airo.c

Go to the documentation of this file.

/*======================================================================

    Aironet driver for 4500 and 4800 series cards

    This code is released under both the GPL version 2 and BSD licenses.
    Either license may be used.  The respective licenses are found at
    the end of this file.

    This code was developed by Benjamin Reed <[email protected]>
    including portions of which come from the Aironet PC4500
    Developer's Reference Manual and used with permission.  Copyright
    (C) 1999 Benjamin Reed.  All Rights Reserved.  Permission to use
    code in the Developer's manual was granted for this driver by
    Aironet.  Major code contributions were received from Javier Achirica
    <[email protected]> and Jean Tourrilhes <[email protected]>.
    Code was also integrated from the Cisco Aironet driver for Linux.
    Support for MPI350 cards was added by Fabrice Bellet
    <[email protected]>.

======================================================================*/

#include <linux/err.h>
#include <linux/init.h>

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/proc_fs.h>

#include <linux/sched.h>
#include <linux/ptrace.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/timer.h>
#include <linux/interrupt.h>
#include <linux/in.h>
#include <linux/bitops.h>
#include <linux/scatterlist.h>
#include <linux/crypto.h>
#include <asm/io.h>
#include <asm/unaligned.h>

#include <linux/netdevice.h>
#include <linux/etherdevice.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
#include <linux/ioport.h>
#include <linux/pci.h>
#include <asm/uaccess.h>
#include <linux/kthread.h>
#include <linux/freezer.h>

#include <linux/ieee80211.h>
#include <net/iw_handler.h>

#include "airo.h"

#define DRV_NAME "airo"

#ifdef CONFIG_PCI
static DEFINE_PCI_DEVICE_TABLE(card_ids) = {
    { 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, },
    { 0x14b9, 0x4500, PCI_ANY_ID, PCI_ANY_ID },
    { 0x14b9, 0x4800, PCI_ANY_ID, PCI_ANY_ID, },
    { 0x14b9, 0x0340, PCI_ANY_ID, PCI_ANY_ID, },
    { 0x14b9, 0x0350, PCI_ANY_ID, PCI_ANY_ID, },
    { 0x14b9, 0x5000, PCI_ANY_ID, PCI_ANY_ID, },
    { 0x14b9, 0xa504, PCI_ANY_ID, PCI_ANY_ID, },
    { 0, }
};
MODULE_DEVICE_TABLE(pci, card_ids);

static int airo_pci_probe(struct pci_dev *, const struct pci_device_id *);
static void airo_pci_remove(struct pci_dev *);
static int airo_pci_suspend(struct pci_dev *pdev, pm_message_t state);
static int airo_pci_resume(struct pci_dev *pdev);

static struct pci_driver airo_driver = {
    .name     = DRV_NAME,
    .id_table = card_ids,
    .probe    = airo_pci_probe,
    .remove   = __devexit_p(airo_pci_remove),
    .suspend  = airo_pci_suspend,
    .resume   = airo_pci_resume,
};
#endif /* CONFIG_PCI */

/* Include Wireless Extension definition and check version - Jean II */
#include <linux/wireless.h>
#define WIRELESS_SPY        /* enable iwspy support */

#define CISCO_EXT       /* enable Cisco extensions */
#ifdef CISCO_EXT
#include <linux/delay.h>
#endif

/* Hack to do some power saving */
#define POWER_ON_DOWN

/* As you can see this list is HUGH!
   I really don't know what a lot of these counts are about, but they
   are all here for completeness.  If the IGNLABEL macro is put in
   infront of the label, that statistic will not be included in the list
   of statistics in the /proc filesystem */

#define IGNLABEL(comment) NULL
static const char *statsLabels[] = {
    "RxOverrun",
    IGNLABEL("RxPlcpCrcErr"),
    IGNLABEL("RxPlcpFormatErr"),
    IGNLABEL("RxPlcpLengthErr"),
    "RxMacCrcErr",
    "RxMacCrcOk",
    "RxWepErr",
    "RxWepOk",
    "RetryLong",
    "RetryShort",
    "MaxRetries",
    "NoAck",
    "NoCts",
    "RxAck",
    "RxCts",
    "TxAck",
    "TxRts",
    "TxCts",
    "TxMc",
    "TxBc",
    "TxUcFrags",
    "TxUcPackets",
    "TxBeacon",
    "RxBeacon",
    "TxSinColl",
    "TxMulColl",
    "DefersNo",
    "DefersProt",
    "DefersEngy",
    "DupFram",
    "RxFragDisc",
    "TxAged",
    "RxAged",
    "LostSync-MaxRetry",
    "LostSync-MissedBeacons",
    "LostSync-ArlExceeded",
    "LostSync-Deauth",
    "LostSync-Disassoced",
    "LostSync-TsfTiming",
    "HostTxMc",
    "HostTxBc",
    "HostTxUc",
    "HostTxFail",
    "HostRxMc",
    "HostRxBc",
    "HostRxUc",
    "HostRxDiscard",
    IGNLABEL("HmacTxMc"),
    IGNLABEL("HmacTxBc"),
    IGNLABEL("HmacTxUc"),
    IGNLABEL("HmacTxFail"),
    IGNLABEL("HmacRxMc"),
    IGNLABEL("HmacRxBc"),
    IGNLABEL("HmacRxUc"),
    IGNLABEL("HmacRxDiscard"),
    IGNLABEL("HmacRxAccepted"),
    "SsidMismatch",
    "ApMismatch",
    "RatesMismatch",
    "AuthReject",
    "AuthTimeout",
    "AssocReject",
    "AssocTimeout",
    IGNLABEL("ReasonOutsideTable"),
    IGNLABEL("ReasonStatus1"),
    IGNLABEL("ReasonStatus2"),
    IGNLABEL("ReasonStatus3"),
    IGNLABEL("ReasonStatus4"),
    IGNLABEL("ReasonStatus5"),
    IGNLABEL("ReasonStatus6"),
    IGNLABEL("ReasonStatus7"),
    IGNLABEL("ReasonStatus8"),
    IGNLABEL("ReasonStatus9"),
    IGNLABEL("ReasonStatus10"),
    IGNLABEL("ReasonStatus11"),
    IGNLABEL("ReasonStatus12"),
    IGNLABEL("ReasonStatus13"),
    IGNLABEL("ReasonStatus14"),
    IGNLABEL("ReasonStatus15"),
    IGNLABEL("ReasonStatus16"),
    IGNLABEL("ReasonStatus17"),
    IGNLABEL("ReasonStatus18"),
    IGNLABEL("ReasonStatus19"),
    "RxMan",
    "TxMan",
    "RxRefresh",
    "TxRefresh",
    "RxPoll",
    "TxPoll",
    "HostRetries",
    "LostSync-HostReq",
    "HostTxBytes",
    "HostRxBytes",
    "ElapsedUsec",
    "ElapsedSec",
    "LostSyncBetterAP",
    "PrivacyMismatch",
    "Jammed",
    "DiscRxNotWepped",
    "PhyEleMismatch",
    (char*)-1 };
#ifndef RUN_AT
#define RUN_AT(x) (jiffies+(x))
#endif


/* These variables are for insmod, since it seems that the rates
   can only be set in setup_card.  Rates should be a comma separated
   (no spaces) list of rates (up to 8). */

static int rates[8];
static char *ssids[3];

static int io[4];
static int irq[4];

static
int maxencrypt /* = 0 */; /* The highest rate that the card can encrypt at.
               0 means no limit.  For old cards this was 4 */

static int auto_wep /* = 0 */; /* If set, it tries to figure out the wep mode */
static int aux_bap /* = 0 */; /* Checks to see if the aux ports are needed to read
            the bap, needed on some older cards and buses. */
static int adhoc;

static int probe = 1;

static kuid_t proc_kuid;
static int proc_uid /* = 0 */;

static kgid_t proc_kgid;
static int proc_gid /* = 0 */;

static int airo_perm = 0555;

static int proc_perm = 0644;

MODULE_AUTHOR("Benjamin Reed");
MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards.  "
           "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs.");
MODULE_LICENSE("Dual BSD/GPL");
MODULE_SUPPORTED_DEVICE("Aironet 4500, 4800 and Cisco 340/350");
module_param_array(io, int, NULL, 0);
module_param_array(irq, int, NULL, 0);
module_param_array(rates, int, NULL, 0);
module_param_array(ssids, charp, NULL, 0);
module_param(auto_wep, int, 0);
MODULE_PARM_DESC(auto_wep,
         "If non-zero, the driver will keep looping through the authentication options until an association is made.  "
         "The value of auto_wep is number of the wep keys to check.  "
         "A value of 2 will try using the key at index 0 and index 1.");
module_param(aux_bap, int, 0);
MODULE_PARM_DESC(aux_bap,
         "If non-zero, the driver will switch into a mode that seems to work better for older cards with some older buses.  "
         "Before switching it checks that the switch is needed.");
module_param(maxencrypt, int, 0);
MODULE_PARM_DESC(maxencrypt,
         "The maximum speed that the card can do encryption.  "
         "Units are in 512kbs.  "
         "Zero (default) means there is no limit.  "
         "Older cards used to be limited to 2mbs (4).");
module_param(adhoc, int, 0);
MODULE_PARM_DESC(adhoc, "If non-zero, the card will start in adhoc mode.");
module_param(probe, int, 0);
MODULE_PARM_DESC(probe, "If zero, the driver won't start the card.");

module_param(proc_uid, int, 0);
MODULE_PARM_DESC(proc_uid, "The uid that the /proc files will belong to.");
module_param(proc_gid, int, 0);
MODULE_PARM_DESC(proc_gid, "The gid that the /proc files will belong to.");
module_param(airo_perm, int, 0);
MODULE_PARM_DESC(airo_perm, "The permission bits of /proc/[driver/]aironet.");
module_param(proc_perm, int, 0);
MODULE_PARM_DESC(proc_perm, "The permission bits of the files in /proc");

/* This is a kind of sloppy hack to get this information to OUT4500 and
   IN4500.  I would be extremely interested in the situation where this
   doesn't work though!!! */
static int do8bitIO /* = 0 */;

/* Return codes */
#define SUCCESS 0
#define ERROR -1
#define NO_PACKET -2

/* Commands */
#define NOP2        0x0000
#define MAC_ENABLE  0x0001
#define MAC_DISABLE 0x0002
#define CMD_LOSE_SYNC   0x0003 /* Not sure what this does... */
#define CMD_SOFTRESET   0x0004
#define HOSTSLEEP   0x0005
#define CMD_MAGIC_PKT   0x0006
#define CMD_SETWAKEMASK 0x0007
#define CMD_READCFG 0x0008
#define CMD_SETMODE 0x0009
#define CMD_ALLOCATETX  0x000a
#define CMD_TRANSMIT    0x000b
#define CMD_DEALLOCATETX 0x000c
#define NOP     0x0010
#define CMD_WORKAROUND  0x0011
#define CMD_ALLOCATEAUX 0x0020
#define CMD_ACCESS  0x0021
#define CMD_PCIBAP  0x0022
#define CMD_PCIAUX  0x0023
#define CMD_ALLOCBUF    0x0028
#define CMD_GETTLV  0x0029
#define CMD_PUTTLV  0x002a
#define CMD_DELTLV  0x002b
#define CMD_FINDNEXTTLV 0x002c
#define CMD_PSPNODES    0x0030
#define CMD_SETCW   0x0031    
#define CMD_SETPCF  0x0032    
#define CMD_SETPHYREG   0x003e
#define CMD_TXTEST  0x003f
#define MAC_ENABLETX    0x0101
#define CMD_LISTBSS 0x0103
#define CMD_SAVECFG 0x0108
#define CMD_ENABLEAUX   0x0111
#define CMD_WRITERID    0x0121
#define CMD_USEPSPNODES 0x0130
#define MAC_ENABLERX    0x0201

/* Command errors */
#define ERROR_QUALIF 0x00
#define ERROR_ILLCMD 0x01
#define ERROR_ILLFMT 0x02
#define ERROR_INVFID 0x03
#define ERROR_INVRID 0x04
#define ERROR_LARGE 0x05
#define ERROR_NDISABL 0x06
#define ERROR_ALLOCBSY 0x07
#define ERROR_NORD 0x0B
#define ERROR_NOWR 0x0C
#define ERROR_INVFIDTX 0x0D
#define ERROR_TESTACT 0x0E
#define ERROR_TAGNFND 0x12
#define ERROR_DECODE 0x20
#define ERROR_DESCUNAV 0x21
#define ERROR_BADLEN 0x22
#define ERROR_MODE 0x80
#define ERROR_HOP 0x81
#define ERROR_BINTER 0x82
#define ERROR_RXMODE 0x83
#define ERROR_MACADDR 0x84
#define ERROR_RATES 0x85
#define ERROR_ORDER 0x86
#define ERROR_SCAN 0x87
#define ERROR_AUTH 0x88
#define ERROR_PSMODE 0x89
#define ERROR_RTYPE 0x8A
#define ERROR_DIVER 0x8B
#define ERROR_SSID 0x8C
#define ERROR_APLIST 0x8D
#define ERROR_AUTOWAKE 0x8E
#define ERROR_LEAP 0x8F

/* Registers */
#define COMMAND 0x00
#define PARAM0 0x02
#define PARAM1 0x04
#define PARAM2 0x06
#define STATUS 0x08
#define RESP0 0x0a
#define RESP1 0x0c
#define RESP2 0x0e
#define LINKSTAT 0x10
#define SELECT0 0x18
#define OFFSET0 0x1c
#define RXFID 0x20
#define TXALLOCFID 0x22
#define TXCOMPLFID 0x24
#define DATA0 0x36
#define EVSTAT 0x30
#define EVINTEN 0x32
#define EVACK 0x34
#define SWS0 0x28
#define SWS1 0x2a
#define SWS2 0x2c
#define SWS3 0x2e
#define AUXPAGE 0x3A
#define AUXOFF 0x3C
#define AUXDATA 0x3E

#define FID_TX 1
#define FID_RX 2
/* Offset into aux memory for descriptors */
#define AUX_OFFSET 0x800
/* Size of allocated packets */
#define PKTSIZE 1840
#define RIDSIZE 2048
/* Size of the transmit queue */
#define MAXTXQ 64

/* BAP selectors */
#define BAP0 0 /* Used for receiving packets */
#define BAP1 2 /* Used for xmiting packets and working with RIDS */

/* Flags */
#define COMMAND_BUSY 0x8000

#define BAP_BUSY 0x8000
#define BAP_ERR 0x4000
#define BAP_DONE 0x2000

#define PROMISC 0xffff
#define NOPROMISC 0x0000

#define EV_CMD 0x10
#define EV_CLEARCOMMANDBUSY 0x4000
#define EV_RX 0x01
#define EV_TX 0x02
#define EV_TXEXC 0x04
#define EV_ALLOC 0x08
#define EV_LINK 0x80
#define EV_AWAKE 0x100
#define EV_TXCPY 0x400
#define EV_UNKNOWN 0x800
#define EV_MIC 0x1000 /* Message Integrity Check Interrupt */
#define EV_AWAKEN 0x2000
#define STATUS_INTS (EV_AWAKE|EV_LINK|EV_TXEXC|EV_TX|EV_TXCPY|EV_RX|EV_MIC)

#ifdef CHECK_UNKNOWN_INTS
#define IGNORE_INTS ( EV_CMD | EV_UNKNOWN)
#else
#define IGNORE_INTS (~STATUS_INTS)
#endif

/* RID TYPES */
#define RID_RW 0x20

/* The RIDs */
#define RID_CAPABILITIES 0xFF00
#define RID_APINFO     0xFF01
#define RID_RADIOINFO  0xFF02
#define RID_UNKNOWN3   0xFF03
#define RID_RSSI       0xFF04
#define RID_CONFIG     0xFF10
#define RID_SSID       0xFF11
#define RID_APLIST     0xFF12
#define RID_DRVNAME    0xFF13
#define RID_ETHERENCAP 0xFF14
#define RID_WEP_TEMP   0xFF15
#define RID_WEP_PERM   0xFF16
#define RID_MODULATION 0xFF17
#define RID_OPTIONS    0xFF18
#define RID_ACTUALCONFIG 0xFF20 /*readonly*/
#define RID_FACTORYCONFIG 0xFF21
#define RID_UNKNOWN22  0xFF22
#define RID_LEAPUSERNAME 0xFF23
#define RID_LEAPPASSWORD 0xFF24
#define RID_STATUS     0xFF50
#define RID_BEACON_HST 0xFF51
#define RID_BUSY_HST   0xFF52
#define RID_RETRIES_HST 0xFF53
#define RID_UNKNOWN54  0xFF54
#define RID_UNKNOWN55  0xFF55
#define RID_UNKNOWN56  0xFF56
#define RID_MIC        0xFF57
#define RID_STATS16    0xFF60
#define RID_STATS16DELTA 0xFF61
#define RID_STATS16DELTACLEAR 0xFF62
#define RID_STATS      0xFF68
#define RID_STATSDELTA 0xFF69
#define RID_STATSDELTACLEAR 0xFF6A
#define RID_ECHOTEST_RID 0xFF70
#define RID_ECHOTEST_RESULTS 0xFF71
#define RID_BSSLISTFIRST 0xFF72
#define RID_BSSLISTNEXT  0xFF73
#define RID_WPA_BSSLISTFIRST 0xFF74
#define RID_WPA_BSSLISTNEXT  0xFF75

typedef struct {
    u16 cmd;
    u16 parm0;
    u16 parm1;
    u16 parm2;
} Cmd;

typedef struct {
    u16 status;
    u16 rsp0;
    u16 rsp1;
    u16 rsp2;
} Resp;

/*
 * Rids and endian-ness:  The Rids will always be in cpu endian, since
 * this all the patches from the big-endian guys end up doing that.
 * so all rid access should use the read/writeXXXRid routines.
 */

/* This structure came from an email sent to me from an engineer at
   aironet for inclusion into this driver */
typedef struct WepKeyRid WepKeyRid;
struct WepKeyRid {
    __le16 len;
    __le16 kindex;
    u8 mac[ETH_ALEN];
    __le16 klen;
    u8 key[16];
} __packed;

/* These structures are from the Aironet's PC4500 Developers Manual */
typedef struct Ssid Ssid;
struct Ssid {
    __le16 len;
    u8 ssid[32];
} __packed;

typedef struct SsidRid SsidRid;
struct SsidRid {
    __le16 len;
    Ssid ssids[3];
} __packed;

typedef struct ModulationRid ModulationRid;
struct ModulationRid {
        __le16 len;
        __le16 modulation;
#define MOD_DEFAULT cpu_to_le16(0)
#define MOD_CCK cpu_to_le16(1)
#define MOD_MOK cpu_to_le16(2)
} __packed;

typedef struct ConfigRid ConfigRid;
struct ConfigRid {
    __le16 len; /* sizeof(ConfigRid) */
    __le16 opmode; /* operating mode */
#define MODE_STA_IBSS cpu_to_le16(0)
#define MODE_STA_ESS cpu_to_le16(1)
#define MODE_AP cpu_to_le16(2)
#define MODE_AP_RPTR cpu_to_le16(3)
#define MODE_CFG_MASK cpu_to_le16(0xff)
#define MODE_ETHERNET_HOST cpu_to_le16(0<<8) /* rx payloads converted */
#define MODE_LLC_HOST cpu_to_le16(1<<8) /* rx payloads left as is */
#define MODE_AIRONET_EXTEND cpu_to_le16(1<<9) /* enable Aironet extenstions */
#define MODE_AP_INTERFACE cpu_to_le16(1<<10) /* enable ap interface extensions */
#define MODE_ANTENNA_ALIGN cpu_to_le16(1<<11) /* enable antenna alignment */
#define MODE_ETHER_LLC cpu_to_le16(1<<12) /* enable ethernet LLC */
#define MODE_LEAF_NODE cpu_to_le16(1<<13) /* enable leaf node bridge */
#define MODE_CF_POLLABLE cpu_to_le16(1<<14) /* enable CF pollable */
#define MODE_MIC cpu_to_le16(1<<15) /* enable MIC */
    __le16 rmode; /* receive mode */
#define RXMODE_BC_MC_ADDR cpu_to_le16(0)
#define RXMODE_BC_ADDR cpu_to_le16(1) /* ignore multicasts */
#define RXMODE_ADDR cpu_to_le16(2) /* ignore multicast and broadcast */
#define RXMODE_RFMON cpu_to_le16(3) /* wireless monitor mode */
#define RXMODE_RFMON_ANYBSS cpu_to_le16(4)
#define RXMODE_LANMON cpu_to_le16(5) /* lan style monitor -- data packets only */
#define RXMODE_MASK cpu_to_le16(255)
#define RXMODE_DISABLE_802_3_HEADER cpu_to_le16(1<<8) /* disables 802.3 header on rx */
#define RXMODE_FULL_MASK (RXMODE_MASK | RXMODE_DISABLE_802_3_HEADER)
#define RXMODE_NORMALIZED_RSSI cpu_to_le16(1<<9) /* return normalized RSSI */
    __le16 fragThresh;
    __le16 rtsThres;
    u8 macAddr[ETH_ALEN];
    u8 rates[8];
    __le16 shortRetryLimit;
    __le16 longRetryLimit;
    __le16 txLifetime; /* in kusec */
    __le16 rxLifetime; /* in kusec */
    __le16 stationary;
    __le16 ordering;
    __le16 u16deviceType; /* for overriding device type */
    __le16 cfpRate;
    __le16 cfpDuration;
    __le16 _reserved1[3];
    /*---------- Scanning/Associating ----------*/
    __le16 scanMode;
#define SCANMODE_ACTIVE cpu_to_le16(0)
#define SCANMODE_PASSIVE cpu_to_le16(1)
#define SCANMODE_AIROSCAN cpu_to_le16(2)
    __le16 probeDelay; /* in kusec */
    __le16 probeEnergyTimeout; /* in kusec */
        __le16 probeResponseTimeout;
    __le16 beaconListenTimeout;
    __le16 joinNetTimeout;
    __le16 authTimeout;
    __le16 authType;
#define AUTH_OPEN cpu_to_le16(0x1)
#define AUTH_ENCRYPT cpu_to_le16(0x101)
#define AUTH_SHAREDKEY cpu_to_le16(0x102)
#define AUTH_ALLOW_UNENCRYPTED cpu_to_le16(0x200)
    __le16 associationTimeout;
    __le16 specifiedApTimeout;
    __le16 offlineScanInterval;
    __le16 offlineScanDuration;
    __le16 linkLossDelay;
    __le16 maxBeaconLostTime;
    __le16 refreshInterval;
#define DISABLE_REFRESH cpu_to_le16(0xFFFF)
    __le16 _reserved1a[1];
    /*---------- Power save operation ----------*/
    __le16 powerSaveMode;
#define POWERSAVE_CAM cpu_to_le16(0)
#define POWERSAVE_PSP cpu_to_le16(1)
#define POWERSAVE_PSPCAM cpu_to_le16(2)
    __le16 sleepForDtims;
    __le16 listenInterval;
    __le16 fastListenInterval;
    __le16 listenDecay;
    __le16 fastListenDelay;
    __le16 _reserved2[2];
    /*---------- Ap/Ibss config items ----------*/
    __le16 beaconPeriod;
    __le16 atimDuration;
    __le16 hopPeriod;
    __le16 channelSet;
    __le16 channel;
    __le16 dtimPeriod;
    __le16 bridgeDistance;
    __le16 radioID;
    /*---------- Radio configuration ----------*/
    __le16 radioType;
#define RADIOTYPE_DEFAULT cpu_to_le16(0)
#define RADIOTYPE_802_11 cpu_to_le16(1)
#define RADIOTYPE_LEGACY cpu_to_le16(2)
    u8 rxDiversity;
    u8 txDiversity;
    __le16 txPower;
#define TXPOWER_DEFAULT 0
    __le16 rssiThreshold;
#define RSSI_DEFAULT 0
        __le16 modulation;
#define PREAMBLE_AUTO cpu_to_le16(0)
#define PREAMBLE_LONG cpu_to_le16(1)
#define PREAMBLE_SHORT cpu_to_le16(2)
    __le16 preamble;
    __le16 homeProduct;
    __le16 radioSpecific;
    /*---------- Aironet Extensions ----------*/
    u8 nodeName[16];
    __le16 arlThreshold;
    __le16 arlDecay;
    __le16 arlDelay;
    __le16 _reserved4[1];
    /*---------- Aironet Extensions ----------*/
    u8 magicAction;
#define MAGIC_ACTION_STSCHG 1
#define MAGIC_ACTION_RESUME 2
#define MAGIC_IGNORE_MCAST (1<<8)
#define MAGIC_IGNORE_BCAST (1<<9)
#define MAGIC_SWITCH_TO_PSP (0<<10)
#define MAGIC_STAY_IN_CAM (1<<10)
    u8 magicControl;
    __le16 autoWake;
} __packed;

typedef struct StatusRid StatusRid;
struct StatusRid {
    __le16 len;
    u8 mac[ETH_ALEN];
    __le16 mode;
    __le16 errorCode;
    __le16 sigQuality;
    __le16 SSIDlen;
    char SSID[32];
    char apName[16];
    u8 bssid[4][ETH_ALEN];
    __le16 beaconPeriod;
    __le16 dimPeriod;
    __le16 atimDuration;
    __le16 hopPeriod;
    __le16 channelSet;
    __le16 channel;
    __le16 hopsToBackbone;
    __le16 apTotalLoad;
    __le16 generatedLoad;
    __le16 accumulatedArl;
    __le16 signalQuality;
    __le16 currentXmitRate;
    __le16 apDevExtensions;
    __le16 normalizedSignalStrength;
    __le16 shortPreamble;
    u8 apIP[4];
    u8 noisePercent; /* Noise percent in last second */
    u8 noisedBm; /* Noise dBm in last second */
    u8 noiseAvePercent; /* Noise percent in last minute */
    u8 noiseAvedBm; /* Noise dBm in last minute */
    u8 noiseMaxPercent; /* Highest noise percent in last minute */
    u8 noiseMaxdBm; /* Highest noise dbm in last minute */
    __le16 load;
    u8 carrier[4];
    __le16 assocStatus;
#define STAT_NOPACKETS 0
#define STAT_NOCARRIERSET 10
#define STAT_GOTCARRIERSET 11
#define STAT_WRONGSSID 20
#define STAT_BADCHANNEL 25
#define STAT_BADBITRATES 30
#define STAT_BADPRIVACY 35
#define STAT_APFOUND 40
#define STAT_APREJECTED 50
#define STAT_AUTHENTICATING 60
#define STAT_DEAUTHENTICATED 61
#define STAT_AUTHTIMEOUT 62
#define STAT_ASSOCIATING 70
#define STAT_DEASSOCIATED 71
#define STAT_ASSOCTIMEOUT 72
#define STAT_NOTAIROAP 73
#define STAT_ASSOCIATED 80
#define STAT_LEAPING 90
#define STAT_LEAPFAILED 91
#define STAT_LEAPTIMEDOUT 92
#define STAT_LEAPCOMPLETE 93
} __packed;

typedef struct StatsRid StatsRid;
struct StatsRid {
    __le16 len;
    __le16 spacer;
    __le32 vals[100];
} __packed;

typedef struct APListRid APListRid;
struct APListRid {
    __le16 len;
    u8 ap[4][ETH_ALEN];
} __packed;

typedef struct CapabilityRid CapabilityRid;
struct CapabilityRid {
    __le16 len;
    char oui[3];
    char zero;
    __le16 prodNum;
    char manName[32];
    char prodName[16];
    char prodVer[8];
    char factoryAddr[ETH_ALEN];
    char aironetAddr[ETH_ALEN];
    __le16 radioType;
    __le16 country;
    char callid[ETH_ALEN];
    char supportedRates[8];
    char rxDiversity;
    char txDiversity;
    __le16 txPowerLevels[8];
    __le16 hardVer;
    __le16 hardCap;
    __le16 tempRange;
    __le16 softVer;
    __le16 softSubVer;
    __le16 interfaceVer;
    __le16 softCap;
    __le16 bootBlockVer;
    __le16 requiredHard;
    __le16 extSoftCap;
} __packed;

/* Only present on firmware >= 5.30.17 */
typedef struct BSSListRidExtra BSSListRidExtra;
struct BSSListRidExtra {
  __le16 unknown[4];
  u8 fixed[12]; /* WLAN management frame */
  u8 iep[624];
} __packed;

typedef struct BSSListRid BSSListRid;
struct BSSListRid {
  __le16 len;
  __le16 index; /* First is 0 and 0xffff means end of list */
#define RADIO_FH 1 /* Frequency hopping radio type */
#define RADIO_DS 2 /* Direct sequence radio type */
#define RADIO_TMA 4 /* Proprietary radio used in old cards (2500) */
  __le16 radioType;
  u8 bssid[ETH_ALEN]; /* Mac address of the BSS */
  u8 zero;
  u8 ssidLen;
  u8 ssid[32];
  __le16 dBm;
#define CAP_ESS cpu_to_le16(1<<0)
#define CAP_IBSS cpu_to_le16(1<<1)
#define CAP_PRIVACY cpu_to_le16(1<<4)
#define CAP_SHORTHDR cpu_to_le16(1<<5)
  __le16 cap;
  __le16 beaconInterval;
  u8 rates[8]; /* Same as rates for config rid */
  struct { /* For frequency hopping only */
    __le16 dwell;
    u8 hopSet;
    u8 hopPattern;
    u8 hopIndex;
    u8 fill;
  } fh;
  __le16 dsChannel;
  __le16 atimWindow;

  /* Only present on firmware >= 5.30.17 */
  BSSListRidExtra extra;
} __packed;

typedef struct {
  BSSListRid bss;
  struct list_head list;
} BSSListElement;

typedef struct tdsRssiEntry tdsRssiEntry;
struct tdsRssiEntry {
  u8 rssipct;
  u8 rssidBm;
} __packed;

typedef struct tdsRssiRid tdsRssiRid;
struct tdsRssiRid {
  u16 len;
  tdsRssiEntry x[256];
} __packed;

typedef struct MICRid MICRid;
struct MICRid {
    __le16 len;
    __le16 state;
    __le16 multicastValid;
    u8  multicast[16];
    __le16 unicastValid;
    u8  unicast[16];
} __packed;

typedef struct MICBuffer MICBuffer;
struct MICBuffer {
    __be16 typelen;

    union {
        u8 snap[8];
        struct {
        u8 dsap;
        u8 ssap;
        u8 control;
        u8 orgcode[3];
        u8 fieldtype[2];
        } llc;
    } u;
    __be32 mic;
    __be32 seq;
} __packed;

typedef struct {
    u8 da[ETH_ALEN];
    u8 sa[ETH_ALEN];
} etherHead;

#define TXCTL_TXOK (1<<1) /* report if tx is ok */
#define TXCTL_TXEX (1<<2) /* report if tx fails */
#define TXCTL_802_3 (0<<3) /* 802.3 packet */
#define TXCTL_802_11 (1<<3) /* 802.11 mac packet */
#define TXCTL_ETHERNET (0<<4) /* payload has ethertype */
#define TXCTL_LLC (1<<4) /* payload is llc */
#define TXCTL_RELEASE (0<<5) /* release after completion */
#define TXCTL_NORELEASE (1<<5) /* on completion returns to host */

#define BUSY_FID 0x10000

#ifdef CISCO_EXT
#define AIROMAGIC   0xa55a
/* Warning : SIOCDEVPRIVATE may disapear during 2.5.X - Jean II */
#ifdef SIOCIWFIRSTPRIV
#ifdef SIOCDEVPRIVATE
#define AIROOLDIOCTL    SIOCDEVPRIVATE
#define AIROOLDIDIFC    AIROOLDIOCTL + 1
#endif /* SIOCDEVPRIVATE */
#else /* SIOCIWFIRSTPRIV */
#define SIOCIWFIRSTPRIV SIOCDEVPRIVATE
#endif /* SIOCIWFIRSTPRIV */
/* This may be wrong. When using the new SIOCIWFIRSTPRIV range, we probably
 * should use only "GET" ioctls (last bit set to 1). "SET" ioctls are root
 * only and don't return the modified struct ifreq to the application which
 * is usually a problem. - Jean II */
#define AIROIOCTL   SIOCIWFIRSTPRIV
#define AIROIDIFC   AIROIOCTL + 1

/* Ioctl constants to be used in airo_ioctl.command */

#define AIROGCAP        0   // Capability rid
#define AIROGCFG        1       // USED A LOT
#define AIROGSLIST      2   // System ID list
#define AIROGVLIST      3       // List of specified AP's
#define AIROGDRVNAM     4   //  NOTUSED
#define AIROGEHTENC     5   // NOTUSED
#define AIROGWEPKTMP        6
#define AIROGWEPKNV     7
#define AIROGSTAT       8
#define AIROGSTATSC32       9
#define AIROGSTATSD32       10
#define AIROGMICRID     11
#define AIROGMICSTATS       12
#define AIROGFLAGS      13
#define AIROGID         14
#define AIRORRID        15
#define AIRORSWVERSION      17

/* Leave gap of 40 commands after AIROGSTATSD32 for future */

#define AIROPCAP                AIROGSTATSD32 + 40
#define AIROPVLIST              AIROPCAP      + 1
#define AIROPSLIST      AIROPVLIST    + 1
#define AIROPCFG        AIROPSLIST    + 1
#define AIROPSIDS       AIROPCFG      + 1
#define AIROPAPLIST     AIROPSIDS     + 1
#define AIROPMACON      AIROPAPLIST   + 1   /* Enable mac  */
#define AIROPMACOFF     AIROPMACON    + 1   /* Disable mac */
#define AIROPSTCLR      AIROPMACOFF   + 1
#define AIROPWEPKEY     AIROPSTCLR    + 1
#define AIROPWEPKEYNV       AIROPWEPKEY   + 1
#define AIROPLEAPPWD            AIROPWEPKEYNV + 1
#define AIROPLEAPUSR            AIROPLEAPPWD  + 1

