Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
airo.c
Go to the documentation of this file.
1 /*======================================================================
2 
3  Aironet driver for 4500 and 4800 series cards
4 
5  This code is released under both the GPL version 2 and BSD licenses.
6  Either license may be used. The respective licenses are found at
7  the end of this file.
8 
9  This code was developed by Benjamin Reed <[email protected]>
10  including portions of which come from the Aironet PC4500
11  Developer's Reference Manual and used with permission. Copyright
12  (C) 1999 Benjamin Reed. All Rights Reserved. Permission to use
13  code in the Developer's manual was granted for this driver by
14  Aironet. Major code contributions were received from Javier Achirica
15  <[email protected]> and Jean Tourrilhes <[email protected]>.
16  Code was also integrated from the Cisco Aironet driver for Linux.
17  Support for MPI350 cards was added by Fabrice Bellet
19 
20 ======================================================================*/
21 
22 #include <linux/err.h>
23 #include <linux/init.h>
24 
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/proc_fs.h>
28 
29 #include <linux/sched.h>
30 #include <linux/ptrace.h>
31 #include <linux/slab.h>
32 #include <linux/string.h>
33 #include <linux/timer.h>
34 #include <linux/interrupt.h>
35 #include <linux/in.h>
36 #include <linux/bitops.h>
37 #include <linux/scatterlist.h>
38 #include <linux/crypto.h>
39 #include <asm/io.h>
40 #include <asm/unaligned.h>
41 
42 #include <linux/netdevice.h>
43 #include <linux/etherdevice.h>
44 #include <linux/skbuff.h>
45 #include <linux/if_arp.h>
46 #include <linux/ioport.h>
47 #include <linux/pci.h>
48 #include <asm/uaccess.h>
49 #include <linux/kthread.h>
50 #include <linux/freezer.h>
51 
52 #include <linux/ieee80211.h>
53 #include <net/iw_handler.h>
54 
55 #include "airo.h"
56 
57 #define DRV_NAME "airo"
58 
59 #ifdef CONFIG_PCI
60 static DEFINE_PCI_DEVICE_TABLE(card_ids) = {
61  { 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, },
62  { 0x14b9, 0x4500, PCI_ANY_ID, PCI_ANY_ID },
63  { 0x14b9, 0x4800, PCI_ANY_ID, PCI_ANY_ID, },
64  { 0x14b9, 0x0340, PCI_ANY_ID, PCI_ANY_ID, },
65  { 0x14b9, 0x0350, PCI_ANY_ID, PCI_ANY_ID, },
66  { 0x14b9, 0x5000, PCI_ANY_ID, PCI_ANY_ID, },
67  { 0x14b9, 0xa504, PCI_ANY_ID, PCI_ANY_ID, },
68  { 0, }
69 };
70 MODULE_DEVICE_TABLE(pci, card_ids);
71 
72 static int airo_pci_probe(struct pci_dev *, const struct pci_device_id *);
73 static void airo_pci_remove(struct pci_dev *);
74 static int airo_pci_suspend(struct pci_dev *pdev, pm_message_t state);
75 static int airo_pci_resume(struct pci_dev *pdev);
76 
77 static struct pci_driver airo_driver = {
78  .name = DRV_NAME,
79  .id_table = card_ids,
80  .probe = airo_pci_probe,
81  .remove = __devexit_p(airo_pci_remove),
82  .suspend = airo_pci_suspend,
83  .resume = airo_pci_resume,
84 };
85 #endif /* CONFIG_PCI */
86 
87 /* Include Wireless Extension definition and check version - Jean II */
88 #include <linux/wireless.h>
89 #define WIRELESS_SPY /* enable iwspy support */
90 
91 #define CISCO_EXT /* enable Cisco extensions */
92 #ifdef CISCO_EXT
93 #include <linux/delay.h>
94 #endif
95 
96 /* Hack to do some power saving */
97 #define POWER_ON_DOWN
98 
99 /* As you can see this list is HUGH!
100  I really don't know what a lot of these counts are about, but they
101  are all here for completeness. If the IGNLABEL macro is put in
102  infront of the label, that statistic will not be included in the list
103  of statistics in the /proc filesystem */
104 
105 #define IGNLABEL(comment) NULL
106 static const char *statsLabels[] = {
107  "RxOverrun",
108  IGNLABEL("RxPlcpCrcErr"),
109  IGNLABEL("RxPlcpFormatErr"),
110  IGNLABEL("RxPlcpLengthErr"),
111  "RxMacCrcErr",
112  "RxMacCrcOk",
113  "RxWepErr",
114  "RxWepOk",
115  "RetryLong",
116  "RetryShort",
117  "MaxRetries",
118  "NoAck",
119  "NoCts",
120  "RxAck",
121  "RxCts",
122  "TxAck",
123  "TxRts",
124  "TxCts",
125  "TxMc",
126  "TxBc",
127  "TxUcFrags",
128  "TxUcPackets",
129  "TxBeacon",
130  "RxBeacon",
131  "TxSinColl",
132  "TxMulColl",
133  "DefersNo",
134  "DefersProt",
135  "DefersEngy",
136  "DupFram",
137  "RxFragDisc",
138  "TxAged",
139  "RxAged",
140  "LostSync-MaxRetry",
141  "LostSync-MissedBeacons",
142  "LostSync-ArlExceeded",
143  "LostSync-Deauth",
144  "LostSync-Disassoced",
145  "LostSync-TsfTiming",
146  "HostTxMc",
147  "HostTxBc",
148  "HostTxUc",
149  "HostTxFail",
150  "HostRxMc",
151  "HostRxBc",
152  "HostRxUc",
153  "HostRxDiscard",
154  IGNLABEL("HmacTxMc"),
155  IGNLABEL("HmacTxBc"),
156  IGNLABEL("HmacTxUc"),
157  IGNLABEL("HmacTxFail"),
158  IGNLABEL("HmacRxMc"),
159  IGNLABEL("HmacRxBc"),
160  IGNLABEL("HmacRxUc"),
161  IGNLABEL("HmacRxDiscard"),
162  IGNLABEL("HmacRxAccepted"),
163  "SsidMismatch",
164  "ApMismatch",
165  "RatesMismatch",
166  "AuthReject",
167  "AuthTimeout",
168  "AssocReject",
169  "AssocTimeout",
170  IGNLABEL("ReasonOutsideTable"),
171  IGNLABEL("ReasonStatus1"),
172  IGNLABEL("ReasonStatus2"),
173  IGNLABEL("ReasonStatus3"),
174  IGNLABEL("ReasonStatus4"),
175  IGNLABEL("ReasonStatus5"),
176  IGNLABEL("ReasonStatus6"),
177  IGNLABEL("ReasonStatus7"),
178  IGNLABEL("ReasonStatus8"),
179  IGNLABEL("ReasonStatus9"),
180  IGNLABEL("ReasonStatus10"),
181  IGNLABEL("ReasonStatus11"),
182  IGNLABEL("ReasonStatus12"),
183  IGNLABEL("ReasonStatus13"),
184  IGNLABEL("ReasonStatus14"),
185  IGNLABEL("ReasonStatus15"),
186  IGNLABEL("ReasonStatus16"),
187  IGNLABEL("ReasonStatus17"),
188  IGNLABEL("ReasonStatus18"),
189  IGNLABEL("ReasonStatus19"),
190  "RxMan",
191  "TxMan",
192  "RxRefresh",
193  "TxRefresh",
194  "RxPoll",
195  "TxPoll",
196  "HostRetries",
197  "LostSync-HostReq",
198  "HostTxBytes",
199  "HostRxBytes",
200  "ElapsedUsec",
201  "ElapsedSec",
202  "LostSyncBetterAP",
203  "PrivacyMismatch",
204  "Jammed",
205  "DiscRxNotWepped",
206  "PhyEleMismatch",
207  (char*)-1 };
208 #ifndef RUN_AT
209 #define RUN_AT(x) (jiffies+(x))
210 #endif
211 
212 
213 /* These variables are for insmod, since it seems that the rates
214  can only be set in setup_card. Rates should be a comma separated
215  (no spaces) list of rates (up to 8). */
216 
217 static int rates[8];
218 static char *ssids[3];
219 
220 static int io[4];
221 static int irq[4];
222 
223 static
224 int maxencrypt /* = 0 */; /* The highest rate that the card can encrypt at.
225  0 means no limit. For old cards this was 4 */
226 
227 static int auto_wep /* = 0 */; /* If set, it tries to figure out the wep mode */
228 static int aux_bap /* = 0 */; /* Checks to see if the aux ports are needed to read
229  the bap, needed on some older cards and buses. */
230 static int adhoc;
231 
232 static int probe = 1;
233 
234 static kuid_t proc_kuid;
235 static int proc_uid /* = 0 */;
236 
237 static kgid_t proc_kgid;
238 static int proc_gid /* = 0 */;
239 
240 static int airo_perm = 0555;
241 
242 static int proc_perm = 0644;
243 
244 MODULE_AUTHOR("Benjamin Reed");
245 MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards. "
246  "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs.");
247 MODULE_LICENSE("Dual BSD/GPL");
248 MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350");
249 module_param_array(io, int, NULL, 0);
250 module_param_array(irq, int, NULL, 0);
251 module_param_array(rates, int, NULL, 0);
252 module_param_array(ssids, charp, NULL, 0);
253 module_param(auto_wep, int, 0);
254 MODULE_PARM_DESC(auto_wep,
255  "If non-zero, the driver will keep looping through the authentication options until an association is made. "
256  "The value of auto_wep is number of the wep keys to check. "
257  "A value of 2 will try using the key at index 0 and index 1.");
258 module_param(aux_bap, int, 0);
259 MODULE_PARM_DESC(aux_bap,
260  "If non-zero, the driver will switch into a mode that seems to work better for older cards with some older buses. "
261  "Before switching it checks that the switch is needed.");
262 module_param(maxencrypt, int, 0);
263 MODULE_PARM_DESC(maxencrypt,
264  "The maximum speed that the card can do encryption. "
265  "Units are in 512kbs. "
266  "Zero (default) means there is no limit. "
267  "Older cards used to be limited to 2mbs (4).");
268 module_param(adhoc, int, 0);
269 MODULE_PARM_DESC(adhoc, "If non-zero, the card will start in adhoc mode.");
270 module_param(probe, int, 0);
271 MODULE_PARM_DESC(probe, "If zero, the driver won't start the card.");
272 
273 module_param(proc_uid, int, 0);
274 MODULE_PARM_DESC(proc_uid, "The uid that the /proc files will belong to.");
275 module_param(proc_gid, int, 0);
276 MODULE_PARM_DESC(proc_gid, "The gid that the /proc files will belong to.");
277 module_param(airo_perm, int, 0);
278 MODULE_PARM_DESC(airo_perm, "The permission bits of /proc/[driver/]aironet.");
279 module_param(proc_perm, int, 0);
280 MODULE_PARM_DESC(proc_perm, "The permission bits of the files in /proc");
281 
282 /* This is a kind of sloppy hack to get this information to OUT4500 and
283  IN4500. I would be extremely interested in the situation where this
284  doesn't work though!!! */
285 static int do8bitIO /* = 0 */;
286 
287 /* Return codes */
288 #define SUCCESS 0
289 #define ERROR -1
290 #define NO_PACKET -2
291 
292 /* Commands */
293 #define NOP2 0x0000
294 #define MAC_ENABLE 0x0001
295 #define MAC_DISABLE 0x0002
296 #define CMD_LOSE_SYNC 0x0003 /* Not sure what this does... */
297 #define CMD_SOFTRESET 0x0004
298 #define HOSTSLEEP 0x0005
299 #define CMD_MAGIC_PKT 0x0006
300 #define CMD_SETWAKEMASK 0x0007
301 #define CMD_READCFG 0x0008
302 #define CMD_SETMODE 0x0009
303 #define CMD_ALLOCATETX 0x000a
304 #define CMD_TRANSMIT 0x000b
305 #define CMD_DEALLOCATETX 0x000c
306 #define NOP 0x0010
307 #define CMD_WORKAROUND 0x0011
308 #define CMD_ALLOCATEAUX 0x0020
309 #define CMD_ACCESS 0x0021
310 #define CMD_PCIBAP 0x0022
311 #define CMD_PCIAUX 0x0023
312 #define CMD_ALLOCBUF 0x0028
313 #define CMD_GETTLV 0x0029
314 #define CMD_PUTTLV 0x002a
315 #define CMD_DELTLV 0x002b
316 #define CMD_FINDNEXTTLV 0x002c
317 #define CMD_PSPNODES 0x0030
318 #define CMD_SETCW 0x0031
319 #define CMD_SETPCF 0x0032
320 #define CMD_SETPHYREG 0x003e
321 #define CMD_TXTEST 0x003f
322 #define MAC_ENABLETX 0x0101
323 #define CMD_LISTBSS 0x0103
324 #define CMD_SAVECFG 0x0108
325 #define CMD_ENABLEAUX 0x0111
326 #define CMD_WRITERID 0x0121
327 #define CMD_USEPSPNODES 0x0130
328 #define MAC_ENABLERX 0x0201
329 
330 /* Command errors */
331 #define ERROR_QUALIF 0x00
332 #define ERROR_ILLCMD 0x01
333 #define ERROR_ILLFMT 0x02
334 #define ERROR_INVFID 0x03
335 #define ERROR_INVRID 0x04
336 #define ERROR_LARGE 0x05
337 #define ERROR_NDISABL 0x06
338 #define ERROR_ALLOCBSY 0x07
339 #define ERROR_NORD 0x0B
340 #define ERROR_NOWR 0x0C
341 #define ERROR_INVFIDTX 0x0D
342 #define ERROR_TESTACT 0x0E
343 #define ERROR_TAGNFND 0x12
344 #define ERROR_DECODE 0x20
345 #define ERROR_DESCUNAV 0x21
346 #define ERROR_BADLEN 0x22
347 #define ERROR_MODE 0x80
348 #define ERROR_HOP 0x81
349 #define ERROR_BINTER 0x82
350 #define ERROR_RXMODE 0x83
351 #define ERROR_MACADDR 0x84
352 #define ERROR_RATES 0x85
353 #define ERROR_ORDER 0x86
354 #define ERROR_SCAN 0x87
355 #define ERROR_AUTH 0x88
356 #define ERROR_PSMODE 0x89
357 #define ERROR_RTYPE 0x8A
358 #define ERROR_DIVER 0x8B
359 #define ERROR_SSID 0x8C
360 #define ERROR_APLIST 0x8D
361 #define ERROR_AUTOWAKE 0x8E
362 #define ERROR_LEAP 0x8F
363 
364 /* Registers */
365 #define COMMAND 0x00
366 #define PARAM0 0x02
367 #define PARAM1 0x04
368 #define PARAM2 0x06
369 #define STATUS 0x08
370 #define RESP0 0x0a
371 #define RESP1 0x0c
372 #define RESP2 0x0e
373 #define LINKSTAT 0x10
374 #define SELECT0 0x18
375 #define OFFSET0 0x1c
376 #define RXFID 0x20
377 #define TXALLOCFID 0x22
378 #define TXCOMPLFID 0x24
379 #define DATA0 0x36
380 #define EVSTAT 0x30
381 #define EVINTEN 0x32
382 #define EVACK 0x34
383 #define SWS0 0x28
384 #define SWS1 0x2a
385 #define SWS2 0x2c
386 #define SWS3 0x2e
387 #define AUXPAGE 0x3A
388 #define AUXOFF 0x3C
389 #define AUXDATA 0x3E
390 
391 #define FID_TX 1
392 #define FID_RX 2
393 /* Offset into aux memory for descriptors */
394 #define AUX_OFFSET 0x800
395 /* Size of allocated packets */
396 #define PKTSIZE 1840
397 #define RIDSIZE 2048
398 /* Size of the transmit queue */
399 #define MAXTXQ 64
400 
401 /* BAP selectors */
402 #define BAP0 0 /* Used for receiving packets */
403 #define BAP1 2 /* Used for xmiting packets and working with RIDS */
404 
405 /* Flags */
406 #define COMMAND_BUSY 0x8000
407 
408 #define BAP_BUSY 0x8000
409 #define BAP_ERR 0x4000
410 #define BAP_DONE 0x2000
411 
412 #define PROMISC 0xffff
413 #define NOPROMISC 0x0000
414 
415 #define EV_CMD 0x10
416 #define EV_CLEARCOMMANDBUSY 0x4000
417 #define EV_RX 0x01
418 #define EV_TX 0x02
419 #define EV_TXEXC 0x04
420 #define EV_ALLOC 0x08
421 #define EV_LINK 0x80
422 #define EV_AWAKE 0x100
423 #define EV_TXCPY 0x400
424 #define EV_UNKNOWN 0x800
425 #define EV_MIC 0x1000 /* Message Integrity Check Interrupt */
426 #define EV_AWAKEN 0x2000
427 #define STATUS_INTS (EV_AWAKE|EV_LINK|EV_TXEXC|EV_TX|EV_TXCPY|EV_RX|EV_MIC)
428 
429 #ifdef CHECK_UNKNOWN_INTS
430 #define IGNORE_INTS ( EV_CMD | EV_UNKNOWN)
431 #else
432 #define IGNORE_INTS (~STATUS_INTS)
433 #endif
434 
435 /* RID TYPES */
436 #define RID_RW 0x20
437 
438 /* The RIDs */
439 #define RID_CAPABILITIES 0xFF00
440 #define RID_APINFO 0xFF01
441 #define RID_RADIOINFO 0xFF02
442 #define RID_UNKNOWN3 0xFF03
443 #define RID_RSSI 0xFF04
444 #define RID_CONFIG 0xFF10
445 #define RID_SSID 0xFF11
446 #define RID_APLIST 0xFF12
447 #define RID_DRVNAME 0xFF13
448 #define RID_ETHERENCAP 0xFF14
449 #define RID_WEP_TEMP 0xFF15
450 #define RID_WEP_PERM 0xFF16
451 #define RID_MODULATION 0xFF17
452 #define RID_OPTIONS 0xFF18
453 #define RID_ACTUALCONFIG 0xFF20 /*readonly*/
454 #define RID_FACTORYCONFIG 0xFF21
455 #define RID_UNKNOWN22 0xFF22
456 #define RID_LEAPUSERNAME 0xFF23
457 #define RID_LEAPPASSWORD 0xFF24
458 #define RID_STATUS 0xFF50
459 #define RID_BEACON_HST 0xFF51
460 #define RID_BUSY_HST 0xFF52
461 #define RID_RETRIES_HST 0xFF53
462 #define RID_UNKNOWN54 0xFF54
463 #define RID_UNKNOWN55 0xFF55
464 #define RID_UNKNOWN56 0xFF56
465 #define RID_MIC 0xFF57
466 #define RID_STATS16 0xFF60
467 #define RID_STATS16DELTA 0xFF61
468 #define RID_STATS16DELTACLEAR 0xFF62
469 #define RID_STATS 0xFF68
470 #define RID_STATSDELTA 0xFF69
471 #define RID_STATSDELTACLEAR 0xFF6A
472 #define RID_ECHOTEST_RID 0xFF70
473 #define RID_ECHOTEST_RESULTS 0xFF71
474 #define RID_BSSLISTFIRST 0xFF72
475 #define RID_BSSLISTNEXT 0xFF73
476 #define RID_WPA_BSSLISTFIRST 0xFF74
477 #define RID_WPA_BSSLISTNEXT 0xFF75
478 
479 typedef struct {
484 } Cmd;
485 
486 typedef struct {
491 } Resp;
492 
493 /*
494  * Rids and endian-ness: The Rids will always be in cpu endian, since
495  * this all the patches from the big-endian guys end up doing that.
496  * so all rid access should use the read/writeXXXRid routines.
