linux/drivers/net/wireless/cisco/airo.c
<<
>>
Prefs
   1/*======================================================================
   2
   3    Aironet driver for 4500 and 4800 series cards
   4
   5    This code is released under both the GPL version 2 and BSD licenses.
   6    Either license may be used.  The respective licenses are found at
   7    the end of this file.
   8
   9    This code was developed by Benjamin Reed <breed@users.sourceforge.net>
  10    including portions of which come from the Aironet PC4500
  11    Developer's Reference Manual and used with permission.  Copyright
  12    (C) 1999 Benjamin Reed.  All Rights Reserved.  Permission to use
  13    code in the Developer's manual was granted for this driver by
  14    Aironet.  Major code contributions were received from Javier Achirica
  15    <achirica@users.sourceforge.net> and Jean Tourrilhes <jt@hpl.hp.com>.
  16    Code was also integrated from the Cisco Aironet driver for Linux.
  17    Support for MPI350 cards was added by Fabrice Bellet
  18    <fabrice@bellet.info>.
  19
  20======================================================================*/
  21
  22#include <linux/err.h>
  23#include <linux/init.h>
  24
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/proc_fs.h>
  28
  29#include <linux/sched.h>
  30#include <linux/ptrace.h>
  31#include <linux/slab.h>
  32#include <linux/string.h>
  33#include <linux/timer.h>
  34#include <linux/interrupt.h>
  35#include <linux/in.h>
  36#include <linux/bitops.h>
  37#include <linux/scatterlist.h>
  38#include <linux/crypto.h>
  39#include <linux/io.h>
  40#include <asm/unaligned.h>
  41
  42#include <linux/netdevice.h>
  43#include <linux/etherdevice.h>
  44#include <linux/skbuff.h>
  45#include <linux/if_arp.h>
  46#include <linux/ioport.h>
  47#include <linux/pci.h>
  48#include <linux/uaccess.h>
  49#include <linux/kthread.h>
  50#include <linux/freezer.h>
  51
  52#include <crypto/aes.h>
  53#include <crypto/skcipher.h>
  54
  55#include <net/cfg80211.h>
  56#include <net/iw_handler.h>
  57
  58#include "airo.h"
  59
  60#define DRV_NAME "airo"
  61
  62#ifdef CONFIG_PCI
  63static const struct pci_device_id card_ids[] = {
  64        { 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, },
  65        { 0x14b9, 0x4500, PCI_ANY_ID, PCI_ANY_ID },
  66        { 0x14b9, 0x4800, PCI_ANY_ID, PCI_ANY_ID, },
  67        { 0x14b9, 0x0340, PCI_ANY_ID, PCI_ANY_ID, },
  68        { 0x14b9, 0x0350, PCI_ANY_ID, PCI_ANY_ID, },
  69        { 0x14b9, 0x5000, PCI_ANY_ID, PCI_ANY_ID, },
  70        { 0x14b9, 0xa504, PCI_ANY_ID, PCI_ANY_ID, },
  71        { 0, }
  72};
  73MODULE_DEVICE_TABLE(pci, card_ids);
  74
  75static int airo_pci_probe(struct pci_dev *, const struct pci_device_id *);
  76static void airo_pci_remove(struct pci_dev *);
  77static int __maybe_unused airo_pci_suspend(struct device *dev);
  78static int __maybe_unused airo_pci_resume(struct device *dev);
  79
  80static SIMPLE_DEV_PM_OPS(airo_pci_pm_ops,
  81                         airo_pci_suspend,
  82                         airo_pci_resume);
  83
  84static struct pci_driver airo_driver = {
  85        .name      = DRV_NAME,
  86        .id_table  = card_ids,
  87        .probe     = airo_pci_probe,
  88        .remove    = airo_pci_remove,
  89        .driver.pm = &airo_pci_pm_ops,
  90};
  91#endif /* CONFIG_PCI */
  92
  93/* Include Wireless Extension definition and check version - Jean II */
  94#include <linux/wireless.h>
  95#define WIRELESS_SPY            /* enable iwspy support */
  96
  97#define CISCO_EXT               /* enable Cisco extensions */
  98#ifdef CISCO_EXT
  99#include <linux/delay.h>
 100#endif
 101
 102/* Hack to do some power saving */
 103#define POWER_ON_DOWN
 104
 105/* As you can see this list is HUGH!
 106   I really don't know what a lot of these counts are about, but they
 107   are all here for completeness.  If the IGNLABEL macro is put in
 108   infront of the label, that statistic will not be included in the list
 109   of statistics in the /proc filesystem */
 110
 111#define IGNLABEL(comment) NULL
 112static const char *statsLabels[] = {
 113        "RxOverrun",
 114        IGNLABEL("RxPlcpCrcErr"),
 115        IGNLABEL("RxPlcpFormatErr"),
 116        IGNLABEL("RxPlcpLengthErr"),
 117        "RxMacCrcErr",
 118        "RxMacCrcOk",
 119        "RxWepErr",
 120        "RxWepOk",
 121        "RetryLong",
 122        "RetryShort",
 123        "MaxRetries",
 124        "NoAck",
 125        "NoCts",
 126        "RxAck",
 127        "RxCts",
 128        "TxAck",
 129        "TxRts",
 130        "TxCts",
 131        "TxMc",
 132        "TxBc",
 133        "TxUcFrags",
 134        "TxUcPackets",
 135        "TxBeacon",
 136        "RxBeacon",
 137        "TxSinColl",
 138        "TxMulColl",
 139        "DefersNo",
 140        "DefersProt",
 141        "DefersEngy",
 142        "DupFram",
 143        "RxFragDisc",
 144        "TxAged",
 145        "RxAged",
 146        "LostSync-MaxRetry",
 147        "LostSync-MissedBeacons",
 148        "LostSync-ArlExceeded",
 149        "LostSync-Deauth",
 150        "LostSync-Disassoced",
 151        "LostSync-TsfTiming",
 152        "HostTxMc",
 153        "HostTxBc",
 154        "HostTxUc",
 155        "HostTxFail",
 156        "HostRxMc",
 157        "HostRxBc",
 158        "HostRxUc",
 159        "HostRxDiscard",
 160        IGNLABEL("HmacTxMc"),
 161        IGNLABEL("HmacTxBc"),
 162        IGNLABEL("HmacTxUc"),
 163        IGNLABEL("HmacTxFail"),
 164        IGNLABEL("HmacRxMc"),
 165        IGNLABEL("HmacRxBc"),
 166        IGNLABEL("HmacRxUc"),
 167        IGNLABEL("HmacRxDiscard"),
 168        IGNLABEL("HmacRxAccepted"),
 169        "SsidMismatch",
 170        "ApMismatch",
 171        "RatesMismatch",
 172        "AuthReject",
 173        "AuthTimeout",
 174        "AssocReject",
 175        "AssocTimeout",
 176        IGNLABEL("ReasonOutsideTable"),
 177        IGNLABEL("ReasonStatus1"),
 178        IGNLABEL("ReasonStatus2"),
 179        IGNLABEL("ReasonStatus3"),
 180        IGNLABEL("ReasonStatus4"),
 181        IGNLABEL("ReasonStatus5"),
 182        IGNLABEL("ReasonStatus6"),
 183        IGNLABEL("ReasonStatus7"),
 184        IGNLABEL("ReasonStatus8"),
 185        IGNLABEL("ReasonStatus9"),
 186        IGNLABEL("ReasonStatus10"),
 187        IGNLABEL("ReasonStatus11"),
 188        IGNLABEL("ReasonStatus12"),
 189        IGNLABEL("ReasonStatus13"),
 190        IGNLABEL("ReasonStatus14"),
 191        IGNLABEL("ReasonStatus15"),
 192        IGNLABEL("ReasonStatus16"),
 193        IGNLABEL("ReasonStatus17"),
 194        IGNLABEL("ReasonStatus18"),
 195        IGNLABEL("ReasonStatus19"),
 196        "RxMan",
 197        "TxMan",
 198        "RxRefresh",
 199        "TxRefresh",
 200        "RxPoll",
 201        "TxPoll",
 202        "HostRetries",
 203        "LostSync-HostReq",
 204        "HostTxBytes",
 205        "HostRxBytes",
 206        "ElapsedUsec",
 207        "ElapsedSec",
 208        "LostSyncBetterAP",
 209        "PrivacyMismatch",
 210        "Jammed",
 211        "DiscRxNotWepped",
 212        "PhyEleMismatch",
 213        (char*)-1 };
 214#ifndef RUN_AT
 215#define RUN_AT(x) (jiffies+(x))
 216#endif
 217
 218
 219/* These variables are for insmod, since it seems that the rates
 220   can only be set in setup_card.  Rates should be a comma separated
 221   (no spaces) list of rates (up to 8). */
 222
 223static int rates[8];
 224static char *ssids[3];
 225
 226static int io[4];
 227static int irq[4];
 228
 229static
 230int maxencrypt /* = 0 */; /* The highest rate that the card can encrypt at.
 231                       0 means no limit.  For old cards this was 4 */
 232
 233static int auto_wep /* = 0 */; /* If set, it tries to figure out the wep mode */
 234static int aux_bap /* = 0 */; /* Checks to see if the aux ports are needed to read
 235                    the bap, needed on some older cards and buses. */
 236static int adhoc;
 237
 238static int probe = 1;
 239
 240static kuid_t proc_kuid;
 241static int proc_uid /* = 0 */;
 242
 243static kgid_t proc_kgid;
 244static int proc_gid /* = 0 */;
 245
 246static int airo_perm = 0555;
 247
 248static int proc_perm = 0644;
 249
 250MODULE_AUTHOR("Benjamin Reed");
 251MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards.  "
 252                   "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs.");
 253MODULE_LICENSE("Dual BSD/GPL");
 254module_param_hw_array(io, int, ioport, NULL, 0);
 255module_param_hw_array(irq, int, irq, NULL, 0);
 256module_param_array(rates, int, NULL, 0);
 257module_param_array(ssids, charp, NULL, 0);
 258module_param(auto_wep, int, 0);
 259MODULE_PARM_DESC(auto_wep,
 260                 "If non-zero, the driver will keep looping through the authentication options until an association is made.  "
 261                 "The value of auto_wep is number of the wep keys to check.  "
 262                 "A value of 2 will try using the key at index 0 and index 1.");
 263module_param(aux_bap, int, 0);
 264MODULE_PARM_DESC(aux_bap,
 265                 "If non-zero, the driver will switch into a mode that seems to work better for older cards with some older buses.  "
 266                 "Before switching it checks that the switch is needed.");
 267module_param(maxencrypt, int, 0);
 268MODULE_PARM_DESC(maxencrypt,
 269                 "The maximum speed that the card can do encryption.  "
 270                 "Units are in 512kbs.  "
 271                 "Zero (default) means there is no limit.  "
 272                 "Older cards used to be limited to 2mbs (4).");
 273module_param(adhoc, int, 0);
 274MODULE_PARM_DESC(adhoc, "If non-zero, the card will start in adhoc mode.");
 275module_param(probe, int, 0);
 276MODULE_PARM_DESC(probe, "If zero, the driver won't start the card.");
 277
 278module_param(proc_uid, int, 0);
 279MODULE_PARM_DESC(proc_uid, "The uid that the /proc files will belong to.");
 280module_param(proc_gid, int, 0);
 281MODULE_PARM_DESC(proc_gid, "The gid that the /proc files will belong to.");
 282module_param(airo_perm, int, 0);
 283MODULE_PARM_DESC(airo_perm, "The permission bits of /proc/[driver/]aironet.");
 284module_param(proc_perm, int, 0);
 285MODULE_PARM_DESC(proc_perm, "The permission bits of the files in /proc");
 286
 287/* This is a kind of sloppy hack to get this information to OUT4500 and
 288   IN4500.  I would be extremely interested in the situation where this
 289   doesn't work though!!! */
 290static int do8bitIO /* = 0 */;
 291
 292/* Return codes */
 293#define SUCCESS 0
 294#define ERROR -1
 295#define NO_PACKET -2
 296
 297/* Commands */
 298#define NOP2            0x0000
 299#define MAC_ENABLE      0x0001
 300#define MAC_DISABLE     0x0002
 301#define CMD_LOSE_SYNC   0x0003 /* Not sure what this does... */
 302#define CMD_SOFTRESET   0x0004
 303#define HOSTSLEEP       0x0005
 304#define CMD_MAGIC_PKT   0x0006
 305#define CMD_SETWAKEMASK 0x0007
 306#define CMD_READCFG     0x0008
 307#define CMD_SETMODE     0x0009
 308#define CMD_ALLOCATETX  0x000a
 309#define CMD_TRANSMIT    0x000b
 310#define CMD_DEALLOCATETX 0x000c
 311#define NOP             0x0010
 312#define CMD_WORKAROUND  0x0011
 313#define CMD_ALLOCATEAUX 0x0020
 314#define CMD_ACCESS      0x0021
 315#define CMD_PCIBAP      0x0022
 316#define CMD_PCIAUX      0x0023
 317#define CMD_ALLOCBUF    0x0028
 318#define CMD_GETTLV      0x0029
 319#define CMD_PUTTLV      0x002a
 320#define CMD_DELTLV      0x002b
 321#define CMD_FINDNEXTTLV 0x002c
 322#define CMD_PSPNODES    0x0030
 323#define CMD_SETCW       0x0031
 324#define CMD_SETPCF      0x0032
 325#define CMD_SETPHYREG   0x003e
 326#define CMD_TXTEST      0x003f
 327#define MAC_ENABLETX    0x0101
 328#define CMD_LISTBSS     0x0103
 329#define CMD_SAVECFG     0x0108
 330#define CMD_ENABLEAUX   0x0111
 331#define CMD_WRITERID    0x0121
 332#define CMD_USEPSPNODES 0x0130
 333#define MAC_ENABLERX    0x0201
 334
 335/* Command errors */
 336#define ERROR_QUALIF 0x00
 337#define ERROR_ILLCMD 0x01
 338#define ERROR_ILLFMT 0x02
 339#define ERROR_INVFID 0x03
 340#define ERROR_INVRID 0x04
 341#define ERROR_LARGE 0x05
 342#define ERROR_NDISABL 0x06
 343#define ERROR_ALLOCBSY 0x07
 344#define ERROR_NORD 0x0B
 345#define ERROR_NOWR 0x0C
 346#define ERROR_INVFIDTX 0x0D
 347#define ERROR_TESTACT 0x0E
 348#define ERROR_TAGNFND 0x12
 349#define ERROR_DECODE 0x20
 350#define ERROR_DESCUNAV 0x21
 351#define ERROR_BADLEN 0x22
 352#define ERROR_MODE 0x80
 353#define ERROR_HOP 0x81
 354#define ERROR_BINTER 0x82
 355#define ERROR_RXMODE 0x83
 356#define ERROR_MACADDR 0x84
 357#define ERROR_RATES 0x85
 358#define ERROR_ORDER 0x86
 359#define ERROR_SCAN 0x87
 360#define ERROR_AUTH 0x88
 361#define ERROR_PSMODE 0x89
 362#define ERROR_RTYPE 0x8A
 363#define ERROR_DIVER 0x8B
 364#define ERROR_SSID 0x8C
 365#define ERROR_APLIST 0x8D
 366#define ERROR_AUTOWAKE 0x8E
 367#define ERROR_LEAP 0x8F
 368
 369/* Registers */
 370#define COMMAND 0x00
 371#define PARAM0 0x02
 372#define PARAM1 0x04
 373#define PARAM2 0x06
 374#define STATUS 0x08
 375#define RESP0 0x0a
 376#define RESP1 0x0c
 377#define RESP2 0x0e
 378#define LINKSTAT 0x10
 379#define SELECT0 0x18
 380#define OFFSET0 0x1c
 381#define RXFID 0x20
 382#define TXALLOCFID 0x22
 383#define TXCOMPLFID 0x24
 384#define DATA0 0x36
 385#define EVSTAT 0x30
 386#define EVINTEN 0x32
 387#define EVACK 0x34
 388#define SWS0 0x28
 389#define SWS1 0x2a
 390#define SWS2 0x2c
 391#define SWS3 0x2e
 392#define AUXPAGE 0x3A
 393#define AUXOFF 0x3C
 394#define AUXDATA 0x3E
 395
 396#define FID_TX 1
 397#define FID_RX 2
 398/* Offset into aux memory for descriptors */
 399#define AUX_OFFSET 0x800
 400/* Size of allocated packets */
 401#define PKTSIZE 1840
 402#define RIDSIZE 2048
 403/* Size of the transmit queue */
 404#define MAXTXQ 64
 405
 406/* BAP selectors */
 407#define BAP0 0 /* Used for receiving packets */
 408#define BAP1 2 /* Used for xmiting packets and working with RIDS */
 409
 410/* Flags */
 411#define COMMAND_BUSY 0x8000
 412
 413#define BAP_BUSY 0x8000
 414#define BAP_ERR 0x4000
 415#define BAP_DONE 0x2000
 416
 417#define PROMISC 0xffff
 418#define NOPROMISC 0x0000
 419
 420#define EV_CMD 0x10
 421#define EV_CLEARCOMMANDBUSY 0x4000
 422#define EV_RX 0x01
 423#define EV_TX 0x02
 424#define EV_TXEXC 0x04
 425#define EV_ALLOC 0x08
 426#define EV_LINK 0x80
 427#define EV_AWAKE 0x100
 428#define EV_TXCPY 0x400
 429#define EV_UNKNOWN 0x800
 430#define EV_MIC 0x1000 /* Message Integrity Check Interrupt */
 431#define EV_AWAKEN 0x2000
 432#define STATUS_INTS (EV_AWAKE|EV_LINK|EV_TXEXC|EV_TX|EV_TXCPY|EV_RX|EV_MIC)
 433
 434#ifdef CHECK_UNKNOWN_INTS
 435#define IGNORE_INTS (EV_CMD | EV_UNKNOWN)
 436#else
 437#define IGNORE_INTS (~STATUS_INTS)
 438#endif
 439
 440/* RID TYPES */
 441#define RID_RW 0x20
 442
 443/* The RIDs */
 444#define RID_CAPABILITIES 0xFF00
 445#define RID_APINFO     0xFF01
 446#define RID_RADIOINFO  0xFF02
 447#define RID_UNKNOWN3   0xFF03
 448#define RID_RSSI       0xFF04
 449#define RID_CONFIG     0xFF10
 450#define RID_SSID       0xFF11
 451#define RID_APLIST     0xFF12
 452#define RID_DRVNAME    0xFF13
 453#define RID_ETHERENCAP 0xFF14
 454#define RID_WEP_TEMP   0xFF15
 455#define RID_WEP_PERM   0xFF16
 456#define RID_MODULATION 0xFF17
 457#define RID_OPTIONS    0xFF18
 458#define RID_ACTUALCONFIG 0xFF20 /*readonly*/
 459#define RID_FACTORYCONFIG 0xFF21
 460#define RID_UNKNOWN22  0xFF22
 461#define RID_LEAPUSERNAME 0xFF23
 462#define RID_LEAPPASSWORD 0xFF24
 463#define RID_STATUS     0xFF50
 464#define RID_BEACON_HST 0xFF51
 465#define RID_BUSY_HST   0xFF52
 466#define RID_RETRIES_HST 0xFF53
 467#define RID_UNKNOWN54  0xFF54
 468#define RID_UNKNOWN55  0xFF55
 469#define RID_UNKNOWN56  0xFF56
 470#define RID_MIC        0xFF57
 471#define RID_STATS16    0xFF60
 472#define RID_STATS16DELTA 0xFF61
 473#define RID_STATS16DELTACLEAR 0xFF62
 474#define RID_STATS      0xFF68
 475#define RID_STATSDELTA 0xFF69
 476#define RID_STATSDELTACLEAR 0xFF6A
 477#define RID_ECHOTEST_RID 0xFF70
 478#define RID_ECHOTEST_RESULTS 0xFF71
 479#define RID_BSSLISTFIRST 0xFF72
 480#define RID_BSSLISTNEXT  0xFF73
 481#define RID_WPA_BSSLISTFIRST 0xFF74
 482#define RID_WPA_BSSLISTNEXT  0xFF75
 483
 484typedef struct {
 485        u16 cmd;
 486        u16 parm0;
 487        u16 parm1;
 488        u16 parm2;
 489} Cmd;
 490
 491typedef struct {
 492        u16 status;
 493        u16 rsp0;
 494        u16 rsp1;
 495        u16 rsp2;
 496} Resp;
 497
 498/*
 499 * Rids and endian-ness:  The Rids will always be in cpu endian, since
 500 * this all the patches from the big-endian guys end up doing that.
