[IPV6]: Reorg struct ifmcaddr6 to save some bytes
[linux-2.6.git] / drivers / net / wireless / iwlwifi / iwl3945-base.c
1 /******************************************************************************
2  *
3  * Copyright(c) 2003 - 2007 Intel Corporation. All rights reserved.
4  *
5  * Portions of this file are derived from the ipw3945 project, as well
6  * as portions of the ieee80211 subsystem header files.
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms of version 2 of the GNU General Public License as
10  * published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program; if not, write to the Free Software Foundation, Inc.,
19  * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20  *
21  * The full GNU General Public License is included in this distribution in the
22  * file called LICENSE.
23  *
24  * Contact Information:
25  * James P. Ketrenos <ipw2100-admin@linux.intel.com>
26  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
27  *
28  *****************************************************************************/
29
30 #include <linux/kernel.h>
31 #include <linux/module.h>
32 #include <linux/version.h>
33 #include <linux/init.h>
34 #include <linux/pci.h>
35 #include <linux/dma-mapping.h>
36 #include <linux/delay.h>
37 #include <linux/skbuff.h>
38 #include <linux/netdevice.h>
39 #include <linux/wireless.h>
40 #include <linux/firmware.h>
41 #include <linux/etherdevice.h>
42 #include <linux/if_arp.h>
43
44 #include <net/ieee80211_radiotap.h>
45 #include <net/mac80211.h>
46
47 #include <asm/div64.h>
48
49 #include "iwl-3945.h"
50 #include "iwl-helpers.h"
51
52 #ifdef CONFIG_IWL3945_DEBUG
53 u32 iwl3945_debug_level;
54 #endif
55
56 static int iwl3945_tx_queue_update_write_ptr(struct iwl3945_priv *priv,
57                                   struct iwl3945_tx_queue *txq);
58
59 /******************************************************************************
60  *
61  * module boiler plate
62  *
63  ******************************************************************************/
64
65 /* module parameters */
66 static int iwl3945_param_disable_hw_scan; /* def: 0 = use 3945's h/w scan */
67 static int iwl3945_param_debug;    /* def: 0 = minimal debug log messages */
68 static int iwl3945_param_disable;  /* def: 0 = enable radio */
69 static int iwl3945_param_antenna;  /* def: 0 = both antennas (use diversity) */
70 int iwl3945_param_hwcrypto;        /* def: 0 = use software encryption */
71 static int iwl3945_param_qos_enable = 1; /* def: 1 = use quality of service */
72 int iwl3945_param_queues_num = IWL_MAX_NUM_QUEUES; /* def: 8 Tx queues */
73
74 /*
75  * module name, copyright, version, etc.
76  * NOTE: DRV_NAME is defined in iwlwifi.h for use by iwl-debug.h and printk
77  */
78
79 #define DRV_DESCRIPTION \
80 "Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for Linux"
81
82 #ifdef CONFIG_IWL3945_DEBUG
83 #define VD "d"
84 #else
85 #define VD
86 #endif
87
88 #ifdef CONFIG_IWL3945_SPECTRUM_MEASUREMENT
89 #define VS "s"
90 #else
91 #define VS
92 #endif
93
94 #define IWLWIFI_VERSION "1.2.23k" VD VS
95 #define DRV_COPYRIGHT   "Copyright(c) 2003-2007 Intel Corporation"
96 #define DRV_VERSION     IWLWIFI_VERSION
97
98 /* Change firmware file name, using "-" and incrementing number,
99  *   *only* when uCode interface or architecture changes so that it
100  *   is not compatible with earlier drivers.
101  * This number will also appear in << 8 position of 1st dword of uCode file */
102 #define IWL3945_UCODE_API "-1"
103
104 MODULE_DESCRIPTION(DRV_DESCRIPTION);
105 MODULE_VERSION(DRV_VERSION);
106 MODULE_AUTHOR(DRV_COPYRIGHT);
107 MODULE_LICENSE("GPL");
108
109 static __le16 *ieee80211_get_qos_ctrl(struct ieee80211_hdr *hdr)
110 {
111         u16 fc = le16_to_cpu(hdr->frame_control);
112         int hdr_len = ieee80211_get_hdrlen(fc);
113
114         if ((fc & 0x00cc) == (IEEE80211_STYPE_QOS_DATA | IEEE80211_FTYPE_DATA))
115                 return (__le16 *) ((u8 *) hdr + hdr_len - QOS_CONTROL_LEN);
116         return NULL;
117 }
118
119 static const struct ieee80211_hw_mode *iwl3945_get_hw_mode(
120                 struct iwl3945_priv *priv, int mode)
121 {
122         int i;
123
124         for (i = 0; i < 3; i++)
125                 if (priv->modes[i].mode == mode)
126                         return &priv->modes[i];
127
128         return NULL;
129 }
130
131 static int iwl3945_is_empty_essid(const char *essid, int essid_len)
132 {
133         /* Single white space is for Linksys APs */
134         if (essid_len == 1 && essid[0] == ' ')
135                 return 1;
136
137         /* Otherwise, if the entire essid is 0, we assume it is hidden */
138         while (essid_len) {
139                 essid_len--;
140                 if (essid[essid_len] != '\0')
141                         return 0;
142         }
143
144         return 1;
145 }
146
147 static const char *iwl3945_escape_essid(const char *essid, u8 essid_len)
148 {
149         static char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
150         const char *s = essid;
151         char *d = escaped;
152
153         if (iwl3945_is_empty_essid(essid, essid_len)) {
154                 memcpy(escaped, "<hidden>", sizeof("<hidden>"));
155                 return escaped;
156         }
157
158         essid_len = min(essid_len, (u8) IW_ESSID_MAX_SIZE);
159         while (essid_len--) {
160                 if (*s == '\0') {
161                         *d++ = '\\';
162                         *d++ = '0';
163                         s++;
164                 } else
165                         *d++ = *s++;
166         }
167         *d = '\0';
168         return escaped;
169 }
170
171 static void iwl3945_print_hex_dump(int level, void *p, u32 len)
172 {
173 #ifdef CONFIG_IWL3945_DEBUG
174         if (!(iwl3945_debug_level & level))
175                 return;
176
177         print_hex_dump(KERN_DEBUG, "iwl data: ", DUMP_PREFIX_OFFSET, 16, 1,
178                         p, len, 1);
179 #endif
180 }
181
182 /*************** DMA-QUEUE-GENERAL-FUNCTIONS  *****
183  * DMA services
184  *
185  * Theory of operation
186  *
187  * A Tx or Rx queue resides in host DRAM, and is comprised of a circular buffer
188  * of buffer descriptors, each of which points to one or more data buffers for
189  * the device to read from or fill.  Driver and device exchange status of each
190  * queue via "read" and "write" pointers.  Driver keeps minimum of 2 empty
191  * entries in each circular buffer, to protect against confusing empty and full
192  * queue states.
193  *
194  * The device reads or writes the data in the queues via the device's several
195  * DMA/FIFO channels.  Each queue is mapped to a single DMA channel.
196  *
197  * For Tx queue, there are low mark and high mark limits. If, after queuing
198  * the packet for Tx, free space become < low mark, Tx queue stopped. When
199  * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
200  * Tx queue resumed.
201  *
202  * The 3945 operates with six queues:  One receive queue, one transmit queue
203  * (#4) for sending commands to the device firmware, and four transmit queues
204  * (#0-3) for data tx via EDCA.  An additional 2 HCCA queues are unused.
205  ***************************************************/
206
207 static int iwl3945_queue_space(const struct iwl3945_queue *q)
208 {
209         int s = q->read_ptr - q->write_ptr;
210
211         if (q->read_ptr > q->write_ptr)
212                 s -= q->n_bd;
213
214         if (s <= 0)
215                 s += q->n_window;
216         /* keep some reserve to not confuse empty and full situations */
217         s -= 2;
218         if (s < 0)
219                 s = 0;
220         return s;
221 }
222
223 /**
224  * iwl3945_queue_inc_wrap - increment queue index, wrap back to beginning
225  * @index -- current index
226  * @n_bd -- total number of entries in queue (must be power of 2)
227  */
228 static inline int iwl3945_queue_inc_wrap(int index, int n_bd)
229 {
230         return ++index & (n_bd - 1);
231 }
232
233 /**
234  * iwl3945_queue_dec_wrap - increment queue index, wrap back to end
235  * @index -- current index
236  * @n_bd -- total number of entries in queue (must be power of 2)
237  */
238 static inline int iwl3945_queue_dec_wrap(int index, int n_bd)
239 {
240         return --index & (n_bd - 1);
241 }
242
243 static inline int x2_queue_used(const struct iwl3945_queue *q, int i)
244 {
245         return q->write_ptr > q->read_ptr ?