497  */
498 
499 /* This structure came from an email sent to me from an engineer at
500  aironet for inclusion into this driver */
501 typedef struct WepKeyRid WepKeyRid;
502 struct WepKeyRid {
507  u8 key[16];
508 } __packed;
509 
510 /* These structures are from the Aironet's PC4500 Developers Manual */
511 typedef struct Ssid Ssid;
512 struct Ssid {
514  u8 ssid[32];
515 } __packed;
516 
517 typedef struct SsidRid SsidRid;
518 struct SsidRid {
520  Ssid ssids[3];
521 } __packed;
522 
527 #define MOD_DEFAULT cpu_to_le16(0)
528 #define MOD_CCK cpu_to_le16(1)
529 #define MOD_MOK cpu_to_le16(2)
530 } __packed;
531 
532 typedef struct ConfigRid ConfigRid;
533 struct ConfigRid {
534  __le16 len; /* sizeof(ConfigRid) */
535  __le16 opmode; /* operating mode */
536 #define MODE_STA_IBSS cpu_to_le16(0)
537 #define MODE_STA_ESS cpu_to_le16(1)
538 #define MODE_AP cpu_to_le16(2)
539 #define MODE_AP_RPTR cpu_to_le16(3)
540 #define MODE_CFG_MASK cpu_to_le16(0xff)
541 #define MODE_ETHERNET_HOST cpu_to_le16(0<<8) /* rx payloads converted */
542 #define MODE_LLC_HOST cpu_to_le16(1<<8) /* rx payloads left as is */
543 #define MODE_AIRONET_EXTEND cpu_to_le16(1<<9) /* enable Aironet extenstions */
544 #define MODE_AP_INTERFACE cpu_to_le16(1<<10) /* enable ap interface extensions */
545 #define MODE_ANTENNA_ALIGN cpu_to_le16(1<<11) /* enable antenna alignment */
546 #define MODE_ETHER_LLC cpu_to_le16(1<<12) /* enable ethernet LLC */
547 #define MODE_LEAF_NODE cpu_to_le16(1<<13) /* enable leaf node bridge */
548 #define MODE_CF_POLLABLE cpu_to_le16(1<<14) /* enable CF pollable */
549 #define MODE_MIC cpu_to_le16(1<<15) /* enable MIC */
550  __le16 rmode; /* receive mode */
551 #define RXMODE_BC_MC_ADDR cpu_to_le16(0)
552 #define RXMODE_BC_ADDR cpu_to_le16(1) /* ignore multicasts */
553 #define RXMODE_ADDR cpu_to_le16(2) /* ignore multicast and broadcast */
554 #define RXMODE_RFMON cpu_to_le16(3) /* wireless monitor mode */
555 #define RXMODE_RFMON_ANYBSS cpu_to_le16(4)
556 #define RXMODE_LANMON cpu_to_le16(5) /* lan style monitor -- data packets only */
557 #define RXMODE_MASK cpu_to_le16(255)
558 #define RXMODE_DISABLE_802_3_HEADER cpu_to_le16(1<<8) /* disables 802.3 header on rx */
559 #define RXMODE_FULL_MASK (RXMODE_MASK | RXMODE_DISABLE_802_3_HEADER)
560 #define RXMODE_NORMALIZED_RSSI cpu_to_le16(1<<9) /* return normalized RSSI */
564  u8 rates[8];
567  __le16 txLifetime; /* in kusec */
568  __le16 rxLifetime; /* in kusec */
571  __le16 u16deviceType; /* for overriding device type */
575  /*---------- Scanning/Associating ----------*/
577 #define SCANMODE_ACTIVE cpu_to_le16(0)
578 #define SCANMODE_PASSIVE cpu_to_le16(1)
579 #define SCANMODE_AIROSCAN cpu_to_le16(2)
580  __le16 probeDelay; /* in kusec */
581  __le16 probeEnergyTimeout; /* in kusec */
587 #define AUTH_OPEN cpu_to_le16(0x1)
588 #define AUTH_ENCRYPT cpu_to_le16(0x101)
589 #define AUTH_SHAREDKEY cpu_to_le16(0x102)
590 #define AUTH_ALLOW_UNENCRYPTED cpu_to_le16(0x200)
598 #define DISABLE_REFRESH cpu_to_le16(0xFFFF)
600  /*---------- Power save operation ----------*/
602 #define POWERSAVE_CAM cpu_to_le16(0)
603 #define POWERSAVE_PSP cpu_to_le16(1)
604 #define POWERSAVE_PSPCAM cpu_to_le16(2)
611  /*---------- Ap/Ibss config items ----------*/
620  /*---------- Radio configuration ----------*/
622 #define RADIOTYPE_DEFAULT cpu_to_le16(0)
623 #define RADIOTYPE_802_11 cpu_to_le16(1)
624 #define RADIOTYPE_LEGACY cpu_to_le16(2)
628 #define TXPOWER_DEFAULT 0
630 #define RSSI_DEFAULT 0
632 #define PREAMBLE_AUTO cpu_to_le16(0)
633 #define PREAMBLE_LONG cpu_to_le16(1)
634 #define PREAMBLE_SHORT cpu_to_le16(2)
638  /*---------- Aironet Extensions ----------*/
644  /*---------- Aironet Extensions ----------*/
646 #define MAGIC_ACTION_STSCHG 1
647 #define MAGIC_ACTION_RESUME 2
648 #define MAGIC_IGNORE_MCAST (1<<8)
649 #define MAGIC_IGNORE_BCAST (1<<9)
650 #define MAGIC_SWITCH_TO_PSP (0<<10)
651 #define MAGIC_STAY_IN_CAM (1<<10)
654 } __packed;
655 
656 typedef struct StatusRid StatusRid;
657 struct StatusRid {
664  char SSID[32];
665  char apName[16];
682  u8 apIP[4];
683  u8 noisePercent; /* Noise percent in last second */
684  u8 noisedBm; /* Noise dBm in last second */
685  u8 noiseAvePercent; /* Noise percent in last minute */
686  u8 noiseAvedBm; /* Noise dBm in last minute */
687  u8 noiseMaxPercent; /* Highest noise percent in last minute */
688  u8 noiseMaxdBm; /* Highest noise dbm in last minute */
692 #define STAT_NOPACKETS 0
693 #define STAT_NOCARRIERSET 10
694 #define STAT_GOTCARRIERSET 11
695 #define STAT_WRONGSSID 20
696 #define STAT_BADCHANNEL 25
697 #define STAT_BADBITRATES 30
698 #define STAT_BADPRIVACY 35
699 #define STAT_APFOUND 40
700 #define STAT_APREJECTED 50
701 #define STAT_AUTHENTICATING 60
702 #define STAT_DEAUTHENTICATED 61
703 #define STAT_AUTHTIMEOUT 62
704 #define STAT_ASSOCIATING 70
705 #define STAT_DEASSOCIATED 71
706 #define STAT_ASSOCTIMEOUT 72
707 #define STAT_NOTAIROAP 73
708 #define STAT_ASSOCIATED 80
709 #define STAT_LEAPING 90
710 #define STAT_LEAPFAILED 91
711 #define STAT_LEAPTIMEDOUT 92
712 #define STAT_LEAPCOMPLETE 93
713 } __packed;
714 
715 typedef struct StatsRid StatsRid;
716 struct StatsRid {
719  __le32 vals[100];
720 } __packed;
721 
722 typedef struct APListRid APListRid;
723 struct APListRid {
726 } __packed;
727 
731  char oui[3];
732  char zero;
734  char manName[32];
735  char prodName[16];
736  char prodVer[8];
742  char supportedRates[8];
756 } __packed;
757 
758 /* Only present on firmware >= 5.30.17 */
762  u8 fixed[12]; /* WLAN management frame */
763  u8 iep[624];
764 } __packed;
765 
766 typedef struct BSSListRid BSSListRid;
767 struct BSSListRid {
769  __le16 index; /* First is 0 and 0xffff means end of list */
770 #define RADIO_FH 1 /* Frequency hopping radio type */
771 #define RADIO_DS 2 /* Direct sequence radio type */
772 #define RADIO_TMA 4 /* Proprietary radio used in old cards (2500) */
774  u8 bssid[ETH_ALEN]; /* Mac address of the BSS */
777  u8 ssid[32];
779 #define CAP_ESS cpu_to_le16(1<<0)
780 #define CAP_IBSS cpu_to_le16(1<<1)
781 #define CAP_PRIVACY cpu_to_le16(1<<4)
782 #define CAP_SHORTHDR cpu_to_le16(1<<5)
785  u8 rates[8]; /* Same as rates for config rid */
786  struct { /* For frequency hopping only */
792  } fh;
795 
796  /* Only present on firmware >= 5.30.17 */
798 } __packed;
799 
800 typedef struct {
802  struct list_head list;
804 
805 typedef struct tdsRssiEntry tdsRssiEntry;
806 struct tdsRssiEntry {
809 } __packed;
810 
811 typedef struct tdsRssiRid tdsRssiRid;
812 struct tdsRssiRid {
815 } __packed;
816 
817 typedef struct MICRid MICRid;
818 struct MICRid {
824  u8 unicast[16];
825 } __packed;
826 
827 typedef struct MICBuffer MICBuffer;
828 struct MICBuffer {
830 
831  union {
832  u8 snap[8];
833  struct {
839  } llc;
840  } u;
843 } __packed;
844 
845 typedef struct {
848 } etherHead;
849 
850 #define TXCTL_TXOK (1<<1) /* report if tx is ok */
851 #define TXCTL_TXEX (1<<2) /* report if tx fails */
852 #define TXCTL_802_3 (0<<3) /* 802.3 packet */
853 #define TXCTL_802_11 (1<<3) /* 802.11 mac packet */
854 #define TXCTL_ETHERNET (0<<4) /* payload has ethertype */
855 #define TXCTL_LLC (1<<4) /* payload is llc */
856 #define TXCTL_RELEASE (0<<5) /* release after completion */
857 #define TXCTL_NORELEASE (1<<5) /* on completion returns to host */
858 
859 #define BUSY_FID 0x10000
860 
861 #ifdef CISCO_EXT
862 #define AIROMAGIC 0xa55a
863 /* Warning : SIOCDEVPRIVATE may disapear during 2.5.X - Jean II */
864 #ifdef SIOCIWFIRSTPRIV
865 #ifdef SIOCDEVPRIVATE
866 #define AIROOLDIOCTL SIOCDEVPRIVATE
867 #define AIROOLDIDIFC AIROOLDIOCTL + 1
868 #endif /* SIOCDEVPRIVATE */
869 #else /* SIOCIWFIRSTPRIV */
870 #define SIOCIWFIRSTPRIV SIOCDEVPRIVATE
871 #endif /* SIOCIWFIRSTPRIV */
872 /* This may be wrong. When using the new SIOCIWFIRSTPRIV range, we probably
873  * should use only "GET" ioctls (last bit set to 1). "SET" ioctls are root
874  * only and don't return the modified struct ifreq to the application which
875  * is usually a problem. - Jean II */
876 #define AIROIOCTL SIOCIWFIRSTPRIV
877 #define AIROIDIFC AIROIOCTL + 1
878 
879 /* Ioctl constants to be used in airo_ioctl.command */
880 
881 #define AIROGCAP 0 // Capability rid
882 #define AIROGCFG 1 // USED A LOT
883 #define AIROGSLIST 2 // System ID list
884 #define AIROGVLIST 3 // List of specified AP's
885 #define AIROGDRVNAM 4 // NOTUSED
886 #define AIROGEHTENC 5 // NOTUSED
887 #define AIROGWEPKTMP 6
888 #define AIROGWEPKNV 7
889 #define AIROGSTAT 8
890 #define AIROGSTATSC32 9
891 #define AIROGSTATSD32 10
892 #define AIROGMICRID 11
893 #define AIROGMICSTATS 12
894 #define AIROGFLAGS 13
895 #define AIROGID 14
896 #define AIRORRID 15
897 #define AIRORSWVERSION 17
898 
899 /* Leave gap of 40 commands after AIROGSTATSD32 for future */
900 
901 #define AIROPCAP AIROGSTATSD32 + 40
902 #define AIROPVLIST AIROPCAP + 1
903 #define AIROPSLIST AIROPVLIST + 1
904 #define AIROPCFG AIROPSLIST + 1
905 #define AIROPSIDS AIROPCFG + 1
906 #define AIROPAPLIST AIROPSIDS + 1
907 #define AIROPMACON AIROPAPLIST + 1 /* Enable mac */
908 #define AIROPMACOFF AIROPMACON + 1 /* Disable mac */
909 #define AIROPSTCLR AIROPMACOFF + 1
910 #define AIROPWEPKEY AIROPSTCLR + 1
911 #define AIROPWEPKEYNV AIROPWEPKEY + 1
912 #define AIROPLEAPPWD AIROPWEPKEYNV + 1
913 #define AIROPLEAPUSR AIROPLEAPPWD + 1
914 
915 /* Flash codes */
916 
917 #define AIROFLSHRST AIROPWEPKEYNV + 40
918 #define AIROFLSHGCHR AIROFLSHRST + 1
919 #define AIROFLSHSTFL AIROFLSHGCHR + 1
920 #define AIROFLSHPCHR AIROFLSHSTFL + 1
921 #define AIROFLPUTBUF AIROFLSHPCHR + 1
922 #define AIRORESTART AIROFLPUTBUF + 1
923 
924 #define FLASHSIZE 32768
925 #define AUXMEMSIZE (256 * 1024)
926 
927 typedef struct aironet_ioctl {
928  unsigned short command; // What to do
929  unsigned short len; // Len of data
930  unsigned short ridnum; // rid number
931  unsigned char __user *data; // d-data
932 } aironet_ioctl;
933 
934 static const char swversion[] = "2.1";
935 #endif /* CISCO_EXT */
936 
937 #define NUM_MODULES 2
938 #define MIC_MSGLEN_MAX 2400
939 #define EMMH32_MSGLEN_MAX MIC_MSGLEN_MAX
940 #define AIRO_DEF_MTU 2312
941 
942 typedef struct {
943  u32 size; // size
944  u8 enabled; // MIC enabled or not
945  u32 rxSuccess; // successful packets received
946  u32 rxIncorrectMIC; // pkts dropped due to incorrect MIC comparison
947  u32 rxNotMICed; // pkts dropped due to not being MIC'd
948  u32 rxMICPlummed; // pkts dropped due to not having a MIC plummed
949  u32 rxWrongSequence; // pkts dropped due to sequence number violation
952 
953 typedef struct {
955  u64 accum; // accumulated mic, reduced to u32 in final()
956  int position; // current position (byte offset) in message
957  union {
958  u8 d8[4];
960  } part; // saves partial message word across update() calls
962 
963 typedef struct {
964  emmh32_context seed; // Context - the seed
965  u32 rx; // Received sequence number
966  u32 tx; // Tx sequence number
967  u32 window; // Start of window
968  u8 valid; // Flag to say if context is valid or not
969  u8 key[16];
970 } miccntx;
971 
972 typedef struct {
973  miccntx mCtx; // Multicast context
974  miccntx uCtx; // Unicast context
975 } mic_module;
976 
977 typedef struct {
978  unsigned int rid: 16;
979  unsigned int len: 15;
980  unsigned int valid: 1;
982 } Rid;
983 
984 typedef struct {
985  unsigned int offset: 15;
986  unsigned int eoc: 1;
987  unsigned int len: 15;
988  unsigned int valid: 1;
990 } TxFid;
991 
992 struct rx_hdr {
994  u8 rssi[2];
998 } __packed;
999 
1000 typedef struct {
1001  unsigned int ctl: 15;
1002  unsigned int rdy: 1;
1003  unsigned int len: 15;
1004  unsigned int valid: 1;
1006 } RxFid;
1007 
1008 /*
1009  * Host receive descriptor
1010  */
1011 typedef struct {
1012  unsigned char __iomem *card_ram_off; /* offset into card memory of the
1013  desc */
1014  RxFid rx_desc; /* card receive descriptor */
1015  char *virtual_host_addr; /* virtual address of host receive
1016  buffer */
1017  int pending;
1018 } HostRxDesc;
1019 
1020 /*
1021  * Host transmit descriptor
1022  */
1023 typedef struct {
1024  unsigned char __iomem *card_ram_off; /* offset into card memory of the
1025  desc */
1026  TxFid tx_desc; /* card transmit descriptor */
1027  char *virtual_host_addr; /* virtual address of host receive
1028  buffer */
1029  int pending;
1030 } HostTxDesc;
1031 
1032 /*
1033  * Host RID descriptor
1034  */
1035 typedef struct {
1036  unsigned char __iomem *card_ram_off; /* offset into card memory of the
1037  descriptor */
1038  Rid rid_desc; /* card RID descriptor */
1039  char *virtual_host_addr; /* virtual address of host receive
1040  buffer */
1041 } HostRidDesc;
1042 
1043 typedef struct {
1048 #define HOST_SET (1 << 0)
1049 #define HOST_INT_TX (1 << 1) /* Interrupt on successful TX */
1050 #define HOST_INT_TXERR (1 << 2) /* Interrupt on unseccessful TX */
1051 #define HOST_LCC_PAYLOAD (1 << 4) /* LLC payload, 0 = Ethertype */
1052 #define HOST_DONT_RLSE (1 << 5) /* Don't release buffer when done */
1053 #define HOST_DONT_RETRY (1 << 6) /* Don't retry trasmit */
1054 #define HOST_CLR_AID (1 << 7) /* clear AID failure */
1055 #define HOST_RTS (1 << 9) /* Force RTS use */
1056 #define HOST_SHORT (1 << 10) /* Do short preamble */
1061 } TxCtlHdr;
1062 
1063 typedef struct {
1066  char addr1[6];
1067  char addr2[6];
1068  char addr3[6];
1070  char addr4[6];
1071 } WifiHdr;
1072 
1073 
1074 typedef struct {
1081 } WifiCtlHdr;
1082 
1083 static WifiCtlHdr wifictlhdr8023 = {
1084  .ctlhdr = {
1085  .ctl = HOST_DONT_RLSE,
1086  }
1087 };
1088 
1089 // A few details needed for WEP (Wireless Equivalent Privacy)
1090 #define MAX_KEY_SIZE 13 // 128 (?) bits
1091 #define MIN_KEY_SIZE 5 // 40 bits RC4 - WEP
1092 typedef struct wep_key_t {
1094  u8 key[16]; /* 40-bit and 104-bit keys */
1095 } wep_key_t;
1096 
1097 /* List of Wireless Handlers (new API) */
1098 static const struct iw_handler_def airo_handler_def;
1099 
1100 static const char version[] = "airo.c 0.6 (Ben Reed & Javier Achirica)";
1101 
1102 struct airo_info;
1103 
1104 static int get_dec_u16( char *buffer, int *start, int limit );
1105 static void OUT4500( struct airo_info *, u16 register, u16 value );
1106 static unsigned short IN4500( struct airo_info *, u16 register );
1107 static u16 setup_card(struct airo_info*, u8 *mac, int lock);
1108 static int enable_MAC(struct airo_info *ai, int lock);
1109 static void disable_MAC(struct airo_info *ai, int lock);
1110 static void enable_interrupts(struct airo_info*);
1111 static void disable_interrupts(struct airo_info*);
1112 static u16 issuecommand(struct airo_info*, Cmd *pCmd, Resp *pRsp);
1113 static int bap_setup(struct airo_info*, u16 rid, u16 offset, int whichbap);
1114 static int aux_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
1115  int whichbap);
1116 static int fast_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
1117  int whichbap);
1118 static int bap_write(struct airo_info*, const __le16 *pu16Src, int bytelen,
1119  int whichbap);
1120 static int PC4500_accessrid(struct airo_info*, u16 rid, u16 accmd);
1121 static int PC4500_readrid(struct airo_info*, u16 rid, void *pBuf, int len, int lock);
1122 static int PC4500_writerid(struct airo_info*, u16 rid, const void
1123  *pBuf, int len, int lock);
1124 static int do_writerid( struct airo_info*, u16 rid, const void *rid_data,
1125  int len, int dummy );
1126 static u16 transmit_allocate(struct airo_info*, int lenPayload, int raw);
1127 static int transmit_802_3_packet(struct airo_info*, int len, char *pPacket);
1128 static int transmit_802_11_packet(struct airo_info*, int len, char *pPacket);
1129 
1130 static int mpi_send_packet (struct net_device *dev);
1131 static void mpi_unmap_card(struct pci_dev *pci);
1132 static void mpi_receive_802_3(struct airo_info *ai);
1133 static void mpi_receive_802_11(struct airo_info *ai);
1134 static int waitbusy (struct airo_info *ai);
1135 
1136 static irqreturn_t airo_interrupt( int irq, void* dev_id);
1137 static int airo_thread(void *data);
1138 static void timer_func( struct net_device *dev );
1139 static int airo_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
1140 static struct iw_statistics *airo_get_wireless_stats (struct net_device *dev);
1141 static void airo_read_wireless_stats (struct airo_info *local);
1142 #ifdef CISCO_EXT
1143 static int readrids(struct net_device *dev, aironet_ioctl *comp);
1144 static int writerids(struct net_device *dev, aironet_ioctl *comp);
1145 static int flashcard(struct net_device *dev, aironet_ioctl *comp);
1146 #endif /* CISCO_EXT */
1147 static void micinit(struct airo_info *ai);
1148 static int micsetup(struct airo_info *ai);
1149 static int encapsulate(struct airo_info *ai, etherHead *pPacket, MICBuffer *buffer, int len);
1150 static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *pPacket, u16 payLen);
1151 
1152 static u8 airo_rssi_to_dbm (tdsRssiEntry *rssi_rid, u8 rssi);
1153 static u8 airo_dbm_to_pct (tdsRssiEntry *rssi_rid, u8 dbm);
1154 
1155 static void airo_networks_free(struct airo_info *ai);
1156 
1157 struct airo_info {
1158  struct net_device *dev;
1160  /* Note, we can have MAX_FIDS outstanding. FIDs are 16-bits, so we
1161  use the high bit to mark whether it is in use. */
1162 #define MAX_FIDS 6
1163 #define MPI_MAX_FIDS 1
1166  char keyindex; // Used with auto wep
1167  char defindex; // Used with auto wep
1170 #define FLAG_RADIO_OFF 0 /* User disabling of MAC */
1171 #define FLAG_RADIO_DOWN 1 /* ifup/ifdown disabling of MAC */
1172 #define FLAG_RADIO_MASK 0x03
1173 #define FLAG_ENABLED 2
1174 #define FLAG_ADHOC 3 /* Needed by MIC */
1175 #define FLAG_MIC_CAPABLE 4
1176 #define FLAG_UPDATE_MULTI 5
1177 #define FLAG_UPDATE_UNI 6
1178 #define FLAG_802_11 7
1179 #define FLAG_PROMISC 8 /* IFF_PROMISC 0x100 - include/linux/if.h */
1180 #define FLAG_PENDING_XMIT 9
1181 #define FLAG_PENDING_XMIT11 10
1182 #define FLAG_MPI 11
1183 #define FLAG_REGISTERED 12
1184 #define FLAG_COMMIT 13
1185 #define FLAG_RESET 14
1186 #define FLAG_FLASHING 15
1187 #define FLAG_WPA_CAPABLE 16
1188  unsigned long flags;
1189 #define JOB_DIE 0
1190 #define JOB_XMIT 1
1191 #define JOB_XMIT11 2
1192 #define JOB_STATS 3
1193 #define JOB_PROMISC 4
1194 #define JOB_MIC 5
1195 #define JOB_EVENT 6
1196 #define JOB_AUTOWEP 7
1197 #define JOB_WSTATS 8
1198 #define JOB_SCAN_RESULTS 9
1199  unsigned long jobs;
1200  int (*bap_read)(struct airo_info*, __le16 *pu16Dst, int bytelen,
1201  int whichbap);
1202  unsigned short *flash;
1206  struct semaphore sem;
1208  unsigned long expires;
1209  struct {
1210  struct sk_buff *skb;
1211  int fid;
1212  } xmit, xmit11;
1214  struct iw_statistics wstats; // wireless stats
1215  unsigned long scan_timeout; /* Time scan should be read */
1218  /* MIC stuff */
1222  HostRxDesc rxfids[MPI_MAX_FIDS]; // rx/tx/config MPI350 descriptors
1225  unsigned long ridbus; // phys addr of config_desc
1226  struct sk_buff_head txq;// tx queue used by mpi350 code
1227  struct pci_dev *pci;
1228  unsigned char __iomem *pcimem;
1229  unsigned char __iomem *pciaux;
1230  unsigned char *shared;
1235 #define PCI_SHARED_LEN 2*MPI_MAX_FIDS*PKTSIZE+RIDSIZE
1237 
1240 
1241  /* WPA-related stuff */
1242  unsigned int bssListFirst;
1243  unsigned int bssListNext;
1244  unsigned int bssListRidLen;
1245 
1249 };
1250 
1251 static inline int bap_read(struct airo_info *ai, __le16 *pu16Dst, int bytelen,
1252  int whichbap)
1253 {
1254  return ai->bap_read(ai, pu16Dst, bytelen, whichbap);
1255 }
1256 
1257 static int setup_proc_entry( struct net_device *dev,
1258  struct airo_info *apriv );
1259 static int takedown_proc_entry( struct net_device *dev,
1260  struct airo_info *apriv );
1261 
1262 static int cmdreset(struct airo_info *ai);
1263 static int setflashmode (struct airo_info *ai);
1264 static int flashgchar(struct airo_info *ai,int matchbyte,int dwelltime);
1265 static int flashputbuf(struct airo_info *ai);
1266 static int flashrestart(struct airo_info *ai,struct net_device *dev);
1267 
1268 #define airo_print(type, name, fmt, args...) \
1269  printk(type DRV_NAME "(%s): " fmt "\n", name, ##args)
1270 
1271 #define airo_print_info(name, fmt, args...) \
1272  airo_print(KERN_INFO, name, fmt, ##args)
1273 
1274 #define airo_print_dbg(name, fmt, args...) \
1275  airo_print(KERN_DEBUG, name, fmt, ##args)
1276 
1277 #define airo_print_warn(name, fmt, args...) \
1278  airo_print(KERN_WARNING, name, fmt, ##args)
1279 
1280 #define airo_print_err(name, fmt, args...) \
1281  airo_print(KERN_ERR, name, fmt, ##args)
1282 
1283 #define AIRO_FLASH(dev) (((struct airo_info *)dev->ml_priv)->flash)
1284 
1285 /***********************************************************************
1286  * MIC ROUTINES *
1287  ***********************************************************************
1288  */
1289 
1290 static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq);
1291 static void MoveWindow(miccntx *context, u32 micSeq);
1292 static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
1293  struct crypto_cipher *tfm);
1294 static void emmh32_init(emmh32_context *context);
1295 static void emmh32_update(emmh32_context *context, u8 *pOctets, int len);
1296 static void emmh32_final(emmh32_context *context, u8 digest[4]);
1297 static int flashpchar(struct airo_info *ai,int byte,int dwelltime);
1298 
1299 static void age_mic_context(miccntx *cur, miccntx *old, u8 *key, int key_len,
1300  struct crypto_cipher *tfm)
1301 {
1302  /* If the current MIC context is valid and its key is the same as
1303  * the MIC register, there's nothing to do.
