16_to_cpu(status) & 0x20) /* Association lost */
2055                { }
2056        /* We produce a TXDROP event only for retry or lifetime
2057         * exceeded, because that's the only status that really mean
2058         * that this particular node went away.
2059         * Other errors means that *we* screwed up. - Jean II */
2060        if ((le16_to_cpu(status) & 2) ||
2061             (le16_to_cpu(status) & 4)) {
2062                union iwreq_data        wrqu;
2063                char junk[0x18];
2064
2065                /* Faster to skip over useless data than to do
2066                 * another bap_setup(). We are at offset 0x6 and
2067                 * need to go to 0x18 and read 6 bytes - Jean II */
2068                bap_read(ai, (__le16 *) junk, 0x18, BAP0);
2069
2070                /* Copy 802.11 dest address.
2071                 * We use the 802.11 header because the frame may
2072                 * not be 802.3 or may be mangled...
2073                 * In Ad-Hoc mode, it will be the node address.
2074                 * In managed mode, it will be most likely the AP addr
2075                 * User space will figure out how to convert it to
2076                 * whatever it needs (IP address or else).
2077                 * - Jean II */
2078                memcpy(wrqu.addr.sa_data, junk + 0x12, ETH_ALEN);
2079                wrqu.addr.sa_family = ARPHRD_ETHER;
2080
2081                /* Send event to user space */
2082                wireless_send_event(ai->dev, IWEVTXDROP, &wrqu, NULL);
2083        }
2084}
2085
2086static void airo_end_xmit(struct net_device *dev) {
2087        u16 status;
2088        int i;
2089        struct airo_info *priv = dev->priv;
2090        struct sk_buff *skb = priv->xmit.skb;
2091        int fid = priv->xmit.fid;
2092        u32 *fids = priv->fids;
2093
2094        clear_bit(JOB_XMIT, &priv->jobs);
2095        clear_bit(FLAG_PENDING_XMIT, &priv->flags);
2096        status = transmit_802_3_packet (priv, fids[fid], skb->data);
2097        up(&priv->sem);
2098
2099        i = 0;
2100        if ( status == SUCCESS ) {
2101                dev->trans_start = jiffies;
2102                for (; i < MAX_FIDS / 2 && (priv->fids[i] & 0xffff0000); i++);
2103        } else {
2104                priv->fids[fid] &= 0xffff;
2105                priv->stats.tx_window_errors++;
2106        }
2107        if (i < MAX_FIDS / 2)
2108                netif_wake_queue(dev);
2109        dev_kfree_skb(skb);
2110}
2111
2112static int airo_start_xmit(struct sk_buff *skb, struct net_device *dev) {
2113        s16 len;
2114        int i, j;
2115        struct airo_info *priv = dev->priv;
2116        u32 *fids = priv->fids;
2117
2118        if ( skb == NULL ) {
2119                airo_print_err(dev->name, "%s: skb == NULL!", __FUNCTION__);
2120                return 0;
2121        }
2122
2123        /* Find a vacant FID */
2124        for( i = 0; i < MAX_FIDS / 2 && (fids[i] & 0xffff0000); i++ );
2125        for( j = i + 1; j < MAX_FIDS / 2 && (fids[j] & 0xffff0000); j++ );
2126
2127        if ( j >= MAX_FIDS / 2 ) {
2128                netif_stop_queue(dev);
2129
2130                if (i == MAX_FIDS / 2) {
2131                        priv->stats.tx_fifo_errors++;
2132                        return 1;
2133                }
2134        }
2135        /* check min length*/
2136        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
2137        /* Mark fid as used & save length for later */
2138        fids[i] |= (len << 16);
2139        priv->xmit.skb = skb;
2140        priv->xmit.fid = i;
2141        if (down_trylock(&priv->sem) != 0) {
2142                set_bit(FLAG_PENDING_XMIT, &priv->flags);
2143                netif_stop_queue(dev);
2144                set_bit(JOB_XMIT, &priv->jobs);
2145                wake_up_interruptible(&priv->thr_wait);
2146        } else
2147                airo_end_xmit(dev);
2148        return 0;
2149}
2150
2151static void airo_end_xmit11(struct net_device *dev) {
2152        u16 status;
2153        int i;
2154        struct airo_info *priv = dev->priv;
2155        struct sk_buff *skb = priv->xmit11.skb;
2156        int fid = priv->xmit11.fid;
2157        u32 *fids = priv->fids;
2158
2159        clear_bit(JOB_XMIT11, &priv->jobs);
2160        clear_bit(FLAG_PENDING_XMIT11, &priv->flags);
2161        status = transmit_802_11_packet (priv, fids[fid], skb->data);
2162        up(&priv->sem);
2163
2164        i = MAX_FIDS / 2;
2165        if ( status == SUCCESS ) {
2166                dev->trans_start = jiffies;
2167                for (; i < MAX_FIDS && (priv->fids[i] & 0xffff0000); i++);
2168        } else {
2169                priv->fids[fid] &= 0xffff;
2170                priv->stats.tx_window_errors++;
2171        }
2172        if (i < MAX_FIDS)
2173                netif_wake_queue(dev);
2174        dev_kfree_skb(skb);
2175}
2176
2177static int airo_start_xmit11(struct sk_buff *skb, struct net_device *dev) {
2178        s16 len;
2179        int i, j;
2180        struct airo_info *priv = dev->priv;
2181        u32 *fids = priv->fids;
2182
2183        if (test_bit(FLAG_MPI, &priv->flags)) {
2184                /* Not implemented yet for MPI350 */
2185                netif_stop_queue(dev);
2186                return -ENETDOWN;
2187        }
2188
2189        if ( skb == NULL ) {
2190                airo_print_err(dev->name, "%s: skb == NULL!", __FUNCTION__);
2191                return 0;
2192        }
2193
2194        /* Find a vacant FID */
2195        for( i = MAX_FIDS / 2; i < MAX_FIDS && (fids[i] & 0xffff0000); i++ );
2196        for( j = i + 1; j < MAX_FIDS && (fids[j] & 0xffff0000); j++ );
2197
2198        if ( j >= MAX_FIDS ) {
2199                netif_stop_queue(dev);
2200
2201                if (i == MAX_FIDS) {
2202                        priv->stats.tx_fifo_errors++;
2203                        return 1;
2204                }
2205        }
2206        /* check min length*/
2207        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
2208        /* Mark fid as used & save length for later */
2209        fids[i] |= (len << 16);
2210        priv->xmit11.skb = skb;
2211        priv->xmit11.fid = i;
2212        if (down_trylock(&priv->sem) != 0) {
2213                set_bit(FLAG_PENDING_XMIT11, &priv->flags);
2214                netif_stop_queue(dev);
2215                set_bit(JOB_XMIT11, &priv->jobs);
2216                wake_up_interruptible(&priv->thr_wait);
2217        } else
2218                airo_end_xmit11(dev);
2219        return 0;
2220}
2221
2222static void airo_read_stats(struct airo_info *ai)
2223{
2224        StatsRid stats_rid;
2225        __le32 *vals = stats_rid.vals;
2226
2227        clear_bit(JOB_STATS, &ai->jobs);
2228        if (ai->power.event) {
2229                up(&ai->sem);
2230                return;
2231        }
2232        readStatsRid(ai, &stats_rid, RID_STATS, 0);
2233        up(&ai->sem);
2234
2235        ai->stats.rx_packets = le32_to_cpu(vals[43]) + le32_to_cpu(vals[44]) +
2236                               le32_to_cpu(vals[45]);
2237        ai->stats.tx_packets = le32_to_cpu(vals[39]) + le32_to_cpu(vals[40]) +
2238                               le32_to_cpu(vals[41]);
2239        ai->stats.rx_bytes = le32_to_cpu(vals[92]);
2240        ai->stats.tx_bytes = le32_to_cpu(vals[91]);
2241        ai->stats.rx_errors = le32_to_cpu(vals[0]) + le32_to_cpu(vals[2]) +
2242                              le32_to_cpu(vals[3]) + le32_to_cpu(vals[4]);
2243        ai->stats.tx_errors = le32_to_cpu(vals[42]) + ai->stats.tx_fifo_errors;
2244        ai->stats.multicast = le32_to_cpu(vals[43]);
2245        ai->stats.collisions = le32_to_cpu(vals[89]);
2246
2247        /* detailed rx_errors: */
2248        ai->stats.rx_length_errors = le32_to_cpu(vals[3]);
2249        ai->stats.rx_crc_errors = le32_to_cpu(vals[4]);
2250        ai->stats.rx_frame_errors = le32_to_cpu(vals[2]);
2251        ai->stats.rx_fifo_errors = le32_to_cpu(vals[0]);
2252}
2253
2254static struct net_device_stats *airo_get_stats(struct net_device *dev)
2255{
2256        struct airo_info *local =  dev->priv;
2257
2258        if (!test_bit(JOB_STATS, &local->jobs)) {
2259                /* Get stats out of the card if available */
2260                if (down_trylock(&local->sem) != 0) {
2261                        set_bit(JOB_STATS, &local->jobs);
2262                        wake_up_interruptible(&local->thr_wait);
2263                } else
2264                        airo_read_stats(local);
2265        }
2266
2267        return &local->stats;
2268}
2269
2270static void airo_set_promisc(struct airo_info *ai) {
2271        Cmd cmd;
2272        Resp rsp;
2273
2274        memset(&cmd, 0, sizeof(cmd));
2275        cmd.cmd=CMD_SETMODE;
2276        clear_bit(JOB_PROMISC, &ai->jobs);
2277        cmd.parm0=(ai->flags&IFF_PROMISC) ? PROMISC : NOPROMISC;
2278        issuecommand(ai, &cmd, &rsp);
2279        up(&ai->sem);
2280}
2281
2282static void airo_set_multicast_list(struct net_device *dev) {
2283        struct airo_info *ai = dev->priv;
2284
2285        if ((dev->flags ^ ai->flags) & IFF_PROMISC) {
2286                change_bit(FLAG_PROMISC, &ai->flags);
2287                if (down_trylock(&ai->sem) != 0) {
2288                        set_bit(JOB_PROMISC, &ai->jobs);
2289                        wake_up_interruptible(&ai->thr_wait);
2290                } else
2291                        airo_set_promisc(ai);
2292        }
2293
2294        if ((dev->flags&IFF_ALLMULTI)||dev->mc_count>0) {
2295                /* Turn on multicast.  (Should be already setup...) */
2296        }
2297}
2298
2299static int airo_set_mac_address(struct net_device *dev, void *p)
2300{
2301        struct airo_info *ai = dev->priv;
2302        struct sockaddr *addr = p;
2303
2304        readConfigRid(ai, 1);
2305        memcpy (ai->config.macAddr, addr->sa_data, dev->addr_len);
2306        set_bit (FLAG_COMMIT, &ai->flags);
2307        disable_MAC(ai, 1);
2308        writeConfigRid (ai, 1);
2309        enable_MAC(ai, 1);
2310        memcpy (ai->dev->dev_addr, addr->sa_data, dev->addr_len);
2311        if (ai->wifidev)
2312                memcpy (ai->wifidev->dev_addr, addr->sa_data, dev->addr_len);
2313        return 0;
2314}
2315
2316static int airo_change_mtu(struct net_device *dev, int new_mtu)
2317{
2318        if ((new_mtu < 68) || (new_mtu > 2400))
2319                return -EINVAL;
2320        dev->mtu = new_mtu;
2321        return 0;
2322}
2323
2324static LIST_HEAD(airo_devices);
2325
2326static void add_airo_dev(struct airo_info *ai)
2327{
2328        /* Upper layers already keep track of PCI devices,
2329         * so we only need to remember our non-PCI cards. */
2330        if (!ai->pci)
2331                list_add_tail(&ai->dev_list, &airo_devices);
2332}
2333
2334static void del_airo_dev(struct airo_info *ai)
2335{
2336        if (!ai->pci)
2337                list_del(&ai->dev_list);
2338}
2339
2340static int airo_close(struct net_device *dev) {
2341        struct airo_info *ai = dev->priv;
2342
2343        netif_stop_queue(dev);
2344
2345        if (ai->wifidev != dev) {
2346#ifdef POWER_ON_DOWN
2347                /* Shut power to the card. The idea is that the user can save
2348                 * power when he doesn't need the card with "ifconfig down".
2349                 * That's the method that is most friendly towards the network
2350                 * stack (i.e. the network stack won't try to broadcast
2351                 * anything on the interface and routes are gone. Jean II */
2352                set_bit(FLAG_RADIO_DOWN, &ai->flags);
2353                disable_MAC(ai, 1);
2354#endif
2355                disable_interrupts( ai );
2356
2357                free_irq(dev->irq, dev);
2358
2359                set_bit(JOB_DIE, &ai->jobs);
2360                kthread_stop(ai->airo_thread_task);
2361        }
2362        return 0;
2363}
2364
2365void stop_airo_card( struct net_device *dev, int freeres )
2366{
2367        struct airo_info *ai = dev->priv;
2368
2369        set_bit(FLAG_RADIO_DOWN, &ai->flags);
2370        disable_MAC(ai, 1);
2371        disable_interrupts(ai);
2372        takedown_proc_entry( dev, ai );
2373        if (test_bit(FLAG_REGISTERED, &ai->flags)) {
2374                unregister_netdev( dev );
2375                if (ai->wifidev) {
2376                        unregister_netdev(ai->wifidev);
2377                        free_netdev(ai->wifidev);
2378                        ai->wifidev = NULL;
2379                }
2380                clear_bit(FLAG_REGISTERED, &ai->flags);
2381        }
2382        /*
2383         * Clean out tx queue
2384         */
2385        if (test_bit(FLAG_MPI, &ai->flags) && !skb_queue_empty(&ai->txq)) {
2386                struct sk_buff *skb = NULL;
2387                for (;(skb = skb_dequeue(&ai->txq));)
2388                        dev_kfree_skb(skb);
2389        }
2390
2391        airo_networks_free (ai);
2392
2393        kfree(ai->flash);
2394        kfree(ai->rssi);
2395        kfree(ai->APList);
2396        kfree(ai->SSID);
2397        if (freeres) {
2398                /* PCMCIA frees this stuff, so only for PCI and ISA */
2399                release_region( dev->base_addr, 64 );
2400                if (test_bit(FLAG_MPI, &ai->flags)) {
2401                        if (ai->pci)
2402                                mpi_unmap_card(ai->pci);
2403                        if (ai->pcimem)
2404                                iounmap(ai->pcimem);
2405                        if (ai->pciaux)
2406                                iounmap(ai->pciaux);
2407                        pci_free_consistent(ai->pci, PCI_SHARED_LEN,
2408                                ai->shared, ai->shared_dma);
2409                }
2410        }
2411        crypto_free_cipher(ai->tfm);
2412        del_airo_dev(ai);
2413        free_netdev( dev );
2414}
2415
2416EXPORT_SYMBOL(stop_airo_card);
2417
2418static int wll_header_parse(const struct sk_buff *skb, unsigned char *haddr)
2419{
2420        memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN);
2421        return ETH_ALEN;
2422}
2423
2424static void mpi_unmap_card(struct pci_dev *pci)
2425{
2426        unsigned long mem_start = pci_resource_start(pci, 1);
2427        unsigned long mem_len = pci_resource_len(pci, 1);
2428        unsigned long aux_start = pci_resource_start(pci, 2);
2429        unsigned long aux_len = AUXMEMSIZE;
2430
2431        release_mem_region(aux_start, aux_len);
2432        release_mem_region(mem_start, mem_len);
2433}
2434
2435/*************************************************************
2436 *  This routine assumes that descriptors have been setup .
