/*======================================================================

    Aironet driver for 4500 and 4800 series cards

    This code is released under both the GPL version 2 and BSD licenses.
    Either license may be used.  The respective licenses are found at
    the end of this file.

    This code was developed by Benjamin Reed <breed@users.sourceforge.net>
    including portions of which come from the Aironet PC4500
    Developer's Reference Manual and used with permission.  Copyright
    (C) 1999 Benjamin Reed.  All Rights Reserved.  Permission to use
    code in the Developer's manual was granted for this driver by
    Aironet.  Major code contributions were received from Javier Achirica
    <achirica@users.sourceforge.net> and Jean Tourrilhes <jt@hpl.hp.com>.
    Code was also integrated from the Cisco Aironet driver for Linux.
    Support for MPI350 cards was added by Fabrice Bellet
    <fabrice@bellet.info>.

======================================================================*/

#include <linux/err.h>
#include <linux/init.h>

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/proc_fs.h>

#include <linux/sched.h>
#include <linux/ptrace.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/timer.h>
#include <linux/interrupt.h>
#include <linux/in.h>
#include <linux/bitops.h>
#include <linux/scatterlist.h>
#include <linux/crypto.h>
#include <asm/io.h>
#include <asm/system.h>
#include <asm/unaligned.h>

#include <linux/netdevice.h>
#include <linux/etherdevice.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
#include <linux/ioport.h>
#include <linux/pci.h>
#include <asm/uaccess.h>
#include <net/ieee80211.h>
#include <linux/kthread.h>
#include <linux/freezer.h>

#include "airo.h"

#define DRV_NAME "airo"

#ifdef CONFIG_PCI
static struct pci_device_id card_ids[] = {
        { 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, },
        { 0x14b9, 0x4500, PCI_ANY_ID, PCI_ANY_ID },
        { 0x14b9, 0x4800, PCI_ANY_ID, PCI_ANY_ID, },
        { 0x14b9, 0x0340, PCI_ANY_ID, PCI_ANY_ID, },
        { 0x14b9, 0x0350, PCI_ANY_ID, PCI_ANY_ID, },
        { 0x14b9, 0x5000, PCI_ANY_ID, PCI_ANY_ID, },
        { 0x14b9, 0xa504, PCI_ANY_ID, PCI_ANY_ID, },
        { 0, }
};
MODULE_DEVICE_TABLE(pci, card_ids);

static int airo_pci_probe(struct pci_dev *, const struct pci_device_id *);
static void airo_pci_remove(struct pci_dev *);
static int airo_pci_suspend(struct pci_dev *pdev, pm_message_t state);
static int airo_pci_resume(struct pci_dev *pdev);

static struct pci_driver airo_driver = {
        .name     = DRV_NAME,
        .id_table = card_ids,
        .probe    = airo_pci_probe,
        .remove   = __devexit_p(airo_pci_remove),
        .suspend  = airo_pci_suspend,
        .resume   = airo_pci_resume,
};
#endif /* CONFIG_PCI */

/* Include Wireless Extension definition and check version - Jean II */
#include <linux/wireless.h>
#define WIRELESS_SPY            /* enable iwspy support */
#include <net/iw_handler.h>     /* New driver API */

#define CISCO_EXT               /* enable Cisco extensions */
#ifdef CISCO_EXT
#include <linux/delay.h>
#endif

/* Hack to do some power saving */
#define POWER_ON_DOWN

/* As you can see this list is HUGH!
   I really don't know what a lot of these counts are about, but they
   are all here for completeness.  If the IGNLABEL macro is put in
   infront of the label, that statistic will not be included in the list
   of statistics in the /proc filesystem */

#define IGNLABEL(comment) NULL
static char *statsLabels[] = {
        "RxOverrun",
        IGNLABEL("RxPlcpCrcErr"),
        IGNLABEL("RxPlcpFormatErr"),
        IGNLABEL("RxPlcpLengthErr"),
        "RxMacCrcErr",
        "RxMacCrcOk",
        "RxWepErr",
        "RxWepOk",
        "RetryLong",
        "RetryShort",
        "MaxRetries",
        "NoAck",
        "NoCts",
        "RxAck",
        "RxCts",
        "TxAck",
        "TxRts",
        "TxCts",
        "TxMc",
        "TxBc",
        "TxUcFrags",
        "TxUcPackets",
        "TxBeacon",
        "RxBeacon",
        "TxSinColl",
        "TxMulColl",
        "DefersNo",
        "DefersProt",
        "DefersEngy",
        "DupFram",
        "RxFragDisc",
        "TxAged",
        "RxAged",
        "LostSync-MaxRetry",
        "LostSync-MissedBeacons",
        "LostSync-ArlExceeded",
        "LostSync-Deauth",
        "LostSync-Disassoced",
        "LostSync-TsfTiming",
        "HostTxMc",
        "HostTxBc",
        "HostTxUc",
        "HostTxFail",
        "HostRxMc",
        "HostRxBc",
        "HostRxUc",
        "HostRxDiscard",
        IGNLABEL("HmacTxMc"),
        IGNLABEL("HmacTxBc"),
        IGNLABEL("HmacTxUc"),
        IGNLABEL("HmacTxFail"),
        IGNLABEL("HmacRxMc"),
        IGNLABEL("HmacRxBc"),
        IGNLABEL("HmacRxUc"),
        IGNLABEL("HmacRxDiscard"),
        IGNLABEL("HmacRxAccepted"),
        "SsidMismatch",
        "ApMismatch",
        "RatesMismatch",
        "AuthReject",
        "AuthTimeout",
        "AssocReject",
        "AssocTimeout",
        IGNLABEL("ReasonOutsideTable"),
        IGNLABEL("ReasonStatus1"),
        IGNLABEL("ReasonStatus2"),
        IGNLABEL("ReasonStatus3"),
        IGNLABEL("ReasonStatus4"),
        IGNLABEL("ReasonStatus5"),
        IGNLABEL("ReasonStatus6"),
        IGNLABEL("ReasonStatus7"),
        IGNLABEL("ReasonStatus8"),
        IGNLABEL("ReasonStatus9"),
        IGNLABEL("ReasonStatus10"),
        IGNLABEL("ReasonStatus11"),
        IGNLABEL("ReasonStatus12"),
        IGNLABEL("ReasonStatus13"),
        IGNLABEL("ReasonStatus14"),
        IGNLABEL("ReasonStatus15"),
        IGNLABEL("ReasonStatus16"),
        IGNLABEL("ReasonStatus17"),
        IGNLABEL("ReasonStatus18"),
        IGNLABEL("ReasonStatus19"),
        "RxMan",
        "TxMan",
        "RxRefresh",
        "TxRefresh",
        "RxPoll",
        "TxPoll",
        "HostRetries",
        "LostSync-HostReq",
        "HostTxBytes",
        "HostRxBytes",
        "ElapsedUsec",
        "ElapsedSec",
        "LostSyncBetterAP",
        "PrivacyMismatch",
        "Jammed",
        "DiscRxNotWepped",
        "PhyEleMismatch",
        (char*)-1 };
#ifndef RUN_AT
#define RUN_AT(x) (jiffies+(x))
#endif


/* These variables are for insmod, since it seems that the rates
   can only be set in setup_card.  Rates should be a comma separated
   (no spaces) list of rates (up to 8). */

static int rates[8];
static int basic_rate;
static char *ssids[3];

static int io[4];
static int irq[4];

static
int maxencrypt /* = 0 */; /* The highest rate that the card can encrypt at.
                       0 means no limit.  For old cards this was 4 */

static int auto_wep /* = 0 */; /* If set, it tries to figure out the wep mode */
static int aux_bap /* = 0 */; /* Checks to see if the aux ports are needed to read
                    the bap, needed on some older cards and buses. */
static int adhoc;

static int probe = 1;

static int proc_uid /* = 0 */;

static int proc_gid /* = 0 */;

static int airo_perm = 0555;

static int proc_perm = 0644;

MODULE_AUTHOR("Benjamin Reed");
MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet \
cards.  Direct support for ISA/PCI/MPI cards and support \
for PCMCIA when used with airo_cs.");
MODULE_LICENSE("Dual BSD/GPL");
MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350");
module_param_array(io, int, NULL, 0);
module_param_array(irq, int, NULL, 0);
module_param(basic_rate, int, 0);
module_param_array(rates, int, NULL, 0);
module_param_array(ssids, charp, NULL, 0);
module_param(auto_wep, int, 0);
MODULE_PARM_DESC(auto_wep, "If non-zero, the driver will keep looping through \
the authentication options until an association is made.  The value of \
auto_wep is number of the wep keys to check.  A value of 2 will try using \
the key at index 0 and index 1.");
module_param(aux_bap, int, 0);
MODULE_PARM_DESC(aux_bap, "If non-zero, the driver will switch into a mode \
than seems to work better for older cards with some older buses.  Before \
switching it checks that the switch is needed.");
module_param(maxencrypt, int, 0);
MODULE_PARM_DESC(maxencrypt, "The maximum speed that the card can do \
encryption.  Units are in 512kbs.  Zero (default) means there is no limit. \
Older cards used to be limited to 2mbs (4).");
module_param(adhoc, int, 0);
MODULE_PARM_DESC(adhoc, "If non-zero, the card will start in adhoc mode.");
module_param(probe, int, 0);
MODULE_PARM_DESC(probe, "If zero, the driver won't start the card.");

module_param(proc_uid, int, 0);
MODULE_PARM_DESC(proc_uid, "The uid that the /proc files will belong to.");
module_param(proc_gid, int, 0);
MODULE_PARM_DESC(proc_gid, "The gid that the /proc files will belong to.");
module_param(airo_perm, int, 0);
MODULE_PARM_DESC(airo_perm, "The permission bits of /proc/[driver/]aironet.");
module_param(proc_perm, int, 0);
MODULE_PARM_DESC(proc_perm, "The permission bits of the files in /proc");

/* This is a kind of sloppy hack to get this information to OUT4500 and
   IN4500.  I would be extremely interested in the situation where this
   doesn't work though!!! */
static int do8bitIO /* = 0 */;

/* Return codes */
#define SUCCESS 0
#define ERROR -1
#define NO_PACKET -2

/* Commands */
#define NOP2            0x0000
#define MAC_ENABLE      0x0001
#define MAC_DISABLE     0x0002
#define CMD_LOSE_SYNC   0x0003 /* Not sure what this does... */
#define CMD_SOFTRESET   0x0004
#define HOSTSLEEP       0x0005
#define CMD_MAGIC_PKT   0x0006
#define CMD_SETWAKEMASK 0x0007
#define CMD_READCFG     0x0008
#define CMD_SETMODE     0x0009
#define CMD_ALLOCATETX  0x000a
#define CMD_TRANSMIT    0x000b
#define CMD_DEALLOCATETX 0x000c
#define NOP             0x0010
#define CMD_WORKAROUND  0x0011
#define CMD_ALLOCATEAUX 0x0020
#define CMD_ACCESS      0x0021
#define CMD_PCIBAP      0x0022
#define CMD_PCIAUX      0x0023
#define CMD_ALLOCBUF    0x0028
#define CMD_GETTLV      0x0029
#define CMD_PUTTLV      0x002a
#define CMD_DELTLV      0x002b
#define CMD_FINDNEXTTLV 0x002c
#define CMD_PSPNODES    0x0030
#define CMD_SETCW       0x0031    
#define CMD_SETPCF      0x0032    
#define CMD_SETPHYREG   0x003e
#define CMD_TXTEST      0x003f
#define MAC_ENABLETX    0x0101
#define CMD_LISTBSS     0x0103
#define CMD_SAVECFG     0x0108
#define CMD_ENABLEAUX   0x0111
#define CMD_WRITERID    0x0121
#define CMD_USEPSPNODES 0x0130
#define MAC_ENABLERX    0x0201

/* Command errors */
#define ERROR_QUALIF 0x00
#define ERROR_ILLCMD 0x01
#define ERROR_ILLFMT 0x02
#define ERROR_INVFID 0x03
#define ERROR_INVRID 0x04
#define ERROR_LARGE 0x05
#define ERROR_NDISABL 0x06
#define ERROR_ALLOCBSY 0x07
#define ERROR_NORD 0x0B
#define ERROR_NOWR 0x0C
#define ERROR_INVFIDTX 0x0D
#define ERROR_TESTACT 0x0E
#define ERROR_TAGNFND 0x12
#define ERROR_DECODE 0x20
#define ERROR_DESCUNAV 0x21
#define ERROR_BADLEN 0x22
#define ERROR_MODE 0x80
#define ERROR_HOP 0x81
#define ERROR_BINTER 0x82
#define ERROR_RXMODE 0x83
#define ERROR_MACADDR 0x84
#define ERROR_RATES 0x85
#define ERROR_ORDER 0x86
#define ERROR_SCAN 0x87
#define ERROR_AUTH 0x88
#define ERROR_PSMODE 0x89
#define ERROR_RTYPE 0x8A
#define ERROR_DIVER 0x8B
#define ERROR_SSID 0x8C
#define ERROR_APLIST 0x8D
#define ERROR_AUTOWAKE 0x8E
#define ERROR_LEAP 0x8F