246                 (i >= q->read_ptr && i < q->write_ptr) :
247                 !(i < q->read_ptr && i >= q->write_ptr);
248 }
249
250 static inline u8 get_cmd_index(struct iwl3945_queue *q, u32 index, int is_huge)
251 {
252         /* This is for scan command, the big buffer at end of command array */
253         if (is_huge)
254                 return q->n_window;     /* must be power of 2 */
255
256         /* Otherwise, use normal size buffers */
257         return index & (q->n_window - 1);
258 }
259
260 /**
261  * iwl3945_queue_init - Initialize queue's high/low-water and read/write indexes
262  */
263 static int iwl3945_queue_init(struct iwl3945_priv *priv, struct iwl3945_queue *q,
264                           int count, int slots_num, u32 id)
265 {
266         q->n_bd = count;
267         q->n_window = slots_num;
268         q->id = id;
269
270         /* count must be power-of-two size, otherwise iwl3945_queue_inc_wrap
271          * and iwl3945_queue_dec_wrap are broken. */
272         BUG_ON(!is_power_of_2(count));
273
274         /* slots_num must be power-of-two size, otherwise
275          * get_cmd_index is broken. */
276         BUG_ON(!is_power_of_2(slots_num));
277
278         q->low_mark = q->n_window / 4;
279         if (q->low_mark < 4)
280                 q->low_mark = 4;
281
282         q->high_mark = q->n_window / 8;
283         if (q->high_mark < 2)
284                 q->high_mark = 2;
285
286         q->write_ptr = q->read_ptr = 0;
287
288         return 0;
289 }
290
291 /**
292  * iwl3945_tx_queue_alloc - Alloc driver data and TFD CB for one Tx/cmd queue
293  */
294 static int iwl3945_tx_queue_alloc(struct iwl3945_priv *priv,
295                               struct iwl3945_tx_queue *txq, u32 id)
296 {
297         struct pci_dev *dev = priv->pci_dev;
298
299         /* Driver private data, only for Tx (not command) queues,
300          * not shared with device. */
301         if (id != IWL_CMD_QUEUE_NUM) {
302                 txq->txb = kmalloc(sizeof(txq->txb[0]) *
303                                    TFD_QUEUE_SIZE_MAX, GFP_KERNEL);
304                 if (!txq->txb) {
305                         IWL_ERROR("kmalloc for auxiliary BD "
306                                   "structures failed\n");
307                         goto error;
308                 }
309         } else
310                 txq->txb = NULL;
311
312         /* Circular buffer of transmit frame descriptors (TFDs),
313          * shared with device */
314         txq->bd = pci_alloc_consistent(dev,
315                         sizeof(txq->bd[0]) * TFD_QUEUE_SIZE_MAX,
316                         &txq->q.dma_addr);
317
318         if (!txq->bd) {
319                 IWL_ERROR("pci_alloc_consistent(%zd) failed\n",
320                           sizeof(txq->bd[0]) * TFD_QUEUE_SIZE_MAX);
321                 goto error;
322         }
323         txq->q.id = id;
324
325         return 0;
326
327  error:
328         if (txq->txb) {
329                 kfree(txq->txb);
330                 txq->txb = NULL;
331         }
332
333         return -ENOMEM;
334 }
335
336 /**
337  * iwl3945_tx_queue_init - Allocate and initialize one tx/cmd queue
338  */
339 int iwl3945_tx_queue_init(struct iwl3945_priv *priv,
340                       struct iwl3945_tx_queue *txq, int slots_num, u32 txq_id)
341 {
342         struct pci_dev *dev = priv->pci_dev;
343         int len;
344         int rc = 0;
345
346         /*
347          * Alloc buffer array for commands (Tx or other types of commands).
348          * For the command queue (#4), allocate command space + one big
349          * command for scan, since scan command is very huge; the system will
350          * not have two scans at the same time, so only one is needed.
351          * For data Tx queues (all other queues), no super-size command
352          * space is needed.
353          */
354         len = sizeof(struct iwl3945_cmd) * slots_num;
355         if (txq_id == IWL_CMD_QUEUE_NUM)
356                 len +=  IWL_MAX_SCAN_SIZE;
357         txq->cmd = pci_alloc_consistent(dev, len, &txq->dma_addr_cmd);
358         if (!txq->cmd)
359                 return -ENOMEM;
360
361         /* Alloc driver data array and TFD circular buffer */
362         rc = iwl3945_tx_queue_alloc(priv, txq, txq_id);
363         if (rc) {
364                 pci_free_consistent(dev, len, txq->cmd, txq->dma_addr_cmd);
365
366                 return -ENOMEM;
367         }
368         txq->need_update = 0;
369
370         /* TFD_QUEUE_SIZE_MAX must be power-of-two size, otherwise
371          * iwl3945_queue_inc_wrap and iwl3945_queue_dec_wrap are broken. */
372         BUILD_BUG_ON(TFD_QUEUE_SIZE_MAX & (TFD_QUEUE_SIZE_MAX - 1));
373
374         /* Initialize queue high/low-water, head/tail indexes */
375         iwl3945_queue_init(priv, &txq->q, TFD_QUEUE_SIZE_MAX, slots_num, txq_id);
376
377         /* Tell device where to find queue, enable DMA channel. */
378         iwl3945_hw_tx_queue_init(priv, txq);
379
380         return 0;
381 }
382
383 /**
384  * iwl3945_tx_queue_free - Deallocate DMA queue.
385  * @txq: Transmit queue to deallocate.
386  *
387  * Empty queue by removing and destroying all BD's.
388  * Free all buffers.
389  * 0-fill, but do not free "txq" descriptor structure.
390  */
391 void iwl3945_tx_queue_free(struct iwl3945_priv *priv, struct iwl3945_tx_queue *txq)
392 {
393         struct iwl3945_queue *q = &txq->q;
394         struct pci_dev *dev = priv->pci_dev;
395         int len;
396
397         if (q->n_bd == 0)
398                 return;
399
400         /* first, empty all BD's */
401         for (; q->write_ptr != q->read_ptr;
402              q->read_ptr = iwl3945_queue_inc_wrap(q->read_ptr, q->n_bd))
403                 iwl3945_hw_txq_free_tfd(priv, txq);
404
405         len = sizeof(struct iwl3945_cmd) * q->n_window;
406         if (q->id == IWL_CMD_QUEUE_NUM)
407                 len += IWL_MAX_SCAN_SIZE;
408
409         /* De-alloc array of command/tx buffers */
410         pci_free_consistent(dev, len, txq->cmd, txq->dma_addr_cmd);
411
412         /* De-alloc circular buffer of TFDs */
413         if (txq->q.n_bd)
414                 pci_free_consistent(dev, sizeof(struct iwl3945_tfd_frame) *
415                                     txq->q.n_bd, txq->bd, txq->q.dma_addr);
416
417         /* De-alloc array of per-TFD driver data */
418         if (txq->txb) {
419                 kfree(txq->txb);
420                 txq->txb = NULL;
421         }
422
423         /* 0-fill queue descriptor structure */
424         memset(txq, 0, sizeof(*txq));
425 }
426
427 const u8 iwl3945_broadcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
428
429 /*************** STATION TABLE MANAGEMENT ****
430  * mac80211 should be examined to determine if sta_info is duplicating
431  * the functionality provided here
432  */
433
434 /**************************************************************/
435 #if 0 /* temporary disable till we add real remove station */
436 /**
437  * iwl3945_remove_station - Remove driver's knowledge of station.
438  *
439  * NOTE:  This does not remove station from device's station table.
440  */
441 static u8 iwl3945_remove_station(struct iwl3945_priv *priv, const u8 *addr, int is_ap)
442 {
443         int index = IWL_INVALID_STATION;
444         int i;
445         unsigned long flags;
446
447         spin_lock_irqsave(&priv->sta_lock, flags);
448
449         if (is_ap)
450                 index = IWL_AP_ID;
451         else if (is_broadcast_ether_addr(addr))
452                 index = priv->hw_setting.bcast_sta_id;
453         else
454                 for (i = IWL_STA_ID; i < priv->hw_setting.max_stations; i++)
455                         if (priv->stations[i].used &&
456                             !compare_ether_addr(priv->stations[i].sta.sta.addr,
457                                                 addr)) {
458                                 index = i;
459                                 break;
460                         }
461
462         if (unlikely(index == IWL_INVALID_STATION))
463                 goto out;
464
465         if (priv->stations[index].used) {
466                 priv->stations[index].used = 0;
467                 priv->num_stations--;
468         }
469
470         BUG_ON(priv->num_stations < 0);
471
472 out:
473         spin_unlock_irqrestore(&priv->sta_lock, flags);
474         return 0;
475 }
476 #endif
477
478 /**
479  * iwl3945_clear_stations_table - Clear the driver's station table
480  *
481  * NOTE:  This does not clear or otherwise alter the device's station table.