1304  */
1305  if (cur->valid && (memcmp(cur->key, key, key_len) == 0))
1306  return;
1307 
1308  /* Age current mic Context */
1309  memcpy(old, cur, sizeof(*cur));
1310 
1311  /* Initialize new context */
1312  memcpy(cur->key, key, key_len);
1313  cur->window = 33; /* Window always points to the middle */
1314  cur->rx = 0; /* Rx Sequence numbers */
1315  cur->tx = 0; /* Tx sequence numbers */
1316  cur->valid = 1; /* Key is now valid */
1317 
1318  /* Give key to mic seed */
1319  emmh32_setseed(&cur->seed, key, key_len, tfm);
1320 }
1321 
1322 /* micinit - Initialize mic seed */
1323 
1324 static void micinit(struct airo_info *ai)
1325 {
1326  MICRid mic_rid;
1327 
1328  clear_bit(JOB_MIC, &ai->jobs);
1329  PC4500_readrid(ai, RID_MIC, &mic_rid, sizeof(mic_rid), 0);
1330  up(&ai->sem);
1331 
1332  ai->micstats.enabled = (le16_to_cpu(mic_rid.state) & 0x00FF) ? 1 : 0;
1333  if (!ai->micstats.enabled) {
1334  /* So next time we have a valid key and mic is enabled, we will
1335  * update the sequence number if the key is the same as before.
1336  */
1337  ai->mod[0].uCtx.valid = 0;
1338  ai->mod[0].mCtx.valid = 0;
1339  return;
1340  }
1341 
1342  if (mic_rid.multicastValid) {
1343  age_mic_context(&ai->mod[0].mCtx, &ai->mod[1].mCtx,
1344  mic_rid.multicast, sizeof(mic_rid.multicast),
1345  ai->tfm);
1346  }
1347 
1348  if (mic_rid.unicastValid) {
1349  age_mic_context(&ai->mod[0].uCtx, &ai->mod[1].uCtx,
1350  mic_rid.unicast, sizeof(mic_rid.unicast),
1351  ai->tfm);
1352  }
1353 }
1354 
1355 /* micsetup - Get ready for business */
1356 
1357 static int micsetup(struct airo_info *ai) {
1358  int i;
1359 
1360  if (ai->tfm == NULL)
1361  ai->tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
1362 
1363  if (IS_ERR(ai->tfm)) {
1364  airo_print_err(ai->dev->name, "failed to load transform for AES");
1365  ai->tfm = NULL;
1366  return ERROR;
1367  }
1368 
1369  for (i=0; i < NUM_MODULES; i++) {
1370  memset(&ai->mod[i].mCtx,0,sizeof(miccntx));
1371  memset(&ai->mod[i].uCtx,0,sizeof(miccntx));
1372  }
1373  return SUCCESS;
1374 }
1375 
1376 static const u8 micsnap[] = {0xAA,0xAA,0x03,0x00,0x40,0x96,0x00,0x02};
1377 
1378 /*===========================================================================
1379  * Description: Mic a packet
1380  *
1381  * Inputs: etherHead * pointer to an 802.3 frame
1382  *
1383  * Returns: BOOLEAN if successful, otherwise false.
1384  * PacketTxLen will be updated with the mic'd packets size.
1385  *
1386  * Caveats: It is assumed that the frame buffer will already
1387  * be big enough to hold the largets mic message possible.
1388  * (No memory allocation is done here).
1389  *
1390  * Author: sbraneky (10/15/01)
1391  * Merciless hacks by rwilcher (1/14/02)
1392  */
1393 
1394 static int encapsulate(struct airo_info *ai ,etherHead *frame, MICBuffer *mic, int payLen)
1395 {
1396  miccntx *context;
1397 
1398  // Determine correct context
1399  // If not adhoc, always use unicast key
1400 
1401  if (test_bit(FLAG_ADHOC, &ai->flags) && (frame->da[0] & 0x1))
1402  context = &ai->mod[0].mCtx;
1403  else
1404  context = &ai->mod[0].uCtx;
1405 
1406  if (!context->valid)
1407  return ERROR;
1408 
1409  mic->typelen = htons(payLen + 16); //Length of Mic'd packet
1410 
1411  memcpy(&mic->u.snap, micsnap, sizeof(micsnap)); // Add Snap
1412 
1413  // Add Tx sequence
1414  mic->seq = htonl(context->tx);
1415  context->tx += 2;
1416 
1417  emmh32_init(&context->seed); // Mic the packet
1418  emmh32_update(&context->seed,frame->da,ETH_ALEN * 2); // DA,SA
1419  emmh32_update(&context->seed,(u8*)&mic->typelen,10); // Type/Length and Snap
1420  emmh32_update(&context->seed,(u8*)&mic->seq,sizeof(mic->seq)); //SEQ
1421  emmh32_update(&context->seed,(u8*)(frame + 1),payLen); //payload
1422  emmh32_final(&context->seed, (u8*)&mic->mic);
1423 
1424  /* New Type/length ?????????? */
1425  mic->typelen = 0; //Let NIC know it could be an oversized packet
1426  return SUCCESS;
1427 }
1428 
1429 typedef enum {
1435 } mic_error;
1436 
1437 /*===========================================================================
1438  * Description: Decapsulates a MIC'd packet and returns the 802.3 packet
1439  * (removes the MIC stuff) if packet is a valid packet.
1440  *
1441  * Inputs: etherHead pointer to the 802.3 packet
1442  *
1443  * Returns: BOOLEAN - TRUE if packet should be dropped otherwise FALSE
1444  *
1445  * Author: sbraneky (10/15/01)
1446  * Merciless hacks by rwilcher (1/14/02)
1447  *---------------------------------------------------------------------------
1448  */
1449 
1450 static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *eth, u16 payLen)
1451 {
1452  int i;
1453  u32 micSEQ;
1454  miccntx *context;
1455  u8 digest[4];
1456  mic_error micError = NONE;
1457 
1458  // Check if the packet is a Mic'd packet
1459 
1460  if (!ai->micstats.enabled) {
1461  //No Mic set or Mic OFF but we received a MIC'd packet.
1462  if (memcmp ((u8*)eth + 14, micsnap, sizeof(micsnap)) == 0) {
1463  ai->micstats.rxMICPlummed++;
1464  return ERROR;
1465  }
1466  return SUCCESS;
1467  }
1468 
1469  if (ntohs(mic->typelen) == 0x888E)
1470  return SUCCESS;
1471 
1472  if (memcmp (mic->u.snap, micsnap, sizeof(micsnap)) != 0) {
1473  // Mic enabled but packet isn't Mic'd
1474  ai->micstats.rxMICPlummed++;
1475  return ERROR;
1476  }
1477 
1478  micSEQ = ntohl(mic->seq); //store SEQ as CPU order
1479 
1480  //At this point we a have a mic'd packet and mic is enabled
1481  //Now do the mic error checking.
1482 
1483  //Receive seq must be odd
1484  if ( (micSEQ & 1) == 0 ) {
1485  ai->micstats.rxWrongSequence++;
1486  return ERROR;
1487  }
1488 
1489  for (i = 0; i < NUM_MODULES; i++) {
1490  int mcast = eth->da[0] & 1;
1491  //Determine proper context
1492  context = mcast ? &ai->mod[i].mCtx : &ai->mod[i].uCtx;
1493 
1494  //Make sure context is valid
1495  if (!context->valid) {
1496  if (i == 0)
1497  micError = NOMICPLUMMED;
1498  continue;
1499  }
1500  //DeMic it
1501 
1502  if (!mic->typelen)
1503  mic->typelen = htons(payLen + sizeof(MICBuffer) - 2);
1504 
1505  emmh32_init(&context->seed);
1506  emmh32_update(&context->seed, eth->da, ETH_ALEN*2);
1507  emmh32_update(&context->seed, (u8 *)&mic->typelen, sizeof(mic->typelen)+sizeof(mic->u.snap));
1508  emmh32_update(&context->seed, (u8 *)&mic->seq,sizeof(mic->seq));
1509  emmh32_update(&context->seed, (u8 *)(eth + 1),payLen);
1510  //Calculate MIC
1511  emmh32_final(&context->seed, digest);
1512 
1513  if (memcmp(digest, &mic->mic, 4)) { //Make sure the mics match
1514  //Invalid Mic
1515  if (i == 0)
1516  micError = INCORRECTMIC;
1517  continue;
1518  }
1519 
1520  //Check Sequence number if mics pass
1521  if (RxSeqValid(ai, context, mcast, micSEQ) == SUCCESS) {
1522  ai->micstats.rxSuccess++;
1523  return SUCCESS;
1524  }
1525  if (i == 0)
1526  micError = SEQUENCE;
1527  }
1528 
1529  // Update statistics
1530  switch (micError) {
1531  case NOMICPLUMMED: ai->micstats.rxMICPlummed++; break;
1532  case SEQUENCE: ai->micstats.rxWrongSequence++; break;
1533  case INCORRECTMIC: ai->micstats.rxIncorrectMIC++; break;
1534  case NONE: break;
1535  case NOMIC: break;
1536  }
1537  return ERROR;
1538 }
1539 
1540 /*===========================================================================
1541  * Description: Checks the Rx Seq number to make sure it is valid
1542  * and hasn't already been received
1543  *
1544  * Inputs: miccntx - mic context to check seq against
1545  * micSeq - the Mic seq number
1546  *
1547  * Returns: TRUE if valid otherwise FALSE.
1548  *
1549  * Author: sbraneky (10/15/01)
1550  * Merciless hacks by rwilcher (1/14/02)
1551  *---------------------------------------------------------------------------
1552  */
1553 
1554 static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq)
1555 {
1556  u32 seq,index;
1557 
1558  //Allow for the ap being rebooted - if it is then use the next
1559  //sequence number of the current sequence number - might go backwards
1560 
1561  if (mcast) {
1562  if (test_bit(FLAG_UPDATE_MULTI, &ai->flags)) {
1564  context->window = (micSeq > 33) ? micSeq : 33;
1565  context->rx = 0; // Reset rx
1566  }
1567  } else if (test_bit(FLAG_UPDATE_UNI, &ai->flags)) {
1569  context->window = (micSeq > 33) ? micSeq : 33; // Move window
1570  context->rx = 0; // Reset rx
1571  }
1572 
1573  //Make sequence number relative to START of window
1574  seq = micSeq - (context->window - 33);
1575 
1576  //Too old of a SEQ number to check.
1577  if ((s32)seq < 0)
1578  return ERROR;
1579 
1580  if ( seq > 64 ) {
1581  //Window is infinite forward
1582  MoveWindow(context,micSeq);
1583  return SUCCESS;
1584  }
1585 
1586  // We are in the window. Now check the context rx bit to see if it was already sent
1587  seq >>= 1; //divide by 2 because we only have odd numbers
1588  index = 1 << seq; //Get an index number
1589 
1590  if (!(context->rx & index)) {
1591  //micSEQ falls inside the window.
1592  //Add seqence number to the list of received numbers.
1593  context->rx |= index;
1594 
1595  MoveWindow(context,micSeq);
1596 
1597  return SUCCESS;
1598  }
1599  return ERROR;
1600 }
1601 
1602 static void MoveWindow(miccntx *context, u32 micSeq)
1603 {
1604  u32 shift;
1605 
1606  //Move window if seq greater than the middle of the window
1607  if (micSeq > context->window) {
1608  shift = (micSeq - context->window) >> 1;
1609 
1610  //Shift out old
1611  if (shift < 32)
1612  context->rx >>= shift;
1613  else
1614  context->rx = 0;
1615 
1616  context->window = micSeq; //Move window
1617  }
1618 }
1619 
1620 /*==============================================*/
1621 /*========== EMMH ROUTINES ====================*/
1622 /*==============================================*/
1623 
1624 /* mic accumulate */
1625 #define MIC_ACCUM(val) \
1626  context->accum += (u64)(val) * context->coeff[coeff_position++];
1627 
1628 static unsigned char aes_counter[16];
1629 
1630 /* expand the key to fill the MMH coefficient array */
1631 static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
1632  struct crypto_cipher *tfm)
1633 {
1634  /* take the keying material, expand if necessary, truncate at 16-bytes */
1635  /* run through AES counter mode to generate context->coeff[] */
1636 
1637  int i,j;
1638  u32 counter;
1639  u8 *cipher, plain[16];
1640 
1641  crypto_cipher_setkey(tfm, pkey, 16);
1642  counter = 0;
1643  for (i = 0; i < ARRAY_SIZE(context->coeff); ) {
1644  aes_counter[15] = (u8)(counter >> 0);
1645  aes_counter[14] = (u8)(counter >> 8);
1646  aes_counter[13] = (u8)(counter >> 16);
1647  aes_counter[12] = (u8)(counter >> 24);
1648  counter++;
1649  memcpy (plain, aes_counter, 16);
1650  crypto_cipher_encrypt_one(tfm, plain, plain);
1651  cipher = plain;
1652  for (j = 0; (j < 16) && (i < ARRAY_SIZE(context->coeff)); ) {
1653  context->coeff[i++] = ntohl(*(__be32 *)&cipher[j]);
1654  j += 4;
1655  }
1656  }
1657 }
1658 
1659 /* prepare for calculation of a new mic */
1660 static void emmh32_init(emmh32_context *context)
1661 {
1662  /* prepare for new mic calculation */
1663  context->accum = 0;
1664  context->position = 0;
1665 }
1666 
1667 /* add some bytes to the mic calculation */
1668 static void emmh32_update(emmh32_context *context, u8 *pOctets, int len)
1669 {
1670  int coeff_position, byte_position;
1671 
1672  if (len == 0) return;
1673 
1674  coeff_position = context->position >> 2;
1675 
1676  /* deal with partial 32-bit word left over from last update */
1677  byte_position = context->position & 3;
1678  if (byte_position) {
1679  /* have a partial word in part to deal with */
1680  do {
1681  if (len == 0) return;
1682  context->part.d8[byte_position++] = *pOctets++;
1683  context->position++;
1684  len--;
1685  } while (byte_position < 4);
1686  MIC_ACCUM(ntohl(context->part.d32));
1687  }
1688 
1689  /* deal with full 32-bit words */
1690  while (len >= 4) {
1691  MIC_ACCUM(ntohl(*(__be32 *)pOctets));
1692  context->position += 4;
1693  pOctets += 4;
1694  len -= 4;
1695  }
1696 
1697  /* deal with partial 32-bit word that will be left over from this update */
1698  byte_position = 0;
1699  while (len > 0) {
1700  context->part.d8[byte_position++] = *pOctets++;
1701  context->position++;
1702  len--;
1703  }
1704 }
1705 
1706 /* mask used to zero empty bytes for final partial word */
1707 static u32 mask32[4] = { 0x00000000L, 0xFF000000L, 0xFFFF0000L, 0xFFFFFF00L };
1708 
1709 /* calculate the mic */
1710 static void emmh32_final(emmh32_context *context, u8 digest[4])
1711 {
1712  int coeff_position, byte_position;
1713  u32 val;
1714 
1715  u64 sum, utmp;
1716  s64 stmp;
1717 
1718  coeff_position = context->position >> 2;
1719 
1720  /* deal with partial 32-bit word left over from last update */
1721  byte_position = context->position & 3;
1722  if (byte_position) {
1723  /* have a partial word in part to deal with */
1724  val = ntohl(context->part.d32);
1725  MIC_ACCUM(val & mask32[byte_position]); /* zero empty bytes */
1726  }
1727 
1728  /* reduce the accumulated u64 to a 32-bit MIC */
1729  sum = context->accum;
1730  stmp = (sum & 0xffffffffLL) - ((sum >> 32) * 15);
1731  utmp = (stmp & 0xffffffffLL) - ((stmp >> 32) * 15);
1732  sum = utmp & 0xffffffffLL;
1733  if (utmp > 0x10000000fLL)
1734  sum -= 15;
1735 
1736  val = (u32)sum;
1737  digest[0] = (val>>24) & 0xFF;
1738  digest[1] = (val>>16) & 0xFF;
1739  digest[2] = (val>>8) & 0xFF;
1740  digest[3] = val & 0xFF;
1741 }
1742 
1743 static int readBSSListRid(struct airo_info *ai, int first,
1744  BSSListRid *list)
1745 {
1746  Cmd cmd;
1747  Resp rsp;
1748 
1749  if (first == 1) {
1750  if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
1751  memset(&cmd, 0, sizeof(cmd));
1752  cmd.cmd=CMD_LISTBSS;
1753  if (down_interruptible(&ai->sem))
1754  return -ERESTARTSYS;
1755  ai->list_bss_task = current;
1756  issuecommand(ai, &cmd, &rsp);
1757  up(&ai->sem);
1758  /* Let the command take effect */
1760  ai->list_bss_task = NULL;
1761  }
1762  return PC4500_readrid(ai, first ? ai->bssListFirst : ai->bssListNext,
1763  list, ai->bssListRidLen, 1);
1764 }
1765 
1766 static int readWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int temp, int lock)
1767 {
1768  return PC4500_readrid(ai, temp ? RID_WEP_TEMP : RID_WEP_PERM,
1769  wkr, sizeof(*wkr), lock);
1770 }
1771 
1772 static int writeWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int perm, int lock)
1773 {
1774  int rc;
1775  rc = PC4500_writerid(ai, RID_WEP_TEMP, wkr, sizeof(*wkr), lock);
1776  if (rc!=SUCCESS)
1777  airo_print_err(ai->dev->name, "WEP_TEMP set %x", rc);
1778  if (perm) {
1779  rc = PC4500_writerid(ai, RID_WEP_PERM, wkr, sizeof(*wkr), lock);
1780  if (rc!=SUCCESS)
1781  airo_print_err(ai->dev->name, "WEP_PERM set %x", rc);
1782  }
1783  return rc;
1784 }
1785 
1786 static int readSsidRid(struct airo_info*ai, SsidRid *ssidr)
1787 {
1788  return PC4500_readrid(ai, RID_SSID, ssidr, sizeof(*ssidr), 1);
1789 }
1790 
1791 static int writeSsidRid(struct airo_info*ai, SsidRid *pssidr, int lock)
1792 {
1793  return PC4500_writerid(ai, RID_SSID, pssidr, sizeof(*pssidr), lock);
1794 }
1795 
1796 static int readConfigRid(struct airo_info *ai, int lock)
1797 {
1798  int rc;
1799  ConfigRid cfg;
1800 
1801  if (ai->config.len)
1802  return SUCCESS;
1803 
1804  rc = PC4500_readrid(ai, RID_ACTUALCONFIG, &cfg, sizeof(cfg), lock);
1805  if (rc != SUCCESS)
1806  return rc;
1807 
1808  ai->config = cfg;
1809  return SUCCESS;
1810 }
1811 
1812 static inline void checkThrottle(struct airo_info *ai)
1813 {
1814  int i;
1815 /* Old hardware had a limit on encryption speed */
1816  if (ai->config.authType != AUTH_OPEN && maxencrypt) {
1817  for(i=0; i<8; i++) {
1818  if (ai->config.rates[i] > maxencrypt) {
1819  ai->config.rates[i] = 0;
1820  }
1821  }
1822  }
1823 }
1824 
1825 static int writeConfigRid(struct airo_info *ai, int lock)
1826 {
1827  ConfigRid cfgr;
1828 
1829  if (!test_bit (FLAG_COMMIT, &ai->flags))
1830  return SUCCESS;
1831 
1832  clear_bit (FLAG_COMMIT, &ai->flags);
1833  clear_bit (FLAG_RESET, &ai->flags);
1834  checkThrottle(ai);
1835  cfgr = ai->config;
1836 
1837  if ((cfgr.opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
1838  set_bit(FLAG_ADHOC, &ai->flags);
1839  else
1840  clear_bit(FLAG_ADHOC, &ai->flags);
1841 
1842  return PC4500_writerid( ai, RID_CONFIG, &cfgr, sizeof(cfgr), lock);
1843 }
1844 
1845 static int readStatusRid(struct airo_info *ai, StatusRid *statr, int lock)
1846 {
1847  return PC4500_readrid(ai, RID_STATUS, statr, sizeof(*statr), lock);
1848 }
1849 
1850 static int readAPListRid(struct airo_info *ai, APListRid *aplr)
1851 {
1852  return PC4500_readrid(ai, RID_APLIST, aplr, sizeof(*aplr), 1);
1853 }
1854 
1855 static int writeAPListRid(struct airo_info *ai, APListRid *aplr, int lock)
1856 {
1857  return PC4500_writerid(ai, RID_APLIST, aplr, sizeof(*aplr), lock);
1858 }
1859 
1860 static int readCapabilityRid(struct airo_info *ai, CapabilityRid *capr, int lock)
1861 {
1862  return PC4500_readrid(ai, RID_CAPABILITIES, capr, sizeof(*capr), lock);
1863 }
1864 
1865 static int readStatsRid(struct airo_info*ai, StatsRid *sr, int rid, int lock)
1866 {
1867  return PC4500_readrid(ai, rid, sr, sizeof(*sr), lock);
1868 }
1869 
1870 static void try_auto_wep(struct airo_info *ai)
1871 {
1872  if (auto_wep && !test_bit(FLAG_RADIO_DOWN, &ai->flags)) {
1873  ai->expires = RUN_AT(3*HZ);
1875  }
1876 }
1877 
1878 static int airo_open(struct net_device *dev) {
1879  struct airo_info *ai = dev->ml_priv;
1880  int rc = 0;
1881 
1882  if (test_bit(FLAG_FLASHING, &ai->flags))
1883  return -EIO;
1884 
1885  /* Make sure the card is configured.