2437 *  Run at insmod time or after reset  when the decriptors
2438 *  have been initialized . Returns 0 if all is well nz
2439 *  otherwise . Does not allocate memory but sets up card
2440 *  using previously allocated descriptors.
2441 */
2442static int mpi_init_descriptors (struct airo_info *ai)
2443{
2444        Cmd cmd;
2445        Resp rsp;
2446        int i;
2447        int rc = SUCCESS;
2448
2449        /* Alloc  card RX descriptors */
2450        netif_stop_queue(ai->dev);
2451
2452        memset(&rsp,0,sizeof(rsp));
2453        memset(&cmd,0,sizeof(cmd));
2454
2455        cmd.cmd = CMD_ALLOCATEAUX;
2456        cmd.parm0 = FID_RX;
2457        cmd.parm1 = (ai->rxfids[0].card_ram_off - ai->pciaux);
2458        cmd.parm2 = MPI_MAX_FIDS;
2459        rc=issuecommand(ai, &cmd, &rsp);
2460        if (rc != SUCCESS) {
2461                airo_print_err(ai->dev->name, "Couldn't allocate RX FID");
2462                return rc;
2463        }
2464
2465        for (i=0; i<MPI_MAX_FIDS; i++) {
2466                memcpy_toio(ai->rxfids[i].card_ram_off,
2467                        &ai->rxfids[i].rx_desc, sizeof(RxFid));
2468        }
2469
2470        /* Alloc card TX descriptors */
2471
2472        memset(&rsp,0,sizeof(rsp));
2473        memset(&cmd,0,sizeof(cmd));
2474
2475        cmd.cmd = CMD_ALLOCATEAUX;
2476        cmd.parm0 = FID_TX;
2477        cmd.parm1 = (ai->txfids[0].card_ram_off - ai->pciaux);
2478        cmd.parm2 = MPI_MAX_FIDS;
2479
2480        for (i=0; i<MPI_MAX_FIDS; i++) {
2481                ai->txfids[i].tx_desc.valid = 1;
2482                memcpy_toio(ai->txfids[i].card_ram_off,
2483                        &ai->txfids[i].tx_desc, sizeof(TxFid));
2484        }
2485        ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
2486
2487        rc=issuecommand(ai, &cmd, &rsp);
2488        if (rc != SUCCESS) {
2489                airo_print_err(ai->dev->name, "Couldn't allocate TX FID");
2490                return rc;
2491        }
2492
2493        /* Alloc card Rid descriptor */
2494        memset(&rsp,0,sizeof(rsp));
2495        memset(&cmd,0,sizeof(cmd));
2496
2497        cmd.cmd = CMD_ALLOCATEAUX;
2498        cmd.parm0 = RID_RW;
2499        cmd.parm1 = (ai->config_desc.card_ram_off - ai->pciaux);
2500        cmd.parm2 = 1; /* Magic number... */
2501        rc=issuecommand(ai, &cmd, &rsp);
2502        if (rc != SUCCESS) {
2503                airo_print_err(ai->dev->name, "Couldn't allocate RID");
2504                return rc;
2505        }
2506
2507        memcpy_toio(ai->config_desc.card_ram_off,
2508                &ai->config_desc.rid_desc, sizeof(Rid));
2509
2510        return rc;
2511}
2512
2513/*
2514 * We are setting up three things here:
2515 * 1) Map AUX memory for descriptors: Rid, TxFid, or RxFid.
2516 * 2) Map PCI memory for issueing commands.
2517 * 3) Allocate memory (shared) to send and receive ethernet frames.
2518 */
2519static int mpi_map_card(struct airo_info *ai, struct pci_dev *pci)
2520{
2521        unsigned long mem_start, mem_len, aux_start, aux_len;
2522        int rc = -1;
2523        int i;
2524        dma_addr_t busaddroff;
2525        unsigned char *vpackoff;
2526        unsigned char __iomem *pciaddroff;
2527
2528        mem_start = pci_resource_start(pci, 1);
2529        mem_len = pci_resource_len(pci, 1);
2530        aux_start = pci_resource_start(pci, 2);
2531        aux_len = AUXMEMSIZE;
2532
2533        if (!request_mem_region(mem_start, mem_len, DRV_NAME)) {
2534                airo_print_err("", "Couldn't get region %x[%x]",
2535                        (int)mem_start, (int)mem_len);
2536                goto out;
2537        }
2538        if (!request_mem_region(aux_start, aux_len, DRV_NAME)) {
2539                airo_print_err("", "Couldn't get region %x[%x]",
2540                        (int)aux_start, (int)aux_len);
2541                goto free_region1;
2542        }
2543
2544        ai->pcimem = ioremap(mem_start, mem_len);
2545        if (!ai->pcimem) {
2546                airo_print_err("", "Couldn't map region %x[%x]",
2547                        (int)mem_start, (int)mem_len);
2548                goto free_region2;
2549        }
2550        ai->pciaux = ioremap(aux_start, aux_len);
2551        if (!ai->pciaux) {
2552                airo_print_err("", "Couldn't map region %x[%x]",
2553                        (int)aux_start, (int)aux_len);
2554                goto free_memmap;
2555        }
2556
2557        /* Reserve PKTSIZE for each fid and 2K for the Rids */
2558        ai->shared = pci_alloc_consistent(pci, PCI_SHARED_LEN, &ai->shared_dma);
2559        if (!ai->shared) {
2560                airo_print_err("", "Couldn't alloc_consistent %d",
2561                        PCI_SHARED_LEN);
2562                goto free_auxmap;
2563        }
2564
2565        /*
2566         * Setup descriptor RX, TX, CONFIG
2567         */
2568        busaddroff = ai->shared_dma;
2569        pciaddroff = ai->pciaux + AUX_OFFSET;
2570        vpackoff   = ai->shared;
2571
2572        /* RX descriptor setup */
2573        for(i = 0; i < MPI_MAX_FIDS; i++) {
2574                ai->rxfids[i].pending = 0;
2575                ai->rxfids[i].card_ram_off = pciaddroff;
2576                ai->rxfids[i].virtual_host_addr = vpackoff;
2577                ai->rxfids[i].rx_desc.host_addr = busaddroff;
2578                ai->rxfids[i].rx_desc.valid = 1;
2579                ai->rxfids[i].rx_desc.len = PKTSIZE;
2580                ai->rxfids[i].rx_desc.rdy = 0;
2581
2582                pciaddroff += sizeof(RxFid);
2583                busaddroff += PKTSIZE;
2584                vpackoff   += PKTSIZE;
2585        }
2586
2587        /* TX descriptor setup */
2588        for(i = 0; i < MPI_MAX_FIDS; i++) {
2589                ai->txfids[i].card_ram_off = pciaddroff;
2590                ai->txfids[i].virtual_host_addr = vpackoff;
2591                ai->txfids[i].tx_desc.valid = 1;
2592                ai->txfids[i].tx_desc.host_addr = busaddroff;
2593                memcpy(ai->txfids[i].virtual_host_addr,
2594                        &wifictlhdr8023, sizeof(wifictlhdr8023));
2595
2596                pciaddroff += sizeof(TxFid);
2597                busaddroff += PKTSIZE;
2598                vpackoff   += PKTSIZE;
2599        }
2600        ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
2601
2602        /* Rid descriptor setup */
2603        ai->config_desc.card_ram_off = pciaddroff;
2604        ai->config_desc.virtual_host_addr = vpackoff;
2605        ai->config_desc.rid_desc.host_addr = busaddroff;
2606        ai->ridbus = busaddroff;
2607        ai->config_desc.rid_desc.rid = 0;
2608        ai->config_desc.rid_desc.len = RIDSIZE;
2609        ai->config_desc.rid_desc.valid = 1;
2610        pciaddroff += sizeof(Rid);
2611        busaddroff += RIDSIZE;
2612        vpackoff   += RIDSIZE;
2613
2614        /* Tell card about descriptors */
2615        if (mpi_init_descriptors (ai) != SUCCESS)
2616                goto free_shared;
2617
2618        return 0;
2619 free_shared:
2620        pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
2621 free_auxmap:
2622        iounmap(ai->pciaux);
2623 free_memmap:
2624        iounmap(ai->pcimem);
2625 free_region2:
2626        release_mem_region(aux_start, aux_len);
2627 free_region1:
2628        release_mem_region(mem_start, mem_len);
2629 out:
2630        return rc;
2631}
2632
2633static const struct header_ops airo_header_ops = {
2634        .parse = wll_header_parse,
2635};
2636
2637static void wifi_setup(struct net_device *dev)
2638{
2639        dev->header_ops = &airo_header_ops;
2640        dev->hard_start_xmit = &airo_start_xmit11;
2641        dev->get_stats = &airo_get_stats;
2642        dev->set_mac_address = &airo_set_mac_address;
2643        dev->do_ioctl = &airo_ioctl;
2644        dev->wireless_handlers = &airo_handler_def;
2645        dev->change_mtu = &airo_change_mtu;
2646        dev->open = &airo_open;
2647        dev->stop = &airo_close;
2648
2649        dev->type               = ARPHRD_IEEE80211;
2650        dev->hard_header_len    = ETH_HLEN;
2651        dev->mtu                = AIRO_DEF_MTU;
2652        dev->addr_len           = ETH_ALEN;
2653        dev->tx_queue_len       = 100; 
2654
2655        memset(dev->broadcast,0xFF, ETH_ALEN);
2656
2657        dev->flags              = IFF_BROADCAST|IFF_MULTICAST;
2658}
2659
2660static struct net_device *init_wifidev(struct airo_info *ai,
2661                                        struct net_device *ethdev)
2662{
2663        int err;
2664        struct net_device *dev = alloc_netdev(0, "wifi%d", wifi_setup);
2665        if (!dev)
2666                return NULL;
2667        dev->priv = ethdev->priv;
2668        dev->irq = ethdev->irq;
2669        dev->base_addr = ethdev->base_addr;
2670        dev->wireless_data = ethdev->wireless_data;
2671        memcpy(dev->dev_addr, ethdev->dev_addr, dev->addr_len);
2672        err = register_netdev(dev);
2673        if (err<0) {
2674                free_netdev(dev);
2675                return NULL;
2676        }
2677        return dev;
2678}
2679
2680static int reset_card( struct net_device *dev , int lock) {
2681        struct airo_info *ai = dev->priv;
2682
2683        if (lock && down_interruptible(&ai->sem))
2684                return -1;
2685        waitbusy (ai);
2686        OUT4500(ai,COMMAND,CMD_SOFTRESET);
2687        msleep(200);
2688        waitbusy (ai);
2689        msleep(200);
2690        if (lock)
2691                up(&ai->sem);
2692        return 0;
2693}
2694
2695#define AIRO_MAX_NETWORK_COUNT  64
2696static int airo_networks_allocate(struct airo_info *ai)
2697{
2698        if (ai->networks)
2699                return 0;
2700
2701        ai->networks =
2702            kzalloc(AIRO_MAX_NETWORK_COUNT * sizeof(BSSListElement),
2703                    GFP_KERNEL);
2704        if (!ai->networks) {
2705                airo_print_warn("", "Out of memory allocating beacons");
2706                return -ENOMEM;
2707        }
2708
2709        return 0;
2710}
2711
2712static void airo_networks_free(struct airo_info *ai)
2713{
2714        kfree(ai->networks);
2715        ai->networks = NULL;
2716}
2717
2718static void airo_networks_initialize(struct airo_info *ai)
2719{
2720        int i;
2721
2722        INIT_LIST_HEAD(&ai->network_free_list);
2723        INIT_LIST_HEAD(&ai->network_list);
2724        for (i = 0; i < AIRO_MAX_NETWORK_COUNT; i++)
2725                list_add_tail(&ai->networks[i].list,
2726                              &ai->network_free_list);
2727}
2728
2729static int airo_test_wpa_capable(struct airo_info *ai)
2730{
2731        int status;
2732        CapabilityRid cap_rid;
2733
2734        status = readCapabilityRid(ai, &cap_rid, 1);
2735        if (status != SUCCESS) return 0;
2736
2737        /* Only firmware versions 5.30.17 or better can do WPA */
2738        if (le16_to_cpu(cap_rid.softVer) > 0x530
2739          || (le16_to_cpu(cap_rid.softVer) == 0x530
2740              && le16_to_cpu(cap_rid.softSubVer) >= 17)) {
2741                airo_print_info("", "WPA is supported.");
2742                return 1;
2743        }
2744
2745        /* No WPA support */
2746        airo_print_info("", "WPA unsupported (only firmware versions 5.30.17"
2747                " and greater support WPA.  Detected %s)", cap_rid.prodVer);
2748        return 0;
2749}
2750
2751static struct net_device *_init_airo_card( unsigned short irq, int port,
2752                                           int is_pcmcia, struct pci_dev *pci,
2753                                           struct device *dmdev )
2754{
2755        struct net_device *dev;
2756        struct airo_info *ai;
2757        int i, rc;
2758        DECLARE_MAC_BUF(mac);
2759
2760        /* Create the network device object. */
2761        dev = alloc_netdev(sizeof(*ai), "", ether_setup);
2762        if (!dev) {
2763                airo_print_err("", "Couldn't alloc_etherdev");
2764                return NULL;
2765        }
2766
2767        ai = dev->priv;
2768        ai->wifidev = NULL;
2769        ai->flags = 1 << FLAG_RADIO_DOWN;
2770        ai->jobs = 0;
2771        ai->dev = dev;
2772        if (pci && (pci->device == 0x5000 || pci->device == 0xa504)) {
2773                airo_print_dbg("", "Found an MPI350 card");
2774                set_bit(FLAG_MPI, &ai->flags);
2775        }
2776        spin_lock_init(&ai->aux_lock);
2777        sema_init(&ai->sem, 1);
2778        ai->config.len = 0;
2779        ai->pci = pci;
2780        init_waitqueue_head (&ai->thr_wait);
2781        ai->tfm = NULL;
2782        add_airo_dev(ai);
2783
2784        if (airo_networks_allocate (ai))
2785                goto err_out_free;
2786        airo_networks_initialize (ai);
2787
2788        /* The Airo-specific entries in the device structure. */
2789        if (test_bit(FLAG_MPI,&ai->flags)) {
2790                skb_queue_head_init (&ai->txq);
2791                dev->hard_start_xmit = &mpi_start_xmit;
2792        } else
2793                dev->hard_start_xmit = &airo_start_xmit;
2794        dev->get_stats = &airo_get_stats;
2795        dev->set_multicast_list = &airo_set_multicast_list;
2796        dev->set_mac_address = &airo_set_mac_address;
2797        dev->do_ioctl = &airo_ioctl;
2798        dev->wireless_handlers = &airo_handler_def;
2799        ai->wireless_data.spy_data = &ai->spy_data;
2800        dev->wireless_data = &ai->wireless_data;
2801        dev->change_mtu = &airo_change_mtu;
2802        dev->open = &airo_open;
2803        dev->stop = &airo_close;
2804        dev->irq = irq;
2805        dev->base_addr = port;
2806
2807        SET_NETDEV_DEV(dev, dmdev);
2808
2809        reset_card (dev, 1);
2810        msleep(400);
2811
2812        if (!is_pcmcia) {
2813                if (!request_region(dev->base_addr, 64, DRV_NAME)) {
2814                        rc = -EBUSY;
2815                        airo_print_err(dev->name, "Couldn't request region");
2816                        goto err_out_nets;
2817                }
2818        }
2819
2820        if (test_bit(FLAG_MPI,&ai->flags)) {
2821                if (mpi_map_card(ai, pci)) {
2822                        airo_print_err("", "Could not map memory");
2823                        goto err_out_res;
2824                }
2825        }
2826
2827        if (probe) {
2828                if ( setup_card( ai, dev->dev_addr, 1 ) != SUCCESS ) {