/* Registers */
#define COMMAND 0x00
#define PARAM0 0x02
#define PARAM1 0x04
#define PARAM2 0x06
#define STATUS 0x08
#define RESP0 0x0a
#define RESP1 0x0c
#define RESP2 0x0e
#define LINKSTAT 0x10
#define SELECT0 0x18
#define OFFSET0 0x1c
#define RXFID 0x20
#define TXALLOCFID 0x22
#define TXCOMPLFID 0x24
#define DATA0 0x36
#define EVSTAT 0x30
#define EVINTEN 0x32
#define EVACK 0x34
#define SWS0 0x28
#define SWS1 0x2a
#define SWS2 0x2c
#define SWS3 0x2e
#define AUXPAGE 0x3A
#define AUXOFF 0x3C
#define AUXDATA 0x3E

#define FID_TX 1
#define FID_RX 2
/* Offset into aux memory for descriptors */
#define AUX_OFFSET 0x800
/* Size of allocated packets */
#define PKTSIZE 1840
#define RIDSIZE 2048
/* Size of the transmit queue */
#define MAXTXQ 64

/* BAP selectors */
#define BAP0 0 /* Used for receiving packets */
#define BAP1 2 /* Used for xmiting packets and working with RIDS */

/* Flags */
#define COMMAND_BUSY 0x8000

#define BAP_BUSY 0x8000
#define BAP_ERR 0x4000
#define BAP_DONE 0x2000

#define PROMISC 0xffff
#define NOPROMISC 0x0000

#define EV_CMD 0x10
#define EV_CLEARCOMMANDBUSY 0x4000
#define EV_RX 0x01
#define EV_TX 0x02
#define EV_TXEXC 0x04
#define EV_ALLOC 0x08
#define EV_LINK 0x80
#define EV_AWAKE 0x100
#define EV_TXCPY 0x400
#define EV_UNKNOWN 0x800
#define EV_MIC 0x1000 /* Message Integrity Check Interrupt */
#define EV_AWAKEN 0x2000
#define STATUS_INTS (EV_AWAKE|EV_LINK|EV_TXEXC|EV_TX|EV_TXCPY|EV_RX|EV_MIC)

#ifdef CHECK_UNKNOWN_INTS
#define IGNORE_INTS ( EV_CMD | EV_UNKNOWN)
#else
#define IGNORE_INTS (~STATUS_INTS)
#endif

/* RID TYPES */
#define RID_RW 0x20

/* The RIDs */
#define RID_CAPABILITIES 0xFF00
#define RID_APINFO     0xFF01
#define RID_RADIOINFO  0xFF02
#define RID_UNKNOWN3   0xFF03
#define RID_RSSI       0xFF04
#define RID_CONFIG     0xFF10
#define RID_SSID       0xFF11
#define RID_APLIST     0xFF12
#define RID_DRVNAME    0xFF13
#define RID_ETHERENCAP 0xFF14
#define RID_WEP_TEMP   0xFF15
#define RID_WEP_PERM   0xFF16
#define RID_MODULATION 0xFF17
#define RID_OPTIONS    0xFF18
#define RID_ACTUALCONFIG 0xFF20 /*readonly*/
#define RID_FACTORYCONFIG 0xFF21
#define RID_UNKNOWN22  0xFF22
#define RID_LEAPUSERNAME 0xFF23
#define RID_LEAPPASSWORD 0xFF24
#define RID_STATUS     0xFF50
#define RID_BEACON_HST 0xFF51
#define RID_BUSY_HST   0xFF52
#define RID_RETRIES_HST 0xFF53
#define RID_UNKNOWN54  0xFF54
#define RID_UNKNOWN55  0xFF55
#define RID_UNKNOWN56  0xFF56
#define RID_MIC        0xFF57
#define RID_STATS16    0xFF60
#define RID_STATS16DELTA 0xFF61
#define RID_STATS16DELTACLEAR 0xFF62
#define RID_STATS      0xFF68
#define RID_STATSDELTA 0xFF69
#define RID_STATSDELTACLEAR 0xFF6A
#define RID_ECHOTEST_RID 0xFF70
#define RID_ECHOTEST_RESULTS 0xFF71
#define RID_BSSLISTFIRST 0xFF72
#define RID_BSSLISTNEXT  0xFF73
#define RID_WPA_BSSLISTFIRST 0xFF74
#define RID_WPA_BSSLISTNEXT  0xFF75

typedef struct {
        u16 cmd;
        u16 parm0;
        u16 parm1;
        u16 parm2;
} Cmd;

typedef struct {
        u16 status;
        u16 rsp0;
        u16 rsp1;
        u16 rsp2;
} Resp;

/*
 * Rids and endian-ness:  The Rids will always be in cpu endian, since
 * this all the patches from the big-endian guys end up doing that.
 * so all rid access should use the read/writeXXXRid routines.
 */

/* This is redundant for x86 archs, but it seems necessary for ARM */
#pragma pack(1)

/* This structure came from an email sent to me from an engineer at
   aironet for inclusion into this driver */
typedef struct {
        __le16 len;
        __le16 kindex;
        u8 mac[ETH_ALEN];
        __le16 klen;
        u8 key[16];
} WepKeyRid;

/* These structures are from the Aironet's PC4500 Developers Manual */
typedef struct {
        __le16 len;
        u8 ssid[32];
} Ssid;

typedef struct {
        __le16 len;
        Ssid ssids[3];
} SsidRid;

typedef struct {
        __le16 len;
        __le16 modulation;
#define MOD_DEFAULT cpu_to_le16(0)
#define MOD_CCK cpu_to_le16(1)
#define MOD_MOK cpu_to_le16(2)
} ModulationRid;

typedef struct {
        __le16 len; /* sizeof(ConfigRid) */
        __le16 opmode; /* operating mode */
#define MODE_STA_IBSS cpu_to_le16(0)
#define MODE_STA_ESS cpu_to_le16(1)
#define MODE_AP cpu_to_le16(2)
#define MODE_AP_RPTR cpu_to_le16(3)
#define MODE_CFG_MASK cpu_to_le16(0xff)
#define MODE_ETHERNET_HOST cpu_to_le16(0<<8) /* rx payloads converted */
#define MODE_LLC_HOST cpu_to_le16(1<<8) /* rx payloads left as is */
#define MODE_AIRONET_EXTEND cpu_to_le16(1<<9) /* enable Aironet extenstions */
#define MODE_AP_INTERFACE cpu_to_le16(1<<10) /* enable ap interface extensions */
#define MODE_ANTENNA_ALIGN cpu_to_le16(1<<11) /* enable antenna alignment */
#define MODE_ETHER_LLC cpu_to_le16(1<<12) /* enable ethernet LLC */
#define MODE_LEAF_NODE cpu_to_le16(1<<13) /* enable leaf node bridge */
#define MODE_CF_POLLABLE cpu_to_le16(1<<14) /* enable CF pollable */
#define MODE_MIC cpu_to_le16(1<<15) /* enable MIC */
        __le16 rmode; /* receive mode */
#define RXMODE_BC_MC_ADDR cpu_to_le16(0)
#define RXMODE_BC_ADDR cpu_to_le16(1) /* ignore multicasts */
#define RXMODE_ADDR cpu_to_le16(2) /* ignore multicast and broadcast */
#define RXMODE_RFMON cpu_to_le16(3) /* wireless monitor mode */
#define RXMODE_RFMON_ANYBSS cpu_to_le16(4)
#define RXMODE_LANMON cpu_to_le16(5) /* lan style monitor -- data packets only */
#define RXMODE_MASK cpu_to_le16(255)
#define RXMODE_DISABLE_802_3_HEADER cpu_to_le16(1<<8) /* disables 802.3 header on rx */
#define RXMODE_FULL_MASK (RXMODE_MASK | RXMODE_DISABLE_802_3_HEADER)
#define RXMODE_NORMALIZED_RSSI cpu_to_le16(1<<9) /* return normalized RSSI */
        __le16 fragThresh;
        __le16 rtsThres;
        u8 macAddr[ETH_ALEN];
        u8 rates[8];
        __le16 shortRetryLimit;
        __le16 longRetryLimit;
        __le16 txLifetime; /* in kusec */
        __le16 rxLifetime; /* in kusec */
        __le16 stationary;
        __le16 ordering;
        __le16 u16deviceType; /* for overriding device type */
        __le16 cfpRate;
        __le16 cfpDuration;
        __le16 _reserved1[3];
        /*---------- Scanning/Associating ----------*/
        __le16 scanMode;
#define SCANMODE_ACTIVE cpu_to_le16(0)
#define SCANMODE_PASSIVE cpu_to_le16(1)
#define SCANMODE_AIROSCAN cpu_to_le16(2)
        __le16 probeDelay; /* in kusec */
        __le16 probeEnergyTimeout; /* in kusec */
        __le16 probeResponseTimeout;
        __le16 beaconListenTimeout;
        __le16 joinNetTimeout;
        __le16 authTimeout;
        __le16 authType;
#define AUTH_OPEN cpu_to_le16(0x1)
#define AUTH_ENCRYPT cpu_to_le16(0x101)
#define AUTH_SHAREDKEY cpu_to_le16(0x102)
#define AUTH_ALLOW_UNENCRYPTED cpu_to_le16(0x200)
        __le16 associationTimeout;
        __le16 specifiedApTimeout;
        __le16 offlineScanInterval;
        __le16 offlineScanDuration;
        __le16 linkLossDelay;
        __le16 maxBeaconLostTime;
        __le16 refreshInterval;
#define DISABLE_REFRESH cpu_to_le16(0xFFFF)
        __le16 _reserved1a[1];
        /*---------- Power save operation ----------*/
        __le16 powerSaveMode;
#define POWERSAVE_CAM cpu_to_le16(0)
#define POWERSAVE_PSP cpu_to_le16(1)
#define POWERSAVE_PSPCAM cpu_to_le16(2)
        __le16 sleepForDtims;
        __le16 listenInterval;
        __le16 fastListenInterval;
        __le16 listenDecay;
        __le16 fastListenDelay;
        __le16 _reserved2[2];
        /*---------- Ap/Ibss config items ----------*/
        __le16 beaconPeriod;
        __le16 atimDuration;
        __le16 hopPeriod;
        __le16 channelSet;
        __le16 channel;
        __le16 dtimPeriod;
        __le16 bridgeDistance;
        __le16 radioID;
        /*---------- Radio configuration ----------*/
        __le16 radioType;
#define RADIOTYPE_DEFAULT cpu_to_le16(0)
#define RADIOTYPE_802_11 cpu_to_le16(1)
#define RADIOTYPE_LEGACY cpu_to_le16(2)
        u8 rxDiversity;
        u8 txDiversity;
        __le16 txPower;
#define TXPOWER_DEFAULT 0
        __le16 rssiThreshold;
#define RSSI_DEFAULT 0
        __le16 modulation;
#define PREAMBLE_AUTO cpu_to_le16(0)
#define PREAMBLE_LONG cpu_to_le16(1)
#define PREAMBLE_SHORT cpu_to_le16(2)
        __le16 preamble;
        __le16 homeProduct;
        __le16 radioSpecific;
        /*---------- Aironet Extensions ----------*/
        u8 nodeName[16];
        __le16 arlThreshold;
        __le16 arlDecay;
        __le16 arlDelay;
        __le16 _reserved4[1];
        /*---------- Aironet Extensions ----------*/
        u8 magicAction;
#define MAGIC_ACTION_STSCHG 1
#define MAGIC_ACTION_RESUME 2
#define MAGIC_IGNORE_MCAST (1<<8)
#define MAGIC_IGNORE_BCAST (1<<9)
#define MAGIC_SWITCH_TO_PSP (0<<10)
#define MAGIC_STAY_IN_CAM (1<<10)
        u8 magicControl;
        __le16 autoWake;
} ConfigRid;

typedef struct {
        __le16 len;
        u8 mac[ETH_ALEN];
        __le16 mode;
        __le16 errorCode;
        __le16 sigQuality;
        __le16 SSIDlen;
        char SSID[32];
        char apName[16];
        u8 bssid[4][ETH_ALEN];
        __le16 beaconPeriod;
        __le16 dimPeriod;
        __le16 atimDuration;
        __le16 hopPeriod;
        __le16 channelSet;
        __le16 channel;
        __le16 hopsToBackbone;
        __le16 apTotalLoad;
        __le16 generatedLoad;
        __le16 accumulatedArl;
        __le16 signalQuality;
        __le16 currentXmitRate;
        __le16 apDevExtensions;
        __le16 normalizedSignalStrength;
        __le16 shortPreamble;
        u8 apIP[4];
        u8 noisePercent; /* Noise percent in last second */
        u8 noisedBm; /* Noise dBm in last second */
        u8 noiseAvePercent; /* Noise percent in last minute */
        u8 noiseAvedBm; /* Noise dBm in last minute */
        u8 noiseMaxPercent; /* Highest noise percent in last minute */
        u8 noiseMaxdBm; /* Highest noise dbm in last minute */
        __le16 load;
        u8 carrier[4];
        __le16 assocStatus;
#define STAT_NOPACKETS 0
#define STAT_NOCARRIERSET 10
#define STAT_GOTCARRIERSET 11
#define STAT_WRONGSSID 20
#define STAT_BADCHANNEL 25
#define STAT_BADBITRATES 30
#define STAT_BADPRIVACY 35
#define STAT_APFOUND 40
#define STAT_APREJECTED 50
#define STAT_AUTHENTICATING 60
#define STAT_DEAUTHENTICATED 61
#define STAT_AUTHTIMEOUT 62
#define STAT_ASSOCIATING 70
#define STAT_DEASSOCIATED 71
#define STAT_ASSOCTIMEOUT 72
#define STAT_NOTAIROAP 73
#define STAT_ASSOCIATED 80
#define STAT_LEAPING 90
#define STAT_LEAPFAILED 91
#define STAT_LEAPTIMEDOUT 92
#define STAT_LEAPCOMPLETE 93
} StatusRid;

typedef struct {
        __le16 len;
        __le16 spacer;
        __le32 vals[100];
} StatsRid;


typedef struct {
        __le16 len;
        u8 ap[4][ETH_ALEN];
} APListRid;

typedef struct {
        __le16 len;
        char oui[3];
        char zero;
        __le16 prodNum;
        char manName[32];
        char prodName[16];
        char prodVer[8];
        char factoryAddr[ETH_ALEN];
        char aironetAddr[ETH_ALEN];
        __le16 radioType;
        __le16 country;
        char callid[ETH_ALEN];
        char supportedRates[8];
        char rxDiversity;
        char txDiversity;
        __le16 txPowerLevels[8];
        __le16 hardVer;
        __le16 hardCap;
        __le16 tempRange;
        __le16 softVer;
        __le16 softSubVer;
        __le16 interfaceVer;
        __le16 softCap;
        __le16 bootBlockVer;
        __le16 requiredHard;
        __le16 extSoftCap;
} CapabilityRid;