482  */
483 static void iwl3945_clear_stations_table(struct iwl3945_priv *priv)
484 {
485         unsigned long flags;
486
487         spin_lock_irqsave(&priv->sta_lock, flags);
488
489         priv->num_stations = 0;
490         memset(priv->stations, 0, sizeof(priv->stations));
491
492         spin_unlock_irqrestore(&priv->sta_lock, flags);
493 }
494
495 /**
496  * iwl3945_add_station - Add station to station tables in driver and device
497  */
498 u8 iwl3945_add_station(struct iwl3945_priv *priv, const u8 *addr, int is_ap, u8 flags)
499 {
500         int i;
501         int index = IWL_INVALID_STATION;
502         struct iwl3945_station_entry *station;
503         unsigned long flags_spin;
504         DECLARE_MAC_BUF(mac);
505         u8 rate;
506
507         spin_lock_irqsave(&priv->sta_lock, flags_spin);
508         if (is_ap)
509                 index = IWL_AP_ID;
510         else if (is_broadcast_ether_addr(addr))
511                 index = priv->hw_setting.bcast_sta_id;
512         else
513                 for (i = IWL_STA_ID; i < priv->hw_setting.max_stations; i++) {
514                         if (!compare_ether_addr(priv->stations[i].sta.sta.addr,
515                                                 addr)) {
516                                 index = i;
517                                 break;
518                         }
519
520                         if (!priv->stations[i].used &&
521                             index == IWL_INVALID_STATION)
522                                 index = i;
523                 }
524
525         /* These two conditions has the same outcome but keep them separate
526           since they have different meaning */
527         if (unlikely(index == IWL_INVALID_STATION)) {
528                 spin_unlock_irqrestore(&priv->sta_lock, flags_spin);
529                 return index;
530         }
531
532         if (priv->stations[index].used &&
533            !compare_ether_addr(priv->stations[index].sta.sta.addr, addr)) {
534                 spin_unlock_irqrestore(&priv->sta_lock, flags_spin);
535                 return index;
536         }
537
538         IWL_DEBUG_ASSOC("Add STA ID %d: %s\n", index, print_mac(mac, addr));
539         station = &priv->stations[index];
540         station->used = 1;
541         priv->num_stations++;
542
543         /* Set up the REPLY_ADD_STA command to send to device */
544         memset(&station->sta, 0, sizeof(struct iwl3945_addsta_cmd));
545         memcpy(station->sta.sta.addr, addr, ETH_ALEN);
546         station->sta.mode = 0;
547         station->sta.sta.sta_id = index;
548         station->sta.station_flags = 0;
549
550         if (priv->phymode == MODE_IEEE80211A)
551                 rate = IWL_RATE_6M_PLCP;
552         else
553                 rate =  IWL_RATE_1M_PLCP;
554
555         /* Turn on both antennas for the station... */
556         station->sta.rate_n_flags =
557                         iwl3945_hw_set_rate_n_flags(rate, RATE_MCS_ANT_AB_MSK);
558         station->current_rate.rate_n_flags =
559                         le16_to_cpu(station->sta.rate_n_flags);
560
561         spin_unlock_irqrestore(&priv->sta_lock, flags_spin);
562
563         /* Add station to device's station table */
564         iwl3945_send_add_station(priv, &station->sta, flags);
565         return index;
566
567 }
568
569 /*************** DRIVER STATUS FUNCTIONS   *****/
570
571 static inline int iwl3945_is_ready(struct iwl3945_priv *priv)
572 {
573         /* The adapter is 'ready' if READY and GEO_CONFIGURED bits are
574          * set but EXIT_PENDING is not */
575         return test_bit(STATUS_READY, &priv->status) &&
576                test_bit(STATUS_GEO_CONFIGURED, &priv->status) &&
577                !test_bit(STATUS_EXIT_PENDING, &priv->status);
578 }
579
580 static inline int iwl3945_is_alive(struct iwl3945_priv *priv)
581 {
582         return test_bit(STATUS_ALIVE, &priv->status);
583 }
584
585 static inline int iwl3945_is_init(struct iwl3945_priv *priv)
586 {
587         return test_bit(STATUS_INIT, &priv->status);
588 }
589
590 static inline int iwl3945_is_rfkill(struct iwl3945_priv *priv)
591 {
592         return test_bit(STATUS_RF_KILL_HW, &priv->status) ||
593                test_bit(STATUS_RF_KILL_SW, &priv->status);
594 }
595
596 static inline int iwl3945_is_ready_rf(struct iwl3945_priv *priv)
597 {
598
599         if (iwl3945_is_rfkill(priv))
600                 return 0;
601
602         return iwl3945_is_ready(priv);
603 }
604
605 /*************** HOST COMMAND QUEUE FUNCTIONS   *****/
606
607 #define IWL_CMD(x) case x : return #x
608
609 static const char *get_cmd_string(u8 cmd)
610 {
611         switch (cmd) {
612                 IWL_CMD(REPLY_ALIVE);
613                 IWL_CMD(REPLY_ERROR);
614                 IWL_CMD(REPLY_RXON);
615                 IWL_CMD(REPLY_RXON_ASSOC);
616                 IWL_CMD(REPLY_QOS_PARAM);
617                 IWL_CMD(REPLY_RXON_TIMING);
618                 IWL_CMD(REPLY_ADD_STA);
619                 IWL_CMD(REPLY_REMOVE_STA);
620                 IWL_CMD(REPLY_REMOVE_ALL_STA);
621                 IWL_CMD(REPLY_3945_RX);
622                 IWL_CMD(REPLY_TX);
623                 IWL_CMD(REPLY_RATE_SCALE);
624                 IWL_CMD(REPLY_LEDS_CMD);
625                 IWL_CMD(REPLY_TX_LINK_QUALITY_CMD);
626                 IWL_CMD(RADAR_NOTIFICATION);
627                 IWL_CMD(REPLY_QUIET_CMD);
628                 IWL_CMD(REPLY_CHANNEL_SWITCH);
629                 IWL_CMD(CHANNEL_SWITCH_NOTIFICATION);
630                 IWL_CMD(REPLY_SPECTRUM_MEASUREMENT_CMD);
631                 IWL_CMD(SPECTRUM_MEASURE_NOTIFICATION);
632                 IWL_CMD(POWER_TABLE_CMD);
633                 IWL_CMD(PM_SLEEP_NOTIFICATION);
634                 IWL_CMD(PM_DEBUG_STATISTIC_NOTIFIC);
635                 IWL_CMD(REPLY_SCAN_CMD);
636                 IWL_CMD(REPLY_SCAN_ABORT_CMD);
637                 IWL_CMD(SCAN_START_NOTIFICATION);
638                 IWL_CMD(SCAN_RESULTS_NOTIFICATION);
639                 IWL_CMD(SCAN_COMPLETE_NOTIFICATION);
640                 IWL_CMD(BEACON_NOTIFICATION);
641                 IWL_CMD(REPLY_TX_BEACON);
642                 IWL_CMD(WHO_IS_AWAKE_NOTIFICATION);
643                 IWL_CMD(QUIET_NOTIFICATION);
644                 IWL_CMD(REPLY_TX_PWR_TABLE_CMD);
645                 IWL_CMD(MEASURE_ABORT_NOTIFICATION);
646                 IWL_CMD(REPLY_BT_CONFIG);
647                 IWL_CMD(REPLY_STATISTICS_CMD);
648                 IWL_CMD(STATISTICS_NOTIFICATION);
649                 IWL_CMD(REPLY_CARD_STATE_CMD);
650                 IWL_CMD(CARD_STATE_NOTIFICATION);
651                 IWL_CMD(MISSED_BEACONS_NOTIFICATION);
652         default:
653                 return "UNKNOWN";
654
655         }
656 }
657
658 #define HOST_COMPLETE_TIMEOUT (HZ / 2)
659
660 /**
661  * iwl3945_enqueue_hcmd - enqueue a uCode command
662  * @priv: device private data point
663  * @cmd: a point to the ucode command structure
664  *
665  * The function returns < 0 values to indicate the operation is
666  * failed. On success, it turns the index (> 0) of command in the
667  * command queue.