 501 * so all rid access should use the read/writeXXXRid routines.
 502 */
 503
 504/* This structure came from an email sent to me from an engineer at
 505   aironet for inclusion into this driver */
 506typedef struct WepKeyRid WepKeyRid;
 507struct WepKeyRid {
 508        __le16 len;
 509        __le16 kindex;
 510        u8 mac[ETH_ALEN];
 511        __le16 klen;
 512        u8 key[16];
 513} __packed;
 514
 515/* These structures are from the Aironet's PC4500 Developers Manual */
 516typedef struct Ssid Ssid;
 517struct Ssid {
 518        __le16 len;
 519        u8 ssid[32];
 520} __packed;
 521
 522typedef struct SsidRid SsidRid;
 523struct SsidRid {
 524        __le16 len;
 525        Ssid ssids[3];
 526} __packed;
 527
 528typedef struct ModulationRid ModulationRid;
 529struct ModulationRid {
 530        __le16 len;
 531        __le16 modulation;
 532#define MOD_DEFAULT cpu_to_le16(0)
 533#define MOD_CCK cpu_to_le16(1)
 534#define MOD_MOK cpu_to_le16(2)
 535} __packed;
 536
 537typedef struct ConfigRid ConfigRid;
 538struct ConfigRid {
 539        __le16 len; /* sizeof(ConfigRid) */
 540        __le16 opmode; /* operating mode */
 541#define MODE_STA_IBSS cpu_to_le16(0)
 542#define MODE_STA_ESS cpu_to_le16(1)
 543#define MODE_AP cpu_to_le16(2)
 544#define MODE_AP_RPTR cpu_to_le16(3)
 545#define MODE_CFG_MASK cpu_to_le16(0xff)
 546#define MODE_ETHERNET_HOST cpu_to_le16(0<<8) /* rx payloads converted */
 547#define MODE_LLC_HOST cpu_to_le16(1<<8) /* rx payloads left as is */
 548#define MODE_AIRONET_EXTEND cpu_to_le16(1<<9) /* enable Aironet extenstions */
 549#define MODE_AP_INTERFACE cpu_to_le16(1<<10) /* enable ap interface extensions */
 550#define MODE_ANTENNA_ALIGN cpu_to_le16(1<<11) /* enable antenna alignment */
 551#define MODE_ETHER_LLC cpu_to_le16(1<<12) /* enable ethernet LLC */
 552#define MODE_LEAF_NODE cpu_to_le16(1<<13) /* enable leaf node bridge */
 553#define MODE_CF_POLLABLE cpu_to_le16(1<<14) /* enable CF pollable */
 554#define MODE_MIC cpu_to_le16(1<<15) /* enable MIC */
 555        __le16 rmode; /* receive mode */
 556#define RXMODE_BC_MC_ADDR cpu_to_le16(0)
 557#define RXMODE_BC_ADDR cpu_to_le16(1) /* ignore multicasts */
 558#define RXMODE_ADDR cpu_to_le16(2) /* ignore multicast and broadcast */
 559#define RXMODE_RFMON cpu_to_le16(3) /* wireless monitor mode */
 560#define RXMODE_RFMON_ANYBSS cpu_to_le16(4)
 561#define RXMODE_LANMON cpu_to_le16(5) /* lan style monitor -- data packets only */
 562#define RXMODE_MASK cpu_to_le16(255)
 563#define RXMODE_DISABLE_802_3_HEADER cpu_to_le16(1<<8) /* disables 802.3 header on rx */
 564#define RXMODE_FULL_MASK (RXMODE_MASK | RXMODE_DISABLE_802_3_HEADER)
 565#define RXMODE_NORMALIZED_RSSI cpu_to_le16(1<<9) /* return normalized RSSI */
 566        __le16 fragThresh;
 567        __le16 rtsThres;
 568        u8 macAddr[ETH_ALEN];
 569        u8 rates[8];
 570        __le16 shortRetryLimit;
 571        __le16 longRetryLimit;
 572        __le16 txLifetime; /* in kusec */
 573        __le16 rxLifetime; /* in kusec */
 574        __le16 stationary;
 575        __le16 ordering;
 576        __le16 u16deviceType; /* for overriding device type */
 577        __le16 cfpRate;
 578        __le16 cfpDuration;
 579        __le16 _reserved1[3];
 580        /*---------- Scanning/Associating ----------*/
 581        __le16 scanMode;
 582#define SCANMODE_ACTIVE cpu_to_le16(0)
 583#define SCANMODE_PASSIVE cpu_to_le16(1)
 584#define SCANMODE_AIROSCAN cpu_to_le16(2)
 585        __le16 probeDelay; /* in kusec */
 586        __le16 probeEnergyTimeout; /* in kusec */
 587        __le16 probeResponseTimeout;
 588        __le16 beaconListenTimeout;
 589        __le16 joinNetTimeout;
 590        __le16 authTimeout;
 591        __le16 authType;
 592#define AUTH_OPEN cpu_to_le16(0x1)
 593#define AUTH_ENCRYPT cpu_to_le16(0x101)
 594#define AUTH_SHAREDKEY cpu_to_le16(0x102)
 595#define AUTH_ALLOW_UNENCRYPTED cpu_to_le16(0x200)
 596        __le16 associationTimeout;
 597        __le16 specifiedApTimeout;
 598        __le16 offlineScanInterval;
 599        __le16 offlineScanDuration;
 600        __le16 linkLossDelay;
 601        __le16 maxBeaconLostTime;
 602        __le16 refreshInterval;
 603#define DISABLE_REFRESH cpu_to_le16(0xFFFF)
 604        __le16 _reserved1a[1];
 605        /*---------- Power save operation ----------*/
 606        __le16 powerSaveMode;
 607#define POWERSAVE_CAM cpu_to_le16(0)
 608#define POWERSAVE_PSP cpu_to_le16(1)
 609#define POWERSAVE_PSPCAM cpu_to_le16(2)
 610        __le16 sleepForDtims;
 611        __le16 listenInterval;
 612        __le16 fastListenInterval;
 613        __le16 listenDecay;
 614        __le16 fastListenDelay;
 615        __le16 _reserved2[2];
 616        /*---------- Ap/Ibss config items ----------*/
 617        __le16 beaconPeriod;
 618        __le16 atimDuration;
 619        __le16 hopPeriod;
 620        __le16 channelSet;
 621        __le16 channel;
 622        __le16 dtimPeriod;
 623        __le16 bridgeDistance;
 624        __le16 radioID;
 625        /*---------- Radio configuration ----------*/
 626        __le16 radioType;
 627#define RADIOTYPE_DEFAULT cpu_to_le16(0)
 628#define RADIOTYPE_802_11 cpu_to_le16(1)
 629#define RADIOTYPE_LEGACY cpu_to_le16(2)
 630        u8 rxDiversity;
 631        u8 txDiversity;
 632        __le16 txPower;
 633#define TXPOWER_DEFAULT 0
 634        __le16 rssiThreshold;
 635#define RSSI_DEFAULT 0
 636        __le16 modulation;
 637#define PREAMBLE_AUTO cpu_to_le16(0)
 638#define PREAMBLE_LONG cpu_to_le16(1)
 639#define PREAMBLE_SHORT cpu_to_le16(2)
 640        __le16 preamble;
 641        __le16 homeProduct;
 642        __le16 radioSpecific;
 643        /*---------- Aironet Extensions ----------*/
 644        u8 nodeName[16];
 645        __le16 arlThreshold;
 646        __le16 arlDecay;
 647        __le16 arlDelay;
 648        __le16 _reserved4[1];
 649        /*---------- Aironet Extensions ----------*/
 650        u8 magicAction;
 651#define MAGIC_ACTION_STSCHG 1
 652#define MAGIC_ACTION_RESUME 2
 653#define MAGIC_IGNORE_MCAST (1<<8)
 654#define MAGIC_IGNORE_BCAST (1<<9)
 655#define MAGIC_SWITCH_TO_PSP (0<<10)
 656#define MAGIC_STAY_IN_CAM (1<<10)
 657        u8 magicControl;
 658        __le16 autoWake;
 659} __packed;
 660
 661typedef struct StatusRid StatusRid;
 662struct StatusRid {
 663        __le16 len;
 664        u8 mac[ETH_ALEN];
 665        __le16 mode;
 666        __le16 errorCode;
 667        __le16 sigQuality;
 668        __le16 SSIDlen;
 669        char SSID[32];
 670        char apName[16];
 671        u8 bssid[4][ETH_ALEN];
 672        __le16 beaconPeriod;
 673        __le16 dimPeriod;
 674        __le16 atimDuration;
 675        __le16 hopPeriod;
 676        __le16 channelSet;
 677        __le16 channel;
 678        __le16 hopsToBackbone;
 679        __le16 apTotalLoad;
 680        __le16 generatedLoad;
 681        __le16 accumulatedArl;
 682        __le16 signalQuality;
 683        __le16 currentXmitRate;
 684        __le16 apDevExtensions;
 685        __le16 normalizedSignalStrength;
 686        __le16 shortPreamble;
 687        u8 apIP[4];
 688        u8 noisePercent; /* Noise percent in last second */
 689        u8 noisedBm; /* Noise dBm in last second */
 690        u8 noiseAvePercent; /* Noise percent in last minute */
 691        u8 noiseAvedBm; /* Noise dBm in last minute */
 692        u8 noiseMaxPercent; /* Highest noise percent in last minute */
 693        u8 noiseMaxdBm; /* Highest noise dbm in last minute */
 694        __le16 load;
 695        u8 carrier[4];
 696        __le16 assocStatus;
 697#define STAT_NOPACKETS 0
 698#define STAT_NOCARRIERSET 10
 699#define STAT_GOTCARRIERSET 11
 700#define STAT_WRONGSSID 20
 701#define STAT_BADCHANNEL 25
 702#define STAT_BADBITRATES 30
 703#define STAT_BADPRIVACY 35
 704#define STAT_APFOUND 40
 705#define STAT_APREJECTED 50
 706#define STAT_AUTHENTICATING 60
 707#define STAT_DEAUTHENTICATED 61
 708#define STAT_AUTHTIMEOUT 62
 709#define STAT_ASSOCIATING 70
 710#define STAT_DEASSOCIATED 71
 711#define STAT_ASSOCTIMEOUT 72
 712#define STAT_NOTAIROAP 73
 713#define STAT_ASSOCIATED 80
 714#define STAT_LEAPING 90
 715#define STAT_LEAPFAILED 91
 716#define STAT_LEAPTIMEDOUT 92
 717#define STAT_LEAPCOMPLETE 93
 718} __packed;
 719
 720typedef struct StatsRid StatsRid;
 721struct StatsRid {
 722        __le16 len;
 723        __le16 spacer;
 724        __le32 vals[100];
 725} __packed;
 726
 727typedef struct APListRid APListRid;
 728struct APListRid {
 729        __le16 len;
 730        u8 ap[4][ETH_ALEN];
 731} __packed;
 732
 733typedef struct CapabilityRid CapabilityRid;
 734struct CapabilityRid {
 735        __le16 len;
 736        char oui[3];
 737        char zero;
 738        __le16 prodNum;
 739        char manName[32];
 740        char prodName[16];
 741        char prodVer[8];
 742        char factoryAddr[ETH_ALEN];
 743        char aironetAddr[ETH_ALEN];
 744        __le16 radioType;
 745        __le16 country;
 746        char callid[ETH_ALEN];
 747        char supportedRates[8];
 748        char rxDiversity;
 749        char txDiversity;
 750        __le16 txPowerLevels[8];
 751        __le16 hardVer;
 752        __le16 hardCap;
 753        __le16 tempRange;
 754        __le16 softVer;
 755        __le16 softSubVer;
 756        __le16 interfaceVer;
 757        __le16 softCap;
 758        __le16 bootBlockVer;
 759        __le16 requiredHard;
 760        __le16 extSoftCap;
 761} __packed;
 762
 763/* Only present on firmware >= 5.30.17 */
 764typedef struct BSSListRidExtra BSSListRidExtra;
 765struct BSSListRidExtra {
 766  __le16 unknown[4];
 767  u8 fixed[12]; /* WLAN management frame */
 768  u8 iep[624];
 769} __packed;
 770
 771typedef struct BSSListRid BSSListRid;
 772struct BSSListRid {
 773  __le16 len;
 774  __le16 index; /* First is 0 and 0xffff means end of list */
 775#define RADIO_FH 1 /* Frequency hopping radio type */
 776#define RADIO_DS 2 /* Direct sequence radio type */
 777#define RADIO_TMA 4 /* Proprietary radio used in old cards (2500) */
 778  __le16 radioType;
 779  u8 bssid[ETH_ALEN]; /* Mac address of the BSS */
 780  u8 zero;
 781  u8 ssidLen;
 782  u8 ssid[32];
 783  __le16 dBm;
 784#define CAP_ESS cpu_to_le16(1<<0)
 785#define CAP_IBSS cpu_to_le16(1<<1)
 786#define CAP_PRIVACY cpu_to_le16(1<<4)
 787#define CAP_SHORTHDR cpu_to_le16(1<<5)
 788  __le16 cap;
 789  __le16 beaconInterval;
 790  u8 rates[8]; /* Same as rates for config rid */
 791  struct { /* For frequency hopping only */
 792    __le16 dwell;
 793    u8 hopSet;
 794    u8 hopPattern;
 795    u8 hopIndex;
 796    u8 fill;
 797  } fh;
 798  __le16 dsChannel;
 799  __le16 atimWindow;
 800
 801  /* Only present on firmware >= 5.30.17 */
 802  BSSListRidExtra extra;
 803} __packed;
 804
 805typedef struct {
 806  BSSListRid bss;
 807  struct list_head list;
 808} BSSListElement;
 809
 810typedef struct tdsRssiEntry tdsRssiEntry;
 811struct tdsRssiEntry {
 812  u8 rssipct;
 813  u8 rssidBm;
 814} __packed;
 815
 816typedef struct tdsRssiRid tdsRssiRid;
 817struct tdsRssiRid {
 818  u16 len;
 819  tdsRssiEntry x[256];
 820} __packed;
 821
 822typedef struct MICRid MICRid;
 823struct MICRid {
 824        __le16 len;
 825        __le16 state;
 826        __le16 multicastValid;
 827        u8  multicast[16];
 828        __le16 unicastValid;
 829        u8  unicast[16];
 830} __packed;
 831
 832typedef struct MICBuffer MICBuffer;
 833struct MICBuffer {
 834        __be16 typelen;
 835
 836        union {
 837            u8 snap[8];
 838            struct {
 839                u8 dsap;
 840                u8 ssap;
 841                u8 control;
 842                u8 orgcode[3];
 843                u8 fieldtype[2];
 844            } llc;
 845        } u;
 846        __be32 mic;
 847        __be32 seq;
 848} __packed;
 849
 850typedef struct {
 851        u8 da[ETH_ALEN];
 852        u8 sa[ETH_ALEN];
 853} etherHead;
 854
 855#define TXCTL_TXOK (1<<1) /* report if tx is ok */
 856#define TXCTL_TXEX (1<<2) /* report if tx fails */
 857#define TXCTL_802_3 (0<<3) /* 802.3 packet */
 858#define TXCTL_802_11 (1<<3) /* 802.11 mac packet */
 859#define TXCTL_ETHERNET (0<<4) /* payload has ethertype */
 860#define TXCTL_LLC (1<<4) /* payload is llc */
 861#define TXCTL_RELEASE (0<<5) /* release after completion */
 862#define TXCTL_NORELEASE (1<<5) /* on completion returns to host */
 863
 864#define BUSY_FID 0x10000
 865
 866#ifdef CISCO_EXT
 867#define AIROMAGIC       0xa55a
 868/* Warning : SIOCDEVPRIVATE may disapear during 2.5.X - Jean II */
 869#ifdef SIOCIWFIRSTPRIV
 870#ifdef SIOCDEVPRIVATE
 871#define AIROOLDIOCTL    SIOCDEVPRIVATE
 872#define AIROOLDIDIFC    AIROOLDIOCTL + 1
 873#endif /* SIOCDEVPRIVATE */
 874#else /* SIOCIWFIRSTPRIV */
 875#define SIOCIWFIRSTPRIV SIOCDEVPRIVATE
 876#endif /* SIOCIWFIRSTPRIV */
 877/* This may be wrong. When using the new SIOCIWFIRSTPRIV range, we probably
 878 * should use only "GET" ioctls (last bit set to 1). "SET" ioctls are root
 879 * only and don't return the modified struct ifreq to the application which
 880 * is usually a problem. - Jean II */
 881#define AIROIOCTL       SIOCIWFIRSTPRIV
 882#define AIROIDIFC       AIROIOCTL + 1
 883
 884/* Ioctl constants to be used in airo_ioctl.command */
 885
 886#define AIROGCAP                0       // Capability rid
 887#define AIROGCFG                1       // USED A LOT
 888#define AIROGSLIST              2       // System ID list
 889#define AIROGVLIST              3       // List of specified AP's
 890#define AIROGDRVNAM             4       //  NOTUSED
 891#define AIROGEHTENC             5       // NOTUSED
 892#define AIROGWEPKTMP            6
 893#define AIROGWEPKNV             7
 894#define AIROGSTAT               8
 895#define AIROGSTATSC32           9
 896#define AIROGSTATSD32           10
 897#define AIROGMICRID             11
 898#define AIROGMICSTATS           12
 899#define AIROGFLAGS              13
 900#define AIROGID                 14
 901#define AIRORRID                15
 902#define AIRORSWVERSION          17
 903
 904/* Leave gap of 40 commands after AIROGSTATSD32 for future */
 905
 906#define AIROPCAP                AIROGSTATSD32 + 40
 907#define AIROPVLIST              AIROPCAP      + 1
 908#define AIROPSLIST              AIROPVLIST    + 1
 909#define AIROPCFG                AIROPSLIST    + 1
 910#define AIROPSIDS               AIROPCFG      + 1
 911#define AIROPAPLIST             AIROPSIDS     + 1
 912#define AIROPMACON              AIROPAPLIST   + 1       /* Enable mac  */
 913#define AIROPMACOFF             AIROPMACON    + 1       /* Disable mac */
 914#define AIROPSTCLR              AIROPMACOFF   + 1
 915#define AIROPWEPKEY             AIROPSTCLR    + 1
 916#define AIROPWEPKEYNV           AIROPWEPKEY   + 1
 917#define AIROPLEAPPWD            AIROPWEPKEYNV + 1
 918#define AIROPLEAPUSR            AIROPLEAPPWD  + 1
 919
 920/* Flash codes */
 921
 922#define AIROFLSHRST            AIROPWEPKEYNV  + 40
 923#define AIROFLSHGCHR           AIROFLSHRST    + 1
 924#define AIROFLSHSTFL           AIROFLSHGCHR   + 1
 925#define AIROFLSHPCHR           AIROFLSHSTFL   + 1
 926#define AIROFLPUTBUF           AIROFLSHPCHR   + 1
 927#define AIRORESTART            AIROFLPUTBUF   + 1
 928
 929#define FLASHSIZE       32768
 930#define AUXMEMSIZE      (256 * 1024)
 931
 932typedef struct aironet_ioctl {
 933        unsigned short command;         // What to do
 934        unsigned short len;             // Len of data
 935        unsigned short ridnum;          // rid number
 936        unsigned char __user *data;     // d-data
 937} aironet_ioctl;
 938
 939static const char swversion[] = "2.1";
 940#endif /* CISCO_EXT */
 941
 942#define NUM_MODULES       2
 943#define MIC_MSGLEN_MAX    2400
 944#define EMMH32_MSGLEN_MAX MIC_MSGLEN_MAX
 945#define AIRO_DEF_MTU      2312
 946
 947typedef struct {
 948        u32   size;            // size
 949        u8    enabled;         // MIC enabled or not
 950        u32   rxSuccess;       // successful packets received
 951        u32   rxIncorrectMIC;  // pkts dropped due to incorrect MIC comparison
 952        u32   rxNotMICed;      // pkts dropped due to not being MIC'd
 953        u32   rxMICPlummed;    // pkts dropped due to not having a MIC plummed
 954        u32   rxWrongSequence; // pkts dropped due to sequence number violation
 955        u32   reserve[32];
 956} mic_statistics;
 957
 958typedef struct {
 959        __be32 coeff[((EMMH32_MSGLEN_MAX)+3)>>2];
 960        u64 accum;      // accumulated mic, reduced to u32 in final()
 961        int position;   // current position (byte offset) in message
 962        union {
 963                u8  d8[4];
 964                __be32 d32;
 965        } part; // saves partial message word across update() calls
 966} emmh32_context;
 967
 968typedef struct {
 969        emmh32_context seed;        // Context - the seed
 970        u32              rx;        // Received sequence number
 971        u32              tx;        // Tx sequence number
 972        u32              window;    // Start of window
 973        u8               valid;     // Flag to say if context is valid or not
 974        u8               key[16];
 975} miccntx;
 976
 977typedef struct {
 978        miccntx mCtx;           // Multicast context
 979        miccntx uCtx;           // Unicast context
 980} mic_module;
 981
 982typedef struct {
 983        unsigned int  rid: 16;
 984        unsigned int  len: 15;
 985        unsigned int  valid: 1;
 986        dma_addr_t host_addr;
 987} Rid;
 988
 989typedef struct {
 990        unsigned int  offset: 15;
 991        unsigned int  eoc: 1;
 992        unsigned int  len: 15;
 993        unsigned int  valid: 1;
 994        dma_addr_t host_addr;
 995} TxFid;
 996
 997struct rx_hdr {
 998        __le16 status, len;
 999        u8 rssi[2];
1000        u8 rate;
1001        u8 freq;
1002        __le16 tmp[4];
1003} __packed;
1004
1005typedef struct {