2829                        airo_print_err(dev->name, "MAC could not be enabled" );
2830                        rc = -EIO;
2831                        goto err_out_map;
2832                }
2833        } else if (!test_bit(FLAG_MPI,&ai->flags)) {
2834                ai->bap_read = fast_bap_read;
2835                set_bit(FLAG_FLASHING, &ai->flags);
2836        }
2837
2838        /* Test for WPA support */
2839        if (airo_test_wpa_capable(ai)) {
2840                set_bit(FLAG_WPA_CAPABLE, &ai->flags);
2841                ai->bssListFirst = RID_WPA_BSSLISTFIRST;
2842                ai->bssListNext = RID_WPA_BSSLISTNEXT;
2843                ai->bssListRidLen = sizeof(BSSListRid);
2844        } else {
2845                ai->bssListFirst = RID_BSSLISTFIRST;
2846                ai->bssListNext = RID_BSSLISTNEXT;
2847                ai->bssListRidLen = sizeof(BSSListRid) - sizeof(BSSListRidExtra);
2848        }
2849
2850        strcpy(dev->name, "eth%d");
2851        rc = register_netdev(dev);
2852        if (rc) {
2853                airo_print_err(dev->name, "Couldn't register_netdev");
2854                goto err_out_map;
2855        }
2856        ai->wifidev = init_wifidev(ai, dev);
2857        if (!ai->wifidev)
2858                goto err_out_reg;
2859
2860        set_bit(FLAG_REGISTERED,&ai->flags);
2861        airo_print_info(dev->name, "MAC enabled %s",
2862                        print_mac(mac, dev->dev_addr));
2863
2864        /* Allocate the transmit buffers */
2865        if (probe && !test_bit(FLAG_MPI,&ai->flags))
2866                for( i = 0; i < MAX_FIDS; i++ )
2867                        ai->fids[i] = transmit_allocate(ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);
2868
2869        if (setup_proc_entry(dev, dev->priv) < 0)
2870                goto err_out_wifi;
2871
2872        return dev;
2873
2874err_out_wifi:
2875        unregister_netdev(ai->wifidev);
2876        free_netdev(ai->wifidev);
2877err_out_reg:
2878        unregister_netdev(dev);
2879err_out_map:
2880        if (test_bit(FLAG_MPI,&ai->flags) && pci) {
2881                pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
2882                iounmap(ai->pciaux);
2883                iounmap(ai->pcimem);
2884                mpi_unmap_card(ai->pci);
2885        }
2886err_out_res:
2887        if (!is_pcmcia)
2888                release_region( dev->base_addr, 64 );
2889err_out_nets:
2890        airo_networks_free(ai);
2891        del_airo_dev(ai);
2892err_out_free:
2893        free_netdev(dev);
2894        return NULL;
2895}
2896
2897struct net_device *init_airo_card( unsigned short irq, int port, int is_pcmcia,
2898                                  struct device *dmdev)
2899{
2900        return _init_airo_card ( irq, port, is_pcmcia, NULL, dmdev);
2901}
2902
2903EXPORT_SYMBOL(init_airo_card);
2904
2905static int waitbusy (struct airo_info *ai) {
2906        int delay = 0;
2907        while ((IN4500 (ai, COMMAND) & COMMAND_BUSY) & (delay < 10000)) {
2908                udelay (10);
2909                if ((++delay % 20) == 0)
2910                        OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
2911        }
2912        return delay < 10000;
2913}
2914
2915int reset_airo_card( struct net_device *dev )
2916{
2917        int i;
2918        struct airo_info *ai = dev->priv;
2919        DECLARE_MAC_BUF(mac);
2920
2921        if (reset_card (dev, 1))
2922                return -1;
2923
2924        if ( setup_card(ai, dev->dev_addr, 1 ) != SUCCESS ) {
2925                airo_print_err(dev->name, "MAC could not be enabled");
2926                return -1;
2927        }
2928        airo_print_info(dev->name, "MAC enabled %s",
2929                        print_mac(mac, dev->dev_addr));
2930        /* Allocate the transmit buffers if needed */
2931        if (!test_bit(FLAG_MPI,&ai->flags))
2932                for( i = 0; i < MAX_FIDS; i++ )
2933                        ai->fids[i] = transmit_allocate (ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);
2934
2935        enable_interrupts( ai );
2936        netif_wake_queue(dev);
2937        return 0;
2938}
2939
2940EXPORT_SYMBOL(reset_airo_card);
2941
2942static void airo_send_event(struct net_device *dev) {
2943        struct airo_info *ai = dev->priv;
2944        union iwreq_data wrqu;
2945        StatusRid status_rid;
2946
2947        clear_bit(JOB_EVENT, &ai->jobs);
2948        PC4500_readrid(ai, RID_STATUS, &status_rid, sizeof(status_rid), 0);
2949        up(&ai->sem);
2950        wrqu.data.length = 0;
2951        wrqu.data.flags = 0;
2952        memcpy(wrqu.ap_addr.sa_data, status_rid.bssid[0], ETH_ALEN);
2953        wrqu.ap_addr.sa_family = ARPHRD_ETHER;
2954
2955        /* Send event to user space */
2956        wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
2957}
2958
2959static void airo_process_scan_results (struct airo_info *ai) {
2960        union iwreq_data        wrqu;
2961        BSSListRid bss;
2962        int rc;
2963        BSSListElement * loop_net;
2964        BSSListElement * tmp_net;
2965
2966        /* Blow away current list of scan results */
2967        list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) {
2968                list_move_tail (&loop_net->list, &ai->network_free_list);
2969                /* Don't blow away ->list, just BSS data */
2970                memset (loop_net, 0, sizeof (loop_net->bss));
2971        }
2972
2973        /* Try to read the first entry of the scan result */
2974        rc = PC4500_readrid(ai, ai->bssListFirst, &bss, ai->bssListRidLen, 0);
2975        if((rc) || (bss.index == cpu_to_le16(0xffff))) {
2976                /* No scan results */
2977                goto out;
2978        }
2979
2980        /* Read and parse all entries */
2981        tmp_net = NULL;
2982        while((!rc) && (bss.index != cpu_to_le16(0xffff))) {
2983                /* Grab a network off the free list */
2984                if (!list_empty(&ai->network_free_list)) {
2985                        tmp_net = list_entry(ai->network_free_list.next,
2986                                            BSSListElement, list);
2987                        list_del(ai->network_free_list.next);
2988                }
2989
2990                if (tmp_net != NULL) {
2991                        memcpy(tmp_net, &bss, sizeof(tmp_net->bss));
2992                        list_add_tail(&tmp_net->list, &ai->network_list);
2993                        tmp_net = NULL;
2994                }
2995
2996                /* Read next entry */
2997                rc = PC4500_readrid(ai, ai->bssListNext,
2998                                    &bss, ai->bssListRidLen, 0);
2999        }
3000
3001out:
3002        ai->scan_timeout = 0;
3003        clear_bit(JOB_SCAN_RESULTS, &ai->jobs);
3004        up(&ai->sem);
3005
3006        /* Send an empty event to user space.
3007         * We don't send the received data on
3008         * the event because it would require
3009         * us to do complex transcoding, and
3010         * we want to minimise the work done in
3011         * the irq handler. Use a request to
3012         * extract the data - Jean II */
3013        wrqu.data.length = 0;
3014        wrqu.data.flags = 0;
3015        wireless_send_event(ai->dev, SIOCGIWSCAN, &wrqu, NULL);
3016}
3017
3018static int airo_thread(void *data) {
3019        struct net_device *dev = data;
3020        struct airo_info *ai = dev->priv;
3021        int locked;
3022
3023        set_freezable();
3024        while(1) {
3025                /* make swsusp happy with our thread */
3026                try_to_freeze();
3027
3028                if (test_bit(JOB_DIE, &ai->jobs))
3029                        break;
3030
3031                if (ai->jobs) {
3032                        locked = down_interruptible(&ai->sem);
3033                } else {
3034                        wait_queue_t wait;
3035
3036                        init_waitqueue_entry(&wait, current);
3037                        add_wait_queue(&ai->thr_wait, &wait);
3038                        for (;;) {
3039                                set_current_state(TASK_INTERRUPTIBLE);
3040                                if (ai->jobs)
3041                                        break;
3042                                if (ai->expires || ai->scan_timeout) {
3043                                        if (ai->scan_timeout &&
3044                                                        time_after_eq(jiffies,ai->scan_timeout)){
3045                                                set_bit(JOB_SCAN_RESULTS, &ai->jobs);
3046                                                break;
3047                                        } else if (ai->expires &&
3048                                                        time_after_eq(jiffies,ai->expires)){
3049                                                set_bit(JOB_AUTOWEP, &ai->jobs);
3050                                                break;
3051                                        }
3052                                        if (!kthread_should_stop() &&
3053                                            !freezing(current)) {
3054                                                unsigned long wake_at;
3055                                                if (!ai->expires || !ai->scan_timeout) {
3056                                                        wake_at = max(ai->expires,
3057                                                                ai->scan_timeout);
3058                                                } else {
3059                                                        wake_at = min(ai->expires,
3060                                                                ai->scan_timeout);
3061                                                }
3062                                                schedule_timeout(wake_at - jiffies);
3063                                                continue;
3064                                        }
3065                                } else if (!kthread_should_stop() &&
3066                                           !freezing(current)) {
3067                                        schedule();
3068                                        continue;
3069                                }
3070                                break;
3071                        }
3072                        current->state = TASK_RUNNING;
3073                        remove_wait_queue(&ai->thr_wait, &wait);
3074                        locked = 1;
3075                }
3076
3077                if (locked)
3078                        continue;
3079
3080                if (test_bit(JOB_DIE, &ai->jobs)) {
3081                        up(&ai->sem);
3082                        break;
3083                }
3084
3085                if (ai->power.event || test_bit(FLAG_FLASHING, &ai->flags)) {
3086                        up(&ai->sem);
3087                        continue;
3088                }
3089
3090                if (test_bit(JOB_XMIT, &ai->jobs))
3091                        airo_end_xmit(dev);
3092                else if (test_bit(JOB_XMIT11, &ai->jobs))
3093                        airo_end_xmit11(dev);
3094                else if (test_bit(JOB_STATS, &ai->jobs))
3095                        airo_read_stats(ai);
3096                else if (test_bit(JOB_WSTATS, &ai->jobs))
3097                        airo_read_wireless_stats(ai);
3098                else if (test_bit(JOB_PROMISC, &ai->jobs))
3099                        airo_set_promisc(ai);
3100                else if (test_bit(JOB_MIC, &ai->jobs))
3101                        micinit(ai);
3102                else if (test_bit(JOB_EVENT, &ai->jobs))
3103                        airo_send_event(dev);
3104                else if (test_bit(JOB_AUTOWEP, &ai->jobs))
3105                        timer_func(dev);
3106                else if (test_bit(JOB_SCAN_RESULTS, &ai->jobs))
3107                        airo_process_scan_results(ai);
3108                else  /* Shouldn't get here, but we make sure to unlock */
3109                        up(&ai->sem);
3110        }
3111
3112        return 0;
3113}
3114
3115static int header_len(__le16 ctl)
3116{
3117        u16 fc = le16_to_cpu(ctl);
3118        switch (fc & 0xc) {
3119        case 4:
3120                if ((fc & 0xe0) == 0xc0)
3121                        return 10;      /* one-address control packet */
3122                return 16;      /* two-address control packet */
3123        case 8:
3124                if ((fc & 0x300) == 0x300)
3125                        return 30;      /* WDS packet */
3126        }
3127        return 24;
3128}
3129
3130static irqreturn_t airo_interrupt(int irq, void *dev_id)
3131{
3132        struct net_device *dev = dev_id;
3133        u16 status;
3134        u16 fid;
3135        struct airo_info *apriv = dev->priv;
3136        u16 savedInterrupts = 0;
3137        int handled = 0;
3138
3139        if (!netif_device_present(dev))
3140                return IRQ_NONE;
3141
3142        for (;;) {
3143                status = IN4500( apriv, EVSTAT );
3144                if ( !(status & STATUS_INTS) || status == 0xffff ) break;
3145
3146                handled = 1;
3147
3148                if ( status & EV_AWAKE ) {
3149                        OUT4500( apriv, EVACK, EV_AWAKE );
3150                        OUT4500( apriv, EVACK, EV_AWAKE );
3151                }
3152
3153                if (!savedInterrupts) {
3154                        savedInterrupts = IN4500( apriv, EVINTEN );
3155                        OUT4500( apriv, EVINTEN, 0 );
3156                }
3157
3158                if ( status & EV_MIC ) {
3159                        OUT4500( apriv, EVACK, EV_MIC );
3160                        if (test_bit(FLAG_MIC_CAPABLE, &apriv->flags)) {
3161                                set_bit(JOB_MIC, &apriv->jobs);
3162                                wake_up_interruptible(&apriv->thr_wait);
3163                        }
3164                }
3165                if ( status & EV_LINK ) {
3166                        union iwreq_data        wrqu;
3167                        int scan_forceloss = 0;
3168                        /* The link status has changed, if you want to put a
3169                           monitor hook in, do it here.  (Remember that
3170                           interrupts are still disabled!)