/* Flash codes */

#define AIROFLSHRST        AIROPWEPKEYNV  + 40
#define AIROFLSHGCHR           AIROFLSHRST    + 1
#define AIROFLSHSTFL           AIROFLSHGCHR   + 1
#define AIROFLSHPCHR           AIROFLSHSTFL   + 1
#define AIROFLPUTBUF           AIROFLSHPCHR   + 1
#define AIRORESTART            AIROFLPUTBUF   + 1

#define FLASHSIZE   32768
#define AUXMEMSIZE  (256 * 1024)

typedef struct aironet_ioctl {
    unsigned short command;     // What to do
    unsigned short len;     // Len of data
    unsigned short ridnum;      // rid number
    unsigned char __user *data; // d-data
} aironet_ioctl;

static const char swversion[] = "2.1";
#endif /* CISCO_EXT */

#define NUM_MODULES       2
#define MIC_MSGLEN_MAX    2400
#define EMMH32_MSGLEN_MAX MIC_MSGLEN_MAX
#define AIRO_DEF_MTU      2312

typedef struct {
    u32   size;            // size
    u8    enabled;         // MIC enabled or not
    u32   rxSuccess;       // successful packets received
    u32   rxIncorrectMIC;  // pkts dropped due to incorrect MIC comparison
    u32   rxNotMICed;      // pkts dropped due to not being MIC'd
    u32   rxMICPlummed;    // pkts dropped due to not having a MIC plummed
    u32   rxWrongSequence; // pkts dropped due to sequence number violation
    u32   reserve[32];
} mic_statistics;

typedef struct {
    u32 coeff[((EMMH32_MSGLEN_MAX)+3)>>2];
    u64 accum;  // accumulated mic, reduced to u32 in final()
    int position;   // current position (byte offset) in message
    union {
        u8  d8[4];
        __be32 d32;
    } part; // saves partial message word across update() calls
} emmh32_context;

typedef struct {
    emmh32_context seed;        // Context - the seed
    u32      rx;        // Received sequence number
    u32      tx;        // Tx sequence number
    u32      window;    // Start of window
    u8       valid;     // Flag to say if context is valid or not
    u8       key[16];
} miccntx;

typedef struct {
    miccntx mCtx;       // Multicast context
    miccntx uCtx;       // Unicast context
} mic_module;

typedef struct {
    unsigned int  rid: 16;
    unsigned int  len: 15;
    unsigned int  valid: 1;
    dma_addr_t host_addr;
} Rid;

typedef struct {
    unsigned int  offset: 15;
    unsigned int  eoc: 1;
    unsigned int  len: 15;
    unsigned int  valid: 1;
    dma_addr_t host_addr;
} TxFid;

struct rx_hdr {
    __le16 status, len;
    u8 rssi[2];
    u8 rate;
    u8 freq;
    __le16 tmp[4];
} __packed;

typedef struct {
    unsigned int  ctl: 15;
    unsigned int  rdy: 1;
    unsigned int  len: 15;
    unsigned int  valid: 1;
    dma_addr_t host_addr;
} RxFid;

/*
 * Host receive descriptor
 */
typedef struct {
    unsigned char __iomem *card_ram_off; /* offset into card memory of the
                        desc */
    RxFid         rx_desc;           /* card receive descriptor */
    char          *virtual_host_addr;    /* virtual address of host receive
                            buffer */
    int           pending;
} HostRxDesc;

/*
 * Host transmit descriptor
 */
typedef struct {
    unsigned char __iomem *card_ram_off;         /* offset into card memory of the
                        desc */
    TxFid         tx_desc;           /* card transmit descriptor */
    char          *virtual_host_addr;    /* virtual address of host receive
                            buffer */
    int           pending;
} HostTxDesc;

/*
 * Host RID descriptor
 */
typedef struct {
    unsigned char __iomem *card_ram_off;      /* offset into card memory of the
                         descriptor */
    Rid           rid_desc;       /* card RID descriptor */
    char          *virtual_host_addr; /* virtual address of host receive
                         buffer */
} HostRidDesc;

typedef struct {
    u16 sw0;
    u16 sw1;
    u16 status;
    u16 len;
#define HOST_SET (1 << 0)
#define HOST_INT_TX (1 << 1) /* Interrupt on successful TX */
#define HOST_INT_TXERR (1 << 2) /* Interrupt on unseccessful TX */
#define HOST_LCC_PAYLOAD (1 << 4) /* LLC payload, 0 = Ethertype */
#define HOST_DONT_RLSE (1 << 5) /* Don't release buffer when done */
#define HOST_DONT_RETRY (1 << 6) /* Don't retry trasmit */
#define HOST_CLR_AID (1 << 7) /* clear AID failure */
#define HOST_RTS (1 << 9) /* Force RTS use */
#define HOST_SHORT (1 << 10) /* Do short preamble */
    u16 ctl;
    u16 aid;
    u16 retries;
    u16 fill;
} TxCtlHdr;

typedef struct {
        u16 ctl;
        u16 duration;
        char addr1[6];
        char addr2[6];
        char addr3[6];
        u16 seq;
        char addr4[6];
} WifiHdr;


typedef struct {
    TxCtlHdr ctlhdr;
    u16 fill1;
    u16 fill2;
    WifiHdr wifihdr;
    u16 gaplen;
    u16 status;
} WifiCtlHdr;

static WifiCtlHdr wifictlhdr8023 = {
    .ctlhdr = {
        .ctl    = HOST_DONT_RLSE,
    }
};

// A few details needed for WEP (Wireless Equivalent Privacy)
#define MAX_KEY_SIZE 13         // 128 (?) bits
#define MIN_KEY_SIZE  5         // 40 bits RC4 - WEP
typedef struct wep_key_t {
    u16 len;
    u8  key[16];    /* 40-bit and 104-bit keys */
} wep_key_t;

/* List of Wireless Handlers (new API) */
static const struct iw_handler_def  airo_handler_def;

static const char version[] = "airo.c 0.6 (Ben Reed & Javier Achirica)";

struct airo_info;

static int get_dec_u16( char *buffer, int *start, int limit );
static void OUT4500( struct airo_info *, u16 register, u16 value );
static unsigned short IN4500( struct airo_info *, u16 register );
static u16 setup_card(struct airo_info*, u8 *mac, int lock);
static int enable_MAC(struct airo_info *ai, int lock);
static void disable_MAC(struct airo_info *ai, int lock);
static void enable_interrupts(struct airo_info*);
static void disable_interrupts(struct airo_info*);
static u16 issuecommand(struct airo_info*, Cmd *pCmd, Resp *pRsp);
static int bap_setup(struct airo_info*, u16 rid, u16 offset, int whichbap);
static int aux_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
            int whichbap);
static int fast_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
             int whichbap);
static int bap_write(struct airo_info*, const __le16 *pu16Src, int bytelen,
             int whichbap);
static int PC4500_accessrid(struct airo_info*, u16 rid, u16 accmd);
static int PC4500_readrid(struct airo_info*, u16 rid, void *pBuf, int len, int lock);
static int PC4500_writerid(struct airo_info*, u16 rid, const void
               *pBuf, int len, int lock);
static int do_writerid( struct airo_info*, u16 rid, const void *rid_data,
            int len, int dummy );
static u16 transmit_allocate(struct airo_info*, int lenPayload, int raw);
static int transmit_802_3_packet(struct airo_info*, int len, char *pPacket);
static int transmit_802_11_packet(struct airo_info*, int len, char *pPacket);

static int mpi_send_packet (struct net_device *dev);
static void mpi_unmap_card(struct pci_dev *pci);
static void mpi_receive_802_3(struct airo_info *ai);
static void mpi_receive_802_11(struct airo_info *ai);
static int waitbusy (struct airo_info *ai);

static irqreturn_t airo_interrupt( int irq, void* dev_id);
static int airo_thread(void *data);
static void timer_func( struct net_device *dev );
static int airo_ioctl(struct net_device *dev, struct ifreq *rq, int cmd);
static struct iw_statistics *airo_get_wireless_stats (struct net_device *dev);
static void airo_read_wireless_stats (struct airo_info *local);
#ifdef CISCO_EXT
static int readrids(struct net_device *dev, aironet_ioctl *comp);
static int writerids(struct net_device *dev, aironet_ioctl *comp);
static int flashcard(struct net_device *dev, aironet_ioctl *comp);
#endif /* CISCO_EXT */
static void micinit(struct airo_info *ai);
static int micsetup(struct airo_info *ai);
static int encapsulate(struct airo_info *ai, etherHead *pPacket, MICBuffer *buffer, int len);
static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *pPacket, u16 payLen);

static u8 airo_rssi_to_dbm (tdsRssiEntry *rssi_rid, u8 rssi);
static u8 airo_dbm_to_pct (tdsRssiEntry *rssi_rid, u8 dbm);

static void airo_networks_free(struct airo_info *ai);

struct airo_info {
    struct net_device             *dev;
    struct list_head              dev_list;
    /* Note, we can have MAX_FIDS outstanding.  FIDs are 16-bits, so we
       use the high bit to mark whether it is in use. */
#define MAX_FIDS 6
#define MPI_MAX_FIDS 1
    u32                           fids[MAX_FIDS];
    ConfigRid config;
    char keyindex; // Used with auto wep
    char defindex; // Used with auto wep
    struct proc_dir_entry *proc_entry;
        spinlock_t aux_lock;
#define FLAG_RADIO_OFF  0   /* User disabling of MAC */
#define FLAG_RADIO_DOWN 1   /* ifup/ifdown disabling of MAC */
#define FLAG_RADIO_MASK 0x03
#define FLAG_ENABLED    2
#define FLAG_ADHOC  3   /* Needed by MIC */
#define FLAG_MIC_CAPABLE 4
#define FLAG_UPDATE_MULTI 5
#define FLAG_UPDATE_UNI 6
#define FLAG_802_11 7
#define FLAG_PROMISC    8   /* IFF_PROMISC 0x100 - include/linux/if.h */
#define FLAG_PENDING_XMIT 9
#define FLAG_PENDING_XMIT11 10
#define FLAG_MPI    11
#define FLAG_REGISTERED 12
#define FLAG_COMMIT 13
#define FLAG_RESET  14
#define FLAG_FLASHING   15
#define FLAG_WPA_CAPABLE    16
    unsigned long flags;
#define JOB_DIE 0
#define JOB_XMIT    1
#define JOB_XMIT11  2
#define JOB_STATS   3
#define JOB_PROMISC 4
#define JOB_MIC 5
#define JOB_EVENT   6
#define JOB_AUTOWEP 7
#define JOB_WSTATS  8
#define JOB_SCAN_RESULTS  9
    unsigned long jobs;
    int (*bap_read)(struct airo_info*, __le16 *pu16Dst, int bytelen,
            int whichbap);
    unsigned short *flash;
    tdsRssiEntry *rssi;
    struct task_struct *list_bss_task;
    struct task_struct *airo_thread_task;
    struct semaphore sem;
    wait_queue_head_t thr_wait;
    unsigned long expires;
    struct {
        struct sk_buff *skb;
        int fid;
    } xmit, xmit11;
    struct net_device *wifidev;
    struct iw_statistics    wstats;     // wireless stats
    unsigned long       scan_timeout;   /* Time scan should be read */
    struct iw_spy_data  spy_data;
    struct iw_public_data   wireless_data;
    /* MIC stuff */
    struct crypto_cipher    *tfm;
    mic_module      mod[2];
    mic_statistics      micstats;
    HostRxDesc rxfids[MPI_MAX_FIDS]; // rx/tx/config MPI350 descriptors
    HostTxDesc txfids[MPI_MAX_FIDS];
    HostRidDesc config_desc;
    unsigned long ridbus; // phys addr of config_desc
    struct sk_buff_head txq;// tx queue used by mpi350 code
    struct pci_dev          *pci;
    unsigned char       __iomem *pcimem;
    unsigned char       __iomem *pciaux;
    unsigned char       *shared;
    dma_addr_t      shared_dma;
    pm_message_t        power;
    SsidRid         *SSID;
    APListRid       *APList;
#define PCI_SHARED_LEN      2*MPI_MAX_FIDS*PKTSIZE+RIDSIZE
    char            proc_name[IFNAMSIZ];

    int         wep_capable;
    int         max_wep_idx;

    /* WPA-related stuff */
    unsigned int bssListFirst;
    unsigned int bssListNext;
    unsigned int bssListRidLen;

    struct list_head network_list;
    struct list_head network_free_list;
    BSSListElement *networks;
};

static inline int bap_read(struct airo_info *ai, __le16 *pu16Dst, int bytelen,
               int whichbap)
{
    return ai->bap_read(ai, pu16Dst, bytelen, whichbap);
}

static int setup_proc_entry( struct net_device *dev,
                 struct airo_info *apriv );
static int takedown_proc_entry( struct net_device *dev,
                struct airo_info *apriv );

static int cmdreset(struct airo_info *ai);
static int setflashmode (struct airo_info *ai);
static int flashgchar(struct airo_info *ai,int matchbyte,int dwelltime);
static int flashputbuf(struct airo_info *ai);
static int flashrestart(struct airo_info *ai,struct net_device *dev);

#define airo_print(type, name, fmt, args...) \
    printk(type DRV_NAME "(%s): " fmt "\n", name, ##args)

#define airo_print_info(name, fmt, args...) \
    airo_print(KERN_INFO, name, fmt, ##args)

#define airo_print_dbg(name, fmt, args...) \
    airo_print(KERN_DEBUG, name, fmt, ##args)

#define airo_print_warn(name, fmt, args...) \
    airo_print(KERN_WARNING, name, fmt, ##args)

#define airo_print_err(name, fmt, args...) \
    airo_print(KERN_ERR, name, fmt, ##args)

#define AIRO_FLASH(dev) (((struct airo_info *)dev->ml_priv)->flash)

/***********************************************************************
 *                              MIC ROUTINES                           *
 ***********************************************************************
 */

static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq);
static void MoveWindow(miccntx *context, u32 micSeq);
static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
               struct crypto_cipher *tfm);
static void emmh32_init(emmh32_context *context);
static void emmh32_update(emmh32_context *context, u8 *pOctets, int len);
static void emmh32_final(emmh32_context *context, u8 digest[4]);
static int flashpchar(struct airo_info *ai,int byte,int dwelltime);

static void age_mic_context(miccntx *cur, miccntx *old, u8 *key, int key_len,
                struct crypto_cipher *tfm)
{
    /* If the current MIC context is valid and its key is the same as
     * the MIC register, there's nothing to do.
     */
    if (cur->valid && (memcmp(cur->key, key, key_len) == 0))
        return;

    /* Age current mic Context */
    memcpy(old, cur, sizeof(*cur));

    /* Initialize new context */
    memcpy(cur->key, key, key_len);
    cur->window  = 33; /* Window always points to the middle */
    cur->rx      = 0;  /* Rx Sequence numbers */
    cur->tx      = 0;  /* Tx sequence numbers */
    cur->valid   = 1;  /* Key is now valid */

    /* Give key to mic seed */
    emmh32_setseed(&cur->seed, key, key_len, tfm);
}

/* micinit - Initialize mic seed */

static void micinit(struct airo_info *ai)
{
    MICRid mic_rid;

    clear_bit(JOB_MIC, &ai->jobs);
    PC4500_readrid(ai, RID_MIC, &mic_rid, sizeof(mic_rid), 0);
    up(&ai->sem);

    ai->micstats.enabled = (le16_to_cpu(mic_rid.state) & 0x00FF) ? 1 : 0;
    if (!ai->micstats.enabled) {
        /* So next time we have a valid key and mic is enabled, we will
         * update the sequence number if the key is the same as before.
         */
        ai->mod[0].uCtx.valid = 0;
        ai->mod[0].mCtx.valid = 0;
        return;
    }

    if (mic_rid.multicastValid) {
        age_mic_context(&ai->mod[0].mCtx, &ai->mod[1].mCtx,
                        mic_rid.multicast, sizeof(mic_rid.multicast),
                        ai->tfm);
    }

    if (mic_rid.unicastValid) {
        age_mic_context(&ai->mod[0].uCtx, &ai->mod[1].uCtx,
                mic_rid.unicast, sizeof(mic_rid.unicast),
                ai->tfm);
    }
}

/* micsetup - Get ready for business */

static int micsetup(struct airo_info *ai) {
    int i;

    if (ai->tfm == NULL)
            ai->tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);

        if (IS_ERR(ai->tfm)) {
                airo_print_err(ai->dev->name, "failed to load transform for AES");
                ai->tfm = NULL;
                return ERROR;
        }

    for (i=0; i < NUM_MODULES; i++) {
        memset(&ai->mod[i].mCtx,0,sizeof(miccntx));
        memset(&ai->mod[i].uCtx,0,sizeof(miccntx));
    }
    return SUCCESS;
}

static const u8 micsnap[] = {0xAA,0xAA,0x03,0x00,0x40,0x96,0x00,0x02};

/*===========================================================================
 * Description: Mic a packet
 *    
 *      Inputs: etherHead * pointer to an 802.3 frame
 *    
 *     Returns: BOOLEAN if successful, otherwise false.
 *             PacketTxLen will be updated with the mic'd packets size.
 *
 *    Caveats: It is assumed that the frame buffer will already
 *             be big enough to hold the largets mic message possible.
 *            (No memory allocation is done here).
 *  
 *    Author: sbraneky (10/15/01)
 *    Merciless hacks by rwilcher (1/14/02)
 */

static int encapsulate(struct airo_info *ai ,etherHead *frame, MICBuffer *mic, int payLen)
{
    miccntx   *context;

    // Determine correct context
    // If not adhoc, always use unicast key

    if (test_bit(FLAG_ADHOC, &ai->flags) && (frame->da[0] & 0x1))
        context = &ai->mod[0].mCtx;
    else
        context = &ai->mod[0].uCtx;
  
    if (!context->valid)
        return ERROR;

    mic->typelen = htons(payLen + 16); //Length of Mic'd packet

    memcpy(&mic->u.snap, micsnap, sizeof(micsnap)); // Add Snap

    // Add Tx sequence
    mic->seq = htonl(context->tx);
    context->tx += 2;

    emmh32_init(&context->seed); // Mic the packet
    emmh32_update(&context->seed,frame->da,ETH_ALEN * 2); // DA,SA
    emmh32_update(&context->seed,(u8*)&mic->typelen,10); // Type/Length and Snap
    emmh32_update(&context->seed,(u8*)&mic->seq,sizeof(mic->seq)); //SEQ
    emmh32_update(&context->seed,(u8*)(frame + 1),payLen); //payload
    emmh32_final(&context->seed, (u8*)&mic->mic);

    /*    New Type/length ?????????? */
    mic->typelen = 0; //Let NIC know it could be an oversized packet
    return SUCCESS;
}

typedef enum {
    NONE,
    NOMIC,
    NOMICPLUMMED,
    SEQUENCE,
    INCORRECTMIC,
} mic_error;

/*===========================================================================
 *  Description: Decapsulates a MIC'd packet and returns the 802.3 packet
 *               (removes the MIC stuff) if packet is a valid packet.
 *      
 *       Inputs: etherHead  pointer to the 802.3 packet             
 *     
 *      Returns: BOOLEAN - TRUE if packet should be dropped otherwise FALSE
 *     
 *      Author: sbraneky (10/15/01)
 *    Merciless hacks by rwilcher (1/14/02)
 *---------------------------------------------------------------------------
 */

static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *eth, u16 payLen)
{
    int      i;
    u32      micSEQ;
    miccntx  *context;
    u8       digest[4];
    mic_error micError = NONE;

    // Check if the packet is a Mic'd packet

    if (!ai->micstats.enabled) {
        //No Mic set or Mic OFF but we received a MIC'd packet.
        if (memcmp ((u8*)eth + 14, micsnap, sizeof(micsnap)) == 0) {
            ai->micstats.rxMICPlummed++;
            return ERROR;
        }
        return SUCCESS;
    }

    if (ntohs(mic->typelen) == 0x888E)
        return SUCCESS;

    if (memcmp (mic->u.snap, micsnap, sizeof(micsnap)) != 0) {
        // Mic enabled but packet isn't Mic'd
        ai->micstats.rxMICPlummed++;
            return ERROR;
    }

    micSEQ = ntohl(mic->seq);            //store SEQ as CPU order

    //At this point we a have a mic'd packet and mic is enabled
    //Now do the mic error checking.

    //Receive seq must be odd
    if ( (micSEQ & 1) == 0 ) {
        ai->micstats.rxWrongSequence++;
        return ERROR;
    }

    for (i = 0; i < NUM_MODULES; i++) {
        int mcast = eth->da[0] & 1;
        //Determine proper context 
        context = mcast ? &ai->mod[i].mCtx : &ai->mod[i].uCtx;
    
        //Make sure context is valid
        if (!context->valid) {
            if (i == 0)
                micError = NOMICPLUMMED;
            continue;                
        }
            //DeMic it 

        if (!mic->typelen)
            mic->typelen = htons(payLen + sizeof(MICBuffer) - 2);
    
        emmh32_init(&context->seed);
        emmh32_update(&context->seed, eth->da, ETH_ALEN*2); 
        emmh32_update(&context->seed, (u8 *)&mic->typelen, sizeof(mic->typelen)+sizeof(mic->u.snap)); 
        emmh32_update(&context->seed, (u8 *)&mic->seq,sizeof(mic->seq));    
        emmh32_update(&context->seed, (u8 *)(eth + 1),payLen);  
        //Calculate MIC
        emmh32_final(&context->seed, digest);
    
        if (memcmp(digest, &mic->mic, 4)) { //Make sure the mics match
          //Invalid Mic
            if (i == 0)
                micError = INCORRECTMIC;
            continue;
        }

        //Check Sequence number if mics pass
        if (RxSeqValid(ai, context, mcast, micSEQ) == SUCCESS) {
            ai->micstats.rxSuccess++;
            return SUCCESS;
        }
        if (i == 0)
            micError = SEQUENCE;
    }

    // Update statistics
    switch (micError) {
        case NOMICPLUMMED: ai->micstats.rxMICPlummed++;   break;
        case SEQUENCE:    ai->micstats.rxWrongSequence++; break;
        case INCORRECTMIC: ai->micstats.rxIncorrectMIC++; break;
        case NONE:  break;
        case NOMIC: break;
    }
    return ERROR;
}

/*===========================================================================
 * Description:  Checks the Rx Seq number to make sure it is valid
 *               and hasn't already been received
 *   
 *     Inputs: miccntx - mic context to check seq against
 *             micSeq  - the Mic seq number
 *   
 *    Returns: TRUE if valid otherwise FALSE. 
 *
 *    Author: sbraneky (10/15/01)
 *    Merciless hacks by rwilcher (1/14/02)
 *---------------------------------------------------------------------------
 */

static int RxSeqValid (struct airo_info *ai,miccntx *context,int mcast,u32 micSeq)
{
    u32 seq,index;

    //Allow for the ap being rebooted - if it is then use the next 
    //sequence number of the current sequence number - might go backwards

    if (mcast) {
        if (test_bit(FLAG_UPDATE_MULTI, &ai->flags)) {
            clear_bit (FLAG_UPDATE_MULTI, &ai->flags);
            context->window = (micSeq > 33) ? micSeq : 33;
            context->rx     = 0;        // Reset rx
        }
    } else if (test_bit(FLAG_UPDATE_UNI, &ai->flags)) {
        clear_bit (FLAG_UPDATE_UNI, &ai->flags);
        context->window = (micSeq > 33) ? micSeq : 33; // Move window
        context->rx     = 0;        // Reset rx
    }

    //Make sequence number relative to START of window
    seq = micSeq - (context->window - 33);

    //Too old of a SEQ number to check.
    if ((s32)seq < 0)
        return ERROR;
    
    if ( seq > 64 ) {
        //Window is infinite forward
        MoveWindow(context,micSeq);
        return SUCCESS;
    }

    // We are in the window. Now check the context rx bit to see if it was already sent
    seq >>= 1;         //divide by 2 because we only have odd numbers
    index = 1 << seq;  //Get an index number

    if (!(context->rx & index)) {
        //micSEQ falls inside the window.
        //Add seqence number to the list of received numbers.
        context->rx |= index;

        MoveWindow(context,micSeq);

        return SUCCESS;
    }
    return ERROR;
}

static void MoveWindow(miccntx *context, u32 micSeq)
{
    u32 shift;

    //Move window if seq greater than the middle of the window
    if (micSeq > context->window) {
        shift = (micSeq - context->window) >> 1;
    
            //Shift out old
        if (shift < 32)
            context->rx >>= shift;
        else
            context->rx = 0;

        context->window = micSeq;      //Move window
    }
}

/*==============================================*/
/*========== EMMH ROUTINES  ====================*/
/*==============================================*/

/* mic accumulate */
#define MIC_ACCUM(val)  \
    context->accum += (u64)(val) * context->coeff[coeff_position++];

static unsigned char aes_counter[16];

/* expand the key to fill the MMH coefficient array */
static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
               struct crypto_cipher *tfm)
{
  /* take the keying material, expand if necessary, truncate at 16-bytes */
  /* run through AES counter mode to generate context->coeff[] */
  
    int i,j;
    u32 counter;
    u8 *cipher, plain[16];

    crypto_cipher_setkey(tfm, pkey, 16);
    counter = 0;
    for (i = 0; i < ARRAY_SIZE(context->coeff); ) {
        aes_counter[15] = (u8)(counter >> 0);
        aes_counter[14] = (u8)(counter >> 8);
        aes_counter[13] = (u8)(counter >> 16);
        aes_counter[12] = (u8)(counter >> 24);
        counter++;
        memcpy (plain, aes_counter, 16);
        crypto_cipher_encrypt_one(tfm, plain, plain);
        cipher = plain;
        for (j = 0; (j < 16) && (i < ARRAY_SIZE(context->coeff)); ) {
            context->coeff[i++] = ntohl(*(__be32 *)&cipher[j]);
            j += 4;
        }
    }
}

/* prepare for calculation of a new mic */
static void emmh32_init(emmh32_context *context)
{
    /* prepare for new mic calculation */
    context->accum = 0;
    context->position = 0;
}

/* add some bytes to the mic calculation */
static void emmh32_update(emmh32_context *context, u8 *pOctets, int len)
{
    int coeff_position, byte_position;
  
    if (len == 0) return;
  
    coeff_position = context->position >> 2;
  
    /* deal with partial 32-bit word left over from last update */
    byte_position = context->position & 3;
    if (byte_position) {
        /* have a partial word in part to deal with */
        do {
            if (len == 0) return;
            context->part.d8[byte_position++] = *pOctets++;
            context->position++;
            len--;
        } while (byte_position < 4);
        MIC_ACCUM(ntohl(context->part.d32));
    }

    /* deal with full 32-bit words */
    while (len >= 4) {
        MIC_ACCUM(ntohl(*(__be32 *)pOctets));
        context->position += 4;
        pOctets += 4;
        len -= 4;
    }

    /* deal with partial 32-bit word that will be left over from this update */
    byte_position = 0;
    while (len > 0) {
        context->part.d8[byte_position++] = *pOctets++;
        context->position++;
        len--;
    }
}

/* mask used to zero empty bytes for final partial word */
static u32 mask32[4] = { 0x00000000L, 0xFF000000L, 0xFFFF0000L, 0xFFFFFF00L };

/* calculate the mic */
static void emmh32_final(emmh32_context *context, u8 digest[4])
{
    int coeff_position, byte_position;
    u32 val;
  
    u64 sum, utmp;
    s64 stmp;

    coeff_position = context->position >> 2;
  
    /* deal with partial 32-bit word left over from last update */
    byte_position = context->position & 3;
    if (byte_position) {
        /* have a partial word in part to deal with */
        val = ntohl(context->part.d32);
        MIC_ACCUM(val & mask32[byte_position]); /* zero empty bytes */
    }

    /* reduce the accumulated u64 to a 32-bit MIC */
    sum = context->accum;
    stmp = (sum  & 0xffffffffLL) - ((sum >> 32)  * 15);
    utmp = (stmp & 0xffffffffLL) - ((stmp >> 32) * 15);
    sum = utmp & 0xffffffffLL;
    if (utmp > 0x10000000fLL)
        sum -= 15;

    val = (u32)sum;
    digest[0] = (val>>24) & 0xFF;
    digest[1] = (val>>16) & 0xFF;
    digest[2] = (val>>8) & 0xFF;
    digest[3] = val & 0xFF;
}

static int readBSSListRid(struct airo_info *ai, int first,
              BSSListRid *list)
{
    Cmd cmd;
    Resp rsp;

    if (first == 1) {
        if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
        memset(&cmd, 0, sizeof(cmd));
        cmd.cmd=CMD_LISTBSS;
        if (down_interruptible(&ai->sem))
            return -ERESTARTSYS;
        ai->list_bss_task = current;
        issuecommand(ai, &cmd, &rsp);
        up(&ai->sem);
        /* Let the command take effect */
        schedule_timeout_uninterruptible(3 * HZ);
        ai->list_bss_task = NULL;
    }
    return PC4500_readrid(ai, first ? ai->bssListFirst : ai->bssListNext,
                list, ai->bssListRidLen, 1);
}

static int readWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int temp, int lock)
{
    return PC4500_readrid(ai, temp ? RID_WEP_TEMP : RID_WEP_PERM,
                wkr, sizeof(*wkr), lock);
}

static int writeWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int perm, int lock)
{
    int rc;
    rc = PC4500_writerid(ai, RID_WEP_TEMP, wkr, sizeof(*wkr), lock);
    if (rc!=SUCCESS)
        airo_print_err(ai->dev->name, "WEP_TEMP set %x", rc);
    if (perm) {
        rc = PC4500_writerid(ai, RID_WEP_PERM, wkr, sizeof(*wkr), lock);
        if (rc!=SUCCESS)
            airo_print_err(ai->dev->name, "WEP_PERM set %x", rc);
    }
    return rc;
}

static int readSsidRid(struct airo_info*ai, SsidRid *ssidr)
{
    return PC4500_readrid(ai, RID_SSID, ssidr, sizeof(*ssidr), 1);
}

static int writeSsidRid(struct airo_info*ai, SsidRid *pssidr, int lock)
{
    return PC4500_writerid(ai, RID_SSID, pssidr, sizeof(*pssidr), lock);
}

static int readConfigRid(struct airo_info *ai, int lock)
{
    int rc;
    ConfigRid cfg;

    if (ai->config.len)
        return SUCCESS;

    rc = PC4500_readrid(ai, RID_ACTUALCONFIG, &cfg, sizeof(cfg), lock);
    if (rc != SUCCESS)
        return rc;

    ai->config = cfg;
    return SUCCESS;
}

static inline void checkThrottle(struct airo_info *ai)
{
    int i;
/* Old hardware had a limit on encryption speed */
    if (ai->config.authType != AUTH_OPEN && maxencrypt) {
        for(i=0; i<8; i++) {
            if (ai->config.rates[i] > maxencrypt) {
                ai->config.rates[i] = 0;
            }
        }
    }
}

static int writeConfigRid(struct airo_info *ai, int lock)
{
    ConfigRid cfgr;

    if (!test_bit (FLAG_COMMIT, &ai->flags))
        return SUCCESS;

    clear_bit (FLAG_COMMIT, &ai->flags);
    clear_bit (FLAG_RESET, &ai->flags);
    checkThrottle(ai);
    cfgr = ai->config;

    if ((cfgr.opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
        set_bit(FLAG_ADHOC, &ai->flags);
    else
        clear_bit(FLAG_ADHOC, &ai->flags);

    return PC4500_writerid( ai, RID_CONFIG, &cfgr, sizeof(cfgr), lock);
}

static int readStatusRid(struct airo_info *ai, StatusRid *statr, int lock)
{
    return PC4500_readrid(ai, RID_STATUS, statr, sizeof(*statr), lock);
}

static int readAPListRid(struct airo_info *ai, APListRid *aplr)
{
    return PC4500_readrid(ai, RID_APLIST, aplr, sizeof(*aplr), 1);
}

static int writeAPListRid(struct airo_info *ai, APListRid *aplr, int lock)
{
    return PC4500_writerid(ai, RID_APLIST, aplr, sizeof(*aplr), lock);
}

static int readCapabilityRid(struct airo_info *ai, CapabilityRid *capr, int lock)
{
    return PC4500_readrid(ai, RID_CAPABILITIES, capr, sizeof(*capr), lock);
}

static int readStatsRid(struct airo_info*ai, StatsRid *sr, int rid, int lock)
{
    return PC4500_readrid(ai, rid, sr, sizeof(*sr), lock);
}

static void try_auto_wep(struct airo_info *ai)
{
    if (auto_wep && !test_bit(FLAG_RADIO_DOWN, &ai->flags)) {
        ai->expires = RUN_AT(3*HZ);
        wake_up_interruptible(&ai->thr_wait);
    }
}

static int airo_open(struct net_device *dev) {
    struct airo_info *ai = dev->ml_priv;
    int rc = 0;

    if (test_bit(FLAG_FLASHING, &ai->flags))
        return -EIO;

    /* Make sure the card is configured.
     * Wireless Extensions may postpone config changes until the card
     * is open (to pipeline changes and speed-up card setup). If
     * those changes are not yet committed, do it now - Jean II */
    if (test_bit(FLAG_COMMIT, &ai->flags)) {
        disable_MAC(ai, 1);
        writeConfigRid(ai, 1);
    }

    if (ai->wifidev != dev) {
        clear_bit(JOB_DIE, &ai->jobs);
        ai->airo_thread_task = kthread_run(airo_thread, dev, dev->name);
        if (IS_ERR(ai->airo_thread_task))
            return (int)PTR_ERR(ai->airo_thread_task);

        rc = request_irq(dev->irq, airo_interrupt, IRQF_SHARED,
            dev->name, dev);
        if (rc) {
            airo_print_err(dev->name,
                "register interrupt %d failed, rc %d",
                dev->irq, rc);
            set_bit(JOB_DIE, &ai->jobs);
            kthread_stop(ai->airo_thread_task);
            return rc;
        }