668  */
669 static int iwl3945_enqueue_hcmd(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
670 {
671         struct iwl3945_tx_queue *txq = &priv->txq[IWL_CMD_QUEUE_NUM];
672         struct iwl3945_queue *q = &txq->q;
673         struct iwl3945_tfd_frame *tfd;
674         u32 *control_flags;
675         struct iwl3945_cmd *out_cmd;
676         u32 idx;
677         u16 fix_size = (u16)(cmd->len + sizeof(out_cmd->hdr));
678         dma_addr_t phys_addr;
679         int pad;
680         u16 count;
681         int ret;
682         unsigned long flags;
683
684         /* If any of the command structures end up being larger than
685          * the TFD_MAX_PAYLOAD_SIZE, and it sent as a 'small' command then
686          * we will need to increase the size of the TFD entries */
687         BUG_ON((fix_size > TFD_MAX_PAYLOAD_SIZE) &&
688                !(cmd->meta.flags & CMD_SIZE_HUGE));
689
690         if (iwl3945_queue_space(q) < ((cmd->meta.flags & CMD_ASYNC) ? 2 : 1)) {
691                 IWL_ERROR("No space for Tx\n");
692                 return -ENOSPC;
693         }
694
695         spin_lock_irqsave(&priv->hcmd_lock, flags);
696
697         tfd = &txq->bd[q->write_ptr];
698         memset(tfd, 0, sizeof(*tfd));
699
700         control_flags = (u32 *) tfd;
701
702         idx = get_cmd_index(q, q->write_ptr, cmd->meta.flags & CMD_SIZE_HUGE);
703         out_cmd = &txq->cmd[idx];
704
705         out_cmd->hdr.cmd = cmd->id;
706         memcpy(&out_cmd->meta, &cmd->meta, sizeof(cmd->meta));
707         memcpy(&out_cmd->cmd.payload, cmd->data, cmd->len);
708
709         /* At this point, the out_cmd now has all of the incoming cmd
710          * information */
711
712         out_cmd->hdr.flags = 0;
713         out_cmd->hdr.sequence = cpu_to_le16(QUEUE_TO_SEQ(IWL_CMD_QUEUE_NUM) |
714                         INDEX_TO_SEQ(q->write_ptr));
715         if (out_cmd->meta.flags & CMD_SIZE_HUGE)
716                 out_cmd->hdr.sequence |= cpu_to_le16(SEQ_HUGE_FRAME);
717
718         phys_addr = txq->dma_addr_cmd + sizeof(txq->cmd[0]) * idx +
719                         offsetof(struct iwl3945_cmd, hdr);
720         iwl3945_hw_txq_attach_buf_to_tfd(priv, tfd, phys_addr, fix_size);
721
722         pad = U32_PAD(cmd->len);
723         count = TFD_CTL_COUNT_GET(*control_flags);
724         *control_flags = TFD_CTL_COUNT_SET(count) | TFD_CTL_PAD_SET(pad);
725
726         IWL_DEBUG_HC("Sending command %s (#%x), seq: 0x%04X, "
727                      "%d bytes at %d[%d]:%d\n",
728                      get_cmd_string(out_cmd->hdr.cmd),
729                      out_cmd->hdr.cmd, le16_to_cpu(out_cmd->hdr.sequence),
730                      fix_size, q->write_ptr, idx, IWL_CMD_QUEUE_NUM);
731
732         txq->need_update = 1;
733
734         /* Increment and update queue's write index */
735         q->write_ptr = iwl3945_queue_inc_wrap(q->write_ptr, q->n_bd);
736         ret = iwl3945_tx_queue_update_write_ptr(priv, txq);
737
738         spin_unlock_irqrestore(&priv->hcmd_lock, flags);
739         return ret ? ret : idx;
740 }
741
742 static int iwl3945_send_cmd_async(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
743 {
744         int ret;
745
746         BUG_ON(!(cmd->meta.flags & CMD_ASYNC));
747
748         /* An asynchronous command can not expect an SKB to be set. */
749         BUG_ON(cmd->meta.flags & CMD_WANT_SKB);
750
751         /* An asynchronous command MUST have a callback. */
752         BUG_ON(!cmd->meta.u.callback);
753
754         if (test_bit(STATUS_EXIT_PENDING, &priv->status))
755                 return -EBUSY;
756
757         ret = iwl3945_enqueue_hcmd(priv, cmd);
758         if (ret < 0) {
759                 IWL_ERROR("Error sending %s: iwl3945_enqueue_hcmd failed: %d\n",
760                           get_cmd_string(cmd->id), ret);
761                 return ret;
762         }
763         return 0;
764 }
765
766 static int iwl3945_send_cmd_sync(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
767 {
768         int cmd_idx;
769         int ret;
770         static atomic_t entry = ATOMIC_INIT(0); /* reentrance protection */
771
772         BUG_ON(cmd->meta.flags & CMD_ASYNC);
773
774          /* A synchronous command can not have a callback set. */
775         BUG_ON(cmd->meta.u.callback != NULL);
776
777         if (atomic_xchg(&entry, 1)) {
778                 IWL_ERROR("Error sending %s: Already sending a host command\n",
779                           get_cmd_string(cmd->id));
780                 return -EBUSY;
781         }
782
783         set_bit(STATUS_HCMD_ACTIVE, &priv->status);
784
785         if (cmd->meta.flags & CMD_WANT_SKB)
786                 cmd->meta.source = &cmd->meta;
787
788         cmd_idx = iwl3945_enqueue_hcmd(priv, cmd);
789         if (cmd_idx < 0) {
790                 ret = cmd_idx;
791                 IWL_ERROR("Error sending %s: iwl3945_enqueue_hcmd failed: %d\n",
792                           get_cmd_string(cmd->id), ret);
793                 goto out;
794         }
795
796         ret = wait_event_interruptible_timeout(priv->wait_command_queue,
797                         !test_bit(STATUS_HCMD_ACTIVE, &priv->status),
798                         HOST_COMPLETE_TIMEOUT);
799         if (!ret) {
800                 if (test_bit(STATUS_HCMD_ACTIVE, &priv->status)) {
801                         IWL_ERROR("Error sending %s: time out after %dms.\n",
802                                   get_cmd_string(cmd->id),
803                                   jiffies_to_msecs(HOST_COMPLETE_TIMEOUT));
804
805                         clear_bit(STATUS_HCMD_ACTIVE, &priv->status);
806                         ret = -ETIMEDOUT;
807                         goto cancel;
808                 }
809         }
810
811         if (test_bit(STATUS_RF_KILL_HW, &priv->status)) {
812                 IWL_DEBUG_INFO("Command %s aborted: RF KILL Switch\n",
813                                get_cmd_string(cmd->id));
814                 ret = -ECANCELED;
815                 goto fail;
816         }
817         if (test_bit(STATUS_FW_ERROR, &priv->status)) {
818                 IWL_DEBUG_INFO("Command %s failed: FW Error\n",
819                                get_cmd_string(cmd->id));
820                 ret = -EIO;
821                 goto fail;
822         }
823         if ((cmd->meta.flags & CMD_WANT_SKB) && !cmd->meta.u.skb) {
824                 IWL_ERROR("Error: Response NULL in '%s'\n",
825                           get_cmd_string(cmd->id));
826                 ret = -EIO;
827                 goto out;
828         }
829
830         ret = 0;
831         goto out;
832
833 cancel:
834         if (cmd->meta.flags & CMD_WANT_SKB) {
835                 struct iwl3945_cmd *qcmd;
836
837                 /* Cancel the CMD_WANT_SKB flag for the cmd in the
838                  * TX cmd queue. Otherwise in case the cmd comes
839                  * in later, it will possibly set an invalid
840                  * address (cmd->meta.source). */
841                 qcmd = &priv->txq[IWL_CMD_QUEUE_NUM].cmd[cmd_idx];
842                 qcmd->meta.flags &= ~CMD_WANT_SKB;
843         }
844 fail:
845         if (cmd->meta.u.skb) {
846                 dev_kfree_skb_any(cmd->meta.u.skb);
847                 cmd->meta.u.skb = NULL;
848         }
849 out:
850         atomic_set(&entry, 0);
851         return ret;
852 }
853
854 int iwl3945_send_cmd(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
855 {
856         if (cmd->meta.flags & CMD_ASYNC)
857                 return iwl3945_send_cmd_async(priv, cmd);
858
859         return iwl3945_send_cmd_sync(priv, cmd);
860 }
861
862 int iwl3945_send_cmd_pdu(struct iwl3945_priv *priv, u8 id, u16 len, const void *data)
863 {
864         struct iwl3945_host_cmd cmd = {
865                 .id = id,
866                 .len = len,
867                 .data = data,
868         };
869
870         return iwl3945_send_cmd_sync(priv, &cmd);
871 }
872
873 static int __must_check iwl3945_send_cmd_u32(struct iwl3945_priv *priv, u8 id, u32 val)
874 {
875         struct iwl3945_host_cmd cmd = {
876                 .id = id,
877                 .len = sizeof(val),
878                 .data = &val,
879         };
880
881         return iwl3945_send_cmd_sync(priv, &cmd);
882 }
883
884 int iwl3945_send_statistics_request(struct iwl3945_priv *priv)
885 {
886         return iwl3945_send_cmd_u32(priv, REPLY_STATISTICS_CMD, 0);
887 }
888
889 /**
890  * iwl3945_set_rxon_channel - Set the phymode and channel values in staging RXON
891  * @phymode: MODE_IEEE80211A sets to 5.2GHz; all else set to 2.4GHz
892  * @channel: Any channel valid for the requested phymode
893
894  * In addition to setting the staging RXON, priv->phymode is also set.
895  *
896  * NOTE:  Does not commit to the hardware; it sets appropriate bit fields
897  * in the staging RXON flag structure based on the phymode
898  */
899 static int iwl3945_set_rxon_channel(struct iwl3945_priv *priv, u8 phymode, u16 channel)
900 {
901         if (!iwl3945_get_channel_info(priv, phymode, channel)) {
902                 IWL_DEBUG_INFO("Could not set channel to %d [%d]\n",
903                                channel, phymode);
904                 return -EINVAL;
905         }
906
907         if ((le16_to_cpu(priv->staging_rxon.channel) == channel) &&
908             (priv->phymode == phymode))
909                 return 0;
910
911         priv->staging_rxon.channel = cpu_to_le16(channel);
912         if (phymode == MODE_IEEE80211A)
913                 priv->staging_rxon.flags &= ~RXON_FLG_BAND_24G_MSK;
914         else
915                 priv->staging_rxon.flags |= RXON_FLG_BAND_24G_MSK;
916
917         priv->phymode = phymode;
918
919         IWL_DEBUG_INFO("Staging channel set to %d [%d]\n", channel, phymode);
920
921         return 0;
922 }
923
924 /**
925  * iwl3945_check_rxon_cmd - validate RXON structure is valid
926  *
927  * NOTE:  This is really only useful during development and can eventually
928  * be #ifdef'd out once the driver is stable and folks aren't actively
929  * making changes
930  */
931 static int iwl3945_check_rxon_cmd(struct iwl3945_rxon_cmd *rxon)
932 {
933         int error = 0;
934         int counter = 1;
935
936         if (rxon->flags & RXON_FLG_BAND_24G_MSK) {
937                 error |= le32_to_cpu(rxon->flags &
938                                 (RXON_FLG_TGJ_NARROW_BAND_MSK |
939                                  RXON_FLG_RADAR_DETECT_MSK));
940                 if (error)
941                         IWL_WARNING("check 24G fields %d | %d\n",
942                                     counter++, error);
943         } else {
944                 error |= (rxon->flags & RXON_FLG_SHORT_SLOT_MSK) ?