3171                        */
3172                        u16 newStatus = IN4500(apriv, LINKSTAT);
3173                        OUT4500( apriv, EVACK, EV_LINK);
3174                        /* Here is what newStatus means: */
3175#define NOBEACON 0x8000 /* Loss of sync - missed beacons */
3176#define MAXRETRIES 0x8001 /* Loss of sync - max retries */
3177#define MAXARL 0x8002 /* Loss of sync - average retry level exceeded*/
3178#define FORCELOSS 0x8003 /* Loss of sync - host request */
3179#define TSFSYNC 0x8004 /* Loss of sync - TSF synchronization */
3180#define DEAUTH 0x8100 /* Deauthentication (low byte is reason code) */
3181#define DISASS 0x8200 /* Disassociation (low byte is reason code) */
3182#define ASSFAIL 0x8400 /* Association failure (low byte is reason
3183                          code) */
3184#define AUTHFAIL 0x0300 /* Authentication failure (low byte is reason
3185                           code) */
3186#define ASSOCIATED 0x0400 /* Associated */
3187#define REASSOCIATED 0x0600 /* Reassociated?  Only on firmware >= 5.30.17 */
3188#define RC_RESERVED 0 /* Reserved return code */
3189#define RC_NOREASON 1 /* Unspecified reason */
3190#define RC_AUTHINV 2 /* Previous authentication invalid */
3191#define RC_DEAUTH 3 /* Deauthenticated because sending station is
3192                       leaving */
3193#define RC_NOACT 4 /* Disassociated due to inactivity */
3194#define RC_MAXLOAD 5 /* Disassociated because AP is unable to handle
3195                        all currently associated stations */
3196#define RC_BADCLASS2 6 /* Class 2 frame received from
3197                          non-Authenticated station */
3198#define RC_BADCLASS3 7 /* Class 3 frame received from
3199                          non-Associated station */
3200#define RC_STATLEAVE 8 /* Disassociated because sending station is
3201                          leaving BSS */
3202#define RC_NOAUTH 9 /* Station requesting (Re)Association is not
3203                       Authenticated with the responding station */
3204                        if (newStatus == FORCELOSS && apriv->scan_timeout > 0)
3205                                scan_forceloss = 1;
3206                        if(newStatus == ASSOCIATED || newStatus == REASSOCIATED) {
3207                                if (auto_wep)
3208                                        apriv->expires = 0;
3209                                if (apriv->list_bss_task)
3210                                        wake_up_process(apriv->list_bss_task);
3211                                set_bit(FLAG_UPDATE_UNI, &apriv->flags);
3212                                set_bit(FLAG_UPDATE_MULTI, &apriv->flags);
3213
3214                                if (down_trylock(&apriv->sem) != 0) {
3215                                        set_bit(JOB_EVENT, &apriv->jobs);
3216                                        wake_up_interruptible(&apriv->thr_wait);
3217                                } else
3218                                        airo_send_event(dev);
3219                        } else if (!scan_forceloss) {
3220                                if (auto_wep && !apriv->expires) {
3221                                        apriv->expires = RUN_AT(3*HZ);
3222                                        wake_up_interruptible(&apriv->thr_wait);
3223                                }
3224
3225                                /* Send event to user space */
3226                                memset(wrqu.ap_addr.sa_data, '\0', ETH_ALEN);
3227                                wrqu.ap_addr.sa_family = ARPHRD_ETHER;
3228                                wireless_send_event(dev, SIOCGIWAP, &wrqu,NULL);
3229                        }
3230                }
3231
3232                /* Check to see if there is something to receive */
3233                if ( status & EV_RX  ) {
3234                        struct sk_buff *skb = NULL;
3235                        __le16 fc, v;
3236                        u16 len, hdrlen = 0;
3237#pragma pack(1)
3238                        struct {
3239                                __le16 status, len;
3240                                u8 rssi[2];
3241                                u8 rate;
3242                                u8 freq;
3243                                __le16 tmp[4];
3244                        } hdr;
3245#pragma pack()
3246                        u16 gap;
3247                        __le16 tmpbuf[4];
3248                        __le16 *buffer;
3249
3250                        if (test_bit(FLAG_MPI,&apriv->flags)) {
3251                                if (test_bit(FLAG_802_11, &apriv->flags))
3252                                        mpi_receive_802_11(apriv);
3253                                else
3254                                        mpi_receive_802_3(apriv);
3255                                OUT4500(apriv, EVACK, EV_RX);
3256                                goto exitrx;
3257                        }
3258
3259                        fid = IN4500( apriv, RXFID );
3260
3261                        /* Get the packet length */
3262                        if (test_bit(FLAG_802_11, &apriv->flags)) {
3263                                bap_setup (apriv, fid, 4, BAP0);
3264                                bap_read (apriv, (__le16*)&hdr, sizeof(hdr), BAP0);
3265                                /* Bad CRC. Ignore packet */
3266                                if (le16_to_cpu(hdr.status) & 2)
3267                                        hdr.len = 0;
3268                                if (apriv->wifidev == NULL)
3269                                        hdr.len = 0;
3270                        } else {
3271                                bap_setup (apriv, fid, 0x36, BAP0);
3272                                bap_read (apriv, &hdr.len, 2, BAP0);
3273                        }
3274                        len = le16_to_cpu(hdr.len);
3275
3276                        if (len > AIRO_DEF_MTU) {
3277                                airo_print_err(apriv->dev->name, "Bad size %d", len);
3278                                goto badrx;
3279                        }
3280                        if (len == 0)
3281                                goto badrx;
3282
3283                        if (test_bit(FLAG_802_11, &apriv->flags)) {
3284                                bap_read (apriv, &fc, sizeof(fc), BAP0);
3285                                hdrlen = header_len(fc);
3286                        } else
3287                                hdrlen = ETH_ALEN * 2;
3288
3289                        skb = dev_alloc_skb( len + hdrlen + 2 + 2 );
3290                        if ( !skb ) {
3291                                apriv->stats.rx_dropped++;
3292                                goto badrx;
3293                        }
3294                        skb_reserve(skb, 2); /* This way the IP header is aligned */
3295                        buffer = (__le16*)skb_put (skb, len + hdrlen);
3296                        if (test_bit(FLAG_802_11, &apriv->flags)) {
3297                                buffer[0] = fc;
3298                                bap_read (apriv, buffer + 1, hdrlen - 2, BAP0);
3299                                if (hdrlen == 24)
3300                                        bap_read (apriv, tmpbuf, 6, BAP0);
3301
3302                                bap_read (apriv, &v, sizeof(v), BAP0);
3303                                gap = le16_to_cpu(v);
3304                                if (gap) {
3305                                        if (gap <= 8) {
3306                                                bap_read (apriv, tmpbuf, gap, BAP0);
3307                                        } else {
3308                                                airo_print_err(apriv->dev->name, "gaplen too "
3309                                                        "big. Problems will follow...");
3310                                        }
3311                                }
3312                                bap_read (apriv, buffer + hdrlen/2, len, BAP0);
3313                        } else {
3314                                MICBuffer micbuf;
3315                                bap_read (apriv, buffer, ETH_ALEN*2, BAP0);
3316                                if (apriv->micstats.enabled) {
3317                                        bap_read (apriv,(__le16*)&micbuf,sizeof(micbuf),BAP0);
3318                                        if (ntohs(micbuf.typelen) > 0x05DC)
3319                                                bap_setup (apriv, fid, 0x44, BAP0);
3320                                        else {
3321                                                if (len <= sizeof(micbuf))
3322                                                        goto badmic;
3323
3324                                                len -= sizeof(micbuf);
3325                                                skb_trim (skb, len + hdrlen);
3326                                        }
3327                                }
3328                                bap_read(apriv,buffer+ETH_ALEN,len,BAP0);
3329                                if (decapsulate(apriv,&micbuf,(etherHead*)buffer,len)) {
3330badmic:
3331                                        dev_kfree_skb_irq (skb);
3332badrx:
3333                                        OUT4500( apriv, EVACK, EV_RX);
3334                                        goto exitrx;
3335                                }
3336                        }
3337#ifdef WIRELESS_SPY
3338                        if (apriv->spy_data.spy_number > 0) {
3339                                char *sa;
3340                                struct iw_quality wstats;
3341                                /* Prepare spy data : addr + qual */
3342                                if (!test_bit(FLAG_802_11, &apriv->flags)) {
3343                                        sa = (char*)buffer + 6;
3344                                        bap_setup (apriv, fid, 8, BAP0);
3345                                        bap_read (apriv, (__le16*)hdr.rssi, 2, BAP0);
3346                                } else
3347                                        sa = (char*)buffer + 10;
3348                                wstats.qual = hdr.rssi[0];
3349                                if (apriv->rssi)
3350                                        wstats.level = 0x100 - apriv->rssi[hdr.rssi[1]].rssidBm;
3351                                else
3352                                        wstats.level = (hdr.rssi[1] + 321) / 2;
3353                                wstats.noise = apriv->wstats.qual.noise;
3354                                wstats.updated = IW_QUAL_LEVEL_UPDATED
3355                                        | IW_QUAL_QUAL_UPDATED
3356                                        | IW_QUAL_DBM;
3357                                /* Update spy records */
3358                                wireless_spy_update(dev, sa, &wstats);
3359                        }
3360#endif /* WIRELESS_SPY */
3361                        OUT4500( apriv, EVACK, EV_RX);
3362
3363                        if (test_bit(FLAG_802_11, &apriv->flags)) {
3364                                skb_reset_mac_header(skb);
3365                                skb->pkt_type = PACKET_OTHERHOST;
3366                                skb->dev = apriv->wifidev;
3367                                skb->protocol = htons(ETH_P_802_2);
3368                        } else
3369                                skb->protocol = eth_type_trans(skb,dev);
3370                        skb->dev->last_rx = jiffies;
3371                        skb->ip_summed = CHECKSUM_NONE;
3372
3373                        netif_rx( skb );
3374                }
3375exitrx:
3376
3377                /* Check to see if a packet has been transmitted */
3378                if (  status & ( EV_TX|EV_TXCPY|EV_TXEXC ) ) {
3379                        int i;
3380                        int len = 0;
3381                        int index = -1;
3382
3383                        if (test_bit(FLAG_MPI,&apriv->flags)) {
3384                                unsigned long flags;
3385
3386                                if (status & EV_TXEXC)
3387                                        get_tx_error(apriv, -1);
3388                                spin_lock_irqsave(&apriv->aux_lock, flags);
3389                                if (!skb_queue_empty(&apriv->txq)) {
3390                                        spin_unlock_irqrestore(&apriv->aux_lock,flags);
3391                                        mpi_send_packet (dev);
3392                                } else {
3393                                        clear_bit(FLAG_PENDING_XMIT, &apriv->flags);
3394                                        spin_unlock_irqrestore(&apriv->aux_lock,flags);
3395                                        netif_wake_queue (dev);
3396                                }
3397                                OUT4500( apriv, EVACK,
3398                                        status & (EV_TX|EV_TXCPY|EV_TXEXC));
3399                                goto exittx;
3400                        }
3401
3402                        fid = IN4500(apriv, TXCOMPLFID);
3403
3404                        for( i = 0; i < MAX_FIDS; i++ ) {
3405                                if ( ( apriv->fids[i] & 0xffff ) == fid ) {
3406                                        len = apriv->fids[i] >> 16;
3407                                        index = i;
3408                                }
3409                        }
3410                        if (index != -1) {
3411                                if (status & EV_TXEXC)
3412                                        get_tx_error(apriv, index);
3413                                OUT4500( apriv, EVACK, status & (EV_TX | EV_TXEXC));
3414                                /* Set up to be used again */
3415                                apriv->fids[index] &= 0xffff;
3416                                if (index < MAX_FIDS / 2) {
3417                                        if (!test_bit(FLAG_PENDING_XMIT, &apriv->flags))
3418                                                netif_wake_queue(dev);
3419                                } else {
3420                                        if (!test_bit(FLAG_PENDING_XMIT11, &apriv->flags))
3421                                                netif_wake_queue(apriv->wifidev);
3422                                }
3423                        } else {
3424                                OUT4500( apriv, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
3425                                airo_print_err(apriv->dev->name, "Unallocated FID was "
3426                                        "used to xmit" );
3427                        }
3428                }
3429exittx:
3430                if ( status & ~STATUS_INTS & ~IGNORE_INTS )
3431                        airo_print_warn(apriv->dev->name, "Got weird status %x",
3432                                status & ~STATUS_INTS & ~IGNORE_INTS );
3433        }
3434
3435        if (savedInterrupts)
3436                OUT4500( apriv, EVINTEN, savedInterrupts );
3437
3438        /* done.. */
3439        return IRQ_RETVAL(handled);
3440}
3441
3442/*
3443 *  Routines to talk to the card
3444 */
3445
3446/*
3447 *  This was originally written for the 4500, hence the name
3448 *  NOTE:  If use with 8bit mode and SMP bad things will happen!