        /* Power on the MAC controller (which may have been disabled) */
        clear_bit(FLAG_RADIO_DOWN, &ai->flags);
        enable_interrupts(ai);

        try_auto_wep(ai);
    }
    enable_MAC(ai, 1);

    netif_start_queue(dev);
    return 0;
}

static netdev_tx_t mpi_start_xmit(struct sk_buff *skb,
                    struct net_device *dev)
{
    int npacks, pending;
    unsigned long flags;
    struct airo_info *ai = dev->ml_priv;

    if (!skb) {
        airo_print_err(dev->name, "%s: skb == NULL!",__func__);
        return NETDEV_TX_OK;
    }
    npacks = skb_queue_len (&ai->txq);

    if (npacks >= MAXTXQ - 1) {
        netif_stop_queue (dev);
        if (npacks > MAXTXQ) {
            dev->stats.tx_fifo_errors++;
            return NETDEV_TX_BUSY;
        }
        skb_queue_tail (&ai->txq, skb);
        return NETDEV_TX_OK;
    }

    spin_lock_irqsave(&ai->aux_lock, flags);
    skb_queue_tail (&ai->txq, skb);
    pending = test_bit(FLAG_PENDING_XMIT, &ai->flags);
    spin_unlock_irqrestore(&ai->aux_lock,flags);
    netif_wake_queue (dev);

    if (pending == 0) {
        set_bit(FLAG_PENDING_XMIT, &ai->flags);
        mpi_send_packet (dev);
    }
    return NETDEV_TX_OK;
}

/*
 * @mpi_send_packet
 *
 * Attempt to transmit a packet. Can be called from interrupt
 * or transmit . return number of packets we tried to send
 */

static int mpi_send_packet (struct net_device *dev)
{
    struct sk_buff *skb;
    unsigned char *buffer;
    s16 len;
    __le16 *payloadLen;
    struct airo_info *ai = dev->ml_priv;
    u8 *sendbuf;

    /* get a packet to send */

    if ((skb = skb_dequeue(&ai->txq)) == NULL) {
        airo_print_err(dev->name,
            "%s: Dequeue'd zero in send_packet()",
            __func__);
        return 0;
    }

    /* check min length*/
    len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
    buffer = skb->data;

    ai->txfids[0].tx_desc.offset = 0;
    ai->txfids[0].tx_desc.valid = 1;
    ai->txfids[0].tx_desc.eoc = 1;
    ai->txfids[0].tx_desc.len =len+sizeof(WifiHdr);

/*
 * Magic, the cards firmware needs a length count (2 bytes) in the host buffer
 * right after  TXFID_HDR.The TXFID_HDR contains the status short so payloadlen
 * is immediately after it. ------------------------------------------------
 *                         |TXFIDHDR+STATUS|PAYLOADLEN|802.3HDR|PACKETDATA|
 *                         ------------------------------------------------
 */

    memcpy(ai->txfids[0].virtual_host_addr,
        (char *)&wifictlhdr8023, sizeof(wifictlhdr8023));

    payloadLen = (__le16 *)(ai->txfids[0].virtual_host_addr +
        sizeof(wifictlhdr8023));
    sendbuf = ai->txfids[0].virtual_host_addr +
        sizeof(wifictlhdr8023) + 2 ;

    /*
     * Firmware automatically puts 802 header on so
     * we don't need to account for it in the length
     */
    if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
        (ntohs(((__be16 *)buffer)[6]) != 0x888E)) {
        MICBuffer pMic;

        if (encapsulate(ai, (etherHead *)buffer, &pMic, len - sizeof(etherHead)) != SUCCESS)
            return ERROR;

        *payloadLen = cpu_to_le16(len-sizeof(etherHead)+sizeof(pMic));
        ai->txfids[0].tx_desc.len += sizeof(pMic);
        /* copy data into airo dma buffer */
        memcpy (sendbuf, buffer, sizeof(etherHead));
        buffer += sizeof(etherHead);
        sendbuf += sizeof(etherHead);
        memcpy (sendbuf, &pMic, sizeof(pMic));
        sendbuf += sizeof(pMic);
        memcpy (sendbuf, buffer, len - sizeof(etherHead));
    } else {
        *payloadLen = cpu_to_le16(len - sizeof(etherHead));

        dev->trans_start = jiffies;

        /* copy data into airo dma buffer */
        memcpy(sendbuf, buffer, len);
    }

    memcpy_toio(ai->txfids[0].card_ram_off,
        &ai->txfids[0].tx_desc, sizeof(TxFid));

    OUT4500(ai, EVACK, 8);

    dev_kfree_skb_any(skb);
    return 1;
}

static void get_tx_error(struct airo_info *ai, s32 fid)
{
    __le16 status;

    if (fid < 0)
        status = ((WifiCtlHdr *)ai->txfids[0].virtual_host_addr)->ctlhdr.status;
    else {
        if (bap_setup(ai, ai->fids[fid] & 0xffff, 4, BAP0) != SUCCESS)
            return;
        bap_read(ai, &status, 2, BAP0);
    }
    if (le16_to_cpu(status) & 2) /* Too many retries */
        ai->dev->stats.tx_aborted_errors++;
    if (le16_to_cpu(status) & 4) /* Transmit lifetime exceeded */
        ai->dev->stats.tx_heartbeat_errors++;
    if (le16_to_cpu(status) & 8) /* Aid fail */
        { }
    if (le16_to_cpu(status) & 0x10) /* MAC disabled */
        ai->dev->stats.tx_carrier_errors++;
    if (le16_to_cpu(status) & 0x20) /* Association lost */
        { }
    /* We produce a TXDROP event only for retry or lifetime
     * exceeded, because that's the only status that really mean
     * that this particular node went away.
     * Other errors means that *we* screwed up. - Jean II */
    if ((le16_to_cpu(status) & 2) ||
         (le16_to_cpu(status) & 4)) {
        union iwreq_data    wrqu;
        char junk[0x18];

        /* Faster to skip over useless data than to do
         * another bap_setup(). We are at offset 0x6 and
         * need to go to 0x18 and read 6 bytes - Jean II */
        bap_read(ai, (__le16 *) junk, 0x18, BAP0);

        /* Copy 802.11 dest address.
         * We use the 802.11 header because the frame may
         * not be 802.3 or may be mangled...
         * In Ad-Hoc mode, it will be the node address.
         * In managed mode, it will be most likely the AP addr
         * User space will figure out how to convert it to
         * whatever it needs (IP address or else).
         * - Jean II */
        memcpy(wrqu.addr.sa_data, junk + 0x12, ETH_ALEN);
        wrqu.addr.sa_family = ARPHRD_ETHER;

        /* Send event to user space */
        wireless_send_event(ai->dev, IWEVTXDROP, &wrqu, NULL);
    }
}

static void airo_end_xmit(struct net_device *dev) {
    u16 status;
    int i;
    struct airo_info *priv = dev->ml_priv;
    struct sk_buff *skb = priv->xmit.skb;
    int fid = priv->xmit.fid;
    u32 *fids = priv->fids;

    clear_bit(JOB_XMIT, &priv->jobs);
    clear_bit(FLAG_PENDING_XMIT, &priv->flags);
    status = transmit_802_3_packet (priv, fids[fid], skb->data);
    up(&priv->sem);

    i = 0;
    if ( status == SUCCESS ) {
        dev->trans_start = jiffies;
        for (; i < MAX_FIDS / 2 && (priv->fids[i] & 0xffff0000); i++);
    } else {
        priv->fids[fid] &= 0xffff;
        dev->stats.tx_window_errors++;
    }
    if (i < MAX_FIDS / 2)
        netif_wake_queue(dev);
    dev_kfree_skb(skb);
}

static netdev_tx_t airo_start_xmit(struct sk_buff *skb,
                     struct net_device *dev)
{
    s16 len;
    int i, j;
    struct airo_info *priv = dev->ml_priv;
    u32 *fids = priv->fids;

    if ( skb == NULL ) {
        airo_print_err(dev->name, "%s: skb == NULL!", __func__);
        return NETDEV_TX_OK;
    }

    /* Find a vacant FID */
    for( i = 0; i < MAX_FIDS / 2 && (fids[i] & 0xffff0000); i++ );
    for( j = i + 1; j < MAX_FIDS / 2 && (fids[j] & 0xffff0000); j++ );

    if ( j >= MAX_FIDS / 2 ) {
        netif_stop_queue(dev);

        if (i == MAX_FIDS / 2) {
            dev->stats.tx_fifo_errors++;
            return NETDEV_TX_BUSY;
        }
    }
    /* check min length*/
    len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
        /* Mark fid as used & save length for later */
    fids[i] |= (len << 16);
    priv->xmit.skb = skb;
    priv->xmit.fid = i;
    if (down_trylock(&priv->sem) != 0) {
        set_bit(FLAG_PENDING_XMIT, &priv->flags);
        netif_stop_queue(dev);
        set_bit(JOB_XMIT, &priv->jobs);
        wake_up_interruptible(&priv->thr_wait);
    } else
        airo_end_xmit(dev);
    return NETDEV_TX_OK;
}

static void airo_end_xmit11(struct net_device *dev) {
    u16 status;
    int i;
    struct airo_info *priv = dev->ml_priv;
    struct sk_buff *skb = priv->xmit11.skb;
    int fid = priv->xmit11.fid;
    u32 *fids = priv->fids;

    clear_bit(JOB_XMIT11, &priv->jobs);
    clear_bit(FLAG_PENDING_XMIT11, &priv->flags);
    status = transmit_802_11_packet (priv, fids[fid], skb->data);
    up(&priv->sem);

    i = MAX_FIDS / 2;
    if ( status == SUCCESS ) {
        dev->trans_start = jiffies;
        for (; i < MAX_FIDS && (priv->fids[i] & 0xffff0000); i++);
    } else {
        priv->fids[fid] &= 0xffff;
        dev->stats.tx_window_errors++;
    }
    if (i < MAX_FIDS)
        netif_wake_queue(dev);
    dev_kfree_skb(skb);
}

static netdev_tx_t airo_start_xmit11(struct sk_buff *skb,
                       struct net_device *dev)
{
    s16 len;
    int i, j;
    struct airo_info *priv = dev->ml_priv;
    u32 *fids = priv->fids;

    if (test_bit(FLAG_MPI, &priv->flags)) {
        /* Not implemented yet for MPI350 */
        netif_stop_queue(dev);
        dev_kfree_skb_any(skb);
        return NETDEV_TX_OK;
    }

    if ( skb == NULL ) {
        airo_print_err(dev->name, "%s: skb == NULL!", __func__);
        return NETDEV_TX_OK;
    }

    /* Find a vacant FID */
    for( i = MAX_FIDS / 2; i < MAX_FIDS && (fids[i] & 0xffff0000); i++ );
    for( j = i + 1; j < MAX_FIDS && (fids[j] & 0xffff0000); j++ );

    if ( j >= MAX_FIDS ) {
        netif_stop_queue(dev);

        if (i == MAX_FIDS) {
            dev->stats.tx_fifo_errors++;
            return NETDEV_TX_BUSY;
        }
    }
    /* check min length*/
    len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
        /* Mark fid as used & save length for later */
    fids[i] |= (len << 16);
    priv->xmit11.skb = skb;
    priv->xmit11.fid = i;
    if (down_trylock(&priv->sem) != 0) {
        set_bit(FLAG_PENDING_XMIT11, &priv->flags);
        netif_stop_queue(dev);
        set_bit(JOB_XMIT11, &priv->jobs);
        wake_up_interruptible(&priv->thr_wait);
    } else
        airo_end_xmit11(dev);
    return NETDEV_TX_OK;
}

static void airo_read_stats(struct net_device *dev)
{
    struct airo_info *ai = dev->ml_priv;
    StatsRid stats_rid;
    __le32 *vals = stats_rid.vals;

    clear_bit(JOB_STATS, &ai->jobs);
    if (ai->power.event) {
        up(&ai->sem);
        return;
    }
    readStatsRid(ai, &stats_rid, RID_STATS, 0);
    up(&ai->sem);

    dev->stats.rx_packets = le32_to_cpu(vals[43]) + le32_to_cpu(vals[44]) +
                   le32_to_cpu(vals[45]);
    dev->stats.tx_packets = le32_to_cpu(vals[39]) + le32_to_cpu(vals[40]) +
                   le32_to_cpu(vals[41]);
    dev->stats.rx_bytes = le32_to_cpu(vals[92]);
    dev->stats.tx_bytes = le32_to_cpu(vals[91]);
    dev->stats.rx_errors = le32_to_cpu(vals[0]) + le32_to_cpu(vals[2]) +
                  le32_to_cpu(vals[3]) + le32_to_cpu(vals[4]);
    dev->stats.tx_errors = le32_to_cpu(vals[42]) +
                  dev->stats.tx_fifo_errors;
    dev->stats.multicast = le32_to_cpu(vals[43]);
    dev->stats.collisions = le32_to_cpu(vals[89]);

    /* detailed rx_errors: */
    dev->stats.rx_length_errors = le32_to_cpu(vals[3]);
    dev->stats.rx_crc_errors = le32_to_cpu(vals[4]);
    dev->stats.rx_frame_errors = le32_to_cpu(vals[2]);
    dev->stats.rx_fifo_errors = le32_to_cpu(vals[0]);
}

static struct net_device_stats *airo_get_stats(struct net_device *dev)
{
    struct airo_info *local =  dev->ml_priv;

    if (!test_bit(JOB_STATS, &local->jobs)) {
        /* Get stats out of the card if available */
        if (down_trylock(&local->sem) != 0) {
            set_bit(JOB_STATS, &local->jobs);
            wake_up_interruptible(&local->thr_wait);
        } else
            airo_read_stats(dev);
    }

    return &dev->stats;
}

static void airo_set_promisc(struct airo_info *ai) {
    Cmd cmd;
    Resp rsp;

    memset(&cmd, 0, sizeof(cmd));
    cmd.cmd=CMD_SETMODE;
    clear_bit(JOB_PROMISC, &ai->jobs);
    cmd.parm0=(ai->flags&IFF_PROMISC) ? PROMISC : NOPROMISC;
    issuecommand(ai, &cmd, &rsp);
    up(&ai->sem);
}

static void airo_set_multicast_list(struct net_device *dev) {
    struct airo_info *ai = dev->ml_priv;

    if ((dev->flags ^ ai->flags) & IFF_PROMISC) {
        change_bit(FLAG_PROMISC, &ai->flags);
        if (down_trylock(&ai->sem) != 0) {
            set_bit(JOB_PROMISC, &ai->jobs);
            wake_up_interruptible(&ai->thr_wait);
        } else
            airo_set_promisc(ai);
    }

    if ((dev->flags&IFF_ALLMULTI) || !netdev_mc_empty(dev)) {
        /* Turn on multicast.  (Should be already setup...) */
    }
}

static int airo_set_mac_address(struct net_device *dev, void *p)
{
    struct airo_info *ai = dev->ml_priv;
    struct sockaddr *addr = p;

    readConfigRid(ai, 1);
    memcpy (ai->config.macAddr, addr->sa_data, dev->addr_len);
    set_bit (FLAG_COMMIT, &ai->flags);
    disable_MAC(ai, 1);
    writeConfigRid (ai, 1);
    enable_MAC(ai, 1);
    memcpy (ai->dev->dev_addr, addr->sa_data, dev->addr_len);
    if (ai->wifidev)
        memcpy (ai->wifidev->dev_addr, addr->sa_data, dev->addr_len);
    return 0;
}

static int airo_change_mtu(struct net_device *dev, int new_mtu)
{
    if ((new_mtu < 68) || (new_mtu > 2400))
        return -EINVAL;
    dev->mtu = new_mtu;
    return 0;
}

static LIST_HEAD(airo_devices);

static void add_airo_dev(struct airo_info *ai)
{
    /* Upper layers already keep track of PCI devices,
     * so we only need to remember our non-PCI cards. */
    if (!ai->pci)
        list_add_tail(&ai->dev_list, &airo_devices);
}

static void del_airo_dev(struct airo_info *ai)
{
    if (!ai->pci)
        list_del(&ai->dev_list);
}

static int airo_close(struct net_device *dev) {
    struct airo_info *ai = dev->ml_priv;

    netif_stop_queue(dev);

    if (ai->wifidev != dev) {
#ifdef POWER_ON_DOWN
        /* Shut power to the card. The idea is that the user can save
         * power when he doesn't need the card with "ifconfig down".
         * That's the method that is most friendly towards the network
         * stack (i.e. the network stack won't try to broadcast
         * anything on the interface and routes are gone. Jean II */
        set_bit(FLAG_RADIO_DOWN, &ai->flags);
        disable_MAC(ai, 1);
#endif
        disable_interrupts( ai );

        free_irq(dev->irq, dev);

        set_bit(JOB_DIE, &ai->jobs);
        kthread_stop(ai->airo_thread_task);
    }
    return 0;
}

void stop_airo_card( struct net_device *dev, int freeres )
{
    struct airo_info *ai = dev->ml_priv;

    set_bit(FLAG_RADIO_DOWN, &ai->flags);
    disable_MAC(ai, 1);
    disable_interrupts(ai);
    takedown_proc_entry( dev, ai );
    if (test_bit(FLAG_REGISTERED, &ai->flags)) {
        unregister_netdev( dev );
        if (ai->wifidev) {
            unregister_netdev(ai->wifidev);
            free_netdev(ai->wifidev);
            ai->wifidev = NULL;
        }
        clear_bit(FLAG_REGISTERED, &ai->flags);
    }
    /*
     * Clean out tx queue
     */
    if (test_bit(FLAG_MPI, &ai->flags) && !skb_queue_empty(&ai->txq)) {
        struct sk_buff *skb = NULL;
        for (;(skb = skb_dequeue(&ai->txq));)
            dev_kfree_skb(skb);
    }

    airo_networks_free (ai);

    kfree(ai->flash);
    kfree(ai->rssi);
    kfree(ai->APList);
    kfree(ai->SSID);
    if (freeres) {
        /* PCMCIA frees this stuff, so only for PCI and ISA */
            release_region( dev->base_addr, 64 );
        if (test_bit(FLAG_MPI, &ai->flags)) {
            if (ai->pci)
                mpi_unmap_card(ai->pci);
            if (ai->pcimem)
                iounmap(ai->pcimem);
            if (ai->pciaux)
                iounmap(ai->pciaux);
            pci_free_consistent(ai->pci, PCI_SHARED_LEN,
                ai->shared, ai->shared_dma);
        }
        }
    crypto_free_cipher(ai->tfm);
    del_airo_dev(ai);
    free_netdev( dev );
}

EXPORT_SYMBOL(stop_airo_card);

static int wll_header_parse(const struct sk_buff *skb, unsigned char *haddr)
{
    memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN);
    return ETH_ALEN;
}

static void mpi_unmap_card(struct pci_dev *pci)
{
    unsigned long mem_start = pci_resource_start(pci, 1);
    unsigned long mem_len = pci_resource_len(pci, 1);
    unsigned long aux_start = pci_resource_start(pci, 2);
    unsigned long aux_len = AUXMEMSIZE;

    release_mem_region(aux_start, aux_len);
    release_mem_region(mem_start, mem_len);
}

/*************************************************************
 *  This routine assumes that descriptors have been setup .
 *  Run at insmod time or after reset  when the decriptors
 *  have been initialized . Returns 0 if all is well nz
 *  otherwise . Does not allocate memory but sets up card
 *  using previously allocated descriptors.
 */
static int mpi_init_descriptors (struct airo_info *ai)
{
    Cmd cmd;
    Resp rsp;
    int i;
    int rc = SUCCESS;

    /* Alloc  card RX descriptors */
    netif_stop_queue(ai->dev);

    memset(&rsp,0,sizeof(rsp));
    memset(&cmd,0,sizeof(cmd));

    cmd.cmd = CMD_ALLOCATEAUX;
    cmd.parm0 = FID_RX;
    cmd.parm1 = (ai->rxfids[0].card_ram_off - ai->pciaux);
    cmd.parm2 = MPI_MAX_FIDS;
    rc=issuecommand(ai, &cmd, &rsp);
    if (rc != SUCCESS) {
        airo_print_err(ai->dev->name, "Couldn't allocate RX FID");
        return rc;
    }

    for (i=0; i<MPI_MAX_FIDS; i++) {
        memcpy_toio(ai->rxfids[i].card_ram_off,
            &ai->rxfids[i].rx_desc, sizeof(RxFid));
    }

    /* Alloc card TX descriptors */

    memset(&rsp,0,sizeof(rsp));
    memset(&cmd,0,sizeof(cmd));

    cmd.cmd = CMD_ALLOCATEAUX;
    cmd.parm0 = FID_TX;
    cmd.parm1 = (ai->txfids[0].card_ram_off - ai->pciaux);
    cmd.parm2 = MPI_MAX_FIDS;

    for (i=0; i<MPI_MAX_FIDS; i++) {
        ai->txfids[i].tx_desc.valid = 1;
        memcpy_toio(ai->txfids[i].card_ram_off,
            &ai->txfids[i].tx_desc, sizeof(TxFid));
    }
    ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */

    rc=issuecommand(ai, &cmd, &rsp);
    if (rc != SUCCESS) {
        airo_print_err(ai->dev->name, "Couldn't allocate TX FID");
        return rc;
    }

    /* Alloc card Rid descriptor */
    memset(&rsp,0,sizeof(rsp));
    memset(&cmd,0,sizeof(cmd));

    cmd.cmd = CMD_ALLOCATEAUX;
    cmd.parm0 = RID_RW;
    cmd.parm1 = (ai->config_desc.card_ram_off - ai->pciaux);
    cmd.parm2 = 1; /* Magic number... */
    rc=issuecommand(ai, &cmd, &rsp);
    if (rc != SUCCESS) {
        airo_print_err(ai->dev->name, "Couldn't allocate RID");
        return rc;
    }

    memcpy_toio(ai->config_desc.card_ram_off,
        &ai->config_desc.rid_desc, sizeof(Rid));

    return rc;
}

/*
 * We are setting up three things here:
 * 1) Map AUX memory for descriptors: Rid, TxFid, or RxFid.
 * 2) Map PCI memory for issuing commands.
 * 3) Allocate memory (shared) to send and receive ethernet frames.
 */
static int mpi_map_card(struct airo_info *ai, struct pci_dev *pci)
{
    unsigned long mem_start, mem_len, aux_start, aux_len;
    int rc = -1;
    int i;
    dma_addr_t busaddroff;
    unsigned char *vpackoff;
    unsigned char __iomem *pciaddroff;

    mem_start = pci_resource_start(pci, 1);
    mem_len = pci_resource_len(pci, 1);
    aux_start = pci_resource_start(pci, 2);
    aux_len = AUXMEMSIZE;

    if (!request_mem_region(mem_start, mem_len, DRV_NAME)) {
        airo_print_err("", "Couldn't get region %x[%x]",
            (int)mem_start, (int)mem_len);
        goto out;
    }
    if (!request_mem_region(aux_start, aux_len, DRV_NAME)) {
        airo_print_err("", "Couldn't get region %x[%x]",
            (int)aux_start, (int)aux_len);
        goto free_region1;
    }

    ai->pcimem = ioremap(mem_start, mem_len);
    if (!ai->pcimem) {
        airo_print_err("", "Couldn't map region %x[%x]",
            (int)mem_start, (int)mem_len);
        goto free_region2;
    }
    ai->pciaux = ioremap(aux_start, aux_len);
    if (!ai->pciaux) {
        airo_print_err("", "Couldn't map region %x[%x]",
            (int)aux_start, (int)aux_len);
        goto free_memmap;
    }

    /* Reserve PKTSIZE for each fid and 2K for the Rids */
    ai->shared = pci_alloc_consistent(pci, PCI_SHARED_LEN, &ai->shared_dma);
    if (!ai->shared) {
        airo_print_err("", "Couldn't alloc_consistent %d",
            PCI_SHARED_LEN);
        goto free_auxmap;
    }

    /*
     * Setup descriptor RX, TX, CONFIG
     */
    busaddroff = ai->shared_dma;
    pciaddroff = ai->pciaux + AUX_OFFSET;
    vpackoff   = ai->shared;

    /* RX descriptor setup */
    for(i = 0; i < MPI_MAX_FIDS; i++) {
        ai->rxfids[i].pending = 0;
        ai->rxfids[i].card_ram_off = pciaddroff;
        ai->rxfids[i].virtual_host_addr = vpackoff;
        ai->rxfids[i].rx_desc.host_addr = busaddroff;
        ai->rxfids[i].rx_desc.valid = 1;
        ai->rxfids[i].rx_desc.len = PKTSIZE;
        ai->rxfids[i].rx_desc.rdy = 0;

        pciaddroff += sizeof(RxFid);
        busaddroff += PKTSIZE;
        vpackoff   += PKTSIZE;
    }

    /* TX descriptor setup */
    for(i = 0; i < MPI_MAX_FIDS; i++) {
        ai->txfids[i].card_ram_off = pciaddroff;
        ai->txfids[i].virtual_host_addr = vpackoff;
        ai->txfids[i].tx_desc.valid = 1;
        ai->txfids[i].tx_desc.host_addr = busaddroff;
        memcpy(ai->txfids[i].virtual_host_addr,
            &wifictlhdr8023, sizeof(wifictlhdr8023));

        pciaddroff += sizeof(TxFid);
        busaddroff += PKTSIZE;
        vpackoff   += PKTSIZE;
    }
    ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */

    /* Rid descriptor setup */
    ai->config_desc.card_ram_off = pciaddroff;
    ai->config_desc.virtual_host_addr = vpackoff;
    ai->config_desc.rid_desc.host_addr = busaddroff;
    ai->ridbus = busaddroff;
    ai->config_desc.rid_desc.rid = 0;
    ai->config_desc.rid_desc.len = RIDSIZE;
    ai->config_desc.rid_desc.valid = 1;
    pciaddroff += sizeof(Rid);
    busaddroff += RIDSIZE;
    vpackoff   += RIDSIZE;

    /* Tell card about descriptors */
    if (mpi_init_descriptors (ai) != SUCCESS)
        goto free_shared;

    return 0;
 free_shared:
    pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
 free_auxmap:
    iounmap(ai->pciaux);
 free_memmap:
    iounmap(ai->pcimem);
 free_region2:
    release_mem_region(aux_start, aux_len);
 free_region1:
    release_mem_region(mem_start, mem_len);
 out:
    return rc;
}

static const struct header_ops airo_header_ops = {
    .parse = wll_header_parse,
};

static const struct net_device_ops airo11_netdev_ops = {
    .ndo_open       = airo_open,
    .ndo_stop       = airo_close,
    .ndo_start_xmit     = airo_start_xmit11,
    .ndo_get_stats      = airo_get_stats,
    .ndo_set_mac_address    = airo_set_mac_address,
    .ndo_do_ioctl       = airo_ioctl,
    .ndo_change_mtu     = airo_change_mtu,
};

static void wifi_setup(struct net_device *dev)
{
    dev->netdev_ops = &airo11_netdev_ops;
    dev->header_ops = &airo_header_ops;
    dev->wireless_handlers = &airo_handler_def;

    dev->type               = ARPHRD_IEEE80211;
    dev->hard_header_len    = ETH_HLEN;
    dev->mtu                = AIRO_DEF_MTU;
    dev->addr_len           = ETH_ALEN;
    dev->tx_queue_len       = 100; 

    memset(dev->broadcast,0xFF, ETH_ALEN);

    dev->flags              = IFF_BROADCAST|IFF_MULTICAST;
}

static struct net_device *init_wifidev(struct airo_info *ai,
                    struct net_device *ethdev)
{
    int err;
    struct net_device *dev = alloc_netdev(0, "wifi%d", wifi_setup);
    if (!dev)
        return NULL;
    dev->ml_priv = ethdev->ml_priv;
    dev->irq = ethdev->irq;
    dev->base_addr = ethdev->base_addr;
    dev->wireless_data = ethdev->wireless_data;
    SET_NETDEV_DEV(dev, ethdev->dev.parent);
    memcpy(dev->dev_addr, ethdev->dev_addr, dev->addr_len);
    err = register_netdev(dev);
    if (err<0) {
        free_netdev(dev);
        return NULL;
    }
    return dev;
}

static int reset_card( struct net_device *dev , int lock) {
    struct airo_info *ai = dev->ml_priv;

    if (lock && down_interruptible(&ai->sem))
        return -1;
    waitbusy (ai);
    OUT4500(ai,COMMAND,CMD_SOFTRESET);
    msleep(200);
    waitbusy (ai);
    msleep(200);
    if (lock)
        up(&ai->sem);
    return 0;
}

#define AIRO_MAX_NETWORK_COUNT  64
static int airo_networks_allocate(struct airo_info *ai)
{
    if (ai->networks)
        return 0;

    ai->networks = kcalloc(AIRO_MAX_NETWORK_COUNT, sizeof(BSSListElement),
                   GFP_KERNEL);
    if (!ai->networks) {
        airo_print_warn("", "Out of memory allocating beacons");
        return -ENOMEM;
    }

    return 0;
}

static void airo_networks_free(struct airo_info *ai)
{
    kfree(ai->networks);
    ai->networks = NULL;
}

static void airo_networks_initialize(struct airo_info *ai)
{
    int i;

    INIT_LIST_HEAD(&ai->network_free_list);
    INIT_LIST_HEAD(&ai->network_list);
    for (i = 0; i < AIRO_MAX_NETWORK_COUNT; i++)
        list_add_tail(&ai->networks[i].list,
                  &ai->network_free_list);
}

static const struct net_device_ops airo_netdev_ops = {
    .ndo_open       = airo_open,
    .ndo_stop       = airo_close,
    .ndo_start_xmit     = airo_start_xmit,
    .ndo_get_stats      = airo_get_stats,
    .ndo_set_rx_mode    = airo_set_multicast_list,
    .ndo_set_mac_address    = airo_set_mac_address,
    .ndo_do_ioctl       = airo_ioctl,
    .ndo_change_mtu     = airo_change_mtu,
    .ndo_validate_addr  = eth_validate_addr,
};

static const struct net_device_ops mpi_netdev_ops = {
    .ndo_open       = airo_open,
    .ndo_stop       = airo_close,
    .ndo_start_xmit     = mpi_start_xmit,
    .ndo_get_stats      = airo_get_stats,
    .ndo_set_rx_mode    = airo_set_multicast_list,
    .ndo_set_mac_address    = airo_set_mac_address,
    .ndo_do_ioctl       = airo_ioctl,
    .ndo_change_mtu     = airo_change_mtu,
    .ndo_validate_addr  = eth_validate_addr,
};


static struct net_device *_init_airo_card( unsigned short irq, int port,
                       int is_pcmcia, struct pci_dev *pci,
                       struct device *dmdev )
{
    struct net_device *dev;
    struct airo_info *ai;
    int i, rc;
    CapabilityRid cap_rid;

    /* Create the network device object. */
    dev = alloc_netdev(sizeof(*ai), "", ether_setup);
    if (!dev) {
        airo_print_err("", "Couldn't alloc_etherdev");
        return NULL;
    }

    ai = dev->ml_priv = netdev_priv(dev);
    ai->wifidev = NULL;
    ai->flags = 1 << FLAG_RADIO_DOWN;
    ai->jobs = 0;
    ai->dev = dev;
    if (pci && (pci->device == 0x5000 || pci->device == 0xa504)) {
        airo_print_dbg("", "Found an MPI350 card");
        set_bit(FLAG_MPI, &ai->flags);
    }
    spin_lock_init(&ai->aux_lock);
    sema_init(&ai->sem, 1);
    ai->config.len = 0;
    ai->pci = pci;
    init_waitqueue_head (&ai->thr_wait);
    ai->tfm = NULL;
    add_airo_dev(ai);

    if (airo_networks_allocate (ai))
        goto err_out_free;
    airo_networks_initialize (ai);

    skb_queue_head_init (&ai->txq);

    /* The Airo-specific entries in the device structure. */
    if (test_bit(FLAG_MPI,&ai->flags))
        dev->netdev_ops = &mpi_netdev_ops;
    else
        dev->netdev_ops = &airo_netdev_ops;
    dev->wireless_handlers = &airo_handler_def;
    ai->wireless_data.spy_data = &ai->spy_data;
    dev->wireless_data = &ai->wireless_data;
    dev->irq = irq;
    dev->base_addr = port;
    dev->priv_flags &= ~IFF_TX_SKB_SHARING;

    SET_NETDEV_DEV(dev, dmdev);

    reset_card (dev, 1);
    msleep(400);

    if (!is_pcmcia) {
        if (!request_region(dev->base_addr, 64, DRV_NAME)) {
            rc = -EBUSY;
            airo_print_err(dev->name, "Couldn't request region");
            goto err_out_nets;
        }
    }

    if (test_bit(FLAG_MPI,&ai->flags)) {
        if (mpi_map_card(ai, pci)) {
            airo_print_err("", "Could not map memory");
            goto err_out_res;
        }
    }

    if (probe) {
        if (setup_card(ai, dev->dev_addr, 1) != SUCCESS) {
            airo_print_err(dev->name, "MAC could not be enabled" );
            rc = -EIO;
            goto err_out_map;
        }
    } else if (!test_bit(FLAG_MPI,&ai->flags)) {
        ai->bap_read = fast_bap_read;
        set_bit(FLAG_FLASHING, &ai->flags);
    }

    strcpy(dev->name, "eth%d");
    rc = register_netdev(dev);
    if (rc) {
        airo_print_err(dev->name, "Couldn't register_netdev");
        goto err_out_map;
    }
    ai->wifidev = init_wifidev(ai, dev);
    if (!ai->wifidev)
        goto err_out_reg;

    rc = readCapabilityRid(ai, &cap_rid, 1);
    if (rc != SUCCESS) {
        rc = -EIO;
        goto err_out_wifi;
    }
    /* WEP capability discovery */
    ai->wep_capable = (cap_rid.softCap & cpu_to_le16(0x02)) ? 1 : 0;
    ai->max_wep_idx = (cap_rid.softCap & cpu_to_le16(0x80)) ? 3 : 0;

    airo_print_info(dev->name, "Firmware version %x.%x.%02d",
                    ((le16_to_cpu(cap_rid.softVer) >> 8) & 0xF),
                    (le16_to_cpu(cap_rid.softVer) & 0xFF),
                    le16_to_cpu(cap_rid.softSubVer));