1886  * Wireless Extensions may postpone config changes until the card
1887  * is open (to pipeline changes and speed-up card setup). If
1888  * those changes are not yet committed, do it now - Jean II */
1889  if (test_bit(FLAG_COMMIT, &ai->flags)) {
1890  disable_MAC(ai, 1);
1891  writeConfigRid(ai, 1);
1892  }
1893 
1894  if (ai->wifidev != dev) {
1895  clear_bit(JOB_DIE, &ai->jobs);
1896  ai->airo_thread_task = kthread_run(airo_thread, dev, dev->name);
1897  if (IS_ERR(ai->airo_thread_task))
1898  return (int)PTR_ERR(ai->airo_thread_task);
1899 
1900  rc = request_irq(dev->irq, airo_interrupt, IRQF_SHARED,
1901  dev->name, dev);
1902  if (rc) {
1903  airo_print_err(dev->name,
1904  "register interrupt %d failed, rc %d",
1905  dev->irq, rc);
1906  set_bit(JOB_DIE, &ai->jobs);
1908  return rc;
1909  }
1910 
1911  /* Power on the MAC controller (which may have been disabled) */
1913  enable_interrupts(ai);
1914 
1915  try_auto_wep(ai);
1916  }
1917  enable_MAC(ai, 1);
1918 
1919  netif_start_queue(dev);
1920  return 0;
1921 }
1922 
1923 static netdev_tx_t mpi_start_xmit(struct sk_buff *skb,
1924  struct net_device *dev)
1925 {
1926  int npacks, pending;
1927  unsigned long flags;
1928  struct airo_info *ai = dev->ml_priv;
1929 
1930  if (!skb) {
1931  airo_print_err(dev->name, "%s: skb == NULL!",__func__);
1932  return NETDEV_TX_OK;
1933  }
1934  npacks = skb_queue_len (&ai->txq);
1935 
1936  if (npacks >= MAXTXQ - 1) {
1937  netif_stop_queue (dev);
1938  if (npacks > MAXTXQ) {
1939  dev->stats.tx_fifo_errors++;
1940  return NETDEV_TX_BUSY;
1941  }
1942  skb_queue_tail (&ai->txq, skb);
1943  return NETDEV_TX_OK;
1944  }
1945 
1946  spin_lock_irqsave(&ai->aux_lock, flags);
1947  skb_queue_tail (&ai->txq, skb);
1948  pending = test_bit(FLAG_PENDING_XMIT, &ai->flags);
1949  spin_unlock_irqrestore(&ai->aux_lock,flags);
1950  netif_wake_queue (dev);
1951 
1952  if (pending == 0) {
1954  mpi_send_packet (dev);
1955  }
1956  return NETDEV_TX_OK;
1957 }
1958 
1959 /*
1960  * @mpi_send_packet
1961  *
1962  * Attempt to transmit a packet. Can be called from interrupt
1963  * or transmit . return number of packets we tried to send
1964  */
1965 
1966 static int mpi_send_packet (struct net_device *dev)
1967 {
1968  struct sk_buff *skb;
1969  unsigned char *buffer;
1970  s16 len;
1971  __le16 *payloadLen;
1972  struct airo_info *ai = dev->ml_priv;
1973  u8 *sendbuf;
1974 
1975  /* get a packet to send */
1976 
1977  if ((skb = skb_dequeue(&ai->txq)) == NULL) {
1978  airo_print_err(dev->name,
1979  "%s: Dequeue'd zero in send_packet()",
1980  __func__);
1981  return 0;
1982  }
1983 
1984  /* check min length*/
1985  len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
1986  buffer = skb->data;
1987 
1988  ai->txfids[0].tx_desc.offset = 0;
1989  ai->txfids[0].tx_desc.valid = 1;
1990  ai->txfids[0].tx_desc.eoc = 1;
1991  ai->txfids[0].tx_desc.len =len+sizeof(WifiHdr);
1992 
1993 /*
1994  * Magic, the cards firmware needs a length count (2 bytes) in the host buffer
1995  * right after TXFID_HDR.The TXFID_HDR contains the status short so payloadlen
1996  * is immediately after it. ------------------------------------------------
1997  * |TXFIDHDR+STATUS|PAYLOADLEN|802.3HDR|PACKETDATA|
1998  * ------------------------------------------------
1999  */
2000 
2002  (char *)&wifictlhdr8023, sizeof(wifictlhdr8023));
2003 
2004  payloadLen = (__le16 *)(ai->txfids[0].virtual_host_addr +
2005  sizeof(wifictlhdr8023));
2006  sendbuf = ai->txfids[0].virtual_host_addr +
2007  sizeof(wifictlhdr8023) + 2 ;
2008 
2009  /*
2010  * Firmware automatically puts 802 header on so
2011  * we don't need to account for it in the length
2012  */
2013  if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
2014  (ntohs(((__be16 *)buffer)[6]) != 0x888E)) {
2015  MICBuffer pMic;
2016 
2017  if (encapsulate(ai, (etherHead *)buffer, &pMic, len - sizeof(etherHead)) != SUCCESS)
2018  return ERROR;
2019 
2020  *payloadLen = cpu_to_le16(len-sizeof(etherHead)+sizeof(pMic));
2021  ai->txfids[0].tx_desc.len += sizeof(pMic);
2022  /* copy data into airo dma buffer */
2023  memcpy (sendbuf, buffer, sizeof(etherHead));
2024  buffer += sizeof(etherHead);
2025  sendbuf += sizeof(etherHead);
2026  memcpy (sendbuf, &pMic, sizeof(pMic));
2027  sendbuf += sizeof(pMic);
2028  memcpy (sendbuf, buffer, len - sizeof(etherHead));
2029  } else {
2030  *payloadLen = cpu_to_le16(len - sizeof(etherHead));
2031 
2032  dev->trans_start = jiffies;
2033 
2034  /* copy data into airo dma buffer */
2035  memcpy(sendbuf, buffer, len);
2036  }
2037 
2039  &ai->txfids[0].tx_desc, sizeof(TxFid));
2040 
2041  OUT4500(ai, EVACK, 8);
2042 
2043  dev_kfree_skb_any(skb);
2044  return 1;
2045 }
2046 
2047 static void get_tx_error(struct airo_info *ai, s32 fid)
2048 {
2049  __le16 status;
2050 
2051  if (fid < 0)
2052  status = ((WifiCtlHdr *)ai->txfids[0].virtual_host_addr)->ctlhdr.status;
2053  else {
2054  if (bap_setup(ai, ai->fids[fid] & 0xffff, 4, BAP0) != SUCCESS)
2055  return;
2056  bap_read(ai, &status, 2, BAP0);
2057  }
2058  if (le16_to_cpu(status) & 2) /* Too many retries */
2059  ai->dev->stats.tx_aborted_errors++;
2060  if (le16_to_cpu(status) & 4) /* Transmit lifetime exceeded */
2061  ai->dev->stats.tx_heartbeat_errors++;
2062  if (le16_to_cpu(status) & 8) /* Aid fail */
2063  { }
2064  if (le16_to_cpu(status) & 0x10) /* MAC disabled */
2065  ai->dev->stats.tx_carrier_errors++;
2066  if (le16_to_cpu(status) & 0x20) /* Association lost */
2067  { }
2068  /* We produce a TXDROP event only for retry or lifetime
2069  * exceeded, because that's the only status that really mean
2070  * that this particular node went away.
2071  * Other errors means that *we* screwed up. - Jean II */
2072  if ((le16_to_cpu(status) & 2) ||
2073  (le16_to_cpu(status) & 4)) {
2074  union iwreq_data wrqu;
2075  char junk[0x18];
2076 
2077  /* Faster to skip over useless data than to do
2078  * another bap_setup(). We are at offset 0x6 and
2079  * need to go to 0x18 and read 6 bytes - Jean II */
2080  bap_read(ai, (__le16 *) junk, 0x18, BAP0);
2081 
2082  /* Copy 802.11 dest address.
2083  * We use the 802.11 header because the frame may
2084  * not be 802.3 or may be mangled...
2085  * In Ad-Hoc mode, it will be the node address.
2086  * In managed mode, it will be most likely the AP addr
2087  * User space will figure out how to convert it to
2088  * whatever it needs (IP address or else).
2089  * - Jean II */
2090  memcpy(wrqu.addr.sa_data, junk + 0x12, ETH_ALEN);
2091  wrqu.addr.sa_family = ARPHRD_ETHER;
2092 
2093  /* Send event to user space */
2094  wireless_send_event(ai->dev, IWEVTXDROP, &wrqu, NULL);
2095  }
2096 }
2097 
2098 static void airo_end_xmit(struct net_device *dev) {
2099  u16 status;
2100  int i;
2101  struct airo_info *priv = dev->ml_priv;
2102  struct sk_buff *skb = priv->xmit.skb;
2103  int fid = priv->xmit.fid;
2104  u32 *fids = priv->fids;
2105 
2106  clear_bit(JOB_XMIT, &priv->jobs);
2108  status = transmit_802_3_packet (priv, fids[fid], skb->data);
2109  up(&priv->sem);
2110 
2111  i = 0;
2112  if ( status == SUCCESS ) {
2113  dev->trans_start = jiffies;
2114  for (; i < MAX_FIDS / 2 && (priv->fids[i] & 0xffff0000); i++);
2115  } else {
2116  priv->fids[fid] &= 0xffff;
2117  dev->stats.tx_window_errors++;
2118  }
2119  if (i < MAX_FIDS / 2)
2120  netif_wake_queue(dev);
2121  dev_kfree_skb(skb);
2122 }
2123 
2124 static netdev_tx_t airo_start_xmit(struct sk_buff *skb,
2125  struct net_device *dev)
2126 {
2127  s16 len;
2128  int i, j;
2129  struct airo_info *priv = dev->ml_priv;
2130  u32 *fids = priv->fids;
2131 
2132  if ( skb == NULL ) {
2133  airo_print_err(dev->name, "%s: skb == NULL!", __func__);
2134  return NETDEV_TX_OK;
2135  }
2136 
2137  /* Find a vacant FID */
2138  for( i = 0; i < MAX_FIDS / 2 && (fids[i] & 0xffff0000); i++ );
2139  for( j = i + 1; j < MAX_FIDS / 2 && (fids[j] & 0xffff0000); j++ );
2140 
2141  if ( j >= MAX_FIDS / 2 ) {
2142  netif_stop_queue(dev);
2143 
2144  if (i == MAX_FIDS / 2) {
2145  dev->stats.tx_fifo_errors++;
2146  return NETDEV_TX_BUSY;
2147  }
2148  }
2149  /* check min length*/
2150  len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
2151  /* Mark fid as used & save length for later */
2152  fids[i] |= (len << 16);
2153  priv->xmit.skb = skb;
2154  priv->xmit.fid = i;
2155  if (down_trylock(&priv->sem) != 0) {
2156  set_bit(FLAG_PENDING_XMIT, &priv->flags);
2157  netif_stop_queue(dev);
2158  set_bit(JOB_XMIT, &priv->jobs);
2160  } else
2161  airo_end_xmit(dev);
2162  return NETDEV_TX_OK;
2163 }
2164 
2165 static void airo_end_xmit11(struct net_device *dev) {
2166  u16 status;
2167  int i;
2168  struct airo_info *priv = dev->ml_priv;
2169  struct sk_buff *skb = priv->xmit11.skb;
2170  int fid = priv->xmit11.fid;
2171  u32 *fids = priv->fids;
2172 
2173  clear_bit(JOB_XMIT11, &priv->jobs);
2175  status = transmit_802_11_packet (priv, fids[fid], skb->data);
2176  up(&priv->sem);
2177 
2178  i = MAX_FIDS / 2;
2179  if ( status == SUCCESS ) {
2180  dev->trans_start = jiffies;
2181  for (; i < MAX_FIDS && (priv->fids[i] & 0xffff0000); i++);
2182  } else {
2183  priv->fids[fid] &= 0xffff;
2184  dev->stats.tx_window_errors++;
2185  }
2186  if (i < MAX_FIDS)
2187  netif_wake_queue(dev);
2188  dev_kfree_skb(skb);
2189 }
2190 
2191 static netdev_tx_t airo_start_xmit11(struct sk_buff *skb,
2192  struct net_device *dev)
2193 {
2194  s16 len;
2195  int i, j;
2196  struct airo_info *priv = dev->ml_priv;
2197  u32 *fids = priv->fids;
2198 
2199  if (test_bit(FLAG_MPI, &priv->flags)) {
2200  /* Not implemented yet for MPI350 */
2201  netif_stop_queue(dev);
2202  dev_kfree_skb_any(skb);
2203  return NETDEV_TX_OK;
2204  }
2205 
2206  if ( skb == NULL ) {
2207  airo_print_err(dev->name, "%s: skb == NULL!", __func__);
2208  return NETDEV_TX_OK;
2209  }
2210 
2211  /* Find a vacant FID */
2212  for( i = MAX_FIDS / 2; i < MAX_FIDS && (fids[i] & 0xffff0000); i++ );
2213  for( j = i + 1; j < MAX_FIDS && (fids[j] & 0xffff0000); j++ );
2214 
2215  if ( j >= MAX_FIDS ) {
2216  netif_stop_queue(dev);
2217 
2218  if (i == MAX_FIDS) {
2219  dev->stats.tx_fifo_errors++;
2220  return NETDEV_TX_BUSY;
2221  }
2222  }
2223  /* check min length*/
2224  len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
2225  /* Mark fid as used & save length for later */
2226  fids[i] |= (len << 16);
2227  priv->xmit11.skb = skb;
2228  priv->xmit11.fid = i;
2229  if (down_trylock(&priv->sem) != 0) {
2231  netif_stop_queue(dev);
2232  set_bit(JOB_XMIT11, &priv->jobs);
2234  } else
2235  airo_end_xmit11(dev);
2236  return NETDEV_TX_OK;
2237 }
2238 
2239 static void airo_read_stats(struct net_device *dev)
2240 {
2241  struct airo_info *ai = dev->ml_priv;
2242  StatsRid stats_rid;
2243  __le32 *vals = stats_rid.vals;
2244 
2245  clear_bit(JOB_STATS, &ai->jobs);
2246  if (ai->power.event) {
2247  up(&ai->sem);
2248  return;
2249  }
2250  readStatsRid(ai, &stats_rid, RID_STATS, 0);
2251  up(&ai->sem);
2252 
2253  dev->stats.rx_packets = le32_to_cpu(vals[43]) + le32_to_cpu(vals[44]) +
2254  le32_to_cpu(vals[45]);
2255  dev->stats.tx_packets = le32_to_cpu(vals[39]) + le32_to_cpu(vals[40]) +
2256  le32_to_cpu(vals[41]);
2257  dev->stats.rx_bytes = le32_to_cpu(vals[92]);
2258  dev->stats.tx_bytes = le32_to_cpu(vals[91]);
2259  dev->stats.rx_errors = le32_to_cpu(vals[0]) + le32_to_cpu(vals[2]) +
2260  le32_to_cpu(vals[3]) + le32_to_cpu(vals[4]);
2261  dev->stats.tx_errors = le32_to_cpu(vals[42]) +
2262  dev->stats.tx_fifo_errors;
2263  dev->stats.multicast = le32_to_cpu(vals[43]);
2264  dev->stats.collisions = le32_to_cpu(vals[89]);
2265 
2266  /* detailed rx_errors: */
2267  dev->stats.rx_length_errors = le32_to_cpu(vals[3]);
2268  dev->stats.rx_crc_errors = le32_to_cpu(vals[4]);
2269  dev->stats.rx_frame_errors = le32_to_cpu(vals[2]);
2270  dev->stats.rx_fifo_errors = le32_to_cpu(vals[0]);
2271 }
2272 
2273 static struct net_device_stats *airo_get_stats(struct net_device *dev)
2274 {
2275  struct airo_info *local = dev->ml_priv;
2276 
2277  if (!test_bit(JOB_STATS, &local->jobs)) {
2278  /* Get stats out of the card if available */
2279  if (down_trylock(&local->sem) != 0) {
2280  set_bit(JOB_STATS, &local->jobs);
2282  } else
2283  airo_read_stats(dev);
2284  }
2285 
2286  return &dev->stats;
2287 }
2288 
2289 static void airo_set_promisc(struct airo_info *ai) {
2290  Cmd cmd;
2291  Resp rsp;
2292 
2293  memset(&cmd, 0, sizeof(cmd));
2294  cmd.cmd=CMD_SETMODE;
2295  clear_bit(JOB_PROMISC, &ai->jobs);
2296  cmd.parm0=(ai->flags&IFF_PROMISC) ? PROMISC : NOPROMISC;
2297  issuecommand(ai, &cmd, &rsp);
2298  up(&ai->sem);
2299 }
2300 
2301 static void airo_set_multicast_list(struct net_device *dev) {
2302  struct airo_info *ai = dev->ml_priv;
2303 
2304  if ((dev->flags ^ ai->flags) & IFF_PROMISC) {
2305  change_bit(FLAG_PROMISC, &ai->flags);
2306  if (down_trylock(&ai->sem) != 0) {
2307  set_bit(JOB_PROMISC, &ai->jobs);
2309  } else
2310  airo_set_promisc(ai);
2311  }
2312 
2313  if ((dev->flags&IFF_ALLMULTI) || !netdev_mc_empty(dev)) {
2314  /* Turn on multicast. (Should be already setup...) */
2315  }
2316 }
2317 
2318 static int airo_set_mac_address(struct net_device *dev, void *p)
2319 {
2320  struct airo_info *ai = dev->ml_priv;
2321  struct sockaddr *addr = p;
2322 
2323  readConfigRid(ai, 1);
2324  memcpy (ai->config.macAddr, addr->sa_data, dev->addr_len);
2325  set_bit (FLAG_COMMIT, &ai->flags);
2326  disable_MAC(ai, 1);
2327  writeConfigRid (ai, 1);
2328  enable_MAC(ai, 1);
2329  memcpy (ai->dev->dev_addr, addr->sa_data, dev->addr_len);
2330  if (ai->wifidev)
2331  memcpy (ai->wifidev->dev_addr, addr->sa_data, dev->addr_len);
2332  return 0;
2333 }
2334 
2335 static int airo_change_mtu(struct net_device *dev, int new_mtu)
2336 {
2337  if ((new_mtu < 68) || (new_mtu > 2400))
2338  return -EINVAL;
2339  dev->mtu = new_mtu;
2340  return 0;
2341 }
2342 
2343 static LIST_HEAD(airo_devices);
2344 
2345 static void add_airo_dev(struct airo_info *ai)
2346 {
2347  /* Upper layers already keep track of PCI devices,
2348  * so we only need to remember our non-PCI cards. */
2349  if (!ai->pci)
2350  list_add_tail(&ai->dev_list, &airo_devices);
2351 }
2352 
2353 static void del_airo_dev(struct airo_info *ai)
2354 {
2355  if (!ai->pci)
2356  list_del(&ai->dev_list);
2357 }
2358 
2359 static int airo_close(struct net_device *dev) {
2360  struct airo_info *ai = dev->ml_priv;
2361 
2362  netif_stop_queue(dev);
2363 
2364  if (ai->wifidev != dev) {
2365 #ifdef POWER_ON_DOWN
2366  /* Shut power to the card. The idea is that the user can save
2367  * power when he doesn't need the card with "ifconfig down".
2368  * That's the method that is most friendly towards the network
2369  * stack (i.e. the network stack won't try to broadcast
2370  * anything on the interface and routes are gone. Jean II */
2371  set_bit(FLAG_RADIO_DOWN, &ai->flags);
2372  disable_MAC(ai, 1);
2373 #endif
2374  disable_interrupts( ai );
2375 
2376  free_irq(dev->irq, dev);
2377 
2378  set_bit(JOB_DIE, &ai->jobs);
2380  }
2381  return 0;
2382 }
2383 
2384 void stop_airo_card( struct net_device *dev, int freeres )
2385 {
2386  struct airo_info *ai = dev->ml_priv;
2387 
2388  set_bit(FLAG_RADIO_DOWN, &ai->flags);
2389  disable_MAC(ai, 1);
2390  disable_interrupts(ai);
2391  takedown_proc_entry( dev, ai );
2392  if (test_bit(FLAG_REGISTERED, &ai->flags)) {
2393  unregister_netdev( dev );
2394  if (ai->wifidev) {
2396  free_netdev(ai->wifidev);
2397  ai->wifidev = NULL;
2398  }
2400  }
2401  /*
2402  * Clean out tx queue
2403  */
2404  if (test_bit(FLAG_MPI, &ai->flags) && !skb_queue_empty(&ai->txq)) {
2405  struct sk_buff *skb = NULL;
2406  for (;(skb = skb_dequeue(&ai->txq));)
2407  dev_kfree_skb(skb);
2408  }
2409 
2410  airo_networks_free (ai);
2411 
2412  kfree(ai->flash);
2413  kfree(ai->rssi);
2414  kfree(ai->APList);
2415  kfree(ai->SSID);
2416  if (freeres) {
2417  /* PCMCIA frees this stuff, so only for PCI and ISA */
2418  release_region( dev->base_addr, 64 );
2419  if (test_bit(FLAG_MPI, &ai->flags)) {
2420  if (ai->pci)
2421  mpi_unmap_card(ai->pci);
2422  if (ai->pcimem)
2423  iounmap(ai->pcimem);
2424  if (ai->pciaux)
2425  iounmap(ai->pciaux);
2427  ai->shared, ai->shared_dma);
2428  }
2429  }
2430  crypto_free_cipher(ai->tfm);
2431  del_airo_dev(ai);
2432  free_netdev( dev );
2433 }
2434 
2436 
2437 static int wll_header_parse(const struct sk_buff *skb, unsigned char *haddr)
2438 {
2439  memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN);
2440  return ETH_ALEN;
2441 }
2442 
2443 static void mpi_unmap_card(struct pci_dev *pci)
2444 {
2445  unsigned long mem_start = pci_resource_start(pci, 1);
2446  unsigned long mem_len = pci_resource_len(pci, 1);
2447  unsigned long aux_start = pci_resource_start(pci, 2);
2448  unsigned long aux_len = AUXMEMSIZE;
2449 
2450  release_mem_region(aux_start, aux_len);
2451  release_mem_region(mem_start, mem_len);
2452 }
2453 
2454 /*************************************************************
2455  * This routine assumes that descriptors have been setup .