3449 *         Why would some one do 8 bit IO in an SMP machine?!?
3450 */
3451static void OUT4500( struct airo_info *ai, u16 reg, u16 val ) {
3452        if (test_bit(FLAG_MPI,&ai->flags))
3453                reg <<= 1;
3454        if ( !do8bitIO )
3455                outw( val, ai->dev->base_addr + reg );
3456        else {
3457                outb( val & 0xff, ai->dev->base_addr + reg );
3458                outb( val >> 8, ai->dev->base_addr + reg + 1 );
3459        }
3460}
3461
3462static u16 IN4500( struct airo_info *ai, u16 reg ) {
3463        unsigned short rc;
3464
3465        if (test_bit(FLAG_MPI,&ai->flags))
3466                reg <<= 1;
3467        if ( !do8bitIO )
3468                rc = inw( ai->dev->base_addr + reg );
3469        else {
3470                rc = inb( ai->dev->base_addr + reg );
3471                rc += ((int)inb( ai->dev->base_addr + reg + 1 )) << 8;
3472        }
3473        return rc;
3474}
3475
3476static int enable_MAC(struct airo_info *ai, int lock)
3477{
3478        int rc;
3479        Cmd cmd;
3480        Resp rsp;
3481
3482        /* FLAG_RADIO_OFF : Radio disabled via /proc or Wireless Extensions
3483         * FLAG_RADIO_DOWN : Radio disabled via "ifconfig ethX down"
3484         * Note : we could try to use !netif_running(dev) in enable_MAC()
3485         * instead of this flag, but I don't trust it *within* the
3486         * open/close functions, and testing both flags together is
3487         * "cheaper" - Jean II */
3488        if (ai->flags & FLAG_RADIO_MASK) return SUCCESS;
3489
3490        if (lock && down_interruptible(&ai->sem))
3491                return -ERESTARTSYS;
3492
3493        if (!test_bit(FLAG_ENABLED, &ai->flags)) {
3494                memset(&cmd, 0, sizeof(cmd));
3495                cmd.cmd = MAC_ENABLE;
3496                rc = issuecommand(ai, &cmd, &rsp);
3497                if (rc == SUCCESS)
3498                        set_bit(FLAG_ENABLED, &ai->flags);
3499        } else
3500                rc = SUCCESS;
3501
3502        if (lock)
3503            up(&ai->sem);
3504
3505        if (rc)
3506                airo_print_err(ai->dev->name, "Cannot enable MAC");
3507        else if ((rsp.status & 0xFF00) != 0) {
3508                airo_print_err(ai->dev->name, "Bad MAC enable reason=%x, "
3509                        "rid=%x, offset=%d", rsp.rsp0, rsp.rsp1, rsp.rsp2);
3510                rc = ERROR;
3511        }
3512        return rc;
3513}
3514
3515static void disable_MAC( struct airo_info *ai, int lock ) {
3516        Cmd cmd;
3517        Resp rsp;
3518
3519        if (lock && down_interruptible(&ai->sem))
3520                return;
3521
3522        if (test_bit(FLAG_ENABLED, &ai->flags)) {
3523                memset(&cmd, 0, sizeof(cmd));
3524                cmd.cmd = MAC_DISABLE; // disable in case already enabled
3525                issuecommand(ai, &cmd, &rsp);
3526                clear_bit(FLAG_ENABLED, &ai->flags);
3527        }
3528        if (lock)
3529                up(&ai->sem);
3530}
3531
3532static void enable_interrupts( struct airo_info *ai ) {
3533        /* Enable the interrupts */
3534        OUT4500( ai, EVINTEN, STATUS_INTS );
3535}
3536
3537static void disable_interrupts( struct airo_info *ai ) {
3538        OUT4500( ai, EVINTEN, 0 );
3539}
3540
3541static void mpi_receive_802_3(struct airo_info *ai)
3542{
3543        RxFid rxd;
3544        int len = 0;
3545        struct sk_buff *skb;
3546        char *buffer;
3547        int off = 0;
3548        MICBuffer micbuf;
3549
3550        memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
3551        /* Make sure we got something */
3552        if (rxd.rdy && rxd.valid == 0) {
3553                len = rxd.len + 12;
3554                if (len < 12 || len > 2048)
3555                        goto badrx;
3556
3557                skb = dev_alloc_skb(len);
3558                if (!skb) {
3559                        ai->stats.rx_dropped++;
3560                        goto badrx;
3561                }
3562                buffer = skb_put(skb,len);
3563                memcpy(buffer, ai->rxfids[0].virtual_host_addr, ETH_ALEN * 2);
3564                if (ai->micstats.enabled) {
3565                        memcpy(&micbuf,
3566                                ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2,
3567                                sizeof(micbuf));
3568                        if (ntohs(micbuf.typelen) <= 0x05DC) {
3569                                if (len <= sizeof(micbuf) + ETH_ALEN * 2)
3570                                        goto badmic;
3571
3572                                off = sizeof(micbuf);
3573                                skb_trim (skb, len - off);
3574                        }
3575                }
3576                memcpy(buffer + ETH_ALEN * 2,
3577                        ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2 + off,
3578                        len - ETH_ALEN * 2 - off);
3579                if (decapsulate (ai, &micbuf, (etherHead*)buffer, len - off - ETH_ALEN * 2)) {
3580badmic:
3581                        dev_kfree_skb_irq (skb);
3582                        goto badrx;
3583                }
3584#ifdef WIRELESS_SPY
3585                if (ai->spy_data.spy_number > 0) {
3586                        char *sa;
3587                        struct iw_quality wstats;
3588                        /* Prepare spy data : addr + qual */
3589                        sa = buffer + ETH_ALEN;
3590                        wstats.qual = 0; /* XXX Where do I get that info from ??? */
3591                        wstats.level = 0;
3592                        wstats.updated = 0;
3593                        /* Update spy records */
3594                        wireless_spy_update(ai->dev, sa, &wstats);
3595                }
3596#endif /* WIRELESS_SPY */
3597
3598                skb->ip_summed = CHECKSUM_NONE;
3599                skb->protocol = eth_type_trans(skb, ai->dev);
3600                skb->dev->last_rx = jiffies;
3601                netif_rx(skb);
3602        }
3603badrx:
3604        if (rxd.valid == 0) {
3605                rxd.valid = 1;
3606                rxd.rdy = 0;
3607                rxd.len = PKTSIZE;
3608                memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
3609        }
3610}
3611
3612void mpi_receive_802_11 (struct airo_info *ai)
3613{
3614        RxFid rxd;
3615        struct sk_buff *skb = NULL;
3616        u16 len, hdrlen = 0;
3617        __le16 fc;
3618#pragma pack(1)
3619        struct {
3620                __le16 status, len;
3621                u8 rssi[2];
3622                u8 rate;
3623                u8 freq;
3624                __le16 tmp[4];
3625        } hdr;
3626#pragma pack()
3627        u16 gap;
3628        u16 *buffer;
3629        char *ptr = ai->rxfids[0].virtual_host_addr+4;
3630
3631        memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
3632        memcpy ((char *)&hdr, ptr, sizeof(hdr));
3633        ptr += sizeof(hdr);
3634        /* Bad CRC. Ignore packet */
3635        if (le16_to_cpu(hdr.status) & 2)
3636                hdr.len = 0;
3637        if (ai->wifidev == NULL)
3638                hdr.len = 0;
3639        len = le16_to_cpu(hdr.len);
3640        if (len > AIRO_DEF_MTU) {
3641                airo_print_err(ai->dev->name, "Bad size %d", len);
3642                goto badrx;
3643        }
3644        if (len == 0)
3645                goto badrx;
3646
3647        fc = get_unaligned((__le16 *)ptr);
3648        hdrlen = header_len(fc);
3649
3650        skb = dev_alloc_skb( len + hdrlen + 2 );
3651        if ( !skb ) {
3652                ai->stats.rx_dropped++;
3653                goto badrx;
3654        }
3655        buffer = (u16*)skb_put (skb, len + hdrlen);
3656        memcpy ((char *)buffer, ptr, hdrlen);
3657        ptr += hdrlen;
3658        if (hdrlen == 24)
3659                ptr += 6;
3660        gap = le16_to_cpu(get_unaligned((__le16 *)ptr));
3661        ptr += sizeof(__le16);
3662        if (gap) {
3663                if (gap <= 8)
3664                        ptr += gap;
3665                else
3666                        airo_print_err(ai->dev->name,
3667                            "gaplen too big. Problems will follow...");
3668        }
3669        memcpy ((char *)buffer + hdrlen, ptr, len);
3670        ptr += len;
3671#ifdef IW_WIRELESS_SPY    /* defined in iw_handler.h */
3672        if (ai->spy_data.spy_number > 0) {
3673                char *sa;
3674                struct iw_quality wstats;
3675                /* Prepare spy data : addr + qual */
3676                sa = (char*)buffer + 10;
3677                wstats.qual = hdr.rssi[0];
3678                if (ai->rssi)
3679                        wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
3680                else
3681                        wstats.level = (hdr.rssi[1] + 321) / 2;
3682                wstats.noise = ai->wstats.qual.noise;
3683                wstats.updated = IW_QUAL_QUAL_UPDATED
3684                        | IW_QUAL_LEVEL_UPDATED
3685                        | IW_QUAL_DBM;
3686                /* Update spy records */
3687                wireless_spy_update(ai->dev, sa, &wstats);
3688        }
3689#endif /* IW_WIRELESS_SPY */
3690        skb_reset_mac_header(skb);
3691        skb->pkt_type = PACKET_OTHERHOST;
3692        skb->dev = ai->wifidev;
3693        skb->protocol = htons(ETH_P_802_2);
3694        skb->dev->last_rx = jiffies;
3695        skb->ip_summed = CHECKSUM_NONE;
3696        netif_rx( skb );
3697badrx:
3698        if (rxd.valid == 0) {
3699                rxd.valid = 1;
3700                rxd.rdy = 0;
3701                rxd.len = PKTSIZE;
3702                memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
3703        }
3704}
3705
3706static u16 setup_card(struct airo_info *ai, u8 *mac, int lock)
3707{
3708        Cmd cmd;
3709        Resp rsp;
3710        int status;
3711        int i;
3712        SsidRid mySsid;
3713        __le16 lastindex;
3714        WepKeyRid wkr;
3715        int rc;
3716
3717        memset( &mySsid, 0, sizeof( mySsid ) );
3718        kfree (ai->flash);
3719        ai->flash = NULL;
3720
3721        /* The NOP is the first step in getting the card going */
3722        cmd.cmd = NOP;
3723        cmd.parm0 = cmd.parm1 = cmd.parm2 = 0;
3724        if (lock && down_interruptible(&ai->sem))
3725                return ERROR;
3726        if ( issuecommand( ai, &cmd, &rsp ) != SUCCESS ) {
3727                if (lock)
3728                        up(&ai->sem);
3729                return ERROR;
3730        }
3731        disable_MAC( ai, 0);
3732
3733        // Let's figure out if we need to use the AUX port
3734        if (!test_bit(FLAG_MPI,&ai->flags)) {
3735                cmd.cmd = CMD_ENABLEAUX;
3736                if (issuecommand(ai, &cmd, &rsp) != SUCCESS) {
3737                        if (lock)
3738                                up(&ai->sem);
3739                        airo_print_err(ai->dev->name, "Error checking for AUX port");
3740                        return ERROR;
3741                }
3742                if (!aux_bap || rsp.status & 0xff00) {
3743                        ai->bap_read = fast_bap_read;
3744                        airo_print_dbg(ai->dev->name, "Doing fast bap_reads");
3745                } else {
3746                        ai->bap_read = aux_bap_read;
3747                        airo_print_dbg(ai->dev->name, "Doing AUX bap_reads");
3748                }
3749        }
3750        if (lock)
3751                up(&ai->sem);
3752        if (ai->config.len == 0) {
3753                tdsRssiRid rssi_rid;
3754                CapabilityRid cap_rid;
3755
3756                kfree(ai->APList);
3757                ai->APList = NULL;
3758                kfree(ai->SSID);
3759                ai->SSID = NULL;
3760                // general configuration (read/modify/write)
3761                status = readConfigRid(ai, lock);
3762                if ( status != SUCCESS ) return ERROR;
3763
3764                status = readCapabilityRid(ai, &cap_rid, lock);
3765                if ( status != SUCCESS ) return ERROR;
3766
3767                status = PC4500_readrid(ai,RID_RSSI,&rssi_rid,sizeof(rssi_rid),lock);
3768                if ( status == SUCCESS ) {
3769                        if (ai->rssi || (ai->rssi = kmalloc(512, GFP_KERNEL)) != NULL)
3770                                memcpy(ai->rssi, (u8*)&rssi_rid + 2, 512); /* Skip RID length member */
3771                }
3772                else {
3773                        kfree(ai->rssi);
3774                        ai->rssi = NULL;
3775                        if (cap_rid.softCap & cpu_to_le16(8))
3776                                ai->config.rmode |= RXMODE_NORMALIZED_RSSI;
3777                        else
3778                                airo_print_warn(ai->dev->name, "unknown received signal "
3779                                                "level scale");
3780                }
3781                ai->config.opmode = adhoc ? MODE_STA_IBSS : MODE_STA_ESS;
3782                ai->config.authType = AUTH_OPEN;
3783                ai->config.modulation = MOD_CCK;
3784
3785                if (le16_to_cpu(cap_rid.len) >= sizeof(cap_rid) &&
3786                    (cap_rid.extSoftCap & cpu_to_le16(1)) &&
3787                    micsetup(ai) == SUCCESS) {
3788                        ai->config.opmode |= MODE_MIC;
3789                        set_bit(FLAG_MIC_CAPABLE, &ai->flags);
3790                }
3791
3792                /* Save off the MAC */
3793                for( i = 0; i < ETH_ALEN; i++ ) {
3794                        mac[i] = ai->config.macAddr[i];
3795                }
3796
3797                /* Check to see if there are any insmod configured
3798                   rates to add */
3799                if ( rates[0] ) {
3800                        int i = 0;
3801                        memset(ai->config.rates,0,sizeof(ai->config.rates));
3802                        for( i = 0; i < 8 && rates[i]; i++ ) {
3803                                ai->config.rates[i] = rates[i];
3804                        }
3805                }
3806                if ( basic_rate > 0 ) {
3807                        int i;
3808                        for( i = 0; i < 8; i++ ) {
3809                                if ( ai->config.rates[i] == basic_rate ||
3810                                     !ai->config.rates ) {
3811                                        ai->config.rates[i] = basic_rate | 0x80;
3812                                        break;
3813                                }
3814                        }
3815                }
3816                set_bit (FLAG_COMMIT, &ai->flags);
3817        }
3818
3819        /* Setup the SSIDs if present */
3820        if ( ssids[0] ) {
3821                int i;
3822                for( i = 0; i < 3 && ssids[i]; i++ ) {
3823                        size_t len = strlen(ssids[i]);
3824                        if (len > 32)
3825                                len = 32;
3826                        mySsid.ssids[i].len = cpu_to_le16(len);
3827                        memcpy(mySsid.ssids[i].ssid, ssids[i], len);
3828                }
3829                mySsid.len = cpu_to_le16(sizeof(mySsid));
3830        }
3831
3832        status = writeConfigRid(ai, lock);
3833        if ( status != SUCCESS ) return ERROR;
3834
3835        /* Set up the SSID list */
3836        if ( ssids[0] ) {
3837                status = writeSsidRid(ai, &mySsid, lock);
3838                if ( status != SUCCESS ) return ERROR;
3839        }
3840
3841        status = enable_MAC(ai, lock);
3842        if (status != SUCCESS)
3843                return ERROR;
3844
3845        /* Grab the initial wep key, we gotta save it for auto_wep */
3846        rc = readWepKeyRid(ai, &wkr, 1, lock);
3847        if (rc == SUCCESS) do {
3848                lastindex = wkr.kindex;
3849                if (wkr.kindex == cpu_to_le16(0xffff)) {
3850                        ai->defindex = wkr.mac[0];
3851                }
3852                rc = readWepKeyRid(ai, &wkr, 0, lock);
3853        } while(lastindex != wkr.kindex);
3854
3855        try_auto_wep(ai);
3856
3857        return SUCCESS;
3858}
3859
3860static u16 issuecommand(struct airo_info *ai, Cmd *pCmd, Resp *pRsp) {
3861        // Im really paranoid about letting it run forever!