    /* Test for WPA support */
    /* Only firmware versions 5.30.17 or better can do WPA */
    if (le16_to_cpu(cap_rid.softVer) > 0x530
     || (le16_to_cpu(cap_rid.softVer) == 0x530
          && le16_to_cpu(cap_rid.softSubVer) >= 17)) {
        airo_print_info(ai->dev->name, "WPA supported.");

        set_bit(FLAG_WPA_CAPABLE, &ai->flags);
        ai->bssListFirst = RID_WPA_BSSLISTFIRST;
        ai->bssListNext = RID_WPA_BSSLISTNEXT;
        ai->bssListRidLen = sizeof(BSSListRid);
    } else {
        airo_print_info(ai->dev->name, "WPA unsupported with firmware "
            "versions older than 5.30.17.");

        ai->bssListFirst = RID_BSSLISTFIRST;
        ai->bssListNext = RID_BSSLISTNEXT;
        ai->bssListRidLen = sizeof(BSSListRid) - sizeof(BSSListRidExtra);
    }

    set_bit(FLAG_REGISTERED,&ai->flags);
    airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);

    /* Allocate the transmit buffers */
    if (probe && !test_bit(FLAG_MPI,&ai->flags))
        for( i = 0; i < MAX_FIDS; i++ )
            ai->fids[i] = transmit_allocate(ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);

    if (setup_proc_entry(dev, dev->ml_priv) < 0)
        goto err_out_wifi;

    return dev;

err_out_wifi:
    unregister_netdev(ai->wifidev);
    free_netdev(ai->wifidev);
err_out_reg:
    unregister_netdev(dev);
err_out_map:
    if (test_bit(FLAG_MPI,&ai->flags) && pci) {
        pci_free_consistent(pci, PCI_SHARED_LEN, ai->shared, ai->shared_dma);
        iounmap(ai->pciaux);
        iounmap(ai->pcimem);
        mpi_unmap_card(ai->pci);
    }
err_out_res:
    if (!is_pcmcia)
            release_region( dev->base_addr, 64 );
err_out_nets:
    airo_networks_free(ai);
err_out_free:
    del_airo_dev(ai);
    free_netdev(dev);
    return NULL;
}

struct net_device *init_airo_card( unsigned short irq, int port, int is_pcmcia,
                  struct device *dmdev)
{
    return _init_airo_card ( irq, port, is_pcmcia, NULL, dmdev);
}

EXPORT_SYMBOL(init_airo_card);

static int waitbusy (struct airo_info *ai) {
    int delay = 0;
    while ((IN4500(ai, COMMAND) & COMMAND_BUSY) && (delay < 10000)) {
        udelay (10);
        if ((++delay % 20) == 0)
            OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
    }
    return delay < 10000;
}

int reset_airo_card( struct net_device *dev )
{
    int i;
    struct airo_info *ai = dev->ml_priv;

    if (reset_card (dev, 1))
        return -1;

    if ( setup_card(ai, dev->dev_addr, 1 ) != SUCCESS ) {
        airo_print_err(dev->name, "MAC could not be enabled");
        return -1;
    }
    airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
    /* Allocate the transmit buffers if needed */
    if (!test_bit(FLAG_MPI,&ai->flags))
        for( i = 0; i < MAX_FIDS; i++ )
            ai->fids[i] = transmit_allocate (ai,AIRO_DEF_MTU,i>=MAX_FIDS/2);

    enable_interrupts( ai );
    netif_wake_queue(dev);
    return 0;
}

EXPORT_SYMBOL(reset_airo_card);

static void airo_send_event(struct net_device *dev) {
    struct airo_info *ai = dev->ml_priv;
    union iwreq_data wrqu;
    StatusRid status_rid;

    clear_bit(JOB_EVENT, &ai->jobs);
    PC4500_readrid(ai, RID_STATUS, &status_rid, sizeof(status_rid), 0);
    up(&ai->sem);
    wrqu.data.length = 0;
    wrqu.data.flags = 0;
    memcpy(wrqu.ap_addr.sa_data, status_rid.bssid[0], ETH_ALEN);
    wrqu.ap_addr.sa_family = ARPHRD_ETHER;

    /* Send event to user space */
    wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
}

static void airo_process_scan_results (struct airo_info *ai) {
    union iwreq_data    wrqu;
    BSSListRid bss;
    int rc;
    BSSListElement * loop_net;
    BSSListElement * tmp_net;

    /* Blow away current list of scan results */
    list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) {
        list_move_tail (&loop_net->list, &ai->network_free_list);
        /* Don't blow away ->list, just BSS data */
        memset (loop_net, 0, sizeof (loop_net->bss));
    }

    /* Try to read the first entry of the scan result */
    rc = PC4500_readrid(ai, ai->bssListFirst, &bss, ai->bssListRidLen, 0);
    if((rc) || (bss.index == cpu_to_le16(0xffff))) {
        /* No scan results */
        goto out;
    }

    /* Read and parse all entries */
    tmp_net = NULL;
    while((!rc) && (bss.index != cpu_to_le16(0xffff))) {
        /* Grab a network off the free list */
        if (!list_empty(&ai->network_free_list)) {
            tmp_net = list_entry(ai->network_free_list.next,
                        BSSListElement, list);
            list_del(ai->network_free_list.next);
        }

        if (tmp_net != NULL) {
            memcpy(tmp_net, &bss, sizeof(tmp_net->bss));
            list_add_tail(&tmp_net->list, &ai->network_list);
            tmp_net = NULL;
        }

        /* Read next entry */
        rc = PC4500_readrid(ai, ai->bssListNext,
                    &bss, ai->bssListRidLen, 0);
    }

out:
    ai->scan_timeout = 0;
    clear_bit(JOB_SCAN_RESULTS, &ai->jobs);
    up(&ai->sem);

    /* Send an empty event to user space.
     * We don't send the received data on
     * the event because it would require
     * us to do complex transcoding, and
     * we want to minimise the work done in
     * the irq handler. Use a request to
     * extract the data - Jean II */
    wrqu.data.length = 0;
    wrqu.data.flags = 0;
    wireless_send_event(ai->dev, SIOCGIWSCAN, &wrqu, NULL);
}

static int airo_thread(void *data) {
    struct net_device *dev = data;
    struct airo_info *ai = dev->ml_priv;
    int locked;

    set_freezable();
    while(1) {
        /* make swsusp happy with our thread */
        try_to_freeze();

        if (test_bit(JOB_DIE, &ai->jobs))
            break;

        if (ai->jobs) {
            locked = down_interruptible(&ai->sem);
        } else {
            wait_queue_t wait;

            init_waitqueue_entry(&wait, current);
            add_wait_queue(&ai->thr_wait, &wait);
            for (;;) {
                set_current_state(TASK_INTERRUPTIBLE);
                if (ai->jobs)
                    break;
                if (ai->expires || ai->scan_timeout) {
                    if (ai->scan_timeout &&
                            time_after_eq(jiffies,ai->scan_timeout)){
                        set_bit(JOB_SCAN_RESULTS, &ai->jobs);
                        break;
                    } else if (ai->expires &&
                            time_after_eq(jiffies,ai->expires)){
                        set_bit(JOB_AUTOWEP, &ai->jobs);
                        break;
                    }
                    if (!kthread_should_stop() &&
                        !freezing(current)) {
                        unsigned long wake_at;
                        if (!ai->expires || !ai->scan_timeout) {
                            wake_at = max(ai->expires,
                                ai->scan_timeout);
                        } else {
                            wake_at = min(ai->expires,
                                ai->scan_timeout);
                        }
                        schedule_timeout(wake_at - jiffies);
                        continue;
                    }
                } else if (!kthread_should_stop() &&
                       !freezing(current)) {
                    schedule();
                    continue;
                }
                break;
            }
            current->state = TASK_RUNNING;
            remove_wait_queue(&ai->thr_wait, &wait);
            locked = 1;
        }

        if (locked)
            continue;

        if (test_bit(JOB_DIE, &ai->jobs)) {
            up(&ai->sem);
            break;
        }

        if (ai->power.event || test_bit(FLAG_FLASHING, &ai->flags)) {
            up(&ai->sem);
            continue;
        }

        if (test_bit(JOB_XMIT, &ai->jobs))
            airo_end_xmit(dev);
        else if (test_bit(JOB_XMIT11, &ai->jobs))
            airo_end_xmit11(dev);
        else if (test_bit(JOB_STATS, &ai->jobs))
            airo_read_stats(dev);
        else if (test_bit(JOB_WSTATS, &ai->jobs))
            airo_read_wireless_stats(ai);
        else if (test_bit(JOB_PROMISC, &ai->jobs))
            airo_set_promisc(ai);
        else if (test_bit(JOB_MIC, &ai->jobs))
            micinit(ai);
        else if (test_bit(JOB_EVENT, &ai->jobs))
            airo_send_event(dev);
        else if (test_bit(JOB_AUTOWEP, &ai->jobs))
            timer_func(dev);
        else if (test_bit(JOB_SCAN_RESULTS, &ai->jobs))
            airo_process_scan_results(ai);
        else  /* Shouldn't get here, but we make sure to unlock */
            up(&ai->sem);
    }

    return 0;
}

static int header_len(__le16 ctl)
{
    u16 fc = le16_to_cpu(ctl);
    switch (fc & 0xc) {
    case 4:
        if ((fc & 0xe0) == 0xc0)
            return 10;  /* one-address control packet */
        return 16;  /* two-address control packet */
    case 8:
        if ((fc & 0x300) == 0x300)
            return 30;  /* WDS packet */
    }
    return 24;
}

static void airo_handle_cisco_mic(struct airo_info *ai)
{
    if (test_bit(FLAG_MIC_CAPABLE, &ai->flags)) {
        set_bit(JOB_MIC, &ai->jobs);
        wake_up_interruptible(&ai->thr_wait);
    }
}

/* Airo Status codes */
#define STAT_NOBEACON   0x8000 /* Loss of sync - missed beacons */
#define STAT_MAXRETRIES 0x8001 /* Loss of sync - max retries */
#define STAT_MAXARL 0x8002 /* Loss of sync - average retry level exceeded*/
#define STAT_FORCELOSS  0x8003 /* Loss of sync - host request */
#define STAT_TSFSYNC    0x8004 /* Loss of sync - TSF synchronization */
#define STAT_DEAUTH 0x8100 /* low byte is 802.11 reason code */
#define STAT_DISASSOC   0x8200 /* low byte is 802.11 reason code */
#define STAT_ASSOC_FAIL 0x8400 /* low byte is 802.11 reason code */
#define STAT_AUTH_FAIL  0x0300 /* low byte is 802.11 reason code */
#define STAT_ASSOC  0x0400 /* Associated */
#define STAT_REASSOC    0x0600 /* Reassociated?  Only on firmware >= 5.30.17 */

static void airo_print_status(const char *devname, u16 status)
{
    u8 reason = status & 0xFF;

    switch (status & 0xFF00) {
    case STAT_NOBEACON:
        switch (status) {
        case STAT_NOBEACON:
            airo_print_dbg(devname, "link lost (missed beacons)");
            break;
        case STAT_MAXRETRIES:
        case STAT_MAXARL:
            airo_print_dbg(devname, "link lost (max retries)");
            break;
        case STAT_FORCELOSS:
            airo_print_dbg(devname, "link lost (local choice)");
            break;
        case STAT_TSFSYNC:
            airo_print_dbg(devname, "link lost (TSF sync lost)");
            break;
        default:
            airo_print_dbg(devname, "unknow status %x\n", status);
            break;
        }
        break;
    case STAT_DEAUTH:
        airo_print_dbg(devname, "deauthenticated (reason: %d)", reason);
        break;
    case STAT_DISASSOC:
        airo_print_dbg(devname, "disassociated (reason: %d)", reason);
        break;
    case STAT_ASSOC_FAIL:
        airo_print_dbg(devname, "association failed (reason: %d)",
                   reason);
        break;
    case STAT_AUTH_FAIL:
        airo_print_dbg(devname, "authentication failed (reason: %d)",
                   reason);
        break;
    case STAT_ASSOC:
    case STAT_REASSOC:
        break;
    default:
        airo_print_dbg(devname, "unknow status %x\n", status);
        break;
    }
}

static void airo_handle_link(struct airo_info *ai)
{
    union iwreq_data wrqu;
    int scan_forceloss = 0;
    u16 status;

    /* Get new status and acknowledge the link change */
    status = le16_to_cpu(IN4500(ai, LINKSTAT));
    OUT4500(ai, EVACK, EV_LINK);

    if ((status == STAT_FORCELOSS) && (ai->scan_timeout > 0))
        scan_forceloss = 1;

    airo_print_status(ai->dev->name, status);

    if ((status == STAT_ASSOC) || (status == STAT_REASSOC)) {
        if (auto_wep)
            ai->expires = 0;
        if (ai->list_bss_task)
            wake_up_process(ai->list_bss_task);
        set_bit(FLAG_UPDATE_UNI, &ai->flags);
        set_bit(FLAG_UPDATE_MULTI, &ai->flags);

        if (down_trylock(&ai->sem) != 0) {
            set_bit(JOB_EVENT, &ai->jobs);
            wake_up_interruptible(&ai->thr_wait);
        } else
            airo_send_event(ai->dev);
    } else if (!scan_forceloss) {
        if (auto_wep && !ai->expires) {
            ai->expires = RUN_AT(3*HZ);
            wake_up_interruptible(&ai->thr_wait);
        }

        /* Send event to user space */
        memset(wrqu.ap_addr.sa_data, '\0', ETH_ALEN);
        wrqu.ap_addr.sa_family = ARPHRD_ETHER;
        wireless_send_event(ai->dev, SIOCGIWAP, &wrqu, NULL);
    }
}

static void airo_handle_rx(struct airo_info *ai)
{
    struct sk_buff *skb = NULL;
    __le16 fc, v, *buffer, tmpbuf[4];
    u16 len, hdrlen = 0, gap, fid;
    struct rx_hdr hdr;
    int success = 0;

    if (test_bit(FLAG_MPI, &ai->flags)) {
        if (test_bit(FLAG_802_11, &ai->flags))
            mpi_receive_802_11(ai);
        else
            mpi_receive_802_3(ai);
        OUT4500(ai, EVACK, EV_RX);
        return;
    }

    fid = IN4500(ai, RXFID);

    /* Get the packet length */
    if (test_bit(FLAG_802_11, &ai->flags)) {
        bap_setup (ai, fid, 4, BAP0);
        bap_read (ai, (__le16*)&hdr, sizeof(hdr), BAP0);
        /* Bad CRC. Ignore packet */
        if (le16_to_cpu(hdr.status) & 2)
            hdr.len = 0;
        if (ai->wifidev == NULL)
            hdr.len = 0;
    } else {
        bap_setup(ai, fid, 0x36, BAP0);
        bap_read(ai, &hdr.len, 2, BAP0);
    }
    len = le16_to_cpu(hdr.len);

    if (len > AIRO_DEF_MTU) {
        airo_print_err(ai->dev->name, "Bad size %d", len);
        goto done;
    }
    if (len == 0)
        goto done;

    if (test_bit(FLAG_802_11, &ai->flags)) {
        bap_read(ai, &fc, sizeof (fc), BAP0);
        hdrlen = header_len(fc);
    } else
        hdrlen = ETH_ALEN * 2;

    skb = dev_alloc_skb(len + hdrlen + 2 + 2);
    if (!skb) {
        ai->dev->stats.rx_dropped++;
        goto done;
    }

    skb_reserve(skb, 2); /* This way the IP header is aligned */
    buffer = (__le16 *) skb_put(skb, len + hdrlen);
    if (test_bit(FLAG_802_11, &ai->flags)) {
        buffer[0] = fc;
        bap_read(ai, buffer + 1, hdrlen - 2, BAP0);
        if (hdrlen == 24)
            bap_read(ai, tmpbuf, 6, BAP0);

        bap_read(ai, &v, sizeof(v), BAP0);
        gap = le16_to_cpu(v);
        if (gap) {
            if (gap <= 8) {
                bap_read(ai, tmpbuf, gap, BAP0);
            } else {
                airo_print_err(ai->dev->name, "gaplen too "
                    "big. Problems will follow...");
            }
        }
        bap_read(ai, buffer + hdrlen/2, len, BAP0);
    } else {
        MICBuffer micbuf;

        bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
        if (ai->micstats.enabled) {
            bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
            if (ntohs(micbuf.typelen) > 0x05DC)
                bap_setup(ai, fid, 0x44, BAP0);
            else {
                if (len <= sizeof (micbuf)) {
                    dev_kfree_skb_irq(skb);
                    goto done;
                }

                len -= sizeof(micbuf);
                skb_trim(skb, len + hdrlen);
            }
        }

        bap_read(ai, buffer + ETH_ALEN, len, BAP0);
        if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
            dev_kfree_skb_irq (skb);
        else
            success = 1;
    }

#ifdef WIRELESS_SPY
    if (success && (ai->spy_data.spy_number > 0)) {
        char *sa;
        struct iw_quality wstats;

        /* Prepare spy data : addr + qual */
        if (!test_bit(FLAG_802_11, &ai->flags)) {
            sa = (char *) buffer + 6;
            bap_setup(ai, fid, 8, BAP0);
            bap_read(ai, (__le16 *) hdr.rssi, 2, BAP0);
        } else
            sa = (char *) buffer + 10;
        wstats.qual = hdr.rssi[0];
        if (ai->rssi)
            wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
        else
            wstats.level = (hdr.rssi[1] + 321) / 2;
        wstats.noise = ai->wstats.qual.noise;
        wstats.updated =  IW_QUAL_LEVEL_UPDATED
                | IW_QUAL_QUAL_UPDATED
                | IW_QUAL_DBM;
        /* Update spy records */
        wireless_spy_update(ai->dev, sa, &wstats);
    }
#endif /* WIRELESS_SPY */

done:
    OUT4500(ai, EVACK, EV_RX);

    if (success) {
        if (test_bit(FLAG_802_11, &ai->flags)) {
            skb_reset_mac_header(skb);
            skb->pkt_type = PACKET_OTHERHOST;
            skb->dev = ai->wifidev;
            skb->protocol = htons(ETH_P_802_2);
        } else
            skb->protocol = eth_type_trans(skb, ai->dev);
        skb->ip_summed = CHECKSUM_NONE;

        netif_rx(skb);
    }
}

static void airo_handle_tx(struct airo_info *ai, u16 status)
{
    int i, len = 0, index = -1;
    u16 fid;

    if (test_bit(FLAG_MPI, &ai->flags)) {
        unsigned long flags;

        if (status & EV_TXEXC)
            get_tx_error(ai, -1);

        spin_lock_irqsave(&ai->aux_lock, flags);
        if (!skb_queue_empty(&ai->txq)) {
            spin_unlock_irqrestore(&ai->aux_lock,flags);
            mpi_send_packet(ai->dev);
        } else {
            clear_bit(FLAG_PENDING_XMIT, &ai->flags);
            spin_unlock_irqrestore(&ai->aux_lock,flags);
            netif_wake_queue(ai->dev);
        }
        OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
        return;
    }

    fid = IN4500(ai, TXCOMPLFID);

    for(i = 0; i < MAX_FIDS; i++) {
        if ((ai->fids[i] & 0xffff) == fid) {
            len = ai->fids[i] >> 16;
            index = i;
        }
    }

    if (index != -1) {
        if (status & EV_TXEXC)
            get_tx_error(ai, index);

        OUT4500(ai, EVACK, status & (EV_TX | EV_TXEXC));

        /* Set up to be used again */
        ai->fids[index] &= 0xffff;
        if (index < MAX_FIDS / 2) {
            if (!test_bit(FLAG_PENDING_XMIT, &ai->flags))
                netif_wake_queue(ai->dev);
        } else {
            if (!test_bit(FLAG_PENDING_XMIT11, &ai->flags))
                netif_wake_queue(ai->wifidev);
        }
    } else {
        OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
        airo_print_err(ai->dev->name, "Unallocated FID was used to xmit");
    }
}

static irqreturn_t airo_interrupt(int irq, void *dev_id)
{
    struct net_device *dev = dev_id;
    u16 status, savedInterrupts = 0;
    struct airo_info *ai = dev->ml_priv;
    int handled = 0;

    if (!netif_device_present(dev))
        return IRQ_NONE;

    for (;;) {
        status = IN4500(ai, EVSTAT);
        if (!(status & STATUS_INTS) || (status == 0xffff))
            break;

        handled = 1;

        if (status & EV_AWAKE) {
            OUT4500(ai, EVACK, EV_AWAKE);
            OUT4500(ai, EVACK, EV_AWAKE);
        }

        if (!savedInterrupts) {
            savedInterrupts = IN4500(ai, EVINTEN);
            OUT4500(ai, EVINTEN, 0);
        }

        if (status & EV_MIC) {
            OUT4500(ai, EVACK, EV_MIC);
            airo_handle_cisco_mic(ai);
        }

        if (status & EV_LINK) {
            /* Link status changed */
            airo_handle_link(ai);
        }

        /* Check to see if there is something to receive */
        if (status & EV_RX)
            airo_handle_rx(ai);

        /* Check to see if a packet has been transmitted */
        if (status & (EV_TX | EV_TXCPY | EV_TXEXC))
            airo_handle_tx(ai, status);

        if ( status & ~STATUS_INTS & ~IGNORE_INTS ) {
            airo_print_warn(ai->dev->name, "Got weird status %x",
                status & ~STATUS_INTS & ~IGNORE_INTS );
        }
    }

    if (savedInterrupts)
        OUT4500(ai, EVINTEN, savedInterrupts);

    return IRQ_RETVAL(handled);
}

/*
 *  Routines to talk to the card
 */

/*
 *  This was originally written for the 4500, hence the name
 *  NOTE:  If use with 8bit mode and SMP bad things will happen!
 *         Why would some one do 8 bit IO in an SMP machine?!?
 */
static void OUT4500( struct airo_info *ai, u16 reg, u16 val ) {
    if (test_bit(FLAG_MPI,&ai->flags))
        reg <<= 1;
    if ( !do8bitIO )
        outw( val, ai->dev->base_addr + reg );
    else {
        outb( val & 0xff, ai->dev->base_addr + reg );
        outb( val >> 8, ai->dev->base_addr + reg + 1 );
    }
}

static u16 IN4500( struct airo_info *ai, u16 reg ) {
    unsigned short rc;

    if (test_bit(FLAG_MPI,&ai->flags))
        reg <<= 1;
    if ( !do8bitIO )
        rc = inw( ai->dev->base_addr + reg );
    else {
        rc = inb( ai->dev->base_addr + reg );
        rc += ((int)inb( ai->dev->base_addr + reg + 1 )) << 8;
    }
    return rc;
}

static int enable_MAC(struct airo_info *ai, int lock)
{
    int rc;
    Cmd cmd;
    Resp rsp;

    /* FLAG_RADIO_OFF : Radio disabled via /proc or Wireless Extensions
     * FLAG_RADIO_DOWN : Radio disabled via "ifconfig ethX down"
     * Note : we could try to use !netif_running(dev) in enable_MAC()
     * instead of this flag, but I don't trust it *within* the
     * open/close functions, and testing both flags together is
     * "cheaper" - Jean II */
    if (ai->flags & FLAG_RADIO_MASK) return SUCCESS;

    if (lock && down_interruptible(&ai->sem))
        return -ERESTARTSYS;

    if (!test_bit(FLAG_ENABLED, &ai->flags)) {
        memset(&cmd, 0, sizeof(cmd));
        cmd.cmd = MAC_ENABLE;
        rc = issuecommand(ai, &cmd, &rsp);
        if (rc == SUCCESS)
            set_bit(FLAG_ENABLED, &ai->flags);
    } else
        rc = SUCCESS;

    if (lock)
        up(&ai->sem);

    if (rc)
        airo_print_err(ai->dev->name, "Cannot enable MAC");
    else if ((rsp.status & 0xFF00) != 0) {
        airo_print_err(ai->dev->name, "Bad MAC enable reason=%x, "
            "rid=%x, offset=%d", rsp.rsp0, rsp.rsp1, rsp.rsp2);
        rc = ERROR;
    }
    return rc;
}

static void disable_MAC( struct airo_info *ai, int lock ) {
        Cmd cmd;
    Resp rsp;

    if (lock && down_interruptible(&ai->sem))
        return;

    if (test_bit(FLAG_ENABLED, &ai->flags)) {
        memset(&cmd, 0, sizeof(cmd));
        cmd.cmd = MAC_DISABLE; // disable in case already enabled
        issuecommand(ai, &cmd, &rsp);
        clear_bit(FLAG_ENABLED, &ai->flags);
    }
    if (lock)
        up(&ai->sem);
}

static void enable_interrupts( struct airo_info *ai ) {
    /* Enable the interrupts */
    OUT4500( ai, EVINTEN, STATUS_INTS );
}

static void disable_interrupts( struct airo_info *ai ) {
    OUT4500( ai, EVINTEN, 0 );
}

static void mpi_receive_802_3(struct airo_info *ai)
{
    RxFid rxd;
    int len = 0;
    struct sk_buff *skb;
    char *buffer;
    int off = 0;
    MICBuffer micbuf;

    memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
    /* Make sure we got something */
    if (rxd.rdy && rxd.valid == 0) {
        len = rxd.len + 12;
        if (len < 12 || len > 2048)
            goto badrx;

        skb = dev_alloc_skb(len);
        if (!skb) {
            ai->dev->stats.rx_dropped++;
            goto badrx;
        }
        buffer = skb_put(skb,len);
        memcpy(buffer, ai->rxfids[0].virtual_host_addr, ETH_ALEN * 2);
        if (ai->micstats.enabled) {
            memcpy(&micbuf,
                ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2,
                sizeof(micbuf));
            if (ntohs(micbuf.typelen) <= 0x05DC) {
                if (len <= sizeof(micbuf) + ETH_ALEN * 2)
                    goto badmic;

                off = sizeof(micbuf);
                skb_trim (skb, len - off);
            }
        }
        memcpy(buffer + ETH_ALEN * 2,
            ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2 + off,
            len - ETH_ALEN * 2 - off);
        if (decapsulate (ai, &micbuf, (etherHead*)buffer, len - off - ETH_ALEN * 2)) {
badmic:
            dev_kfree_skb_irq (skb);
            goto badrx;
        }
#ifdef WIRELESS_SPY
        if (ai->spy_data.spy_number > 0) {
            char *sa;
            struct iw_quality wstats;
            /* Prepare spy data : addr + qual */
            sa = buffer + ETH_ALEN;
            wstats.qual = 0; /* XXX Where do I get that info from ??? */
            wstats.level = 0;
            wstats.updated = 0;
            /* Update spy records */
            wireless_spy_update(ai->dev, sa, &wstats);
        }
#endif /* WIRELESS_SPY */

        skb->ip_summed = CHECKSUM_NONE;
        skb->protocol = eth_type_trans(skb, ai->dev);
        netif_rx(skb);
    }
badrx:
    if (rxd.valid == 0) {
        rxd.valid = 1;
        rxd.rdy = 0;
        rxd.len = PKTSIZE;
        memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
    }
}

static void mpi_receive_802_11(struct airo_info *ai)
{
    RxFid rxd;
    struct sk_buff *skb = NULL;
    u16 len, hdrlen = 0;
    __le16 fc;
    struct rx_hdr hdr;
    u16 gap;
    u16 *buffer;
    char *ptr = ai->rxfids[0].virtual_host_addr + 4;

    memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
    memcpy ((char *)&hdr, ptr, sizeof(hdr));
    ptr += sizeof(hdr);
    /* Bad CRC. Ignore packet */
    if (le16_to_cpu(hdr.status) & 2)
        hdr.len = 0;
    if (ai->wifidev == NULL)
        hdr.len = 0;
    len = le16_to_cpu(hdr.len);
    if (len > AIRO_DEF_MTU) {
        airo_print_err(ai->dev->name, "Bad size %d", len);
        goto badrx;
    }
    if (len == 0)
        goto badrx;

    fc = get_unaligned((__le16 *)ptr);
    hdrlen = header_len(fc);

    skb = dev_alloc_skb( len + hdrlen + 2 );
    if ( !skb ) {
        ai->dev->stats.rx_dropped++;
        goto badrx;
    }
    buffer = (u16*)skb_put (skb, len + hdrlen);
    memcpy ((char *)buffer, ptr, hdrlen);
    ptr += hdrlen;
    if (hdrlen == 24)
        ptr += 6;
    gap = get_unaligned_le16(ptr);
    ptr += sizeof(__le16);
    if (gap) {
        if (gap <= 8)
            ptr += gap;
        else
            airo_print_err(ai->dev->name,
                "gaplen too big. Problems will follow...");
    }
    memcpy ((char *)buffer + hdrlen, ptr, len);
    ptr += len;
#ifdef IW_WIRELESS_SPY    /* defined in iw_handler.h */
    if (ai->spy_data.spy_number > 0) {
        char *sa;
        struct iw_quality wstats;
        /* Prepare spy data : addr + qual */
        sa = (char*)buffer + 10;
        wstats.qual = hdr.rssi[0];
        if (ai->rssi)
            wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
        else
            wstats.level = (hdr.rssi[1] + 321) / 2;
        wstats.noise = ai->wstats.qual.noise;
        wstats.updated = IW_QUAL_QUAL_UPDATED
            | IW_QUAL_LEVEL_UPDATED
            | IW_QUAL_DBM;
        /* Update spy records */
        wireless_spy_update(ai->dev, sa, &wstats);
    }
#endif /* IW_WIRELESS_SPY */
    skb_reset_mac_header(skb);
    skb->pkt_type = PACKET_OTHERHOST;
    skb->dev = ai->wifidev;
    skb->protocol = htons(ETH_P_802_2);
    skb->ip_summed = CHECKSUM_NONE;
    netif_rx( skb );

badrx:
    if (rxd.valid == 0) {
        rxd.valid = 1;
        rxd.rdy = 0;
        rxd.len = PKTSIZE;
        memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
    }
}

static u16 setup_card(struct airo_info *ai, u8 *mac, int lock)
{
    Cmd cmd;
    Resp rsp;
    int status;
    SsidRid mySsid;
    __le16 lastindex;
    WepKeyRid wkr;
    int rc;

    memset( &mySsid, 0, sizeof( mySsid ) );
    kfree (ai->flash);
    ai->flash = NULL;

    /* The NOP is the first step in getting the card going */
    cmd.cmd = NOP;
    cmd.parm0 = cmd.parm1 = cmd.parm2 = 0;
    if (lock && down_interruptible(&ai->sem))
        return ERROR;
    if ( issuecommand( ai, &cmd, &rsp ) != SUCCESS ) {
        if (lock)
            up(&ai->sem);
        return ERROR;
    }
    disable_MAC( ai, 0);

    // Let's figure out if we need to use the AUX port
    if (!test_bit(FLAG_MPI,&ai->flags)) {
        cmd.cmd = CMD_ENABLEAUX;
        if (issuecommand(ai, &cmd, &rsp) != SUCCESS) {
            if (lock)
                up(&ai->sem);
            airo_print_err(ai->dev->name, "Error checking for AUX port");
            return ERROR;
        }
        if (!aux_bap || rsp.status & 0xff00) {
            ai->bap_read = fast_bap_read;
            airo_print_dbg(ai->dev->name, "Doing fast bap_reads");
        } else {
            ai->bap_read = aux_bap_read;
            airo_print_dbg(ai->dev->name, "Doing AUX bap_reads");
        }
    }
    if (lock)
        up(&ai->sem);
    if (ai->config.len == 0) {
        int i;
        tdsRssiRid rssi_rid;
        CapabilityRid cap_rid;

        kfree(ai->APList);
        ai->APList = NULL;
        kfree(ai->SSID);
        ai->SSID = NULL;
        // general configuration (read/modify/write)
        status = readConfigRid(ai, lock);
        if ( status != SUCCESS ) return ERROR;

        status = readCapabilityRid(ai, &cap_rid, lock);
        if ( status != SUCCESS ) return ERROR;

        status = PC4500_readrid(ai,RID_RSSI,&rssi_rid,sizeof(rssi_rid),lock);
        if ( status == SUCCESS ) {
            if (ai->rssi || (ai->rssi = kmalloc(512, GFP_KERNEL)) != NULL)
                memcpy(ai->rssi, (u8*)&rssi_rid + 2, 512); /* Skip RID length member */
        }
        else {
            kfree(ai->rssi);
            ai->rssi = NULL;
            if (cap_rid.softCap & cpu_to_le16(8))
                ai->config.rmode |= RXMODE_NORMALIZED_RSSI;
            else
                airo_print_warn(ai->dev->name, "unknown received signal "
                        "level scale");
        }
        ai->config.opmode = adhoc ? MODE_STA_IBSS : MODE_STA_ESS;
        ai->config.authType = AUTH_OPEN;
        ai->config.modulation = MOD_CCK;

        if (le16_to_cpu(cap_rid.len) >= sizeof(cap_rid) &&
            (cap_rid.extSoftCap & cpu_to_le16(1)) &&
            micsetup(ai) == SUCCESS) {
            ai->config.opmode |= MODE_MIC;
            set_bit(FLAG_MIC_CAPABLE, &ai->flags);
        }

        /* Save off the MAC */
        for( i = 0; i < ETH_ALEN; i++ ) {
            mac[i] = ai->config.macAddr[i];
        }

        /* Check to see if there are any insmod configured
           rates to add */
        if ( rates[0] ) {
            memset(ai->config.rates,0,sizeof(ai->config.rates));
            for( i = 0; i < 8 && rates[i]; i++ ) {
                ai->config.rates[i] = rates[i];
            }
        }
        set_bit (FLAG_COMMIT, &ai->flags);
    }