/* Only present on firmware >= 5.30.17 */
typedef struct {
  __le16 unknown[4];
  u8 fixed[12]; /* WLAN management frame */
  u8 iep[624];
} BSSListRidExtra;

typedef struct {
  __le16 len;
  __le16 index; /* First is 0 and 0xffff means end of list */
#define RADIO_FH 1 /* Frequency hopping radio type */
#define RADIO_DS 2 /* Direct sequence radio type */
#define RADIO_TMA 4 /* Proprietary radio used in old cards (2500) */
  __le16 radioType;
  u8 bssid[ETH_ALEN]; /* Mac address of the BSS */
  u8 zero;
  u8 ssidLen;
  u8 ssid[32];
  __le16 dBm;
#define CAP_ESS cpu_to_le16(1<<0)
#define CAP_IBSS cpu_to_le16(1<<1)
#define CAP_PRIVACY cpu_to_le16(1<<4)
#define CAP_SHORTHDR cpu_to_le16(1<<5)
  __le16 cap;
  __le16 beaconInterval;
  u8 rates[8]; /* Same as rates for config rid */
  struct { /* For frequency hopping only */
    __le16 dwell;
    u8 hopSet;
    u8 hopPattern;
    u8 hopIndex;
    u8 fill;
  } fh;
  __le16 dsChannel;
  __le16 atimWindow;

  /* Only present on firmware >= 5.30.17 */
  BSSListRidExtra extra;
} BSSListRid;

typedef struct {
  BSSListRid bss;
  struct list_head list;
} BSSListElement;

typedef struct {
  u8 rssipct;
  u8 rssidBm;
} tdsRssiEntry;

typedef struct {
  u16 len;
  tdsRssiEntry x[256];
} tdsRssiRid;

typedef struct {
        u16 len;
        u16 state;
        u16 multicastValid;
        u8  multicast[16];
        u16 unicastValid;
        u8  unicast[16];
} MICRid;

typedef struct {
        __be16 typelen;

        union {
            u8 snap[8];
            struct {
                u8 dsap;
                u8 ssap;
                u8 control;
                u8 orgcode[3];
                u8 fieldtype[2];
            } llc;
        } u;
        __be32 mic;
        __be32 seq;
} MICBuffer;

typedef struct {
        u8 da[ETH_ALEN];
        u8 sa[ETH_ALEN];
} etherHead;

#pragma pack()

#define TXCTL_TXOK (1<<1) /* report if tx is ok */
#define TXCTL_TXEX (1<<2) /* report if tx fails */
#define TXCTL_802_3 (0<<3) /* 802.3 packet */
#define TXCTL_802_11 (1<<3) /* 802.11 mac packet */
#define TXCTL_ETHERNET (0<<4) /* payload has ethertype */
#define TXCTL_LLC (1<<4) /* payload is llc */
#define TXCTL_RELEASE (0<<5) /* release after completion */
#define TXCTL_NORELEASE (1<<5) /* on completion returns to host */

#define BUSY_FID 0x10000

#ifdef CISCO_EXT
#define AIROMAGIC       0xa55a
/* Warning : SIOCDEVPRIVATE may disapear during 2.5.X - Jean II */
#ifdef SIOCIWFIRSTPRIV
#ifdef SIOCDEVPRIVATE
#define AIROOLDIOCTL    SIOCDEVPRIVATE
#define AIROOLDIDIFC    AIROOLDIOCTL + 1
#endif /* SIOCDEVPRIVATE */
#else /* SIOCIWFIRSTPRIV */
#define SIOCIWFIRSTPRIV SIOCDEVPRIVATE
#endif /* SIOCIWFIRSTPRIV */
/* This may be wrong. When using the new SIOCIWFIRSTPRIV range, we probably
 * should use only "GET" ioctls (last bit set to 1). "SET" ioctls are root
 * only and don't return the modified struct ifreq to the application which
 * is usually a problem. - Jean II */
#define AIROIOCTL       SIOCIWFIRSTPRIV
#define AIROIDIFC       AIROIOCTL + 1

/* Ioctl constants to be used in airo_ioctl.command */

#define AIROGCAP                0       // Capability rid
#define AIROGCFG                1       // USED A LOT
#define AIROGSLIST              2       // System ID list
#define AIROGVLIST              3       // List of specified AP's
#define AIROGDRVNAM             4       //  NOTUSED
#define AIROGEHTENC             5       // NOTUSED
#define AIROGWEPKTMP            6
#define AIROGWEPKNV             7
#define AIROGSTAT               8
#define AIROGSTATSC32           9
#define AIROGSTATSD32           10
#define AIROGMICRID             11
#define AIROGMICSTATS           12
#define AIROGFLAGS              13
#define AIROGID                 14
#define AIRORRID                15
#define AIRORSWVERSION          17

/* Leave gap of 40 commands after AIROGSTATSD32 for future */

#define AIROPCAP                AIROGSTATSD32 + 40
#define AIROPVLIST              AIROPCAP      + 1
#define AIROPSLIST              AIROPVLIST    + 1
#define AIROPCFG                AIROPSLIST    + 1
#define AIROPSIDS               AIROPCFG      + 1
#define AIROPAPLIST             AIROPSIDS     + 1
#define AIROPMACON              AIROPAPLIST   + 1       /* Enable mac  */
#define AIROPMACOFF             AIROPMACON    + 1       /* Disable mac */
#define AIROPSTCLR              AIROPMACOFF   + 1
#define AIROPWEPKEY             AIROPSTCLR    + 1
#define AIROPWEPKEYNV           AIROPWEPKEY   + 1
#define AIROPLEAPPWD            AIROPWEPKEYNV + 1
#define AIROPLEAPUSR            AIROPLEAPPWD  + 1

/* Flash codes */

#define AIROFLSHRST            AIROPWEPKEYNV  + 40
#define AIROFLSHGCHR           AIROFLSHRST    + 1
#define AIROFLSHSTFL           AIROFLSHGCHR   + 1
#define AIROFLSHPCHR           AIROFLSHSTFL   + 1
#define AIROFLPUTBUF           AIROFLSHPCHR   + 1
#define AIRORESTART            AIROFLPUTBUF   + 1

#define FLASHSIZE       32768
#define AUXMEMSIZE      (256 * 1024)

typedef struct aironet_ioctl {
        unsigned short command;         // What to do
        unsigned short len;             // Len of data
        unsigned short ridnum;          // rid number
        unsigned char __user *data;     // d-data
} aironet_ioctl;

static char swversion[] = "2.1";
#endif /* CISCO_EXT */

#define NUM_MODULES       2
#define MIC_MSGLEN_MAX    2400
#define EMMH32_MSGLEN_MAX MIC_MSGLEN_MAX
#define AIRO_DEF_MTU      2312

typedef struct {
        u32   size;            // size
        u8    enabled;         // MIC enabled or not
        u32   rxSuccess;       // successful packets received
        u32   rxIncorrectMIC;  // pkts dropped due to incorrect MIC comparison
        u32   rxNotMICed;      // pkts dropped due to not being MIC'd
        u32   rxMICPlummed;    // pkts dropped due to not having a MIC plummed
        u32   rxWrongSequence; // pkts dropped due to sequence number violation
        u32   reserve[32];
} mic_statistics;

typedef struct {
        u32 coeff[((EMMH32_MSGLEN_MAX)+3)>>2];
        u64 accum;      // accumulated mic, reduced to u32 in final()
        int position;   // current position (byte offset) in message
        union {
                u8  d8[4];
                __be32 d32;
        } part; // saves partial message word across update() calls
} emmh32_context;

typedef struct {
        emmh32_context seed;        // Context - the seed
        u32              rx;        // Received sequence number
        u32              tx;        // Tx sequence number
        u32              window;    // Start of window
        u8               valid;     // Flag to say if context is valid or not
        u8               key[16];
} miccntx;

typedef struct {
        miccntx mCtx;           // Multicast context
        miccntx uCtx;           // Unicast context
} mic_module;

typedef struct {
        unsigned int  rid: 16;
        unsigned int  len: 15;
        unsigned int  valid: 1;
        dma_addr_t host_addr;
} Rid;

typedef struct {
        unsigned int  offset: 15;
        unsigned int  eoc: 1;
        unsigned int  len: 15;
        unsigned int  valid: 1;
        dma_addr_t host_addr;
} TxFid;

typedef struct {
        unsigned int  ctl: 15;
        unsigned int  rdy: 1;
        unsigned int  len: 15;
        unsigned int  valid: 1;
        dma_addr_t host_addr;
} RxFid;

/*
 * Host receive descriptor
 */
typedef struct {
        unsigned char __iomem *card_ram_off; /* offset into card memory of the
                                                desc */
        RxFid         rx_desc;               /* card receive descriptor */
        char          *virtual_host_addr;    /* virtual address of host receive
                                                buffer */
        int           pending;

} HostRxDesc;

/*
 * Host transmit descriptor
 */
typedef struct {
        unsigned char __iomem *card_ram_off;         /* offset into card memory of the
                                                desc */
        TxFid         tx_desc;               /* card transmit descriptor */
        char          *virtual_host_addr;    /* virtual address of host receive
                                                buffer */
        int           pending;
} HostTxDesc;

/*
 * Host RID descriptor
 */
typedef struct {
        unsigned char __iomem *card_ram_off;      /* offset into card memory of the
                                             descriptor */
        Rid           rid_desc;           /* card RID descriptor */
        char          *virtual_host_addr; /* virtual address of host receive
                                             buffer */
} HostRidDesc;

typedef struct {
        u16 sw0;
        u16 sw1;
        u16 status;
        u16 len;
#define HOST_SET (1 << 0)
#define HOST_INT_TX (1 << 1) /* Interrupt on successful TX */
#define HOST_INT_TXERR (1 << 2) /* Interrupt on unseccessful TX */
#define HOST_LCC_PAYLOAD (1 << 4) /* LLC payload, 0 = Ethertype */
#define HOST_DONT_RLSE (1 << 5) /* Don't release buffer when done */
#define HOST_DONT_RETRY (1 << 6) /* Don't retry trasmit */
#define HOST_CLR_AID (1 << 7) /* clear AID failure */
#define HOST_RTS (1 << 9) /* Force RTS use */
#define HOST_SHORT (1 << 10) /* Do short preamble */
        u16 ctl;
        u16 aid;
        u16 retries;
        u16 fill;
} TxCtlHdr;

typedef struct {
        u16 ctl;
        u16 duration;
        char addr1[6];
        char addr2[6];
        char addr3[6];
        u16 seq;
        char addr4[6];
} WifiHdr;


typedef struct {
        TxCtlHdr ctlhdr;
        u16 fill1;
        u16 fill2;
        WifiHdr wifihdr;
        u16 gaplen;
        u16 status;
} WifiCtlHdr;

static WifiCtlHdr wifictlhdr8023 = {
        .ctlhdr = {
                .ctl    = HOST_DONT_RLSE,
        }
};

// Frequency list (map channels to frequencies)
static const long frequency_list[] = { 2412, 2417, 2422, 2427, 2432, 2437, 2442,
                                2447, 2452, 2457, 2462, 2467, 2472, 2484 };

// A few details needed for WEP (Wireless Equivalent Privacy)
#define MAX_KEY_SIZE 13                 // 128 (?) bits
#define MIN_KEY_SIZE  5                 // 40 bits RC4 - WEP
typedef struct wep_key_t {
        u16     len;
        u8      key[16];        /* 40-bit and 104-bit keys */
} wep_key_t;

/* Backward compatibility */
#ifndef IW_ENCODE_NOKEY
#define IW_ENCODE_NOKEY         0x0800  /* Key is write only, so not present */
#define IW_ENCODE_MODE  (IW_ENCODE_DISABLED | IW_ENCODE_RESTRICTED | IW_ENCODE_OPEN)
#endif /* IW_ENCODE_NOKEY */