3862        int max_tries = 600000;
3863
3864        if (IN4500(ai, EVSTAT) & EV_CMD)
3865                OUT4500(ai, EVACK, EV_CMD);
3866
3867        OUT4500(ai, PARAM0, pCmd->parm0);
3868        OUT4500(ai, PARAM1, pCmd->parm1);
3869        OUT4500(ai, PARAM2, pCmd->parm2);
3870        OUT4500(ai, COMMAND, pCmd->cmd);
3871
3872        while (max_tries-- && (IN4500(ai, EVSTAT) & EV_CMD) == 0) {
3873                if ((IN4500(ai, COMMAND)) == pCmd->cmd)
3874                        // PC4500 didn't notice command, try again
3875                        OUT4500(ai, COMMAND, pCmd->cmd);
3876                if (!in_atomic() && (max_tries & 255) == 0)
3877                        schedule();
3878        }
3879
3880        if ( max_tries == -1 ) {
3881                airo_print_err(ai->dev->name,
3882                        "Max tries exceeded when issueing command");
3883                if (IN4500(ai, COMMAND) & COMMAND_BUSY)
3884                        OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
3885                return ERROR;
3886        }
3887
3888        // command completed
3889        pRsp->status = IN4500(ai, STATUS);
3890        pRsp->rsp0 = IN4500(ai, RESP0);
3891        pRsp->rsp1 = IN4500(ai, RESP1);
3892        pRsp->rsp2 = IN4500(ai, RESP2);
3893        if ((pRsp->status & 0xff00)!=0 && pCmd->cmd != CMD_SOFTRESET)
3894                airo_print_err(ai->dev->name,
3895                        "cmd:%x status:%x rsp0:%x rsp1:%x rsp2:%x",
3896                        pCmd->cmd, pRsp->status, pRsp->rsp0, pRsp->rsp1,
3897                        pRsp->rsp2);
3898
3899        // clear stuck command busy if necessary
3900        if (IN4500(ai, COMMAND) & COMMAND_BUSY) {
3901                OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
3902        }
3903        // acknowledge processing the status/response
3904        OUT4500(ai, EVACK, EV_CMD);
3905
3906        return SUCCESS;
3907}
3908
3909/* Sets up the bap to start exchange data.  whichbap should
3910 * be one of the BAP0 or BAP1 defines.  Locks should be held before
3911 * calling! */
3912static int bap_setup(struct airo_info *ai, u16 rid, u16 offset, int whichbap )
3913{
3914        int timeout = 50;
3915        int max_tries = 3;
3916
3917        OUT4500(ai, SELECT0+whichbap, rid);
3918        OUT4500(ai, OFFSET0+whichbap, offset);
3919        while (1) {
3920                int status = IN4500(ai, OFFSET0+whichbap);
3921                if (status & BAP_BUSY) {
3922                        /* This isn't really a timeout, but its kinda
3923                           close */
3924                        if (timeout--) {
3925                                continue;
3926                        }
3927                } else if ( status & BAP_ERR ) {
3928                        /* invalid rid or offset */
3929                        airo_print_err(ai->dev->name, "BAP error %x %d",
3930                                status, whichbap );
3931                        return ERROR;
3932                } else if (status & BAP_DONE) { // success
3933                        return SUCCESS;
3934                }
3935                if ( !(max_tries--) ) {
3936                        airo_print_err(ai->dev->name,
3937                                "BAP setup error too many retries\n");
3938                        return ERROR;
3939                }
3940                // -- PC4500 missed it, try again
3941                OUT4500(ai, SELECT0+whichbap, rid);
3942                OUT4500(ai, OFFSET0+whichbap, offset);
3943                timeout = 50;
3944        }
3945}
3946
3947/* should only be called by aux_bap_read.  This aux function and the
3948   following use concepts not documented in the developers guide.  I
3949   got them from a patch given to my by Aironet */
3950static u16 aux_setup(struct airo_info *ai, u16 page,
3951                     u16 offset, u16 *len)
3952{
3953        u16 next;
3954
3955        OUT4500(ai, AUXPAGE, page);
3956        OUT4500(ai, AUXOFF, 0);
3957        next = IN4500(ai, AUXDATA);
3958        *len = IN4500(ai, AUXDATA)&0xff;
3959        if (offset != 4) OUT4500(ai, AUXOFF, offset);
3960        return next;
3961}
3962
3963/* requires call to bap_setup() first */
3964static int aux_bap_read(struct airo_info *ai, __le16 *pu16Dst,
3965                        int bytelen, int whichbap)
3966{
3967        u16 len;
3968        u16 page;
3969        u16 offset;
3970        u16 next;
3971        int words;
3972        int i;
3973        unsigned long flags;
3974
3975        spin_lock_irqsave(&ai->aux_lock, flags);
3976        page = IN4500(ai, SWS0+whichbap);
3977        offset = IN4500(ai, SWS2+whichbap);
3978        next = aux_setup(ai, page, offset, &len);
3979        words = (bytelen+1)>>1;
3980
3981        for (i=0; i<words;) {
3982                int count;
3983                count = (len>>1) < (words-i) ? (len>>1) : (words-i);
3984                if ( !do8bitIO )
3985                        insw( ai->dev->base_addr+DATA0+whichbap,
3986                              pu16Dst+i,count );
3987                else
3988                        insb( ai->dev->base_addr+DATA0+whichbap,
3989                              pu16Dst+i, count << 1 );
3990                i += count;
3991                if (i<words) {
3992                        next = aux_setup(ai, next, 4, &len);
3993                }
3994        }
3995        spin_unlock_irqrestore(&ai->aux_lock, flags);
3996        return SUCCESS;
3997}
3998
3999
4000/* requires call to bap_setup() first */
4001static int fast_bap_read(struct airo_info *ai, __le16 *pu16Dst,
4002                         int bytelen, int whichbap)
4003{
4004        bytelen = (bytelen + 1) & (~1); // round up to even value
4005        if ( !do8bitIO )
4006                insw( ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen>>1 );
4007        else
4008                insb( ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen );
4009        return SUCCESS;
4010}
4011
4012/* requires call to bap_setup() first */
4013static int bap_write(struct airo_info *ai, const __le16 *pu16Src,
4014                     int bytelen, int whichbap)
4015{
4016        bytelen = (bytelen + 1) & (~1); // round up to even value
4017        if ( !do8bitIO )
4018                outsw( ai->dev->base_addr+DATA0+whichbap,
4019                       pu16Src, bytelen>>1 );
4020        else
4021                outsb( ai->dev->base_addr+DATA0+whichbap, pu16Src, bytelen );
4022        return SUCCESS;
4023}
4024
4025static int PC4500_accessrid(struct airo_info *ai, u16 rid, u16 accmd)
4026{
4027        Cmd cmd; /* for issuing commands */
4028        Resp rsp; /* response from commands */
4029        u16 status;
4030
4031        memset(&cmd, 0, sizeof(cmd));
4032        cmd.cmd = accmd;
4033        cmd.parm0 = rid;
4034        status = issuecommand(ai, &cmd, &rsp);
4035        if (status != 0) return status;
4036        if ( (rsp.status & 0x7F00) != 0) {
4037                return (accmd << 8) + (rsp.rsp0 & 0xFF);
4038        }
4039        return 0;
4040}
4041
4042/*  Note, that we are using BAP1 which is also used by transmit, so
4043 *  we must get a lock. */
4044static int PC4500_readrid(struct airo_info *ai, u16 rid, void *pBuf, int len, int lock)
4045{
4046        u16 status;
4047        int rc = SUCCESS;
4048
4049        if (lock) {
4050                if (down_interruptible(&ai->sem))
4051                        return ERROR;
4052        }
4053        if (test_bit(FLAG_MPI,&ai->flags)) {
4054                Cmd cmd;
4055                Resp rsp;
4056
4057                memset(&cmd, 0, sizeof(cmd));
4058                memset(&rsp, 0, sizeof(rsp));
4059                ai->config_desc.rid_desc.valid = 1;
4060                ai->config_desc.rid_desc.len = RIDSIZE;
4061                ai->config_desc.rid_desc.rid = 0;
4062                ai->config_desc.rid_desc.host_addr = ai->ridbus;
4063
4064                cmd.cmd = CMD_ACCESS;
4065                cmd.parm0 = rid;
4066
4067                memcpy_toio(ai->config_desc.card_ram_off,
4068                        &ai->config_desc.rid_desc, sizeof(Rid));
4069
4070                rc = issuecommand(ai, &cmd, &rsp);
4071
4072                if (rsp.status & 0x7f00)
4073                        rc = rsp.rsp0;
4074                if (!rc)
4075                        memcpy(pBuf, ai->config_desc.virtual_host_addr, len);
4076                goto done;
4077        } else {
4078                if ((status = PC4500_accessrid(ai, rid, CMD_ACCESS))!=SUCCESS) {
4079                        rc = status;
4080                        goto done;
4081                }
4082                if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
4083                        rc = ERROR;
4084                        goto done;
4085                }
4086                // read the rid length field
4087                bap_read(ai, pBuf, 2, BAP1);
4088                // length for remaining part of rid
4089                len = min(len, (int)le16_to_cpu(*(__le16*)pBuf)) - 2;
4090
4091                if ( len <= 2 ) {
4092                        airo_print_err(ai->dev->name,
4093                                "Rid %x has a length of %d which is too short",
4094                                (int)rid, (int)len );
4095                        rc = ERROR;
4096                        goto done;
4097                }
4098                // read remainder of the rid
4099                rc = bap_read(ai, ((__le16*)pBuf)+1, len, BAP1);
4100        }
4101done:
4102        if (lock)
4103                up(&ai->sem);
4104        return rc;
4105}
4106
4107/*  Note, that we are using BAP1 which is also used by transmit, so
4108 *  make sure this isnt called when a transmit is happening */
4109static int PC4500_writerid(struct airo_info *ai, u16 rid,
4110                           const void *pBuf, int len, int lock)
4111{
4112        u16 status;
4113        int rc = SUCCESS;
4114
4115        *(__le16*)pBuf = cpu_to_le16((u16)len);
4116
4117        if (lock) {
4118                if (down_interruptible(&ai->sem))
4119                        return ERROR;
4120        }
4121        if (test_bit(FLAG_MPI,&ai->flags)) {
4122                Cmd cmd;
4123                Resp rsp;
4124
4125                if (test_bit(FLAG_ENABLED, &ai->flags) && (RID_WEP_TEMP != rid))
4126                        airo_print_err(ai->dev->name,
4127                                "%s: MAC should be disabled (rid=%04x)",
4128                                __FUNCTION__, rid);
4129                memset(&cmd, 0, sizeof(cmd));
4130                memset(&rsp, 0, sizeof(rsp));
4131
4132                ai->config_desc.rid_desc.valid = 1;
4133                ai->config_desc.rid_desc.len = *((u16 *)pBuf);
4134                ai->config_desc.rid_desc.rid = 0;
4135
4136                cmd.cmd = CMD_WRITERID;
4137                cmd.parm0 = rid;
4138
4139                memcpy_toio(ai->config_desc.card_ram_off,
4140                        &ai->config_desc.rid_desc, sizeof(Rid));
4141
4142                if (len < 4 || len > 2047) {
4143                        airo_print_err(ai->dev->name, "%s: len=%d", __FUNCTION__, len);
4144                        rc = -1;
4145                } else {
4146                        memcpy((char *)ai->config_desc.virtual_host_addr,
4147                                pBuf, len);
4148
4149                        rc = issuecommand(ai, &cmd, &rsp);
4150                        if ((rc & 0xff00) != 0) {
4151                                airo_print_err(ai->dev->name, "%s: Write rid Error %d",
4152                                                __FUNCTION__, rc);
4153                                airo_print_err(ai->dev->name, "%s: Cmd=%04x",
4154                                                __FUNCTION__, cmd.cmd);
4155                        }
4156
4157                        if ((rsp.status & 0x7f00))
4158                                rc = rsp.rsp0;
4159                }
4160        } else {
4161                // --- first access so that we can write the rid data
4162                if ( (status = PC4500_accessrid(ai, rid, CMD_ACCESS)) != 0) {
4163                        rc = status;
4164                        goto done;
4165                }
4166                // --- now write the rid data
4167                if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
4168                        rc = ERROR;
4169                        goto done;
4170                }
4171                bap_write(ai, pBuf, len, BAP1);
4172                // ---now commit the rid data
4173                rc = PC4500_accessrid(ai, rid, 0x100|CMD_ACCESS);
4174        }
4175done:
4176        if (lock)
4177                up(&ai->sem);
4178        return rc;
4179}
4180
4181/* Allocates a FID to be used for transmitting packets.  We only use
4182   one for now. */
4183static u16 transmit_allocate(struct airo_info *ai, int lenPayload, int raw)
4184{
4185        unsigned int loop = 3000;
4186        Cmd cmd;
4187        Resp rsp;
4188        u16 txFid;
4189        __le16 txControl;
4190
4191        cmd.cmd = CMD_ALLOCATETX;
4192        cmd.parm0 = lenPayload;
4193        if (down_interruptible(&ai->sem))
4194                return ERROR;
4195        if (issuecommand(ai, &cmd, &rsp) != SUCCESS) {
4196                txFid = ERROR;
4197                goto done;
4198        }
4199        if ( (rsp.status & 0xFF00) != 0) {
4200                txFid = ERROR;
4201                goto done;
4202        }
4203        /* wait for the allocate event/indication
4204         * It makes me kind of nervous that this can just sit here and spin,
4205         * but in practice it only loops like four times. */
4206        while (((IN4500(ai, EVSTAT) & EV_ALLOC) == 0) && --loop);
4207        if (!loop) {
4208                txFid = ERROR;
4209                goto done;
4210        }
4211
4212        // get the allocated fid and acknowledge
4213        txFid = IN4500(ai, TXALLOCFID);
4214        OUT4500(ai, EVACK, EV_ALLOC);
4215
4216        /*  The CARD is pretty cool since it converts the ethernet packet
4217         *  into 802.11.  Also note that we don't release the FID since we