    /* Setup the SSIDs if present */
    if ( ssids[0] ) {
        int i;
        for( i = 0; i < 3 && ssids[i]; i++ ) {
            size_t len = strlen(ssids[i]);
            if (len > 32)
                len = 32;
            mySsid.ssids[i].len = cpu_to_le16(len);
            memcpy(mySsid.ssids[i].ssid, ssids[i], len);
        }
        mySsid.len = cpu_to_le16(sizeof(mySsid));
    }

    status = writeConfigRid(ai, lock);
    if ( status != SUCCESS ) return ERROR;

    /* Set up the SSID list */
    if ( ssids[0] ) {
        status = writeSsidRid(ai, &mySsid, lock);
        if ( status != SUCCESS ) return ERROR;
    }

    status = enable_MAC(ai, lock);
    if (status != SUCCESS)
        return ERROR;

    /* Grab the initial wep key, we gotta save it for auto_wep */
    rc = readWepKeyRid(ai, &wkr, 1, lock);
    if (rc == SUCCESS) do {
        lastindex = wkr.kindex;
        if (wkr.kindex == cpu_to_le16(0xffff)) {
            ai->defindex = wkr.mac[0];
        }
        rc = readWepKeyRid(ai, &wkr, 0, lock);
    } while(lastindex != wkr.kindex);

    try_auto_wep(ai);

    return SUCCESS;
}

static u16 issuecommand(struct airo_info *ai, Cmd *pCmd, Resp *pRsp) {
        // Im really paranoid about letting it run forever!
    int max_tries = 600000;

    if (IN4500(ai, EVSTAT) & EV_CMD)
        OUT4500(ai, EVACK, EV_CMD);

    OUT4500(ai, PARAM0, pCmd->parm0);
    OUT4500(ai, PARAM1, pCmd->parm1);
    OUT4500(ai, PARAM2, pCmd->parm2);
    OUT4500(ai, COMMAND, pCmd->cmd);

    while (max_tries-- && (IN4500(ai, EVSTAT) & EV_CMD) == 0) {
        if ((IN4500(ai, COMMAND)) == pCmd->cmd)
            // PC4500 didn't notice command, try again
            OUT4500(ai, COMMAND, pCmd->cmd);
        if (!in_atomic() && (max_tries & 255) == 0)
            schedule();
    }

    if ( max_tries == -1 ) {
        airo_print_err(ai->dev->name,
            "Max tries exceeded when issuing command");
        if (IN4500(ai, COMMAND) & COMMAND_BUSY)
            OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
        return ERROR;
    }

    // command completed
    pRsp->status = IN4500(ai, STATUS);
    pRsp->rsp0 = IN4500(ai, RESP0);
    pRsp->rsp1 = IN4500(ai, RESP1);
    pRsp->rsp2 = IN4500(ai, RESP2);
    if ((pRsp->status & 0xff00)!=0 && pCmd->cmd != CMD_SOFTRESET)
        airo_print_err(ai->dev->name,
            "cmd:%x status:%x rsp0:%x rsp1:%x rsp2:%x",
            pCmd->cmd, pRsp->status, pRsp->rsp0, pRsp->rsp1,
            pRsp->rsp2);

    // clear stuck command busy if necessary
    if (IN4500(ai, COMMAND) & COMMAND_BUSY) {
        OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
    }
    // acknowledge processing the status/response
    OUT4500(ai, EVACK, EV_CMD);

    return SUCCESS;
}

/* Sets up the bap to start exchange data.  whichbap should
 * be one of the BAP0 or BAP1 defines.  Locks should be held before
 * calling! */
static int bap_setup(struct airo_info *ai, u16 rid, u16 offset, int whichbap )
{
    int timeout = 50;
    int max_tries = 3;

    OUT4500(ai, SELECT0+whichbap, rid);
    OUT4500(ai, OFFSET0+whichbap, offset);
    while (1) {
        int status = IN4500(ai, OFFSET0+whichbap);
        if (status & BAP_BUSY) {
                        /* This isn't really a timeout, but its kinda
               close */
            if (timeout--) {
                continue;
            }
        } else if ( status & BAP_ERR ) {
            /* invalid rid or offset */
            airo_print_err(ai->dev->name, "BAP error %x %d",
                status, whichbap );
            return ERROR;
        } else if (status & BAP_DONE) { // success
            return SUCCESS;
        }
        if ( !(max_tries--) ) {
            airo_print_err(ai->dev->name,
                "BAP setup error too many retries\n");
            return ERROR;
        }
        // -- PC4500 missed it, try again
        OUT4500(ai, SELECT0+whichbap, rid);
        OUT4500(ai, OFFSET0+whichbap, offset);
        timeout = 50;
    }
}

/* should only be called by aux_bap_read.  This aux function and the
   following use concepts not documented in the developers guide.  I
   got them from a patch given to my by Aironet */
static u16 aux_setup(struct airo_info *ai, u16 page,
             u16 offset, u16 *len)
{
    u16 next;

    OUT4500(ai, AUXPAGE, page);
    OUT4500(ai, AUXOFF, 0);
    next = IN4500(ai, AUXDATA);
    *len = IN4500(ai, AUXDATA)&0xff;
    if (offset != 4) OUT4500(ai, AUXOFF, offset);
    return next;
}

/* requires call to bap_setup() first */
static int aux_bap_read(struct airo_info *ai, __le16 *pu16Dst,
            int bytelen, int whichbap)
{
    u16 len;
    u16 page;
    u16 offset;
    u16 next;
    int words;
    int i;
    unsigned long flags;

    spin_lock_irqsave(&ai->aux_lock, flags);
    page = IN4500(ai, SWS0+whichbap);
    offset = IN4500(ai, SWS2+whichbap);
    next = aux_setup(ai, page, offset, &len);
    words = (bytelen+1)>>1;

    for (i=0; i<words;) {
        int count;
        count = (len>>1) < (words-i) ? (len>>1) : (words-i);
        if ( !do8bitIO )
            insw( ai->dev->base_addr+DATA0+whichbap,
                  pu16Dst+i,count );
        else
            insb( ai->dev->base_addr+DATA0+whichbap,
                  pu16Dst+i, count << 1 );
        i += count;
        if (i<words) {
            next = aux_setup(ai, next, 4, &len);
        }
    }
    spin_unlock_irqrestore(&ai->aux_lock, flags);
    return SUCCESS;
}


/* requires call to bap_setup() first */
static int fast_bap_read(struct airo_info *ai, __le16 *pu16Dst,
             int bytelen, int whichbap)
{
    bytelen = (bytelen + 1) & (~1); // round up to even value
    if ( !do8bitIO )
        insw( ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen>>1 );
    else
        insb( ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen );
    return SUCCESS;
}

/* requires call to bap_setup() first */
static int bap_write(struct airo_info *ai, const __le16 *pu16Src,
             int bytelen, int whichbap)
{
    bytelen = (bytelen + 1) & (~1); // round up to even value
    if ( !do8bitIO )
        outsw( ai->dev->base_addr+DATA0+whichbap,
               pu16Src, bytelen>>1 );
    else
        outsb( ai->dev->base_addr+DATA0+whichbap, pu16Src, bytelen );
    return SUCCESS;
}

static int PC4500_accessrid(struct airo_info *ai, u16 rid, u16 accmd)
{
    Cmd cmd; /* for issuing commands */
    Resp rsp; /* response from commands */
    u16 status;

    memset(&cmd, 0, sizeof(cmd));
    cmd.cmd = accmd;
    cmd.parm0 = rid;
    status = issuecommand(ai, &cmd, &rsp);
    if (status != 0) return status;
    if ( (rsp.status & 0x7F00) != 0) {
        return (accmd << 8) + (rsp.rsp0 & 0xFF);
    }
    return 0;
}

/*  Note, that we are using BAP1 which is also used by transmit, so
 *  we must get a lock. */
static int PC4500_readrid(struct airo_info *ai, u16 rid, void *pBuf, int len, int lock)
{
    u16 status;
        int rc = SUCCESS;

    if (lock) {
        if (down_interruptible(&ai->sem))
            return ERROR;
    }
    if (test_bit(FLAG_MPI,&ai->flags)) {
        Cmd cmd;
        Resp rsp;

        memset(&cmd, 0, sizeof(cmd));
        memset(&rsp, 0, sizeof(rsp));
        ai->config_desc.rid_desc.valid = 1;
        ai->config_desc.rid_desc.len = RIDSIZE;
        ai->config_desc.rid_desc.rid = 0;
        ai->config_desc.rid_desc.host_addr = ai->ridbus;

        cmd.cmd = CMD_ACCESS;
        cmd.parm0 = rid;

        memcpy_toio(ai->config_desc.card_ram_off,
            &ai->config_desc.rid_desc, sizeof(Rid));

        rc = issuecommand(ai, &cmd, &rsp);

        if (rsp.status & 0x7f00)
            rc = rsp.rsp0;
        if (!rc)
            memcpy(pBuf, ai->config_desc.virtual_host_addr, len);
        goto done;
    } else {
        if ((status = PC4500_accessrid(ai, rid, CMD_ACCESS))!=SUCCESS) {
                    rc = status;
                    goto done;
            }
        if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
            rc = ERROR;
                    goto done;
            }
        // read the rid length field
        bap_read(ai, pBuf, 2, BAP1);
        // length for remaining part of rid
        len = min(len, (int)le16_to_cpu(*(__le16*)pBuf)) - 2;

        if ( len <= 2 ) {
            airo_print_err(ai->dev->name,
                "Rid %x has a length of %d which is too short",
                (int)rid, (int)len );
            rc = ERROR;
                    goto done;
        }
        // read remainder of the rid
        rc = bap_read(ai, ((__le16*)pBuf)+1, len, BAP1);
    }
done:
    if (lock)
        up(&ai->sem);
    return rc;
}

/*  Note, that we are using BAP1 which is also used by transmit, so
 *  make sure this isn't called when a transmit is happening */
static int PC4500_writerid(struct airo_info *ai, u16 rid,
               const void *pBuf, int len, int lock)
{
    u16 status;
    int rc = SUCCESS;

    *(__le16*)pBuf = cpu_to_le16((u16)len);

    if (lock) {
        if (down_interruptible(&ai->sem))
            return ERROR;
    }
    if (test_bit(FLAG_MPI,&ai->flags)) {
        Cmd cmd;
        Resp rsp;

        if (test_bit(FLAG_ENABLED, &ai->flags) && (RID_WEP_TEMP != rid))
            airo_print_err(ai->dev->name,
                "%s: MAC should be disabled (rid=%04x)",
                __func__, rid);
        memset(&cmd, 0, sizeof(cmd));
        memset(&rsp, 0, sizeof(rsp));

        ai->config_desc.rid_desc.valid = 1;
        ai->config_desc.rid_desc.len = *((u16 *)pBuf);
        ai->config_desc.rid_desc.rid = 0;

        cmd.cmd = CMD_WRITERID;
        cmd.parm0 = rid;

        memcpy_toio(ai->config_desc.card_ram_off,
            &ai->config_desc.rid_desc, sizeof(Rid));

        if (len < 4 || len > 2047) {
            airo_print_err(ai->dev->name, "%s: len=%d", __func__, len);
            rc = -1;
        } else {
            memcpy(ai->config_desc.virtual_host_addr,
                pBuf, len);

            rc = issuecommand(ai, &cmd, &rsp);
            if ((rc & 0xff00) != 0) {
                airo_print_err(ai->dev->name, "%s: Write rid Error %d",
                        __func__, rc);
                airo_print_err(ai->dev->name, "%s: Cmd=%04x",
                        __func__, cmd.cmd);
            }

            if ((rsp.status & 0x7f00))
                rc = rsp.rsp0;
        }
    } else {
        // --- first access so that we can write the rid data
        if ( (status = PC4500_accessrid(ai, rid, CMD_ACCESS)) != 0) {
                    rc = status;
                    goto done;
            }
        // --- now write the rid data
        if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
                    rc = ERROR;
                    goto done;
            }
        bap_write(ai, pBuf, len, BAP1);
        // ---now commit the rid data
        rc = PC4500_accessrid(ai, rid, 0x100|CMD_ACCESS);
    }
done:
    if (lock)
        up(&ai->sem);
        return rc;
}

/* Allocates a FID to be used for transmitting packets.  We only use
   one for now. */
static u16 transmit_allocate(struct airo_info *ai, int lenPayload, int raw)
{
    unsigned int loop = 3000;
    Cmd cmd;
    Resp rsp;
    u16 txFid;
    __le16 txControl;

    cmd.cmd = CMD_ALLOCATETX;
    cmd.parm0 = lenPayload;
    if (down_interruptible(&ai->sem))
        return ERROR;
    if (issuecommand(ai, &cmd, &rsp) != SUCCESS) {
        txFid = ERROR;
        goto done;
    }
    if ( (rsp.status & 0xFF00) != 0) {
        txFid = ERROR;
        goto done;
    }
    /* wait for the allocate event/indication
     * It makes me kind of nervous that this can just sit here and spin,
     * but in practice it only loops like four times. */
    while (((IN4500(ai, EVSTAT) & EV_ALLOC) == 0) && --loop);
    if (!loop) {
        txFid = ERROR;
        goto done;
    }

    // get the allocated fid and acknowledge
    txFid = IN4500(ai, TXALLOCFID);
    OUT4500(ai, EVACK, EV_ALLOC);

    /*  The CARD is pretty cool since it converts the ethernet packet
     *  into 802.11.  Also note that we don't release the FID since we
     *  will be using the same one over and over again. */
    /*  We only have to setup the control once since we are not
     *  releasing the fid. */
    if (raw)
        txControl = cpu_to_le16(TXCTL_TXOK | TXCTL_TXEX | TXCTL_802_11
            | TXCTL_ETHERNET | TXCTL_NORELEASE);
    else
        txControl = cpu_to_le16(TXCTL_TXOK | TXCTL_TXEX | TXCTL_802_3
            | TXCTL_ETHERNET | TXCTL_NORELEASE);
    if (bap_setup(ai, txFid, 0x0008, BAP1) != SUCCESS)
        txFid = ERROR;
    else
        bap_write(ai, &txControl, sizeof(txControl), BAP1);

done:
    up(&ai->sem);

    return txFid;
}

/* In general BAP1 is dedicated to transmiting packets.  However,
   since we need a BAP when accessing RIDs, we also use BAP1 for that.
   Make sure the BAP1 spinlock is held when this is called. */
static int transmit_802_3_packet(struct airo_info *ai, int len, char *pPacket)
{
    __le16 payloadLen;
    Cmd cmd;
    Resp rsp;
    int miclen = 0;
    u16 txFid = len;
    MICBuffer pMic;

    len >>= 16;

    if (len <= ETH_ALEN * 2) {
        airo_print_warn(ai->dev->name, "Short packet %d", len);
        return ERROR;
    }
    len -= ETH_ALEN * 2;

    if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled && 
        (ntohs(((__be16 *)pPacket)[6]) != 0x888E)) {
        if (encapsulate(ai,(etherHead *)pPacket,&pMic,len) != SUCCESS)
            return ERROR;
        miclen = sizeof(pMic);
    }
    // packet is destination[6], source[6], payload[len-12]
    // write the payload length and dst/src/payload
    if (bap_setup(ai, txFid, 0x0036, BAP1) != SUCCESS) return ERROR;
    /* The hardware addresses aren't counted as part of the payload, so
     * we have to subtract the 12 bytes for the addresses off */
    payloadLen = cpu_to_le16(len + miclen);
    bap_write(ai, &payloadLen, sizeof(payloadLen),BAP1);
    bap_write(ai, (__le16*)pPacket, sizeof(etherHead), BAP1);
    if (miclen)
        bap_write(ai, (__le16*)&pMic, miclen, BAP1);
    bap_write(ai, (__le16*)(pPacket + sizeof(etherHead)), len, BAP1);
    // issue the transmit command
    memset( &cmd, 0, sizeof( cmd ) );
    cmd.cmd = CMD_TRANSMIT;
    cmd.parm0 = txFid;
    if (issuecommand(ai, &cmd, &rsp) != SUCCESS) return ERROR;
    if ( (rsp.status & 0xFF00) != 0) return ERROR;
    return SUCCESS;
}

static int transmit_802_11_packet(struct airo_info *ai, int len, char *pPacket)
{
    __le16 fc, payloadLen;
    Cmd cmd;
    Resp rsp;
    int hdrlen;
    static u8 tail[(30-10) + 2 + 6] = {[30-10] = 6};
    /* padding of header to full size + le16 gaplen (6) + gaplen bytes */
    u16 txFid = len;
    len >>= 16;

    fc = *(__le16*)pPacket;
    hdrlen = header_len(fc);

    if (len < hdrlen) {
        airo_print_warn(ai->dev->name, "Short packet %d", len);
        return ERROR;
    }

    /* packet is 802.11 header +  payload
     * write the payload length and dst/src/payload */
    if (bap_setup(ai, txFid, 6, BAP1) != SUCCESS) return ERROR;
    /* The 802.11 header aren't counted as part of the payload, so
     * we have to subtract the header bytes off */
    payloadLen = cpu_to_le16(len-hdrlen);
    bap_write(ai, &payloadLen, sizeof(payloadLen),BAP1);
    if (bap_setup(ai, txFid, 0x0014, BAP1) != SUCCESS) return ERROR;
    bap_write(ai, (__le16 *)pPacket, hdrlen, BAP1);
    bap_write(ai, (__le16 *)(tail + (hdrlen - 10)), 38 - hdrlen, BAP1);

    bap_write(ai, (__le16 *)(pPacket + hdrlen), len - hdrlen, BAP1);
    // issue the transmit command
    memset( &cmd, 0, sizeof( cmd ) );
    cmd.cmd = CMD_TRANSMIT;
    cmd.parm0 = txFid;
    if (issuecommand(ai, &cmd, &rsp) != SUCCESS) return ERROR;
    if ( (rsp.status & 0xFF00) != 0) return ERROR;
    return SUCCESS;
}

/*
 *  This is the proc_fs routines.  It is a bit messier than I would
 *  like!  Feel free to clean it up!
 */

static ssize_t proc_read( struct file *file,
              char __user *buffer,
              size_t len,
              loff_t *offset);

static ssize_t proc_write( struct file *file,
               const char __user *buffer,
               size_t len,
               loff_t *offset );
static int proc_close( struct inode *inode, struct file *file );

static int proc_stats_open( struct inode *inode, struct file *file );
static int proc_statsdelta_open( struct inode *inode, struct file *file );
static int proc_status_open( struct inode *inode, struct file *file );
static int proc_SSID_open( struct inode *inode, struct file *file );
static int proc_APList_open( struct inode *inode, struct file *file );
static int proc_BSSList_open( struct inode *inode, struct file *file );
static int proc_config_open( struct inode *inode, struct file *file );
static int proc_wepkey_open( struct inode *inode, struct file *file );

static const struct file_operations proc_statsdelta_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .open       = proc_statsdelta_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_stats_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .open       = proc_stats_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_status_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .open       = proc_status_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_SSID_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .write      = proc_write,
    .open       = proc_SSID_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_BSSList_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .write      = proc_write,
    .open       = proc_BSSList_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_APList_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .write      = proc_write,
    .open       = proc_APList_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_config_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .write      = proc_write,
    .open       = proc_config_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static const struct file_operations proc_wepkey_ops = {
    .owner      = THIS_MODULE,
    .read       = proc_read,
    .write      = proc_write,
    .open       = proc_wepkey_open,
    .release    = proc_close,
    .llseek     = default_llseek,
};

static struct proc_dir_entry *airo_entry;

struct proc_data {
    int release_buffer;
    int readlen;
    char *rbuffer;
    int writelen;
    int maxwritelen;
    char *wbuffer;
    void (*on_close) (struct inode *, struct file *);
};

static int setup_proc_entry( struct net_device *dev,
                 struct airo_info *apriv ) {
    struct proc_dir_entry *entry;

    /* First setup the device directory */
    strcpy(apriv->proc_name,dev->name);
    apriv->proc_entry = proc_mkdir_mode(apriv->proc_name, airo_perm,
                        airo_entry);
    if (!apriv->proc_entry)
        goto fail;
    apriv->proc_entry->uid = proc_kuid;
    apriv->proc_entry->gid = proc_kgid;

    /* Setup the StatsDelta */
    entry = proc_create_data("StatsDelta", S_IRUGO & proc_perm,
                 apriv->proc_entry, &proc_statsdelta_ops, dev);
    if (!entry)
        goto fail_stats_delta;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the Stats */
    entry = proc_create_data("Stats", S_IRUGO & proc_perm,
                 apriv->proc_entry, &proc_stats_ops, dev);
    if (!entry)
        goto fail_stats;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the Status */
    entry = proc_create_data("Status", S_IRUGO & proc_perm,
                 apriv->proc_entry, &proc_status_ops, dev);
    if (!entry)
        goto fail_status;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the Config */
    entry = proc_create_data("Config", proc_perm,
                 apriv->proc_entry, &proc_config_ops, dev);
    if (!entry)
        goto fail_config;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the SSID */
    entry = proc_create_data("SSID", proc_perm,
                 apriv->proc_entry, &proc_SSID_ops, dev);
    if (!entry)
        goto fail_ssid;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the APList */
    entry = proc_create_data("APList", proc_perm,
                 apriv->proc_entry, &proc_APList_ops, dev);
    if (!entry)
        goto fail_aplist;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the BSSList */
    entry = proc_create_data("BSSList", proc_perm,
                 apriv->proc_entry, &proc_BSSList_ops, dev);
    if (!entry)
        goto fail_bsslist;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    /* Setup the WepKey */
    entry = proc_create_data("WepKey", proc_perm,
                 apriv->proc_entry, &proc_wepkey_ops, dev);
    if (!entry)
        goto fail_wepkey;
    entry->uid = proc_kuid;
    entry->gid = proc_kgid;

    return 0;

fail_wepkey:
    remove_proc_entry("BSSList", apriv->proc_entry);
fail_bsslist:
    remove_proc_entry("APList", apriv->proc_entry);
fail_aplist:
    remove_proc_entry("SSID", apriv->proc_entry);
fail_ssid:
    remove_proc_entry("Config", apriv->proc_entry);
fail_config:
    remove_proc_entry("Status", apriv->proc_entry);
fail_status:
    remove_proc_entry("Stats", apriv->proc_entry);
fail_stats:
    remove_proc_entry("StatsDelta", apriv->proc_entry);
fail_stats_delta:
    remove_proc_entry(apriv->proc_name, airo_entry);
fail:
    return -ENOMEM;
}

static int takedown_proc_entry( struct net_device *dev,
                struct airo_info *apriv ) {
    if ( !apriv->proc_entry->namelen ) return 0;
    remove_proc_entry("Stats",apriv->proc_entry);
    remove_proc_entry("StatsDelta",apriv->proc_entry);
    remove_proc_entry("Status",apriv->proc_entry);
    remove_proc_entry("Config",apriv->proc_entry);
    remove_proc_entry("SSID",apriv->proc_entry);
    remove_proc_entry("APList",apriv->proc_entry);
    remove_proc_entry("BSSList",apriv->proc_entry);
    remove_proc_entry("WepKey",apriv->proc_entry);
    remove_proc_entry(apriv->proc_name,airo_entry);
    return 0;
}

/*
 *  What we want from the proc_fs is to be able to efficiently read
 *  and write the configuration.  To do this, we want to read the
 *  configuration when the file is opened and write it when the file is
 *  closed.  So basically we allocate a read buffer at open and fill it
 *  with data, and allocate a write buffer and read it at close.
 */

/*
 *  The read routine is generic, it relies on the preallocated rbuffer
 *  to supply the data.
 */
static ssize_t proc_read( struct file *file,
              char __user *buffer,
              size_t len,
              loff_t *offset )
{
    struct proc_data *priv = file->private_data;

    if (!priv->rbuffer)
        return -EINVAL;

    return simple_read_from_buffer(buffer, len, offset, priv->rbuffer,
                    priv->readlen);
}

/*
 *  The write routine is generic, it fills in a preallocated rbuffer
 *  to supply the data.
 */
static ssize_t proc_write( struct file *file,
               const char __user *buffer,
               size_t len,
               loff_t *offset )
{
    ssize_t ret;
    struct proc_data *priv = file->private_data;

    if (!priv->wbuffer)
        return -EINVAL;

    ret = simple_write_to_buffer(priv->wbuffer, priv->maxwritelen, offset,
                    buffer, len);
    if (ret > 0)
        priv->writelen = max_t(int, priv->writelen, *offset);

    return ret;
}

static int proc_status_open(struct inode *inode, struct file *file)
{
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *apriv = dev->ml_priv;
    CapabilityRid cap_rid;
    StatusRid status_rid;
    u16 mode;
    int i;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    data = file->private_data;
    if ((data->rbuffer = kmalloc( 2048, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }

    readStatusRid(apriv, &status_rid, 1);
    readCapabilityRid(apriv, &cap_rid, 1);

    mode = le16_to_cpu(status_rid.mode);

        i = sprintf(data->rbuffer, "Status: %s%s%s%s%s%s%s%s%s\n",
                    mode & 1 ? "CFG ": "",
                    mode & 2 ? "ACT ": "",
                    mode & 0x10 ? "SYN ": "",
                    mode & 0x20 ? "LNK ": "",
                    mode & 0x40 ? "LEAP ": "",
                    mode & 0x80 ? "PRIV ": "",
                    mode & 0x100 ? "KEY ": "",
                    mode & 0x200 ? "WEP ": "",
                    mode & 0x8000 ? "ERR ": "");
    sprintf( data->rbuffer+i, "Mode: %x\n"
         "Signal Strength: %d\n"
         "Signal Quality: %d\n"
         "SSID: %-.*s\n"
         "AP: %-.16s\n"
         "Freq: %d\n"
         "BitRate: %dmbs\n"
         "Driver Version: %s\n"
         "Device: %s\nManufacturer: %s\nFirmware Version: %s\n"
         "Radio type: %x\nCountry: %x\nHardware Version: %x\n"
         "Software Version: %x\nSoftware Subversion: %x\n"
         "Boot block version: %x\n",
         le16_to_cpu(status_rid.mode),
         le16_to_cpu(status_rid.normalizedSignalStrength),
         le16_to_cpu(status_rid.signalQuality),
         le16_to_cpu(status_rid.SSIDlen),
         status_rid.SSID,
         status_rid.apName,
         le16_to_cpu(status_rid.channel),
         le16_to_cpu(status_rid.currentXmitRate) / 2,
         version,
         cap_rid.prodName,
         cap_rid.manName,
         cap_rid.prodVer,
         le16_to_cpu(cap_rid.radioType),
         le16_to_cpu(cap_rid.country),
         le16_to_cpu(cap_rid.hardVer),
         le16_to_cpu(cap_rid.softVer),
         le16_to_cpu(cap_rid.softSubVer),
         le16_to_cpu(cap_rid.bootBlockVer));
    data->readlen = strlen( data->rbuffer );
    return 0;
}

static int proc_stats_rid_open(struct inode*, struct file*, u16);
static int proc_statsdelta_open( struct inode *inode,
                 struct file *file ) {
    if (file->f_mode&FMODE_WRITE) {
        return proc_stats_rid_open(inode, file, RID_STATSDELTACLEAR);
    }
    return proc_stats_rid_open(inode, file, RID_STATSDELTA);
}

static int proc_stats_open( struct inode *inode, struct file *file ) {
    return proc_stats_rid_open(inode, file, RID_STATS);
}

static int proc_stats_rid_open( struct inode *inode,
                struct file *file,
                u16 rid )
{
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *apriv = dev->ml_priv;
    StatsRid stats;
    int i, j;
    __le32 *vals = stats.vals;
    int len;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    data = file->private_data;
    if ((data->rbuffer = kmalloc( 4096, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }

    readStatsRid(apriv, &stats, rid, 1);
    len = le16_to_cpu(stats.len);

        j = 0;
    for(i=0; statsLabels[i]!=(char *)-1 && i*4<len; i++) {
        if (!statsLabels[i]) continue;
        if (j+strlen(statsLabels[i])+16>4096) {
            airo_print_warn(apriv->dev->name,
                   "Potentially disastrous buffer overflow averted!");
            break;
        }
        j+=sprintf(data->rbuffer+j, "%s: %u\n", statsLabels[i],
                le32_to_cpu(vals[i]));
    }
    if (i*4 >= len) {
        airo_print_warn(apriv->dev->name, "Got a short rid");
    }
    data->readlen = j;
    return 0;
}

static int get_dec_u16( char *buffer, int *start, int limit ) {
    u16 value;
    int valid = 0;
    for (value = 0; *start < limit && buffer[*start] >= '0' &&
            buffer[*start] <= '9'; (*start)++) {
        valid = 1;
        value *= 10;
        value += buffer[*start] - '0';
    }
    if ( !valid ) return -1;
    return value;
}

static int airo_config_commit(struct net_device *dev,
                  struct iw_request_info *info, void *zwrq,
                  char *extra);

static inline int sniffing_mode(struct airo_info *ai)
{
    return (le16_to_cpu(ai->config.rmode) & le16_to_cpu(RXMODE_MASK)) >=
        le16_to_cpu(RXMODE_RFMON);
}

static void proc_config_on_close(struct inode *inode, struct file *file)
{
    struct proc_data *data = file->private_data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    char *line;

    if ( !data->writelen ) return;

    readConfigRid(ai, 1);
    set_bit (FLAG_COMMIT, &ai->flags);

    line = data->wbuffer;
    while( line[0] ) {
/*** Mode processing */
        if ( !strncmp( line, "Mode: ", 6 ) ) {
            line += 6;
            if (sniffing_mode(ai))
                set_bit (FLAG_RESET, &ai->flags);
            ai->config.rmode &= ~RXMODE_FULL_MASK;
            clear_bit (FLAG_802_11, &ai->flags);
            ai->config.opmode &= ~MODE_CFG_MASK;
            ai->config.scanMode = SCANMODE_ACTIVE;
            if ( line[0] == 'a' ) {
                ai->config.opmode |= MODE_STA_IBSS;
            } else {
                ai->config.opmode |= MODE_STA_ESS;
                if ( line[0] == 'r' ) {
                    ai->config.rmode |= RXMODE_RFMON | RXMODE_DISABLE_802_3_HEADER;
                    ai->config.scanMode = SCANMODE_PASSIVE;
                    set_bit (FLAG_802_11, &ai->flags);
                } else if ( line[0] == 'y' ) {
                    ai->config.rmode |= RXMODE_RFMON_ANYBSS | RXMODE_DISABLE_802_3_HEADER;
                    ai->config.scanMode = SCANMODE_PASSIVE;
                    set_bit (FLAG_802_11, &ai->flags);
                } else if ( line[0] == 'l' )
                    ai->config.rmode |= RXMODE_LANMON;
            }
            set_bit (FLAG_COMMIT, &ai->flags);
        }

/*** Radio status */
        else if (!strncmp(line,"Radio: ", 7)) {
            line += 7;
            if (!strncmp(line,"off",3)) {
                set_bit (FLAG_RADIO_OFF, &ai->flags);
            } else {
                clear_bit (FLAG_RADIO_OFF, &ai->flags);
            }
        }
/*** NodeName processing */
        else if ( !strncmp( line, "NodeName: ", 10 ) ) {
            int j;

            line += 10;
            memset( ai->config.nodeName, 0, 16 );
/* Do the name, assume a space between the mode and node name */
            for( j = 0; j < 16 && line[j] != '\n'; j++ ) {
                ai->config.nodeName[j] = line[j];
            }
            set_bit (FLAG_COMMIT, &ai->flags);
        }