2456  * Run at insmod time or after reset when the decriptors
2457  * have been initialized . Returns 0 if all is well nz
2458  * otherwise . Does not allocate memory but sets up card
2459  * using previously allocated descriptors.
2460  */
2461 static int mpi_init_descriptors (struct airo_info *ai)
2462 {
2463  Cmd cmd;
2464  Resp rsp;
2465  int i;
2466  int rc = SUCCESS;
2467 
2468  /* Alloc card RX descriptors */
2469  netif_stop_queue(ai->dev);
2470 
2471  memset(&rsp,0,sizeof(rsp));
2472  memset(&cmd,0,sizeof(cmd));
2473 
2474  cmd.cmd = CMD_ALLOCATEAUX;
2475  cmd.parm0 = FID_RX;
2476  cmd.parm1 = (ai->rxfids[0].card_ram_off - ai->pciaux);
2477  cmd.parm2 = MPI_MAX_FIDS;
2478  rc=issuecommand(ai, &cmd, &rsp);
2479  if (rc != SUCCESS) {
2480  airo_print_err(ai->dev->name, "Couldn't allocate RX FID");
2481  return rc;
2482  }
2483 
2484  for (i=0; i<MPI_MAX_FIDS; i++) {
2486  &ai->rxfids[i].rx_desc, sizeof(RxFid));
2487  }
2488 
2489  /* Alloc card TX descriptors */
2490 
2491  memset(&rsp,0,sizeof(rsp));
2492  memset(&cmd,0,sizeof(cmd));
2493 
2494  cmd.cmd = CMD_ALLOCATEAUX;
2495  cmd.parm0 = FID_TX;
2496  cmd.parm1 = (ai->txfids[0].card_ram_off - ai->pciaux);
2497  cmd.parm2 = MPI_MAX_FIDS;
2498 
2499  for (i=0; i<MPI_MAX_FIDS; i++) {
2500  ai->txfids[i].tx_desc.valid = 1;
2502  &ai->txfids[i].tx_desc, sizeof(TxFid));
2503  }
2504  ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
2505 
2506  rc=issuecommand(ai, &cmd, &rsp);
2507  if (rc != SUCCESS) {
2508  airo_print_err(ai->dev->name, "Couldn't allocate TX FID");
2509  return rc;
2510  }
2511 
2512  /* Alloc card Rid descriptor */
2513  memset(&rsp,0,sizeof(rsp));
2514  memset(&cmd,0,sizeof(cmd));
2515 
2516  cmd.cmd = CMD_ALLOCATEAUX;
2517  cmd.parm0 = RID_RW;
2518  cmd.parm1 = (ai->config_desc.card_ram_off - ai->pciaux);
2519  cmd.parm2 = 1; /* Magic number... */
2520  rc=issuecommand(ai, &cmd, &rsp);
2521  if (rc != SUCCESS) {
2522  airo_print_err(ai->dev->name, "Couldn't allocate RID");
2523  return rc;
2524  }
2525 
2527  &ai->config_desc.rid_desc, sizeof(Rid));
2528 
2529  return rc;
2530 }
2531 
2532 /*
2533  * We are setting up three things here:
2534  * 1) Map AUX memory for descriptors: Rid, TxFid, or RxFid.
2535  * 2) Map PCI memory for issuing commands.
2536  * 3) Allocate memory (shared) to send and receive ethernet frames.
2537  */
2538 static int mpi_map_card(struct airo_info *ai, struct pci_dev *pci)
2539 {
2540  unsigned long mem_start, mem_len, aux_start, aux_len;
2541  int rc = -1;
2542  int i;
2543  dma_addr_t busaddroff;
2544  unsigned char *vpackoff;
2545  unsigned char __iomem *pciaddroff;
2546 
2547  mem_start = pci_resource_start(pci, 1);
2548  mem_len = pci_resource_len(pci, 1);
2549  aux_start = pci_resource_start(pci, 2);
2550  aux_len = AUXMEMSIZE;
2551 
2552  if (!request_mem_region(mem_start, mem_len, DRV_NAME)) {
2553  airo_print_err("", "Couldn't get region %x[%x]",
2554  (int)mem_start, (int)mem_len);
2555  goto out;
2556  }
2557  if (!request_mem_region(aux_start, aux_len, DRV_NAME)) {
2558  airo_print_err("", "Couldn't get region %x[%x]",
2559  (int)aux_start, (int)aux_len);
2560  goto free_region1;
2561  }
2562 
2563  ai->pcimem = ioremap(mem_start, mem_len);
2564  if (!ai->pcimem) {
2565  airo_print_err("", "Couldn't map region %x[%x]",
2566  (int)mem_start, (int)mem_len);
2567  goto free_region2;
2568  }
2569  ai->pciaux = ioremap(aux_start, aux_len);
2570  if (!ai->pciaux) {
2571  airo_print_err("", "Couldn't map region %x[%x]",
2572  (int)aux_start, (int)aux_len);
2573  goto free_memmap;
2574  }
2575 
2576  /* Reserve PKTSIZE for each fid and 2K for the Rids */
2578  if (!ai->shared) {
2579  airo_print_err("", "Couldn't alloc_consistent %d",
2580  PCI_SHARED_LEN);
2581  goto free_auxmap;
2582  }
2583 
2584  /*
2585  * Setup descriptor RX, TX, CONFIG
2586  */
2587  busaddroff = ai->shared_dma;
2588  pciaddroff = ai->pciaux + AUX_OFFSET;
2589  vpackoff = ai->shared;
2590 
2591  /* RX descriptor setup */
2592  for(i = 0; i < MPI_MAX_FIDS; i++) {
2593  ai->rxfids[i].pending = 0;
2594  ai->rxfids[i].card_ram_off = pciaddroff;
2595  ai->rxfids[i].virtual_host_addr = vpackoff;
2596  ai->rxfids[i].rx_desc.host_addr = busaddroff;
2597  ai->rxfids[i].rx_desc.valid = 1;
2598  ai->rxfids[i].rx_desc.len = PKTSIZE;
2599  ai->rxfids[i].rx_desc.rdy = 0;
2600 
2601  pciaddroff += sizeof(RxFid);
2602  busaddroff += PKTSIZE;
2603  vpackoff += PKTSIZE;
2604  }
2605 
2606  /* TX descriptor setup */
2607  for(i = 0; i < MPI_MAX_FIDS; i++) {
2608  ai->txfids[i].card_ram_off = pciaddroff;
2609  ai->txfids[i].virtual_host_addr = vpackoff;
2610  ai->txfids[i].tx_desc.valid = 1;
2611  ai->txfids[i].tx_desc.host_addr = busaddroff;
2613  &wifictlhdr8023, sizeof(wifictlhdr8023));
2614 
2615  pciaddroff += sizeof(TxFid);
2616  busaddroff += PKTSIZE;
2617  vpackoff += PKTSIZE;
2618  }
2619  ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
2620 
2621  /* Rid descriptor setup */
2622  ai->config_desc.card_ram_off = pciaddroff;
2623  ai->config_desc.virtual_host_addr = vpackoff;
2624  ai->config_desc.rid_desc.host_addr = busaddroff;
2625  ai->ridbus = busaddroff;
2626  ai->config_desc.rid_desc.rid = 0;
2628  ai->config_desc.rid_desc.valid = 1;
2629  pciaddroff += sizeof(Rid);
2630  busaddroff += RIDSIZE;
2631  vpackoff += RIDSIZE;
2632 
2633  /* Tell card about descriptors */
2634  if (mpi_init_descriptors (ai) != SUCCESS)
2635  goto free_shared;
2636 
2637  return 0;
2638  free_shared:
2640  free_auxmap:
2641  iounmap(ai->pciaux);
2642  free_memmap:
2643  iounmap(ai->pcimem);
2644  free_region2:
2645  release_mem_region(aux_start, aux_len);
2646  free_region1:
2647  release_mem_region(mem_start, mem_len);
2648  out:
2649  return rc;
2650 }
2651 
2652 static const struct header_ops airo_header_ops = {
2653  .parse = wll_header_parse,
2654 };
2655 
2656 static const struct net_device_ops airo11_netdev_ops = {
2657  .ndo_open = airo_open,
2658  .ndo_stop = airo_close,
2659  .ndo_start_xmit = airo_start_xmit11,
2660  .ndo_get_stats = airo_get_stats,
2661  .ndo_set_mac_address = airo_set_mac_address,
2662  .ndo_do_ioctl = airo_ioctl,
2663  .ndo_change_mtu = airo_change_mtu,
2664 };
2665 
2666 static void wifi_setup(struct net_device *dev)
2667 {
2668  dev->netdev_ops = &airo11_netdev_ops;
2669  dev->header_ops = &airo_header_ops;
2670  dev->wireless_handlers = &airo_handler_def;
2671 
2672  dev->type = ARPHRD_IEEE80211;
2673  dev->hard_header_len = ETH_HLEN;
2674  dev->mtu = AIRO_DEF_MTU;
2675  dev->addr_len = ETH_ALEN;
2676  dev->tx_queue_len = 100;
2677 
2678  memset(dev->broadcast,0xFF, ETH_ALEN);
2679 
2681 }
2682 
2683 static struct net_device *init_wifidev(struct airo_info *ai,
2684  struct net_device *ethdev)
2685 {
2686  int err;
2687  struct net_device *dev = alloc_netdev(0, "wifi%d", wifi_setup);
2688  if (!dev)
2689  return NULL;
2690  dev->ml_priv = ethdev->ml_priv;
2691  dev->irq = ethdev->irq;
2692  dev->base_addr = ethdev->base_addr;
2693  dev->wireless_data = ethdev->wireless_data;
2694  SET_NETDEV_DEV(dev, ethdev->dev.parent);
2695  memcpy(dev->dev_addr, ethdev->dev_addr, dev->addr_len);
2696  err = register_netdev(dev);
2697  if (err<0) {
2698  free_netdev(dev);
2699  return NULL;
2700  }
2701  return dev;
2702 }
2703 
2704 static int reset_card( struct net_device *dev , int lock) {
2705  struct airo_info *ai = dev->ml_priv;
2706 
2707  if (lock && down_interruptible(&ai->sem))
2708  return -1;
2709  waitbusy (ai);
2710  OUT4500(ai,COMMAND,CMD_SOFTRESET);
2711  msleep(200);
2712  waitbusy (ai);
2713  msleep(200);
2714  if (lock)
2715  up(&ai->sem);
2716  return 0;
2717 }
2718 
2719 #define AIRO_MAX_NETWORK_COUNT 64
2720 static int airo_networks_allocate(struct airo_info *ai)
2721 {
2722  if (ai->networks)
2723  return 0;
2724 
2725  ai->networks = kcalloc(AIRO_MAX_NETWORK_COUNT, sizeof(BSSListElement),
2726  GFP_KERNEL);
2727  if (!ai->networks) {
2728  airo_print_warn("", "Out of memory allocating beacons");
2729  return -ENOMEM;
2730  }
2731 
2732  return 0;
2733 }
2734 
2735 static void airo_networks_free(struct airo_info *ai)
2736 {
2737  kfree(ai->networks);
2738  ai->networks = NULL;
2739 }
2740 
2741 static void airo_networks_initialize(struct airo_info *ai)
2742 {
2743  int i;
2744 
2745  INIT_LIST_HEAD(&ai->network_free_list);
2746  INIT_LIST_HEAD(&ai->network_list);
2747  for (i = 0; i < AIRO_MAX_NETWORK_COUNT; i++)
2748  list_add_tail(&ai->networks[i].list,
2749  &ai->network_free_list);
2750 }
2751 
2752 static const struct net_device_ops airo_netdev_ops = {
2753  .ndo_open = airo_open,
2754  .ndo_stop = airo_close,
2755  .ndo_start_xmit = airo_start_xmit,
2756  .ndo_get_stats = airo_get_stats,
2757  .ndo_set_rx_mode = airo_set_multicast_list,
2758  .ndo_set_mac_address = airo_set_mac_address,
2759  .ndo_do_ioctl = airo_ioctl,
2760  .ndo_change_mtu = airo_change_mtu,
2761  .ndo_validate_addr = eth_validate_addr,
2762 };
2763 
2764 static const struct net_device_ops mpi_netdev_ops = {
2765  .ndo_open = airo_open,
2766  .ndo_stop = airo_close,
2767  .ndo_start_xmit = mpi_start_xmit,
2768  .ndo_get_stats = airo_get_stats,
2769  .ndo_set_rx_mode = airo_set_multicast_list,
2770  .ndo_set_mac_address = airo_set_mac_address,
2771  .ndo_do_ioctl = airo_ioctl,
2772  .ndo_change_mtu = airo_change_mtu,
2773  .ndo_validate_addr = eth_validate_addr,
2774 };
2775 
2776 
2777 static struct net_device *_init_airo_card( unsigned short irq, int port,
2778  int is_pcmcia, struct pci_dev *pci,
2779  struct device *dmdev )
2780 {
2781  struct net_device *dev;
2782  struct airo_info *ai;
2783  int i, rc;
2784  CapabilityRid cap_rid;
2785 
2786  /* Create the network device object. */
2787  dev = alloc_netdev(sizeof(*ai), "", ether_setup);
2788  if (!dev) {
2789  airo_print_err("", "Couldn't alloc_etherdev");
2790  return NULL;
2791  }
2792 
2793  ai = dev->ml_priv = netdev_priv(dev);
2794  ai->wifidev = NULL;
2795  ai->flags = 1 << FLAG_RADIO_DOWN;
2796  ai->jobs = 0;
2797  ai->dev = dev;
2798  if (pci && (pci->device == 0x5000 || pci->device == 0xa504)) {
2799  airo_print_dbg("", "Found an MPI350 card");
2800  set_bit(FLAG_MPI, &ai->flags);
2801  }
2802  spin_lock_init(&ai->aux_lock);
2803  sema_init(&ai->sem, 1);
2804  ai->config.len = 0;
2805  ai->pci = pci;
2807  ai->tfm = NULL;
2808  add_airo_dev(ai);
2809 
2810  if (airo_networks_allocate (ai))
2811  goto err_out_free;
2812  airo_networks_initialize (ai);
2813 
2814  skb_queue_head_init (&ai->txq);
2815 
2816  /* The Airo-specific entries in the device structure. */
2817  if (test_bit(FLAG_MPI,&ai->flags))
2818  dev->netdev_ops = &mpi_netdev_ops;
2819  else
2820  dev->netdev_ops = &airo_netdev_ops;
2821  dev->wireless_handlers = &airo_handler_def;
2822  ai->wireless_data.spy_data = &ai->spy_data;
2823  dev->wireless_data = &ai->wireless_data;
2824  dev->irq = irq;
2825  dev->base_addr = port;
2826  dev->priv_flags &= ~IFF_TX_SKB_SHARING;
2827 
2828  SET_NETDEV_DEV(dev, dmdev);
2829 
2830  reset_card (dev, 1);
2831  msleep(400);
2832 
2833  if (!is_pcmcia) {
2834  if (!request_region(dev->base_addr, 64, DRV_NAME)) {
2835  rc = -EBUSY;
2836  airo_print_err(dev->name, "Couldn't request region");
2837  goto err_out_nets;
2838  }
2839  }
2840 
2841  if (test_bit(FLAG_MPI,&ai->flags)) {
2842  if (mpi_map_card(ai, pci)) {
2843  airo_print_err("", "Could not map memory");
2844  goto err_out_res;
2845  }
2846  }
2847 
2848  if (probe) {
2849  if (setup_card(ai, dev->dev_addr, 1) != SUCCESS) {
2850  airo_print_err(dev->name, "MAC could not be enabled" );
2851  rc = -EIO;
2852  goto err_out_map;
2853  }
2854  } else if (!test_bit(FLAG_MPI,&ai->flags)) {
2855  ai->bap_read = fast_bap_read;
2856  set_bit(FLAG_FLASHING, &ai->flags);
2857  }
2858 
2859  strcpy(dev->name, "eth%d");
2860  rc = register_netdev(dev);
2861  if (rc) {
2862  airo_print_err(dev->name, "Couldn't register_netdev");
2863  goto err_out_map;
2864  }
2865  ai->wifidev = init_wifidev(ai, dev);
2866  if (!ai->wifidev)
2867  goto err_out_reg;
2868 
2869  rc = readCapabilityRid(ai, &cap_rid, 1);
2870  if (rc != SUCCESS) {
2871  rc = -EIO;
2872  goto err_out_wifi;
2873  }
2874  /* WEP capability discovery */
2875  ai->wep_capable = (cap_rid.softCap & cpu_to_le16(0x02)) ? 1 : 0;
2876  ai->max_wep_idx = (cap_rid.softCap & cpu_to_le16(0x80)) ? 3 : 0;
2877 
2878  airo_print_info(dev->name, "Firmware version %x.%x.%02d",
2879  ((le16_to_cpu(cap_rid.softVer) >> 8) & 0xF),
2880  (le16_to_cpu(cap_rid.softVer) & 0xFF),
2881  le16_to_cpu(cap_rid.softSubVer));
2882 
2883  /* Test for WPA support */
2884  /* Only firmware versions 5.30.17 or better can do WPA */
2885  if (le16_to_cpu(cap_rid.softVer) > 0x530
2886  || (le16_to_cpu(cap_rid.softVer) == 0x530
2887  && le16_to_cpu(cap_rid.softSubVer) >= 17)) {
2888  airo_print_info(ai->dev->name, "WPA supported.");
2889 
2893  ai->bssListRidLen = sizeof(BSSListRid);
2894  } else {
2895  airo_print_info(ai->dev->name, "WPA unsupported with firmware "
2896  "versions older than 5.30.17.");
2897 
2900  ai->bssListRidLen = sizeof(BSSListRid) - sizeof(BSSListRidExtra);
2901  }
2902 
2904  airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
2905 
2906  /* Allocate the transmit buffers */
2907  if (probe && !test_bit(FLAG_MPI,&ai->flags))
2908  for( i = 0; i < MAX_FIDS; i++ )
2909  ai->fids[i] = transmit_allocate(ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);
2910 
2911  if (setup_proc_entry(dev, dev->ml_priv) < 0)
2912  goto err_out_wifi;
2913 
2914  return dev;
2915 
2916 err_out_wifi:
2918  free_netdev(ai->wifidev);
2919 err_out_reg:
2920  unregister_netdev(dev);
2921 err_out_map:
2922  if (test_bit(FLAG_MPI,&ai->flags) && pci) {
2924  iounmap(ai->pciaux);
2925  iounmap(ai->pcimem);
2926  mpi_unmap_card(ai->pci);
2927  }
2928 err_out_res:
2929  if (!is_pcmcia)
2930  release_region( dev->base_addr, 64 );
2931 err_out_nets:
2932  airo_networks_free(ai);
2933 err_out_free:
2934  del_airo_dev(ai);
2935  free_netdev(dev);
2936  return NULL;
2937 }
2938 
2939 struct net_device *init_airo_card( unsigned short irq, int port, int is_pcmcia,
2940  struct device *dmdev)
2941 {
2942  return _init_airo_card ( irq, port, is_pcmcia, NULL, dmdev);
2943 }
2944 
2946 
2947 static int waitbusy (struct airo_info *ai) {
2948  int delay = 0;
2949  while ((IN4500(ai, COMMAND) & COMMAND_BUSY) && (delay < 10000)) {
2950  udelay (10);
2951  if ((++delay % 20) == 0)
2952  OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
2953  }
2954  return delay < 10000;
2955 }
2956 
2957 int reset_airo_card( struct net_device *dev )
2958 {
2959  int i;
2960  struct airo_info *ai = dev->ml_priv;
2961 
2962  if (reset_card (dev, 1))
2963  return -1;
2964 
2965  if ( setup_card(ai, dev->dev_addr, 1 ) != SUCCESS ) {
2966  airo_print_err(dev->name, "MAC could not be enabled");
2967  return -1;
2968  }
2969  airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
2970  /* Allocate the transmit buffers if needed */
2971  if (!test_bit(FLAG_MPI,&ai->flags))
2972  for( i = 0; i < MAX_FIDS; i++ )
2973  ai->fids[i] = transmit_allocate (ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);
2974 
2975  enable_interrupts( ai );
2976  netif_wake_queue(dev);
2977  return 0;
2978 }
2979 
2981 
2982 static void airo_send_event(struct net_device *dev) {
2983  struct airo_info *ai = dev->ml_priv;
2984  union iwreq_data wrqu;
2985  StatusRid status_rid;
2986 
2987  clear_bit(JOB_EVENT, &ai->jobs);
2988  PC4500_readrid(ai, RID_STATUS, &status_rid, sizeof(status_rid), 0);
2989  up(&ai->sem);
2990  wrqu.data.length = 0;
2991  wrqu.data.flags = 0;
2992  memcpy(wrqu.ap_addr.sa_data, status_rid.bssid[0], ETH_ALEN);
2993  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
2994 
2995  /* Send event to user space */
2996  wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
2997 }
2998 
2999 static void airo_process_scan_results (struct airo_info *ai) {
3000  union iwreq_data wrqu;
3001  BSSListRid bss;
3002  int rc;
3003  BSSListElement * loop_net;
3004  BSSListElement * tmp_net;
3005 
3006  /* Blow away current list of scan results */
3007  list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) {
3008  list_move_tail (&loop_net->list, &ai->network_free_list);
3009  /* Don't blow away ->list, just BSS data */
3010  memset (loop_net, 0, sizeof (loop_net->bss));
3011  }
3012 
3013  /* Try to read the first entry of the scan result */
3014  rc = PC4500_readrid(ai, ai->bssListFirst, &bss, ai->bssListRidLen, 0);
3015  if((rc) || (bss.index == cpu_to_le16(0xffff))) {
3016  /* No scan results */
3017  goto out;
3018  }
3019 
3020  /* Read and parse all entries */
3021  tmp_net = NULL;
3022  while((!rc) && (bss.index != cpu_to_le16(0xffff))) {
3023  /* Grab a network off the free list */
3024  if (!list_empty(&ai->network_free_list)) {
3025  tmp_net = list_entry(ai->network_free_list.next,
3026  BSSListElement, list);
3027  list_del(ai->network_free_list.next);
3028  }
3029 
3030  if (tmp_net != NULL) {
3031  memcpy(tmp_net, &bss, sizeof(tmp_net->bss));
3032  list_add_tail(&tmp_net->list, &ai->network_list);
3033  tmp_net = NULL;
3034  }
3035 
3036  /* Read next entry */
3037  rc = PC4500_readrid(ai, ai->bssListNext,
3038  &bss, ai->bssListRidLen, 0);
3039  }
3040 
3041 out:
3042  ai->scan_timeout = 0;
3044  up(&ai->sem);
3045 
3046  /* Send an empty event to user space.