945                                 0 : le32_to_cpu(RXON_FLG_SHORT_SLOT_MSK);
946                 if (error)
947                         IWL_WARNING("check 52 fields %d | %d\n",
948                                     counter++, error);
949                 error |= le32_to_cpu(rxon->flags & RXON_FLG_CCK_MSK);
950                 if (error)
951                         IWL_WARNING("check 52 CCK %d | %d\n",
952                                     counter++, error);
953         }
954         error |= (rxon->node_addr[0] | rxon->bssid_addr[0]) & 0x1;
955         if (error)
956                 IWL_WARNING("check mac addr %d | %d\n", counter++, error);
957
958         /* make sure basic rates 6Mbps and 1Mbps are supported */
959         error |= (((rxon->ofdm_basic_rates & IWL_RATE_6M_MASK) == 0) &&
960                   ((rxon->cck_basic_rates & IWL_RATE_1M_MASK) == 0));
961         if (error)
962                 IWL_WARNING("check basic rate %d | %d\n", counter++, error);
963
964         error |= (le16_to_cpu(rxon->assoc_id) > 2007);
965         if (error)
966                 IWL_WARNING("check assoc id %d | %d\n", counter++, error);
967
968         error |= ((rxon->flags & (RXON_FLG_CCK_MSK | RXON_FLG_SHORT_SLOT_MSK))
969                         == (RXON_FLG_CCK_MSK | RXON_FLG_SHORT_SLOT_MSK));
970         if (error)
971                 IWL_WARNING("check CCK and short slot %d | %d\n",
972                             counter++, error);
973
974         error |= ((rxon->flags & (RXON_FLG_CCK_MSK | RXON_FLG_AUTO_DETECT_MSK))
975                         == (RXON_FLG_CCK_MSK | RXON_FLG_AUTO_DETECT_MSK));
976         if (error)
977                 IWL_WARNING("check CCK & auto detect %d | %d\n",
978                             counter++, error);
979
980         error |= ((rxon->flags & (RXON_FLG_AUTO_DETECT_MSK |
981                         RXON_FLG_TGG_PROTECT_MSK)) == RXON_FLG_TGG_PROTECT_MSK);
982         if (error)
983                 IWL_WARNING("check TGG and auto detect %d | %d\n",
984                             counter++, error);
985
986         if ((rxon->flags & RXON_FLG_DIS_DIV_MSK))
987                 error |= ((rxon->flags & (RXON_FLG_ANT_B_MSK |
988                                 RXON_FLG_ANT_A_MSK)) == 0);
989         if (error)
990                 IWL_WARNING("check antenna %d %d\n", counter++, error);
991
992         if (error)
993                 IWL_WARNING("Tuning to channel %d\n",
994                             le16_to_cpu(rxon->channel));
995
996         if (error) {
997                 IWL_ERROR("Not a valid iwl3945_rxon_assoc_cmd field values\n");
998                 return -1;
999         }
1000         return 0;
1001 }
1002
1003 /**
1004  * iwl3945_full_rxon_required - check if full RXON (vs RXON_ASSOC) cmd is needed
1005  * @priv: staging_rxon is compared to active_rxon
1006  *
1007  * If the RXON structure is changing enough to require a new tune,
1008  * or is clearing the RXON_FILTER_ASSOC_MSK, then return 1 to indicate that
1009  * a new tune (full RXON command, rather than RXON_ASSOC cmd) is required.
1010  */
1011 static int iwl3945_full_rxon_required(struct iwl3945_priv *priv)
1012 {
1013
1014         /* These items are only settable from the full RXON command */
1015         if (!(priv->active_rxon.filter_flags & RXON_FILTER_ASSOC_MSK) ||
1016             compare_ether_addr(priv->staging_rxon.bssid_addr,
1017                                priv->active_rxon.bssid_addr) ||
1018             compare_ether_addr(priv->staging_rxon.node_addr,
1019                                priv->active_rxon.node_addr) ||
1020             compare_ether_addr(priv->staging_rxon.wlap_bssid_addr,
1021                                priv->active_rxon.wlap_bssid_addr) ||
1022             (priv->staging_rxon.dev_type != priv->active_rxon.dev_type) ||
1023             (priv->staging_rxon.channel != priv->active_rxon.channel) ||
1024             (priv->staging_rxon.air_propagation !=
1025              priv->active_rxon.air_propagation) ||
1026             (priv->staging_rxon.assoc_id != priv->active_rxon.assoc_id))
1027                 return 1;
1028
1029         /* flags, filter_flags, ofdm_basic_rates, and cck_basic_rates can
1030          * be updated with the RXON_ASSOC command -- however only some
1031          * flag transitions are allowed using RXON_ASSOC */
1032
1033         /* Check if we are not switching bands */
1034         if ((priv->staging_rxon.flags & RXON_FLG_BAND_24G_MSK) !=
1035             (priv->active_rxon.flags & RXON_FLG_BAND_24G_MSK))
1036                 return 1;
1037
1038         /* Check if we are switching association toggle */
1039         if ((priv->staging_rxon.filter_flags & RXON_FILTER_ASSOC_MSK) !=
1040                 (priv->active_rxon.filter_flags & RXON_FILTER_ASSOC_MSK))
1041                 return 1;
1042
1043         return 0;
1044 }
1045
1046 static int iwl3945_send_rxon_assoc(struct iwl3945_priv *priv)
1047 {
1048         int rc = 0;
1049         struct iwl3945_rx_packet *res = NULL;
1050         struct iwl3945_rxon_assoc_cmd rxon_assoc;
1051         struct iwl3945_host_cmd cmd = {
1052                 .id = REPLY_RXON_ASSOC,
1053                 .len = sizeof(rxon_assoc),
1054                 .meta.flags = CMD_WANT_SKB,
1055                 .data = &rxon_assoc,
1056         };
1057         const struct iwl3945_rxon_cmd *rxon1 = &priv->staging_rxon;
1058         const struct iwl3945_rxon_cmd *rxon2 = &priv->active_rxon;
1059
1060         if ((rxon1->flags == rxon2->flags) &&
1061             (rxon1->filter_flags == rxon2->filter_flags) &&
1062             (rxon1->cck_basic_rates == rxon2->cck_basic_rates) &&
1063             (rxon1->ofdm_basic_rates == rxon2->ofdm_basic_rates)) {
1064                 IWL_DEBUG_INFO("Using current RXON_ASSOC.  Not resending.\n");
1065                 return 0;
1066         }
1067
1068         rxon_assoc.flags = priv->staging_rxon.flags;
1069         rxon_assoc.filter_flags = priv->staging_rxon.filter_flags;
1070         rxon_assoc.ofdm_basic_rates = priv->staging_rxon.ofdm_basic_rates;
1071         rxon_assoc.cck_basic_rates = priv->staging_rxon.cck_basic_rates;
1072         rxon_assoc.reserved = 0;
1073
1074         rc = iwl3945_send_cmd_sync(priv, &cmd);
1075         if (rc)
1076                 return rc;
1077
1078         res = (struct iwl3945_rx_packet *)cmd.meta.u.skb->data;
1079         if (res->hdr.flags & IWL_CMD_FAILED_MSK) {
1080                 IWL_ERROR("Bad return from REPLY_RXON_ASSOC command\n");
1081                 rc = -EIO;
1082         }
1083
1084         priv->alloc_rxb_skb--;
1085         dev_kfree_skb_any(cmd.meta.u.skb);
1086
1087         return rc;
1088 }
1089
1090 /**
1091  * iwl3945_commit_rxon - commit staging_rxon to hardware
1092  *
1093  * The RXON command in staging_rxon is committed to the hardware and
1094  * the active_rxon structure is updated with the new data.  This
1095  * function correctly transitions out of the RXON_ASSOC_MSK state if
1096  * a HW tune is required based on the RXON structure changes.