/*** PowerMode processing */
        else if ( !strncmp( line, "PowerMode: ", 11 ) ) {
            line += 11;
            if ( !strncmp( line, "PSPCAM", 6 ) ) {
                ai->config.powerSaveMode = POWERSAVE_PSPCAM;
                set_bit (FLAG_COMMIT, &ai->flags);
            } else if ( !strncmp( line, "PSP", 3 ) ) {
                ai->config.powerSaveMode = POWERSAVE_PSP;
                set_bit (FLAG_COMMIT, &ai->flags);
            } else {
                ai->config.powerSaveMode = POWERSAVE_CAM;
                set_bit (FLAG_COMMIT, &ai->flags);
            }
        } else if ( !strncmp( line, "DataRates: ", 11 ) ) {
            int v, i = 0, k = 0; /* i is index into line,
                        k is index to rates */

            line += 11;
            while((v = get_dec_u16(line, &i, 3))!=-1) {
                ai->config.rates[k++] = (u8)v;
                line += i + 1;
                i = 0;
            }
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "Channel: ", 9 ) ) {
            int v, i = 0;
            line += 9;
            v = get_dec_u16(line, &i, i+3);
            if ( v != -1 ) {
                ai->config.channelSet = cpu_to_le16(v);
                set_bit (FLAG_COMMIT, &ai->flags);
            }
        } else if ( !strncmp( line, "XmitPower: ", 11 ) ) {
            int v, i = 0;
            line += 11;
            v = get_dec_u16(line, &i, i+3);
            if ( v != -1 ) {
                ai->config.txPower = cpu_to_le16(v);
                set_bit (FLAG_COMMIT, &ai->flags);
            }
        } else if ( !strncmp( line, "WEP: ", 5 ) ) {
            line += 5;
            switch( line[0] ) {
            case 's':
                ai->config.authType = AUTH_SHAREDKEY;
                break;
            case 'e':
                ai->config.authType = AUTH_ENCRYPT;
                break;
            default:
                ai->config.authType = AUTH_OPEN;
                break;
            }
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "LongRetryLimit: ", 16 ) ) {
            int v, i = 0;

            line += 16;
            v = get_dec_u16(line, &i, 3);
            v = (v<0) ? 0 : ((v>255) ? 255 : v);
            ai->config.longRetryLimit = cpu_to_le16(v);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "ShortRetryLimit: ", 17 ) ) {
            int v, i = 0;

            line += 17;
            v = get_dec_u16(line, &i, 3);
            v = (v<0) ? 0 : ((v>255) ? 255 : v);
            ai->config.shortRetryLimit = cpu_to_le16(v);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "RTSThreshold: ", 14 ) ) {
            int v, i = 0;

            line += 14;
            v = get_dec_u16(line, &i, 4);
            v = (v<0) ? 0 : ((v>AIRO_DEF_MTU) ? AIRO_DEF_MTU : v);
            ai->config.rtsThres = cpu_to_le16(v);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "TXMSDULifetime: ", 16 ) ) {
            int v, i = 0;

            line += 16;
            v = get_dec_u16(line, &i, 5);
            v = (v<0) ? 0 : v;
            ai->config.txLifetime = cpu_to_le16(v);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "RXMSDULifetime: ", 16 ) ) {
            int v, i = 0;

            line += 16;
            v = get_dec_u16(line, &i, 5);
            v = (v<0) ? 0 : v;
            ai->config.rxLifetime = cpu_to_le16(v);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "TXDiversity: ", 13 ) ) {
            ai->config.txDiversity =
                (line[13]=='l') ? 1 :
                ((line[13]=='r')? 2: 3);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "RXDiversity: ", 13 ) ) {
            ai->config.rxDiversity =
                (line[13]=='l') ? 1 :
                ((line[13]=='r')? 2: 3);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if ( !strncmp( line, "FragThreshold: ", 15 ) ) {
            int v, i = 0;

            line += 15;
            v = get_dec_u16(line, &i, 4);
            v = (v<256) ? 256 : ((v>AIRO_DEF_MTU) ? AIRO_DEF_MTU : v);
            v = v & 0xfffe; /* Make sure its even */
            ai->config.fragThresh = cpu_to_le16(v);
            set_bit (FLAG_COMMIT, &ai->flags);
        } else if (!strncmp(line, "Modulation: ", 12)) {
            line += 12;
            switch(*line) {
            case 'd':  ai->config.modulation=MOD_DEFAULT; set_bit(FLAG_COMMIT, &ai->flags); break;
            case 'c':  ai->config.modulation=MOD_CCK; set_bit(FLAG_COMMIT, &ai->flags); break;
            case 'm':  ai->config.modulation=MOD_MOK; set_bit(FLAG_COMMIT, &ai->flags); break;
            default: airo_print_warn(ai->dev->name, "Unknown modulation");
            }
        } else if (!strncmp(line, "Preamble: ", 10)) {
            line += 10;
            switch(*line) {
            case 'a': ai->config.preamble=PREAMBLE_AUTO; set_bit(FLAG_COMMIT, &ai->flags); break;
            case 'l': ai->config.preamble=PREAMBLE_LONG; set_bit(FLAG_COMMIT, &ai->flags); break;
            case 's': ai->config.preamble=PREAMBLE_SHORT; set_bit(FLAG_COMMIT, &ai->flags); break;
            default: airo_print_warn(ai->dev->name, "Unknown preamble");
            }
        } else {
            airo_print_warn(ai->dev->name, "Couldn't figure out %s", line);
        }
        while( line[0] && line[0] != '\n' ) line++;
        if ( line[0] ) line++;
    }
    airo_config_commit(dev, NULL, NULL, NULL);
}

static const char *get_rmode(__le16 mode)
{
        switch(mode & RXMODE_MASK) {
        case RXMODE_RFMON:  return "rfmon";
        case RXMODE_RFMON_ANYBSS:  return "yna (any) bss rfmon";
        case RXMODE_LANMON:  return "lanmon";
        }
        return "ESS";
}

static int proc_config_open(struct inode *inode, struct file *file)
{
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    int i;
    __le16 mode;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    data = file->private_data;
    if ((data->rbuffer = kmalloc( 2048, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }
    if ((data->wbuffer = kzalloc( 2048, GFP_KERNEL )) == NULL) {
        kfree (data->rbuffer);
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->maxwritelen = 2048;
    data->on_close = proc_config_on_close;

    readConfigRid(ai, 1);

    mode = ai->config.opmode & MODE_CFG_MASK;
    i = sprintf( data->rbuffer,
             "Mode: %s\n"
             "Radio: %s\n"
             "NodeName: %-16s\n"
             "PowerMode: %s\n"
             "DataRates: %d %d %d %d %d %d %d %d\n"
             "Channel: %d\n"
             "XmitPower: %d\n",
             mode == MODE_STA_IBSS ? "adhoc" :
             mode == MODE_STA_ESS ? get_rmode(ai->config.rmode):
             mode == MODE_AP ? "AP" :
             mode == MODE_AP_RPTR ? "AP RPTR" : "Error",
             test_bit(FLAG_RADIO_OFF, &ai->flags) ? "off" : "on",
             ai->config.nodeName,
             ai->config.powerSaveMode == POWERSAVE_CAM ? "CAM" :
             ai->config.powerSaveMode == POWERSAVE_PSP ? "PSP" :
             ai->config.powerSaveMode == POWERSAVE_PSPCAM ? "PSPCAM" :
             "Error",
             (int)ai->config.rates[0],
             (int)ai->config.rates[1],
             (int)ai->config.rates[2],
             (int)ai->config.rates[3],
             (int)ai->config.rates[4],
             (int)ai->config.rates[5],
             (int)ai->config.rates[6],
             (int)ai->config.rates[7],
             le16_to_cpu(ai->config.channelSet),
             le16_to_cpu(ai->config.txPower)
        );
    sprintf( data->rbuffer + i,
         "LongRetryLimit: %d\n"
         "ShortRetryLimit: %d\n"
         "RTSThreshold: %d\n"
         "TXMSDULifetime: %d\n"
         "RXMSDULifetime: %d\n"
         "TXDiversity: %s\n"
         "RXDiversity: %s\n"
         "FragThreshold: %d\n"
         "WEP: %s\n"
         "Modulation: %s\n"
         "Preamble: %s\n",
         le16_to_cpu(ai->config.longRetryLimit),
         le16_to_cpu(ai->config.shortRetryLimit),
         le16_to_cpu(ai->config.rtsThres),
         le16_to_cpu(ai->config.txLifetime),
         le16_to_cpu(ai->config.rxLifetime),
         ai->config.txDiversity == 1 ? "left" :
         ai->config.txDiversity == 2 ? "right" : "both",
         ai->config.rxDiversity == 1 ? "left" :
         ai->config.rxDiversity == 2 ? "right" : "both",
         le16_to_cpu(ai->config.fragThresh),
         ai->config.authType == AUTH_ENCRYPT ? "encrypt" :
         ai->config.authType == AUTH_SHAREDKEY ? "shared" : "open",
         ai->config.modulation == MOD_DEFAULT ? "default" :
         ai->config.modulation == MOD_CCK ? "cck" :
         ai->config.modulation == MOD_MOK ? "mok" : "error",
         ai->config.preamble == PREAMBLE_AUTO ? "auto" :
         ai->config.preamble == PREAMBLE_LONG ? "long" :
         ai->config.preamble == PREAMBLE_SHORT ? "short" : "error"
        );
    data->readlen = strlen( data->rbuffer );
    return 0;
}

static void proc_SSID_on_close(struct inode *inode, struct file *file)
{
    struct proc_data *data = file->private_data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    SsidRid SSID_rid;
    int i;
    char *p = data->wbuffer;
    char *end = p + data->writelen;

    if (!data->writelen)
        return;

    *end = '\n'; /* sentinel; we have space for it */

    memset(&SSID_rid, 0, sizeof(SSID_rid));

    for (i = 0; i < 3 && p < end; i++) {
        int j = 0;
        /* copy up to 32 characters from this line */
        while (*p != '\n' && j < 32)
            SSID_rid.ssids[i].ssid[j++] = *p++;
        if (j == 0)
            break;
        SSID_rid.ssids[i].len = cpu_to_le16(j);
        /* skip to the beginning of the next line */
        while (*p++ != '\n')
            ;
    }
    if (i)
        SSID_rid.len = cpu_to_le16(sizeof(SSID_rid));
    disable_MAC(ai, 1);
    writeSsidRid(ai, &SSID_rid, 1);
    enable_MAC(ai, 1);
}

static void proc_APList_on_close( struct inode *inode, struct file *file ) {
    struct proc_data *data = file->private_data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    APListRid APList_rid;
    int i;

    if ( !data->writelen ) return;

    memset( &APList_rid, 0, sizeof(APList_rid) );
    APList_rid.len = cpu_to_le16(sizeof(APList_rid));

    for( i = 0; i < 4 && data->writelen >= (i+1)*6*3; i++ ) {
        int j;
        for( j = 0; j < 6*3 && data->wbuffer[j+i*6*3]; j++ ) {
            switch(j%3) {
            case 0:
                APList_rid.ap[i][j/3]=
                    hex_to_bin(data->wbuffer[j+i*6*3])<<4;
                break;
            case 1:
                APList_rid.ap[i][j/3]|=
                    hex_to_bin(data->wbuffer[j+i*6*3]);
                break;
            }
        }
    }
    disable_MAC(ai, 1);
    writeAPListRid(ai, &APList_rid, 1);
    enable_MAC(ai, 1);
}

/* This function wraps PC4500_writerid with a MAC disable */
static int do_writerid( struct airo_info *ai, u16 rid, const void *rid_data,
            int len, int dummy ) {
    int rc;

    disable_MAC(ai, 1);
    rc = PC4500_writerid(ai, rid, rid_data, len, 1);
    enable_MAC(ai, 1);
    return rc;
}

/* Returns the WEP key at the specified index, or -1 if that key does
 * not exist.  The buffer is assumed to be at least 16 bytes in length.
 */
static int get_wep_key(struct airo_info *ai, u16 index, char *buf, u16 buflen)
{
    WepKeyRid wkr;
    int rc;
    __le16 lastindex;

    rc = readWepKeyRid(ai, &wkr, 1, 1);
    if (rc != SUCCESS)
        return -1;
    do {
        lastindex = wkr.kindex;
        if (le16_to_cpu(wkr.kindex) == index) {
            int klen = min_t(int, buflen, le16_to_cpu(wkr.klen));
            memcpy(buf, wkr.key, klen);
            return klen;
        }
        rc = readWepKeyRid(ai, &wkr, 0, 1);
        if (rc != SUCCESS)
            return -1;
    } while (lastindex != wkr.kindex);
    return -1;
}

static int get_wep_tx_idx(struct airo_info *ai)
{
    WepKeyRid wkr;
    int rc;
    __le16 lastindex;

    rc = readWepKeyRid(ai, &wkr, 1, 1);
    if (rc != SUCCESS)
        return -1;
    do {
        lastindex = wkr.kindex;
        if (wkr.kindex == cpu_to_le16(0xffff))
            return wkr.mac[0];
        rc = readWepKeyRid(ai, &wkr, 0, 1);
        if (rc != SUCCESS)
            return -1;
    } while (lastindex != wkr.kindex);
    return -1;
}

static int set_wep_key(struct airo_info *ai, u16 index, const char *key,
               u16 keylen, int perm, int lock)
{
    static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 };
    WepKeyRid wkr;
    int rc;

    if (WARN_ON(keylen == 0))
        return -1;

    memset(&wkr, 0, sizeof(wkr));
    wkr.len = cpu_to_le16(sizeof(wkr));
    wkr.kindex = cpu_to_le16(index);
    wkr.klen = cpu_to_le16(keylen);
    memcpy(wkr.key, key, keylen);
    memcpy(wkr.mac, macaddr, ETH_ALEN);

    if (perm) disable_MAC(ai, lock);
    rc = writeWepKeyRid(ai, &wkr, perm, lock);
    if (perm) enable_MAC(ai, lock);
    return rc;
}

static int set_wep_tx_idx(struct airo_info *ai, u16 index, int perm, int lock)
{
    WepKeyRid wkr;
    int rc;

    memset(&wkr, 0, sizeof(wkr));
    wkr.len = cpu_to_le16(sizeof(wkr));
    wkr.kindex = cpu_to_le16(0xffff);
    wkr.mac[0] = (char)index;

    if (perm) {
        ai->defindex = (char)index;
        disable_MAC(ai, lock);
    }

    rc = writeWepKeyRid(ai, &wkr, perm, lock);

    if (perm)
        enable_MAC(ai, lock);
    return rc;
}

static void proc_wepkey_on_close( struct inode *inode, struct file *file ) {
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    int i, rc;
    char key[16];
    u16 index = 0;
    int j = 0;

    memset(key, 0, sizeof(key));

    data = file->private_data;
    if ( !data->writelen ) return;

    if (data->wbuffer[0] >= '0' && data->wbuffer[0] <= '3' &&
        (data->wbuffer[1] == ' ' || data->wbuffer[1] == '\n')) {
        index = data->wbuffer[0] - '0';
        if (data->wbuffer[1] == '\n') {
            rc = set_wep_tx_idx(ai, index, 1, 1);
            if (rc < 0) {
                airo_print_err(ai->dev->name, "failed to set "
                               "WEP transmit index to %d: %d.",
                               index, rc);
            }
            return;
        }
        j = 2;
    } else {
        airo_print_err(ai->dev->name, "WepKey passed invalid key index");
        return;
    }

    for( i = 0; i < 16*3 && data->wbuffer[i+j]; i++ ) {
        switch(i%3) {
        case 0:
            key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4;
            break;
        case 1:
            key[i/3] |= hex_to_bin(data->wbuffer[i+j]);
            break;
        }
    }

    rc = set_wep_key(ai, index, key, i/3, 1, 1);
    if (rc < 0) {
        airo_print_err(ai->dev->name, "failed to set WEP key at index "
                       "%d: %d.", index, rc);
    }
}

static int proc_wepkey_open( struct inode *inode, struct file *file )
{
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    char *ptr;
    WepKeyRid wkr;
    __le16 lastindex;
    int j=0;
    int rc;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    memset(&wkr, 0, sizeof(wkr));
    data = file->private_data;
    if ((data->rbuffer = kzalloc( 180, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->writelen = 0;
    data->maxwritelen = 80;
    if ((data->wbuffer = kzalloc( 80, GFP_KERNEL )) == NULL) {
        kfree (data->rbuffer);
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->on_close = proc_wepkey_on_close;

    ptr = data->rbuffer;
    strcpy(ptr, "No wep keys\n");
    rc = readWepKeyRid(ai, &wkr, 1, 1);
    if (rc == SUCCESS) do {
        lastindex = wkr.kindex;
        if (wkr.kindex == cpu_to_le16(0xffff)) {
            j += sprintf(ptr+j, "Tx key = %d\n",
                     (int)wkr.mac[0]);
        } else {
            j += sprintf(ptr+j, "Key %d set with length = %d\n",
                     le16_to_cpu(wkr.kindex),
                     le16_to_cpu(wkr.klen));
        }
        readWepKeyRid(ai, &wkr, 0, 1);
    } while((lastindex != wkr.kindex) && (j < 180-30));

    data->readlen = strlen( data->rbuffer );
    return 0;
}

static int proc_SSID_open(struct inode *inode, struct file *file)
{
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    int i;
    char *ptr;
    SsidRid SSID_rid;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    data = file->private_data;
    if ((data->rbuffer = kmalloc( 104, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->writelen = 0;
    data->maxwritelen = 33*3;
    /* allocate maxwritelen + 1; we'll want a sentinel */
    if ((data->wbuffer = kzalloc(33*3 + 1, GFP_KERNEL)) == NULL) {
        kfree (data->rbuffer);
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->on_close = proc_SSID_on_close;

    readSsidRid(ai, &SSID_rid);
    ptr = data->rbuffer;
    for (i = 0; i < 3; i++) {
        int j;
        size_t len = le16_to_cpu(SSID_rid.ssids[i].len);
        if (!len)
            break;
        if (len > 32)
            len = 32;
        for (j = 0; j < len && SSID_rid.ssids[i].ssid[j]; j++)
            *ptr++ = SSID_rid.ssids[i].ssid[j];
        *ptr++ = '\n';
    }
    *ptr = '\0';
    data->readlen = strlen( data->rbuffer );
    return 0;
}

static int proc_APList_open( struct inode *inode, struct file *file ) {
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    int i;
    char *ptr;
    APListRid APList_rid;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    data = file->private_data;
    if ((data->rbuffer = kmalloc( 104, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->writelen = 0;
    data->maxwritelen = 4*6*3;
    if ((data->wbuffer = kzalloc( data->maxwritelen, GFP_KERNEL )) == NULL) {
        kfree (data->rbuffer);
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->on_close = proc_APList_on_close;

    readAPListRid(ai, &APList_rid);
    ptr = data->rbuffer;
    for( i = 0; i < 4; i++ ) {
// We end when we find a zero MAC
        if ( !*(int*)APList_rid.ap[i] &&
             !*(int*)&APList_rid.ap[i][2]) break;
        ptr += sprintf(ptr, "%pM\n", APList_rid.ap[i]);
    }
    if (i==0) ptr += sprintf(ptr, "Not using specific APs\n");

    *ptr = '\0';
    data->readlen = strlen( data->rbuffer );
    return 0;
}

static int proc_BSSList_open( struct inode *inode, struct file *file ) {
    struct proc_data *data;
    struct proc_dir_entry *dp = PDE(inode);
    struct net_device *dev = dp->data;
    struct airo_info *ai = dev->ml_priv;
    char *ptr;
    BSSListRid BSSList_rid;
    int rc;
    /* If doLoseSync is not 1, we won't do a Lose Sync */
    int doLoseSync = -1;

    if ((file->private_data = kzalloc(sizeof(struct proc_data ), GFP_KERNEL)) == NULL)
        return -ENOMEM;
    data = file->private_data;
    if ((data->rbuffer = kmalloc( 1024, GFP_KERNEL )) == NULL) {
        kfree (file->private_data);
        return -ENOMEM;
    }
    data->writelen = 0;
    data->maxwritelen = 0;
    data->wbuffer = NULL;
    data->on_close = NULL;

    if (file->f_mode & FMODE_WRITE) {
        if (!(file->f_mode & FMODE_READ)) {
            Cmd cmd;
            Resp rsp;

            if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
            memset(&cmd, 0, sizeof(cmd));
            cmd.cmd=CMD_LISTBSS;
            if (down_interruptible(&ai->sem))
                return -ERESTARTSYS;
            issuecommand(ai, &cmd, &rsp);
            up(&ai->sem);
            data->readlen = 0;
            return 0;
        }
        doLoseSync = 1;
    }
    ptr = data->rbuffer;
    /* There is a race condition here if there are concurrent opens.
           Since it is a rare condition, we'll just live with it, otherwise
           we have to add a spin lock... */
    rc = readBSSListRid(ai, doLoseSync, &BSSList_rid);
    while(rc == 0 && BSSList_rid.index != cpu_to_le16(0xffff)) {
        ptr += sprintf(ptr, "%pM %*s rssi = %d",
                   BSSList_rid.bssid,
                (int)BSSList_rid.ssidLen,
                BSSList_rid.ssid,
                le16_to_cpu(BSSList_rid.dBm));
        ptr += sprintf(ptr, " channel = %d %s %s %s %s\n",
                le16_to_cpu(BSSList_rid.dsChannel),
                BSSList_rid.cap & CAP_ESS ? "ESS" : "",
                BSSList_rid.cap & CAP_IBSS ? "adhoc" : "",
                BSSList_rid.cap & CAP_PRIVACY ? "wep" : "",
                BSSList_rid.cap & CAP_SHORTHDR ? "shorthdr" : "");
        rc = readBSSListRid(ai, 0, &BSSList_rid);
    }
    *ptr = '\0';
    data->readlen = strlen( data->rbuffer );
    return 0;
}

static int proc_close( struct inode *inode, struct file *file )
{
    struct proc_data *data = file->private_data;

    if (data->on_close != NULL)
        data->on_close(inode, file);
    kfree(data->rbuffer);
    kfree(data->wbuffer);
    kfree(data);
    return 0;
}

/* Since the card doesn't automatically switch to the right WEP mode,
   we will make it do it.  If the card isn't associated, every secs we
   will switch WEP modes to see if that will help.  If the card is
   associated we will check every minute to see if anything has
   changed. */
static void timer_func( struct net_device *dev ) {
    struct airo_info *apriv = dev->ml_priv;

/* We don't have a link so try changing the authtype */
    readConfigRid(apriv, 0);
    disable_MAC(apriv, 0);
    switch(apriv->config.authType) {
        case AUTH_ENCRYPT:
/* So drop to OPEN */
            apriv->config.authType = AUTH_OPEN;
            break;
        case AUTH_SHAREDKEY:
            if (apriv->keyindex < auto_wep) {
                set_wep_tx_idx(apriv, apriv->keyindex, 0, 0);
                apriv->config.authType = AUTH_SHAREDKEY;
                apriv->keyindex++;
            } else {
                    /* Drop to ENCRYPT */
                apriv->keyindex = 0;
                set_wep_tx_idx(apriv, apriv->defindex, 0, 0);
                apriv->config.authType = AUTH_ENCRYPT;
            }
            break;
        default:  /* We'll escalate to SHAREDKEY */
            apriv->config.authType = AUTH_SHAREDKEY;
    }
    set_bit (FLAG_COMMIT, &apriv->flags);
    writeConfigRid(apriv, 0);
    enable_MAC(apriv, 0);
    up(&apriv->sem);

/* Schedule check to see if the change worked */
    clear_bit(JOB_AUTOWEP, &apriv->jobs);
    apriv->expires = RUN_AT(HZ*3);
}

#ifdef CONFIG_PCI
static int __devinit airo_pci_probe(struct pci_dev *pdev,
                    const struct pci_device_id *pent)
{
    struct net_device *dev;

    if (pci_enable_device(pdev))
        return -ENODEV;
    pci_set_master(pdev);

    if (pdev->device == 0x5000 || pdev->device == 0xa504)
            dev = _init_airo_card(pdev->irq, pdev->resource[0].start, 0, pdev, &pdev->dev);
    else
            dev = _init_airo_card(pdev->irq, pdev->resource[2].start, 0, pdev, &pdev->dev);
    if (!dev) {
        pci_disable_device(pdev);
        return -ENODEV;
    }

    pci_set_drvdata(pdev, dev);
    return 0;
}

static void __devexit airo_pci_remove(struct pci_dev *pdev)
{
    struct net_device *dev = pci_get_drvdata(pdev);

    airo_print_info(dev->name, "Unregistering...");
    stop_airo_card(dev, 1);
    pci_disable_device(pdev);
    pci_set_drvdata(pdev, NULL);
}

static int airo_pci_suspend(struct pci_dev *pdev, pm_message_t state)
{
    struct net_device *dev = pci_get_drvdata(pdev);
    struct airo_info *ai = dev->ml_priv;
    Cmd cmd;
    Resp rsp;

    if (!ai->APList)
        ai->APList = kmalloc(sizeof(APListRid), GFP_KERNEL);
    if (!ai->APList)
        return -ENOMEM;
    if (!ai->SSID)
        ai->SSID = kmalloc(sizeof(SsidRid), GFP_KERNEL);
    if (!ai->SSID)
        return -ENOMEM;
    readAPListRid(ai, ai->APList);
    readSsidRid(ai, ai->SSID);
    memset(&cmd, 0, sizeof(cmd));
    /* the lock will be released at the end of the resume callback */
    if (down_interruptible(&ai->sem))
        return -EAGAIN;
    disable_MAC(ai, 0);
    netif_device_detach(dev);
    ai->power = state;
    cmd.cmd = HOSTSLEEP;
    issuecommand(ai, &cmd, &rsp);

    pci_enable_wake(pdev, pci_choose_state(pdev, state), 1);
    pci_save_state(pdev);
    pci_set_power_state(pdev, pci_choose_state(pdev, state));
    return 0;
}

static int airo_pci_resume(struct pci_dev *pdev)
{
    struct net_device *dev = pci_get_drvdata(pdev);
    struct airo_info *ai = dev->ml_priv;
    pci_power_t prev_state = pdev->current_state;

    pci_set_power_state(pdev, PCI_D0);
    pci_restore_state(pdev);
    pci_enable_wake(pdev, PCI_D0, 0);

    if (prev_state != PCI_D1) {
        reset_card(dev, 0);
        mpi_init_descriptors(ai);
        setup_card(ai, dev->dev_addr, 0);
        clear_bit(FLAG_RADIO_OFF, &ai->flags);
        clear_bit(FLAG_PENDING_XMIT, &ai->flags);
    } else {
        OUT4500(ai, EVACK, EV_AWAKEN);
        OUT4500(ai, EVACK, EV_AWAKEN);
        msleep(100);
    }

    set_bit(FLAG_COMMIT, &ai->flags);
    disable_MAC(ai, 0);
        msleep(200);
    if (ai->SSID) {
        writeSsidRid(ai, ai->SSID, 0);
        kfree(ai->SSID);
        ai->SSID = NULL;
    }
    if (ai->APList) {
        writeAPListRid(ai, ai->APList, 0);
        kfree(ai->APList);
        ai->APList = NULL;
    }
    writeConfigRid(ai, 0);
    enable_MAC(ai, 0);
    ai->power = PMSG_ON;
    netif_device_attach(dev);
    netif_wake_queue(dev);
    enable_interrupts(ai);
    up(&ai->sem);
    return 0;
}
#endif

static int __init airo_init_module( void )
{
    int i;

    proc_kuid = make_kuid(&init_user_ns, proc_uid);
    proc_kgid = make_kgid(&init_user_ns, proc_gid);
    if (!uid_valid(proc_kuid) || !gid_valid(proc_kgid))
        return -EINVAL;

    airo_entry = proc_mkdir_mode("driver/aironet", airo_perm, NULL);

    if (airo_entry) {
        airo_entry->uid = proc_kuid;
        airo_entry->gid = proc_kgid;
    }

    for (i = 0; i < 4 && io[i] && irq[i]; i++) {
        airo_print_info("", "Trying to configure ISA adapter at irq=%d "
            "io=0x%x", irq[i], io[i] );
        if (init_airo_card( irq[i], io[i], 0, NULL ))
            /* do nothing */ ;
    }

#ifdef CONFIG_PCI
    airo_print_info("", "Probing for PCI adapters");
    i = pci_register_driver(&airo_driver);
    airo_print_info("", "Finished probing for PCI adapters");

    if (i) {
        remove_proc_entry("driver/aironet", NULL);
        return i;
    }
#endif

    /* Always exit with success, as we are a library module
     * as well as a driver module
     */
    return 0;
}

static void __exit airo_cleanup_module( void )
{
    struct airo_info *ai;
    while(!list_empty(&airo_devices)) {
        ai = list_entry(airo_devices.next, struct airo_info, dev_list);
        airo_print_info(ai->dev->name, "Unregistering...");
        stop_airo_card(ai->dev, 1);
    }
#ifdef CONFIG_PCI
    pci_unregister_driver(&airo_driver);
#endif
    remove_proc_entry("driver/aironet", NULL);
}

/*
 * Initial Wireless Extension code for Aironet driver by :
 *  Jean Tourrilhes <[email protected]> - HPL - 17 November 00
 * Conversion to new driver API by :
 *  Jean Tourrilhes <[email protected]> - HPL - 26 March 02
 * Javier also did a good amount of work here, adding some new extensions
 * and fixing my code. Let's just say that without him this code just
 * would not work at all... - Jean II
 */

static u8 airo_rssi_to_dbm (tdsRssiEntry *rssi_rid, u8 rssi)
{
    if (!rssi_rid)
        return 0;

    return (0x100 - rssi_rid[rssi].rssidBm);
}

static u8 airo_dbm_to_pct (tdsRssiEntry *rssi_rid, u8 dbm)
{
    int i;

    if (!rssi_rid)
        return 0;

    for (i = 0; i < 256; i++)
        if (rssi_rid[i].rssidBm == dbm)
            return rssi_rid[i].rssipct;

    return 0;
}


static int airo_get_quality (StatusRid *status_rid, CapabilityRid *cap_rid)
{
    int quality = 0;
    u16 sq;

    if ((status_rid->mode & cpu_to_le16(0x3f)) != cpu_to_le16(0x3f))
        return 0;

    if (!(cap_rid->hardCap & cpu_to_le16(8)))
        return 0;

    sq = le16_to_cpu(status_rid->signalQuality);
    if (memcmp(cap_rid->prodName, "350", 3))
        if (sq > 0x20)
            quality = 0;
        else
            quality = 0x20 - sq;
    else
        if (sq > 0xb0)
            quality = 0;
        else if (sq < 0x10)
            quality = 0xa0;
        else
            quality = 0xb0 - sq;
    return quality;
}

#define airo_get_max_quality(cap_rid) (memcmp((cap_rid)->prodName, "350", 3) ? 0x20 : 0xa0)
#define airo_get_avg_quality(cap_rid) (memcmp((cap_rid)->prodName, "350", 3) ? 0x10 : 0x50);

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get protocol name
 */
static int airo_get_name(struct net_device *dev,
             struct iw_request_info *info,
             char *cwrq,
             char *extra)
{
    strcpy(cwrq, "IEEE 802.11-DS");
    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set frequency
 */
static int airo_set_freq(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_freq *fwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int rc = -EINPROGRESS;      /* Call commit handler */

    /* If setting by frequency, convert to a channel */
    if(fwrq->e == 1) {
        int f = fwrq->m / 100000;

        /* Hack to fall through... */
        fwrq->e = 0;
        fwrq->m = ieee80211_freq_to_dsss_chan(f);
    }
    /* Setting by channel number */
    if((fwrq->m > 1000) || (fwrq->e > 0))
        rc = -EOPNOTSUPP;
    else {
        int channel = fwrq->m;
        /* We should do a better check than that,
         * based on the card capability !!! */
        if((channel < 1) || (channel > 14)) {
            airo_print_dbg(dev->name, "New channel value of %d is invalid!",
                fwrq->m);
            rc = -EINVAL;
        } else {
            readConfigRid(local, 1);
            /* Yes ! We can set it !!! */
            local->config.channelSet = cpu_to_le16(channel);
            set_bit (FLAG_COMMIT, &local->flags);
        }
    }
    return rc;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get frequency
 */
static int airo_get_freq(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_freq *fwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;
    StatusRid status_rid;       /* Card status info */
    int ch;

    readConfigRid(local, 1);
    if ((local->config.opmode & MODE_CFG_MASK) == MODE_STA_ESS)
        status_rid.channel = local->config.channelSet;
    else
        readStatusRid(local, &status_rid, 1);

    ch = le16_to_cpu(status_rid.channel);
    if((ch > 0) && (ch < 15)) {
        fwrq->m = ieee80211_dsss_chan_to_freq(ch) * 100000;
        fwrq->e = 1;
    } else {
        fwrq->m = ch;
        fwrq->e = 0;
    }

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set ESSID
 */
static int airo_set_essid(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_point *dwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;
    SsidRid SSID_rid;       /* SSIDs */

    /* Reload the list of current SSID */
    readSsidRid(local, &SSID_rid);

    /* Check if we asked for `any' */
    if (dwrq->flags == 0) {
        /* Just send an empty SSID list */
        memset(&SSID_rid, 0, sizeof(SSID_rid));
    } else {
        unsigned index = (dwrq->flags & IW_ENCODE_INDEX) - 1;

        /* Check the size of the string */
        if (dwrq->length > IW_ESSID_MAX_SIZE)
            return -E2BIG ;

        /* Check if index is valid */
        if (index >= ARRAY_SIZE(SSID_rid.ssids))
            return -EINVAL;

        /* Set the SSID */
        memset(SSID_rid.ssids[index].ssid, 0,
               sizeof(SSID_rid.ssids[index].ssid));
        memcpy(SSID_rid.ssids[index].ssid, extra, dwrq->length);
        SSID_rid.ssids[index].len = cpu_to_le16(dwrq->length);
    }
    SSID_rid.len = cpu_to_le16(sizeof(SSID_rid));
    /* Write it to the card */
    disable_MAC(local, 1);
    writeSsidRid(local, &SSID_rid, 1);
    enable_MAC(local, 1);

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get ESSID
 */
static int airo_get_essid(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_point *dwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;
    StatusRid status_rid;       /* Card status info */

    readStatusRid(local, &status_rid, 1);

    /* Note : if dwrq->flags != 0, we should
     * get the relevant SSID from the SSID list... */

    /* Get the current SSID */
    memcpy(extra, status_rid.SSID, le16_to_cpu(status_rid.SSIDlen));
    /* If none, we may want to get the one that was set */

    /* Push it out ! */
    dwrq->length = le16_to_cpu(status_rid.SSIDlen);
    dwrq->flags = 1; /* active */

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set AP address
 */
static int airo_set_wap(struct net_device *dev,
            struct iw_request_info *info,
            struct sockaddr *awrq,
            char *extra)
{
    struct airo_info *local = dev->ml_priv;
    Cmd cmd;
    Resp rsp;
    APListRid APList_rid;

    if (awrq->sa_family != ARPHRD_ETHER)
        return -EINVAL;
    else if (is_broadcast_ether_addr(awrq->sa_data) ||
         is_zero_ether_addr(awrq->sa_data)) {
        memset(&cmd, 0, sizeof(cmd));
        cmd.cmd=CMD_LOSE_SYNC;
        if (down_interruptible(&local->sem))
            return -ERESTARTSYS;
        issuecommand(local, &cmd, &rsp);
        up(&local->sem);
    } else {
        memset(&APList_rid, 0, sizeof(APList_rid));
        APList_rid.len = cpu_to_le16(sizeof(APList_rid));
        memcpy(APList_rid.ap[0], awrq->sa_data, ETH_ALEN);
        disable_MAC(local, 1);
        writeAPListRid(local, &APList_rid, 1);
        enable_MAC(local, 1);
    }
    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get AP address
 */
static int airo_get_wap(struct net_device *dev,
            struct iw_request_info *info,
            struct sockaddr *awrq,
            char *extra)
{
    struct airo_info *local = dev->ml_priv;
    StatusRid status_rid;       /* Card status info */

    readStatusRid(local, &status_rid, 1);

    /* Tentative. This seems to work, wow, I'm lucky !!! */
    memcpy(awrq->sa_data, status_rid.bssid[0], ETH_ALEN);
    awrq->sa_family = ARPHRD_ETHER;

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Nickname
 */
static int airo_set_nick(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_point *dwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;