3047  * We don't send the received data on
3048  * the event because it would require
3049  * us to do complex transcoding, and
3050  * we want to minimise the work done in
3051  * the irq handler. Use a request to
3052  * extract the data - Jean II */
3053  wrqu.data.length = 0;
3054  wrqu.data.flags = 0;
3055  wireless_send_event(ai->dev, SIOCGIWSCAN, &wrqu, NULL);
3056 }
3057 
3058 static int airo_thread(void *data) {
3059  struct net_device *dev = data;
3060  struct airo_info *ai = dev->ml_priv;
3061  int locked;
3062 
3063  set_freezable();
3064  while(1) {
3065  /* make swsusp happy with our thread */
3066  try_to_freeze();
3067 
3068  if (test_bit(JOB_DIE, &ai->jobs))
3069  break;
3070 
3071  if (ai->jobs) {
3072  locked = down_interruptible(&ai->sem);
3073  } else {
3075 
3076  init_waitqueue_entry(&wait, current);
3077  add_wait_queue(&ai->thr_wait, &wait);
3078  for (;;) {
3080  if (ai->jobs)
3081  break;
3082  if (ai->expires || ai->scan_timeout) {
3083  if (ai->scan_timeout &&
3084  time_after_eq(jiffies,ai->scan_timeout)){
3085  set_bit(JOB_SCAN_RESULTS, &ai->jobs);
3086  break;
3087  } else if (ai->expires &&
3088  time_after_eq(jiffies,ai->expires)){
3089  set_bit(JOB_AUTOWEP, &ai->jobs);
3090  break;
3091  }
3092  if (!kthread_should_stop() &&
3093  !freezing(current)) {
3094  unsigned long wake_at;
3095  if (!ai->expires || !ai->scan_timeout) {
3096  wake_at = max(ai->expires,
3097  ai->scan_timeout);
3098  } else {
3099  wake_at = min(ai->expires,
3100  ai->scan_timeout);
3101  }
3102  schedule_timeout(wake_at - jiffies);
3103  continue;
3104  }
3105  } else if (!kthread_should_stop() &&
3106  !freezing(current)) {
3107  schedule();
3108  continue;
3109  }
3110  break;
3111  }
3112  current->state = TASK_RUNNING;
3113  remove_wait_queue(&ai->thr_wait, &wait);
3114  locked = 1;
3115  }
3116 
3117  if (locked)
3118  continue;
3119 
3120  if (test_bit(JOB_DIE, &ai->jobs)) {
3121  up(&ai->sem);
3122  break;
3123  }
3124 
3125  if (ai->power.event || test_bit(FLAG_FLASHING, &ai->flags)) {
3126  up(&ai->sem);
3127  continue;
3128  }
3129 
3130  if (test_bit(JOB_XMIT, &ai->jobs))
3131  airo_end_xmit(dev);
3132  else if (test_bit(JOB_XMIT11, &ai->jobs))
3133  airo_end_xmit11(dev);
3134  else if (test_bit(JOB_STATS, &ai->jobs))
3135  airo_read_stats(dev);
3136  else if (test_bit(JOB_WSTATS, &ai->jobs))
3137  airo_read_wireless_stats(ai);
3138  else if (test_bit(JOB_PROMISC, &ai->jobs))
3139  airo_set_promisc(ai);
3140  else if (test_bit(JOB_MIC, &ai->jobs))
3141  micinit(ai);
3142  else if (test_bit(JOB_EVENT, &ai->jobs))
3143  airo_send_event(dev);
3144  else if (test_bit(JOB_AUTOWEP, &ai->jobs))
3145  timer_func(dev);
3146  else if (test_bit(JOB_SCAN_RESULTS, &ai->jobs))
3147  airo_process_scan_results(ai);
3148  else /* Shouldn't get here, but we make sure to unlock */
3149  up(&ai->sem);
3150  }
3151 
3152  return 0;
3153 }
3154 
3155 static int header_len(__le16 ctl)
3156 {
3157  u16 fc = le16_to_cpu(ctl);
3158  switch (fc & 0xc) {
3159  case 4:
3160  if ((fc & 0xe0) == 0xc0)
3161  return 10; /* one-address control packet */
3162  return 16; /* two-address control packet */
3163  case 8:
3164  if ((fc & 0x300) == 0x300)
3165  return 30; /* WDS packet */
3166  }
3167  return 24;
3168 }
3169 
3170 static void airo_handle_cisco_mic(struct airo_info *ai)
3171 {
3172  if (test_bit(FLAG_MIC_CAPABLE, &ai->flags)) {
3173  set_bit(JOB_MIC, &ai->jobs);
3175  }
3176 }
3177 
3178 /* Airo Status codes */
3179 #define STAT_NOBEACON 0x8000 /* Loss of sync - missed beacons */
3180 #define STAT_MAXRETRIES 0x8001 /* Loss of sync - max retries */
3181 #define STAT_MAXARL 0x8002 /* Loss of sync - average retry level exceeded*/
3182 #define STAT_FORCELOSS 0x8003 /* Loss of sync - host request */
3183 #define STAT_TSFSYNC 0x8004 /* Loss of sync - TSF synchronization */
3184 #define STAT_DEAUTH 0x8100 /* low byte is 802.11 reason code */
3185 #define STAT_DISASSOC 0x8200 /* low byte is 802.11 reason code */
3186 #define STAT_ASSOC_FAIL 0x8400 /* low byte is 802.11 reason code */
3187 #define STAT_AUTH_FAIL 0x0300 /* low byte is 802.11 reason code */
3188 #define STAT_ASSOC 0x0400 /* Associated */
3189 #define STAT_REASSOC 0x0600 /* Reassociated? Only on firmware >= 5.30.17 */
3190 
3191 static void airo_print_status(const char *devname, u16 status)
3192 {
3193  u8 reason = status & 0xFF;
3194 
3195  switch (status & 0xFF00) {
3196  case STAT_NOBEACON:
3197  switch (status) {
3198  case STAT_NOBEACON:
3199  airo_print_dbg(devname, "link lost (missed beacons)");
3200  break;
3201  case STAT_MAXRETRIES:
3202  case STAT_MAXARL:
3203  airo_print_dbg(devname, "link lost (max retries)");
3204  break;
3205  case STAT_FORCELOSS:
3206  airo_print_dbg(devname, "link lost (local choice)");
3207  break;
3208  case STAT_TSFSYNC:
3209  airo_print_dbg(devname, "link lost (TSF sync lost)");
3210  break;
3211  default:
3212  airo_print_dbg(devname, "unknow status %x\n", status);
3213  break;
3214  }
3215  break;
3216  case STAT_DEAUTH:
3217  airo_print_dbg(devname, "deauthenticated (reason: %d)", reason);
3218  break;
3219  case STAT_DISASSOC:
3220  airo_print_dbg(devname, "disassociated (reason: %d)", reason);
3221  break;
3222  case STAT_ASSOC_FAIL:
3223  airo_print_dbg(devname, "association failed (reason: %d)",
3224  reason);
3225  break;
3226  case STAT_AUTH_FAIL:
3227  airo_print_dbg(devname, "authentication failed (reason: %d)",
3228  reason);
3229  break;
3230  case STAT_ASSOC:
3231  case STAT_REASSOC:
3232  break;
3233  default:
3234  airo_print_dbg(devname, "unknow status %x\n", status);
3235  break;
3236  }
3237 }
3238 
3239 static void airo_handle_link(struct airo_info *ai)
3240 {
3241  union iwreq_data wrqu;
3242  int scan_forceloss = 0;
3243  u16 status;
3244 
3245  /* Get new status and acknowledge the link change */
3246  status = le16_to_cpu(IN4500(ai, LINKSTAT));
3247  OUT4500(ai, EVACK, EV_LINK);
3248 
3249  if ((status == STAT_FORCELOSS) && (ai->scan_timeout > 0))
3250  scan_forceloss = 1;
3251 
3252  airo_print_status(ai->dev->name, status);
3253 
3254  if ((status == STAT_ASSOC) || (status == STAT_REASSOC)) {
3255  if (auto_wep)
3256  ai->expires = 0;
3257  if (ai->list_bss_task)
3259  set_bit(FLAG_UPDATE_UNI, &ai->flags);
3261 
3262  if (down_trylock(&ai->sem) != 0) {
3263  set_bit(JOB_EVENT, &ai->jobs);
3265  } else
3266  airo_send_event(ai->dev);
3267  } else if (!scan_forceloss) {
3268  if (auto_wep && !ai->expires) {
3269  ai->expires = RUN_AT(3*HZ);
3271  }
3272 
3273  /* Send event to user space */
3274  memset(wrqu.ap_addr.sa_data, '\0', ETH_ALEN);
3275  wrqu.ap_addr.sa_family = ARPHRD_ETHER;
3276  wireless_send_event(ai->dev, SIOCGIWAP, &wrqu, NULL);
3277  }
3278 }
3279 
3280 static void airo_handle_rx(struct airo_info *ai)
3281 {
3282  struct sk_buff *skb = NULL;
3283  __le16 fc, v, *buffer, tmpbuf[4];
3284  u16 len, hdrlen = 0, gap, fid;
3285  struct rx_hdr hdr;
3286  int success = 0;
3287 
3288  if (test_bit(FLAG_MPI, &ai->flags)) {
3289  if (test_bit(FLAG_802_11, &ai->flags))
3290  mpi_receive_802_11(ai);
3291  else
3292  mpi_receive_802_3(ai);
3293  OUT4500(ai, EVACK, EV_RX);
3294  return;
3295  }
3296 
3297  fid = IN4500(ai, RXFID);
3298 
3299  /* Get the packet length */
3300  if (test_bit(FLAG_802_11, &ai->flags)) {
3301  bap_setup (ai, fid, 4, BAP0);
3302  bap_read (ai, (__le16*)&hdr, sizeof(hdr), BAP0);
3303  /* Bad CRC. Ignore packet */
3304  if (le16_to_cpu(hdr.status) & 2)
3305  hdr.len = 0;
3306  if (ai->wifidev == NULL)
3307  hdr.len = 0;
3308  } else {
3309  bap_setup(ai, fid, 0x36, BAP0);
3310  bap_read(ai, &hdr.len, 2, BAP0);
3311  }
3312  len = le16_to_cpu(hdr.len);
3313 
3314  if (len > AIRO_DEF_MTU) {
3315  airo_print_err(ai->dev->name, "Bad size %d", len);
3316  goto done;
3317  }
3318  if (len == 0)
3319  goto done;
3320 
3321  if (test_bit(FLAG_802_11, &ai->flags)) {
3322  bap_read(ai, &fc, sizeof (fc), BAP0);
3323  hdrlen = header_len(fc);
3324  } else
3325  hdrlen = ETH_ALEN * 2;
3326 
3327  skb = dev_alloc_skb(len + hdrlen + 2 + 2);
3328  if (!skb) {
3329  ai->dev->stats.rx_dropped++;
3330  goto done;
3331  }
3332 
3333  skb_reserve(skb, 2); /* This way the IP header is aligned */
3334  buffer = (__le16 *) skb_put(skb, len + hdrlen);
3335  if (test_bit(FLAG_802_11, &ai->flags)) {
3336  buffer[0] = fc;
3337  bap_read(ai, buffer + 1, hdrlen - 2, BAP0);
3338  if (hdrlen == 24)
3339  bap_read(ai, tmpbuf, 6, BAP0);
3340 
3341  bap_read(ai, &v, sizeof(v), BAP0);
3342  gap = le16_to_cpu(v);
3343  if (gap) {
3344  if (gap <= 8) {
3345  bap_read(ai, tmpbuf, gap, BAP0);
3346  } else {
3347  airo_print_err(ai->dev->name, "gaplen too "
3348  "big. Problems will follow...");
3349  }
3350  }
3351  bap_read(ai, buffer + hdrlen/2, len, BAP0);
3352  } else {
3353  MICBuffer micbuf;
3354 
3355  bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
3356  if (ai->micstats.enabled) {
3357  bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
3358  if (ntohs(micbuf.typelen) > 0x05DC)
3359  bap_setup(ai, fid, 0x44, BAP0);
3360  else {
3361  if (len <= sizeof (micbuf)) {
3362  dev_kfree_skb_irq(skb);
3363  goto done;
3364  }
3365 
3366  len -= sizeof(micbuf);
3367  skb_trim(skb, len + hdrlen);
3368  }
3369  }
3370 
3371  bap_read(ai, buffer + ETH_ALEN, len, BAP0);
3372  if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
3373  dev_kfree_skb_irq (skb);
3374  else
3375  success = 1;
3376  }
3377 
3378 #ifdef WIRELESS_SPY
3379  if (success && (ai->spy_data.spy_number > 0)) {
3380  char *sa;
3381  struct iw_quality wstats;
3382 
3383  /* Prepare spy data : addr + qual */
3384  if (!test_bit(FLAG_802_11, &ai->flags)) {
3385  sa = (char *) buffer + 6;
3386  bap_setup(ai, fid, 8, BAP0);
3387  bap_read(ai, (__le16 *) hdr.rssi, 2, BAP0);
3388  } else
3389  sa = (char *) buffer + 10;
3390  wstats.qual = hdr.rssi[0];
3391  if (ai->rssi)
3392  wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
3393  else
3394  wstats.level = (hdr.rssi[1] + 321) / 2;
3395  wstats.noise = ai->wstats.qual.noise;
3396  wstats.updated = IW_QUAL_LEVEL_UPDATED
3398  | IW_QUAL_DBM;
3399  /* Update spy records */
3400  wireless_spy_update(ai->dev, sa, &wstats);
3401  }
3402 #endif /* WIRELESS_SPY */
3403 
3404 done:
3405  OUT4500(ai, EVACK, EV_RX);
3406 
3407  if (success) {
3408  if (test_bit(FLAG_802_11, &ai->flags)) {
3409  skb_reset_mac_header(skb);
3410  skb->pkt_type = PACKET_OTHERHOST;
3411  skb->dev = ai->wifidev;
3412  skb->protocol = htons(ETH_P_802_2);
3413  } else
3414  skb->protocol = eth_type_trans(skb, ai->dev);
3415  skb->ip_summed = CHECKSUM_NONE;
3416 
3417  netif_rx(skb);
3418  }
3419 }
3420 
3421 static void airo_handle_tx(struct airo_info *ai, u16 status)
3422 {
3423  int i, len = 0, index = -1;
3424  u16 fid;
3425 
3426  if (test_bit(FLAG_MPI, &ai->flags)) {
3427  unsigned long flags;
3428 
3429  if (status & EV_TXEXC)
3430  get_tx_error(ai, -1);
3431 
3432  spin_lock_irqsave(&ai->aux_lock, flags);
3433  if (!skb_queue_empty(&ai->txq)) {
3434  spin_unlock_irqrestore(&ai->aux_lock,flags);
3435  mpi_send_packet(ai->dev);
3436  } else {
3438  spin_unlock_irqrestore(&ai->aux_lock,flags);
3439  netif_wake_queue(ai->dev);
3440  }
3441  OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
3442  return;
3443  }
3444 
3445  fid = IN4500(ai, TXCOMPLFID);
3446 
3447  for(i = 0; i < MAX_FIDS; i++) {
3448  if ((ai->fids[i] & 0xffff) == fid) {
3449  len = ai->fids[i] >> 16;
3450  index = i;
3451  }
3452  }
3453 
3454  if (index != -1) {
3455  if (status & EV_TXEXC)
3456  get_tx_error(ai, index);
3457 
3458  OUT4500(ai, EVACK, status & (EV_TX | EV_TXEXC));
3459 
3460  /* Set up to be used again */
3461  ai->fids[index] &= 0xffff;
3462  if (index < MAX_FIDS / 2) {
3463  if (!test_bit(FLAG_PENDING_XMIT, &ai->flags))
3464  netif_wake_queue(ai->dev);
3465  } else {
3466  if (!test_bit(FLAG_PENDING_XMIT11, &ai->flags))
3467  netif_wake_queue(ai->wifidev);
3468  }
3469  } else {
3470  OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
3471  airo_print_err(ai->dev->name, "Unallocated FID was used to xmit");
3472  }
3473 }
3474 
3475 static irqreturn_t airo_interrupt(int irq, void *dev_id)
3476 {
3477  struct net_device *dev = dev_id;
3478  u16 status, savedInterrupts = 0;
3479  struct airo_info *ai = dev->ml_priv;
3480  int handled = 0;
3481 
3482  if (!netif_device_present(dev))
3483  return IRQ_NONE;
3484 
3485  for (;;) {
3486  status = IN4500(ai, EVSTAT);
3487  if (!(status & STATUS_INTS) || (status == 0xffff))
3488  break;
3489 
3490  handled = 1;
3491 
3492  if (status & EV_AWAKE) {
3493  OUT4500(ai, EVACK, EV_AWAKE);
3494  OUT4500(ai, EVACK, EV_AWAKE);
3495  }
3496 
3497  if (!savedInterrupts) {
3498  savedInterrupts = IN4500(ai, EVINTEN);
3499  OUT4500(ai, EVINTEN, 0);
3500  }
3501 
3502  if (status & EV_MIC) {
3503  OUT4500(ai, EVACK, EV_MIC);
3504  airo_handle_cisco_mic(ai);
3505  }
3506 
3507  if (status & EV_LINK) {
3508  /* Link status changed */
3509  airo_handle_link(ai);
3510  }
3511 
3512  /* Check to see if there is something to receive */
3513  if (status & EV_RX)
3514  airo_handle_rx(ai);
3515 
3516  /* Check to see if a packet has been transmitted */
3517  if (status & (EV_TX | EV_TXCPY | EV_TXEXC))
3518  airo_handle_tx(ai, status);
3519 
3520  if ( status & ~STATUS_INTS & ~IGNORE_INTS ) {
3521  airo_print_warn(ai->dev->name, "Got weird status %x",
3522  status & ~STATUS_INTS & ~IGNORE_INTS );
3523  }
3524  }
3525 
3526  if (savedInterrupts)
3527  OUT4500(ai, EVINTEN, savedInterrupts);
3528 
3529  return IRQ_RETVAL(handled);
3530 }
3531 
3532 /*
3533  * Routines to talk to the card
3534  */
3535 
3536 /*
3537  * This was originally written for the 4500, hence the name
3538  * NOTE: If use with 8bit mode and SMP bad things will happen!
3539  * Why would some one do 8 bit IO in an SMP machine?!?