1006        unsigned int  ctl: 15;
1007        unsigned int  rdy: 1;
1008        unsigned int  len: 15;
1009        unsigned int  valid: 1;
1010        dma_addr_t host_addr;
1011} RxFid;
1012
1013/*
1014 * Host receive descriptor
1015 */
1016typedef struct {
1017        unsigned char __iomem *card_ram_off; /* offset into card memory of the
1018                                                desc */
1019        RxFid         rx_desc;               /* card receive descriptor */
1020        char          *virtual_host_addr;    /* virtual address of host receive
1021                                                buffer */
1022        int           pending;
1023} HostRxDesc;
1024
1025/*
1026 * Host transmit descriptor
1027 */
1028typedef struct {
1029        unsigned char __iomem *card_ram_off;         /* offset into card memory of the
1030                                                desc */
1031        TxFid         tx_desc;               /* card transmit descriptor */
1032        char          *virtual_host_addr;    /* virtual address of host receive
1033                                                buffer */
1034        int           pending;
1035} HostTxDesc;
1036
1037/*
1038 * Host RID descriptor
1039 */
1040typedef struct {
1041        unsigned char __iomem *card_ram_off;      /* offset into card memory of the
1042                                             descriptor */
1043        Rid           rid_desc;           /* card RID descriptor */
1044        char          *virtual_host_addr; /* virtual address of host receive
1045                                             buffer */
1046} HostRidDesc;
1047
1048typedef struct {
1049        u16 sw0;
1050        u16 sw1;
1051        u16 status;
1052        u16 len;
1053#define HOST_SET (1 << 0)
1054#define HOST_INT_TX (1 << 1) /* Interrupt on successful TX */
1055#define HOST_INT_TXERR (1 << 2) /* Interrupt on unseccessful TX */
1056#define HOST_LCC_PAYLOAD (1 << 4) /* LLC payload, 0 = Ethertype */
1057#define HOST_DONT_RLSE (1 << 5) /* Don't release buffer when done */
1058#define HOST_DONT_RETRY (1 << 6) /* Don't retry trasmit */
1059#define HOST_CLR_AID (1 << 7) /* clear AID failure */
1060#define HOST_RTS (1 << 9) /* Force RTS use */
1061#define HOST_SHORT (1 << 10) /* Do short preamble */
1062        u16 ctl;
1063        u16 aid;
1064        u16 retries;
1065        u16 fill;
1066} TxCtlHdr;
1067
1068typedef struct {
1069        u16 ctl;
1070        u16 duration;
1071        char addr1[6];
1072        char addr2[6];
1073        char addr3[6];
1074        u16 seq;
1075        char addr4[6];
1076} WifiHdr;
1077
1078
1079typedef struct {
1080        TxCtlHdr ctlhdr;
1081        u16 fill1;
1082        u16 fill2;
1083        WifiHdr wifihdr;
1084        u16 gaplen;
1085        u16 status;
1086} WifiCtlHdr;
1087
1088static WifiCtlHdr wifictlhdr8023 = {
1089        .ctlhdr = {
1090                .ctl    = HOST_DONT_RLSE,
1091        }
1092};
1093
1094// A few details needed for WEP (Wireless Equivalent Privacy)
1095#define MAX_KEY_SIZE 13                 // 128 (?) bits
1096#define MIN_KEY_SIZE  5                 // 40 bits RC4 - WEP
1097typedef struct wep_key_t {
1098        u16     len;
1099        u8      key[16];        /* 40-bit and 104-bit keys */
1100} wep_key_t;
1101
1102/* List of Wireless Handlers (new API) */
1103static const struct iw_handler_def      airo_handler_def;
1104
1105static const char version[] = "airo.c 0.6 (Ben Reed & Javier Achirica)";
1106
1107struct airo_info;
1108
1109static int get_dec_u16(char *buffer, int *start, int limit);
1110static void OUT4500(struct airo_info *, u16 reg, u16 value);
1111static unsigned short IN4500(struct airo_info *, u16 reg);
1112static u16 setup_card(struct airo_info*, u8 *mac, int lock);
1113static int enable_MAC(struct airo_info *ai, int lock);
1114static void disable_MAC(struct airo_info *ai, int lock);
1115static void enable_interrupts(struct airo_info*);
1116static void disable_interrupts(struct airo_info*);
1117static u16 issuecommand(struct airo_info*, Cmd *pCmd, Resp *pRsp,
1118                        bool may_sleep);
1119static int bap_setup(struct airo_info*, u16 rid, u16 offset, int whichbap);
1120static int aux_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
1121                        int whichbap);
1122static int fast_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
1123                         int whichbap);
1124static int bap_write(struct airo_info*, const __le16 *pu16Src, int bytelen,
1125                     int whichbap);
1126static int PC4500_accessrid(struct airo_info*, u16 rid, u16 accmd);
1127static int PC4500_readrid(struct airo_info*, u16 rid, void *pBuf, int len, int lock);
1128static int PC4500_writerid(struct airo_info*, u16 rid, const void
1129                           *pBuf, int len, int lock);
1130static int do_writerid(struct airo_info*, u16 rid, const void *rid_data,
1131                        int len, int dummy);
1132static u16 transmit_allocate(struct airo_info*, int lenPayload, int raw);
1133static int transmit_802_3_packet(struct airo_info*, int len, char *pPacket,
1134                                 bool may_sleep);
1135static int transmit_802_11_packet(struct airo_info*, int len, char *pPacket,
1136                                  bool may_sleep);
1137
1138static int mpi_send_packet(struct net_device *dev);
1139static void mpi_unmap_card(struct pci_dev *pci);
1140static void mpi_receive_802_3(struct airo_info *ai);
1141static void mpi_receive_802_11(struct airo_info *ai);
1142static int waitbusy(struct airo_info *ai);
1143
1144static irqreturn_t airo_interrupt(int irq, void* dev_id);
1145static int airo_thread(void *data);
1146static void timer_func(struct net_device *dev);
1147static int airo_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
1148static struct iw_statistics *airo_get_wireless_stats(struct net_device *dev);
1149#ifdef CISCO_EXT
1150static int readrids(struct net_device *dev, aironet_ioctl *comp);
1151static int writerids(struct net_device *dev, aironet_ioctl *comp);
1152static int flashcard(struct net_device *dev, aironet_ioctl *comp);
1153#endif /* CISCO_EXT */
1154static void micinit(struct airo_info *ai);
1155static int micsetup(struct airo_info *ai);
1156static int encapsulate(struct airo_info *ai, etherHead *pPacket, MICBuffer *buffer, int len);
1157static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *pPacket, u16 payLen);
1158
1159static u8 airo_rssi_to_dbm(tdsRssiEntry *rssi_rid, u8 rssi);
1160static u8 airo_dbm_to_pct(tdsRssiEntry *rssi_rid, u8 dbm);
1161
1162static void airo_networks_free(struct airo_info *ai);
1163
1164struct airo_info {
1165        struct net_device             *dev;
1166        struct list_head              dev_list;
1167        /* Note, we can have MAX_FIDS outstanding.  FIDs are 16-bits, so we
1168           use the high bit to mark whether it is in use. */
1169#define MAX_FIDS 6
1170#define MPI_MAX_FIDS 1
1171        u32                           fids[MAX_FIDS];
1172        ConfigRid config;
1173        char keyindex; // Used with auto wep
1174        char defindex; // Used with auto wep
1175        struct proc_dir_entry *proc_entry;
1176        spinlock_t aux_lock;
1177#define FLAG_RADIO_OFF  0       /* User disabling of MAC */
1178#define FLAG_RADIO_DOWN 1       /* ifup/ifdown disabling of MAC */
1179#define FLAG_RADIO_MASK 0x03
1180#define FLAG_ENABLED    2
1181#define FLAG_ADHOC      3       /* Needed by MIC */
1182#define FLAG_MIC_CAPABLE 4
1183#define FLAG_UPDATE_MULTI 5
1184#define FLAG_UPDATE_UNI 6
1185#define FLAG_802_11     7
1186#define FLAG_PROMISC    8       /* IFF_PROMISC 0x100 - include/linux/if.h */
1187#define FLAG_PENDING_XMIT 9
1188#define FLAG_PENDING_XMIT11 10
1189#define FLAG_MPI        11
1190#define FLAG_REGISTERED 12
1191#define FLAG_COMMIT     13
1192#define FLAG_RESET      14
1193#define FLAG_FLASHING   15
1194#define FLAG_WPA_CAPABLE        16
1195        unsigned long flags;
1196#define JOB_DIE 0
1197#define JOB_XMIT        1
1198#define JOB_XMIT11      2
1199#define JOB_STATS       3
1200#define JOB_PROMISC     4
1201#define JOB_MIC 5
1202#define JOB_EVENT       6
1203#define JOB_AUTOWEP     7
1204#define JOB_SCAN_RESULTS  9
1205        unsigned long jobs;
1206        int (*bap_read)(struct airo_info*, __le16 *pu16Dst, int bytelen,
1207                        int whichbap);
1208        unsigned short *flash;
1209        tdsRssiEntry *rssi;
1210        struct task_struct *list_bss_task;
1211        struct task_struct *airo_thread_task;
1212        struct semaphore sem;
1213        wait_queue_head_t thr_wait;
1214        unsigned long expires;
1215        struct {
1216                struct sk_buff *skb;
1217                int fid;
1218        } xmit, xmit11;
1219        struct net_device *wifidev;
1220        struct iw_statistics    wstats;         // wireless stats
1221        unsigned long           scan_timeout;   /* Time scan should be read */
1222        struct iw_spy_data      spy_data;
1223        struct iw_public_data   wireless_data;
1224        /* MIC stuff */
1225        struct crypto_sync_skcipher     *tfm;
1226        mic_module              mod[2];
1227        mic_statistics          micstats;
1228        HostRxDesc rxfids[MPI_MAX_FIDS]; // rx/tx/config MPI350 descriptors
1229        HostTxDesc txfids[MPI_MAX_FIDS];
1230        HostRidDesc config_desc;
1231        unsigned long ridbus; // phys addr of config_desc
1232        struct sk_buff_head txq;// tx queue used by mpi350 code
1233        struct pci_dev          *pci;
1234        unsigned char           __iomem *pcimem;
1235        unsigned char           __iomem *pciaux;
1236        unsigned char           *shared;
1237        dma_addr_t              shared_dma;
1238        pm_message_t            power;
1239        SsidRid                 *SSID;
1240        APListRid               APList;
1241#define PCI_SHARED_LEN          2*MPI_MAX_FIDS*PKTSIZE+RIDSIZE
1242        char                    proc_name[IFNAMSIZ];
1243
1244        int                     wep_capable;
1245        int                     max_wep_idx;
1246        int                     last_auth;
1247
1248        /* WPA-related stuff */
1249        unsigned int bssListFirst;
1250        unsigned int bssListNext;
1251        unsigned int bssListRidLen;
1252
1253        struct list_head network_list;
1254        struct list_head network_free_list;
1255        BSSListElement *networks;
1256};
1257
1258static inline int bap_read(struct airo_info *ai, __le16 *pu16Dst, int bytelen,
1259                           int whichbap)
1260{
1261        return ai->bap_read(ai, pu16Dst, bytelen, whichbap);
1262}
1263
1264static int setup_proc_entry(struct net_device *dev,
1265                             struct airo_info *apriv);
1266static int takedown_proc_entry(struct net_device *dev,
1267                                struct airo_info *apriv);
1268
1269static int cmdreset(struct airo_info *ai);
1270static int setflashmode(struct airo_info *ai);
1271static int flashgchar(struct airo_info *ai, int matchbyte, int dwelltime);
1272static int flashputbuf(struct airo_info *ai);
1273static int flashrestart(struct airo_info *ai, struct net_device *dev);
1274
1275#define airo_print(type, name, fmt, args...) \
1276        printk(type DRV_NAME "(%s): " fmt "\n", name, ##args)
1277
1278#define airo_print_info(name, fmt, args...) \
1279        airo_print(KERN_INFO, name, fmt, ##args)
1280
1281#define airo_print_dbg(name, fmt, args...) \
1282        airo_print(KERN_DEBUG, name, fmt, ##args)
1283
1284#define airo_print_warn(name, fmt, args...) \
1285        airo_print(KERN_WARNING, name, fmt, ##args)
1286
1287#define airo_print_err(name, fmt, args...) \
1288        airo_print(KERN_ERR, name, fmt, ##args)
1289
1290#define AIRO_FLASH(dev) (((struct airo_info *)dev->ml_priv)->flash)
1291
1292/***********************************************************************
1293 *                              MIC ROUTINES                           *
1294 ***********************************************************************
1295 */
1296
1297static int RxSeqValid(struct airo_info *ai, miccntx *context, int mcast, u32 micSeq);
1298static void MoveWindow(miccntx *context, u32 micSeq);
1299static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
1300                           struct crypto_sync_skcipher *tfm);
1301static void emmh32_init(emmh32_context *context);
1302static void emmh32_update(emmh32_context *context, u8 *pOctets, int len);
1303static void emmh32_final(emmh32_context *context, u8 digest[4]);
1304static int flashpchar(struct airo_info *ai, int byte, int dwelltime);
1305
1306static void age_mic_context(miccntx *cur, miccntx *old, u8 *key, int key_len,
1307                            struct crypto_sync_skcipher *tfm)
1308{
1309        /* If the current MIC context is valid and its key is the same as
1310         * the MIC register, there's nothing to do.
1311         */
1312        if (cur->valid && (memcmp(cur->key, key, key_len) == 0))
1313                return;
1314
1315        /* Age current mic Context */
1316        memcpy(old, cur, sizeof(*cur));
1317
1318        /* Initialize new context */
1319        memcpy(cur->key, key, key_len);
1320        cur->window  = 33; /* Window always points to the middle */
1321        cur->rx      = 0;  /* Rx Sequence numbers */
1322        cur->tx      = 0;  /* Tx sequence numbers */
1323        cur->valid   = 1;  /* Key is now valid */
1324
1325        /* Give key to mic seed */
1326        emmh32_setseed(&cur->seed, key, key_len, tfm);
1327}
1328
1329/* micinit - Initialize mic seed */
1330
1331static void micinit(struct airo_info *ai)
1332{
1333        MICRid mic_rid;
1334
1335        clear_bit(JOB_MIC, &ai->jobs);
1336        PC4500_readrid(ai, RID_MIC, &mic_rid, sizeof(mic_rid), 0);
1337        up(&ai->sem);
1338
1339        ai->micstats.enabled = (le16_to_cpu(mic_rid.state) & 0x00FF) ? 1 : 0;
1340        if (!ai->micstats.enabled) {
1341                /* So next time we have a valid key and mic is enabled, we will
1342                 * update the sequence number if the key is the same as before.
1343                 */
1344                ai->mod[0].uCtx.valid = 0;
1345                ai->mod[0].mCtx.valid = 0;
1346                return;
1347        }
1348
1349        if (mic_rid.multicastValid) {
1350                age_mic_context(&ai->mod[0].mCtx, &ai->mod[1].mCtx,
1351                                mic_rid.multicast, sizeof(mic_rid.multicast),
1352                                ai->tfm);
1353        }
1354
1355        if (mic_rid.unicastValid) {
1356                age_mic_context(&ai->mod[0].uCtx, &ai->mod[1].uCtx,
1357                                mic_rid.unicast, sizeof(mic_rid.unicast),
1358                                ai->tfm);
1359        }
1360}
1361
1362/* micsetup - Get ready for business */
1363
1364static int micsetup(struct airo_info *ai)
1365{
1366        int i;
1367
1368        if (ai->tfm == NULL)
1369                ai->tfm = crypto_alloc_sync_skcipher("ctr(aes)", 0, 0);
1370
1371        if (IS_ERR(ai->tfm)) {
1372                airo_print_err(ai->dev->name, "failed to load transform for AES");
1373                ai->tfm = NULL;
1374                return ERROR;
1375        }
1376
1377        for (i = 0; i < NUM_MODULES; i++) {
1378                memset(&ai->mod[i].mCtx, 0, sizeof(miccntx));
1379                memset(&ai->mod[i].uCtx, 0, sizeof(miccntx));
1380        }
1381        return SUCCESS;
1382}
1383
1384static const u8 micsnap[] = {0xAA, 0xAA, 0x03, 0x00, 0x40, 0x96, 0x00, 0x02};
1385
1386/*===========================================================================
1387 * Description: Mic a packet
1388 *
1389 *      Inputs: etherHead * pointer to an 802.3 frame
1390 *
1391 *     Returns: BOOLEAN if successful, otherwise false.
1392 *             PacketTxLen will be updated with the mic'd packets size.
1393 *
1394 *    Caveats: It is assumed that the frame buffer will already
1395 *             be big enough to hold the largets mic message possible.
1396 *            (No memory allocation is done here).
1397 *
1398 *    Author: sbraneky (10/15/01)
1399 *    Merciless hacks by rwilcher (1/14/02)
1400 */
1401
1402static int encapsulate(struct airo_info *ai, etherHead *frame, MICBuffer *mic, int payLen)
1403{
1404        miccntx   *context;
1405
1406        // Determine correct context
1407        // If not adhoc, always use unicast key
1408
1409        if (test_bit(FLAG_ADHOC, &ai->flags) && (frame->da[0] & 0x1))
1410                context = &ai->mod[0].mCtx;
1411        else
1412                context = &ai->mod[0].uCtx;
1413
1414        if (!context->valid)
1415                return ERROR;
1416
1417        mic->typelen = htons(payLen + 16); //Length of Mic'd packet
1418
1419        memcpy(&mic->u.snap, micsnap, sizeof(micsnap)); // Add Snap
1420
1421        // Add Tx sequence
1422        mic->seq = htonl(context->tx);
1423        context->tx += 2;
1424
1425        emmh32_init(&context->seed); // Mic the packet
1426        emmh32_update(&context->seed, frame->da, ETH_ALEN * 2); // DA, SA
1427        emmh32_update(&context->seed, (u8*)&mic->typelen, 10); // Type/Length and Snap
1428        emmh32_update(&context->seed, (u8*)&mic->seq, sizeof(mic->seq)); //SEQ
1429        emmh32_update(&context->seed, (u8*)(frame + 1), payLen); //payload
1430        emmh32_final(&context->seed, (u8*)&mic->mic);
1431
1432        /*    New Type/length ?????????? */
1433        mic->typelen = 0; //Let NIC know it could be an oversized packet
1434        return SUCCESS;
1435}
1436
1437typedef enum {
1438    NONE,
1439    NOMIC,
1440    NOMICPLUMMED,
1441    SEQUENCE,
1442    INCORRECTMIC,
1443} mic_error;
1444
1445/*===========================================================================
1446 *  Description: Decapsulates a MIC'd packet and returns the 802.3 packet
1447 *               (removes the MIC stuff) if packet is a valid packet.