1097  */
1098 static int iwl3945_commit_rxon(struct iwl3945_priv *priv)
1099 {
1100         /* cast away the const for active_rxon in this function */
1101         struct iwl3945_rxon_cmd *active_rxon = (void *)&priv->active_rxon;
1102         int rc = 0;
1103         DECLARE_MAC_BUF(mac);
1104
1105         if (!iwl3945_is_alive(priv))
1106                 return -1;
1107
1108         /* always get timestamp with Rx frame */
1109         priv->staging_rxon.flags |= RXON_FLG_TSF2HOST_MSK;
1110
1111         /* select antenna */
1112         priv->staging_rxon.flags &=
1113             ~(RXON_FLG_DIS_DIV_MSK | RXON_FLG_ANT_SEL_MSK);
1114         priv->staging_rxon.flags |= iwl3945_get_antenna_flags(priv);
1115
1116         rc = iwl3945_check_rxon_cmd(&priv->staging_rxon);
1117         if (rc) {
1118                 IWL_ERROR("Invalid RXON configuration.  Not committing.\n");
1119                 return -EINVAL;
1120         }
1121
1122         /* If we don't need to send a full RXON, we can use
1123          * iwl3945_rxon_assoc_cmd which is used to reconfigure filter
1124          * and other flags for the current radio configuration. */
1125         if (!iwl3945_full_rxon_required(priv)) {
1126                 rc = iwl3945_send_rxon_assoc(priv);
1127                 if (rc) {
1128                         IWL_ERROR("Error setting RXON_ASSOC "
1129                                   "configuration (%d).\n", rc);
1130                         return rc;
1131                 }
1132
1133                 memcpy(active_rxon, &priv->staging_rxon, sizeof(*active_rxon));
1134
1135                 return 0;
1136         }
1137
1138         /* If we are currently associated and the new config requires
1139          * an RXON_ASSOC and the new config wants the associated mask enabled,
1140          * we must clear the associated from the active configuration
1141          * before we apply the new config */
1142         if (iwl3945_is_associated(priv) &&
1143             (priv->staging_rxon.filter_flags & RXON_FILTER_ASSOC_MSK)) {
1144                 IWL_DEBUG_INFO("Toggling associated bit on current RXON\n");
1145                 active_rxon->filter_flags &= ~RXON_FILTER_ASSOC_MSK;
1146
1147                 rc = iwl3945_send_cmd_pdu(priv, REPLY_RXON,
1148                                       sizeof(struct iwl3945_rxon_cmd),
1149                                       &priv->active_rxon);
1150
1151                 /* If the mask clearing failed then we set
1152                  * active_rxon back to what it was previously */
1153                 if (rc) {
1154                         active_rxon->filter_flags |= RXON_FILTER_ASSOC_MSK;
1155                         IWL_ERROR("Error clearing ASSOC_MSK on current "
1156                                   "configuration (%d).\n", rc);
1157                         return rc;
1158                 }
1159         }
1160
1161         IWL_DEBUG_INFO("Sending RXON\n"
1162                        "* with%s RXON_FILTER_ASSOC_MSK\n"
1163                        "* channel = %d\n"
1164                        "* bssid = %s\n",
1165                        ((priv->staging_rxon.filter_flags &
1166                          RXON_FILTER_ASSOC_MSK) ? "" : "out"),
1167                        le16_to_cpu(priv->staging_rxon.channel),
1168                        print_mac(mac, priv->staging_rxon.bssid_addr));
1169
1170         /* Apply the new configuration */
1171         rc = iwl3945_send_cmd_pdu(priv, REPLY_RXON,
1172                               sizeof(struct iwl3945_rxon_cmd), &priv->staging_rxon);
1173         if (rc) {
1174                 IWL_ERROR("Error setting new configuration (%d).\n", rc);
1175                 return rc;
1176         }
1177
1178         memcpy(active_rxon, &priv->staging_rxon, sizeof(*active_rxon));
1179
1180         iwl3945_clear_stations_table(priv);
1181
1182         /* If we issue a new RXON command which required a tune then we must
1183          * send a new TXPOWER command or we won't be able to Tx any frames */
1184         rc = iwl3945_hw_reg_send_txpower(priv);
1185         if (rc) {
1186                 IWL_ERROR("Error setting Tx power (%d).\n", rc);
1187                 return rc;
1188         }
1189
1190         /* Add the broadcast address so we can send broadcast frames */
1191         if (iwl3945_add_station(priv, iwl3945_broadcast_addr, 0, 0) ==
1192             IWL_INVALID_STATION) {
1193                 IWL_ERROR("Error adding BROADCAST address for transmit.\n");
1194                 return -EIO;
1195         }
1196
1197         /* If we have set the ASSOC_MSK and we are in BSS mode then
1198          * add the IWL_AP_ID to the station rate table */
1199         if (iwl3945_is_associated(priv) &&
1200             (priv->iw_mode == IEEE80211_IF_TYPE_STA))
1201                 if (iwl3945_add_station(priv, priv->active_rxon.bssid_addr, 1, 0)
1202                     == IWL_INVALID_STATION) {
1203                         IWL_ERROR("Error adding AP address for transmit.\n");
1204                         return -EIO;
1205                 }
1206
1207         /* Init the hardware's rate fallback order based on the
1208          * phymode */
1209         rc = iwl3945_init_hw_rate_table(priv);
1210         if (rc) {
1211                 IWL_ERROR("Error setting HW rate table: %02X\n", rc);
1212                 return -EIO;
1213         }
1214
1215         return 0;
1216 }
1217
1218 static int iwl3945_send_bt_config(struct iwl3945_priv *priv)
1219 {
1220         struct iwl3945_bt_cmd bt_cmd = {
1221                 .flags = 3,
1222                 .lead_time = 0xAA,
1223                 .max_kill = 1,
1224                 .kill_ack_mask = 0,
1225                 .kill_cts_mask = 0,
1226         };
1227
1228         return iwl3945_send_cmd_pdu(priv, REPLY_BT_CONFIG,
1229                                 sizeof(struct iwl3945_bt_cmd), &bt_cmd);
1230 }
1231
1232 static int iwl3945_send_scan_abort(struct iwl3945_priv *priv)
1233 {
1234         int rc = 0;
1235         struct iwl3945_rx_packet *res;
1236         struct iwl3945_host_cmd cmd = {
1237                 .id = REPLY_SCAN_ABORT_CMD,
1238                 .meta.flags = CMD_WANT_SKB,
1239         };
1240
1241         /* If there isn't a scan actively going on in the hardware
1242          * then we are in between scan bands and not actually
1243          * actively scanning, so don't send the abort command */
1244         if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
1245                 clear_bit(STATUS_SCAN_ABORTING, &priv->status);
1246                 return 0;
1247         }
1248
1249         rc = iwl3945_send_cmd_sync(priv, &cmd);
1250         if (rc) {
1251                 clear_bit(STATUS_SCAN_ABORTING, &priv->status);
1252                 return rc;
1253         }
1254
1255         res = (struct iwl3945_rx_packet *)cmd.meta.u.skb->data;
1256         if (res->u.status != CAN_ABORT_STATUS) {
1257                 /* The scan abort will return 1 for success or
1258                  * 2 for "failure".  A failure condition can be
1259                  * due to simply not being in an active scan which
1260                  * can occur if we send the scan abort before we
1261                  * the microcode has notified us that a scan is
1262                  * completed. */
1263                 IWL_DEBUG_INFO("SCAN_ABORT returned %d.\n", res->u.status);
1264                 clear_bit(STATUS_SCAN_ABORTING, &priv->status);
1265                 clear_bit(STATUS_SCAN_HW, &priv->status);
1266         }
1267
1268         dev_kfree_skb_any(cmd.meta.u.skb);
1269
1270         return rc;
1271 }
1272
1273 static int iwl3945_card_state_sync_callback(struct iwl3945_priv *priv,
1274                                         struct iwl3945_cmd *cmd,
1275                                         struct sk_buff *skb)
1276 {
1277         return 1;
1278 }
1279
1280 /*
1281  * CARD_STATE_CMD
1282  *
1283  * Use: Sets the device's internal card state to enable, disable, or halt
1284  *
1285  * When in the 'enable' state the card operates as normal.
1286  * When in the 'disable' state, the card enters into a low power mode.
1287  * When in the 'halt' state, the card is shut down and must be fully
1288  * restarted to come back on.