3540  */
3541 static void OUT4500( struct airo_info *ai, u16 reg, u16 val ) {
3542  if (test_bit(FLAG_MPI,&ai->flags))
3543  reg <<= 1;
3544  if ( !do8bitIO )
3545  outw( val, ai->dev->base_addr + reg );
3546  else {
3547  outb( val & 0xff, ai->dev->base_addr + reg );
3548  outb( val >> 8, ai->dev->base_addr + reg + 1 );
3549  }
3550 }
3551 
3552 static u16 IN4500( struct airo_info *ai, u16 reg ) {
3553  unsigned short rc;
3554 
3555  if (test_bit(FLAG_MPI,&ai->flags))
3556  reg <<= 1;
3557  if ( !do8bitIO )
3558  rc = inw( ai->dev->base_addr + reg );
3559  else {
3560  rc = inb( ai->dev->base_addr + reg );
3561  rc += ((int)inb( ai->dev->base_addr + reg + 1 )) << 8;
3562  }
3563  return rc;
3564 }
3565 
3566 static int enable_MAC(struct airo_info *ai, int lock)
3567 {
3568  int rc;
3569  Cmd cmd;
3570  Resp rsp;
3571 
3572  /* FLAG_RADIO_OFF : Radio disabled via /proc or Wireless Extensions
3573  * FLAG_RADIO_DOWN : Radio disabled via "ifconfig ethX down"
3574  * Note : we could try to use !netif_running(dev) in enable_MAC()
3575  * instead of this flag, but I don't trust it *within* the
3576  * open/close functions, and testing both flags together is
3577  * "cheaper" - Jean II */
3578  if (ai->flags & FLAG_RADIO_MASK) return SUCCESS;
3579 
3580  if (lock && down_interruptible(&ai->sem))
3581  return -ERESTARTSYS;
3582 
3583  if (!test_bit(FLAG_ENABLED, &ai->flags)) {
3584  memset(&cmd, 0, sizeof(cmd));
3585  cmd.cmd = MAC_ENABLE;
3586  rc = issuecommand(ai, &cmd, &rsp);
3587  if (rc == SUCCESS)
3588  set_bit(FLAG_ENABLED, &ai->flags);
3589  } else
3590  rc = SUCCESS;
3591 
3592  if (lock)
3593  up(&ai->sem);
3594 
3595  if (rc)
3596  airo_print_err(ai->dev->name, "Cannot enable MAC");
3597  else if ((rsp.status & 0xFF00) != 0) {
3598  airo_print_err(ai->dev->name, "Bad MAC enable reason=%x, "
3599  "rid=%x, offset=%d", rsp.rsp0, rsp.rsp1, rsp.rsp2);
3600  rc = ERROR;
3601  }
3602  return rc;
3603 }
3604 
3605 static void disable_MAC( struct airo_info *ai, int lock ) {
3606  Cmd cmd;
3607  Resp rsp;
3608 
3609  if (lock && down_interruptible(&ai->sem))
3610  return;
3611 
3612  if (test_bit(FLAG_ENABLED, &ai->flags)) {
3613  memset(&cmd, 0, sizeof(cmd));
3614  cmd.cmd = MAC_DISABLE; // disable in case already enabled
3615  issuecommand(ai, &cmd, &rsp);
3616  clear_bit(FLAG_ENABLED, &ai->flags);
3617  }
3618  if (lock)
3619  up(&ai->sem);
3620 }
3621 
3622 static void enable_interrupts( struct airo_info *ai ) {
3623  /* Enable the interrupts */
3624  OUT4500( ai, EVINTEN, STATUS_INTS );
3625 }
3626 
3627 static void disable_interrupts( struct airo_info *ai ) {
3628  OUT4500( ai, EVINTEN, 0 );
3629 }
3630 
3631 static void mpi_receive_802_3(struct airo_info *ai)
3632 {
3633  RxFid rxd;
3634  int len = 0;
3635  struct sk_buff *skb;
3636  char *buffer;
3637  int off = 0;
3638  MICBuffer micbuf;
3639 
3640  memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
3641  /* Make sure we got something */
3642  if (rxd.rdy && rxd.valid == 0) {
3643  len = rxd.len + 12;
3644  if (len < 12 || len > 2048)
3645  goto badrx;
3646 
3647  skb = dev_alloc_skb(len);
3648  if (!skb) {
3649  ai->dev->stats.rx_dropped++;
3650  goto badrx;
3651  }
3652  buffer = skb_put(skb,len);
3653  memcpy(buffer, ai->rxfids[0].virtual_host_addr, ETH_ALEN * 2);
3654  if (ai->micstats.enabled) {
3655  memcpy(&micbuf,
3656  ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2,
3657  sizeof(micbuf));
3658  if (ntohs(micbuf.typelen) <= 0x05DC) {
3659  if (len <= sizeof(micbuf) + ETH_ALEN * 2)
3660  goto badmic;
3661 
3662  off = sizeof(micbuf);
3663  skb_trim (skb, len - off);
3664  }
3665  }
3666  memcpy(buffer + ETH_ALEN * 2,
3667  ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2 + off,
3668  len - ETH_ALEN * 2 - off);
3669  if (decapsulate (ai, &micbuf, (etherHead*)buffer, len - off - ETH_ALEN * 2)) {
3670 badmic:
3671  dev_kfree_skb_irq (skb);
3672  goto badrx;
3673  }
3674 #ifdef WIRELESS_SPY
3675  if (ai->spy_data.spy_number > 0) {
3676  char *sa;
3677  struct iw_quality wstats;
3678  /* Prepare spy data : addr + qual */
3679  sa = buffer + ETH_ALEN;
3680  wstats.qual = 0; /* XXX Where do I get that info from ??? */
3681  wstats.level = 0;
3682  wstats.updated = 0;
3683  /* Update spy records */
3684  wireless_spy_update(ai->dev, sa, &wstats);
3685  }
3686 #endif /* WIRELESS_SPY */
3687 
3688  skb->ip_summed = CHECKSUM_NONE;
3689  skb->protocol = eth_type_trans(skb, ai->dev);
3690  netif_rx(skb);
3691  }
3692 badrx:
3693  if (rxd.valid == 0) {
3694  rxd.valid = 1;
3695  rxd.rdy = 0;
3696  rxd.len = PKTSIZE;
3697  memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
3698  }
3699 }
3700 
3701 static void mpi_receive_802_11(struct airo_info *ai)
3702 {
3703  RxFid rxd;
3704  struct sk_buff *skb = NULL;
3705  u16 len, hdrlen = 0;
3706  __le16 fc;
3707  struct rx_hdr hdr;
3708  u16 gap;
3709  u16 *buffer;
3710  char *ptr = ai->rxfids[0].virtual_host_addr + 4;
3711 
3712  memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
3713  memcpy ((char *)&hdr, ptr, sizeof(hdr));
3714  ptr += sizeof(hdr);
3715  /* Bad CRC. Ignore packet */
3716  if (le16_to_cpu(hdr.status) & 2)
3717  hdr.len = 0;
3718  if (ai->wifidev == NULL)
3719  hdr.len = 0;
3720  len = le16_to_cpu(hdr.len);
3721  if (len > AIRO_DEF_MTU) {
3722  airo_print_err(ai->dev->name, "Bad size %d", len);
3723  goto badrx;
3724  }
3725  if (len == 0)
3726  goto badrx;
3727 
3728  fc = get_unaligned((__le16 *)ptr);
3729  hdrlen = header_len(fc);
3730 
3731  skb = dev_alloc_skb( len + hdrlen + 2 );
3732  if ( !skb ) {
3733  ai->dev->stats.rx_dropped++;
3734  goto badrx;
3735  }
3736  buffer = (u16*)skb_put (skb, len + hdrlen);
3737  memcpy ((char *)buffer, ptr, hdrlen);
3738  ptr += hdrlen;
3739  if (hdrlen == 24)
3740  ptr += 6;
3741  gap = get_unaligned_le16(ptr);
3742  ptr += sizeof(__le16);
3743  if (gap) {
3744  if (gap <= 8)
3745  ptr += gap;
3746  else
3747  airo_print_err(ai->dev->name,
3748  "gaplen too big. Problems will follow...");
3749  }
3750  memcpy ((char *)buffer + hdrlen, ptr, len);
3751  ptr += len;
3752 #ifdef IW_WIRELESS_SPY /* defined in iw_handler.h */
3753  if (ai->spy_data.spy_number > 0) {
3754  char *sa;
3755  struct iw_quality wstats;
3756  /* Prepare spy data : addr + qual */
3757  sa = (char*)buffer + 10;
3758  wstats.qual = hdr.rssi[0];
3759  if (ai->rssi)
3760  wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
3761  else
3762  wstats.level = (hdr.rssi[1] + 321) / 2;
3763  wstats.noise = ai->wstats.qual.noise;
3764  wstats.updated = IW_QUAL_QUAL_UPDATED
3766  | IW_QUAL_DBM;
3767  /* Update spy records */
3768  wireless_spy_update(ai->dev, sa, &wstats);
3769  }
3770 #endif /* IW_WIRELESS_SPY */
3771  skb_reset_mac_header(skb);
3772  skb->pkt_type = PACKET_OTHERHOST;
3773  skb->dev = ai->wifidev;
3774  skb->protocol = htons(ETH_P_802_2);
3775  skb->ip_summed = CHECKSUM_NONE;
3776  netif_rx( skb );
3777 
3778 badrx:
3779  if (rxd.valid == 0) {
3780  rxd.valid = 1;
3781  rxd.rdy = 0;
3782  rxd.len = PKTSIZE;
3783  memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
3784  }
3785 }
3786 
3787 static u16 setup_card(struct airo_info *ai, u8 *mac, int lock)
3788 {
3789  Cmd cmd;
3790  Resp rsp;
3791  int status;
3792  SsidRid mySsid;
3793  __le16 lastindex;
3794  WepKeyRid wkr;
3795  int rc;
3796 
3797  memset( &mySsid, 0, sizeof( mySsid ) );
3798  kfree (ai->flash);
3799  ai->flash = NULL;
3800 
3801  /* The NOP is the first step in getting the card going */
3802  cmd.cmd = NOP;
3803  cmd.parm0 = cmd.parm1 = cmd.parm2 = 0;
3804  if (lock && down_interruptible(&ai->sem))
3805  return ERROR;
3806  if ( issuecommand( ai, &cmd, &rsp ) != SUCCESS ) {
3807  if (lock)
3808  up(&ai->sem);
3809  return ERROR;
3810  }
3811  disable_MAC( ai, 0);
3812 
3813  // Let's figure out if we need to use the AUX port
3814  if (!test_bit(FLAG_MPI,&ai->flags)) {
3815  cmd.cmd = CMD_ENABLEAUX;
3816  if (issuecommand(ai, &cmd, &rsp) != SUCCESS) {
3817  if (lock)
3818  up(&ai->sem);
3819  airo_print_err(ai->dev->name, "Error checking for AUX port");
3820  return ERROR;
3821  }
3822  if (!aux_bap || rsp.status & 0xff00) {
3823  ai->bap_read = fast_bap_read;
3824  airo_print_dbg(ai->dev->name, "Doing fast bap_reads");
3825  } else {
3826  ai->bap_read = aux_bap_read;
3827  airo_print_dbg(ai->dev->name, "Doing AUX bap_reads");
3828  }
3829  }
3830  if (lock)
3831  up(&ai->sem);
3832  if (ai->config.len == 0) {
3833  int i;
3834  tdsRssiRid rssi_rid;
3835  CapabilityRid cap_rid;
3836 
3837  kfree(ai->APList);
3838  ai->APList = NULL;
3839  kfree(ai->SSID);
3840  ai->SSID = NULL;
3841  // general configuration (read/modify/write)
3842  status = readConfigRid(ai, lock);
3843  if ( status != SUCCESS ) return ERROR;
3844 
3845  status = readCapabilityRid(ai, &cap_rid, lock);
3846  if ( status != SUCCESS ) return ERROR;
3847 
3848  status = PC4500_readrid(ai,RID_RSSI,&rssi_rid,sizeof(rssi_rid),lock);
3849  if ( status == SUCCESS ) {
3850  if (ai->rssi || (ai->rssi = kmalloc(512, GFP_KERNEL)) != NULL)
3851  memcpy(ai->rssi, (u8*)&rssi_rid + 2, 512); /* Skip RID length member */
3852  }
3853  else {
3854  kfree(ai->rssi);
3855  ai->rssi = NULL;
3856  if (cap_rid.softCap & cpu_to_le16(8))
3858  else
3859  airo_print_warn(ai->dev->name, "unknown received signal "
3860  "level scale");
3861  }
3862  ai->config.opmode = adhoc ? MODE_STA_IBSS : MODE_STA_ESS;
3863  ai->config.authType = AUTH_OPEN;
3864  ai->config.modulation = MOD_CCK;
3865 
3866  if (le16_to_cpu(cap_rid.len) >= sizeof(cap_rid) &&
3867  (cap_rid.extSoftCap & cpu_to_le16(1)) &&
3868  micsetup(ai) == SUCCESS) {
3869  ai->config.opmode |= MODE_MIC;
3871  }
3872 
3873  /* Save off the MAC */
3874  for( i = 0; i < ETH_ALEN; i++ ) {
3875  mac[i] = ai->config.macAddr[i];
3876  }
3877 
3878  /* Check to see if there are any insmod configured
3879  rates to add */
3880  if ( rates[0] ) {
3881  memset(ai->config.rates,0,sizeof(ai->config.rates));
3882  for( i = 0; i < 8 && rates[i]; i++ ) {
3883  ai->config.rates[i] = rates[i];
3884  }
3885  }
3886  set_bit (FLAG_COMMIT, &ai->flags);
3887  }
3888 
3889  /* Setup the SSIDs if present */
3890  if ( ssids[0] ) {
3891  int i;
3892  for( i = 0; i < 3 && ssids[i]; i++ ) {
3893  size_t len = strlen(ssids[i]);
3894  if (len > 32)
3895  len = 32;
3896  mySsid.ssids[i].len = cpu_to_le16(len);
3897  memcpy(mySsid.ssids[i].ssid, ssids[i], len);
3898  }
3899  mySsid.len = cpu_to_le16(sizeof(mySsid));
3900  }
3901 
3902  status = writeConfigRid(ai, lock);
3903  if ( status != SUCCESS ) return ERROR;
3904 
3905  /* Set up the SSID list */
3906  if ( ssids[0] ) {
3907  status = writeSsidRid(ai, &mySsid, lock);
3908  if ( status != SUCCESS ) return ERROR;
3909  }
3910 
3911  status = enable_MAC(ai, lock);
3912  if (status != SUCCESS)
3913  return ERROR;
3914 
3915  /* Grab the initial wep key, we gotta save it for auto_wep */
3916  rc = readWepKeyRid(ai, &wkr, 1, lock);
3917  if (rc == SUCCESS) do {
3918  lastindex = wkr.kindex;
3919  if (wkr.kindex == cpu_to_le16(0xffff)) {
3920  ai->defindex = wkr.mac[0];
3921  }
3922  rc = readWepKeyRid(ai, &wkr, 0, lock);
3923  } while(lastindex != wkr.kindex);
3924 
3925  try_auto_wep(ai);
3926 
3927  return SUCCESS;
3928 }
3929 
3930 static u16 issuecommand(struct airo_info *ai, Cmd *pCmd, Resp *pRsp) {
3931  // Im really paranoid about letting it run forever!
3932  int max_tries = 600000;
3933 
3934  if (IN4500(ai, EVSTAT) & EV_CMD)
3935  OUT4500(ai, EVACK, EV_CMD);
3936 
3937  OUT4500(ai, PARAM0, pCmd->parm0);
3938  OUT4500(ai, PARAM1, pCmd->parm1);
3939  OUT4500(ai, PARAM2, pCmd->parm2);
3940  OUT4500(ai, COMMAND, pCmd->cmd);
3941 
3942  while (max_tries-- && (IN4500(ai, EVSTAT) & EV_CMD) == 0) {
3943  if ((IN4500(ai, COMMAND)) == pCmd->cmd)
3944  // PC4500 didn't notice command, try again
3945  OUT4500(ai, COMMAND, pCmd->cmd);
3946  if (!in_atomic() && (max_tries & 255) == 0)
3947  schedule();
3948  }
3949 
3950  if ( max_tries == -1 ) {
3951  airo_print_err(ai->dev->name,
3952  "Max tries exceeded when issuing command");
3953  if (IN4500(ai, COMMAND) & COMMAND_BUSY)
3954  OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
3955  return ERROR;
3956  }
3957 
3958  // command completed
3959  pRsp->status = IN4500(ai, STATUS);
3960  pRsp->rsp0 = IN4500(ai, RESP0);
3961  pRsp->rsp1 = IN4500(ai, RESP1);
3962  pRsp->rsp2 = IN4500(ai, RESP2);
3963  if ((pRsp->status & 0xff00)!=0 && pCmd->cmd != CMD_SOFTRESET)
3964  airo_print_err(ai->dev->name,
3965  "cmd:%x status:%x rsp0:%x rsp1:%x rsp2:%x",
3966  pCmd->cmd, pRsp->status, pRsp->rsp0, pRsp->rsp1,
3967  pRsp->rsp2);
3968 
3969  // clear stuck command busy if necessary
3970  if (IN4500(ai, COMMAND) & COMMAND_BUSY) {
3971  OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
3972  }
3973  // acknowledge processing the status/response
3974  OUT4500(ai, EVACK, EV_CMD);
3975 
3976  return SUCCESS;
3977 }
3978 
3979 /* Sets up the bap to start exchange data. whichbap should
3980  * be one of the BAP0 or BAP1 defines. Locks should be held before
3981  * calling! */
3982 static int bap_setup(struct airo_info *ai, u16 rid, u16 offset, int whichbap )
3983 {
3984  int timeout = 50;
3985  int max_tries = 3;
3986 
3987  OUT4500(ai, SELECT0+whichbap, rid);
3988  OUT4500(ai, OFFSET0+whichbap, offset);
3989  while (1) {
3990  int status = IN4500(ai, OFFSET0+whichbap);
3991  if (status & BAP_BUSY) {
3992  /* This isn't really a timeout, but its kinda
3993  close */
3994  if (timeout--) {
3995  continue;
3996  }
3997  } else if ( status & BAP_ERR ) {
3998  /* invalid rid or offset */
3999  airo_print_err(ai->dev->name, "BAP error %x %d",
4000  status, whichbap );
4001  return ERROR;
4002  } else if (status & BAP_DONE) { // success
4003  return SUCCESS;
4004  }
4005  if ( !(max_tries--) ) {
4006  airo_print_err(ai->dev->name,
4007  "BAP setup error too many retries\n");
4008  return ERROR;
4009  }
4010  // -- PC4500 missed it, try again
4011  OUT4500(ai, SELECT0+whichbap, rid);
4012  OUT4500(ai, OFFSET0+whichbap, offset);
4013  timeout = 50;
4014  }
4015 }
4016 
4017 /* should only be called by aux_bap_read. This aux function and the
4018  following use concepts not documented in the developers guide. I
4019  got them from a patch given to my by Aironet */
4020 static u16 aux_setup(struct airo_info *ai, u16 page,
4021  u16 offset, u16 *len)
4022 {
4023  u16 next;
4024 
4025  OUT4500(ai, AUXPAGE, page);
4026  OUT4500(ai, AUXOFF, 0);
4027  next = IN4500(ai, AUXDATA);
4028  *len = IN4500(ai, AUXDATA)&0xff;
4029  if (offset != 4) OUT4500(ai, AUXOFF, offset);
4030  return next;
4031 }
4032 
4033 /* requires call to bap_setup() first */
4034 static int aux_bap_read(struct airo_info *ai, __le16 *pu16Dst,
4035  int bytelen, int whichbap)
4036 {
4037  u16 len;
4038  u16 page;
4039  u16 offset;
4040  u16 next;
4041  int words;
4042  int i;
4043  unsigned long flags;
4044 
4045  spin_lock_irqsave(&ai->aux_lock, flags);
4046  page = IN4500(ai, SWS0+whichbap);
4047  offset = IN4500(ai, SWS2+whichbap);
4048  next = aux_setup(ai, page, offset, &len);
4049  words = (bytelen+1)>>1;
4050 
4051  for (i=0; i<words;) {
4052  int count;
4053  count = (len>>1) < (words-i) ? (len>>1) : (words-i);
4054  if ( !do8bitIO )
4055  insw( ai->dev->base_addr+DATA0+whichbap,
4056  pu16Dst+i,count );
4057  else
4058  insb( ai->dev->base_addr+DATA0+whichbap,
4059  pu16Dst+i, count << 1 );
4060  i += count;
4061  if (i<words) {
4062  next = aux_setup(ai, next, 4, &len);
4063  }
4064  }
4065  spin_unlock_irqrestore(&ai->aux_lock, flags);
4066  return SUCCESS;
4067 }
4068 
4069 
4070 /* requires call to bap_setup() first */
4071 static int fast_bap_read(struct airo_info *ai, __le16 *pu16Dst,
4072  int bytelen, int whichbap)
4073 {
4074  bytelen = (bytelen + 1) & (~1); // round up to even value
4075  if ( !do8bitIO )
4076  insw( ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen>>1 );
4077  else
4078  insb( ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen );
4079  return SUCCESS;
4080 }
4081 
4082 /* requires call to bap_setup() first */
4083 static int bap_write(struct airo_info *ai, const __le16 *pu16Src,
4084  int bytelen, int whichbap)
4085 {
4086  bytelen = (bytelen + 1) & (~1); // round up to even value
4087  if ( !do8bitIO )
4088  outsw( ai->dev->base_addr+DATA0+whichbap,
4089  pu16Src, bytelen>>1 );
4090  else
4091  outsb( ai->dev->base_addr+DATA0+whichbap, pu16Src, bytelen );
4092  return SUCCESS;
4093 }
4094 
4095 static int PC4500_accessrid(struct airo_info *ai, u16 rid, u16 accmd)
4096 {
4097  Cmd cmd; /* for issuing commands */
4098  Resp rsp; /* response from commands */
4099  u16 status;
4100 
4101  memset(&cmd, 0, sizeof(cmd));
4102  cmd.cmd = accmd;
4103  cmd.parm0 = rid;
4104  status = issuecommand(ai, &cmd, &rsp);
4105  if (status != 0) return status;
4106  if ( (rsp.status & 0x7F00) != 0) {
4107  return (accmd << 8) + (rsp.rsp0 & 0xFF);
4108  }
4109  return 0;
4110 }
4111 
4112 /* Note, that we are using BAP1 which is also used by transmit, so
4113  * we must get a lock. */
4114 static int PC4500_readrid(struct airo_info *ai, u16 rid, void *pBuf, int len, int lock)
4115 {
4116  u16 status;
4117  int rc = SUCCESS;
4118 
4119  if (lock) {
4120  if (down_interruptible(&ai->sem))
4121  return ERROR;
4122  }
4123  if (test_bit(FLAG_MPI,&ai->flags)) {
4124  Cmd cmd;
4125  Resp rsp;
4126 
4127  memset(&cmd, 0, sizeof(cmd));
4128  memset(&rsp, 0, sizeof(rsp));
4129  ai->config_desc.rid_desc.valid = 1;
4131  ai->config_desc.rid_desc.rid = 0;
4133 
4134  cmd.cmd = CMD_ACCESS;
4135  cmd.parm0 = rid;
4136 
4138  &ai->config_desc.rid_desc, sizeof(Rid));
4139 
4140  rc = issuecommand(ai, &cmd, &rsp);
4141 
4142  if (rsp.status & 0x7f00)
4143  rc = rsp.rsp0;
4144  if (!rc)
4145  memcpy(pBuf, ai->config_desc.virtual_host_addr, len);
4146  goto done;
4147  } else {
4148  if ((status = PC4500_accessrid(ai, rid, CMD_ACCESS))!=SUCCESS) {
4149  rc = status;
4150  goto done;
4151  }
4152  if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
4153  rc = ERROR;
4154  goto done;
4155  }
4156  // read the rid length field
4157  bap_read(ai, pBuf, 2, BAP1);
4158  // length for remaining part of rid
4159  len = min(len, (int)le16_to_cpu(*(__le16*)pBuf)) - 2;
4160 
4161  if ( len <= 2 ) {
4162  airo_print_err(ai->dev->name,
4163  "Rid %x has a length of %d which is too short",
4164  (int)rid, (int)len );
4165  rc = ERROR;
4166  goto done;
4167  }
4168  // read remainder of the rid
4169  rc = bap_read(ai, ((__le16*)pBuf)+1, len, BAP1);
4170  }
4171 done:
4172  if (lock)
4173  up(&ai->sem);
4174  return rc;
4175 }
4176 
4177 /* Note, that we are using BAP1 which is also used by transmit, so
4178  * make sure this isn't called when a transmit is happening */
4179 static int PC4500_writerid(struct airo_info *ai, u16 rid,
4180  const void *pBuf, int len, int lock)
4181 {
4182  u16 status;
4183  int rc = SUCCESS;
4184 
4185  *(__le16*)pBuf = cpu_to_le16((u16)len);
4186 
4187  if (lock) {
4188  if (down_interruptible(&ai->sem))
4189  return ERROR;
4190  }
4191  if (test_bit(FLAG_MPI,&ai->flags)) {
4192  Cmd cmd;
4193  Resp rsp;
4194 
4195  if (test_bit(FLAG_ENABLED, &ai->flags) && (RID_WEP_TEMP != rid))
4196  airo_print_err(ai->dev->name,
4197  "%s: MAC should be disabled (rid=%04x)",
4198  __func__, rid);
4199  memset(&cmd, 0, sizeof(cmd));
4200  memset(&rsp, 0, sizeof(rsp));
4201 
4202  ai->config_desc.rid_desc.valid = 1;
4203  ai->config_desc.rid_desc.len = *((u16 *)pBuf);
4204  ai->config_desc.rid_desc.rid = 0;
4205 
4206  cmd.cmd = CMD_WRITERID;
4207  cmd.parm0 = rid;
4208 
4210  &ai->config_desc.rid_desc, sizeof(Rid));
4211 
4212  if (len < 4 || len > 2047) {
4213  airo_print_err(ai->dev->name, "%s: len=%d", __func__, len);
4214  rc = -1;
4215  } else {
4217  pBuf, len);
4218 
4219  rc = issuecommand(ai, &cmd, &rsp);
4220  if ((rc & 0xff00) != 0) {
4221  airo_print_err(ai->dev->name, "%s: Write rid Error %d",
4222  __func__, rc);
4223  airo_print_err(ai->dev->name, "%s: Cmd=%04x",
4224  __func__, cmd.cmd);
4225  }
4226 
4227  if ((rsp.status & 0x7f00))
4228  rc = rsp.rsp0;
4229  }
4230  } else {
4231  // --- first access so that we can write the rid data
4232  if ( (status = PC4500_accessrid(ai, rid, CMD_ACCESS)) != 0) {
4233  rc = status;
4234  goto done;
4235  }
4236  // --- now write the rid data
4237  if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
4238  rc = ERROR;
4239  goto done;
4240  }
4241  bap_write(ai, pBuf, len, BAP1);
4242  // ---now commit the rid data
4243  rc = PC4500_accessrid(ai, rid, 0x100|CMD_ACCESS);
4244  }
4245 done:
4246  if (lock)
4247  up(&ai->sem);
4248  return rc;
4249 }
4250 
4251 /* Allocates a FID to be used for transmitting packets. We only use
4252  one for now. */
4253 static u16 transmit_allocate(struct airo_info *ai, int lenPayload, int raw)
4254 {
4255  unsigned int loop = 3000;
4256  Cmd cmd;
4257  Resp rsp;
4258  u16 txFid;
4259  __le16 txControl;
4260 
4261  cmd.cmd = CMD_ALLOCATETX;
4262  cmd.parm0 = lenPayload;
4263  if (down_interruptible(&ai->sem))
4264  return ERROR;
4265  if (issuecommand(ai, &cmd, &rsp) != SUCCESS) {
4266  txFid = ERROR;
4267  goto done;
4268  }
4269  if ( (rsp.status & 0xFF00) != 0) {
4270  txFid = ERROR;
4271  goto done;
4272  }
4273  /* wait for the allocate event/indication
4274  * It makes me kind of nervous that this can just sit here and spin,
4275  * but in practice it only loops like four times. */
4276  while (((IN4500(ai, EVSTAT) & EV_ALLOC) == 0) && --loop);
4277  if (!loop) {
4278  txFid = ERROR;
4279  goto done;
4280  }
4281 
4282  // get the allocated fid and acknowledge
4283  txFid = IN4500(ai, TXALLOCFID);
4284  OUT4500(ai, EVACK, EV_ALLOC);
4285 
4286  /* The CARD is pretty cool since it converts the ethernet packet
4287  * into 802.11. Also note that we don't release the FID since we
4288  * will be using the same one over and over again. */
4289  /* We only have to setup the control once since we are not
4290  * releasing the fid. */
4291  if (raw)
4294  else
4297  if (bap_setup(ai, txFid, 0x0008, BAP1) != SUCCESS)
4298  txFid = ERROR;
4299  else
4300  bap_write(ai, &txControl, sizeof(txControl), BAP1);
4301 
4302 done:
4303  up(&ai->sem);
4304 
4305  return txFid;
4306 }
4307 
4308 /* In general BAP1 is dedicated to transmiting packets. However,
4309  since we need a BAP when accessing RIDs, we also use BAP1 for that.