1448 *
1449 *       Inputs: etherHead  pointer to the 802.3 packet
1450 *
1451 *      Returns: BOOLEAN - TRUE if packet should be dropped otherwise FALSE
1452 *
1453 *      Author: sbraneky (10/15/01)
1454 *    Merciless hacks by rwilcher (1/14/02)
1455 *---------------------------------------------------------------------------
1456 */
1457
1458static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *eth, u16 payLen)
1459{
1460        int      i;
1461        u32      micSEQ;
1462        miccntx  *context;
1463        u8       digest[4];
1464        mic_error micError = NONE;
1465
1466        // Check if the packet is a Mic'd packet
1467
1468        if (!ai->micstats.enabled) {
1469                //No Mic set or Mic OFF but we received a MIC'd packet.
1470                if (memcmp ((u8*)eth + 14, micsnap, sizeof(micsnap)) == 0) {
1471                        ai->micstats.rxMICPlummed++;
1472                        return ERROR;
1473                }
1474                return SUCCESS;
1475        }
1476
1477        if (ntohs(mic->typelen) == 0x888E)
1478                return SUCCESS;
1479
1480        if (memcmp (mic->u.snap, micsnap, sizeof(micsnap)) != 0) {
1481            // Mic enabled but packet isn't Mic'd
1482                ai->micstats.rxMICPlummed++;
1483                return ERROR;
1484        }
1485
1486        micSEQ = ntohl(mic->seq);            //store SEQ as CPU order
1487
1488        //At this point we a have a mic'd packet and mic is enabled
1489        //Now do the mic error checking.
1490
1491        //Receive seq must be odd
1492        if ((micSEQ & 1) == 0) {
1493                ai->micstats.rxWrongSequence++;
1494                return ERROR;
1495        }
1496
1497        for (i = 0; i < NUM_MODULES; i++) {
1498                int mcast = eth->da[0] & 1;
1499                //Determine proper context
1500                context = mcast ? &ai->mod[i].mCtx : &ai->mod[i].uCtx;
1501
1502                //Make sure context is valid
1503                if (!context->valid) {
1504                        if (i == 0)
1505                                micError = NOMICPLUMMED;
1506                        continue;
1507                }
1508                //DeMic it
1509
1510                if (!mic->typelen)
1511                        mic->typelen = htons(payLen + sizeof(MICBuffer) - 2);
1512
1513                emmh32_init(&context->seed);
1514                emmh32_update(&context->seed, eth->da, ETH_ALEN*2);
1515                emmh32_update(&context->seed, (u8 *)&mic->typelen, sizeof(mic->typelen)+sizeof(mic->u.snap));
1516                emmh32_update(&context->seed, (u8 *)&mic->seq, sizeof(mic->seq));
1517                emmh32_update(&context->seed, (u8 *)(eth + 1), payLen);
1518                //Calculate MIC
1519                emmh32_final(&context->seed, digest);
1520
1521                if (memcmp(digest, &mic->mic, 4)) { //Make sure the mics match
1522                  //Invalid Mic
1523                        if (i == 0)
1524                                micError = INCORRECTMIC;
1525                        continue;
1526                }
1527
1528                //Check Sequence number if mics pass
1529                if (RxSeqValid(ai, context, mcast, micSEQ) == SUCCESS) {
1530                        ai->micstats.rxSuccess++;
1531                        return SUCCESS;
1532                }
1533                if (i == 0)
1534                        micError = SEQUENCE;
1535        }
1536
1537        // Update statistics
1538        switch (micError) {
1539                case NOMICPLUMMED: ai->micstats.rxMICPlummed++;   break;
1540                case SEQUENCE:    ai->micstats.rxWrongSequence++; break;
1541                case INCORRECTMIC: ai->micstats.rxIncorrectMIC++; break;
1542                case NONE:  break;
1543                case NOMIC: break;
1544        }
1545        return ERROR;
1546}
1547
1548/*===========================================================================
1549 * Description:  Checks the Rx Seq number to make sure it is valid
1550 *               and hasn't already been received
1551 *
1552 *     Inputs: miccntx - mic context to check seq against
1553 *             micSeq  - the Mic seq number
1554 *
1555 *    Returns: TRUE if valid otherwise FALSE.
1556 *
1557 *    Author: sbraneky (10/15/01)
1558 *    Merciless hacks by rwilcher (1/14/02)
1559 *---------------------------------------------------------------------------
1560 */
1561
1562static int RxSeqValid(struct airo_info *ai, miccntx *context, int mcast, u32 micSeq)
1563{
1564        u32 seq, index;
1565
1566        //Allow for the ap being rebooted - if it is then use the next
1567        //sequence number of the current sequence number - might go backwards
1568
1569        if (mcast) {
1570                if (test_bit(FLAG_UPDATE_MULTI, &ai->flags)) {
1571                        clear_bit (FLAG_UPDATE_MULTI, &ai->flags);
1572                        context->window = (micSeq > 33) ? micSeq : 33;
1573                        context->rx     = 0;        // Reset rx
1574                }
1575        } else if (test_bit(FLAG_UPDATE_UNI, &ai->flags)) {
1576                clear_bit (FLAG_UPDATE_UNI, &ai->flags);
1577                context->window = (micSeq > 33) ? micSeq : 33; // Move window
1578                context->rx     = 0;        // Reset rx
1579        }
1580
1581        //Make sequence number relative to START of window
1582        seq = micSeq - (context->window - 33);
1583
1584        //Too old of a SEQ number to check.
1585        if ((s32)seq < 0)
1586                return ERROR;
1587
1588        if (seq > 64) {
1589                //Window is infinite forward
1590                MoveWindow(context, micSeq);
1591                return SUCCESS;
1592        }
1593
1594        // We are in the window. Now check the context rx bit to see if it was already sent
1595        seq >>= 1;         //divide by 2 because we only have odd numbers
1596        index = 1 << seq;  //Get an index number
1597
1598        if (!(context->rx & index)) {
1599                //micSEQ falls inside the window.
1600                //Add seqence number to the list of received numbers.
1601                context->rx |= index;
1602
1603                MoveWindow(context, micSeq);
1604
1605                return SUCCESS;
1606        }
1607        return ERROR;
1608}
1609
1610static void MoveWindow(miccntx *context, u32 micSeq)
1611{
1612        u32 shift;
1613
1614        //Move window if seq greater than the middle of the window
1615        if (micSeq > context->window) {
1616                shift = (micSeq - context->window) >> 1;
1617
1618                    //Shift out old
1619                if (shift < 32)
1620                        context->rx >>= shift;
1621                else
1622                        context->rx = 0;
1623
1624                context->window = micSeq;      //Move window
1625        }
1626}
1627
1628/*==============================================*/
1629/*========== EMMH ROUTINES  ====================*/
1630/*==============================================*/
1631
1632/* mic accumulate */
1633#define MIC_ACCUM(val)  \
1634        context->accum += (u64)(val) * be32_to_cpu(context->coeff[coeff_position++]);
1635
1636/* expand the key to fill the MMH coefficient array */
1637static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
1638                           struct crypto_sync_skcipher *tfm)
1639{
1640  /* take the keying material, expand if necessary, truncate at 16-bytes */
1641  /* run through AES counter mode to generate context->coeff[] */
1642
1643        SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
1644        struct scatterlist sg;
1645        u8 iv[AES_BLOCK_SIZE] = {};
1646        int ret;
1647
1648        crypto_sync_skcipher_setkey(tfm, pkey, 16);
1649
1650        memset(context->coeff, 0, sizeof(context->coeff));
1651        sg_init_one(&sg, context->coeff, sizeof(context->coeff));
1652
1653        skcipher_request_set_sync_tfm(req, tfm);
1654        skcipher_request_set_callback(req, 0, NULL, NULL);
1655        skcipher_request_set_crypt(req, &sg, &sg, sizeof(context->coeff), iv);
1656
1657        ret = crypto_skcipher_encrypt(req);
1658        WARN_ON_ONCE(ret);
1659}
1660
1661/* prepare for calculation of a new mic */
1662static void emmh32_init(emmh32_context *context)
1663{
1664        /* prepare for new mic calculation */
1665        context->accum = 0;
1666        context->position = 0;
1667}
1668
1669/* add some bytes to the mic calculation */
1670static void emmh32_update(emmh32_context *context, u8 *pOctets, int len)
1671{
1672        int     coeff_position, byte_position;
1673
1674        if (len == 0) return;
1675
1676        coeff_position = context->position >> 2;
1677
1678        /* deal with partial 32-bit word left over from last update */
1679        byte_position = context->position & 3;
1680        if (byte_position) {
1681                /* have a partial word in part to deal with */
1682                do {
1683                        if (len == 0) return;
1684                        context->part.d8[byte_position++] = *pOctets++;
1685                        context->position++;
1686                        len--;
1687                } while (byte_position < 4);
1688                MIC_ACCUM(ntohl(context->part.d32));
1689        }
1690
1691        /* deal with full 32-bit words */
1692        while (len >= 4) {
1693                MIC_ACCUM(ntohl(*(__be32 *)pOctets));
1694                context->position += 4;
1695                pOctets += 4;
1696                len -= 4;
1697        }
1698
1699        /* deal with partial 32-bit word that will be left over from this update */
1700        byte_position = 0;
1701        while (len > 0) {
1702                context->part.d8[byte_position++] = *pOctets++;
1703                context->position++;
1704                len--;
1705        }
1706}
1707
1708/* mask used to zero empty bytes for final partial word */
1709static u32 mask32[4] = { 0x00000000L, 0xFF000000L, 0xFFFF0000L, 0xFFFFFF00L };
1710
1711/* calculate the mic */
1712static void emmh32_final(emmh32_context *context, u8 digest[4])
1713{
1714        int     coeff_position, byte_position;
1715        u32     val;
1716
1717        u64 sum, utmp;
1718        s64 stmp;
1719
1720        coeff_position = context->position >> 2;
1721
1722        /* deal with partial 32-bit word left over from last update */
1723        byte_position = context->position & 3;
1724        if (byte_position) {
1725                /* have a partial word in part to deal with */
1726                val = ntohl(context->part.d32);
1727                MIC_ACCUM(val & mask32[byte_position]); /* zero empty bytes */
1728        }
1729
1730        /* reduce the accumulated u64 to a 32-bit MIC */
1731        sum = context->accum;
1732        stmp = (sum  & 0xffffffffLL) - ((sum >> 32)  * 15);
1733        utmp = (stmp & 0xffffffffLL) - ((stmp >> 32) * 15);
1734        sum = utmp & 0xffffffffLL;
1735        if (utmp > 0x10000000fLL)
1736                sum -= 15;
1737
1738        val = (u32)sum;
1739        digest[0] = (val>>24) & 0xFF;
1740        digest[1] = (val>>16) & 0xFF;
1741        digest[2] = (val>>8) & 0xFF;
1742        digest[3] = val & 0xFF;
1743}
1744
1745static int readBSSListRid(struct airo_info *ai, int first,
1746                      BSSListRid *list)
1747{
1748        Cmd cmd;
1749        Resp rsp;
1750
1751        if (first == 1) {
1752                if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
1753                memset(&cmd, 0, sizeof(cmd));
1754                cmd.cmd = CMD_LISTBSS;
1755                if (down_interruptible(&ai->sem))
1756                        return -ERESTARTSYS;
1757                ai->list_bss_task = current;
1758                issuecommand(ai, &cmd, &rsp, true);
1759                up(&ai->sem);
1760                /* Let the command take effect */
1761                schedule_timeout_uninterruptible(3 * HZ);
1762                ai->list_bss_task = NULL;
1763        }
1764        return PC4500_readrid(ai, first ? ai->bssListFirst : ai->bssListNext,
1765                            list, ai->bssListRidLen, 1);
1766}
1767
1768static int readWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int temp, int lock)
1769{
1770        return PC4500_readrid(ai, temp ? RID_WEP_TEMP : RID_WEP_PERM,
1771                                wkr, sizeof(*wkr), lock);
1772}
1773
1774static int writeWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int perm, int lock)
1775{
1776        int rc;
1777        rc = PC4500_writerid(ai, RID_WEP_TEMP, wkr, sizeof(*wkr), lock);
1778        if (rc!=SUCCESS)
1779                airo_print_err(ai->dev->name, "WEP_TEMP set %x", rc);
1780        if (perm) {
1781                rc = PC4500_writerid(ai, RID_WEP_PERM, wkr, sizeof(*wkr), lock);
1782                if (rc!=SUCCESS)
1783                        airo_print_err(ai->dev->name, "WEP_PERM set %x", rc);
1784        }
1785        return rc;
1786}
1787
1788static int readSsidRid(struct airo_info*ai, SsidRid *ssidr)
1789{
1790        return PC4500_readrid(ai, RID_SSID, ssidr, sizeof(*ssidr), 1);
1791}
1792
1793static int writeSsidRid(struct airo_info*ai, SsidRid *pssidr, int lock)
1794{
1795        return PC4500_writerid(ai, RID_SSID, pssidr, sizeof(*pssidr), lock);
1796}
1797
1798static int readConfigRid(struct airo_info *ai, int lock)
1799{
1800        int rc;
1801        ConfigRid cfg;
1802
1803        if (ai->config.len)
1804                return SUCCESS;
1805
1806        rc = PC4500_readrid(ai, RID_ACTUALCONFIG, &cfg, sizeof(cfg), lock);
1807        if (rc != SUCCESS)
1808                return rc;
1809
1810        ai->config = cfg;
1811        return SUCCESS;
1812}
1813
1814static inline void checkThrottle(struct airo_info *ai)
1815{
1816        int i;
1817/* Old hardware had a limit on encryption speed */
1818        if (ai->config.authType != AUTH_OPEN && maxencrypt) {
1819                for (i = 0; i<8; i++) {
1820                        if (ai->config.rates[i] > maxencrypt) {
1821                                ai->config.rates[i] = 0;
1822                        }
1823                }
1824        }
1825}
1826
1827static int writeConfigRid(struct airo_info *ai, int lock)
1828{
1829        ConfigRid cfgr;
1830
1831        if (!test_bit (FLAG_COMMIT, &ai->flags))
1832                return SUCCESS;
1833
1834        clear_bit (FLAG_COMMIT, &ai->flags);
1835        clear_bit (FLAG_RESET, &ai->flags);
1836        checkThrottle(ai);
1837        cfgr = ai->config;
1838
1839        if ((cfgr.opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
1840                set_bit(FLAG_ADHOC, &ai->flags);
1841        else
1842                clear_bit(FLAG_ADHOC, &ai->flags);
1843
1844        return PC4500_writerid(ai, RID_CONFIG, &cfgr, sizeof(cfgr), lock);
1845}
1846
1847static int readStatusRid(struct airo_info *ai, StatusRid *statr, int lock)
1848{
1849        return PC4500_readrid(ai, RID_STATUS, statr, sizeof(*statr), lock);
1850}
1851
1852static int writeAPListRid(struct airo_info *ai, APListRid *aplr, int lock)
1853{
1854        return PC4500_writerid(ai, RID_APLIST, aplr, sizeof(*aplr), lock);
1855}
1856
1857static int readCapabilityRid(struct airo_info *ai, CapabilityRid *capr, int lock)
1858{
1859        return PC4500_readrid(ai, RID_CAPABILITIES, capr, sizeof(*capr), lock);
1860}
1861
1862static int readStatsRid(struct airo_info*ai, StatsRid *sr, int rid, int lock)
1863{
1864        return PC4500_readrid(ai, rid, sr, sizeof(*sr), lock);
1865}
1866
1867static void try_auto_wep(struct airo_info *ai)
1868{
1869        if (auto_wep && !test_bit(FLAG_RADIO_DOWN, &ai->flags)) {
1870                ai->expires = RUN_AT(3*HZ);
1871                wake_up_interruptible(&ai->thr_wait);
1872        }
1873}
1874
1875static int airo_open(struct net_device *dev)
1876{
1877        struct airo_info *ai = dev->ml_priv;
1878        int rc = 0;
1879
1880        if (test_bit(FLAG_FLASHING, &ai->flags))
1881                return -EIO;
1882
1883        /* Make sure the card is configured.