4218         *  will be using the same one over and over again. */
4219        /*  We only have to setup the control once since we are not
4220         *  releasing the fid. */
4221        if (raw)
4222                txControl = cpu_to_le16(TXCTL_TXOK | TXCTL_TXEX | TXCTL_802_11
4223                        | TXCTL_ETHERNET | TXCTL_NORELEASE);
4224        else
4225                txControl = cpu_to_le16(TXCTL_TXOK | TXCTL_TXEX | TXCTL_802_3
4226                        | TXCTL_ETHERNET | TXCTL_NORELEASE);
4227        if (bap_setup(ai, txFid, 0x0008, BAP1) != SUCCESS)
4228                txFid = ERROR;
4229        else
4230                bap_write(ai, &txControl, sizeof(txControl), BAP1);
4231
4232done:
4233        up(&ai->sem);
4234
4235        return txFid;
4236}
4237
4238/* In general BAP1 is dedicated to transmiting packets.  However,
4239   since we need a BAP when accessing RIDs, we also use BAP1 for that.
4240   Make sure the BAP1 spinlock is held when this is called. */
4241static int transmit_802_3_packet(struct airo_info *ai, int len, char *pPacket)
4242{
4243        __le16 payloadLen;
4244        Cmd cmd;
4245        Resp rsp;
4246        int miclen = 0;
4247        u16 txFid = len;
4248        MICBuffer pMic;
4249
4250        len >>= 16;
4251
4252        if (len <= ETH_ALEN * 2) {
4253                airo_print_warn(ai->dev->name, "Short packet %d", len);
4254                return ERROR;
4255        }
4256        len -= ETH_ALEN * 2;
4257
4258        if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled && 
4259            (ntohs(((__be16 *)pPacket)[6]) != 0x888E)) {
4260                if (encapsulate(ai,(etherHead *)pPacket,&pMic,len) != SUCCESS)
4261                        return ERROR;
4262                miclen = sizeof(pMic);
4263        }
4264        // packet is destination[6], source[6], payload[len-12]
4265        // write the payload length and dst/src/payload
4266        if (bap_setup(ai, txFid, 0x0036, BAP1) != SUCCESS) return ERROR;
4267        /* The hardware addresses aren't counted as part of the payload, so
4268         * we have to subtract the 12 bytes for the addresses off */
4269        payloadLen = cpu_to_le16(len + miclen);
4270        bap_write(ai, &payloadLen, sizeof(payloadLen),BAP1);
4271        bap_write(ai, (__le16*)pPacket, sizeof(etherHead), BAP1);
4272        if (miclen)
4273                bap_write(ai, (__le16*)&pMic, miclen, BAP1);
4274        bap_write(ai, (__le16*)(pPacket + sizeof(etherHead)), len, BAP1);
4275        // issue the transmit command
4276        memset( &cmd, 0, sizeof( cmd ) );
4277        cmd.cmd = CMD_TRANSMIT;
4278        cmd.parm0 = txFid;
4279        if (issuecommand(ai, &cmd, &rsp) != SUCCESS) return ERROR;
4280        if ( (rsp.status & 0xFF00) != 0) return ERROR;
4281        return SUCCESS;
4282}
4283
4284static int transmit_802_11_packet(struct airo_info *ai, int len, char *pPacket)
4285{
4286        __le16 fc, payloadLen;
4287        Cmd cmd;
4288        Resp rsp;
4289        int hdrlen;
4290        static u8 tail[(30-10) + 2 + 6] = {[30-10] = 6};
4291        /* padding of header to full size + le16 gaplen (6) + gaplen bytes */
4292        u16 txFid = len;
4293        len >>= 16;
4294
4295        fc = *(__le16*)pPacket;
4296        hdrlen = header_len(fc);
4297
4298        if (len < hdrlen) {
4299                airo_print_warn(ai->dev->name, "Short packet %d", len);
4300                return ERROR;
4301        }
4302
4303        /* packet is 802.11 header +  payload
4304         * write the payload length and dst/src/payload */
4305        if (bap_setup(ai, txFid, 6, BAP1) != SUCCESS) return ERROR;
4306        /* The 802.11 header aren't counted as part of the payload, so
4307         * we have to subtract the header bytes off */
4308        payloadLen = cpu_to_le16(len-hdrlen);
4309        bap_write(ai, &payloadLen, sizeof(payloadLen),BAP1);
4310        if (bap_setup(ai, txFid, 0x0014, BAP1) != SUCCESS) return ERROR;
4311        bap_write(ai, (__le16 *)pPacket, hdrlen, BAP1);
4312        bap_write(ai, (__le16 *)(tail + (hdrlen - 10)), 38 - hdrlen, BAP1);
4313
4314        bap_write(ai, (__le16 *)(pPacket + hdrlen), len - hdrlen, BAP1);
4315        // issue the transmit command
4316        memset( &cmd, 0, sizeof( cmd ) );
4317        cmd.cmd = CMD_TRANSMIT;
4318        cmd.parm0 = txFid;
4319        if (issuecommand(ai, &cmd, &rsp) != SUCCESS) return ERROR;
4320        if ( (rsp.status & 0xFF00) != 0) return ERROR;
4321        return SUCCESS;
4322}
4323
4324/*
4325 *  This is the proc_fs routines.  It is a bit messier than I would
4326 *  like!  Feel free to clean it up!
4327 */
4328
4329static ssize_t proc_read( struct file *file,
4330                          char __user *buffer,
4331                          size_t len,
4332                          loff_t *offset);
4333
4334static ssize_t proc_write( struct file *file,
4335                           const char __user *buffer,
4336                           size_t len,
4337                           loff_t *offset );
4338static int proc_close( struct inode *inode, struct file *file );
4339
4340static int proc_stats_open( struct inode *inode, struct file *file );
4341static int proc_statsdelta_open( struct inode *inode, struct file *file );
4342static int proc_status_open( struct inode *inode, struct file *file );
4343static int proc_SSID_open( struct inode *inode, struct file *file );
4344static int proc_APList_open( struct inode *inode, struct file *file );
4345static int proc_BSSList_open( struct inode *inode, struct file *file );
4346static int proc_config_open( struct inode *inode, struct file *file );
4347static int proc_wepkey_open( struct inode *inode, struct file *file );
4348
4349static const struct file_operations proc_statsdelta_ops = {
4350        .read           = proc_read,
4351        .open           = proc_statsdelta_open,
4352        .release        = proc_close
4353};
4354
4355static const struct file_operations proc_stats_ops = {
4356        .read           = proc_read,
4357        .open           = proc_stats_open,
4358        .release        = proc_close
4359};
4360
4361static const struct file_operations proc_status_ops = {
4362        .read           = proc_read,
4363        .open           = proc_status_open,
4364        .release        = proc_close
4365};
4366
4367static const struct file_operations proc_SSID_ops = {
4368        .read           = proc_read,
4369        .write          = proc_write,
4370        .open           = proc_SSID_open,
4371        .release        = proc_close
4372};
4373
4374static const struct file_operations proc_BSSList_ops = {
4375        .read           = proc_read,
4376        .write          = proc_write,
4377        .open           = proc_BSSList_open,
4378        .release        = proc_close
4379};
4380
4381static const struct file_operations proc_APList_ops = {
4382        .read           = proc_read,
4383        .write          = proc_write,
4384        .open           = proc_APList_open,
4385        .release        = proc_close
4386};
4387
4388static const struct file_operations proc_config_ops = {
4389        .read           = proc_read,
4390        .write          = proc_write,
4391        .open           = proc_config_open,
4392        .release        = proc_close
4393};
4394
4395static const struct file_operations proc_wepkey_ops = {
4396        .read           = proc_read,
4397        .write          = proc_write,
4398        .open           = proc_wepkey_open,
4399        .release        = proc_close
4400};
4401
4402static struct proc_dir_entry *airo_entry;
4403
4404struct proc_data {
4405        int release_buffer;
4406        int readlen;
4407        char *rbuffer;
4408        int writelen;
4409        int maxwritelen;
4410        char *wbuffer;
4411        void (*on_close) (struct inode *, struct file *);
4412};
4413
4414#ifndef SETPROC_OPS
4415#define SETPROC_OPS(entry, ops) (entry)->proc_fops = &(ops)
4416#endif
4417
4418static int setup_proc_entry( struct net_device *dev,
4419                             struct airo_info *apriv ) {
4420        struct proc_dir_entry *entry;
4421        /* First setup the device directory */
4422        strcpy(apriv->proc_name,dev->name);
4423        apriv->proc_entry = create_proc_entry(apriv->proc_name,
4424                                              S_IFDIR|airo_perm,
4425                                              airo_entry);
4426        if (!apriv->proc_entry)
4427                goto fail;
4428        apriv->proc_entry->uid = proc_uid;
4429        apriv->proc_entry->gid = proc_gid;
4430        apriv->proc_entry->owner = THIS_MODULE;
4431
4432        /* Setup the StatsDelta */
4433        entry = create_proc_entry("StatsDelta",
4434                                  S_IFREG | (S_IRUGO&proc_perm),
4435                                  apriv->proc_entry);
4436        if (!entry)
4437                goto fail_stats_delta;
4438        entry->uid = proc_uid;
4439        entry->gid = proc_gid;
4440        entry->data = dev;
4441        entry->owner = THIS_MODULE;
4442        SETPROC_OPS(entry, proc_statsdelta_ops);
4443
4444        /* Setup the Stats */
4445        entry = create_proc_entry("Stats",
4446                                  S_IFREG | (S_IRUGO&proc_perm),
4447                                  apriv->proc_entry);
4448        if (!entry)
4449                goto fail_stats;
4450        entry->uid = proc_uid;
4451        entry->gid = proc_gid;
4452        entry->data = dev;
4453        entry->owner = THIS_MODULE;
4454        SETPROC_OPS(entry, proc_stats_ops);
4455
4456        /* Setup the Status */
4457        entry = create_proc_entry("Status",
4458                                  S_IFREG | (S_IRUGO&proc_perm),
4459                                  apriv->proc_entry);
4460        if (!entry)
4461                goto fail_status;
4462        entry->uid = proc_uid;
4463        entry->gid = proc_gid;
4464        entry->data = dev;
4465        entry->owner = THIS_MODULE;
4466        SETPROC_OPS(entry, proc_status_ops);
4467
4468        /* Setup the Config */
4469        entry = create_proc_entry("Config",
4470                                  S_IFREG | proc_perm,
4471                                  apriv->proc_entry);
4472        if (!entry)
4473                goto fail_config;
4474        entry->uid = proc_uid;
4475        entry->gid = proc_gid;
4476        entry->data = dev;
4477        entry->owner = THIS_MODULE;
4478        SETPROC_OPS(entry, proc_config_ops);
4479
4480        /* Setup the SSID */
4481        entry = create_proc_entry("SSID",
4482                                  S_IFREG | proc_perm,
4483                                  apriv->proc_entry);
4484        if (!entry)
4485                goto fail_ssid;
4486        entry->uid = proc_uid;
4487        entry->gid = proc_gid;
4488        entry->data = dev;
4489        entry->owner = THIS_MODULE;
4490        SETPROC_OPS(entry, proc_SSID_ops);
4491
4492        /* Setup the APList */
4493        entry = create_proc_entry("APList",
4494                                  S_IFREG | proc_perm,
4495                                  apriv->proc_entry);
4496        if (!entry)
4497                goto fail_aplist;
4498        entry->uid = proc_uid;
4499        entry->gid = proc_gid;
4500        entry->data = dev;
4501        entry->owner = THIS_MODULE;
4502        SETPROC_OPS(entry, proc_APList_ops);
4503
4504        /* Setup the BSSList */
4505        entry = create_proc_entry("BSSList",
4506                                  S_IFREG | proc_perm,
4507                                  apriv->proc_entry);
4508        if (!entry)
4509                goto fail_bsslist;
4510        entry->uid = proc_uid;
4511        entry->gid = proc_gid;
4512        entry->data = dev;
4513        entry->owner = THIS_MODULE;
4514        SETPROC_OPS(entry, proc_BSSList_ops);
4515
4516        /* Setup the WepKey */
4517        entry = create_proc_entry("WepKey",
4518                                  S_IFREG | proc_perm,
4519                                  apriv->proc_entry);
4520        if (!entry)
4521                goto fail_wepkey;
4522        entry->uid = proc_uid;
4523        entry->gid = proc_gid;
4524        entry->data = dev;
4525        entry->owner = THIS_MODULE;
4526        SETPROC_OPS(entry, proc_wepkey_ops);
4527
4528        return 0;
4529
4530fail_wepkey:
4531        remove_proc_entry("BSSList", apriv->proc_entry);
4532fail_bsslist:
4533        remove_proc_entry("APList", apriv->proc_entry);
4534fail_aplist:
4535        remove_proc_entry("SSID", apriv->proc_entry);
4536fail_ssid:
4537        remove_proc_entry("Config", apriv->proc_entry);
4538fail_config:
4539        remove_proc_entry("Status", apriv->proc_entry);
4540fail_status:
4541        remove_proc_entry("Stats", apriv->proc_entry);
4542fail_stats:
4543        remove_proc_entry("StatsDelta", apriv->proc_entry);
4544fail_stats_delta:
4545        remove_proc_entry(apriv->proc_name, airo_entry);
4546fail:
4547        return -ENOMEM;
4548}
4549
4550static int takedown_proc_entry( struct net_device *dev,
4551                                struct airo_info *apriv ) {
4552        if ( !apriv->proc_entry->namelen ) return 0;
4553        remove_proc_entry("Stats",apriv->proc_entry);
4554        remove_proc_entry("StatsDelta",apriv->proc_entry);
4555        remove_proc_entry("Status",apriv->proc_entry);
4556        remove_proc_entry("Config",apriv->proc_entry);
4557        remove_proc_entry("SSID",apriv->proc_entry);
4558        remove_proc_entry("APList",apriv->proc_entry);
4559        remove_proc_entry("BSSList",apriv->proc_entry);
4560        remove_proc_entry("WepKey",apriv->proc_entry);
4561        remove_proc_entry(apriv->proc_name,airo_entry);
4562        return 0;
4563}
4564
4565/*
4566 *  What we want from the proc_fs is to be able to efficiently read
4567 *  and write the configuration.  To do this, we want to read the
4568 *  configuration when the file is opened and write it when the file is
4569 *  closed.  So basically we allocate a read buffer at open and fill it
4570 *  with data, and allocate a write buffer and read it at close.