/* List of Wireless Handlers (new API) */
static const struct iw_handler_def      airo_handler_def;

static const char version[] = "airo.c 0.6 (Ben Reed & Javier Achirica)";

struct airo_info;

static int get_dec_u16( char *buffer, int *start, int limit );
static void OUT4500( struct airo_info *, u16 register, u16 value );
static unsigned short IN4500( struct airo_info *, u16 register );
static u16 setup_card(struct airo_info*, u8 *mac, int lock);
static int enable_MAC(struct airo_info *ai, int lock);
static void disable_MAC(struct airo_info *ai, int lock);
static void enable_interrupts(struct airo_info*);
static void disable_interrupts(struct airo_info*);
static u16 issuecommand(struct airo_info*, Cmd *pCmd, Resp *pRsp);
static int bap_setup(struct airo_info*, u16 rid, u16 offset, int whichbap);
static int aux_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
                        int whichbap);
static int fast_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
                         int whichbap);
static int bap_write(struct airo_info*, const __le16 *pu16Src, int bytelen,
                     int whichbap);
static int PC4500_accessrid(struct airo_info*, u16 rid, u16 accmd);
static int PC4500_readrid(struct airo_info*, u16 rid, void *pBuf, int len, int lock);
static int PC4500_writerid(struct airo_info*, u16 rid, const void
                           *pBuf, int len, int lock);
static int do_writerid( struct airo_info*, u16 rid, const void *rid_data,
                        int len, int dummy );
static u16 transmit_allocate(struct airo_info*, int lenPayload, int raw);
static int transmit_802_3_packet(struct airo_info*, int len, char *pPacket);
static int transmit_802_11_packet(struct airo_info*, int len, char *pPacket);

static int mpi_send_packet (struct net_device *dev);
static void mpi_unmap_card(struct pci_dev *pci);
static void mpi_receive_802_3(struct airo_info *ai);
static void mpi_receive_802_11(struct airo_info *ai);
static int waitbusy (struct airo_info *ai);

static irqreturn_t airo_interrupt( int irq, void* dev_id);
static int airo_thread(void *data);
static void timer_func( struct net_device *dev );
static int airo_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
static struct iw_statistics *airo_get_wireless_stats (struct net_device *dev);
static void airo_read_wireless_stats (struct airo_info *local);
#ifdef CISCO_EXT
static int readrids(struct net_device *dev, aironet_ioctl *comp);
static int writerids(struct net_device *dev, aironet_ioctl *comp);
static int flashcard(struct net_device *dev, aironet_ioctl *comp);
#endif /* CISCO_EXT */
static void micinit(struct airo_info *ai);
static int micsetup(struct airo_info *ai);
static int encapsulate(struct airo_info *ai, etherHead *pPacket, MICBuffer *buffer, int len);
static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *pPacket, u16 payLen);

static u8 airo_rssi_to_dbm (tdsRssiEntry *rssi_rid, u8 rssi);
static u8 airo_dbm_to_pct (tdsRssiEntry *rssi_rid, u8 dbm);

static void airo_networks_free(struct airo_info *ai);

struct airo_info {
        struct net_device             *dev;
        struct list_head              dev_list;
        /* Note, we can have MAX_FIDS outstanding.  FIDs are 16-bits, so we
           use the high bit to mark whether it is in use. */
#define MAX_FIDS 6
#define MPI_MAX_FIDS 1
        int                           fids[MAX_FIDS];
        ConfigRid config;
        char keyindex; // Used with auto wep
        char defindex; // Used with auto wep
        struct proc_dir_entry *proc_entry;
        spinlock_t aux_lock;
#define FLAG_RADIO_OFF  0       /* User disabling of MAC */
#define FLAG_RADIO_DOWN 1       /* ifup/ifdown disabling of MAC */
#define FLAG_RADIO_MASK 0x03
#define FLAG_ENABLED    2
#define FLAG_ADHOC      3       /* Needed by MIC */
#define FLAG_MIC_CAPABLE 4
#define FLAG_UPDATE_MULTI 5
#define FLAG_UPDATE_UNI 6
#define FLAG_802_11     7
#define FLAG_PROMISC    8       /* IFF_PROMISC 0x100 - include/linux/if.h */
#define FLAG_PENDING_XMIT 9
#define FLAG_PENDING_XMIT11 10
#define FLAG_MPI        11
#define FLAG_REGISTERED 12
#define FLAG_COMMIT     13
#define FLAG_RESET      14
#define FLAG_FLASHING   15
#define FLAG_WPA_CAPABLE        16
        unsigned long flags;
#define JOB_DIE 0
#define JOB_XMIT        1
#define JOB_XMIT11      2
#define JOB_STATS       3
#define JOB_PROMISC     4
#define JOB_MIC 5
#define JOB_EVENT       6
#define JOB_AUTOWEP     7
#define JOB_WSTATS      8
#define JOB_SCAN_RESULTS  9
        unsigned long jobs;
        int (*bap_read)(struct airo_info*, __le16 *pu16Dst, int bytelen,
                        int whichbap);
        unsigned short *flash;
        tdsRssiEntry *rssi;
        struct task_struct *list_bss_task;
        struct task_struct *airo_thread_task;
        struct semaphore sem;
        wait_queue_head_t thr_wait;
        unsigned long expires;
        struct {
                struct sk_buff *skb;
                int fid;
        } xmit, xmit11;
        struct net_device *wifidev;
        struct iw_statistics    wstats;         // wireless stats
        unsigned long           scan_timeout;   /* Time scan should be read */
        struct iw_spy_data      spy_data;
        struct iw_public_data   wireless_data;
        /* MIC stuff */
        struct crypto_cipher    *tfm;
        mic_module              mod[2];
        mic_statistics          micstats;
        HostRxDesc rxfids[MPI_MAX_FIDS]; // rx/tx/config MPI350 descriptors
        HostTxDesc txfids[MPI_MAX_FIDS];
        HostRidDesc config_desc;
        unsigned long ridbus; // phys addr of config_desc
        struct sk_buff_head txq;// tx queue used by mpi350 code
        struct pci_dev          *pci;
        unsigned char           __iomem *pcimem;
        unsigned char           __iomem *pciaux;
        unsigned char           *shared;
        dma_addr_t              shared_dma;
        pm_message_t            power;
        SsidRid                 *SSID;
        APListRid               *APList;
#define PCI_SHARED_LEN          2*MPI_MAX_FIDS*PKTSIZE+RIDSIZE
        char                    proc_name[IFNAMSIZ];

        /* WPA-related stuff */
        unsigned int bssListFirst;
        unsigned int bssListNext;
        unsigned int bssListRidLen;

        struct list_head network_list;
        struct list_head network_free_list;
        BSSListElement *networks;
};

static inline int bap_read(struct airo_info *ai, __le16 *pu16Dst, int bytelen,
                           int whichbap)
{
        return ai->bap_read(ai, pu16Dst, bytelen, whichbap);
}

static int setup_proc_entry( struct net_device *dev,
                             struct airo_info *apriv );
static int takedown_proc_entry( struct net_device *dev,
                                struct airo_info *apriv );

static int cmdreset(struct airo_info *ai);
static int setflashmode (struct airo_info *ai);
static int flashgchar(struct airo_info *ai,int matchbyte,int dwelltime);
static int flashputbuf(struct airo_info *ai);
static int flashrestart(struct airo_info *ai,struct net_device *dev);

#define airo_print(type, name, fmt, args...) \
        printk(type DRV_NAME "(%s): " fmt "\n", name, ##args)

#define airo_print_info(name, fmt, args...) \
        airo_print(KERN_INFO, name, fmt, ##args)

#define airo_print_dbg(name, fmt, args...) \
        airo_print(KERN_DEBUG, name, fmt, ##args)

#define airo_print_warn(name, fmt, args...) \
        airo_print(KERN_WARNING, name, fmt, ##args)

#define airo_print_err(name, fmt, args...) \
        airo_print(KERN_ERR, name, fmt, ##args)


/***********************************************************************
 *                              MIC ROUTINES                           *
 ***********************************************************************
 */

static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq);
static void MoveWindow(miccntx *context, u32 micSeq);
static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
                           struct crypto_cipher *tfm);
static void emmh32_init(emmh32_context *context);
static void emmh32_update(emmh32_context *context, u8 *pOctets, int len);
static void emmh32_final(emmh32_context *context, u8 digest[4]);
static int flashpchar(struct airo_info *ai,int byte,int dwelltime);

/* micinit - Initialize mic seed */

static void micinit(struct airo_info *ai)
{
        MICRid mic_rid;

        clear_bit(JOB_MIC, &ai->jobs);
        PC4500_readrid(ai, RID_MIC, &mic_rid, sizeof(mic_rid), 0);
        up(&ai->sem);

        ai->micstats.enabled = (mic_rid.state & 0x00FF) ? 1 : 0;

        if (ai->micstats.enabled) {
                /* Key must be valid and different */
                if (mic_rid.multicastValid && (!ai->mod[0].mCtx.valid ||
                    (memcmp (ai->mod[0].mCtx.key, mic_rid.multicast,
                             sizeof(ai->mod[0].mCtx.key)) != 0))) {
                        /* Age current mic Context */
                        memcpy(&ai->mod[1].mCtx,&ai->mod[0].mCtx,sizeof(miccntx));
                        /* Initialize new context */
                        memcpy(&ai->mod[0].mCtx.key,mic_rid.multicast,sizeof(mic_rid.multicast));
                        ai->mod[0].mCtx.window  = 33; //Window always points to the middle
                        ai->mod[0].mCtx.rx      = 0;  //Rx Sequence numbers
                        ai->mod[0].mCtx.tx      = 0;  //Tx sequence numbers
                        ai->mod[0].mCtx.valid   = 1;  //Key is now valid
  
                        /* Give key to mic seed */
                        emmh32_setseed(&ai->mod[0].mCtx.seed,mic_rid.multicast,sizeof(mic_rid.multicast), ai->tfm);
                }

                /* Key must be valid and different */
                if (mic_rid.unicastValid && (!ai->mod[0].uCtx.valid || 
                    (memcmp(ai->mod[0].uCtx.key, mic_rid.unicast,
                            sizeof(ai->mod[0].uCtx.key)) != 0))) {
                        /* Age current mic Context */
                        memcpy(&ai->mod[1].uCtx,&ai->mod[0].uCtx,sizeof(miccntx));
                        /* Initialize new context */
                        memcpy(&ai->mod[0].uCtx.key,mic_rid.unicast,sizeof(mic_rid.unicast));
        
                        ai->mod[0].uCtx.window  = 33; //Window always points to the middle
                        ai->mod[0].uCtx.rx      = 0;  //Rx Sequence numbers
                        ai->mod[0].uCtx.tx      = 0;  //Tx sequence numbers
                        ai->mod[0].uCtx.valid   = 1;  //Key is now valid
        
                        //Give key to mic seed
                        emmh32_setseed(&ai->mod[0].uCtx.seed, mic_rid.unicast, sizeof(mic_rid.unicast), ai->tfm);
                }
        } else {
      /* So next time we have a valid key and mic is enabled, we will update
       * the sequence number if the key is the same as before.
       */
                ai->mod[0].uCtx.valid = 0;
                ai->mod[0].mCtx.valid = 0;
        }
}

/* micsetup - Get ready for business */

static int micsetup(struct airo_info *ai) {
        int i;

        if (ai->tfm == NULL)
                ai->tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);

        if (IS_ERR(ai->tfm)) {
                airo_print_err(ai->dev->name, "failed to load transform for AES");
                ai->tfm = NULL;
                return ERROR;
        }

        for (i=0; i < NUM_MODULES; i++) {
                memset(&ai->mod[i].mCtx,0,sizeof(miccntx));
                memset(&ai->mod[i].uCtx,0,sizeof(miccntx));
        }
        return SUCCESS;
}

static char micsnap[] = {0xAA,0xAA,0x03,0x00,0x40,0x96,0x00,0x02};

/*===========================================================================
 * Description: Mic a packet
 *    
 *      Inputs: etherHead * pointer to an 802.3 frame
 *    
 *     Returns: BOOLEAN if successful, otherwise false.
 *             PacketTxLen will be updated with the mic'd packets size.
 *
 *    Caveats: It is assumed that the frame buffer will already
 *             be big enough to hold the largets mic message possible.
 *            (No memory allocation is done here).
 *  
 *    Author: sbraneky (10/15/01)
 *    Merciless hacks by rwilcher (1/14/02)
 */

static int encapsulate(struct airo_info *ai ,etherHead *frame, MICBuffer *mic, int payLen)
{
        miccntx   *context;

        // Determine correct context
        // If not adhoc, always use unicast key

        if (test_bit(FLAG_ADHOC, &ai->flags) && (frame->da[0] & 0x1))
                context = &ai->mod[0].mCtx;
        else
                context = &ai->mod[0].uCtx;
  
        if (!context->valid)
                return ERROR;

        mic->typelen = htons(payLen + 16); //Length of Mic'd packet

        memcpy(&mic->u.snap, micsnap, sizeof(micsnap)); // Add Snap

        // Add Tx sequence
        mic->seq = htonl(context->tx);
        context->tx += 2;

        emmh32_init(&context->seed); // Mic the packet
        emmh32_update(&context->seed,frame->da,ETH_ALEN * 2); // DA,SA
        emmh32_update(&context->seed,(u8*)&mic->typelen,10); // Type/Length and Snap
        emmh32_update(&context->seed,(u8*)&mic->seq,sizeof(mic->seq)); //SEQ
        emmh32_update(&context->seed,frame->da + ETH_ALEN * 2,payLen); //payload
        emmh32_final(&context->seed, (u8*)&mic->mic);

        /*    New Type/length ?????????? */
        mic->typelen = 0; //Let NIC know it could be an oversized packet
        return SUCCESS;
}

typedef enum {
    NONE,
    NOMIC,
    NOMICPLUMMED,
    SEQUENCE,
    INCORRECTMIC,
} mic_error;

/*===========================================================================
 *  Description: Decapsulates a MIC'd packet and returns the 802.3 packet
 *               (removes the MIC stuff) if packet is a valid packet.
 *      
 *       Inputs: etherHead  pointer to the 802.3 packet             
 *     
 *      Returns: BOOLEAN - TRUE if packet should be dropped otherwise FALSE
 *     
 *      Author: sbraneky (10/15/01)
 *    Merciless hacks by rwilcher (1/14/02)
 *---------------------------------------------------------------------------
 */

static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *eth, u16 payLen)
{
        int      i;
        u32      micSEQ;
        miccntx  *context;
        u8       digest[4];
        mic_error micError = NONE;

        // Check if the packet is a Mic'd packet

        if (!ai->micstats.enabled) {
                //No Mic set or Mic OFF but we received a MIC'd packet.
                if (memcmp ((u8*)eth + 14, micsnap, sizeof(micsnap)) == 0) {
                        ai->micstats.rxMICPlummed++;
                        return ERROR;
                }
                return SUCCESS;
        }

        if (ntohs(mic->typelen) == 0x888E)
                return SUCCESS;

        if (memcmp (mic->u.snap, micsnap, sizeof(micsnap)) != 0) {
            // Mic enabled but packet isn't Mic'd
                ai->micstats.rxMICPlummed++;
                return ERROR;
        }

        micSEQ = ntohl(mic->seq);            //store SEQ as CPU order

        //At this point we a have a mic'd packet and mic is enabled
        //Now do the mic error checking.