1884         * Wireless Extensions may postpone config changes until the card
1885         * is open (to pipeline changes and speed-up card setup). If
1886         * those changes are not yet committed, do it now - Jean II */
1887        if (test_bit(FLAG_COMMIT, &ai->flags)) {
1888                disable_MAC(ai, 1);
1889                writeConfigRid(ai, 1);
1890        }
1891
1892        if (ai->wifidev != dev) {
1893                clear_bit(JOB_DIE, &ai->jobs);
1894                ai->airo_thread_task = kthread_run(airo_thread, dev, "%s",
1895                                                   dev->name);
1896                if (IS_ERR(ai->airo_thread_task))
1897                        return (int)PTR_ERR(ai->airo_thread_task);
1898
1899                rc = request_irq(dev->irq, airo_interrupt, IRQF_SHARED,
1900                        dev->name, dev);
1901                if (rc) {
1902                        airo_print_err(dev->name,
1903                                "register interrupt %d failed, rc %d",
1904                                dev->irq, rc);
1905                        set_bit(JOB_DIE, &ai->jobs);
1906                        kthread_stop(ai->airo_thread_task);
1907                        return rc;
1908                }
1909
1910                /* Power on the MAC controller (which may have been disabled) */
1911                clear_bit(FLAG_RADIO_DOWN, &ai->flags);
1912                enable_interrupts(ai);
1913
1914                try_auto_wep(ai);
1915        }
1916        enable_MAC(ai, 1);
1917
1918        netif_start_queue(dev);
1919        return 0;
1920}
1921
1922static netdev_tx_t mpi_start_xmit(struct sk_buff *skb,
1923                                        struct net_device *dev)
1924{
1925        int npacks, pending;
1926        unsigned long flags;
1927        struct airo_info *ai = dev->ml_priv;
1928
1929        if (!skb) {
1930                airo_print_err(dev->name, "%s: skb == NULL!",__func__);
1931                return NETDEV_TX_OK;
1932        }
1933        if (skb_padto(skb, ETH_ZLEN)) {
1934                dev->stats.tx_dropped++;
1935                return NETDEV_TX_OK;
1936        }
1937        npacks = skb_queue_len (&ai->txq);
1938
1939        if (npacks >= MAXTXQ - 1) {
1940                netif_stop_queue (dev);
1941                if (npacks > MAXTXQ) {
1942                        dev->stats.tx_fifo_errors++;
1943                        return NETDEV_TX_BUSY;
1944                }
1945                skb_queue_tail (&ai->txq, skb);
1946                return NETDEV_TX_OK;
1947        }
1948
1949        spin_lock_irqsave(&ai->aux_lock, flags);
1950        skb_queue_tail (&ai->txq, skb);
1951        pending = test_bit(FLAG_PENDING_XMIT, &ai->flags);
1952        spin_unlock_irqrestore(&ai->aux_lock, flags);
1953        netif_wake_queue (dev);
1954
1955        if (pending == 0) {
1956                set_bit(FLAG_PENDING_XMIT, &ai->flags);
1957                mpi_send_packet (dev);
1958        }
1959        return NETDEV_TX_OK;
1960}
1961
1962/*
1963 * @mpi_send_packet
1964 *
1965 * Attempt to transmit a packet. Can be called from interrupt
1966 * or transmit . return number of packets we tried to send
1967 */
1968
1969static int mpi_send_packet (struct net_device *dev)
1970{
1971        struct sk_buff *skb;
1972        unsigned char *buffer;
1973        s16 len;
1974        __le16 *payloadLen;
1975        struct airo_info *ai = dev->ml_priv;
1976        u8 *sendbuf;
1977
1978        /* get a packet to send */
1979
1980        if ((skb = skb_dequeue(&ai->txq)) == NULL) {
1981                airo_print_err(dev->name,
1982                        "%s: Dequeue'd zero in send_packet()",
1983                        __func__);
1984                return 0;
1985        }
1986
1987        /* check min length*/
1988        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
1989        buffer = skb->data;
1990
1991        ai->txfids[0].tx_desc.offset = 0;
1992        ai->txfids[0].tx_desc.valid = 1;
1993        ai->txfids[0].tx_desc.eoc = 1;
1994        ai->txfids[0].tx_desc.len =len+sizeof(WifiHdr);
1995
1996/*
1997 * Magic, the cards firmware needs a length count (2 bytes) in the host buffer
1998 * right after  TXFID_HDR.The TXFID_HDR contains the status short so payloadlen
1999 * is immediately after it. ------------------------------------------------
2000 *                         |TXFIDHDR+STATUS|PAYLOADLEN|802.3HDR|PACKETDATA|
2001 *                         ------------------------------------------------
2002 */
2003
2004        memcpy(ai->txfids[0].virtual_host_addr,
2005                (char *)&wifictlhdr8023, sizeof(wifictlhdr8023));
2006
2007        payloadLen = (__le16 *)(ai->txfids[0].virtual_host_addr +
2008                sizeof(wifictlhdr8023));
2009        sendbuf = ai->txfids[0].virtual_host_addr +
2010                sizeof(wifictlhdr8023) + 2 ;
2011
2012        /*
2013         * Firmware automatically puts 802 header on so
2014         * we don't need to account for it in the length
2015         */
2016        if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
2017                (ntohs(((__be16 *)buffer)[6]) != 0x888E)) {
2018                MICBuffer pMic;
2019
2020                if (encapsulate(ai, (etherHead *)buffer, &pMic, len - sizeof(etherHead)) != SUCCESS)
2021                        return ERROR;
2022
2023                *payloadLen = cpu_to_le16(len-sizeof(etherHead)+sizeof(pMic));
2024                ai->txfids[0].tx_desc.len += sizeof(pMic);
2025                /* copy data into airo dma buffer */
2026                memcpy (sendbuf, buffer, sizeof(etherHead));
2027                buffer += sizeof(etherHead);
2028                sendbuf += sizeof(etherHead);
2029                memcpy (sendbuf, &pMic, sizeof(pMic));
2030                sendbuf += sizeof(pMic);
2031                memcpy (sendbuf, buffer, len - sizeof(etherHead));
2032        } else {
2033                *payloadLen = cpu_to_le16(len - sizeof(etherHead));
2034
2035                netif_trans_update(dev);
2036
2037                /* copy data into airo dma buffer */
2038                memcpy(sendbuf, buffer, len);
2039        }
2040
2041        memcpy_toio(ai->txfids[0].card_ram_off,
2042                &ai->txfids[0].tx_desc, sizeof(TxFid));
2043
2044        OUT4500(ai, EVACK, 8);
2045
2046        dev_kfree_skb_any(skb);
2047        return 1;
2048}
2049
2050static void get_tx_error(struct airo_info *ai, s32 fid)
2051{
2052        __le16 status;
2053
2054        if (fid < 0)
2055                status = ((WifiCtlHdr *)ai->txfids[0].virtual_host_addr)->ctlhdr.status;
2056        else {
2057                if (bap_setup(ai, ai->fids[fid] & 0xffff, 4, BAP0) != SUCCESS)
2058                        return;
2059                bap_read(ai, &status, 2, BAP0);
2060        }
2061        if (le16_to_cpu(status) & 2) /* Too many retries */
2062                ai->dev->stats.tx_aborted_errors++;
2063        if (le16_to_cpu(status) & 4) /* Transmit lifetime exceeded */
2064                ai->dev->stats.tx_heartbeat_errors++;
2065        if (le16_to_cpu(status) & 8) /* Aid fail */
2066                { }
2067        if (le16_to_cpu(status) & 0x10) /* MAC disabled */
2068                ai->dev->stats.tx_carrier_errors++;
2069        if (le16_to_cpu(status) & 0x20) /* Association lost */
2070                { }
2071        /* We produce a TXDROP event only for retry or lifetime
2072         * exceeded, because that's the only status that really mean
2073         * that this particular node went away.
2074         * Other errors means that *we* screwed up. - Jean II */
2075        if ((le16_to_cpu(status) & 2) ||
2076             (le16_to_cpu(status) & 4)) {
2077                union iwreq_data        wrqu;
2078                char junk[0x18];
2079
2080                /* Faster to skip over useless data than to do
2081                 * another bap_setup(). We are at offset 0x6 and
2082                 * need to go to 0x18 and read 6 bytes - Jean II */
2083                bap_read(ai, (__le16 *) junk, 0x18, BAP0);
2084
2085                /* Copy 802.11 dest address.
2086                 * We use the 802.11 header because the frame may
2087                 * not be 802.3 or may be mangled...
2088                 * In Ad-Hoc mode, it will be the node address.
2089                 * In managed mode, it will be most likely the AP addr
2090                 * User space will figure out how to convert it to
2091                 * whatever it needs (IP address or else).
2092                 * - Jean II */
2093                memcpy(wrqu.addr.sa_data, junk + 0x12, ETH_ALEN);
2094                wrqu.addr.sa_family = ARPHRD_ETHER;
2095
2096                /* Send event to user space */
2097                wireless_send_event(ai->dev, IWEVTXDROP, &wrqu, NULL);
2098        }
2099}
2100
2101static void airo_end_xmit(struct net_device *dev, bool may_sleep)
2102{
2103        u16 status;
2104        int i;
2105        struct airo_info *priv = dev->ml_priv;
2106        struct sk_buff *skb = priv->xmit.skb;
2107        int fid = priv->xmit.fid;
2108        u32 *fids = priv->fids;
2109
2110        clear_bit(JOB_XMIT, &priv->jobs);
2111        clear_bit(FLAG_PENDING_XMIT, &priv->flags);
2112        status = transmit_802_3_packet(priv, fids[fid], skb->data, may_sleep);
2113        up(&priv->sem);
2114
2115        i = 0;
2116        if (status == SUCCESS) {
2117                netif_trans_update(dev);
2118                for (; i < MAX_FIDS / 2 && (priv->fids[i] & 0xffff0000); i++);
2119        } else {
2120                priv->fids[fid] &= 0xffff;
2121                dev->stats.tx_window_errors++;
2122        }
2123        if (i < MAX_FIDS / 2)
2124                netif_wake_queue(dev);
2125        dev_kfree_skb(skb);
2126}
2127
2128static netdev_tx_t airo_start_xmit(struct sk_buff *skb,
2129                                         struct net_device *dev)
2130{
2131        s16 len;
2132        int i, j;
2133        struct airo_info *priv = dev->ml_priv;
2134        u32 *fids = priv->fids;
2135
2136        if (skb == NULL) {
2137                airo_print_err(dev->name, "%s: skb == NULL!", __func__);
2138                return NETDEV_TX_OK;
2139        }
2140        if (skb_padto(skb, ETH_ZLEN)) {
2141                dev->stats.tx_dropped++;
2142                return NETDEV_TX_OK;
2143        }
2144
2145        /* Find a vacant FID */
2146        for (i = 0; i < MAX_FIDS / 2 && (fids[i] & 0xffff0000); i++);
2147        for (j = i + 1; j < MAX_FIDS / 2 && (fids[j] & 0xffff0000); j++);
2148
2149        if (j >= MAX_FIDS / 2) {
2150                netif_stop_queue(dev);
2151
2152                if (i == MAX_FIDS / 2) {
2153                        dev->stats.tx_fifo_errors++;
2154                        return NETDEV_TX_BUSY;
2155                }
2156        }
2157        /* check min length*/
2158        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
2159        /* Mark fid as used & save length for later */
2160        fids[i] |= (len << 16);
2161        priv->xmit.skb = skb;
2162        priv->xmit.fid = i;
2163        if (down_trylock(&priv->sem) != 0) {
2164                set_bit(FLAG_PENDING_XMIT, &priv->flags);
2165                netif_stop_queue(dev);
2166                set_bit(JOB_XMIT, &priv->jobs);
2167                wake_up_interruptible(&priv->thr_wait);
2168        } else
2169                airo_end_xmit(dev, false);
2170        return NETDEV_TX_OK;
2171}
2172
2173static void airo_end_xmit11(struct net_device *dev, bool may_sleep)
2174{
2175        u16 status;
2176        int i;
2177        struct airo_info *priv = dev->ml_priv;
2178        struct sk_buff *skb = priv->xmit11.skb;
2179        int fid = priv->xmit11.fid;
2180        u32 *fids = priv->fids;
2181
2182        clear_bit(JOB_XMIT11, &priv->jobs);
2183        clear_bit(FLAG_PENDING_XMIT11, &priv->flags);
2184        status = transmit_802_11_packet(priv, fids[fid], skb->data, may_sleep);
2185        up(&priv->sem);
2186
2187        i = MAX_FIDS / 2;
2188        if (status == SUCCESS) {
2189                netif_trans_update(dev);
2190                for (; i < MAX_FIDS && (priv->fids[i] & 0xffff0000); i++);
2191        } else {
2192                priv->fids[fid] &= 0xffff;
2193                dev->stats.tx_window_errors++;
2194        }
2195        if (i < MAX_FIDS)
2196                netif_wake_queue(dev);
2197        dev_kfree_skb(skb);
2198}
2199
2200static netdev_tx_t airo_start_xmit11(struct sk_buff *skb,
2201                                           struct net_device *dev)
2202{
2203        s16 len;
2204        int i, j;
2205        struct airo_info *priv = dev->ml_priv;
2206        u32 *fids = priv->fids;
2207
2208        if (test_bit(FLAG_MPI, &priv->flags)) {
2209                /* Not implemented yet for MPI350 */
2210                netif_stop_queue(dev);
2211                dev_kfree_skb_any(skb);
2212                return NETDEV_TX_OK;
2213        }
2214
2215        if (skb == NULL) {
2216                airo_print_err(dev->name, "%s: skb == NULL!", __func__);
2217                return NETDEV_TX_OK;
2218        }
2219        if (skb_padto(skb, ETH_ZLEN)) {
2220                dev->stats.tx_dropped++;
2221                return NETDEV_TX_OK;
2222        }
2223
2224        /* Find a vacant FID */
2225        for (i = MAX_FIDS / 2; i < MAX_FIDS && (fids[i] & 0xffff0000); i++);
2226        for (j = i + 1; j < MAX_FIDS && (fids[j] & 0xffff0000); j++);
2227
2228        if (j >= MAX_FIDS) {
2229                netif_stop_queue(dev);
2230
2231                if (i == MAX_FIDS) {
2232                        dev->stats.tx_fifo_errors++;
2233                        return NETDEV_TX_BUSY;
2234                }
2235        }
2236        /* check min length*/
2237        len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
2238        /* Mark fid as used & save length for later */
2239        fids[i] |= (len << 16);
2240        priv->xmit11.skb = skb;
2241        priv->xmit11.fid = i;
2242        if (down_trylock(&priv->sem) != 0) {
2243                set_bit(FLAG_PENDING_XMIT11, &priv->flags);
2244                netif_stop_queue(dev);
2245                set_bit(JOB_XMIT11, &priv->jobs);
2246                wake_up_interruptible(&priv->thr_wait);
2247        } else
2248                airo_end_xmit11(dev, false);
2249        return NETDEV_TX_OK;
2250}
2251
2252static void airo_read_stats(struct net_device *dev)
2253{
2254        struct airo_info *ai = dev->ml_priv;
2255        StatsRid stats_rid;
2256        __le32 *vals = stats_rid.vals;
2257
2258        clear_bit(JOB_STATS, &ai->jobs);
2259        if (ai->power.event) {
2260                up(&ai->sem);
2261                return;
2262        }
2263        readStatsRid(ai, &stats_rid, RID_STATS, 0);
2264        up(&ai->sem);
2265
2266        dev->stats.rx_packets = le32_to_cpu(vals[43]) + le32_to_cpu(vals[44]) +
2267                               le32_to_cpu(vals[45]);
2268        dev->stats.tx_packets = le32_to_cpu(vals[39]) + le32_to_cpu(vals[40]) +
2269                               le32_to_cpu(vals[41]);
2270        dev->stats.rx_bytes = le32_to_cpu(vals[92]);
2271        dev->stats.tx_bytes = le32_to_cpu(vals[91]);
2272        dev->stats.rx_errors = le32_to_cpu(vals[0]) + le32_to_cpu(vals[2]) +
2273                              le32_to_cpu(vals[3]) + le32_to_cpu(vals[4]);
2274        dev->stats.tx_errors = le32_to_cpu(vals[42]) +
2275                              dev->stats.tx_fifo_errors;
2276        dev->stats.multicast = le32_to_cpu(vals[43]);
2277        dev->stats.collisions = le32_to_cpu(vals[89]);
2278
2279        /* detailed rx_errors: */
2280        dev->stats.rx_length_errors = le32_to_cpu(vals[3]);
2281        dev->stats.rx_crc_errors = le32_to_cpu(vals[4]);
2282        dev->stats.rx_frame_errors = le32_to_cpu(vals[2]);
2283        dev->stats.rx_fifo_errors = le32_to_cpu(vals[0]);
2284}
2285
2286static struct net_device_stats *airo_get_stats(struct net_device *dev)
2287{
2288        struct airo_info *local =  dev->ml_priv;
2289
2290        if (!test_bit(JOB_STATS, &local->jobs)) {
2291                set_bit(JOB_STATS, &local->jobs);
2292                wake_up_interruptible(&local->thr_wait);
2293        }
2294
2295        return &dev->stats;
2296}
2297
2298static void airo_set_promisc(struct airo_info *ai, bool may_sleep)
2299{
2300        Cmd cmd;
2301        Resp rsp;
2302
2303        memset(&cmd, 0, sizeof(cmd));
2304        cmd.cmd = CMD_SETMODE;
2305        clear_bit(JOB_PROMISC, &ai->jobs);
2306        cmd.parm0=(ai->flags&IFF_PROMISC) ? PROMISC : NOPROMISC;
2307        issuecommand(ai, &cmd, &rsp, may_sleep);
2308        up(&ai->sem);
2309}
2310
2311static void airo_set_multicast_list(struct net_device *dev)
2312{
2313        struct airo_info *ai = dev->ml_priv;
2314
2315        if ((dev->flags ^ ai->flags) & IFF_PROMISC) {
2316                change_bit(FLAG_PROMISC, &ai->flags);
2317                if (down_trylock(&ai->sem) != 0) {
2318                        set_bit(JOB_PROMISC, &ai->jobs);
2319                        wake_up_interruptible(&ai->thr_wait);
2320                } else
2321                        airo_set_promisc(ai, false);
2322        }
2323
2324        if ((dev->flags&IFF_ALLMULTI) || !netdev_mc_empty(dev)) {
2325                /* Turn on multicast.  (Should be already setup...) */
2326        }
2327}
2328
2329static int airo_set_mac_address(struct net_device *dev, void *p)
2330{
2331        struct airo_info *ai = dev->ml_priv;
2332        struct sockaddr *addr = p;
2333
2334        readConfigRid(ai, 1);
2335        memcpy (ai->config.macAddr, addr->sa_data, dev->addr_len);
2336        set_bit (FLAG_COMMIT, &ai->flags);
2337        disable_MAC(ai, 1);
2338        writeConfigRid (ai, 1);
2339        enable_MAC(ai, 1);
2340        memcpy (ai->dev->dev_addr, addr->sa_data, dev->addr_len);
2341        if (ai->wifidev)
2342                memcpy (ai->wifidev->dev_addr, addr->sa_data, dev->addr_len);
2343        return 0;
2344}
2345
2346static LIST_HEAD(airo_devices);
2347
2348static void add_airo_dev(struct airo_info *ai)
2349{
2350        /* Upper layers already keep track of PCI devices,
2351         * so we only need to remember our non-PCI cards. */
2352        if (!ai->pci)
2353                list_add_tail(&ai->dev_list, &airo_devices);
2354}
2355
2356static void del_airo_dev(struct airo_info *ai)
2357{
2358        if (!ai->pci)
2359                list_del(&ai->dev_list);
2360}
2361
2362static int airo_close(struct net_device *dev)
2363{
2364        struct airo_info *ai = dev->ml_priv;
2365
2366        netif_stop_queue(dev);
2367
2368        if (ai->wifidev != dev) {
2369#ifdef POWER_ON_DOWN
2370                /* Shut power to the card. The idea is that the user can save
2371                 * power when he doesn't need the card with "ifconfig down".
2372                 * That's the method that is most friendly towards the network
2373                 * stack (i.e. the network stack won't try to broadcast
2374                 * anything on the interface and routes are gone. Jean II */
2375                set_bit(FLAG_RADIO_DOWN, &ai->flags);
2376                disable_MAC(ai, 1);
2377#endif
2378                disable_interrupts(ai);
2379
2380                free_irq(dev->irq, dev);
2381
2382                set_bit(JOB_DIE, &ai->jobs);
2383                kthread_stop(ai->airo_thread_task);
2384        }
2385        return 0;
2386}
2387
2388void stop_airo_card(struct net_device *dev, int freeres)
2389{
2390        struct airo_info *ai = dev->ml_priv;
2391
2392        set_bit(FLAG_RADIO_DOWN, &ai->flags);
2393        disable_MAC(ai, 1);
2394        disable_interrupts(ai);
2395        takedown_proc_entry(dev, ai);
2396        if (test_bit(FLAG_REGISTERED, &ai->flags)) {
2397                unregister_netdev(dev);
2398                if (ai->wifidev) {
2399                        unregister_netdev(ai->wifidev);
2400                        free_netdev(ai->wifidev);
2401                        ai->wifidev = NULL;
2402                }
2403                clear_bit(FLAG_REGISTERED, &ai->flags);
2404        }
2405        /*
2406         * Clean out tx queue
2407         */
2408        if (test_bit(FLAG_MPI, &ai->flags) && !skb_queue_empty(&ai->txq)) {
2409                struct sk_buff *skb = NULL;
2410                for (;(skb = skb_dequeue(&ai->txq));)
2411                        dev_kfree_skb(skb);
2412        }
2413
2414        airo_networks_free (ai);
2415
2416        kfree(ai->flash);
2417        kfree(ai->rssi);
2418        kfree(ai->SSID);
2419        if (freeres) {
2420                /* PCMCIA frees this stuff, so only for PCI and ISA */
2421                release_region(dev->base_addr, 64);
2422                if (test_bit(FLAG_MPI, &ai->flags)) {
2423                        if (ai->pci)
2424                                mpi_unmap_card(ai->pci);
2425                        if (ai->pcimem)
2426                                iounmap(ai->pcimem);
2427                        if (ai->pciaux)
2428                                iounmap(ai->pciaux);
2429                        dma_free_coherent(&ai->pci->dev, PCI_SHARED_LEN,
2430                                          ai->shared, ai->shared_dma);
2431                }
2432        }
2433        crypto_free_sync_skcipher(ai->tfm);
2434        del_airo_dev(ai);
2435        free_netdev(dev);
2436}
2437
2438EXPORT_SYMBOL(stop_airo_card);
2439
2440static int wll_header_parse(const struct sk_buff *skb, unsigned char *haddr)
2441{
2442        memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN);
2443        return ETH_ALEN;
2444}
2445
2446static void mpi_unmap_card(struct pci_dev *pci)
2447{
2448        unsigned long mem_start = pci_resource_start(pci, 1);
2449        unsigned long mem_len = pci_resource_len(pci, 1);
2450        unsigned long aux_start = pci_resource_start(pci, 2);
2451        unsigned long aux_len = AUXMEMSIZE;
2452
2453        release_mem_region(aux_start, aux_len);
2454        release_mem_region(mem_start, mem_len);
2455}
2456
2457/*************************************************************
2458 *  This routine assumes that descriptors have been setup .
2459 *  Run at insmod time or after reset when the descriptors
2460 *  have been initialized . Returns 0 if all is well nz
2461 *  otherwise . Does not allocate memory but sets up card
2462 *  using previously allocated descriptors.