4310  Make sure the BAP1 spinlock is held when this is called. */
4311 static int transmit_802_3_packet(struct airo_info *ai, int len, char *pPacket)
4312 {
4313  __le16 payloadLen;
4314  Cmd cmd;
4315  Resp rsp;
4316  int miclen = 0;
4317  u16 txFid = len;
4318  MICBuffer pMic;
4319 
4320  len >>= 16;
4321 
4322  if (len <= ETH_ALEN * 2) {
4323  airo_print_warn(ai->dev->name, "Short packet %d", len);
4324  return ERROR;
4325  }
4326  len -= ETH_ALEN * 2;
4327 
4328  if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
4329  (ntohs(((__be16 *)pPacket)[6]) != 0x888E)) {
4330  if (encapsulate(ai,(etherHead *)pPacket,&pMic,len) != SUCCESS)
4331  return ERROR;
4332  miclen = sizeof(pMic);
4333  }
4334  // packet is destination[6], source[6], payload[len-12]
4335  // write the payload length and dst/src/payload
4336  if (bap_setup(ai, txFid, 0x0036, BAP1) != SUCCESS) return ERROR;
4337  /* The hardware addresses aren't counted as part of the payload, so
4338  * we have to subtract the 12 bytes for the addresses off */
4339  payloadLen = cpu_to_le16(len + miclen);
4340  bap_write(ai, &payloadLen, sizeof(payloadLen),BAP1);
4341  bap_write(ai, (__le16*)pPacket, sizeof(etherHead), BAP1);
4342  if (miclen)
4343  bap_write(ai, (__le16*)&pMic, miclen, BAP1);
4344  bap_write(ai, (__le16*)(pPacket + sizeof(etherHead)), len, BAP1);
4345  // issue the transmit command
4346  memset( &cmd, 0, sizeof( cmd ) );
4347  cmd.cmd = CMD_TRANSMIT;
4348  cmd.parm0 = txFid;
4349  if (issuecommand(ai, &cmd, &rsp) != SUCCESS) return ERROR;
4350  if ( (rsp.status & 0xFF00) != 0) return ERROR;
4351  return SUCCESS;
4352 }
4353 
4354 static int transmit_802_11_packet(struct airo_info *ai, int len, char *pPacket)
4355 {
4356  __le16 fc, payloadLen;
4357  Cmd cmd;
4358  Resp rsp;
4359  int hdrlen;
4360  static u8 tail[(30-10) + 2 + 6] = {[30-10] = 6};
4361  /* padding of header to full size + le16 gaplen (6) + gaplen bytes */
4362  u16 txFid = len;
4363  len >>= 16;
4364 
4365  fc = *(__le16*)pPacket;
4366  hdrlen = header_len(fc);
4367 
4368  if (len < hdrlen) {
4369  airo_print_warn(ai->dev->name, "Short packet %d", len);
4370  return ERROR;
4371  }
4372 
4373  /* packet is 802.11 header + payload
4374  * write the payload length and dst/src/payload */
4375  if (bap_setup(ai, txFid, 6, BAP1) != SUCCESS) return ERROR;
4376  /* The 802.11 header aren't counted as part of the payload, so
4377  * we have to subtract the header bytes off */
4378  payloadLen = cpu_to_le16(len-hdrlen);
4379  bap_write(ai, &payloadLen, sizeof(payloadLen),BAP1);
4380  if (bap_setup(ai, txFid, 0x0014, BAP1) != SUCCESS) return ERROR;
4381  bap_write(ai, (__le16 *)pPacket, hdrlen, BAP1);
4382  bap_write(ai, (__le16 *)(tail + (hdrlen - 10)), 38 - hdrlen, BAP1);
4383 
4384  bap_write(ai, (__le16 *)(pPacket + hdrlen), len - hdrlen, BAP1);
4385  // issue the transmit command
4386  memset( &cmd, 0, sizeof( cmd ) );
4387  cmd.cmd = CMD_TRANSMIT;
4388  cmd.parm0 = txFid;
4389  if (issuecommand(ai, &cmd, &rsp) != SUCCESS) return ERROR;
4390  if ( (rsp.status & 0xFF00) != 0) return ERROR;
4391  return SUCCESS;
4392 }
4393 
4394 /*
4395  * This is the proc_fs routines. It is a bit messier than I would
4396  * like! Feel free to clean it up!
4397  */
4398 
4399 static ssize_t proc_read( struct file *file,
4400  char __user *buffer,
4401  size_t len,
4402  loff_t *offset);
4403 
4404 static ssize_t proc_write( struct file *file,
4405  const char __user *buffer,
4406  size_t len,
4407  loff_t *offset );
4408 static int proc_close( struct inode *inode, struct file *file );
4409 
4410 static int proc_stats_open( struct inode *inode, struct file *file );
4411 static int proc_statsdelta_open( struct inode *inode, struct file *file );
4412 static int proc_status_open( struct inode *inode, struct file *file );
4413 static int proc_SSID_open( struct inode *inode, struct file *file );
4414 static int proc_APList_open( struct inode *inode, struct file *file );
4415 static int proc_BSSList_open( struct inode *inode, struct file *file );
4416 static int proc_config_open( struct inode *inode, struct file *file );
4417 static int proc_wepkey_open( struct inode *inode, struct file *file );
4418 
4419 static const struct file_operations proc_statsdelta_ops = {
4420  .owner = THIS_MODULE,
4421  .read = proc_read,
4422  .open = proc_statsdelta_open,
4423  .release = proc_close,
4424  .llseek = default_llseek,
4425 };
4426 
4427 static const struct file_operations proc_stats_ops = {
4428  .owner = THIS_MODULE,
4429  .read = proc_read,
4430  .open = proc_stats_open,
4431  .release = proc_close,
4432  .llseek = default_llseek,
4433 };
4434 
4435 static const struct file_operations proc_status_ops = {
4436  .owner = THIS_MODULE,
4437  .read = proc_read,
4438  .open = proc_status_open,
4439  .release = proc_close,
4440  .llseek = default_llseek,
4441 };
4442 
4443 static const struct file_operations proc_SSID_ops = {
4444  .owner = THIS_MODULE,
4445  .read = proc_read,
4446  .write = proc_write,
4447  .open = proc_SSID_open,
4448  .release = proc_close,
4449  .llseek = default_llseek,
4450 };
4451 
4452 static const struct file_operations proc_BSSList_ops = {
4453  .owner = THIS_MODULE,
4454  .read = proc_read,
4455  .write = proc_write,
4456  .open = proc_BSSList_open,
4457  .release = proc_close,
4458  .llseek = default_llseek,
4459 };
4460 
4461 static const struct file_operations proc_APList_ops = {
4462  .owner = THIS_MODULE,
4463  .read = proc_read,
4464  .write = proc_write,
4465  .open = proc_APList_open,
4466  .release = proc_close,
4467  .llseek = default_llseek,
4468 };
4469 
4470 static const struct file_operations proc_config_ops = {
4471  .owner = THIS_MODULE,
4472  .read = proc_read,
4473  .write = proc_write,
4474  .open = proc_config_open,
4475  .release = proc_close,
4476  .llseek = default_llseek,
4477 };
4478 
4479 static const struct file_operations proc_wepkey_ops = {
4480  .owner = THIS_MODULE,
4481  .read = proc_read,
4482  .write = proc_write,
4483  .open = proc_wepkey_open,
4484  .release = proc_close,
4485  .llseek = default_llseek,
4486 };
4487 
4488 static struct proc_dir_entry *airo_entry;
4489 
4490 struct proc_data {
4492  int readlen;
4493  char *rbuffer;
4496  char *wbuffer;
4497  void (*on_close) (struct inode *, struct file *);
4498 };
4499 
4500 static int setup_proc_entry( struct net_device *dev,
4501  struct airo_info *apriv ) {
4502  struct proc_dir_entry *entry;
4503 
4504  /* First setup the device directory */
4505  strcpy(apriv->proc_name,dev->name);
4506  apriv->proc_entry = proc_mkdir_mode(apriv->proc_name, airo_perm,
4507  airo_entry);
4508  if (!apriv->proc_entry)
4509  goto fail;
4510  apriv->proc_entry->uid = proc_kuid;
4511  apriv->proc_entry->gid = proc_kgid;
4512 
4513  /* Setup the StatsDelta */
4514  entry = proc_create_data("StatsDelta", S_IRUGO & proc_perm,
4515  apriv->proc_entry, &proc_statsdelta_ops, dev);
4516  if (!entry)
4517  goto fail_stats_delta;
4518  entry->uid = proc_kuid;
4519  entry->gid = proc_kgid;
4520 
4521  /* Setup the Stats */
4522  entry = proc_create_data("Stats", S_IRUGO & proc_perm,
4523  apriv->proc_entry, &proc_stats_ops, dev);
4524  if (!entry)
4525  goto fail_stats;
4526  entry->uid = proc_kuid;
4527  entry->gid = proc_kgid;
4528 
4529  /* Setup the Status */
4530  entry = proc_create_data("Status", S_IRUGO & proc_perm,
4531  apriv->proc_entry, &proc_status_ops, dev);
4532  if (!entry)
4533  goto fail_status;
4534  entry->uid = proc_kuid;
4535  entry->gid = proc_kgid;
4536 
4537  /* Setup the Config */
4538  entry = proc_create_data("Config", proc_perm,
4539  apriv->proc_entry, &proc_config_ops, dev);
4540  if (!entry)
4541  goto fail_config;
4542  entry->uid = proc_kuid;
4543  entry->gid = proc_kgid;
4544 
4545  /* Setup the SSID */
4546  entry = proc_create_data("SSID", proc_perm,
4547  apriv->proc_entry, &proc_SSID_ops, dev);
4548  if (!entry)
4549  goto fail_ssid;
4550  entry->uid = proc_kuid;
4551  entry->gid = proc_kgid;
4552 
4553  /* Setup the APList */
4554  entry = proc_create_data("APList", proc_perm,
4555  apriv->proc_entry, &proc_APList_ops, dev);
4556  if (!entry)
4557  goto fail_aplist;
4558  entry->uid = proc_kuid;
4559  entry->gid = proc_kgid;
4560 
4561  /* Setup the BSSList */
4562  entry = proc_create_data("BSSList", proc_perm,
4563  apriv->proc_entry, &proc_BSSList_ops, dev);
4564  if (!entry)
4565  goto fail_bsslist;
4566  entry->uid = proc_kuid;
4567  entry->gid = proc_kgid;
4568 
4569  /* Setup the WepKey */
4570  entry = proc_create_data("WepKey", proc_perm,
4571  apriv->proc_entry, &proc_wepkey_ops, dev);
4572  if (!entry)
4573  goto fail_wepkey;
4574  entry->uid = proc_kuid;
4575  entry->gid = proc_kgid;
4576 
4577  return 0;
4578 
4579 fail_wepkey:
4580  remove_proc_entry("BSSList", apriv->proc_entry);
4581 fail_bsslist:
4582  remove_proc_entry("APList", apriv->proc_entry);
4583 fail_aplist:
4584  remove_proc_entry("SSID", apriv->proc_entry);
4585 fail_ssid:
4586  remove_proc_entry("Config", apriv->proc_entry);
4587 fail_config:
4588  remove_proc_entry("Status", apriv->proc_entry);
4589 fail_status:
4590  remove_proc_entry("Stats", apriv->proc_entry);
4591 fail_stats:
4592  remove_proc_entry("StatsDelta", apriv->proc_entry);
4593 fail_stats_delta:
4594  remove_proc_entry(apriv->proc_name, airo_entry);
4595 fail:
4596  return -ENOMEM;
4597 }
4598 
4599 static int takedown_proc_entry( struct net_device *dev,
4600  struct airo_info *apriv ) {
4601  if ( !apriv->proc_entry->namelen ) return 0;
4602  remove_proc_entry("Stats",apriv->proc_entry);
4603  remove_proc_entry("StatsDelta",apriv->proc_entry);
4604  remove_proc_entry("Status",apriv->proc_entry);
4605  remove_proc_entry("Config",apriv->proc_entry);
4606  remove_proc_entry("SSID",apriv->proc_entry);
4607  remove_proc_entry("APList",apriv->proc_entry);
4608  remove_proc_entry("BSSList",apriv->proc_entry);
4609  remove_proc_entry("WepKey",apriv->proc_entry);
4610  remove_proc_entry(apriv->proc_name,airo_entry);
4611  return 0;
4612 }
4613 
4614 /*
4615  * What we want from the proc_fs is to be able to efficiently read
4616  * and write the configuration. To do this, we want to read the
4617  * configuration when the file is opened and write it when the file is
4618  * closed. So basically we allocate a read buffer at open and fill it
4619  * with data, and allocate a write buffer and read it at close.
4620  */
4621 
4622 /*
4623  * The read routine is generic, it relies on the preallocated rbuffer
4624  * to supply the data.
4625  */
4626 static ssize_t proc_read( struct file *file,
4627  char __user *buffer,
4628  size_t len,
4629  loff_t *offset )
4630 {
4631  struct proc_data *priv = file->private_data;
4632 
4633  if (!priv->rbuffer)
4634  return -EINVAL;
4635 
4636  return simple_read_from_buffer(buffer, len, offset, priv->rbuffer,
4637  priv->readlen);
4638 }
4639 
4640 /*
4641  * The write routine is generic, it fills in a preallocated rbuffer
4642  * to supply the data.
4643  */
4644 static ssize_t proc_write( struct file *file,
4645  const char __user *buffer,
4646  size_t len,
4647  loff_t *offset )
4648 {
4649  ssize_t ret;
4650  struct proc_data *priv = file->private_data;
4651 
4652  if (!priv->wbuffer)
4653  return -EINVAL;
4654 
4655  ret = simple_write_to_buffer(priv->wbuffer, priv->maxwritelen, offset,
4656  buffer, len);
4657  if (ret > 0)
4658  priv->writelen = max_t(int, priv->writelen, *offset);
4659 
4660  return ret;
4661 }
4662 
4663 static int proc_status_open(struct inode *inode, struct file *file)
4664 {
4665  struct proc_data *data;
4666  struct proc_dir_entry *dp = PDE(inode);
4667  struct net_device *dev = dp->data;
4668  struct airo_info *apriv = dev->ml_priv;
4669  CapabilityRid cap_rid;
4670  StatusRid status_rid;
4671  u16 mode;
4672  int i;
4673 
4674  if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
4675  return -ENOMEM;
4676  data = file->private_data;
4677  if ((data->rbuffer = kmalloc( 2048, GFP_KERNEL )) == NULL) {
4678  kfree (file->private_data);
4679  return -ENOMEM;
4680  }
4681 
4682  readStatusRid(apriv, &status_rid, 1);
4683  readCapabilityRid(apriv, &cap_rid, 1);
4684 
4685  mode = le16_to_cpu(status_rid.mode);
4686 
4687  i = sprintf(data->rbuffer, "Status: %s%s%s%s%s%s%s%s%s\n",
4688  mode & 1 ? "CFG ": "",
4689  mode & 2 ? "ACT ": "",
4690  mode & 0x10 ? "SYN ": "",
4691  mode & 0x20 ? "LNK ": "",
4692  mode & 0x40 ? "LEAP ": "",
4693  mode & 0x80 ? "PRIV ": "",
4694  mode & 0x100 ? "KEY ": "",
4695  mode & 0x200 ? "WEP ": "",
4696  mode & 0x8000 ? "ERR ": "");
4697  sprintf( data->rbuffer+i, "Mode: %x\n"
4698  "Signal Strength: %d\n"
4699  "Signal Quality: %d\n"
4700  "SSID: %-.*s\n"
4701  "AP: %-.16s\n"
4702  "Freq: %d\n"
4703  "BitRate: %dmbs\n"
4704  "Driver Version: %s\n"
4705  "Device: %s\nManufacturer: %s\nFirmware Version: %s\n"
4706  "Radio type: %x\nCountry: %x\nHardware Version: %x\n"
4707  "Software Version: %x\nSoftware Subversion: %x\n"
4708  "Boot block version: %x\n",
4709  le16_to_cpu(status_rid.mode),
4711  le16_to_cpu(status_rid.signalQuality),
4712  le16_to_cpu(status_rid.SSIDlen),
4713  status_rid.SSID,
4714  status_rid.apName,
4715  le16_to_cpu(status_rid.channel),
4716  le16_to_cpu(status_rid.currentXmitRate) / 2,
4717  version,
4718  cap_rid.prodName,
4719  cap_rid.manName,
4720  cap_rid.prodVer,
4721  le16_to_cpu(cap_rid.radioType),
4722  le16_to_cpu(cap_rid.country),
4723  le16_to_cpu(cap_rid.hardVer),
4724  le16_to_cpu(cap_rid.softVer),
4725  le16_to_cpu(cap_rid.softSubVer),
4726  le16_to_cpu(cap_rid.bootBlockVer));
4727  data->readlen = strlen( data->rbuffer );
4728  return 0;
4729 }
4730 
4731 static int proc_stats_rid_open(struct inode*, struct file*, u16);
4732 static int proc_statsdelta_open( struct inode *inode,
4733  struct file *file ) {
4734  if (file->f_mode&FMODE_WRITE) {
4735  return proc_stats_rid_open(inode, file, RID_STATSDELTACLEAR);
4736  }
4737  return proc_stats_rid_open(inode, file, RID_STATSDELTA);
4738 }
4739 
4740 static int proc_stats_open( struct inode *inode, struct file *file ) {
4741  return proc_stats_rid_open(inode, file, RID_STATS);
4742 }
4743 
4744 static int proc_stats_rid_open( struct inode *inode,
4745  struct file *file,
4746  u16 rid )
4747 {
4748  struct proc_data *data;
4749  struct proc_dir_entry *dp = PDE(inode);
4750  struct net_device *dev = dp->data;
4751  struct airo_info *apriv = dev->ml_priv;
4752  StatsRid stats;
4753  int i, j;
4754  __le32 *vals = stats.vals;
4755  int len;
4756 
4757  if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
4758  return -ENOMEM;
4759  data = file->private_data;
4760  if ((data->rbuffer = kmalloc( 4096, GFP_KERNEL )) == NULL) {
4761  kfree (file->private_data);
4762  return -ENOMEM;
4763  }
4764 
4765  readStatsRid(apriv, &stats, rid, 1);
4766  len = le16_to_cpu(stats.len);
4767 
4768  j = 0;
4769  for(i=0; statsLabels[i]!=(char *)-1 && i*4<len; i++) {
4770  if (!statsLabels[i]) continue;
4771  if (j+strlen(statsLabels[i])+16>4096) {
4772  airo_print_warn(apriv->