        //Receive seq must be odd
        if ( (micSEQ & 1) == 0 ) {
                ai->micstats.rxWrongSequence++;
                return ERROR;
        }

        for (i = 0; i < NUM_MODULES; i++) {
                int mcast = eth->da[0] & 1;
                //Determine proper context 
                context = mcast ? &ai->mod[i].mCtx : &ai->mod[i].uCtx;
        
                //Make sure context is valid
                if (!context->valid) {
                        if (i == 0)
                                micError = NOMICPLUMMED;
                        continue;                
                }
                //DeMic it 

                if (!mic->typelen)
                        mic->typelen = htons(payLen + sizeof(MICBuffer) - 2);
        
                emmh32_init(&context->seed);
                emmh32_update(&context->seed, eth->da, ETH_ALEN*2); 
                emmh32_update(&context->seed, (u8 *)&mic->typelen, sizeof(mic->typelen)+sizeof(mic->u.snap)); 
                emmh32_update(&context->seed, (u8 *)&mic->seq,sizeof(mic->seq));        
                emmh32_update(&context->seed, eth->da + ETH_ALEN*2,payLen);     
                //Calculate MIC
                emmh32_final(&context->seed, digest);
        
                if (memcmp(digest, &mic->mic, 4)) { //Make sure the mics match
                  //Invalid Mic
                        if (i == 0)
                                micError = INCORRECTMIC;
                        continue;
                }

                //Check Sequence number if mics pass
                if (RxSeqValid(ai, context, mcast, micSEQ) == SUCCESS) {
                        ai->micstats.rxSuccess++;
                        return SUCCESS;
                }
                if (i == 0)
                        micError = SEQUENCE;
        }

        // Update statistics
        switch (micError) {
                case NOMICPLUMMED: ai->micstats.rxMICPlummed++;   break;
                case SEQUENCE:    ai->micstats.rxWrongSequence++; break;
                case INCORRECTMIC: ai->micstats.rxIncorrectMIC++; break;
                case NONE:  break;
                case NOMIC: break;
        }
        return ERROR;
}

/*===========================================================================
 * Description:  Checks the Rx Seq number to make sure it is valid
 *               and hasn't already been received
 *   
 *     Inputs: miccntx - mic context to check seq against
 *             micSeq  - the Mic seq number
 *   
 *    Returns: TRUE if valid otherwise FALSE. 
 *
 *    Author: sbraneky (10/15/01)
 *    Merciless hacks by rwilcher (1/14/02)
 *---------------------------------------------------------------------------
 */

static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq)
{
        u32 seq,index;

        //Allow for the ap being rebooted - if it is then use the next 
        //sequence number of the current sequence number - might go backwards

        if (mcast) {
                if (test_bit(FLAG_UPDATE_MULTI, &ai->flags)) {
                        clear_bit (FLAG_UPDATE_MULTI, &ai->flags);
                        context->window = (micSeq > 33) ? micSeq : 33;
                        context->rx     = 0;        // Reset rx
                }
        } else if (test_bit(FLAG_UPDATE_UNI, &ai->flags)) {
                clear_bit (FLAG_UPDATE_UNI, &ai->flags);
                context->window = (micSeq > 33) ? micSeq : 33; // Move window
                context->rx     = 0;        // Reset rx
        }

        //Make sequence number relative to START of window
        seq = micSeq - (context->window - 33);

        //Too old of a SEQ number to check.
        if ((s32)seq < 0)
                return ERROR;
    
        if ( seq > 64 ) {
                //Window is infinite forward
                MoveWindow(context,micSeq);
                return SUCCESS;
        }

        // We are in the window. Now check the context rx bit to see if it was already sent
        seq >>= 1;         //divide by 2 because we only have odd numbers
        index = 1 << seq;  //Get an index number

        if (!(context->rx & index)) {
                //micSEQ falls inside the window.
                //Add seqence number to the list of received numbers.
                context->rx |= index;

                MoveWindow(context,micSeq);

                return SUCCESS;
        }
        return ERROR;
}

static void MoveWindow(miccntx *context, u32 micSeq)
{
        u32 shift;

        //Move window if seq greater than the middle of the window
        if (micSeq > context->window) {
                shift = (micSeq - context->window) >> 1;
    
                    //Shift out old
                if (shift < 32)
                        context->rx >>= shift;
                else
                        context->rx = 0;

                context->window = micSeq;      //Move window
        }
}

/*==============================================*/
/*========== EMMH ROUTINES  ====================*/
/*==============================================*/

/* mic accumulate */
#define MIC_ACCUM(val)  \
        context->accum += (u64)(val) * context->coeff[coeff_position++];

static unsigned char aes_counter[16];

/* expand the key to fill the MMH coefficient array */
static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
                           struct crypto_cipher *tfm)
{
  /* take the keying material, expand if necessary, truncate at 16-bytes */
  /* run through AES counter mode to generate context->coeff[] */
  
        int i,j;
        u32 counter;
        u8 *cipher, plain[16];

        crypto_cipher_setkey(tfm, pkey, 16);
        counter = 0;
        for (i = 0; i < ARRAY_SIZE(context->coeff); ) {
                aes_counter[15] = (u8)(counter >> 0);
                aes_counter[14] = (u8)(counter >> 8);
                aes_counter[13] = (u8)(counter >> 16);
                aes_counter[12] = (u8)(counter >> 24);
                counter++;
                memcpy (plain, aes_counter, 16);
                crypto_cipher_encrypt_one(tfm, plain, plain);
                cipher = plain;
                for (j = 0; (j < 16) && (i < ARRAY_SIZE(context->coeff)); ) {
                        context->coeff[i++] = ntohl(*(__be32 *)&cipher[j]);
                        j += 4;
                }
        }
}

/* prepare for calculation of a new mic */
static void emmh32_init(emmh32_context *context)
{
        /* prepare for new mic calculation */
        context->accum = 0;
        context->position = 0;
}

/* add some bytes to the mic calculation */
static void emmh32_update(emmh32_context *context, u8 *pOctets, int len)
{
        int     coeff_position, byte_position;
  
        if (len == 0) return;
  
        coeff_position = context->position >> 2;
  
        /* deal with partial 32-bit word left over from last update */
        byte_position = context->position & 3;
        if (byte_position) {
                /* have a partial word in part to deal with */
                do {
                        if (len == 0) return;
                        context->part.d8[byte_position++] = *pOctets++;
                        context->position++;
                        len--;
                } while (byte_position < 4);
                MIC_ACCUM(ntohl(context->part.d32));
        }

        /* deal with full 32-bit words */
        while (len >= 4) {
                MIC_ACCUM(ntohl(*(__be32 *)pOctets));
                context->position += 4;
                pOctets += 4;
                len -= 4;
        }

        /* deal with partial 32-bit word that will be left over from this update */
        byte_position = 0;
        while (len > 0) {
                context->part.d8[byte_position++] = *pOctets++;
                context->position++;
                len--;
        }
}

/* mask used to zero empty bytes for final partial word */
static u32 mask32[4] = { 0x00000000L, 0xFF000000L, 0xFFFF0000L, 0xFFFFFF00L };

/* calculate the mic */
static void emmh32_final(emmh32_context *context, u8 digest[4])
{
        int     coeff_position, byte_position;
        u32     val;
  
        u64 sum, utmp;
        s64 stmp;

        coeff_position = context->position >> 2;
  
        /* deal with partial 32-bit word left over from last update */
        byte_position = context->position & 3;
        if (byte_position) {
                /* have a partial word in part to deal with */
                val = ntohl(context->part.d32);
                MIC_ACCUM(val & mask32[byte_position]); /* zero empty bytes */
        }

        /* reduce the accumulated u64 to a 32-bit MIC */
        sum = context->accum;
        stmp = (sum  & 0xffffffffLL) - ((sum >> 32)  * 15);
        utmp = (stmp & 0xffffffffLL) - ((stmp >> 32) * 15);
        sum = utmp & 0xffffffffLL;
        if (utmp > 0x10000000fLL)
                sum -= 15;

        val = (u32)sum;
        digest[0] = (val>>24) & 0xFF;
        digest[1] = (val>>16) & 0xFF;
        digest[2] = (val>>8) & 0xFF;
        digest[3] = val & 0xFF;
}

static int readBSSListRid(struct airo_info *ai, int first,
                      BSSListRid *list)
{
        Cmd cmd;
        Resp rsp;

        if (first == 1) {
                if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
                memset(&cmd, 0, sizeof(cmd));
                cmd.cmd=CMD_LISTBSS;
                if (down_interruptible(&ai->sem))
                        return -ERESTARTSYS;
                ai->list_bss_task = current;
                issuecommand(ai, &cmd, &rsp);
                up(&ai->sem);
                /* Let the command take effect */
                schedule_timeout_uninterruptible(3 * HZ);
                ai->list_bss_task = NULL;
        }
        return PC4500_readrid(ai, first ? ai->bssListFirst : ai->bssListNext,
                            list, ai->bssListRidLen, 1);
}

static int readWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int temp, int lock)
{
        return PC4500_readrid(ai, temp ? RID_WEP_TEMP : RID_WEP_PERM,
                                wkr, sizeof(*wkr), lock);
}

static int writeWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int perm, int lock)
{
        int rc;
        rc = PC4500_writerid(ai, RID_WEP_TEMP, wkr, sizeof(*wkr), lock);
        if (rc!=SUCCESS)
                airo_print_err(ai->dev->name, "WEP_TEMP set %x", rc);
        if (perm) {
                rc = PC4500_writerid(ai, RID_WEP_PERM, wkr, sizeof(*wkr), lock);
                if (rc!=SUCCESS)
                        airo_print_err(ai->dev->name, "WEP_PERM set %x", rc);
        }
        return rc;
}

static int readSsidRid(struct airo_info*ai, SsidRid *ssidr)
{
        return PC4500_readrid(ai, RID_SSID, ssidr, sizeof(*ssidr), 1);
}

static int writeSsidRid(struct airo_info*ai, SsidRid *pssidr, int lock)
{
        return PC4500_writerid(ai, RID_SSID, pssidr, sizeof(*pssidr), lock);
}

static int readConfigRid(struct airo_info *ai, int lock)
{
        int rc;
        ConfigRid cfg;

        if (ai->config.len)
                return SUCCESS;

        rc = PC4500_readrid(ai, RID_ACTUALCONFIG, &cfg, sizeof(cfg), lock);
        if (rc != SUCCESS)
                return rc;

        ai->config = cfg;
        return SUCCESS;
}

static inline void checkThrottle(struct airo_info *ai)
{
        int i;
/* Old hardware had a limit on encryption speed */
        if (ai->config.authType != AUTH_OPEN && maxencrypt) {
                for(i=0; i<8; i++) {
                        if (ai->config.rates[i] > maxencrypt) {
                                ai->config.rates[i] = 0;
                        }
                }
        }
}

static int writeConfigRid(struct airo_info *ai, int lock)
{
        ConfigRid cfgr;

        if (!test_bit (FLAG_COMMIT, &ai->flags))
                return SUCCESS;

        clear_bit (FLAG_COMMIT, &ai->flags);
        clear_bit (FLAG_RESET, &ai->flags);
        checkThrottle(ai);
        cfgr = ai->config;

        if ((cfgr.opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
                set_bit(FLAG_ADHOC, &ai->flags);
        else
                clear_bit(FLAG_ADHOC, &ai->flags);

        return PC4500_writerid( ai, RID_CONFIG, &cfgr, sizeof(cfgr), lock);
}

static int readStatusRid(struct airo_info *ai, StatusRid *statr, int lock)
{
        return PC4500_readrid(ai, RID_STATUS, statr, sizeof(*statr), lock);
}

static int readAPListRid(struct airo_info *ai, APListRid *aplr)
{
        return PC4500_readrid(ai, RID_APLIST, aplr, sizeof(*aplr), 1);
}

static int writeAPListRid(struct airo_info *ai, APListRid *aplr, int lock)
{
        return PC4500_writerid(ai, RID_APLIST, aplr, sizeof(*aplr), lock);
}

static int readCapabilityRid(struct airo_info *ai, CapabilityRid *capr, int lock)
{
        return PC4500_readrid(ai, RID_CAPABILITIES, capr, sizeof(*capr), lock);
}

static int readStatsRid(struct airo_info*ai, StatsRid *sr, int rid, int lock)
{
        return PC4500_readrid(ai, rid, sr, sizeof(*sr), lock);
}

static void try_auto_wep(struct airo_info *ai)
{
        if (auto_wep && !(ai->flags & FLAG_RADIO_DOWN)) {
                ai->expires = RUN_AT(3*HZ);
                wake_up_interruptible(&ai->thr_wait);
        }
}

static int airo_open(struct net_device *dev) {
        struct airo_info *ai = dev->priv;
        int rc = 0;

        if (test_bit(FLAG_FLASHING, &ai->flags))
                return -EIO;