2463 */
2464static int mpi_init_descriptors (struct airo_info *ai)
2465{
2466        Cmd cmd;
2467        Resp rsp;
2468        int i;
2469        int rc = SUCCESS;
2470
2471        /* Alloc  card RX descriptors */
2472        netif_stop_queue(ai->dev);
2473
2474        memset(&rsp, 0, sizeof(rsp));
2475        memset(&cmd, 0, sizeof(cmd));
2476
2477        cmd.cmd = CMD_ALLOCATEAUX;
2478        cmd.parm0 = FID_RX;
2479        cmd.parm1 = (ai->rxfids[0].card_ram_off - ai->pciaux);
2480        cmd.parm2 = MPI_MAX_FIDS;
2481        rc = issuecommand(ai, &cmd, &rsp, true);
2482        if (rc != SUCCESS) {
2483                airo_print_err(ai->dev->name, "Couldn't allocate RX FID");
2484                return rc;
2485        }
2486
2487        for (i = 0; i<MPI_MAX_FIDS; i++) {
2488                memcpy_toio(ai->rxfids[i].card_ram_off,
2489                        &ai->rxfids[i].rx_desc, sizeof(RxFid));
2490        }
2491
2492        /* Alloc card TX descriptors */
2493
2494        memset(&rsp, 0, sizeof(rsp));
2495        memset(&cmd, 0, sizeof(cmd));
2496
2497        cmd.cmd = CMD_ALLOCATEAUX;
2498        cmd.parm0 = FID_TX;
2499        cmd.parm1 = (ai->txfids[0].card_ram_off - ai->pciaux);
2500        cmd.parm2 = MPI_MAX_FIDS;
2501
2502        for (i = 0; i<MPI_MAX_FIDS; i++) {
2503                ai->txfids[i].tx_desc.valid = 1;
2504                memcpy_toio(ai->txfids[i].card_ram_off,
2505                        &ai->txfids[i].tx_desc, sizeof(TxFid));
2506        }
2507        ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
2508
2509        rc = issuecommand(ai, &cmd, &rsp, true);
2510        if (rc != SUCCESS) {
2511                airo_print_err(ai->dev->name, "Couldn't allocate TX FID");
2512                return rc;
2513        }
2514
2515        /* Alloc card Rid descriptor */
2516        memset(&rsp, 0, sizeof(rsp));
2517        memset(&cmd, 0, sizeof(cmd));
2518
2519        cmd.cmd = CMD_ALLOCATEAUX;
2520        cmd.parm0 = RID_RW;
2521        cmd.parm1 = (ai->config_desc.card_ram_off - ai->pciaux);
2522        cmd.parm2 = 1; /* Magic number... */
2523        rc = issuecommand(ai, &cmd, &rsp, true);
2524        if (rc != SUCCESS) {
2525                airo_print_err(ai->dev->name, "Couldn't allocate RID");
2526                return rc;
2527        }
2528
2529        memcpy_toio(ai->config_desc.card_ram_off,
2530                &ai->config_desc.rid_desc, sizeof(Rid));
2531
2532        return rc;
2533}
2534
2535/*
2536 * We are setting up three things here:
2537 * 1) Map AUX memory for descriptors: Rid, TxFid, or RxFid.
2538 * 2) Map PCI memory for issuing commands.
2539 * 3) Allocate memory (shared) to send and receive ethernet frames.
2540 */
2541static int mpi_map_card(struct airo_info *ai, struct pci_dev *pci)
2542{
2543        unsigned long mem_start, mem_len, aux_start, aux_len;
2544        int rc = -1;
2545        int i;
2546        dma_addr_t busaddroff;
2547        unsigned char *vpackoff;
2548        unsigned char __iomem *pciaddroff;
2549
2550        mem_start = pci_resource_start(pci, 1);
2551        mem_len = pci_resource_len(pci, 1);
2552        aux_start = pci_resource_start(pci, 2);
2553        aux_len = AUXMEMSIZE;
2554
2555        if (!request_mem_region(mem_start, mem_len, DRV_NAME)) {
2556                airo_print_err("", "Couldn't get region %x[%x]",
2557                        (int)mem_start, (int)mem_len);
2558                goto out;
2559        }
2560        if (!request_mem_region(aux_start, aux_len, DRV_NAME)) {
2561                airo_print_err("", "Couldn't get region %x[%x]",
2562                        (int)aux_start, (int)aux_len);
2563                goto free_region1;
2564        }
2565
2566        ai->pcimem = ioremap(mem_start, mem_len);
2567        if (!ai->pcimem) {
2568                airo_print_err("", "Couldn't map region %x[%x]",
2569                        (int)mem_start, (int)mem_len);
2570                goto free_region2;
2571        }
2572        ai->pciaux = ioremap(aux_start, aux_len);
2573        if (!ai->pciaux) {
2574                airo_print_err("", "Couldn't map region %x[%x]",
2575                        (int)aux_start, (int)aux_len);
2576                goto free_memmap;
2577        }
2578
2579        /* Reserve PKTSIZE for each fid and 2K for the Rids */
2580        ai->shared = dma_alloc_coherent(&pci->dev, PCI_SHARED_LEN,
2581                                        &ai->shared_dma, GFP_KERNEL);
2582        if (!ai->shared) {
2583                airo_print_err("", "Couldn't alloc_coherent %d",
2584                        PCI_SHARED_LEN);
2585                goto free_auxmap;
2586        }
2587
2588        /*
2589         * Setup descriptor RX, TX, CONFIG
2590         */
2591        busaddroff = ai->shared_dma;
2592        pciaddroff = ai->pciaux + AUX_OFFSET;
2593        vpackoff   = ai->shared;
2594
2595        /* RX descriptor setup */
2596        for (i = 0; i < MPI_MAX_FIDS; i++) {
2597                ai->rxfids[i].pending = 0;
2598                ai->rxfids[i].card_ram_off = pciaddroff;
2599                ai->rxfids[i].virtual_host_addr = vpackoff;
2600                ai->rxfids[i].rx_desc.host_addr = busaddroff;
2601                ai->rxfids[i].rx_desc.valid = 1;
2602                ai->rxfids[i].rx_desc.len = PKTSIZE;
2603                ai->rxfids[i].rx_desc.rdy = 0;
2604
2605                pciaddroff += sizeof(RxFid);
2606                busaddroff += PKTSIZE;
2607                vpackoff   += PKTSIZE;
2608        }
2609
2610        /* TX descriptor setup */
2611        for (i = 0; i < MPI_MAX_FIDS; i++) {
2612                ai->txfids[i].card_ram_off = pciaddroff;
2613                ai->txfids[i].virtual_host_addr = vpackoff;
2614                ai->txfids[i].tx_desc.valid = 1;
2615                ai->txfids[i].tx_desc.host_addr = busaddroff;
2616                memcpy(ai->txfids[i].virtual_host_addr,
2617                        &wifictlhdr8023, sizeof(wifictlhdr8023));
2618
2619                pciaddroff += sizeof(TxFid);
2620                busaddroff += PKTSIZE;
2621                vpackoff   += PKTSIZE;
2622        }
2623        ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
2624
2625        /* Rid descriptor setup */
2626        ai->config_desc.card_ram_off = pciaddroff;
2627        ai->config_desc.virtual_host_addr = vpackoff;
2628        ai->config_desc.rid_desc.host_addr = busaddroff;
2629        ai->ridbus = busaddroff;
2630        ai->config_desc.rid_desc.rid = 0;
2631        ai->config_desc.rid_desc.len = RIDSIZE;
2632        ai->config_desc.rid_desc.valid = 1;
2633        pciaddroff += sizeof(Rid);
2634        busaddroff += RIDSIZE;
2635        vpackoff   += RIDSIZE;
2636
2637        /* Tell card about descriptors */
2638        if (mpi_init_descriptors (ai) != SUCCESS)
2639                goto free_shared;
2640
2641        return 0;
2642 free_shared:
2643        dma_free_coherent(&pci->dev, PCI_SHARED_LEN, ai->shared,
2644                          ai->shared_dma);
2645 free_auxmap:
2646        iounmap(ai->pciaux);
2647 free_memmap:
2648        iounmap(ai->pcimem);
2649 free_region2:
2650        release_mem_region(aux_start, aux_len);
2651 free_region1:
2652        release_mem_region(mem_start, mem_len);
2653 out:
2654        return rc;
2655}
2656
2657static const struct header_ops airo_header_ops = {
2658        .parse = wll_header_parse,
2659};
2660
2661static const struct net_device_ops airo11_netdev_ops = {
2662        .ndo_open               = airo_open,
2663        .ndo_stop               = airo_close,
2664        .ndo_start_xmit         = airo_start_xmit11,
2665        .ndo_get_stats          = airo_get_stats,
2666        .ndo_set_mac_address    = airo_set_mac_address,
2667        .ndo_do_ioctl           = airo_ioctl,
2668};
2669
2670static void wifi_setup(struct net_device *dev)
2671{
2672        dev->netdev_ops = &airo11_netdev_ops;
2673        dev->header_ops = &airo_header_ops;
2674        dev->wireless_handlers = &airo_handler_def;
2675
2676        dev->type               = ARPHRD_IEEE80211;
2677        dev->hard_header_len    = ETH_HLEN;
2678        dev->mtu                = AIRO_DEF_MTU;
2679        dev->min_mtu            = 68;
2680        dev->max_mtu            = MIC_MSGLEN_MAX;
2681        dev->addr_len           = ETH_ALEN;
2682        dev->tx_queue_len       = 100;
2683
2684        eth_broadcast_addr(dev->broadcast);
2685
2686        dev->flags              = IFF_BROADCAST|IFF_MULTICAST;
2687}
2688
2689static struct net_device *init_wifidev(struct airo_info *ai,
2690                                        struct net_device *ethdev)
2691{
2692        int err;
2693        struct net_device *dev = alloc_netdev(0, "wifi%d", NET_NAME_UNKNOWN,
2694                                              wifi_setup);
2695        if (!dev)
2696                return NULL;
2697        dev->ml_priv = ethdev->ml_priv;
2698        dev->irq = ethdev->irq;
2699        dev->base_addr = ethdev->base_addr;
2700        dev->wireless_data = ethdev->wireless_data;
2701        SET_NETDEV_DEV(dev, ethdev->dev.parent);
2702        eth_hw_addr_inherit(dev, ethdev);
2703        err = register_netdev(dev);
2704        if (err<0) {
2705                free_netdev(dev);
2706                return NULL;
2707        }
2708        return dev;
2709}
2710
2711static int reset_card(struct net_device *dev, int lock)
2712{
2713        struct airo_info *ai = dev->ml_priv;
2714
2715        if (lock && down_interruptible(&ai->sem))
2716                return -1;
2717        waitbusy (ai);
2718        OUT4500(ai, COMMAND, CMD_SOFTRESET);
2719        msleep(200);
2720        waitbusy (ai);
2721        msleep(200);
2722        if (lock)
2723                up(&ai->sem);
2724        return 0;
2725}
2726
2727#define AIRO_MAX_NETWORK_COUNT  64
2728static int airo_networks_allocate(struct airo_info *ai)
2729{
2730        if (ai->networks)
2731                return 0;
2732
2733        ai->networks = kcalloc(AIRO_MAX_NETWORK_COUNT, sizeof(BSSListElement),
2734                               GFP_KERNEL);
2735        if (!ai->networks) {
2736                airo_print_warn("", "Out of memory allocating beacons");
2737                return -ENOMEM;
2738        }
2739
2740        return 0;
2741}
2742
2743static void airo_networks_free(struct airo_info *ai)
2744{
2745        kfree(ai->networks);
2746        ai->networks = NULL;
2747}
2748
2749static void airo_networks_initialize(struct airo_info *ai)
2750{
2751        int i;
2752
2753        INIT_LIST_HEAD(&ai->network_free_list);
2754        INIT_LIST_HEAD(&ai->network_list);
2755        for (i = 0; i < AIRO_MAX_NETWORK_COUNT; i++)
2756                list_add_tail(&ai->networks[i].list,
2757                              &ai->network_free_list);
2758}
2759
2760static const struct net_device_ops airo_netdev_ops = {
2761        .ndo_open               = airo_open,
2762        .ndo_stop               = airo_close,
2763        .ndo_start_xmit         = airo_start_xmit,
2764        .ndo_get_stats          = airo_get_stats,
2765        .ndo_set_rx_mode        = airo_set_multicast_list,
2766        .ndo_set_mac_address    = airo_set_mac_address,
2767        .ndo_do_ioctl           = airo_ioctl,
2768        .ndo_validate_addr      = eth_validate_addr,
2769};
2770
2771static const struct net_device_ops mpi_netdev_ops = {
2772        .ndo_open               = airo_open,
2773        .ndo_stop               = airo_close,
2774        .ndo_start_xmit         = mpi_start_xmit,
2775        .ndo_get_stats          = airo_get_stats,
2776        .ndo_set_rx_mode        = airo_set_multicast_list,
2777        .ndo_set_mac_address    = airo_set_mac_address,
2778        .ndo_do_ioctl           = airo_ioctl,
2779        .ndo_validate_addr      = eth_validate_addr,
2780};
2781
2782
2783static struct net_device *_init_airo_card(unsigned short irq, int port,
2784                                           int is_pcmcia, struct pci_dev *pci,
2785                                           struct device *dmdev)
2786{
2787        struct net_device *dev;
2788        struct airo_info *ai;
2789        int i, rc;
2790        CapabilityRid cap_rid;
2791
2792        /* Create the network device object. */
2793        dev = alloc_netdev(sizeof(*ai), "", NET_NAME_UNKNOWN, ether_setup);
2794        if (!dev) {
2795                airo_print_err("", "Couldn't alloc_etherdev");
2796                return NULL;
2797        }
2798
2799        ai = dev->ml_priv = netdev_priv(dev);
2800        ai->wifidev = NULL;
2801        ai->flags = 1 << FLAG_RADIO_DOWN;
2802        ai->jobs = 0;
2803        ai->dev = dev;
2804        if (pci && (pci->device == 0x5000 || pci->device == 0xa504)) {
2805                airo_print_dbg("", "Found an MPI350 card");
2806                set_bit(FLAG_MPI, &ai->flags);
2807        }
2808        spin_lock_init(&ai->aux_lock);
2809        sema_init(&ai->sem, 1);
2810        ai->config.len = 0;
2811        ai->pci = pci;
2812        init_waitqueue_head (&ai->thr_wait);
2813        ai->tfm = NULL;
2814        add_airo_dev(ai);
2815        ai->APList.len = cpu_to_le16(sizeof(struct APListRid));
2816
2817        if (airo_networks_allocate (ai))
2818                goto err_out_free;
2819        airo_networks_initialize (ai);
2820
2821        skb_queue_head_init (&ai->txq);
2822
2823        /* The Airo-specific entries in the device structure. */
2824        if (test_bit(FLAG_MPI,&ai->flags))
2825                dev->netdev_ops = &mpi_netdev_ops;
2826        else
2827                dev->netdev_ops = &airo_netdev_ops;
2828        dev->wireless_handlers = &airo_handler_def;
2829        ai->wireless_data.spy_data = &ai->spy_data;
2830        dev->wireless_data = &ai->wireless_data;
2831        dev->irq = irq;
2832        dev->base_addr = port;
2833        dev->priv_flags &= ~IFF_TX_SKB_SHARING;
2834        dev->max_mtu = MIC_MSGLEN_MAX;
2835
2836        SET_NETDEV_DEV(dev, dmdev);
2837
2838        reset_card (dev, 1);
2839        msleep(400);
2840
2841        if (!is_pcmcia) {
2842                if (!request_region(dev->base_addr, 64, DRV_NAME)) {
2843                        rc = -EBUSY;
2844                        airo_print_err(dev->name, "Couldn't request region");
2845                        goto err_out_nets;
2846                }
2847        }
2848
2849        if (test_bit(FLAG_MPI,&ai->flags)) {
2850                if (mpi_map_card(ai, pci)) {
2851                        airo_print_err("", "Could not map memory");
2852                        goto err_out_res;
2853                }
2854        }
2855
2856        if (probe) {
2857                if (setup_card(ai, dev->dev_addr, 1) != SUCCESS) {
2858                        airo_print_err(dev->name, "MAC could not be enabled");
2859                        rc = -EIO;
2860                        goto err_out_map;
2861                }
2862        } else if (!test_bit(FLAG_MPI,&ai->flags)) {
2863                ai->bap_read = fast_bap_read;
2864                set_bit(FLAG_FLASHING, &ai->flags);
2865        }
2866
2867        strcpy(dev->name, "eth%d");
2868        rc = register_netdev(dev);
2869        if (rc) {
2870                airo_print_err(dev->name, "Couldn't register_netdev");
2871                goto err_out_map;
2872        }
2873        ai->wifidev = init_wifidev(ai, dev);
2874        if (!ai->wifidev)
2875                goto err_out_reg;
2876
2877        rc = readCapabilityRid(ai, &cap_rid, 1);
2878        if (rc != SUCCESS) {
2879                rc = -EIO;
2880                goto err_out_wifi;
2881        }
2882        /* WEP capability discovery */
2883        ai->wep_capable = (cap_rid.softCap & cpu_to_le16(0x02)) ? 1 : 0;
2884        ai->max_wep_idx = (cap_rid.softCap & cpu_to_le16(0x80)) ? 3 : 0;
2885
2886        airo_print_info(dev->name, "Firmware version %x.%x.%02d",
2887                        ((le16_to_cpu(cap_rid.softVer) >> 8) & 0xF),
2888                        (le16_to_cpu(cap_rid.softVer) & 0xFF),
2889                        le16_to_cpu(cap_rid.softSubVer));
2890
2891        /* Test for WPA support */
2892        /* Only firmware versions 5.30.17 or better can do WPA */
2893        if (le16_to_cpu(cap_rid.softVer) > 0x530
2894         || (le16_to_cpu(cap_rid.softVer) == 0x530
2895              && le16_to_cpu(cap_rid.softSubVer) >= 17)) {
2896                airo_print_info(ai->dev->name, "WPA supported.");
2897
2898                set_bit(FLAG_WPA_CAPABLE, &ai->flags);
2899                ai->bssListFirst = RID_WPA_BSSLISTFIRST;
2900                ai->bssListNext = RID_WPA_BSSLISTNEXT;
2901                ai->bssListRidLen = sizeof(BSSListRid);
2902        } else {
2903                airo_print_info(ai->dev->name, "WPA unsupported with firmware "
2904                        "versions older than 5.30.17.");
2905
2906                ai->bssListFirst = RID_BSSLISTFIRST;
2907                ai->bssListNext = RID_BSSLISTNEXT;
2908                ai->bssListRidLen = sizeof(BSSListRid) - sizeof(BSSListRidExtra);
2909        }
2910
2911        set_bit(FLAG_REGISTERED,&ai->flags);
2912        airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
2913
2914        /* Allocate the transmit buffers */
2915        if (probe && !test_bit(FLAG_MPI,&ai->flags))
2916                for (i = 0; i < MAX_FIDS; i++)
2917                        ai->fids[i] = transmit_allocate(ai, AIRO_DEF_MTU, i>=MAX_FIDS/2);
2918
2919        if (setup_proc_entry(dev, dev->ml_priv) < 0)
2920                goto err_out_wifi;
2921
2922        return dev;
2923
2924err_out_wifi:
2925        unregister_netdev(ai->wifidev);
2926        free_netdev(ai->wifidev);
2927err_out_reg:
2928        unregister_netdev(dev);
2929err_out_map:
2930        if (test_bit(FLAG_MPI,&ai->flags) && pci) {
2931                dma_free_coherent(&pci->dev, PCI_SHARED_LEN, ai->shared,
2932                                  ai->shared_dma);
2933                iounmap(ai->pciaux);
2934                iounmap(ai->pcimem);
2935                mpi_unmap_card(ai->pci);
2936        }
2937err_out_res:
2938        if (!is_pcmcia)
2939                release_region(dev->base_addr, 64);
2940err_out_nets:
2941        airo_networks_free(ai);
2942err_out_free:
2943        del_airo_dev(ai);
2944        free_netdev(dev);
2945        return NULL;
2946}
2947
2948struct net_device *init_airo_card(unsigned short irq, int port, int is_pcmcia,
2949                                  struct device *dmdev)
2950{
2951        return _init_airo_card (irq, port, is_pcmcia, NULL, dmdev);
2952}
2953
2954EXPORT_SYMBOL(init_airo_card);
2955
2956static int waitbusy (struct airo_info *ai)
2957{
2958        int delay = 0;
2959        while ((IN4500(ai, COMMAND) & COMMAND_BUSY) && (delay < 10000)) {
2960                udelay (10);
2961                if ((++delay % 20) == 0)
2962                        OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
2963        }
2964        return delay < 10000;
2965}
2966
2967int reset_airo_card(struct net_device *dev)
2968{
2969        int i;
2970        struct airo_info *ai = dev->ml_priv;
2971
2972        if (reset_card (dev, 1))
2973                return -1;
2974
2975        if (setup_card(ai, dev->dev_addr, 1) != SUCCESS) {
2976                airo_print_err(dev->name, "MAC could not be enabled");
2977                return -1;
2978        }
2979        airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
2980        /* Allocate the transmit buffers if needed */
2981        if (!test_bit(FLAG_MPI,&ai->flags))
2982                for (i = 0; i < MAX_FIDS; i++)
2983                        ai->fids[i] = transmit_allocate (ai, AIRO_DEF_MTU, i>=MAX_FIDS/2);
2984
2985        enable_interrupts(ai);
2986        netif_wake_queue(dev);
2987        return 0;
2988}
2989
2990EXPORT_SYMBOL(reset_airo_card);
2991
2992static void airo_send_event(struct net_device *dev)
2993{
2994        struct airo_info *ai = dev->ml_priv;
2995        union iwreq_data wrqu;
2996        StatusRid status_rid;
2997
2998        clear_bit(JOB_EVENT, &ai->jobs);
2999        PC4500_readrid(ai, RID_STATUS, &status_rid, sizeof(status_rid), 0);
3000        up(&ai->sem);
3001        wrqu.data.length = 0;
3002        wrqu.data.flags = 0;
3003        memcpy(wrqu.ap_addr.sa_data, status_rid.bssid[0], ETH_ALEN);
3004        wrqu.ap_addr.sa_family = ARPHRD_ETHER;
3005
3006        /* Send event to user space */
3007        wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
3008}
3009
3010static void airo_process_scan_results (struct airo_info *ai)
3011{
3012        union iwreq_data        wrqu;
3013        BSSListRid bss;
3014        int rc;
3015        BSSListElement * loop_net;
3016        BSSListElement * tmp_net;
3017
3018        /* Blow away current list of scan results */
3019        list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) {
3020                list_move_tail (&loop_net->list, &ai->network_free_list);
3021                /* Don't blow away ->list, just BSS data */
3022                memset (loop_net, 0, sizeof (loop_net->bss));
3023        }
3024
3025        /* Try to read the first entry of the scan result */
3026        rc = PC4500_readrid(ai, ai->bssListFirst, &bss, ai->bssListRidLen, 0);
3027        if ((rc) || (bss.index == cpu_to_le16(0xffff))) {
3028                /* No scan results */
3029                goto out;
3030        }
3031
3032        /* Read and parse all entries */
3033        tmp_net = NULL;
3034        while ((!rc) && (bss.index != cpu_to_le16(0xffff))) {
3035                /* Grab a network off the free list */
3036                if (!list_empty(&ai->network_free_list)) {
3037                        tmp_net = list_entry(ai->network_free_list.next,
3038                                            BSSListElement, list);
3039                        list_del(ai->network_free_list.next);
3040                }
3041
3042                if (tmp_net != NULL) {
3043                        memcpy(tmp_net, &bss, sizeof(tmp_net->bss));
3044                        list_add_tail(&tmp_net->list, &ai->network_list);
3045                        tmp_net = NULL;
3046                }
3047
3048                /* Read next entry */
3049                rc = PC4500_readrid(ai, ai->bssListNext,
3050                                    &bss, ai->bssListRidLen, 0);
3051        }
3052
3053out:
3054        /* write APList back (we cleared it in airo_set_scan) */
3055        disable_MAC(ai, 2);
3056        writeAPListRid(ai, &ai->APList, 0);
3057        enable_MAC(ai, 0);
3058
3059        ai->scan_timeout = 0;
3060        clear_bit(JOB_SCAN_RESULTS, &ai->jobs);
3061        up(&ai->sem);
3062
3063        /* Send an empty event to user space.