    /* Check the size of the string */
    if(dwrq->length > 16) {
        return -E2BIG;
    }
    readConfigRid(local, 1);
    memset(local->config.nodeName, 0, sizeof(local->config.nodeName));
    memcpy(local->config.nodeName, extra, dwrq->length);
    set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Nickname
 */
static int airo_get_nick(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_point *dwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    strncpy(extra, local->config.nodeName, 16);
    extra[16] = '\0';
    dwrq->length = strlen(extra);

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Bit-Rate
 */
static int airo_set_rate(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_param *vwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;
    CapabilityRid cap_rid;      /* Card capability info */
    u8  brate = 0;
    int i;

    /* First : get a valid bit rate value */
    readCapabilityRid(local, &cap_rid, 1);

    /* Which type of value ? */
    if((vwrq->value < 8) && (vwrq->value >= 0)) {
        /* Setting by rate index */
        /* Find value in the magic rate table */
        brate = cap_rid.supportedRates[vwrq->value];
    } else {
        /* Setting by frequency value */
        u8  normvalue = (u8) (vwrq->value/500000);

        /* Check if rate is valid */
        for(i = 0 ; i < 8 ; i++) {
            if(normvalue == cap_rid.supportedRates[i]) {
                brate = normvalue;
                break;
            }
        }
    }
    /* -1 designed the max rate (mostly auto mode) */
    if(vwrq->value == -1) {
        /* Get the highest available rate */
        for(i = 0 ; i < 8 ; i++) {
            if(cap_rid.supportedRates[i] == 0)
                break;
        }
        if(i != 0)
            brate = cap_rid.supportedRates[i - 1];
    }
    /* Check that it is valid */
    if(brate == 0) {
        return -EINVAL;
    }

    readConfigRid(local, 1);
    /* Now, check if we want a fixed or auto value */
    if(vwrq->fixed == 0) {
        /* Fill all the rates up to this max rate */
        memset(local->config.rates, 0, 8);
        for(i = 0 ; i < 8 ; i++) {
            local->config.rates[i] = cap_rid.supportedRates[i];
            if(local->config.rates[i] == brate)
                break;
        }
    } else {
        /* Fixed mode */
        /* One rate, fixed */
        memset(local->config.rates, 0, 8);
        local->config.rates[0] = brate;
    }
    set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Bit-Rate
 */
static int airo_get_rate(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_param *vwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;
    StatusRid status_rid;       /* Card status info */

    readStatusRid(local, &status_rid, 1);

    vwrq->value = le16_to_cpu(status_rid.currentXmitRate) * 500000;
    /* If more than one rate, set auto */
    readConfigRid(local, 1);
    vwrq->fixed = (local->config.rates[1] == 0);

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set RTS threshold
 */
static int airo_set_rts(struct net_device *dev,
            struct iw_request_info *info,
            struct iw_param *vwrq,
            char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int rthr = vwrq->value;

    if(vwrq->disabled)
        rthr = AIRO_DEF_MTU;
    if((rthr < 0) || (rthr > AIRO_DEF_MTU)) {
        return -EINVAL;
    }
    readConfigRid(local, 1);
    local->config.rtsThres = cpu_to_le16(rthr);
    set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get RTS threshold
 */
static int airo_get_rts(struct net_device *dev,
            struct iw_request_info *info,
            struct iw_param *vwrq,
            char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    vwrq->value = le16_to_cpu(local->config.rtsThres);
    vwrq->disabled = (vwrq->value >= AIRO_DEF_MTU);
    vwrq->fixed = 1;

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Fragmentation threshold
 */
static int airo_set_frag(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_param *vwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int fthr = vwrq->value;

    if(vwrq->disabled)
        fthr = AIRO_DEF_MTU;
    if((fthr < 256) || (fthr > AIRO_DEF_MTU)) {
        return -EINVAL;
    }
    fthr &= ~0x1;   /* Get an even value - is it really needed ??? */
    readConfigRid(local, 1);
    local->config.fragThresh = cpu_to_le16(fthr);
    set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Fragmentation threshold
 */
static int airo_get_frag(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_param *vwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    vwrq->value = le16_to_cpu(local->config.fragThresh);
    vwrq->disabled = (vwrq->value >= AIRO_DEF_MTU);
    vwrq->fixed = 1;

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Mode of Operation
 */
static int airo_set_mode(struct net_device *dev,
             struct iw_request_info *info,
             __u32 *uwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int reset = 0;

    readConfigRid(local, 1);
    if (sniffing_mode(local))
        reset = 1;

    switch(*uwrq) {
        case IW_MODE_ADHOC:
            local->config.opmode &= ~MODE_CFG_MASK;
            local->config.opmode |= MODE_STA_IBSS;
            local->config.rmode &= ~RXMODE_FULL_MASK;
            local->config.scanMode = SCANMODE_ACTIVE;
            clear_bit (FLAG_802_11, &local->flags);
            break;
        case IW_MODE_INFRA:
            local->config.opmode &= ~MODE_CFG_MASK;
            local->config.opmode |= MODE_STA_ESS;
            local->config.rmode &= ~RXMODE_FULL_MASK;
            local->config.scanMode = SCANMODE_ACTIVE;
            clear_bit (FLAG_802_11, &local->flags);
            break;
        case IW_MODE_MASTER:
            local->config.opmode &= ~MODE_CFG_MASK;
            local->config.opmode |= MODE_AP;
            local->config.rmode &= ~RXMODE_FULL_MASK;
            local->config.scanMode = SCANMODE_ACTIVE;
            clear_bit (FLAG_802_11, &local->flags);
            break;
        case IW_MODE_REPEAT:
            local->config.opmode &= ~MODE_CFG_MASK;
            local->config.opmode |= MODE_AP_RPTR;
            local->config.rmode &= ~RXMODE_FULL_MASK;
            local->config.scanMode = SCANMODE_ACTIVE;
            clear_bit (FLAG_802_11, &local->flags);
            break;
        case IW_MODE_MONITOR:
            local->config.opmode &= ~MODE_CFG_MASK;
            local->config.opmode |= MODE_STA_ESS;
            local->config.rmode &= ~RXMODE_FULL_MASK;
            local->config.rmode |= RXMODE_RFMON | RXMODE_DISABLE_802_3_HEADER;
            local->config.scanMode = SCANMODE_PASSIVE;
            set_bit (FLAG_802_11, &local->flags);
            break;
        default:
            return -EINVAL;
    }
    if (reset)
        set_bit (FLAG_RESET, &local->flags);
    set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Mode of Operation
 */
static int airo_get_mode(struct net_device *dev,
             struct iw_request_info *info,
             __u32 *uwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    /* If not managed, assume it's ad-hoc */
    switch (local->config.opmode & MODE_CFG_MASK) {
        case MODE_STA_ESS:
            *uwrq = IW_MODE_INFRA;
            break;
        case MODE_AP:
            *uwrq = IW_MODE_MASTER;
            break;
        case MODE_AP_RPTR:
            *uwrq = IW_MODE_REPEAT;
            break;
        default:
            *uwrq = IW_MODE_ADHOC;
    }

    return 0;
}

static inline int valid_index(struct airo_info *ai, int index)
{
    return (index >= 0) && (index <= ai->max_wep_idx);
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Encryption Key
 */
static int airo_set_encode(struct net_device *dev,
               struct iw_request_info *info,
               struct iw_point *dwrq,
               char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int perm = (dwrq->flags & IW_ENCODE_TEMP ? 0 : 1);
    __le16 currentAuthType = local->config.authType;
    int rc = 0;

    if (!local->wep_capable)
        return -EOPNOTSUPP;

    readConfigRid(local, 1);

    /* Basic checking: do we have a key to set ?
     * Note : with the new API, it's impossible to get a NULL pointer.
     * Therefore, we need to check a key size == 0 instead.
     * New version of iwconfig properly set the IW_ENCODE_NOKEY flag
     * when no key is present (only change flags), but older versions
     * don't do it. - Jean II */
    if (dwrq->length > 0) {
        wep_key_t key;
        int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
        int current_index;

        /* Check the size of the key */
        if (dwrq->length > MAX_KEY_SIZE) {
            return -EINVAL;
        }

        current_index = get_wep_tx_idx(local);
        if (current_index < 0)
            current_index = 0;

        /* Check the index (none -> use current) */
        if (!valid_index(local, index))
            index = current_index;

        /* Set the length */
        if (dwrq->length > MIN_KEY_SIZE)
            key.len = MAX_KEY_SIZE;
        else
            key.len = MIN_KEY_SIZE;
        /* Check if the key is not marked as invalid */
        if(!(dwrq->flags & IW_ENCODE_NOKEY)) {
            /* Cleanup */
            memset(key.key, 0, MAX_KEY_SIZE);
            /* Copy the key in the driver */
            memcpy(key.key, extra, dwrq->length);
            /* Send the key to the card */
            rc = set_wep_key(local, index, key.key, key.len, perm, 1);
            if (rc < 0) {
                airo_print_err(local->dev->name, "failed to set"
                               " WEP key at index %d: %d.",
                               index, rc);
                return rc;
            }
        }
        /* WE specify that if a valid key is set, encryption
         * should be enabled (user may turn it off later)
         * This is also how "iwconfig ethX key on" works */
        if((index == current_index) && (key.len > 0) &&
           (local->config.authType == AUTH_OPEN)) {
            local->config.authType = AUTH_ENCRYPT;
        }
    } else {
        /* Do we want to just set the transmit key index ? */
        int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
        if (valid_index(local, index)) {
            rc = set_wep_tx_idx(local, index, perm, 1);
            if (rc < 0) {
                airo_print_err(local->dev->name, "failed to set"
                               " WEP transmit index to %d: %d.",
                               index, rc);
                return rc;
            }
        } else {
            /* Don't complain if only change the mode */
            if (!(dwrq->flags & IW_ENCODE_MODE))
                return -EINVAL;
        }
    }
    /* Read the flags */
    if(dwrq->flags & IW_ENCODE_DISABLED)
        local->config.authType = AUTH_OPEN; // disable encryption
    if(dwrq->flags & IW_ENCODE_RESTRICTED)
        local->config.authType = AUTH_SHAREDKEY;    // Only Both
    if(dwrq->flags & IW_ENCODE_OPEN)
        local->config.authType = AUTH_ENCRYPT;  // Only Wep
    /* Commit the changes to flags if needed */
    if (local->config.authType != currentAuthType)
        set_bit (FLAG_COMMIT, &local->flags);
    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Encryption Key
 */
static int airo_get_encode(struct net_device *dev,
               struct iw_request_info *info,
               struct iw_point *dwrq,
               char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
    int wep_key_len;
    u8 buf[16];

    if (!local->wep_capable)
        return -EOPNOTSUPP;

    readConfigRid(local, 1);

    /* Check encryption mode */
    switch(local->config.authType)  {
        case AUTH_ENCRYPT:
            dwrq->flags = IW_ENCODE_OPEN;
            break;
        case AUTH_SHAREDKEY:
            dwrq->flags = IW_ENCODE_RESTRICTED;
            break;
        default:
        case AUTH_OPEN:
            dwrq->flags = IW_ENCODE_DISABLED;
            break;
    }
    /* We can't return the key, so set the proper flag and return zero */
    dwrq->flags |= IW_ENCODE_NOKEY;
    memset(extra, 0, 16);

    /* Which key do we want ? -1 -> tx index */
    if (!valid_index(local, index)) {
        index = get_wep_tx_idx(local);
        if (index < 0)
            index = 0;
    }
    dwrq->flags |= index + 1;

    /* Copy the key to the user buffer */
    wep_key_len = get_wep_key(local, index, &buf[0], sizeof(buf));
    if (wep_key_len < 0) {
        dwrq->length = 0;
    } else {
        dwrq->length = wep_key_len;
        memcpy(extra, buf, dwrq->length);
    }

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set extended Encryption parameters
 */
static int airo_set_encodeext(struct net_device *dev,
               struct iw_request_info *info,
                union iwreq_data *wrqu,
                char *extra)
{
    struct airo_info *local = dev->ml_priv;
    struct iw_point *encoding = &wrqu->encoding;
    struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
    int perm = ( encoding->flags & IW_ENCODE_TEMP ? 0 : 1 );
    __le16 currentAuthType = local->config.authType;
    int idx, key_len, alg = ext->alg, set_key = 1, rc;
    wep_key_t key;

    if (!local->wep_capable)
        return -EOPNOTSUPP;

    readConfigRid(local, 1);

    /* Determine and validate the key index */
    idx = encoding->flags & IW_ENCODE_INDEX;
    if (idx) {
        if (!valid_index(local, idx - 1))
            return -EINVAL;
        idx--;
    } else {
        idx = get_wep_tx_idx(local);
        if (idx < 0)
            idx = 0;
    }

    if (encoding->flags & IW_ENCODE_DISABLED)
        alg = IW_ENCODE_ALG_NONE;

    if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
        /* Only set transmit key index here, actual
         * key is set below if needed.
         */
        rc = set_wep_tx_idx(local, idx, perm, 1);
        if (rc < 0) {
            airo_print_err(local->dev->name, "failed to set "
                           "WEP transmit index to %d: %d.",
                           idx, rc);
            return rc;
        }
        set_key = ext->key_len > 0 ? 1 : 0;
    }

    if (set_key) {
        /* Set the requested key first */
        memset(key.key, 0, MAX_KEY_SIZE);
        switch (alg) {
        case IW_ENCODE_ALG_NONE:
            key.len = 0;
            break;
        case IW_ENCODE_ALG_WEP:
            if (ext->key_len > MIN_KEY_SIZE) {
                key.len = MAX_KEY_SIZE;
            } else if (ext->key_len > 0) {
                key.len = MIN_KEY_SIZE;
            } else {
                return -EINVAL;
            }
            key_len = min (ext->key_len, key.len);
            memcpy(key.key, ext->key, key_len);
            break;
        default:
            return -EINVAL;
        }
        if (key.len == 0) {
            rc = set_wep_tx_idx(local, idx, perm, 1);
            if (rc < 0) {
                airo_print_err(local->dev->name,
                           "failed to set WEP transmit index to %d: %d.",
                           idx, rc);
                return rc;
            }
        } else {
            rc = set_wep_key(local, idx, key.key, key.len, perm, 1);
            if (rc < 0) {
                airo_print_err(local->dev->name,
                           "failed to set WEP key at index %d: %d.",
                           idx, rc);
                return rc;
            }
        }
    }

    /* Read the flags */
    if(encoding->flags & IW_ENCODE_DISABLED)
        local->config.authType = AUTH_OPEN; // disable encryption
    if(encoding->flags & IW_ENCODE_RESTRICTED)
        local->config.authType = AUTH_SHAREDKEY;    // Only Both
    if(encoding->flags & IW_ENCODE_OPEN)
        local->config.authType = AUTH_ENCRYPT;  // Only Wep
    /* Commit the changes to flags if needed */
    if (local->config.authType != currentAuthType)
        set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;
}


/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get extended Encryption parameters
 */
static int airo_get_encodeext(struct net_device *dev,
                struct iw_request_info *info,
                union iwreq_data *wrqu,
                char *extra)
{
    struct airo_info *local = dev->ml_priv;
    struct iw_point *encoding = &wrqu->encoding;
    struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
    int idx, max_key_len, wep_key_len;
    u8 buf[16];

    if (!local->wep_capable)
        return -EOPNOTSUPP;

    readConfigRid(local, 1);

    max_key_len = encoding->length - sizeof(*ext);
    if (max_key_len < 0)
        return -EINVAL;

    idx = encoding->flags & IW_ENCODE_INDEX;
    if (idx) {
        if (!valid_index(local, idx - 1))
            return -EINVAL;
        idx--;
    } else {
        idx = get_wep_tx_idx(local);
        if (idx < 0)
            idx = 0;
    }

    encoding->flags = idx + 1;
    memset(ext, 0, sizeof(*ext));

    /* Check encryption mode */
    switch(local->config.authType) {
        case AUTH_ENCRYPT:
            encoding->flags = IW_ENCODE_ALG_WEP | IW_ENCODE_ENABLED;
            break;
        case AUTH_SHAREDKEY:
            encoding->flags = IW_ENCODE_ALG_WEP | IW_ENCODE_ENABLED;
            break;
        default:
        case AUTH_OPEN:
            encoding->flags = IW_ENCODE_ALG_NONE | IW_ENCODE_DISABLED;
            break;
    }
    /* We can't return the key, so set the proper flag and return zero */
    encoding->flags |= IW_ENCODE_NOKEY;
    memset(extra, 0, 16);
    
    /* Copy the key to the user buffer */
    wep_key_len = get_wep_key(local, idx, &buf[0], sizeof(buf));
    if (wep_key_len < 0) {
        ext->key_len = 0;
    } else {
        ext->key_len = wep_key_len;
        memcpy(extra, buf, ext->key_len);
    }

    return 0;
}


/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set extended authentication parameters
 */
static int airo_set_auth(struct net_device *dev,
                   struct iw_request_info *info,
                   union iwreq_data *wrqu, char *extra)
{
    struct airo_info *local = dev->ml_priv;
    struct iw_param *param = &wrqu->param;
    __le16 currentAuthType = local->config.authType;

    switch (param->flags & IW_AUTH_INDEX) {
    case IW_AUTH_WPA_VERSION:
    case IW_AUTH_CIPHER_PAIRWISE:
    case IW_AUTH_CIPHER_GROUP:
    case IW_AUTH_KEY_MGMT:
    case IW_AUTH_RX_UNENCRYPTED_EAPOL:
    case IW_AUTH_PRIVACY_INVOKED:
        /*
         * airo does not use these parameters
         */
        break;

    case IW_AUTH_DROP_UNENCRYPTED:
        if (param->value) {
            /* Only change auth type if unencrypted */
            if (currentAuthType == AUTH_OPEN)
                local->config.authType = AUTH_ENCRYPT;
        } else {
            local->config.authType = AUTH_OPEN;
        }

        /* Commit the changes to flags if needed */
        if (local->config.authType != currentAuthType)
            set_bit (FLAG_COMMIT, &local->flags);
        break;

    case IW_AUTH_80211_AUTH_ALG: {
            /* FIXME: What about AUTH_OPEN?  This API seems to
             * disallow setting our auth to AUTH_OPEN.
             */
            if (param->value & IW_AUTH_ALG_SHARED_KEY) {
                local->config.authType = AUTH_SHAREDKEY;
            } else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
                local->config.authType = AUTH_ENCRYPT;
            } else
                return -EINVAL;

            /* Commit the changes to flags if needed */
            if (local->config.authType != currentAuthType)
                set_bit (FLAG_COMMIT, &local->flags);
            break;
        }

    case IW_AUTH_WPA_ENABLED:
        /* Silently accept disable of WPA */
        if (param->value > 0)
            return -EOPNOTSUPP;
        break;

    default:
        return -EOPNOTSUPP;
    }
    return -EINPROGRESS;
}


/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get extended authentication parameters
 */
static int airo_get_auth(struct net_device *dev,
                   struct iw_request_info *info,
                   union iwreq_data *wrqu, char *extra)
{
    struct airo_info *local = dev->ml_priv;
    struct iw_param *param = &wrqu->param;
    __le16 currentAuthType = local->config.authType;

    switch (param->flags & IW_AUTH_INDEX) {
    case IW_AUTH_DROP_UNENCRYPTED:
        switch (currentAuthType) {
        case AUTH_SHAREDKEY:
        case AUTH_ENCRYPT:
            param->value = 1;
            break;
        default:
            param->value = 0;
            break;
        }
        break;

    case IW_AUTH_80211_AUTH_ALG:
        switch (currentAuthType) {
        case AUTH_SHAREDKEY:
            param->value = IW_AUTH_ALG_SHARED_KEY;
            break;
        case AUTH_ENCRYPT:
        default:
            param->value = IW_AUTH_ALG_OPEN_SYSTEM;
            break;
        }
        break;

    case IW_AUTH_WPA_ENABLED:
        param->value = 0;
        break;

    default:
        return -EOPNOTSUPP;
    }
    return 0;
}


/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Tx-Power
 */
static int airo_set_txpow(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_param *vwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;
    CapabilityRid cap_rid;      /* Card capability info */
    int i;
    int rc = -EINVAL;
    __le16 v = cpu_to_le16(vwrq->value);

    readCapabilityRid(local, &cap_rid, 1);

    if (vwrq->disabled) {
        set_bit (FLAG_RADIO_OFF, &local->flags);
        set_bit (FLAG_COMMIT, &local->flags);
        return -EINPROGRESS;        /* Call commit handler */
    }
    if (vwrq->flags != IW_TXPOW_MWATT) {
        return -EINVAL;
    }
    clear_bit (FLAG_RADIO_OFF, &local->flags);
    for (i = 0; i < 8 && cap_rid.txPowerLevels[i]; i++)
        if (v == cap_rid.txPowerLevels[i]) {
            readConfigRid(local, 1);
            local->config.txPower = v;
            set_bit (FLAG_COMMIT, &local->flags);
            rc = -EINPROGRESS;  /* Call commit handler */
            break;
        }
    return rc;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Tx-Power
 */
static int airo_get_txpow(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_param *vwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    vwrq->value = le16_to_cpu(local->config.txPower);
    vwrq->fixed = 1;    /* No power control */
    vwrq->disabled = test_bit(FLAG_RADIO_OFF, &local->flags);
    vwrq->flags = IW_TXPOW_MWATT;

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Retry limits
 */
static int airo_set_retry(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_param *vwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;
    int rc = -EINVAL;

    if(vwrq->disabled) {
        return -EINVAL;
    }
    readConfigRid(local, 1);
    if(vwrq->flags & IW_RETRY_LIMIT) {
        __le16 v = cpu_to_le16(vwrq->value);
        if(vwrq->flags & IW_RETRY_LONG)
            local->config.longRetryLimit = v;
        else if (vwrq->flags & IW_RETRY_SHORT)
            local->config.shortRetryLimit = v;
        else {
            /* No modifier : set both */
            local->config.longRetryLimit = v;
            local->config.shortRetryLimit = v;
        }
        set_bit (FLAG_COMMIT, &local->flags);
        rc = -EINPROGRESS;      /* Call commit handler */
    }
    if(vwrq->flags & IW_RETRY_LIFETIME) {
        local->config.txLifetime = cpu_to_le16(vwrq->value / 1024);
        set_bit (FLAG_COMMIT, &local->flags);
        rc = -EINPROGRESS;      /* Call commit handler */
    }
    return rc;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Retry limits
 */
static int airo_get_retry(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_param *vwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;

    vwrq->disabled = 0;      /* Can't be disabled */

    readConfigRid(local, 1);
    /* Note : by default, display the min retry number */
    if((vwrq->flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME) {
        vwrq->flags = IW_RETRY_LIFETIME;
        vwrq->value = le16_to_cpu(local->config.txLifetime) * 1024;
    } else if((vwrq->flags & IW_RETRY_LONG)) {
        vwrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
        vwrq->value = le16_to_cpu(local->config.longRetryLimit);
    } else {
        vwrq->flags = IW_RETRY_LIMIT;
        vwrq->value = le16_to_cpu(local->config.shortRetryLimit);
        if(local->config.shortRetryLimit != local->config.longRetryLimit)
            vwrq->flags |= IW_RETRY_SHORT;
    }

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get range info
 */
static int airo_get_range(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_point *dwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;
    struct iw_range *range = (struct iw_range *) extra;
    CapabilityRid cap_rid;      /* Card capability info */
    int     i;
    int     k;

    readCapabilityRid(local, &cap_rid, 1);

    dwrq->length = sizeof(struct iw_range);
    memset(range, 0, sizeof(*range));
    range->min_nwid = 0x0000;
    range->max_nwid = 0x0000;
    range->num_channels = 14;
    /* Should be based on cap_rid.country to give only
     * what the current card support */
    k = 0;
    for(i = 0; i < 14; i++) {
        range->freq[k].i = i + 1; /* List index */
        range->freq[k].m = ieee80211_dsss_chan_to_freq(i + 1) * 100000;
        range->freq[k++].e = 1; /* Values in MHz -> * 10^5 * 10 */
    }
    range->num_frequency = k;

    range->sensitivity = 65535;

    /* Hum... Should put the right values there */
    if (local->rssi)
        range->max_qual.qual = 100; /* % */
    else
        range->max_qual.qual = airo_get_max_quality(&cap_rid);
    range->max_qual.level = 0x100 - 120;    /* -120 dBm */
    range->max_qual.noise = 0x100 - 120;    /* -120 dBm */

    /* Experimental measurements - boundary 11/5.5 Mb/s */
    /* Note : with or without the (local->rssi), results
     * are somewhat different. - Jean II */
    if (local->rssi) {
        range->avg_qual.qual = 50;      /* % */
        range->avg_qual.level = 0x100 - 70; /* -70 dBm */
    } else {
        range->avg_qual.qual = airo_get_avg_quality(&cap_rid);
        range->avg_qual.level = 0x100 - 80; /* -80 dBm */
    }
    range->avg_qual.noise = 0x100 - 85;     /* -85 dBm */

    for(i = 0 ; i < 8 ; i++) {
        range->bitrate[i] = cap_rid.supportedRates[i] * 500000;
        if(range->bitrate[i] == 0)
            break;
    }
    range->num_bitrates = i;

    /* Set an indication of the max TCP throughput
     * in bit/s that we can expect using this interface.
     * May be use for QoS stuff... Jean II */
    if(i > 2)
        range->throughput = 5000 * 1000;
    else
        range->throughput = 1500 * 1000;

    range->min_rts = 0;
    range->max_rts = AIRO_DEF_MTU;
    range->min_frag = 256;
    range->max_frag = AIRO_DEF_MTU;

    if(cap_rid.softCap & cpu_to_le16(2)) {
        // WEP: RC4 40 bits
        range->encoding_size[0] = 5;
        // RC4 ~128 bits
        if (cap_rid.softCap & cpu_to_le16(0x100)) {
            range->encoding_size[1] = 13;
            range->num_encoding_sizes = 2;
        } else
            range->num_encoding_sizes = 1;
        range->max_encoding_tokens =
            cap_rid.softCap & cpu_to_le16(0x80) ? 4 : 1;
    } else {
        range->num_encoding_sizes = 0;
        range->max_encoding_tokens = 0;
    }
    range->min_pmp = 0;
    range->max_pmp = 5000000;   /* 5 secs */
    range->min_pmt = 0;
    range->max_pmt = 65535 * 1024;  /* ??? */
    range->pmp_flags = IW_POWER_PERIOD;
    range->pmt_flags = IW_POWER_TIMEOUT;
    range->pm_capa = IW_POWER_PERIOD | IW_POWER_TIMEOUT | IW_POWER_ALL_R;

    /* Transmit Power - values are in mW */
    for(i = 0 ; i < 8 ; i++) {
        range->txpower[i] = le16_to_cpu(cap_rid.txPowerLevels[i]);
        if(range->txpower[i] == 0)
            break;
    }
    range->num_txpower = i;
    range->txpower_capa = IW_TXPOW_MWATT;
    range->we_version_source = 19;
    range->we_version_compiled = WIRELESS_EXT;
    range->retry_capa = IW_RETRY_LIMIT | IW_RETRY_LIFETIME;
    range->retry_flags = IW_RETRY_LIMIT;
    range->r_time_flags = IW_RETRY_LIFETIME;
    range->min_retry = 1;
    range->max_retry = 65535;
    range->min_r_time = 1024;
    range->max_r_time = 65535 * 1024;

    /* Event capability (kernel + driver) */
    range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
                IW_EVENT_CAPA_MASK(SIOCGIWTHRSPY) |
                IW_EVENT_CAPA_MASK(SIOCGIWAP) |
                IW_EVENT_CAPA_MASK(SIOCGIWSCAN));
    range->event_capa[1] = IW_EVENT_CAPA_K_1;
    range->event_capa[4] = IW_EVENT_CAPA_MASK(IWEVTXDROP);
    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Power Management
 */
static int airo_set_power(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_param *vwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    if (vwrq->disabled) {
        if (sniffing_mode(local))
            return -EINVAL;
        local->config.powerSaveMode = POWERSAVE_CAM;
        local->config.rmode &= ~RXMODE_MASK;
        local->config.rmode |= RXMODE_BC_MC_ADDR;
        set_bit (FLAG_COMMIT, &local->flags);
        return -EINPROGRESS;        /* Call commit handler */
    }
    if ((vwrq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
        local->config.fastListenDelay = cpu_to_le16((vwrq->value + 500) / 1024);
        local->config.powerSaveMode = POWERSAVE_PSPCAM;
        set_bit (FLAG_COMMIT, &local->flags);
    } else if ((vwrq->flags & IW_POWER_TYPE) == IW_POWER_PERIOD) {
        local->config.fastListenInterval =
        local->config.listenInterval =
            cpu_to_le16((vwrq->value + 500) / 1024);
        local->config.powerSaveMode = POWERSAVE_PSPCAM;
        set_bit (FLAG_COMMIT, &local->flags);
    }
    switch (vwrq->flags & IW_POWER_MODE) {
        case IW_POWER_UNICAST_R:
            if (sniffing_mode(local))
                return -EINVAL;
            local->config.rmode &= ~RXMODE_MASK;
            local->config.rmode |= RXMODE_ADDR;
            set_bit (FLAG_COMMIT, &local->flags);
            break;
        case IW_POWER_ALL_R:
            if (sniffing_mode(local))
                return -EINVAL;
            local->config.rmode &= ~RXMODE_MASK;
            local->config.rmode |= RXMODE_BC_MC_ADDR;
            set_bit (FLAG_COMMIT, &local->flags);
        case IW_POWER_ON:
            /* This is broken, fixme ;-) */
            break;
        default:
            return -EINVAL;
    }
    // Note : we may want to factor local->need_commit here
    // Note2 : may also want to factor RXMODE_RFMON test
    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Power Management
 */
static int airo_get_power(struct net_device *dev,
              struct iw_request_info *info,
              struct iw_param *vwrq,
              char *extra)
{
    struct airo_info *local = dev->ml_priv;
    __le16 mode;

    readConfigRid(local, 1);
    mode = local->config.powerSaveMode;
    if ((vwrq->disabled = (mode == POWERSAVE_CAM)))
        return 0;
    if ((vwrq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
        vwrq->value = le16_to_cpu(local->config.fastListenDelay) * 1024;
        vwrq->flags = IW_POWER_TIMEOUT;
    } else {
        vwrq->value = le16_to_cpu(local->config.fastListenInterval) * 1024;
        vwrq->flags = IW_POWER_PERIOD;
    }
    if ((local->config.rmode & RXMODE_MASK) == RXMODE_ADDR)
        vwrq->flags |= IW_POWER_UNICAST_R;
    else
        vwrq->flags |= IW_POWER_ALL_R;

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : set Sensitivity
 */
static int airo_set_sens(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_param *vwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    local->config.rssiThreshold =
        cpu_to_le16(vwrq->disabled ? RSSI_DEFAULT : vwrq->value);
    set_bit (FLAG_COMMIT, &local->flags);

    return -EINPROGRESS;        /* Call commit handler */
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get Sensitivity
 */
static int airo_get_sens(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_param *vwrq,
             char *extra)
{
    struct airo_info *local = dev->ml_priv;

    readConfigRid(local, 1);
    vwrq->value = le16_to_cpu(local->config.rssiThreshold);
    vwrq->disabled = (vwrq->value == 0);
    vwrq->fixed = 1;

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : get AP List
 * Note : this is deprecated in favor of IWSCAN
 */
static int airo_get_aplist(struct net_device *dev,
               struct iw_request_info *info,
               struct iw_point *dwrq,
               char *extra)
{
    struct airo_info *local = dev->ml_priv;
    struct sockaddr *address = (struct sockaddr *) extra;
    struct iw_quality *qual;
    BSSListRid BSSList;
    int i;
    int loseSync = capable(CAP_NET_ADMIN) ? 1: -1;

    qual = kmalloc(IW_MAX_AP * sizeof(*qual), GFP_KERNEL);
    if (!qual)
        return -ENOMEM;

    for (i = 0; i < IW_MAX_AP; i++) {
        u16 dBm;
        if (readBSSListRid(local, loseSync, &BSSList))
            break;
        loseSync = 0;
        memcpy(address[i].sa_data, BSSList.bssid, ETH_ALEN);
        address[i].sa_family = ARPHRD_ETHER;
        dBm = le16_to_cpu(BSSList.dBm);
        if (local->rssi) {
            qual[i].level = 0x100 - dBm;
            qual[i].qual = airo_dbm_to_pct(local->rssi, dBm);
            qual[i].updated = IW_QUAL_QUAL_UPDATED
                    | IW_QUAL_LEVEL_UPDATED
                    | IW_QUAL_DBM;
        } else {
            qual[i].level = (dBm + 321) / 2;
            qual[i].qual = 0;
            qual[i].updated = IW_QUAL_QUAL_INVALID
                    | IW_QUAL_LEVEL_UPDATED
                    | IW_QUAL_DBM;
        }
        qual[i].noise = local->wstats.qual.noise;
        if (BSSList.index == cpu_to_le16(0xffff))
            break;
    }
    if (!i) {
        StatusRid status_rid;       /* Card status info */
        readStatusRid(local, &status_rid, 1);
        for (i = 0;
             i < min(IW_MAX_AP, 4) &&
                 (status_rid.bssid[i][0]
                  & status_rid.bssid[i][1]
                  & status_rid.bssid[i][2]
                  & status_rid.bssid[i][3]
                  & status_rid.bssid[i][4]
                  & status_rid.bssid[i][5])!=0xff &&
                 (status_rid.bssid[i][0]
                  | status_rid.bssid[i][1]
                  | status_rid.bssid[i][2]
                  | status_rid.bssid[i][3]
                  | status_rid.bssid[i][4]
                  | status_rid.bssid[i][5]);
             i++) {
            memcpy(address[i].sa_data,
                   status_rid.bssid[i], ETH_ALEN);
            address[i].sa_family = ARPHRD_ETHER;
        }
    } else {
        dwrq->flags = 1; /* Should be define'd */
        memcpy(extra + sizeof(struct sockaddr) * i, qual,
               sizeof(struct iw_quality) * i);
    }
    dwrq->length = i;

    kfree(qual);
    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : Initiate Scan
 */
static int airo_set_scan(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_point *dwrq,
             char *extra)
{
    struct airo_info *ai = dev->ml_priv;
    Cmd cmd;
    Resp rsp;
    int wake = 0;