        /* Make sure the card is configured.
         * Wireless Extensions may postpone config changes until the card
         * is open (to pipeline changes and speed-up card setup). If
         * those changes are not yet commited, do it now - Jean II */
        if (test_bit(FLAG_COMMIT, &ai->flags)) {
                disable_MAC(ai, 1);
                writeConfigRid(ai, 1);
        }

        if (ai->wifidev != dev) {
                clear_bit(JOB_DIE, &ai->jobs);
                ai->airo_thread_task = kthread_run(airo_thread, dev, dev->name);
                if (IS_ERR(ai->airo_thread_task))
                        return (int)PTR_ERR(ai->airo_thread_task);

                rc = request_irq(dev->irq, airo_interrupt, IRQF_SHARED,
                        dev->name, dev);
                if (rc) {
                        airo_print_err(dev->name,
                                "register interrupt %d failed, rc %d",
                                dev->irq, rc);
                        set_bit(JOB_DIE, &ai->jobs);
                        kthread_stop(ai->airo_thread_task);
                        return rc;
                }

                /* Power on the MAC controller (which may have been disabled) */
                clear_bit(FLAG_RADIO_DOWN, &ai->flags);
                enable_interrupts(ai);

                try_auto_wep(ai);
        }
        enable_MAC(ai, 1);

        netif_start_queue(dev);
        return 0;
}

static int mpi_start_xmit(struct sk_buff *skb, struct net_device *dev) {
        int npacks, pending;
        unsigned long flags;
        struct airo_info *ai = dev->priv;

        if (!skb) {
                airo_print_err(dev->name, "%s: skb == NULL!",__func__);
                return 0;
        }
        npacks = skb_queue_len (&ai->txq);

        if (npacks >= MAXTXQ - 1) {
                netif_stop_queue (dev);
                if (npacks > MAXTXQ) {
                        dev->stats.tx_fifo_errors++;
                        return 1;
                }
                skb_queue_tail (&ai->txq, skb);
                return 0;
        }

        spin_lock_irqsave(&ai->aux_lock, flags);
        skb_queue_tail (&ai->txq, skb);
        pending = test_bit(FLAG_PENDING_XMIT, &ai->flags);
        spin_unlock_irqrestore(&ai->aux_lock,flags);
        netif_wake_queue (dev);

        if (pending == 0) {
                set_bit(FLAG_PENDING_XMIT, &ai->flags);
                mpi_send_packet (dev);
        }
        return 0;
}

/*
 * @mpi_send_packet
 *
 * Attempt to transmit a packet. Can be called from interrupt
 * or transmit . return number of packets we tried to send
 */

static int mpi_send_packet (struct net_device *dev)
{
        struct sk_buff *skb;
        unsigned char *buffer;
        s16 len;
        __le16 *payloadLen;
        struct airo_info *ai = dev->priv;
        u8 *sendbuf;

        /* get a packet to send */

        if ((skb = skb_dequeue(&ai->txq)) == NULL) {
                airo_print_err(dev->name,
                        "%s: Dequeue'd zero in send_packet()",
                        __func__);
                return 0;
        }

        /* check min length*/
        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
        buffer = skb->data;

        ai->txfids[0].tx_desc.offset = 0;
        ai->txfids[0].tx_desc.valid = 1;
        ai->txfids[0].tx_desc.eoc = 1;
        ai->txfids[0].tx_desc.len =len+sizeof(WifiHdr);

/*
 * Magic, the cards firmware needs a length count (2 bytes) in the host buffer
 * right after  TXFID_HDR.The TXFID_HDR contains the status short so payloadlen
 * is immediatly after it. ------------------------------------------------
 *                         |TXFIDHDR+STATUS|PAYLOADLEN|802.3HDR|PACKETDATA|
 *                         ------------------------------------------------
 */

        memcpy((char *)ai->txfids[0].virtual_host_addr,
                (char *)&wifictlhdr8023, sizeof(wifictlhdr8023));

        payloadLen = (__le16 *)(ai->txfids[0].virtual_host_addr +
                sizeof(wifictlhdr8023));
        sendbuf = ai->txfids[0].virtual_host_addr +
                sizeof(wifictlhdr8023) + 2 ;

        /*
         * Firmware automaticly puts 802 header on so
         * we don't need to account for it in the length
         */
        if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&

                (ntohs(((__be16 *)buffer)[6]) != 0x888E)) {
                MICBuffer pMic;

                if (encapsulate(ai, (etherHead *)buffer, &pMic, len - sizeof(etherHead)) != SUCCESS)
                        return ERROR;

                *payloadLen = cpu_to_le16(len-sizeof(etherHead)+sizeof(pMic));
                ai->txfids[0].tx_desc.len += sizeof(pMic);
                /* copy data into airo dma buffer */
                memcpy (sendbuf, buffer, sizeof(etherHead));
                buffer += sizeof(etherHead);
                sendbuf += sizeof(etherHead);
                memcpy (sendbuf, &pMic, sizeof(pMic));
                sendbuf += sizeof(pMic);
                memcpy (sendbuf, buffer, len - sizeof(etherHead));
        } else {
                *payloadLen = cpu_to_le16(len - sizeof(etherHead));

                dev->trans_start = jiffies;

                /* copy data into airo dma buffer */
                memcpy(sendbuf, buffer, len);
        }

        memcpy_toio(ai->txfids[0].card_ram_off,
                &ai->txfids[0].tx_desc, sizeof(TxFid));

        OUT4500(ai, EVACK, 8);

        dev_kfree_skb_any(skb);
        return 1;
}

static void get_tx_error(struct airo_info *ai, s32 fid)
{
        __le16 status;

        if (fid < 0)
                status = ((WifiCtlHdr *)ai->txfids[0].virtual_host_addr)->ctlhdr.status;
        else {
                if (bap_setup(ai, ai->fids[fid] & 0xffff, 4, BAP0) != SUCCESS)
                        return;
                bap_read(ai, &status, 2, BAP0);
        }
        if (le16_to_cpu(status) & 2) /* Too many retries */
                ai->dev->stats.tx_aborted_errors++;
        if (le16_to_cpu(status) & 4) /* Transmit lifetime exceeded */
                ai->dev->stats.tx_heartbeat_errors++;
        if (le16_to_cpu(status) & 8) /* Aid fail */
                { }
        if (le16_to_cpu(status) & 0x10) /* MAC disabled */
                ai->dev->stats.tx_carrier_errors++;
        if (le16_to_cpu(status) & 0x20) /* Association lost */
                { }
        /* We produce a TXDROP event only for retry or lifetime
         * exceeded, because that's the only status that really mean
         * that this particular node went away.
         * Other errors means that *we* screwed up. - Jean II */
        if ((le16_to_cpu(status) & 2) ||
             (le16_to_cpu(status) & 4)) {
                union iwreq_data        wrqu;
                char junk[0x18];

                /* Faster to skip over useless data than to do
                 * another bap_setup(). We are at offset 0x6 and
                 * need to go to 0x18 and read 6 bytes - Jean II */
                bap_read(ai, (__le16 *) junk, 0x18, BAP0);

                /* Copy 802.11 dest address.
                 * We use the 802.11 header because the frame may
                 * not be 802.3 or may be mangled...
                 * In Ad-Hoc mode, it will be the node address.
                 * In managed mode, it will be most likely the AP addr
                 * User space will figure out how to convert it to
                 * whatever it needs (IP address or else).
                 * - Jean II */
                memcpy(wrqu.addr.sa_data, junk + 0x12, ETH_ALEN);
                wrqu.addr.sa_family = ARPHRD_ETHER;

                /* Send event to user space */
                wireless_send_event(ai->dev, IWEVTXDROP, &wrqu, NULL);
        }
}

static void airo_end_xmit(struct net_device *dev) {
        u16 status;
        int i;
        struct airo_info *priv = dev->priv;
        struct sk_buff *skb = priv->xmit.skb;
        int fid = priv->xmit.fid;
        u32 *fids = priv->fids;

        clear_bit(JOB_XMIT, &priv->jobs);
        clear_bit(FLAG_PENDING_XMIT, &priv->flags);
        status = transmit_802_3_packet (priv, fids[fid], skb->data);
        up(&priv->sem);

        i = 0;
        if ( status == SUCCESS ) {
                dev->trans_start = jiffies;
                for (; i < MAX_FIDS / 2 && (priv->fids[i] & 0xffff0000); i++);
        } else {
                priv->fids[fid] &= 0xffff;
                dev->stats.tx_window_errors++;
        }
        if (i < MAX_FIDS / 2)
                netif_wake_queue(dev);
        dev_kfree_skb(skb);
}

static int airo_start_xmit(struct sk_buff *skb, struct net_device *dev) {
        s16 len;
        int i, j;
        struct airo_info *priv = dev->priv;
        u32 *fids = priv->fids;

        if ( skb == NULL ) {
                airo_print_err(dev->name, "%s: skb == NULL!", __func__);
                return 0;
        }

        /* Find a vacant FID */
        for( i = 0; i < MAX_FIDS / 2 && (fids[i] & 0xffff0000); i++ );
        for( j = i + 1; j < MAX_FIDS / 2 && (fids[j] & 0xffff0000); j++ );

        if ( j >= MAX_FIDS / 2 ) {
                netif_stop_queue(dev);

                if (i == MAX_FIDS / 2) {
                        dev->stats.tx_fifo_errors++;
                        return 1;
                }
        }
        /* check min length*/
        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
        /* Mark fid as used & save length for later */
        fids[i] |= (len << 16);
        priv->xmit.skb = skb;
        priv->xmit.fid = i;
        if (down_trylock(&priv->sem) != 0) {
                set_bit(FLAG_PENDING_XMIT, &priv->flags);
                netif_stop_queue(dev);
                set_bit(JOB_XMIT, &priv->jobs);
                wake_up_interruptible(&priv->thr_wait);
        } else
                airo_end_xmit(dev);
        return 0;
}

static void airo_end_xmit11(struct net_device *dev) {
        u16 status;
        int i;
        struct airo_info *priv = dev->priv;
        struct sk_buff *skb = priv->xmit11.skb;
        int fid = priv->xmit11.fid;
        u32 *fids = priv->fids;

        clear_bit(JOB_XMIT11, &priv->jobs);
        clear_bit(FLAG_PENDING_XMIT11, &priv->flags);
        status = transmit_802_11_packet (priv, fids[fid], skb->data);
        up(&priv->sem);

        i = MAX_FIDS / 2;
        if ( status == SUCCESS ) {
                dev->trans_start = jiffies;
                for (; i < MAX_FIDS && (priv->fids[i] & 0xffff0000); i++);
        } else {
                priv->fids[fid] &= 0xffff;
                dev->stats.tx_window_errors++;
        }
        if (i < MAX_FIDS)
                netif_wake_queue(dev);
        dev_kfree_skb(skb);
}

static int airo_start_xmit11(struct sk_buff *skb, struct net_device *dev) {
        s16 len;
        int i, j;
        struct airo_info *priv = dev->priv;
        u32 *fids = priv->fids;

        if (test_bit(FLAG_MPI, &priv->flags)) {
                /* Not implemented yet for MPI350 */
                netif_stop_queue(dev);
                return -ENETDOWN;
        }

        if ( skb == NULL ) {
                airo_print_err(dev->name, "%s: skb == NULL!", __func__);
                return 0;
        }

        /* Find a vacant FID */
        for( i = MAX_FIDS / 2; i < MAX_FIDS && (fids[i] & 0xffff0000); i++ );
        for( j = i + 1; j < MAX_FIDS && (fids[j] & 0xffff0000); j++ );

        if ( j >= MAX_FIDS ) {
                netif_stop_queue(dev);

                if (i == MAX_FIDS) {
                        dev->stats.tx_fifo_errors++;
                        return 1;
                }
        }
        /* check min length*/
        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
        /* Mark fid as used & save length for later */
        fids[i] |= (len << 16);
        priv->xmit11.skb = skb;
        priv->xmit11.fid = i;
        if (down_trylock(&priv->sem) != 0) {
                set_bit(FLAG_PENDING_XMIT11, &priv->flags);
                netif_stop_queue(dev);
                set_bit(JOB_XMIT11, &priv->jobs);
                wake_up_interruptible(&priv->thr_wait);
        } else
                airo_end_xmit11(dev);
        return 0;
}

static void airo_read_stats(struct net_device *dev)
{
        struct airo_info *ai = dev->priv;
        StatsRid stats_rid;
        __le32 *vals = stats_rid.vals;

        clear_bit(JOB_STATS, &ai->jobs);
        if (ai->power.event) {
                up(&ai->sem);
                return;
        }
        readStatsRid(ai, &stats_rid, RID_STATS, 0);
        up(&ai->sem);

        dev->stats.rx_packets = le32_to_cpu(vals[43]) + le32_to_cpu(vals[44]) +
                               le32_to_cpu(vals[45]);
        dev->stats.tx_packets = le32_to_cpu(vals[39]) + le32_to_cpu(vals[40]) +
                               le32_to_cpu(vals[41]);
        dev->stats.rx_bytes = le32_to_cpu(vals[92]);
        dev->stats.tx_bytes = le32_to_cpu(vals[91]);
        dev->stats.rx_errors = le32_to_cpu(vals[0]) + le32_to_cpu(vals[2]) +
                              le32_to_cpu(vals[3]) + le32_to_cpu(vals[4]);
        dev->stats.tx_errors = le32_to_cpu(vals[42]) +
                              dev->stats.tx_fifo_errors;
        dev->stats.multicast = le32_to_cpu(vals[43]);
        dev->stats.collisions = le32_to_cpu(vals[89]);