1289  */
1290 static int iwl3945_send_card_state(struct iwl3945_priv *priv, u32 flags, u8 meta_flag)
1291 {
1292         struct iwl3945_host_cmd cmd = {
1293                 .id = REPLY_CARD_STATE_CMD,
1294                 .len = sizeof(u32),
1295                 .data = &flags,
1296                 .meta.flags = meta_flag,
1297         };
1298
1299         if (meta_flag & CMD_ASYNC)
1300                 cmd.meta.u.callback = iwl3945_card_state_sync_callback;
1301
1302         return iwl3945_send_cmd(priv, &cmd);
1303 }
1304
1305 static int iwl3945_add_sta_sync_callback(struct iwl3945_priv *priv,
1306                                      struct iwl3945_cmd *cmd, struct sk_buff *skb)
1307 {
1308         struct iwl3945_rx_packet *res = NULL;
1309
1310         if (!skb) {
1311                 IWL_ERROR("Error: Response NULL in REPLY_ADD_STA.\n");
1312                 return 1;
1313         }
1314
1315         res = (struct iwl3945_rx_packet *)skb->data;
1316         if (res->hdr.flags & IWL_CMD_FAILED_MSK) {
1317                 IWL_ERROR("Bad return from REPLY_ADD_STA (0x%08X)\n",
1318                           res->hdr.flags);
1319                 return 1;
1320         }
1321
1322         switch (res->u.add_sta.status) {
1323         case ADD_STA_SUCCESS_MSK:
1324                 break;
1325         default:
1326                 break;
1327         }
1328
1329         /* We didn't cache the SKB; let the caller free it */
1330         return 1;
1331 }
1332
1333 int iwl3945_send_add_station(struct iwl3945_priv *priv,
1334                          struct iwl3945_addsta_cmd *sta, u8 flags)
1335 {
1336         struct iwl3945_rx_packet *res = NULL;
1337         int rc = 0;
1338         struct iwl3945_host_cmd cmd = {
1339                 .id = REPLY_ADD_STA,
1340                 .len = sizeof(struct iwl3945_addsta_cmd),
1341                 .meta.flags = flags,
1342                 .data = sta,
1343         };
1344
1345         if (flags & CMD_ASYNC)
1346                 cmd.meta.u.callback = iwl3945_add_sta_sync_callback;
1347         else
1348                 cmd.meta.flags |= CMD_WANT_SKB;
1349
1350         rc = iwl3945_send_cmd(priv, &cmd);
1351
1352         if (rc || (flags & CMD_ASYNC))
1353                 return rc;
1354
1355         res = (struct iwl3945_rx_packet *)cmd.meta.u.skb->data;
1356         if (res->hdr.flags & IWL_CMD_FAILED_MSK) {
1357                 IWL_ERROR("Bad return from REPLY_ADD_STA (0x%08X)\n",
1358                           res->hdr.flags);
1359                 rc = -EIO;
1360         }
1361
1362         if (rc == 0) {
1363                 switch (res->u.add_sta.status) {
1364                 case ADD_STA_SUCCESS_MSK:
1365                         IWL_DEBUG_INFO("REPLY_ADD_STA PASSED\n");
1366                         break;
1367                 default:
1368                         rc = -EIO;
1369                         IWL_WARNING("REPLY_ADD_STA failed\n");
1370                         break;
1371                 }
1372         }
1373
1374         priv->alloc_rxb_skb--;
1375         dev_kfree_skb_any(cmd.meta.u.skb);
1376
1377         return rc;
1378 }
1379
1380 static int iwl3945_update_sta_key_info(struct iwl3945_priv *priv,
1381                                    struct ieee80211_key_conf *keyconf,
1382                                    u8 sta_id)
1383 {
1384         unsigned long flags;
1385         __le16 key_flags = 0;
1386
1387         switch (keyconf->alg) {
1388         case ALG_CCMP:
1389                 key_flags |= STA_KEY_FLG_CCMP;
1390                 key_flags |= cpu_to_le16(
1391                                 keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
1392                 key_flags &= ~STA_KEY_FLG_INVALID;
1393                 break;
1394         case ALG_TKIP:
1395         case ALG_WEP:
1396         default:
1397                 return -EINVAL;
1398         }
1399         spin_lock_irqsave(&priv->sta_lock, flags);
1400         priv->stations[sta_id].keyinfo.alg = keyconf->alg;
1401         priv->stations[sta_id].keyinfo.keylen = keyconf->keylen;
1402         memcpy(priv->stations[sta_id].keyinfo.key, keyconf->key,
1403                keyconf->keylen);
1404
1405         memcpy(priv->stations[sta_id].sta.key.key, keyconf->key,
1406                keyconf->keylen);
1407         priv->stations[sta_id].sta.key.key_flags = key_flags;
1408         priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
1409         priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1410
1411         spin_unlock_irqrestore(&priv->sta_lock, flags);
1412
1413         IWL_DEBUG_INFO("hwcrypto: modify ucode station key info\n");
1414         iwl3945_send_add_station(priv, &priv->stations[sta_id].sta, 0);
1415         return 0;
1416 }
1417
1418 static int iwl3945_clear_sta_key_info(struct iwl3945_priv *priv, u8 sta_id)
1419 {
1420         unsigned long flags;
1421
1422         spin_lock_irqsave(&priv->sta_lock, flags);
1423         memset(&priv->stations[sta_id].keyinfo, 0, sizeof(struct iwl3945_hw_key));
1424         memset(&priv->stations[sta_id].sta.key, 0, sizeof(struct iwl3945_keyinfo));
1425         priv->stations[sta_id].sta.key.key_flags = STA_KEY_FLG_NO_ENC;
1426         priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
1427         priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1428         spin_unlock_irqrestore(&priv->sta_lock, flags);
1429
1430         IWL_DEBUG_INFO("hwcrypto: clear ucode station key info\n");
1431         iwl3945_send_add_station(priv, &priv->stations[sta_id].sta, 0);
1432         return 0;
1433 }
1434
1435 static void iwl3945_clear_free_frames(struct iwl3945_priv *priv)
1436 {
1437         struct list_head *element;
1438
1439         IWL_DEBUG_INFO("%d frames on pre-allocated heap on clear.\n",
1440                        priv->frames_count);
1441
1442         while (!list_empty(&priv->free_frames)) {
1443                 element = priv->free_frames.next;
1444                 list_del(element);
1445                 kfree(list_entry(element, struct iwl3945_frame, list));
1446                 priv->frames_count--;
1447         }
1448
1449         if (priv->frames_count) {
1450                 IWL_WARNING("%d frames still in use.  Did we lose one?\n",
1451                             priv->frames_count);
1452                 priv->frames_count = 0;
1453         }
1454 }
1455
1456 static struct iwl3945_frame *iwl3945_get_free_frame(struct iwl3945_priv *priv)
1457 {
1458         struct iwl3945_frame *frame;
1459         struct list_head *element;
1460         if (list_empty(&priv->free_frames)) {
1461                 frame = kzalloc(sizeof(*frame), GFP_KERNEL);
1462                 if (!frame) {
1463                         IWL_ERROR("Could not allocate frame!\n");
1464                         return NULL;
1465                 }
1466
1467                 priv->frames_count++;
1468                 return frame;
1469         }
1470
1471         element = priv->free_frames.next;
1472         list_del(element);
1473         return list_entry(element, struct iwl3945_frame, list);
1474 }
1475
1476 static void iwl3945_free_frame(struct iwl3945_priv *priv, struct iwl3945_frame *frame)
1477 {
1478         memset(frame, 0, sizeof(*frame));
1479         list_add(&frame->list, &priv->free_frames);
1480 }
1481
1482 unsigned int iwl3945_fill_beacon_frame(struct iwl3945_priv *priv,
1483                                 struct ieee80211_hdr *hdr,
1484                                 const u8 *dest, int left)
1485 {
1486
1487         if (!iwl3945_is_associated(priv) || !priv->ibss_beacon ||
1488             ((priv->iw_mode != IEEE80211_IF_TYPE_IBSS) &&
1489              (priv->iw_mode != IEEE80211_IF_TYPE_AP)))
1490                 return 0;
1491
1492         if (priv->ibss_beacon->len > left)
1493                 return 0;
1494
1495         memcpy(hdr, priv->ibss_beacon->data, priv->ibss_beacon->len);
1496
1497         return priv->ibss_beacon->len;
1498 }
1499
1500 static u8 iwl3945_rate_get_lowest_plcp(int rate_mask)
1501 {
1502         u8 i;
1503
1504         for (i = IWL_RATE_1M_INDEX; i != IWL_RATE_INVALID;
1505              i = iwl3945_rates[i].next_ieee) {
1506                 if (rate_mask & (1 << i))
1507                         return iwl3945_rates[i].plcp;
1508         }
1509
1510         return IWL_RATE_INVALID;
1511 }
1512
1513 static int iwl3945_send_beacon_cmd(struct iwl3945_priv *priv)
1514 {
1515         struct iwl3945_frame *frame;
1516         unsigned int frame_size;
1517         int rc;
1518         u8 rate;
1519
1520         frame = iwl3945_get_free_frame(priv);
1521
1522         if (!frame) {
1523                 IWL_ERROR("Could not obtain free frame buffer for beacon "
1524                           "command.\n");
1525                 return -ENOMEM;
1526         }
1527
1528         if (!(priv->staging_rxon.flags & RXON_FLG_BAND_24G_MSK)) {
1529                 rate = iwl3945_rate_get_lowest_plcp(priv->active_rate_basic &
1530                                                 0xFF0);
1531                 if (rate == IWL_INVALID_RATE)
1532                         rate = IWL_RATE_6M_PLCP;
1533         } else {
1534                 rate = iwl3945_rate_get_lowest_plcp(priv->active_rate_basic & 0xF);
1535                 if (rate == IWL_INVALID_RATE)
1536                         rate = IWL_RATE_1M_PLCP;
1537         }
1538
1539         frame_size = iwl3945_hw_get_beacon_cmd(priv, frame, rate);
1540
1541         rc = iwl3945_send_cmd_pdu(priv, REPLY_TX_BEACON, frame_size,
1542                               &frame->u.cmd[0]);
1543
1544         iwl3945_free_frame(priv, frame);
1545
1546         return rc;
1547 }
1548
1549 /******************************************************************************
1550  *
1551  * EEPROM related functions
1552  *
1553  ******************************************************************************/
1554
1555 static void get_eeprom_mac(struct iwl3945_priv *priv, u8 *mac)
1556 {
1557         memcpy(mac, priv->eeprom.mac_address, 6);
1558 }
1559
1560 /*
1561  * Clear the OWNER_MSK, to establish driver (instead of uCode running on
1562  * embedded controller) as EEPROM reader; each read is a series of pulses
1563  * to/from the EEPROM chip, not a single event, so even reads could conflict
1564  * if they weren't arbitrated by some ownership mechanism.  Here, the driver
1565  * simply claims ownership, which should be safe when this function is called
1566  * (i.e. before loading uCode!).