    /* Note : you may have realised that, as this is a SET operation,
     * this is privileged and therefore a normal user can't
     * perform scanning.
     * This is not an error, while the device perform scanning,
     * traffic doesn't flow, so it's a perfect DoS...
     * Jean II */
    if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;

    if (down_interruptible(&ai->sem))
        return -ERESTARTSYS;

    /* If there's already a scan in progress, don't
     * trigger another one. */
    if (ai->scan_timeout > 0)
        goto out;

    /* Initiate a scan command */
    ai->scan_timeout = RUN_AT(3*HZ);
    memset(&cmd, 0, sizeof(cmd));
    cmd.cmd=CMD_LISTBSS;
    issuecommand(ai, &cmd, &rsp);
    wake = 1;

out:
    up(&ai->sem);
    if (wake)
        wake_up_interruptible(&ai->thr_wait);
    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Translate scan data returned from the card to a card independent
 * format that the Wireless Tools will understand - Jean II
 */
static inline char *airo_translate_scan(struct net_device *dev,
                    struct iw_request_info *info,
                    char *current_ev,
                    char *end_buf,
                    BSSListRid *bss)
{
    struct airo_info *ai = dev->ml_priv;
    struct iw_event     iwe;        /* Temporary buffer */
    __le16          capabilities;
    char *          current_val;    /* For rates */
    int         i;
    char *      buf;
    u16 dBm;

    /* First entry *MUST* be the AP MAC address */
    iwe.cmd = SIOCGIWAP;
    iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
    memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
    current_ev = iwe_stream_add_event(info, current_ev, end_buf,
                      &iwe, IW_EV_ADDR_LEN);

    /* Other entries will be displayed in the order we give them */

    /* Add the ESSID */
    iwe.u.data.length = bss->ssidLen;
    if(iwe.u.data.length > 32)
        iwe.u.data.length = 32;
    iwe.cmd = SIOCGIWESSID;
    iwe.u.data.flags = 1;
    current_ev = iwe_stream_add_point(info, current_ev, end_buf,
                      &iwe, bss->ssid);

    /* Add mode */
    iwe.cmd = SIOCGIWMODE;
    capabilities = bss->cap;
    if(capabilities & (CAP_ESS | CAP_IBSS)) {
        if(capabilities & CAP_ESS)
            iwe.u.mode = IW_MODE_MASTER;
        else
            iwe.u.mode = IW_MODE_ADHOC;
        current_ev = iwe_stream_add_event(info, current_ev, end_buf,
                          &iwe, IW_EV_UINT_LEN);
    }

    /* Add frequency */
    iwe.cmd = SIOCGIWFREQ;
    iwe.u.freq.m = le16_to_cpu(bss->dsChannel);
    iwe.u.freq.m = ieee80211_dsss_chan_to_freq(iwe.u.freq.m) * 100000;
    iwe.u.freq.e = 1;
    current_ev = iwe_stream_add_event(info, current_ev, end_buf,
                      &iwe, IW_EV_FREQ_LEN);

    dBm = le16_to_cpu(bss->dBm);

    /* Add quality statistics */
    iwe.cmd = IWEVQUAL;
    if (ai->rssi) {
        iwe.u.qual.level = 0x100 - dBm;
        iwe.u.qual.qual = airo_dbm_to_pct(ai->rssi, dBm);
        iwe.u.qual.updated = IW_QUAL_QUAL_UPDATED
                | IW_QUAL_LEVEL_UPDATED
                | IW_QUAL_DBM;
    } else {
        iwe.u.qual.level = (dBm + 321) / 2;
        iwe.u.qual.qual = 0;
        iwe.u.qual.updated = IW_QUAL_QUAL_INVALID
                | IW_QUAL_LEVEL_UPDATED
                | IW_QUAL_DBM;
    }
    iwe.u.qual.noise = ai->wstats.qual.noise;
    current_ev = iwe_stream_add_event(info, current_ev, end_buf,
                      &iwe, IW_EV_QUAL_LEN);

    /* Add encryption capability */
    iwe.cmd = SIOCGIWENCODE;
    if(capabilities & CAP_PRIVACY)
        iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
    else
        iwe.u.data.flags = IW_ENCODE_DISABLED;
    iwe.u.data.length = 0;
    current_ev = iwe_stream_add_point(info, current_ev, end_buf,
                      &iwe, bss->ssid);

    /* Rate : stuffing multiple values in a single event require a bit
     * more of magic - Jean II */
    current_val = current_ev + iwe_stream_lcp_len(info);

    iwe.cmd = SIOCGIWRATE;
    /* Those two flags are ignored... */
    iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
    /* Max 8 values */
    for(i = 0 ; i < 8 ; i++) {
        /* NULL terminated */
        if(bss->rates[i] == 0)
            break;
        /* Bit rate given in 500 kb/s units (+ 0x80) */
        iwe.u.bitrate.value = ((bss->rates[i] & 0x7f) * 500000);
        /* Add new value to event */
        current_val = iwe_stream_add_value(info, current_ev,
                           current_val, end_buf,
                           &iwe, IW_EV_PARAM_LEN);
    }
    /* Check if we added any event */
    if ((current_val - current_ev) > iwe_stream_lcp_len(info))
        current_ev = current_val;

    /* Beacon interval */
    buf = kmalloc(30, GFP_KERNEL);
    if (buf) {
        iwe.cmd = IWEVCUSTOM;
        sprintf(buf, "bcn_int=%d", bss->beaconInterval);
        iwe.u.data.length = strlen(buf);
        current_ev = iwe_stream_add_point(info, current_ev, end_buf,
                          &iwe, buf);
        kfree(buf);
    }

    /* Put WPA/RSN Information Elements into the event stream */
    if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) {
        unsigned int num_null_ies = 0;
        u16 length = sizeof (bss->extra.iep);
        u8 *ie = (void *)&bss->extra.iep;

        while ((length >= 2) && (num_null_ies < 2)) {
            if (2 + ie[1] > length) {
                /* Invalid element, don't continue parsing IE */
                break;
            }

            switch (ie[0]) {
            case WLAN_EID_SSID:
                /* Two zero-length SSID elements
                 * mean we're done parsing elements */
                if (!ie[1])
                    num_null_ies++;
                break;

            case WLAN_EID_GENERIC:
                if (ie[1] >= 4 &&
                    ie[2] == 0x00 &&
                    ie[3] == 0x50 &&
                    ie[4] == 0xf2 &&
                    ie[5] == 0x01) {
                    iwe.cmd = IWEVGENIE;
                    /* 64 is an arbitrary cut-off */
                    iwe.u.data.length = min(ie[1] + 2,
                                64);
                    current_ev = iwe_stream_add_point(
                            info, current_ev,
                            end_buf, &iwe, ie);
                }
                break;

            case WLAN_EID_RSN:
                iwe.cmd = IWEVGENIE;
                /* 64 is an arbitrary cut-off */
                iwe.u.data.length = min(ie[1] + 2, 64);
                current_ev = iwe_stream_add_point(
                    info, current_ev, end_buf,
                    &iwe, ie);
                break;

            default:
                break;
            }

            length -= 2 + ie[1];
            ie += 2 + ie[1];
        }
    }
    return current_ev;
}

/*------------------------------------------------------------------*/
/*
 * Wireless Handler : Read Scan Results
 */
static int airo_get_scan(struct net_device *dev,
             struct iw_request_info *info,
             struct iw_point *dwrq,
             char *extra)
{
    struct airo_info *ai = dev->ml_priv;
    BSSListElement *net;
    int err = 0;
    char *current_ev = extra;

    /* If a scan is in-progress, return -EAGAIN */
    if (ai->scan_timeout > 0)
        return -EAGAIN;

    if (down_interruptible(&ai->sem))
        return -EAGAIN;

    list_for_each_entry (net, &ai->network_list, list) {
        /* Translate to WE format this entry */
        current_ev = airo_translate_scan(dev, info, current_ev,
                         extra + dwrq->length,
                         &net->bss);

        /* Check if there is space for one more entry */
        if((extra + dwrq->length - current_ev) <= IW_EV_ADDR_LEN) {
            /* Ask user space to try again with a bigger buffer */
            err = -E2BIG;
            goto out;
        }
    }

    /* Length of data */
    dwrq->length = (current_ev - extra);
    dwrq->flags = 0;    /* todo */

out:
    up(&ai->sem);
    return err;
}

/*------------------------------------------------------------------*/
/*
 * Commit handler : called after a bunch of SET operations
 */
static int airo_config_commit(struct net_device *dev,
                  struct iw_request_info *info, /* NULL */
                  void *zwrq,           /* NULL */
                  char *extra)          /* NULL */
{
    struct airo_info *local = dev->ml_priv;

    if (!test_bit (FLAG_COMMIT, &local->flags))
        return 0;

    /* Some of the "SET" function may have modified some of the
     * parameters. It's now time to commit them in the card */
    disable_MAC(local, 1);
    if (test_bit (FLAG_RESET, &local->flags)) {
        APListRid APList_rid;
        SsidRid SSID_rid;

        readAPListRid(local, &APList_rid);
        readSsidRid(local, &SSID_rid);
        if (test_bit(FLAG_MPI,&local->flags))
            setup_card(local, dev->dev_addr, 1 );
        else
            reset_airo_card(dev);
        disable_MAC(local, 1);
        writeSsidRid(local, &SSID_rid, 1);
        writeAPListRid(local, &APList_rid, 1);
    }
    if (down_interruptible(&local->sem))
        return -ERESTARTSYS;
    writeConfigRid(local, 0);
    enable_MAC(local, 0);
    if (test_bit (FLAG_RESET, &local->flags))
        airo_set_promisc(local);
    else
        up(&local->sem);

    return 0;
}

/*------------------------------------------------------------------*/
/*
 * Structures to export the Wireless Handlers
 */

static const struct iw_priv_args airo_private_args[] = {
/*{ cmd,         set_args,                            get_args, name } */
  { AIROIOCTL, IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | sizeof (aironet_ioctl),
    IW_PRIV_TYPE_BYTE | 2047, "airoioctl" },
  { AIROIDIFC, IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | sizeof (aironet_ioctl),
    IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "airoidifc" },
};

static const iw_handler     airo_handler[] =
{
    (iw_handler) airo_config_commit,    /* SIOCSIWCOMMIT */
    (iw_handler) airo_get_name,     /* SIOCGIWNAME */
    (iw_handler) NULL,          /* SIOCSIWNWID */
    (iw_handler) NULL,          /* SIOCGIWNWID */
    (iw_handler) airo_set_freq,     /* SIOCSIWFREQ */
    (iw_handler) airo_get_freq,     /* SIOCGIWFREQ */
    (iw_handler) airo_set_mode,     /* SIOCSIWMODE */
    (iw_handler) airo_get_mode,     /* SIOCGIWMODE */
    (iw_handler) airo_set_sens,     /* SIOCSIWSENS */
    (iw_handler) airo_get_sens,     /* SIOCGIWSENS */
    (iw_handler) NULL,          /* SIOCSIWRANGE */
    (iw_handler) airo_get_range,        /* SIOCGIWRANGE */
    (iw_handler) NULL,          /* SIOCSIWPRIV */
    (iw_handler) NULL,          /* SIOCGIWPRIV */
    (iw_handler) NULL,          /* SIOCSIWSTATS */
    (iw_handler) NULL,          /* SIOCGIWSTATS */
    iw_handler_set_spy,         /* SIOCSIWSPY */
    iw_handler_get_spy,         /* SIOCGIWSPY */
    iw_handler_set_thrspy,          /* SIOCSIWTHRSPY */
    iw_handler_get_thrspy,          /* SIOCGIWTHRSPY */
    (iw_handler) airo_set_wap,      /* SIOCSIWAP */
    (iw_handler) airo_get_wap,      /* SIOCGIWAP */
    (iw_handler) NULL,          /* -- hole -- */
    (iw_handler) airo_get_aplist,       /* SIOCGIWAPLIST */
    (iw_handler) airo_set_scan,     /* SIOCSIWSCAN */
    (iw_handler) airo_get_scan,     /* SIOCGIWSCAN */
    (iw_handler) airo_set_essid,        /* SIOCSIWESSID */
    (iw_handler) airo_get_essid,        /* SIOCGIWESSID */
    (iw_handler) airo_set_nick,     /* SIOCSIWNICKN */
    (iw_handler) airo_get_nick,     /* SIOCGIWNICKN */
    (iw_handler) NULL,          /* -- hole -- */
    (iw_handler) NULL,          /* -- hole -- */
    (iw_handler) airo_set_rate,     /* SIOCSIWRATE */
    (iw_handler) airo_get_rate,     /* SIOCGIWRATE */
    (iw_handler) airo_set_rts,      /* SIOCSIWRTS */
    (iw_handler) airo_get_rts,      /* SIOCGIWRTS */
    (iw_handler) airo_set_frag,     /* SIOCSIWFRAG */
    (iw_handler) airo_get_frag,     /* SIOCGIWFRAG */
    (iw_handler) airo_set_txpow,        /* SIOCSIWTXPOW */
    (iw_handler) airo_get_txpow,        /* SIOCGIWTXPOW */
    (iw_handler) airo_set_retry,        /* SIOCSIWRETRY */
    (iw_handler) airo_get_retry,        /* SIOCGIWRETRY */
    (iw_handler) airo_set_encode,       /* SIOCSIWENCODE */
    (iw_handler) airo_get_encode,       /* SIOCGIWENCODE */
    (iw_handler) airo_set_power,        /* SIOCSIWPOWER */
    (iw_handler) airo_get_power,        /* SIOCGIWPOWER */
    (iw_handler) NULL,          /* -- hole -- */
    (iw_handler) NULL,          /* -- hole -- */
    (iw_handler) NULL,          /* SIOCSIWGENIE */
    (iw_handler) NULL,          /* SIOCGIWGENIE */
    (iw_handler) airo_set_auth,     /* SIOCSIWAUTH */
    (iw_handler) airo_get_auth,     /* SIOCGIWAUTH */
    (iw_handler) airo_set_encodeext,    /* SIOCSIWENCODEEXT */
    (iw_handler) airo_get_encodeext,    /* SIOCGIWENCODEEXT */
    (iw_handler) NULL,          /* SIOCSIWPMKSA */
};

/* Note : don't describe AIROIDIFC and AIROOLDIDIFC in here.
 * We want to force the use of the ioctl code, because those can't be
 * won't work the iw_handler code (because they simultaneously read
 * and write data and iw_handler can't do that).
 * Note that it's perfectly legal to read/write on a single ioctl command,
 * you just can't use iwpriv and need to force it via the ioctl handler.
 * Jean II */
static const iw_handler     airo_private_handler[] =
{
    NULL,               /* SIOCIWFIRSTPRIV */
};

static const struct iw_handler_def  airo_handler_def =
{
    .num_standard   = ARRAY_SIZE(airo_handler),
    .num_private    = ARRAY_SIZE(airo_private_handler),
    .num_private_args = ARRAY_SIZE(airo_private_args),
    .standard   = airo_handler,
    .private    = airo_private_handler,
    .private_args   = airo_private_args,
    .get_wireless_stats = airo_get_wireless_stats,
};

/*
 * This defines the configuration part of the Wireless Extensions
 * Note : irq and spinlock protection will occur in the subroutines
 *
 * TODO :
 *  o Check input value more carefully and fill correct values in range
 *  o Test and shakeout the bugs (if any)
 *
 * Jean II
 *
 * Javier Achirica did a great job of merging code from the unnamed CISCO
 * developer that added support for flashing the card.
 */
static int airo_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
{
    int rc = 0;
    struct airo_info *ai = dev->ml_priv;

    if (ai->power.event)
        return 0;

    switch (cmd) {
#ifdef CISCO_EXT
    case AIROIDIFC:
#ifdef AIROOLDIDIFC
    case AIROOLDIDIFC:
#endif
    {
        int val = AIROMAGIC;
        aironet_ioctl com;
        if (copy_from_user(&com,rq->ifr_data,sizeof(com)))
            rc = -EFAULT;
        else if (copy_to_user(com.data,(char *)&val,sizeof(val)))
            rc = -EFAULT;
    }
    break;

    case AIROIOCTL:
#ifdef AIROOLDIOCTL
    case AIROOLDIOCTL:
#endif
        /* Get the command struct and hand it off for evaluation by
         * the proper subfunction
         */
    {
        aironet_ioctl com;
        if (copy_from_user(&com,rq->ifr_data,sizeof(com))) {
            rc = -EFAULT;
            break;
        }

        /* Separate R/W functions bracket legality here
         */
        if ( com.command == AIRORSWVERSION ) {
            if (copy_to_user(com.data, swversion, sizeof(swversion)))
                rc = -EFAULT;
            else
                rc = 0;
        }
        else if ( com.command <= AIRORRID)
            rc = readrids(dev,&com);
        else if ( com.command >= AIROPCAP && com.command <= (AIROPLEAPUSR+2) )
            rc = writerids(dev,&com);
        else if ( com.command >= AIROFLSHRST && com.command <= AIRORESTART )
            rc = flashcard(dev,&com);
        else
            rc = -EINVAL;      /* Bad command in ioctl */
    }
    break;
#endif /* CISCO_EXT */

    // All other calls are currently unsupported
    default:
        rc = -EOPNOTSUPP;
    }
    return rc;
}

/*
 * Get the Wireless stats out of the driver
 * Note : irq and spinlock protection will occur in the subroutines
 *
 * TODO :
 *  o Check if work in Ad-Hoc mode (otherwise, use SPY, as in wvlan_cs)
 *
 * Jean
 */
static void airo_read_wireless_stats(struct airo_info *local)
{
    StatusRid status_rid;
    StatsRid stats_rid;
    CapabilityRid cap_rid;
    __le32 *vals = stats_rid.vals;

    /* Get stats out of the card */
    clear_bit(JOB_WSTATS, &local->jobs);
    if (local->power.event) {
        up(&local->sem);
        return;
    }
    readCapabilityRid(local, &cap_rid, 0);
    readStatusRid(local, &status_rid, 0);
    readStatsRid(local, &stats_rid, RID_STATS, 0);
    up(&local->sem);

    /* The status */
    local->wstats.status = le16_to_cpu(status_rid.mode);

    /* Signal quality and co */
    if (local->rssi) {
        local->wstats.qual.level =
            airo_rssi_to_dbm(local->rssi,
                     le16_to_cpu(status_rid.sigQuality));
        /* normalizedSignalStrength appears to be a percentage */
        local->wstats.qual.qual =
            le16_to_cpu(status_rid.normalizedSignalStrength);
    } else {
        local->wstats.qual.level =
            (le16_to_cpu(status_rid.normalizedSignalStrength) + 321) / 2;
        local->wstats.qual.qual = airo_get_quality(&status_rid, &cap_rid);
    }
    if (le16_to_cpu(status_rid.len) >= 124) {
        local->wstats.qual.noise = 0x100 - status_rid.noisedBm;
        local->wstats.qual.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
    } else {
        local->wstats.qual.noise = 0;
        local->wstats.qual.updated = IW_QUAL_QUAL_UPDATED | IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_INVALID | IW_QUAL_DBM;
    }

    /* Packets discarded in the wireless adapter due to wireless
     * specific problems */
    local->wstats.discard.nwid = le32_to_cpu(vals[56]) +
                     le32_to_cpu(vals[57]) +
                     le32_to_cpu(vals[58]); /* SSID Mismatch */
    local->wstats.discard.code = le32_to_cpu(vals[6]);/* RxWepErr */
    local->wstats.discard.fragment = le32_to_cpu(vals[30]);
    local->wstats.discard.retries = le32_to_cpu(vals[10]);
    local->wstats.discard.misc = le32_to_cpu(vals[1]) +
                     le32_to_cpu(vals[32]);
    local->wstats.miss.beacon = le32_to_cpu(vals[34]);
}

static struct iw_statistics *airo_get_wireless_stats(struct net_device *dev)
{
    struct airo_info *local =  dev->ml_priv;

    if (!test_bit(JOB_WSTATS, &local->jobs)) {
        /* Get stats out of the card if available */
        if (down_trylock(&local->sem) != 0) {
            set_bit(JOB_WSTATS, &local->jobs);
            wake_up_interruptible(&local->thr_wait);
        } else
            airo_read_wireless_stats(local);
    }

    return &local->wstats;
}

#ifdef CISCO_EXT
/*
 * This just translates from driver IOCTL codes to the command codes to
 * feed to the radio's host interface. Things can be added/deleted
 * as needed.  This represents the READ side of control I/O to
 * the card
 */
static int readrids(struct net_device *dev, aironet_ioctl *comp) {
    unsigned short ridcode;
    unsigned char *iobuf;
    int len;
    struct airo_info *ai = dev->ml_priv;

    if (test_bit(FLAG_FLASHING, &ai->flags))
        return -EIO;

    switch(comp->command)
    {
    case AIROGCAP:      ridcode = RID_CAPABILITIES; break;
    case AIROGCFG:      ridcode = RID_CONFIG;
        if (test_bit(FLAG_COMMIT, &ai->flags)) {
            disable_MAC (ai, 1);
            writeConfigRid (ai, 1);
            enable_MAC(ai, 1);
        }
        break;
    case AIROGSLIST:    ridcode = RID_SSID;         break;
    case AIROGVLIST:    ridcode = RID_APLIST;       break;
    case AIROGDRVNAM:   ridcode = RID_DRVNAME;      break;
    case AIROGEHTENC:   ridcode = RID_ETHERENCAP;   break;
    case AIROGWEPKTMP:  ridcode = RID_WEP_TEMP;
        /* Only super-user can read WEP keys */
        if (!capable(CAP_NET_ADMIN))
            return -EPERM;
        break;
    case AIROGWEPKNV:   ridcode = RID_WEP_PERM;
        /* Only super-user can read WEP keys */
        if (!capable(CAP_NET_ADMIN))
            return -EPERM;
        break;
    case AIROGSTAT:     ridcode = RID_STATUS;       break;
    case AIROGSTATSD32: ridcode = RID_STATSDELTA;   break;
    case AIROGSTATSC32: ridcode = RID_STATS;        break;
    case AIROGMICSTATS:
        if (copy_to_user(comp->data, &ai->micstats,
                 min((int)comp->len,(int)sizeof(ai->micstats))))
            return -EFAULT;
        return 0;
    case AIRORRID:      ridcode = comp->ridnum;     break;
    default:
        return -EINVAL;
        break;
    }

    if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL)
        return -ENOMEM;

    PC4500_readrid(ai,ridcode,iobuf,RIDSIZE, 1);
    /* get the count of bytes in the rid  docs say 1st 2 bytes is it.
     * then return it to the user
     * 9/22/2000 Honor user given length
     */
    len = comp->len;

    if (copy_to_user(comp->data, iobuf, min(len, (int)RIDSIZE))) {
        kfree (iobuf);
        return -EFAULT;
    }
    kfree (iobuf);
    return 0;
}

/*
 * Danger Will Robinson write the rids here
 */

static int writerids(struct net_device *dev, aironet_ioctl *comp) {
    struct airo_info *ai = dev->ml_priv;
    int  ridcode;
        int  enabled;
    static int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
    unsigned char *iobuf;

    /* Only super-user can write RIDs */
    if (!capable(CAP_NET_ADMIN))
        return -EPERM;

    if (test_bit(FLAG_FLASHING, &ai->flags))
        return -EIO;

    ridcode = 0;
    writer = do_writerid;

    switch(comp->command)
    {
    case AIROPSIDS:     ridcode = RID_SSID;         break;
    case AIROPCAP:      ridcode = RID_CAPABILITIES; break;
    case AIROPAPLIST:   ridcode = RID_APLIST;       break;
    case AIROPCFG: ai->config.len = 0;
                clear_bit(FLAG_COMMIT, &ai->flags);
                ridcode = RID_CONFIG;       break;
    case AIROPWEPKEYNV: ridcode = RID_WEP_PERM;     break;
    case AIROPLEAPUSR:  ridcode = RID_LEAPUSERNAME; break;
    case AIROPLEAPPWD:  ridcode = RID_LEAPPASSWORD; break;
    case AIROPWEPKEY:   ridcode = RID_WEP_TEMP; writer = PC4500_writerid;
        break;
    case AIROPLEAPUSR+1: ridcode = 0xFF2A;          break;
    case AIROPLEAPUSR+2: ridcode = 0xFF2B;          break;

        /* this is not really a rid but a command given to the card
         * same with MAC off
         */
    case AIROPMACON:
        if (enable_MAC(ai, 1) != 0)
            return -EIO;
        return 0;

        /*
         * Evidently this code in the airo driver does not get a symbol
         * as disable_MAC. it's probably so short the compiler does not gen one.
         */
    case AIROPMACOFF:
        disable_MAC(ai, 1);
        return 0;

        /* This command merely clears the counts does not actually store any data
         * only reads rid. But as it changes the cards state, I put it in the
         * writerid routines.
         */
    case AIROPSTCLR:
        if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL)
            return -ENOMEM;

        PC4500_readrid(ai,RID_STATSDELTACLEAR,iobuf,RIDSIZE, 1);

        enabled = ai->micstats.enabled;
        memset(&ai->micstats,0,sizeof(ai->micstats));
        ai->micstats.enabled = enabled;

        if (copy_to_user(comp->data, iobuf,
                 min((int)comp->len, (int)RIDSIZE))) {
            kfree (iobuf);
            return -EFAULT;
        }
        kfree (iobuf);
        return 0;

    default:
        return -EOPNOTSUPP; /* Blarg! */
    }
    if(comp->len > RIDSIZE)
        return -EINVAL;

    if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL)
        return -ENOMEM;

    if (copy_from_user(iobuf,comp->data,comp->len)) {
        kfree (iobuf);
        return -EFAULT;
    }

    if (comp->command == AIROPCFG) {
        ConfigRid *cfg = (ConfigRid *)iobuf;

        if (test_bit(FLAG_MIC_CAPABLE, &ai->flags))
            cfg->opmode |= MODE_MIC;

        if ((cfg->opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
            set_bit (FLAG_ADHOC, &ai->flags);
        else
            clear_bit (FLAG_ADHOC, &ai->flags);
    }

    if((*writer)(ai, ridcode, iobuf,comp->len,1)) {
        kfree (iobuf);
        return -EIO;
    }
    kfree (iobuf);
    return 0;
}

/*****************************************************************************
 * Ancillary flash / mod functions much black magic lurkes here              *
 *****************************************************************************
 */

/*
 * Flash command switch table
 */

static int flashcard(struct net_device *dev, aironet_ioctl *comp) {
    int z;

    /* Only super-user can modify flash */
    if (!capable(CAP_NET_ADMIN))
        return -EPERM;

    switch(comp->command)
    {
    case AIROFLSHRST:
        return cmdreset((struct airo_info *)dev->ml_priv);

    case AIROFLSHSTFL:
        if (!AIRO_FLASH(dev) &&
            (AIRO_FLASH(dev) = kmalloc(FLASHSIZE, GFP_KERNEL)) == NULL)
            return -ENOMEM;
        return setflashmode((struct airo_info *)dev->ml_priv);

    case AIROFLSHGCHR: /* Get char from aux */
        if(comp->len != sizeof(int))
            return -EINVAL;
        if (copy_from_user(&z,comp->data,comp->len))
            return -EFAULT;
        return flashgchar((struct airo_info *)dev->ml_priv, z, 8000);

    case AIROFLSHPCHR: /* Send char to card. */
        if(comp->len != sizeof(int))
            return -EINVAL;
        if (copy_from_user(&z,comp->data,comp->len))
            return -EFAULT;
        return flashpchar((struct airo_info *)dev->ml_priv, z, 8000);

    case AIROFLPUTBUF: /* Send 32k to card */
        if (!AIRO_FLASH(dev))
            return -ENOMEM;
        if(comp->len > FLASHSIZE)
            return -EINVAL;
        if (copy_from_user(AIRO_FLASH(dev), comp->data, comp->len))
            return -EFAULT;

        flashputbuf((struct airo_info *)dev->ml_priv);
        return 0;

    case AIRORESTART:
        if (flashrestart((struct airo_info *)dev->ml_priv, dev))
            return -EIO;
        return 0;
    }
    return -EINVAL;
}

#define FLASH_COMMAND  0x7e7e

/*
 * STEP 1)
 * Disable MAC and do soft reset on
 * card.
 */

static int cmdreset(struct airo_info *ai) {
    disable_MAC(ai, 1);

    if(!waitbusy (ai)){
        airo_print_info(ai->dev->name, "Waitbusy hang before RESET");
        return -EBUSY;
    }

    OUT4500(ai,COMMAND,CMD_SOFTRESET);

    ssleep(1);          /* WAS 600 12/7/00 */

    if(!waitbusy (ai)){
        airo_print_info(ai->dev->name, "Waitbusy hang AFTER RESET");
        return -EBUSY;
    }
    return 0;
}

/* STEP 2)
 * Put the card in legendary flash
 * mode
 */

static int setflashmode (struct airo_info *ai) {
    set_bit (FLAG_FLASHING, &ai->flags);

    OUT4500(ai, SWS0, FLASH_COMMAND);
    OUT4500(ai, SWS1, FLASH_COMMAND);
    if (probe) {
        OUT4500(ai, SWS0, FLASH_COMMAND);
        OUT4500(ai, COMMAND,0x10);
    } else {
        OUT4500(ai, SWS2, FLASH_COMMAND);
        OUT4500(ai, SWS3, FLASH_COMMAND);
        OUT4500(ai, COMMAND,0);
    }
    msleep(500);        /* 500ms delay */

    if(!waitbusy(ai)) {
        clear_bit (FLAG_FLASHING, &ai->flags);
        airo_print_info(ai->dev->name, "Waitbusy hang after setflash mode");
        return -EIO;
    }
    return 0;
}

/* Put character to SWS0 wait for dwelltime
 * x 50us for  echo .
 */

static int flashpchar(struct airo_info *ai,int byte,int dwelltime) {
    int echo;
    int waittime;

    byte |= 0x8000;

    if(dwelltime == 0 )
        dwelltime = 200;

    waittime=dwelltime;

    /* Wait for busy bit d15 to go false indicating buffer empty */
    while ((IN4500 (ai, SWS0) & 0x8000) && waittime > 0) {
        udelay (50);
        waittime -= 50;
    }

    /* timeout for busy clear wait */
    if(waittime <= 0 ){
        airo_print_info(ai->dev->name, "flash putchar busywait timeout!");
        return -EBUSY;
    }

    /* Port is clear now write byte and wait for it to echo back */
    do {
        OUT4500(ai,SWS0,byte);
        udelay(50);
        dwelltime -= 50;
        echo = IN4500(ai,SWS1);
    } while (dwelltime >= 0 && echo != byte);

    OUT4500(ai,SWS1,0);

    return (echo == byte) ? 0 : -EIO;
}

/*
 * Get a character from the card matching matchbyte
 * Step 3)
 */
static int flashgchar(struct airo_info *ai,int matchbyte,int dwelltime){
    int           rchar;
    unsigned char rbyte=0;

    do {
        rchar = IN4500(ai,SWS1);

        if(dwelltime && !(0x8000 & rchar)){
            dwelltime -= 10;
            mdelay(10);
            continue;
        }
        rbyte = 0xff & rchar;

        if( (rbyte == matchbyte) && (0x8000 & rchar) ){
            OUT4500(ai,SWS1,0);
            return 0;
        }
        if( rbyte == 0x81 || rbyte == 0x82 || rbyte == 0x83 || rbyte == 0x1a || 0xffff == rchar)
            break;
        OUT4500(ai,SWS1,0);

    }while(dwelltime > 0);
    return -EIO;
}

/*
 * Transfer 32k of firmware data from user buffer to our buffer and
 * send to the card
 */

static int flashputbuf(struct airo_info *ai){
    int            nwords;

    /* Write stuff */
    if (test_bit(FLAG_MPI,&ai->flags))
        memcpy_toio(ai->pciaux + 0x8000, ai->flash, FLASHSIZE);
    else {
        OUT4500(ai,AUXPAGE,0x100);
        OUT4500(ai,AUXOFF,0);

        for(nwords=0;nwords != FLASHSIZE / 2;nwords++){
            OUT4500(ai,AUXDATA,ai->flash[nwords] & 0xffff);
        }
    }
    OUT4500(ai,SWS0,0x8000);

    return 0;
}

/*
 *
 */
static int flashrestart(struct airo_info *ai,struct net_device *dev){
    int    i,status;

    ssleep(1);          /* Added 12/7/00 */
    clear_bit (FLAG_FLASHING, &ai->flags);
    if (test_bit(FLAG_MPI, &ai->flags)) {
        status = mpi_init_descriptors(ai);
        if (status != SUCCESS)
            return status;
    }
    status = setup_card(ai, dev->dev_addr, 1);

    if (!test_bit(FLAG_MPI,&ai->flags))
        for( i = 0; i < MAX_FIDS; i++ ) {
            ai->fids[i] = transmit_allocate
                ( ai, AIRO_DEF_MTU, i >= MAX_FIDS / 2 );
        }

    ssleep(1);          /* Added 12/7/00 */
    return status;
}
#endif /* CISCO_EXT */

/*
    This program is free software; you can redistribute it and/or
    modify it under the terms of the GNU General Public License
    as published by the Free Software Foundation; either version 2
    of the License, or (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    In addition:

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions
    are met:

    1. Redistributions of source code must retain the above copyright
       notice, this list of conditions and the following disclaimer.
    2. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.
    3. The name of the author may not be used to endorse or promote
       products derived from this software without specific prior written
       permission.

    THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
    IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
    SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
    IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/

module_init(airo_init_module);
module_exit(airo_cleanup_module);