4571 */
4572
4573/*
4574 *  The read routine is generic, it relies on the preallocated rbuffer
4575 *  to supply the data.
4576 */
4577static ssize_t proc_read( struct file *file,
4578                          char __user *buffer,
4579                          size_t len,
4580                          loff_t *offset )
4581{
4582        loff_t pos = *offset;
4583        struct proc_data *priv = (struct proc_data*)file->private_data;
4584
4585        if (!priv->rbuffer)
4586                return -EINVAL;
4587
4588        if (pos < 0)
4589                return -EINVAL;
4590        if (pos >= priv->readlen)
4591                return 0;
4592        if (len > priv->readlen - pos)
4593                len = priv->readlen - pos;
4594        if (copy_to_user(buffer, priv->rbuffer + pos, len))
4595                return -EFAULT;
4596        *offset = pos + len;
4597        return len;
4598}
4599
4600/*
4601 *  The write routine is generic, it fills in a preallocated rbuffer
4602 *  to supply the data.
4603 */
4604static ssize_t proc_write( struct file *file,
4605                           const char __user *buffer,
4606                           size_t len,
4607                           loff_t *offset )
4608{
4609        loff_t pos = *offset;
4610        struct proc_data *priv = (struct proc_data*)file->private_data;
4611
4612        if (!priv->wbuffer)
4613                return -EINVAL;
4614
4615        if (pos < 0)
4616                return -EINVAL;
4617        if (pos >= priv->maxwritelen)
4618                return 0;
4619        if (len > priv->maxwritelen - pos)
4620                len = priv->maxwritelen - pos;
4621        if (copy_from_user(priv->wbuffer + pos, buffer, len))
4622                return -EFAULT;
4623        if ( pos + len > priv->writelen )
4624                priv->writelen = len + file->f_pos;
4625        *offset = pos + len;
4626        return len;
4627}
4628
4629static int proc_status_open(struct inode *inode, struct file *file)
4630{
4631        struct proc_data *data;
4632        struct proc_dir_entry *dp = PDE(inode);
4633        struct net_device *dev = dp->data;
4634        struct airo_info *apriv = dev->priv;
4635        CapabilityRid cap_rid;
4636        StatusRid status_rid;
4637        u16 mode;
4638        int i;
4639
4640        if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
4641                return -ENOMEM;
4642        data = (struct proc_data *)file->private_data;
4643        if ((data->rbuffer = kmalloc( 2048, GFP_KERNEL )) == NULL) {
4644                kfree (file->private_data);
4645                return -ENOMEM;
4646        }
4647
4648        readStatusRid(apriv, &status_rid, 1);
4649        readCapabilityRid(apriv, &cap_rid, 1);
4650
4651        mode = le16_to_cpu(status_rid.mode);
4652
4653        i = sprintf(data->rbuffer, "Status: %s%s%s%s%s%s%s%s%s\n",
4654                    mode & 1 ? "CFG ": "",
4655                    mode & 2 ? "ACT ": "",
4656                    mode & 0x10 ? "SYN ": "",
4657                    mode & 0x20 ? "LNK ": "",
4658                    mode & 0x40 ? "LEAP ": "",
4659                    mode & 0x80 ? "PRIV ": "",
4660                    mode & 0x100 ? "KEY ": "",
4661                    mode & 0x200 ? "WEP ": "",
4662                    mode & 0x8000 ? "ERR ": "");
4663        sprintf( data->rbuffer+i, "Mode: %x\n"
4664                 "Signal Strength: %d\n"
4665                 "Signal Quality: %d\n"
4666                 "SSID: %-.*s\n"
4667                 "AP: %-.16s\n"
4668                 "Freq: %d\n"
4669                 "BitRate: %dmbs\n"
4670                 "Driver Version: %s\n"
4671                 "Device: %s\nManufacturer: %s\nFirmware Version: %s\n"
4672                 "Radio type: %x\nCountry: %x\nHardware Version: %x\n"
4673                 "Software Version: %x\nSoftware Subversion: %x\n"
4674                 "Boot block version: %x\n",
4675                 le16_to_cpu(status_rid.mode),
4676                 le16_to_cpu(status_rid.normalizedSignalStrength),
4677                 le16_to_cpu(status_rid.signalQuality),
4678                 le16_to_cpu(status_rid.SSIDlen),
4679                 status_rid.SSID,
4680                 status_rid.apName,
4681                 le16_to_cpu(status_rid.channel),
4682                 le16_to_cpu(status_rid.currentXmitRate) / 2,
4683                 version,
4684                 cap_rid.prodName,
4685                 cap_rid.manName,
4686                 cap_rid.prodVer,
4687                 le16_to_cpu(cap_rid.radioType),
4688                 le16_to_cpu(cap_rid.country),
4689                 le16_to_cpu(cap_rid.hardVer),
4690                 le16_to_cpu(cap_rid.softVer),
4691                 le16_to_cpu(cap_rid.softSubVer),
4692                 le16_to_cpu(cap_rid.bootBlockVer));
4693        data->readlen = strlen( data->rbuffer );
4694        return 0;
4695}
4696
4697static int proc_stats_rid_open(struct inode*, struct file*, u16);
4698static int proc_statsdelta_open( struct inode *inode,
4699                                 struct file *file ) {
4700        if (file->f_mode&FMODE_WRITE) {
4701                return proc_stats_rid_open(inode, file, RID_STATSDELTACLEAR);
4702        }
4703        return proc_stats_rid_open(inode, file, RID_STATSDELTA);
4704}
4705
4706static int proc_stats_open( struct inode *inode, struct file *file ) {
4707        return proc_stats_rid_open(inode, file, RID_STATS);
4708}
4709
4710static int proc_stats_rid_open( struct inode *inode,
4711                                struct file *file,
4712                                u16 rid )
4713{
4714        struct proc_data *data;
4715        struct proc_dir_entry *dp = PDE(inode);
4716        struct net_device *dev = dp->data;
4717        struct airo_info *apriv = dev->priv;
4718        StatsRid stats;
4719        int i, j;
4720        __le32 *vals = stats.vals;
4721        int len = le16_to_cpu(stats.len);
4722
4723        if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
4724                return -ENOMEM;
4725        data = (struct proc_data *)file->private_data;
4726        if ((data->rbuffer = kmalloc( 4096, GFP_KERNEL )) == NULL) {
4727                kfree (file->private_data);
4728                return -ENOMEM;
4729        }
4730
4731        readStatsRid(apriv, &stats, rid, 1);
4732
4733        j = 0;
4734        for(i=0; statsLabels[i]!=(char *)-1 && i*4<len; i++) {
4735                if (!statsLabels[i]) continue;
4736                if (j+strlen(statsLabels[i])+16>4096) {
4737                        airo_print_warn(apriv->dev->name,
4738                               "Potentially disasterous buffer overflow averted!");
4739                        break;
4740                }
4741                j+=sprintf(data->rbuffer+j, "%s: %u\n", statsLabels[i],
4742                                le32_to_cpu(vals[i]));
4743        }
4744        if (i*4 >= len) {
4745                airo_print_warn(apriv->dev->name, "Got a short rid");
4746        }
4747        data->readlen = j;
4748        return 0;
4749}
4750
4751static int get_dec_u16( char *buffer, int *start, int limit ) {
4752        u16 value;
4753        int valid = 0;
4754        for( value = 0; buffer[*start] >= '0' &&
4755                     buffer[*start] <= '9' &&
4756                     *start < limit; (*start)++ ) {
4757                valid = 1;
4758                value *= 10;
4759                value += buffer[*start] - '0';
4760        }
4761        if ( !valid ) return -1;
4762        return value;
4763}
4764
4765static int airo_config_commit(struct net_device *dev,
4766                              struct iw_request_info *info, void *zwrq,
4767                              char *extra);
4768
4769static inline int sniffing_mode(struct airo_info *ai)
4770{
4771        return le16_to_cpu(ai->config.rmode & RXMODE_MASK) >=
4772                le16_to_cpu(RXMODE_RFMON);
4773}
4774
4775static void proc_config_on_close(struct inode *inode, struct file *file)
4776{
4777        struct proc_data *data = file->private_data;
4778        struct proc_dir_entry *dp = PDE(inode);
4779        struct net_device *dev = dp->data;
4780        struct airo_info *ai = dev->priv;
4781        char *line;
4782
4783        if ( !data->writelen ) return;
4784
4785        readConfigRid(ai, 1);
4786        set_bit (FLAG_COMMIT, &ai->flags);
4787
4788        line = data->wbuffer;
4789        while( line[0] ) {
4790/*** Mode processing */
4791                if ( !strncmp( line, "Mode: ", 6 ) ) {
4792                        line += 6;
4793                        if (sniffing_mode(ai))
4794                                set_bit (FLAG_RESET, &ai->flags);
4795                        ai->config.rmode &= ~RXMODE_FULL_MASK;
4796                        clear_bit (FLAG_802_11, &ai->flags);
4797                        ai->config.opmode &= ~MODE_CFG_MASK;
4798                        ai->config.scanMode = SCANMODE_ACTIVE;
4799                        if ( line[0] == 'a' ) {
4800                                ai->config.opmode |= MODE_STA_IBSS;
4801                        } else {
4802                                ai->config.opmode |= MODE_STA_ESS;
4803                                if ( line[0] == 'r' ) {
4804                                        ai->config.rmode |= RXMODE_RFMON | RXMODE_DISABLE_802_3_HEADER;
4805                                        ai->config.scanMode = SCANMODE_PASSIVE;
4806                                        set_bit (FLAG_802_11, &ai->flags);
4807                                } else if ( line[0] == 'y' ) {
4808                                        ai->config.rmode |= RXMODE_RFMON_ANYBSS | RXMODE_DISABLE_802_3_HEADER;
4809                                        ai->config.scanMode = SCANMODE_PASSIVE;
4810                                        set_bit (FLAG_802_11, &ai->flags);
4811                                } else if ( line[0] == 'l' )
4812                                        ai->config.rmode |= RXMODE_LANMON;
4813                        }
4814                        set_bit (FLAG_COMMIT, &ai->flags);
4815                }
4816
4817/*** Radio status */
4818                else if (!strncmp(line,"Radio: ", 7)) {
4819                        line += 7;
4820                        if (!strncmp(line,"off",3)) {
4821                                set_bit (FLAG_RADIO_OFF, &ai->flags);
4822                        } else {
4823                                clear_bit (FLAG_RADIO_OFF, &ai->flags);
4824                        }
4825                }
4826/*** NodeName processing */
4827                else if ( !strncmp( line, "NodeName: ", 10 ) ) {
4828                        int j;
4829
4830