        /* detailed rx_errors: */
        dev->stats.rx_length_errors = le32_to_cpu(vals[3]);
        dev->stats.rx_crc_errors = le32_to_cpu(vals[4]);
        dev->stats.rx_frame_errors = le32_to_cpu(vals[2]);
        dev->stats.rx_fifo_errors = le32_to_cpu(vals[0]);
}

static struct net_device_stats *airo_get_stats(struct net_device *dev)
{
        struct airo_info *local =  dev->priv;

        if (!test_bit(JOB_STATS, &local->jobs)) {
                /* Get stats out of the card if available */
                if (down_trylock(&local->sem) != 0) {
                        set_bit(JOB_STATS, &local->jobs);
                        wake_up_interruptible(&local->thr_wait);
                } else
                        airo_read_stats(dev);
        }

        return &dev->stats;
}

static void airo_set_promisc(struct airo_info *ai) {
        Cmd cmd;
        Resp rsp;

        memset(&cmd, 0, sizeof(cmd));
        cmd.cmd=CMD_SETMODE;
        clear_bit(JOB_PROMISC, &ai->jobs);
        cmd.parm0=(ai->flags&IFF_PROMISC) ? PROMISC : NOPROMISC;
        issuecommand(ai, &cmd, &rsp);
        up(&ai->sem);
}

static void airo_set_multicast_list(struct net_device *dev) {
        struct airo_info *ai = dev->priv;

        if ((dev->flags ^ ai->flags) & IFF_PROMISC) {
                change_bit(FLAG_PROMISC, &ai->flags);
                if (down_trylock(&ai->sem) != 0) {
                        set_bit(JOB_PROMISC, &ai->jobs);
                        wake_up_interruptible(&ai->thr_wait);
                } else
                        airo_set_promisc(ai);
        }

        if ((dev->flags&IFF_ALLMULTI)||dev->mc_count>0) {
                /* Turn on multicast.  (Should be already setup...) */
        }
}

static int airo_set_mac_address(struct net_device *dev, void *p)
{
        struct airo_info *ai = dev->priv;
        struct sockaddr *addr = p;

        readConfigRid(ai, 1);
        memcpy (ai->config.macAddr, addr->sa_data, dev->addr_len);
        set_bit (FLAG_COMMIT, &ai->flags);
        disable_MAC(ai, 1);
        writeConfigRid (ai, 1);
        enable_MAC(ai, 1);
        memcpy (ai->dev->dev_addr, addr->sa_data, dev->addr_len);
        if (ai->wifidev)
                memcpy (ai->wifidev->dev_addr, addr->sa_data, dev->addr_len);
        return 0;
}

static int airo_change_mtu(struct net_device *dev, int new_mtu)
{
        if ((new_mtu < 68) || (new_mtu > 2400))
                return -EINVAL;
        dev->mtu = new_mtu;
        return 0;
}

static LIST_HEAD(airo_devices);

static void add_airo_dev(struct airo_info *ai)
{
        /* Upper layers already keep track of PCI devices,
         * so we only need to remember our non-PCI cards. */
        if (!ai->pci)
                list_add_tail(&ai->dev_list, &airo_devices);
}

static void del_airo_dev(struct airo_info *ai)
{
        if (!ai->pci)
                list_del(&ai->dev_list);
}

static int airo_close(struct net_device *dev) {
        struct airo_info *ai = dev->priv;

        netif_stop_queue(dev);

        if (ai->wifidev != dev) {
#ifdef POWER_ON_DOWN
                /* Shut power to the card. The idea is that the user can save
                 * power when he doesn't need the card with "ifconfig down".
                 * That's the method that is most friendly towards the network
                 * stack (i.e. the network stack won't try to broadcast
                 * anything on the interface and routes are gone. Jean II */
                set_bit(FLAG_RADIO_DOWN, &ai->flags);
                disable_MAC(ai, 1);
#endif
                disable_interrupts( ai );

                free_irq(dev->irq, dev);

                set_bit(JOB_DIE, &ai->jobs);
                kthread_stop(ai->airo_thread_task);
        }
        return 0;
}

void stop_airo_card( struct net_device *dev, int freeres )
{
        struct airo_info *ai = dev->priv;

        set_bit(FLAG_RADIO_DOWN, &ai->flags);
        disable_MAC(ai, 1);
        disable_interrupts(ai);
        takedown_proc_entry( dev, ai );
        if (test_bit(FLAG_REGISTERED, &ai->flags)) {
                unregister_netdev( dev );
                if (ai->wifidev) {
                        unregister_netdev(ai->wifidev);
                        free_netdev(ai->wifidev);
                        ai->wifidev = NULL;
                }
                clear_bit(FLAG_REGISTERED, &ai->flags);
        }
        /*
         * Clean out tx queue
         */
        if (test_bit(FLAG_MPI, &ai->flags) && !skb_queue_empty(&ai->txq)) {
                struct sk_buff *skb = NULL;
                for (;(skb = skb_dequeue(&ai->txq));)
                        dev_kfree_skb(skb);
        }

        airo_networks_free (ai);

        kfree(ai->flash);
        kfree(ai->rssi);
        kfree(ai->APList);
        kfree(ai->SSID);
        if (freeres) {
                /* PCMCIA frees this stuff, so only for PCI and ISA */
                release_region( dev->base_addr, 64 );
                if (test_bit(FLAG_MPI, &ai->flags)) {
                        if (ai->pci)
                                mpi_unmap_card(ai->pci);
                        if (ai->pcimem)
                                iounmap(ai->pcimem);
                        if (ai->pciaux)
                                iounmap(ai->pciaux);
                        pci_free_consistent(ai->pci, PCI_SHARED_LEN,
                                ai->shared, ai->shared_dma);
                }
        }
        crypto_free_cipher(ai->tfm);
        del_airo_dev(ai);
        free_netdev( dev );
}

EXPORT_SYMBOL(stop_airo_card);

static int wll_header_parse(const struct sk_buff *skb, unsigned char *haddr)
{
        memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN);
        return ETH_ALEN;
}

static void mpi_unmap_card(struct pci_dev *pci)
{
        unsigned long mem_start = pci_resource_start(pci, 1);
        unsigned long mem_len = pci_resource_len(pci, 1);
        unsigned long aux_start = pci_resource_start(pci, 2);
        unsigned long aux_len = AUXMEMSIZE;

        release_mem_region(aux_start, aux_len);
        release_mem_region(mem_start, mem_len);
}

/*************************************************************
 *  This routine assumes that descriptors have been setup .
 *  Run at insmod time or after reset  when the decriptors
 *  have been initialized . Returns 0 if all is well nz
 *  otherwise . Does not allocate memory but sets up card
 *  using previously allocated descriptors.
 */
static int mpi_init_descriptors (struct airo_info *ai)
{
        Cmd cmd;
        Resp rsp;
        int i;
        int rc = SUCCESS;

        /* Alloc  card RX descriptors */
        netif_stop_queue(ai->dev);

        memset(&rsp,0,sizeof(rsp));
        memset(&cmd,0,sizeof(cmd));

        cmd.cmd = CMD_ALLOCATEAUX;
        cmd.parm0 = FID_RX;
        cmd.parm1 = (ai->rxfids[0].card_ram_off - ai->pciaux);
        cmd.parm2 = MPI_MAX_FIDS;
        rc=issuecommand(ai, &cmd, &rsp);
        if (rc != SUCCESS) {
                airo_print_err(ai->dev->name, "Couldn't allocate RX FID");
                return rc;
        }

        for (i=0; i<MPI_MAX_FIDS; i++) {
                memcpy_toio(ai->rxfids[i].card_ram_off,
                        &ai->rxfids[i].rx_desc, sizeof(RxFid));
        }

        /* Alloc card TX descriptors */

        memset(&rsp,0,sizeof(rsp));
        memset(&cmd,0,sizeof(cmd));

        cmd.cmd = CMD_ALLOCATEAUX;
        cmd.parm0 = FID_TX;
        cmd.parm1 = (ai->txfids[0].card_ram_off - ai->pciaux);
        cmd.parm2 = MPI_MAX_FIDS;

        for (i=0; i<MPI_MAX_FIDS; i++) {
                ai->txfids[i].tx_desc.valid = 1;
                memcpy_toio(ai->txfids[i].card_ram_off,
                        &ai->txfids[i].tx_desc, sizeof(TxFid));
        }
        ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */

        rc=issuecommand(ai, &cmd, &rsp);
        if (rc != SUCCESS) {
                airo_print_err(ai->dev->name, "Couldn't allocate TX FID");
                return rc;
        }

        /* Alloc card Rid descriptor */
        memset(&rsp,0,sizeof(rsp));
        memset(&cmd,0,sizeof(cmd));

        cmd.cmd = CMD_ALLOCATEAUX;
        cmd.parm0 = RID_RW;
        cmd.parm1 = (ai->config_desc.card_ram_off - ai->pciaux);
        cmd.parm2 = 1; /* Magic number... */
        rc=issuecommand(ai, &cmd, &rsp);
        if (rc != SUCCESS) {
                airo_print_err(ai->dev->name, "Couldn't allocate RID");
                return rc;
        }

        memcpy_toio(ai->config_desc.card_ram_off,
                &ai->config_desc.rid_desc, sizeof(Rid));

        return rc;
}

/*
 * We are setting up three things here:
 * 1) Map AUX memory for descriptors: Rid, TxFid, or RxFid.
 * 2) Map PCI memory for issueing commands.
 * 3) Allocate memory (shared) to send and receive ethernet frames.
 */
static int mpi_map_card(struct airo_info *ai, struct pci_dev *pci)
{
        unsigned long mem_start, mem_len, aux_start, aux_len;
        int rc = -1;
        int i;
        dma_addr_t busaddroff;
        unsigned char *vpackoff;
        unsigned char __iomem *pciaddroff;

        mem_start = pci_resource_start(pci, 1);
        mem_len = pci_resource_len(pci, 1);
        aux_start = pci_resource_start(pci, 2);
        aux_len = AUXMEMSIZE;

        if (!request_mem_region(mem_start, mem_len, DRV_NAME)) {
                airo_print_err("", "Couldn't get region %x[%x]",
                        (int)mem_start, (int)mem_len);
                goto out;
        }
        if (!request_mem_region(aux_start, aux_len, DRV_NAME)) {
                airo_print_err("", "Couldn't get region %x[%x]",
                        (int)aux_start, (int)aux_len);
                goto free_region1;
        }

        ai->pcimem = ioremap(mem_start, mem_len);
        if (!ai->pcimem) {
                airo_print_err("", "Couldn't map region %x[%x]",
                        (int)mem_start, (int)mem_len);
                goto free_region2;
        }
        ai->pciaux = ioremap(aux_start, aux_len);
        if (!ai->pciaux) {
                airo_print_err("", "Couldn't map region %x[%x]",
                        (int)aux_start, (int)aux_len);
                goto free_memmap;
        }

        /* Reserve PKTSIZE for each fid and 2K for the Rids */
        ai->shared = pci_alloc_consistent(pci, PCI_SHARED_LEN, &ai->shared_dma);
        if (!ai->shared) {
                airo_print_err("", "Couldn't alloc_consistent %d",
                        PCI_SHARED_LEN);
                goto free_auxmap;
        }

        /*
         * Setup descriptor RX, TX, CONFIG
         */
        busaddroff = ai->shared_dma;
        pciaddroff = ai->pciaux + AUX_OFFSET;
        vpackoff   = ai->shared;

        /* RX descriptor setup */
        for(i = 0; i < MPI_MAX_FIDS; i++) {
                ai->rxfids[i].pending = 0;
                ai->rxfids[i].card_ram_off = pciaddroff;
                ai->rxfids[i].virtual_host_addr = vpackoff;
                ai->rxfids[i].rx_desc.host_addr = busaddroff;
                ai->rxfids[i].rx_desc.valid = 1;
                ai->rxfids[i].rx_desc.len = PKTSIZE;
                ai->rxfids[i].rx_desc.rdy = 0;

                pciaddroff += sizeof(RxFid);
                busaddroff += PKTSIZE;
                vpackoff   += PKTSIZE;
        }

        /* TX descriptor setup */
        for(i = 0; i < MPI_MAX_FIDS; i++) {
                ai->txfids[i].card_ram_off = pciaddroff;
                ai->txfids[i].virtual_host_addr = vpackoff;
                ai->txfids[i].tx_desc.valid = 1;
                ai->txfids[i].tx_desc.host_addr = busaddroff;
                memcpy(ai->txfids[i].virtual_host_addr,
                        &wifictlhdr8023, sizeof(wifictlhdr8023));

                pciaddroff += sizeof(TxFid);
                busaddroff += PKTSIZE;
                vpackoff   += PKTSIZE;
        }
        ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */

        /* Rid descriptor setup */
        ai->config_desc.card_ram_off = pciaddroff;
        ai->config_desc.virtual_host_addr = vpackoff;
        ai->config_desc.rid_desc.host_addr = busaddroff;
        ai->ridbus = busaddroff;
        ai->config_desc.rid_desc.rid = 0;
        ai->config_desc.rid_desc.len = RIDSIZE;
        ai->config_desc.rid_desc.valid = 1;
        pciaddroff += sizeof(Rid);
        busaddroff += RIDSIZE;
        vpackoff   += RIDSIZE;

        /* Tell card about descriptors */
        if (mpi_init_descriptors (ai) != SUCCESS)
                goto free_shared;

        return 0;
 free_shared:
        pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
 free_auxmap:
        iounmap(ai->pciaux);
 free_memmap:
        iounmap(ai->pcimem);
 free_region2:
        release_mem_region(aux_start, aux_len);
 free_region1:
        release_mem_region(mem_start, mem_len);
 out:
        return rc;
}

static const struct header_ops airo_header_ops = {
        .parse = wll_header_parse,
};

static void wifi_setup(struct net_device *dev)
{
        dev->header_ops = &airo_header_ops;
        dev->hard_start_xmit = &airo_start_xmit11;
        dev->get_stats = &airo_get_stats;
        dev->set_mac_address = &airo_set_mac_address;
        dev->do_ioctl = &airo_ioctl;
        dev->wireless_handlers = &airo_handler_def;
        dev->change_mtu = &airo_change_mtu;
        dev->open = &airo_open;
        dev->stop = &airo_close;

        dev->type               = ARPHRD_IEEE80211;
        dev->hard_header_len    = ETH_HLEN;
        dev->mtu                = AIRO_DEF_MTU;
        dev->addr_len           = ETH_ALEN;
        dev->tx_queue_len       = 100; 

        memset(dev->broadcast,0xFF, ETH_ALEN);

        dev->flags              = IFF_BROADCAST|IFF_MULTICAST;
}

static struct net_device *init_wifidev(struct airo_info *ai,
                                        struct net_device *ethdev)
{
        int err;
        struct net_device *dev = alloc_netdev(0, "wifi%d", wifi_setup);
        if (!dev)
                return NULL;
        dev->priv = ethdev->priv;
        dev->irq = ethdev->irq;
        dev->base_addr = ethdev->base_addr;
        dev->wireless_data = ethdev->wireless_data;
        SET_NETDEV_DEV(dev, ethdev->dev.parent);
        memcpy(dev->dev_addr, ethdev->dev_addr, dev->addr_len);
        err = register_netdev(dev);
        if (err<0) {
                free_netdev(dev);
                return NULL;
        }
        return dev;
}

static int reset_card( struct net_device *dev , int lock) {
        struct airo_info *ai = dev->priv;

        if (lock && down_interruptible(&ai->sem))
                return -1;
        waitbusy (ai);
        OUT4500(ai,COMMAND,CMD_SOFTRESET);
        msleep(200);
        waitbusy (ai);
        msleep(200);
        if (lock)
                up(&ai->sem);
        return 0;
}

#define AIRO_MAX_NETWORK_COUNT  64
static int airo_networks_allocate(struct airo_info *ai)
{
        if (ai->networks)
                return 0;

        ai->networks =
            kzalloc(AIRO_MAX_NETWORK_COUNT * sizeof(BSSListElement),
                    GFP_KERNEL);
        if (!ai->networks) {
                airo_print_warn("", "Out of memory allocating beacons");
                return -ENOMEM;
        }

        return 0;
}

static void airo_networks_free(struct airo_info *ai)
{
        kfree(ai->networks);
        ai->networks = NULL;
}

static void airo_networks_initialize(struct airo_info *ai)
{
        int i;

        INIT_LIST_HEAD(&ai->network_free_list);
        INIT_LIST_HEAD(&ai->network_list);
        for (i = 0; i < AIRO_MAX_NETWORK_COUNT; i++)
                list_add_tail(&ai->networks[i].list,
                              &ai->network_free_list);
}

static int airo_test_wpa_capable(struct airo_info *ai)
{
        int status;
        CapabilityRid cap_rid;

        status = readCapabilityRid(ai, &cap_rid, 1);
        if (status != SUCCESS) return 0;

        /* Only firmware versions 5.30.17 or better can do WPA */
        if (le16_to_cpu(cap_rid.softVer) > 0x530
          || (le16_to_cpu(cap_rid.softVer) == 0x530
              && le16_to_cpu(cap_rid.softSubVer) >= 17)) {
                airo_print_info("", "WPA is supported.");
                return 1;
        }

        /* No WPA support */
        airo_print_info("", "WPA unsupported (only firmware versions 5.30.17"
                " and greater support WPA.  Detected %s)", cap_rid.prodVer);
        return 0;
}

static struct net_device *_init_airo_card( unsigned short irq, int port,
                                           int is_pcmcia, struct pci_dev *pci,
                                           struct device *dmdev )
{
        struct net_device *dev;
        struct airo_info *ai;
        int i, rc;
        DECLARE_MAC_BUF(mac);

        /* Create the network device object. */
        dev = alloc_netdev(sizeof(*ai), "", ether_setup);
        if (!dev) {
                airo_print_err("", "Couldn't alloc_etherdev");
                return NULL;
        }

        ai = dev->priv;
        ai->wifidev = NULL;
        ai->flags = 1 << FLAG_RADIO_DOWN;
        ai->jobs = 0;
        ai->dev = dev;
        if (pci && (pci->device == 0x5000 || pci->device == 0xa504)) {
                airo_print_dbg("", "Found an MPI350 card");
                set_bit(FLAG_MPI, &ai->flags);
        }
        spin_lock_init(&ai->aux_lock);
        sema_init(&ai->sem, 1);
        ai->config.len = 0;
        ai->pci = pci;
        init_waitqueue_head (&ai->thr_wait);
        ai->tfm = NULL;
        add_airo_dev(ai);

        if (airo_networks_allocate (ai))
                goto err_out_free;
        airo_networks_initialize (ai);

        /* The Airo-specific entries in the device structure. */
        if (test_bit(FLAG_MPI,&ai->flags)) {
                skb_queue_head_init (&ai->txq);
                dev->hard_start_xmit = &mpi_start_xmit;
        } else
                dev->hard_start_xmit = &airo_start_xmit;
        dev->get_stats = &airo_get_stats;
        dev->set_multicast_list = &airo_set_multicast_list;
        dev->set_mac_address = &airo_set_mac_address;
        dev->do_ioctl = &airo_ioctl;
        dev->wireless_handlers = &airo_handler_def;
        ai->wireless_data.spy_data = &ai->spy_data;
        dev->wireless_data = &ai->wireless_data;
        dev->change_mtu = &airo_change_mtu;
        dev->open = &airo_open;
        dev->stop = &airo_close;
        dev->irq = irq;
        dev->base_addr = port;

        SET_NETDEV_DEV(dev, dmdev);

        reset_card (dev, 1);
        msleep(400);

        if (!is_pcmcia) {
                if (!request_region(dev->base_addr, 64, DRV_NAME)) {
                        rc = -EBUSY;
                        airo_print_err(dev->name, "Couldn't request region");
                        goto err_out_nets;
                }
        }

        if (test_bit(FLAG_MPI,&ai->flags)) {
                if (mpi_map_card(ai, pci)) {
                        airo_print_err("", "Could not map memory");
                        goto err_out_res;
                }
        }

        if (probe) {
                if ( setup_card( ai, dev->dev_addr, 1 ) != SUCCESS ) {
                        airo_print_err(dev->name, "MAC could not be enabled" );
                        rc = -EIO;
                        goto err_out_map;
                }
        } else if (!test_bit(FLAG_MPI,&ai->flags)) {
                ai->bap_read = fast_bap_read;
                set_bit(FLAG_FLASHING, &ai->flags);
        }

        /* Test for WPA support */
        if (airo_test_wpa_capable(ai)) {
                set_bit(FLAG_WPA_CAPABLE, &ai->flags);
                ai->bssListFirst = RID_WPA_BSSLISTFIRST;
                ai->bssListNext = RID_WPA_BSSLISTNEXT;
                ai->bssListRidLen = sizeof(BSSListRid);
        } else {
                ai->bssListFirst = RID_BSSLISTFIRST;
                ai->bssListNext = RID_BSSLISTNEXT;
                ai->bssListRidLen = sizeof(BSSListRid) - sizeof(BSSListRidExtra);
        }

        strcpy(dev->name, "eth%d");
        rc = register_netdev(dev);
        if (rc) {
                airo_print_err(dev->name, "Couldn't register_netdev");
                goto err_out_map;
        }
        ai->wifidev = init_wifidev(ai, dev);
        if (!ai->wifidev)
                goto err_out_reg;

        set_bit(FLAG_REGISTERED,&ai->flags);
        airo_print_info(dev->name, "MAC enabled %s",
                        print_mac(mac, dev->dev_addr));

        /* Allocate the transmit buffers */
        if (probe && !test_bit(FLAG_MPI,&ai->flags))
                for( i = 0; i < MAX_FIDS; i++ )
                        ai->fids[i] = transmit_allocate(ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);

        if (setup_proc_entry(dev, dev->priv) < 0)
                goto err_out_wifi;

        return dev;

err_out_wifi:
        unregister_netdev(ai->wifidev);
        free_netdev(ai->wifidev);
err_out_reg:
        unregister_netdev(dev);
err_out_map:
        if (test_bit(FLAG_MPI,&ai->flags) && pci) {
                pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
                iounmap(ai->pciaux);
                iounmap(ai->pcimem);
                mpi_unmap_card(ai->pci);
        }
err_out_res:
        if (!is_pcmcia)
                release_region( dev->base_addr, 64 );
err_out_nets:
        airo_networks_free(ai);
        del_airo_dev(ai);
err_out_free:
        free_netdev(dev);
        return NULL;
}

struct net_device *init_airo_card( unsigned short irq, int port, int is_pcmcia,
                                  struct device *dmdev)
{
        return _init_airo_card ( irq, port, is_pcmcia, NULL, dmdev);
}

EXPORT_SYMBOL(init_airo_card);

static int waitbusy (struct airo_info *ai) {
        int delay = 0;
        while ((IN4500(ai, COMMAND) & COMMAND_BUSY) && (delay < 10000)) {
                udelay (10);
                if ((++delay % 20) == 0)
                        OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
        }
        return delay < 10000;
}

int reset_airo_card( struct net_device *dev )
{
        int i;
        struct airo_info *ai = dev->priv;
        DECLARE_MAC_BUF(mac);

        if (reset_card (dev, 1))
                return -1;

        if ( setup_card(ai, dev->dev_addr, 1 ) != SUCCESS ) {
                airo_print_err(dev->name, "MAC could not be enabled");
                return -1;
        }
        airo_print_info(dev->name, "MAC enabled %s",
                        print_mac(mac, dev->dev_addr));
        /* Allocate the transmit buffers if needed */
        if (!test_bit(FLAG_MPI,&ai->flags))
                for( i = 0; i < MAX_FIDS; i++ )
                        ai->fids[i] = transmit_allocate (ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);

        enable_interrupts( ai );
        netif_wake_queue(dev);
        return 0;
}

EXPORT_SYMBOL(reset_airo_card);

static void airo_send_event(struct net_device *dev) {
        struct airo_info *ai = dev->priv;
        union iwreq_data wrqu;
        StatusRid status_rid;

        clear_bit(JOB_EVENT, &ai->jobs);
        PC4500_readrid(ai, RID_STATUS, &status_rid, sizeof(status_rid), 0);
        up(&ai->sem);
        wrqu.data.length = 0;
        wrqu.data.flags = 0;
        memcpy(wrqu.ap_addr.sa_data, status_rid.bssid[0], ETH_ALEN);
        wrqu.ap_addr.sa_family = ARPHRD_ETHER;

        /* Send event to user space */
        wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
}

static void airo_process_scan_results (struct airo_info *ai) {
        union iwreq_data        wrqu;
        BSSListRid bss;
        int rc;
        BSSListElement * loop_net;
        BSSListElement * tmp_net;

        /* Blow away current list of scan results */
        list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) {
                list_move_tail (&loop_net->list, &ai->network_free_list);
                /* Don't blow away ->list, just BSS data */
                memset (loop_net, 0, sizeof (loop_net->bss));
        }

        /* Try to read the first entry of the scan result */
        rc = PC4500_readrid(ai, ai->bssListFirst, &bss, ai->bssListRidLen, 0);
        if((rc) || (bss.index == cpu_to_le16(0xffff))) {
                /* No scan results */
                goto out;
        }

        /* Read and parse all entries */
        tmp_net = NULL;
        while((!rc) && (bss.index != cpu_to_le16(0xffff))) {
                /* Grab a network off the free list */
                if (!list_empty(&ai->network_free_list)) {
                        tmp_net = list_entry(ai->network_free_list.next,
                                            BSSListElement, list);
                        list_del(ai->network_free_list.next);
                }

                if (tmp_net != NULL) {
                        memcpy(tmp_net, &bss, sizeof(tmp_net->bss));
                        list_add_tail(&tmp_net->list, &ai->network_list);
                        tmp_net = NULL;
                }

                /* Read next entry */
                rc = PC4500_readrid(ai, ai->bssListNext,
                                    &bss, ai->bssListRidLen, 0);