3064         * We don't send the received data on
3065         * the event because it would require
3066         * us to do complex transcoding, and
3067         * we want to minimise the work done in
3068         * the irq handler. Use a request to
3069         * extract the data - Jean II */
3070        wrqu.data.length = 0;
3071        wrqu.data.flags = 0;
3072        wireless_send_event(ai->dev, SIOCGIWSCAN, &wrqu, NULL);
3073}
3074
3075static int airo_thread(void *data)
3076{
3077        struct net_device *dev = data;
3078        struct airo_info *ai = dev->ml_priv;
3079        int locked;
3080
3081        set_freezable();
3082        while (1) {
3083                /* make swsusp happy with our thread */
3084                try_to_freeze();
3085
3086                if (test_bit(JOB_DIE, &ai->jobs))
3087                        break;
3088
3089                if (ai->jobs) {
3090                        locked = down_interruptible(&ai->sem);
3091                } else {
3092                        wait_queue_entry_t wait;
3093
3094                        init_waitqueue_entry(&wait, current);
3095                        add_wait_queue(&ai->thr_wait, &wait);
3096                        for (;;) {
3097                                set_current_state(TASK_INTERRUPTIBLE);
3098                                if (ai->jobs)
3099                                        break;
3100                                if (ai->expires || ai->scan_timeout) {
3101                                        if (ai->scan_timeout &&
3102                                                        time_after_eq(jiffies, ai->scan_timeout)) {
3103                                                set_bit(JOB_SCAN_RESULTS, &ai->jobs);
3104                                                break;
3105                                        } else if (ai->expires &&
3106                                                        time_after_eq(jiffies, ai->expires)) {
3107                                                set_bit(JOB_AUTOWEP, &ai->jobs);
3108                                                break;
3109                                        }
3110                                        if (!kthread_should_stop() &&
3111                                            !freezing(current)) {
3112                                                unsigned long wake_at;
3113                                                if (!ai->expires || !ai->scan_timeout) {
3114                                                        wake_at = max(ai->expires,
3115                                                                ai->scan_timeout);
3116                                                } else {
3117                                                        wake_at = min(ai->expires,
3118                                                                ai->scan_timeout);
3119                                                }
3120                                                schedule_timeout(wake_at - jiffies);
3121                                                continue;
3122                                        }
3123                                } else if (!kthread_should_stop() &&
3124                                           !freezing(current)) {
3125                                        schedule();
3126                                        continue;
3127                                }
3128                                break;
3129                        }
3130                        __set_current_state(TASK_RUNNING);
3131                        remove_wait_queue(&ai->thr_wait, &wait);
3132                        locked = 1;
3133                }
3134
3135                if (locked)
3136                        continue;
3137
3138                if (test_bit(JOB_DIE, &ai->jobs)) {
3139                        up(&ai->sem);
3140                        break;
3141                }
3142
3143                if (ai->power.event || test_bit(FLAG_FLASHING, &ai->flags)) {
3144                        up(&ai->sem);
3145                        continue;
3146                }
3147
3148                if (test_bit(JOB_XMIT, &ai->jobs))
3149                        airo_end_xmit(dev, true);
3150                else if (test_bit(JOB_XMIT11, &ai->jobs))
3151                        airo_end_xmit11(dev, true);
3152                else if (test_bit(JOB_STATS, &ai->jobs))
3153                        airo_read_stats(dev);
3154                else if (test_bit(JOB_PROMISC, &ai->jobs))
3155                        airo_set_promisc(ai, true);
3156                else if (test_bit(JOB_MIC, &ai->jobs))
3157                        micinit(ai);
3158                else if (test_bit(JOB_EVENT, &ai->jobs))
3159                        airo_send_event(dev);
3160                else if (test_bit(JOB_AUTOWEP, &ai->jobs))
3161                        timer_func(dev);
3162                else if (test_bit(JOB_SCAN_RESULTS, &ai->jobs))
3163                        airo_process_scan_results(ai);
3164                else  /* Shouldn't get here, but we make sure to unlock */
3165                        up(&ai->sem);
3166        }
3167
3168        return 0;
3169}
3170
3171static int header_len(__le16 ctl)
3172{
3173        u16 fc = le16_to_cpu(ctl);
3174        switch (fc & 0xc) {
3175        case 4:
3176                if ((fc & 0xe0) == 0xc0)
3177                        return 10;      /* one-address control packet */
3178                return 16;      /* two-address control packet */
3179        case 8:
3180                if ((fc & 0x300) == 0x300)
3181                        return 30;      /* WDS packet */
3182        }
3183        return 24;
3184}
3185
3186static void airo_handle_cisco_mic(struct airo_info *ai)
3187{
3188        if (test_bit(FLAG_MIC_CAPABLE, &ai->flags)) {
3189                set_bit(JOB_MIC, &ai->jobs);
3190                wake_up_interruptible(&ai->thr_wait);
3191        }
3192}
3193
3194/* Airo Status codes */
3195#define STAT_NOBEACON   0x8000 /* Loss of sync - missed beacons */
3196#define STAT_MAXRETRIES 0x8001 /* Loss of sync - max retries */
3197#define STAT_MAXARL     0x8002 /* Loss of sync - average retry level exceeded*/
3198#define STAT_FORCELOSS  0x8003 /* Loss of sync - host request */
3199#define STAT_TSFSYNC    0x8004 /* Loss of sync - TSF synchronization */
3200#define STAT_DEAUTH     0x8100 /* low byte is 802.11 reason code */
3201#define STAT_DISASSOC   0x8200 /* low byte is 802.11 reason code */
3202#define STAT_ASSOC_FAIL 0x8400 /* low byte is 802.11 reason code */
3203#define STAT_AUTH_FAIL  0x0300 /* low byte is 802.11 reason code */
3204#define STAT_ASSOC      0x0400 /* Associated */
3205#define STAT_REASSOC    0x0600 /* Reassociated?  Only on firmware >= 5.30.17 */
3206
3207static void airo_print_status(const char *devname, u16 status)
3208{
3209        u8 reason = status & 0xFF;
3210
3211        switch (status & 0xFF00) {
3212        case STAT_NOBEACON:
3213                switch (status) {
3214                case STAT_NOBEACON:
3215                        airo_print_dbg(devname, "link lost (missed beacons)");
3216                        break;
3217                case STAT_MAXRETRIES:
3218                case STAT_MAXARL:
3219                        airo_print_dbg(devname, "link lost (max retries)");
3220                        break;
3221                case STAT_FORCELOSS:
3222                        airo_print_dbg(devname, "link lost (local choice)");
3223                        break;
3224                case STAT_TSFSYNC:
3225                        airo_print_dbg(devname, "link lost (TSF sync lost)");
3226                        break;
3227                default:
3228                        airo_print_dbg(devname, "unknown status %x\n", status);
3229                        break;
3230                }
3231                break;
3232        case STAT_DEAUTH:
3233                airo_print_dbg(devname, "deauthenticated (reason: %d)", reason);
3234                break;
3235        case STAT_DISASSOC:
3236                airo_print_dbg(devname, "disassociated (reason: %d)", reason);
3237                break;
3238        case STAT_ASSOC_FAIL:
3239                airo_print_dbg(devname, "association failed (reason: %d)",
3240                               reason);
3241                break;
3242        case STAT_AUTH_FAIL:
3243                airo_print_dbg(devname, "authentication failed (reason: %d)",
3244                               reason);
3245                break;
3246        case STAT_ASSOC:
3247        case STAT_REASSOC:
3248                break;
3249        default:
3250                airo_print_dbg(devname, "unknown status %x\n", status);
3251                break;
3252        }
3253}
3254
3255static void airo_handle_link(struct airo_info *ai)
3256{
3257        union iwreq_data wrqu;
3258        int scan_forceloss = 0;
3259        u16 status;
3260
3261        /* Get new status and acknowledge the link change */
3262        status = le16_to_cpu(IN4500(ai, LINKSTAT));
3263        OUT4500(ai, EVACK, EV_LINK);
3264
3265        if ((status == STAT_FORCELOSS) && (ai->scan_timeout > 0))
3266                scan_forceloss = 1;
3267
3268        airo_print_status(ai->dev->name, status);
3269
3270        if ((status == STAT_ASSOC) || (status == STAT_REASSOC)) {
3271                if (auto_wep)
3272                        ai->expires = 0;
3273                if (ai->list_bss_task)
3274                        wake_up_process(ai->list_bss_task);
3275                set_bit(FLAG_UPDATE_UNI, &ai->flags);
3276                set_bit(FLAG_UPDATE_MULTI, &ai->flags);
3277
3278                set_bit(JOB_EVENT, &ai->jobs);
3279                wake_up_interruptible(&ai->thr_wait);
3280
3281                netif_carrier_on(ai->dev);
3282        } else if (!scan_forceloss) {
3283                if (auto_wep && !ai->expires) {
3284                        ai->expires = RUN_AT(3*HZ);
3285                        wake_up_interruptible(&ai->thr_wait);
3286                }
3287
3288                /* Send event to user space */
3289                eth_zero_addr(wrqu.ap_addr.sa_data);
3290                wrqu.ap_addr.sa_family = ARPHRD_ETHER;
3291                wireless_send_event(ai->dev, SIOCGIWAP, &wrqu, NULL);
3292                netif_carrier_off(ai->dev);
3293        } else {
3294                netif_carrier_off(ai->dev);
3295        }
3296}
3297
3298static void airo_handle_rx(struct airo_info *ai)
3299{
3300        struct sk_buff *skb = NULL;
3301        __le16 fc, v, *buffer, tmpbuf[4];
3302        u16 len, hdrlen = 0, gap, fid;
3303        struct rx_hdr hdr;
3304        int success = 0;
3305
3306        if (test_bit(FLAG_MPI, &ai->flags)) {
3307                if (test_bit(FLAG_802_11, &ai->flags))
3308                        mpi_receive_802_11(ai);
3309                else
3310                        mpi_receive_802_3(ai);
3311                OUT4500(ai, EVACK, EV_RX);
3312                return;
3313        }
3314
3315        fid = IN4500(ai, RXFID);
3316
3317        /* Get the packet length */
3318        if (test_bit(FLAG_802_11, &ai->flags)) {
3319                bap_setup (ai, fid, 4, BAP0);
3320                bap_read (ai, (__le16*)&hdr, sizeof(hdr), BAP0);
3321                /* Bad CRC. Ignore packet */
3322                if (le16_to_cpu(hdr.status) & 2)
3323                        hdr.len = 0;
3324                if (ai->wifidev == NULL)
3325                        hdr.len = 0;
3326        } else {
3327                bap_setup(ai, fid, 0x36, BAP0);
3328                bap_read(ai, &hdr.len, 2, BAP0);
3329        }
3330        len = le16_to_cpu(hdr.len);
3331
3332        if (len > AIRO_DEF_MTU) {
3333                airo_print_err(ai->dev->name, "Bad size %d", len);
3334                goto done;
3335        }
3336        if (len == 0)
3337                goto done;
3338
3339        if (test_bit(FLAG_802_11, &ai->flags)) {
3340                bap_read(ai, &fc, sizeof (fc), BAP0);
3341                hdrlen = header_len(fc);
3342        } else
3343                hdrlen = ETH_ALEN * 2;
3344
3345        skb = dev_alloc_skb(len + hdrlen + 2 + 2);
3346        if (!skb) {
3347                ai->dev->stats.rx_dropped++;
3348                goto done;
3349        }
3350
3351        skb_reserve(skb, 2); /* This way the IP header is aligned */
3352        buffer = skb_put(skb, len + hdrlen);
3353        if (test_bit(FLAG_802_11, &ai->flags)) {
3354                buffer[0] = fc;
3355                bap_read(ai, buffer + 1, hdrlen - 2, BAP0);
3356                if (hdrlen == 24)
3357                        bap_read(ai, tmpbuf, 6, BAP0);
3358
3359                bap_read(ai, &v, sizeof(v), BAP0);
3360                gap = le16_to_cpu(v);
3361                if (gap) {
3362                        if (gap <= 8) {
3363                                bap_read(ai, tmpbuf, gap, BAP0);
3364                        } else {
3365                                airo_print_err(ai->dev->name, "gaplen too "
3366                                        "big. Problems will follow...");
3367                        }
3368                }
3369                bap_read(ai, buffer + hdrlen/2, len, BAP0);
3370        } else {
3371                MICBuffer micbuf;
3372
3373                bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
3374                if (ai->micstats.enabled) {
3375                        bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
3376                        if (ntohs(micbuf.typelen) > 0x05DC)
3377                                bap_setup(ai, fid, 0x44, BAP0);
3378                        else {
3379                                if (len <= sizeof (micbuf)) {
3380                                        dev_kfree_skb_irq(skb);
3381                                        goto done;
3382                                }
3383
3384                                len -= sizeof(micbuf);
3385                                skb_trim(skb, len + hdrlen);
3386                        }
3387                }
3388
3389                bap_read(ai, buffer + ETH_ALEN, len, BAP0);
3390                if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
3391                        dev_kfree_skb_irq (skb);
3392                else
3393                        success = 1;
3394        }
3395
3396#ifdef WIRELESS_SPY
3397        if (success && (ai->spy_data.spy_number > 0)) {
3398                char *sa;
3399                struct iw_quality wstats;
3400
3401                /* Prepare spy data : addr + qual */
3402                if (!test_bit(FLAG_802_11, &ai->flags)) {
3403                        sa = (char *) buffer + 6;
3404                        bap_setup(ai, fid, 8, BAP0);
3405                        bap_read(ai, (__le16 *) hdr.rssi, 2, BAP0);
3406                } else
3407                        sa = (char *) buffer + 10;
3408                wstats.qual = hdr.rssi[0];
3409                if (ai->rssi)
3410                        wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
3411                else
3412                        wstats.level = (hdr.rssi[1] + 321) / 2;
3413                wstats.noise = ai->wstats.qual.noise;
3414                wstats.updated =  IW_QUAL_LEVEL_UPDATED
3415                                | IW_QUAL_QUAL_UPDATED
3416                                | IW_QUAL_DBM;
3417                /* Update spy records */
3418                wireless_spy_update(ai->dev, sa, &wstats);
3419        }
3420#endif /* WIRELESS_SPY */
3421
3422done:
3423        OUT4500(ai, EVACK, EV_RX);
3424
3425        if (success) {
3426                if (test_bit(FLAG_802_11, &ai->flags)) {
3427                        skb_reset_mac_header(skb);
3428                        skb->pkt_type = PACKET_OTHERHOST;
3429                        skb->dev = ai->wifidev;
3430                        skb->protocol = htons(ETH_P_802_2);
3431                } else
3432                        skb->protocol = eth_type_trans(skb, ai->dev);
3433                skb->ip_summed = CHECKSUM_NONE;
3434
3435                netif_rx(skb);
3436        }
3437}
3438
3439static void airo_handle_tx(struct airo_info *ai, u16 status)
3440{
3441        int i, index = -1;
3442        u16 fid;
3443
3444        if (test_bit(FLAG_MPI, &ai->flags)) {
3445                unsigned long flags;
3446
3447                if (status & EV_TXEXC)
3448                        get_tx_error(ai, -1);
3449
3450                spin_lock_irqsave(&ai->aux_lock, flags);
3451                if (!skb_queue_empty(&ai->txq)) {
3452                        spin_unlock_irqrestore(&ai->aux_lock, flags);
3453                        mpi_send_packet(ai->dev);
3454                } else {
3455                        clear_bit(FLAG_PENDING_XMIT, &ai->flags);
3456                        spin_unlock_irqrestore(&ai->aux_lock, flags);
3457                        netif_wake_queue(ai->dev);
3458                }
3459                OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
3460                return;
3461        }
3462
3463        fid = IN4500(ai, TXCOMPLFID);
3464
3465        for (i = 0; i < MAX_FIDS; i++) {
3466                if ((ai->fids[i] & 0xffff) == fid)
3467                        index = i;
3468        }
3469
3470        if (index != -1) {
3471                if (status & EV_TXEXC)
3472                        get_tx_error(ai, index);
3473
3474                OUT4500(ai, EVACK, status & (EV_TX | EV_TXEXC));
3475
3476                /* Set up to be used again */
3477                ai->fids[index] &= 0xffff;
3478                if (index < MAX_FIDS / 2) {
3479                        if (!test_bit(FLAG_PENDING_XMIT, &ai->flags))
3480                                netif_wake_queue(ai->dev);
3481                } else {
3482                        if (!test_bit(FLAG_PENDING_XMIT11, &ai->flags))
3483                                netif_wake_queue(ai->wifidev);
3484                }
3485        } else {
3486                OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
3487                airo_print_err(ai->dev->name, "Unallocated FID was used to xmit");
3488        }
3489}
3490
3491static irqreturn_t airo_interrupt(int irq, void *dev_id)
3492{
3493        struct net_device *dev = dev_id;
3494        u16 status, savedInterrupts = 0;
3495        struct airo_info *ai = dev->ml_priv;
3496        int handled = 0;
3497
3498        if (!netif_device_present(dev))
3499                return IRQ_NONE;
3500
3501        for (;;) {
3502                status = IN4500(ai, EVSTAT);
3503                if (!(status & STATUS_INTS) || (status == 0xffff))
3504                        break;
3505
3506                handled = 1;
3507
3508                if (status & EV_AWAKE) {
3509                        OUT4500(ai, EVACK, EV_AWAKE);
3510                        OUT4500(ai, EVACK, EV_AWAKE);
3511                }
3512
3513                if (!savedInterrupts) {
3514                        savedInterrupts = IN4500(ai, EVINTEN);
3515                        OUT4500(ai, EVINTEN, 0);
3516                }
3517
3518                if (status & EV_MIC) {
3519                        OUT4500(ai, EVACK, EV_MIC);
3520                        airo_handle_cisco_mic(ai);
3521                }
3522
3523                if (status & EV_LINK) {
3524                        /* Link status changed */
3525                        airo_handle_link(ai);
3526                }
3527
3528                /* Check to see if there is something to receive */
3529                if (status & EV_RX)
3530                        airo_handle_rx(ai);
3531
3532                /* Check to see if a packet has been transmitted */
3533                if (status & (EV_TX | EV_TXCPY | EV_TXEXC))
3534                        airo_handle_tx(ai, status);
3535
3536                if (status & ~STATUS_INTS & ~IGNORE_INTS) {
3537                        airo_print_warn(ai->dev->name, "Got weird status %x",
3538                                status & ~STATUS_INTS & ~IGNORE_INTS);
3539                }
3540        }
3541
3542        if (savedInterrupts)
3543                OUT4500(ai, EVINTEN, savedInterrupts);
3544
3545        return IRQ_RETVAL(handled);
3546}
3547
3548/*
3549 *  Routines to talk to the card
3550 */
3551
3552/*
3553 *  This was originally written for the 4500, hence the name
3554 *  NOTE:  If use with 8bit mode and SMP bad things will happen!
3555 *         Why would some one do 8 bit IO in an SMP machine?!?
3556 */
3557static void OUT4500(struct airo_info *ai, u16 reg, u16 val)
3558{
3559        if (test_bit(FLAG_MPI,&ai->flags))
3560                reg <<= 1;
3561        if (!do8bitIO)
3562                outw(val, ai->dev->base_addr + reg);
3563        else {
3564                outb(val & 0xff, ai->dev->base_addr + reg);
3565                outb(val >> 8, ai->dev->base_addr + reg + 1);
3566        }
3567}
3568
3569static u16 IN4500(struct airo_info *ai, u16 reg)
3570{
3571        unsigned short rc;
3572
3573        if (test_bit(FLAG_MPI,&ai->flags))
3574                reg <<= 1;
3575        if (!do8bitIO)
3576                rc = inw(ai->dev->base_addr + reg);
3577        else {
3578                rc = inb(ai->dev->base_addr + reg);
3579                rc += ((int)inb(ai->dev->base_addr + reg + 1)) << 8;
3580        }
3581        return rc;
3582}
3583
3584static int enable_MAC(struct airo_info *ai, int lock)
3585{
3586        int rc;
3587        Cmd cmd;
3588        Resp rsp;
3589
3590        /* FLAG_RADIO_OFF : Radio disabled via /proc or Wireless Extensions
3591         * FLAG_RADIO_DOWN : Radio disabled via "ifconfig ethX down"
3592         * Note : we could try to use !netif_running(dev) in enable_MAC()
3593         * instead of this flag, but I don't trust it *within* the
3594         * open/close functions, and testing both flags together is
3595         * "cheaper" - Jean II */
3596        if (ai->flags & FLAG_RADIO_MASK) return SUCCESS;
3597
3598        if (lock && down_interruptible(&ai->sem))
3599                return -ERESTARTSYS;
3600
3601        if (!test_bit(FLAG_ENABLED, &ai->flags)) {
3602                memset(&cmd, 0, sizeof(cmd));
3603                cmd.cmd = MAC_ENABLE;
3604                rc = issuecommand(ai, &cmd, &rsp, true);
3605                if (rc == SUCCESS)
3606                        set_bit(FLAG_ENABLED, &ai->flags);
3607        } else
3608                rc = SUCCESS;
3609
3610        if (lock)
3611            up(&ai->sem);
3612
3613        if (rc)
3614                airo_print_err(ai->dev->name, "Cannot enable MAC");
3615        else if ((rsp.status & 0xFF00) != 0) {
3616                airo_print_err(ai->dev->name, "Bad MAC enable reason=%x, "
3617                        "rid=%x, offset=%d", rsp.rsp0, rsp.rsp1, rsp.rsp2);
3618                rc = ERROR;
3619        }
3620        return rc;
3621}
3622
3623static void disable_MAC(struct airo_info *ai, int lock)
3624{
3625        Cmd cmd;
3626        Resp rsp;
3627
3628        if (lock == 1 && down_interruptible(&ai->sem))
3629                return;
3630
3631        if (test_bit(FLAG_ENABLED, &ai->flags)) {
3632                if (lock != 2) /* lock == 2 means don't disable carrier */
3633                        netif_carrier_off(ai->dev);
3634                memset(&cmd, 0, sizeof(cmd));
3635                cmd.cmd = MAC_DISABLE; // disable in case already enabled
3636                issuecommand(ai, &cmd, &rsp, true);
3637                clear_bit(FLAG_ENABLED, &ai->flags);
3638        }
3639        if (lock == 1)
3640                up(&ai->sem);
3641}
3642
3643static void enable_interrupts(struct airo_info *ai)
3644{
3645        /* Enable the interrupts */
3646        OUT4500(ai, EVINTEN, STATUS_INTS);
3647}
3648
3649static void disable_interrupts(struct airo_info *ai)
3650{
3651        OUT4500(ai, EVINTEN, 0);
3652}
3653
3654static void mpi_receive_802_3(struct airo_info *ai)
3655{
3656        RxFid rxd;
3657        int len = 0;
3658        struct sk_buff *skb;
3659        char *buffer;
3660        int off = 0;
3661        MICBuffer micbuf;
3662
3663        memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
3664        /* Make sure we got something */
3665        if (rxd.rdy && rxd.valid == 0) {
3666                len = rxd.len + 12;
3667                if (len < 12 || len > 2048)
3668                        goto badrx;
3669
3670                skb = dev_alloc_skb(len);
3671                if (!skb) {
3672                        ai->dev->stats.rx_dropped++;
3673                        goto badrx;
3674                }
3675                buffer = skb_put(skb, len);
3676                memcpy(buffer, ai->rxfids[0].virtual_host_addr, ETH_ALEN * 2);
3677                if (ai->micstats.enabled) {
3678                        memcpy(&micbuf,
3679                                ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2,
3680                                sizeof(micbuf));
3681                        if (ntohs(micbuf.typelen) <= 0x05DC) {
3682                                if (len <= sizeof(micbuf) + ETH_ALEN * 2)
3683                                        goto badmic;
3684
3685                                off = sizeof(micbuf);
3686                                skb_trim (skb, len - off);
3687                        }
3688                }
3689                memcpy(buffer + ETH_ALEN * 2,
3690                        ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2 + off,
3691                        len - ETH_ALEN * 2 - off);
3692                if (decapsulate (ai, &micbuf, (etherHead*)buffer, len - off - ETH_ALEN * 2)) {
3693badmic:
3694                        dev_kfree_skb_irq (skb);
3695                        goto badrx;
3696                }
3697#ifdef WIRELESS_SPY
3698                if (ai->spy_data.spy_number > 0) {
3699                        char *sa;
3700                        struct iw_quality wstats;
3701                        /* Prepare spy data : addr + qual */
3702                        sa = buffer + ETH_ALEN;
3703                        wstats.qual = 0; /* XXX Where do I get that info from ??? */
3704                        wstats.level = 0;
3705                        wstats.updated = 0;
3706                        /* Update spy records */
3707                        wireless_spy_update(ai->dev, sa, &wstats);
3708                }
3709#endif /* WIRELESS_SPY */
3710
3711                skb->ip_summed = CHECKSUM_NONE;
3712                skb->protocol = eth_type_trans(skb, ai->dev);
3713                netif_rx(skb);
3714        }
3715badrx:
3716        if (rxd.valid == 0) {
3717                rxd.valid = 1;
3718                rxd.rdy = 0;
3719                rxd.len = PKTSIZE;
3720                memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
3721        }
3722}
3723
3724static void mpi_receive_802_11(struct airo_info *ai)
3725{
3726        RxFid rxd;
3727        struct sk_buff *skb = NULL;
3728        u16 len, hdrlen = 0;
3729        __le16 fc;
3730        struct rx_hdr hdr;
3731        u16 gap;
3732        u16 *buffer;
3733        char *ptr = ai->rxfids[0].virtual_host_addr + 4;
3734
3735        memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
3736        memcpy ((char *)&hdr, ptr, sizeof(hdr));
3737        ptr += sizeof(hdr);
3738        /* Bad CRC. Ignore packet */
3739        if (le16_to_cpu(hdr.status) & 2)
3740                hdr.len = 0;
3741        if (ai->wifidev == NULL)
3742                hdr.len = 0;
3743        len = le16_to_cpu(hdr.len);
3744        if (len > AIRO_DEF_MTU) {
3745                airo_print_err(ai->dev->name, "Bad size %d", len);
3746                goto badrx;
3747        }
3748        if (len == 0)
3749                goto badrx;
3750
3751        fc = get_unaligned((__le16 *)ptr);
3752        hdrlen = header_len(fc);
3753
3754        skb = dev_alloc_skb(len + hdrlen + 2);
3755        if (!skb) {
3756                ai->dev->stats.rx_dropped++;
3757                goto badrx;
3758        }
3759        buffer = skb_put(skb, len + hdrlen);
3760        memcpy ((char *)buffer, ptr, hdrlen);
3761        ptr += hdrlen;
3762        if (hdrlen == 24)
3763                ptr += 6;
3764        gap = get_unaligned_le16(ptr);
3765        ptr += sizeof(__le16);
3766        if (gap) {
3767                if (gap <= 8)
3768                        ptr += gap;
3769                else
3770                        airo_print_err(ai->dev->name,
3771                            "gaplen too big. Problems will follow...");
3772        }
3773        memcpy ((char *)buffer + hdrlen, ptr, len);
3774        ptr += len;
3775#ifdef IW_WIRELESS_SPY    /* defined in iw_handler.h */
3776        if (ai->spy_data.spy_number > 0) {
3777                char *sa;
3778                struct iw_quality wstats;
3779                /* Prepare spy data : addr + qual */
3780                sa = (char*)buffer + 10;
3781                wstats.qual = hdr.rssi[0];
3782                if (ai->rssi)
3783                        wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
3784                else
3785                        wstats.level = (hdr.rssi[1] + 321) / 2;
3786                wstats.noise = ai->wstats.qual.noise;
3787                wstats.updated = IW_QUAL_QUAL_UPDATED
3788                        | IW_QUAL_LEVEL_UPDATED
3789                        | IW_QUAL_DBM;
3790                /* Update spy records */
3791                wireless_spy_update(ai->dev, sa, &wstats);
3792        }
3793#endif /* IW_WIRELESS_SPY */
3794        skb_reset_mac_header(skb);
3795        skb->pkt_type = PACKET_OTHERHOST;
3796        skb->dev = ai->wifidev;
3797        skb->protocol = htons(ETH_P_802_2);
3798        skb->ip_summed = CHECKSUM_NONE;
3799        netif_rx(skb);
3800
3801badrx:
3802        if (rxd.valid == 0) {
3803                rxd.valid = 1;
3804                rxd.rdy = 0;
3805                rxd.len = PKTSIZE;
3806                memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
3807        }
3808}
3809
3810static inline void set_auth_type(struct airo_info *local, int auth_type)
3811{
3812        local->config.authType = auth_type;
3813        /* Cache the last auth type used (of AUTH_OPEN and AUTH_ENCRYPT).
3814         * Used by airo_set_auth()
3815         */
3816        if (auth_type == AUTH_OPEN || auth_type == AUTH_ENCRYPT)
3817                local->last_auth = auth_type;
3818}
3819
3820static int noinline_for_stack airo_readconfig(struct airo_info *ai, u8 *mac, int lock)
3821{
3822        int i, status;
3823        /* large variables, so don't inline this function,
3824         * maybe change to kmalloc
3825         */
3826        tdsRssiRid rssi_rid;
3827        CapabilityRid cap_rid;
3828
3829        kfree(ai->SSID);
3830        ai->SSID = NULL;
3831        // general configuration (read/modify/write)
3832        status = readConfigRid(ai, lock);
3833        if (status != SUCCESS) return ERROR;
3834
3835        status = readCapabilityRid(ai, &cap_rid, lock);
3836        if (status != SUCCESS) return ERROR;
3837
3838        status = PC4500_readrid(ai, RID_RSSI, &rssi_rid, sizeof(rssi_rid), lock);
3839        if (status == SUCCESS) {
3840                if (ai->rssi || (ai->rssi = kmalloc(512, GFP_KERNEL)) != NULL)
3841                        memcpy(ai->rssi, (u8*)&rssi_rid + 2, 512); /* Skip RID length member */
3842        }
3843        else {
3844                kfree(ai->rssi);
3845                ai->rssi = NULL;
3846                if (cap_rid.softCap & cpu_to_le16(8))
3847                        ai->config.rmode |= RXMODE_NORMALIZED_RSSI;
3848                else
3849                        airo_print_warn(ai->dev->name, "unknown received signal "
3850                                        "level scale");
3851        }
3852        ai->config.opmode = adhoc ? MODE_STA_IBSS : MODE_STA_ESS;
3853        set_auth_type(ai, AUTH_OPEN);
3854        ai->config.modulation = MOD_CCK;
3855
3856        if (le16_to_cpu(cap_rid.len) >= sizeof(cap_rid) &&
3857            (cap_rid.extSoftCap & cpu_to_le16(1)) &&
3858            micsetup(ai) == SUCCESS) {
3859                ai->config.opmode |= MODE_MIC;
3860                set_bit(FLAG_MIC_CAPABLE, &ai->flags);
3861        }
3862
3863        /* Save off the MAC */
3864        for (i = 0; i < ETH_ALEN; i++) {
3865                mac[i] = ai->config.macAddr[i];
3866        }
3867
3868        /* Check to see if there are any insmod configured
3869           rates to add */
3870        if (rates[0]) {
3871                memset(ai->config.rates, 0, sizeof(ai->config.rates));
3872                for (i = 0; i < 8 && rates[i]; i++) {
3873                        ai->config.rates[i] = rates[i];
3874                }
3875        }
3876        set_bit (FLAG_COMMIT, &ai->flags);
3877
3878        return SUCCESS;
3879}
3880
3881
3882static u16 setup_card(struct airo_info *ai, u8 *mac, int lock)
3883{
3884        Cmd cmd;
3885        Resp rsp;
3886        int status;
3887        SsidRid mySsid;
3888        __le16 lastindex;
3889        WepKeyRid wkr;
3890        int rc;
3891
3892        memset(&mySsid, 0, sizeof(mySsid));
3893        kfree (ai->flash);
3894        ai->flash = NULL;
3895
3896        /* The NOP is the first step in getting the card going */
3897        cmd.cmd = NOP;
3898        cmd.parm0 = cmd.parm1 = cmd.parm2 = 0;
3899        if (lock && down_interruptible(&ai->sem))
3900                return ERROR;
3901        if (issuecommand(ai, &cmd, &rsp, true) != SUCCESS) {
3902                if (lock)
3903                        up(&ai->sem);
3904                return ERROR;
3905        }
3906        disable_MAC(ai, 0);
3907
3908        // Let's figure out if we need to use the AUX port
3909        if (!test_bit(FLAG_MPI,&ai->flags)) {
3910                cmd.cmd = CMD_ENABLEAUX;
3911                if (issuecommand(ai, &cmd, &rsp, true) != SUCCESS) {
3912                        if (lock)
3913                                up(&ai->sem);
3914                        airo_print_err(ai->dev->name, "Error checking for AUX port");
3915                        return ERROR;
3916                }
3917                if (!aux_bap || rsp.status & 0xff00) {
3918                        ai->bap_read = fast_bap_read;
3919                        airo_print_dbg(ai->dev->name, "Doing fast bap_reads");
3920                } else {
3921                        ai->bap_read = aux_bap_read;
3922                        airo_print_dbg(ai->dev->name, "Doing AUX bap_reads");
3923                }
3924        }
3925        if (lock)
3926                up(&ai->sem);
3927        if (ai->config.len == 0) {
3928                status = airo_readconfig(ai, mac, lock);
3929                if (status != SUCCESS)
3930                        return ERROR;
3931        }
3932
3933        /* Setup the SSIDs if present */
3934        if (ssids[0]) {
3935                int i;
3936                for (i = 0; i < 3 && ssids[i]; i++) {
3937                        size_t len = strlen(ssids[i]);
3938                        if (len > 32)
3939                                len = 32;
3940                        mySsid.ssids[i].len = cpu_to_le16(len);
3941                        memcpy(mySsid.ssids[i].ssid, ssids[i], len);
3942                }
3943                mySsid.len = cpu_to_le16(sizeof(mySsid));
3944        }
3945
3946        status = writeConfigRid(ai, lock);
3947        if (status != SUCCESS) return ERROR;
3948
3949        /* Set up the SSID list */
3950        if (ssids[0]) {
3951                status = writeSsidRid(ai, &mySsid, lock);
3952                if (status != SUCCESS) return ERROR;
3953        }
3954
3955        status = enable_MAC(ai, lock);
3956        if (status != SUCCESS)
3957                return ERROR;
3958
3959        /* Grab the initial wep key, we gotta save it for auto_wep */
3960        rc = readWepKeyRid(ai, &wkr, 1, lock);
3961        if (rc == SUCCESS) do {
3962                lastindex = wkr.kindex;
3963                if (wkr.kindex == cpu_to_le16(0xffff)) {
3964                        ai->defindex = wkr.mac[0];
3965                }
3966                rc = readWepKeyRid(ai, &wkr, 0, lock);
3967        } while (lastindex != wkr.kindex);
3968
3969        try_auto_wep(ai);
3970
3971        return SUCCESS;
3972}
3973
3974static u16 issuecommand(struct airo_info *ai, Cmd *pCmd, Resp *pRsp,
3975                        bool may_sleep)
3976{
3977        // Im really paranoid about letting it run forever!
3978        int max_tries = 600000;
3979
3980        if (IN4500(ai, EVSTAT) & EV_CMD)
3981                OUT4500(ai, EVACK, EV_CMD);
3982
3983        OUT4500(ai, PARAM0, pCmd->parm0);
3984        OUT4500(ai, PARAM1, pCmd->parm1);
3985        OUT4500(ai, PARAM2, pCmd->parm2);
3986        OUT4500(ai, COMMAND, pCmd->cmd);
3987
3988        while (max_tries-- && (IN4500(ai, EVSTAT) & EV_CMD) == 0) {
3989                if ((IN4500(ai, COMMAND)) == pCmd->cmd)
3990                        // PC4500 didn't notice command, try again
3991                        OUT4500(ai, COMMAND, pCmd->cmd);
3992                if (may_sleep && (max_tries & 255) == 0)
3993                        cond_resched();
3994        }
3995
3996        if (max_tries == -1) {
3997                airo_print_err(ai->dev->name,
3998                        "Max tries exceeded when issuing command");
3999                if (IN4500(ai, COMMAND) & COMMAND_BUSY)
4000                        OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
4001                return