1567  */
1568 static inline int iwl3945_eeprom_acquire_semaphore(struct iwl3945_priv *priv)
1569 {
1570         _iwl3945_clear_bit(priv, CSR_EEPROM_GP, CSR_EEPROM_GP_IF_OWNER_MSK);
1571         return 0;
1572 }
1573
1574 /**
1575  * iwl3945_eeprom_init - read EEPROM contents
1576  *
1577  * Load the EEPROM contents from adapter into priv->eeprom
1578  *
1579  * NOTE:  This routine uses the non-debug IO access functions.
1580  */
1581 int iwl3945_eeprom_init(struct iwl3945_priv *priv)
1582 {
1583         __le16 *e = (__le16 *)&priv->eeprom;
1584         u32 gp = iwl3945_read32(priv, CSR_EEPROM_GP);
1585         u32 r;
1586         int sz = sizeof(priv->eeprom);
1587         int rc;
1588         int i;
1589         u16 addr;
1590
1591         /* The EEPROM structure has several padding buffers within it
1592          * and when adding new EEPROM maps is subject to programmer errors
1593          * which may be very difficult to identify without explicitly
1594          * checking the resulting size of the eeprom map. */
1595         BUILD_BUG_ON(sizeof(priv->eeprom) != IWL_EEPROM_IMAGE_SIZE);
1596
1597         if ((gp & CSR_EEPROM_GP_VALID_MSK) == CSR_EEPROM_GP_BAD_SIGNATURE) {
1598                 IWL_ERROR("EEPROM not found, EEPROM_GP=0x%08x", gp);
1599                 return -ENOENT;
1600         }
1601
1602         /* Make sure driver (instead of uCode) is allowed to read EEPROM */
1603         rc = iwl3945_eeprom_acquire_semaphore(priv);
1604         if (rc < 0) {
1605                 IWL_ERROR("Failed to acquire EEPROM semaphore.\n");
1606                 return -ENOENT;
1607         }
1608
1609         /* eeprom is an array of 16bit values */
1610         for (addr = 0; addr < sz; addr += sizeof(u16)) {
1611                 _iwl3945_write32(priv, CSR_EEPROM_REG, addr << 1);
1612                 _iwl3945_clear_bit(priv, CSR_EEPROM_REG, CSR_EEPROM_REG_BIT_CMD);
1613
1614                 for (i = 0; i < IWL_EEPROM_ACCESS_TIMEOUT;
1615                                         i += IWL_EEPROM_ACCESS_DELAY) {
1616                         r = _iwl3945_read_direct32(priv, CSR_EEPROM_REG);
1617                         if (r & CSR_EEPROM_REG_READ_VALID_MSK)
1618                                 break;
1619                         udelay(IWL_EEPROM_ACCESS_DELAY);
1620                 }
1621
1622                 if (!(r & CSR_EEPROM_REG_READ_VALID_MSK)) {
1623                         IWL_ERROR("Time out reading EEPROM[%d]", addr);
1624                         return -ETIMEDOUT;
1625                 }
1626                 e[addr / 2] = cpu_to_le16(r >> 16);
1627         }
1628
1629         return 0;
1630 }
1631
1632 /******************************************************************************
1633  *
1634  * Misc. internal state and helper functions
1635  *
1636  ******************************************************************************/
1637 #ifdef CONFIG_IWL3945_DEBUG
1638
1639 /**
1640  * iwl3945_report_frame - dump frame to syslog during debug sessions
1641  *
1642  * You may hack this function to show different aspects of received frames,
1643  * including selective frame dumps.
1644  * group100 parameter selects whether to show 1 out of 100 good frames.
1645  */
1646 void iwl3945_report_frame(struct iwl3945_priv *priv,
1647                       struct iwl3945_rx_packet *pkt,
1648                       struct ieee80211_hdr *header, int group100)
1649 {
1650         u32 to_us;
1651         u32 print_summary = 0;
1652         u32 print_dump = 0;     /* set to 1 to dump all frames' contents */
1653         u32 hundred = 0;
1654         u32 dataframe = 0;
1655         u16 fc;
1656         u16 seq_ctl;
1657         u16 channel;
1658         u16 phy_flags;
1659         int rate_sym;
1660         u16 length;
1661         u16 status;
1662         u16 bcn_tmr;
1663         u32 tsf_low;
1664         u64 tsf;
1665         u8 rssi;
1666         u8 agc;
1667         u16 sig_avg;
1668         u16 noise_diff;
1669         struct iwl3945_rx_frame_stats *rx_stats = IWL_RX_STATS(pkt);
1670         struct iwl3945_rx_frame_hdr *rx_hdr = IWL_RX_HDR(pkt);
1671         struct iwl3945_rx_frame_end *rx_end = IWL_RX_END(pkt);
1672         u8 *data = IWL_RX_DATA(pkt);
1673
1674         /* MAC header */
1675         fc = le16_to_cpu(header->frame_control);
1676         seq_ctl = le16_to_cpu(header->seq_ctrl);
1677
1678         /* metadata */
1679         channel = le16_to_cpu(rx_hdr->channel);
1680         phy_flags = le16_to_cpu(rx_hdr->phy_flags);
1681         rate_sym = rx_hdr->rate;
1682         length = le16_to_cpu(rx_hdr->len);
1683
1684         /* end-of-frame status and timestamp */
1685         status = le32_to_cpu(rx_end->status);
1686         bcn_tmr = le32_to_cpu(rx_end->beacon_timestamp);
1687         tsf_low = le64_to_cpu(rx_end->timestamp) & 0x0ffffffff;
1688         tsf = le64_to_cpu(rx_end->timestamp);
1689
1690         /* signal statistics */
1691         rssi = rx_stats->rssi;
1692         agc = rx_stats->agc;
1693         sig_avg = le16_to_cpu(rx_stats->sig_avg);
1694         noise_diff = le16_to_cpu(rx_stats->noise_diff);
1695
1696         to_us = !compare_ether_addr(header->addr1, priv->mac_addr);
1697
1698         /* if data frame is to us and all is good,
1699          *   (optionally) print summary for only 1 out of every 100 */
1700         if (to_us && (fc & ~IEEE80211_FCTL_PROTECTED) ==
1701             (IEEE80211_FCTL_FROMDS | IEEE80211_FTYPE_DATA)) {
1702                 dataframe = 1;
1703                 if (!group100)
1704                         print_summary = 1;      /* print each frame */
1705                 else if (priv->framecnt_to_us < 100) {
1706                         priv->framecnt_to_us++;
1707                         print_summary = 0;
1708                 } else {
1709                         priv->framecnt_to_us = 0;
1710                         print_summary = 1;
1711                         hundred = 1;
1712                 }
1713         } else {
1714                 /* print summary for all other frames */
1715                 print_summary = 1;
1716         }
1717
1718         if (print_summary) {
1719                 char *title;
1720                 u32 rate;
1721
1722                 if (hundred)
1723                         title = "100Frames";
1724                 else if (fc & IEEE80211_FCTL_RETRY)
1725                         title = "Retry";
1726                 else if (ieee80211_is_assoc_response(fc))
1727                         title = "AscRsp";
1728                 else if (ieee80211_is_reassoc_response(fc))
1729                         title = "RasRsp";
1730                 else if (ieee80211_is_probe_response(fc)) {
1731                         title = "PrbRsp";
1732                         print_dump = 1; /* dump frame contents */
1733                 } else if (ieee80211_is_beacon(fc)) {
1734                         title = "Beacon";
1735                         print_dump = 1; /* dump frame contents */
1736                 } else if (ieee80211_is_atim(fc))
1737                         title = "ATIM";
1738                 else if (ieee80211_is_auth(fc))
1739                         title = "Auth";
1740                 else if (ieee80211_is_deauth(fc))
1741                         title = "DeAuth";
1742                 else if (ieee80211_is_disassoc(fc))
1743                         title = "DisAssoc";
1744                 else
1745                         title = "Frame";
1746
1747                 rate = iwl3945_rate_index_from_plcp(rate_sym);
1748                 if (rate == -1)
1749                         rate = 0;
1750                 else
1751                         rate = iwl3945_rates[rate].ieee / 2;
1752
1753                 /* print frame summary.
1754                  * MAC addresses show just the last byte (for brevity),
1755                  *    but you can hack it to show more, if you'd like to. */
1756                 if (dataframe)
1757                         IWL_DEBUG_RX("%s: mhd=0x%04x, dst=0x%02x, "
1758                                      "len=%u, rssi=%d, chnl=%d, rate=%u, \n",
1759                                      title, fc, header->addr1[5],
1760                                      length, rssi, channel, rate);
1761                 else {
1762                         /* src/dst addresses assume managed mode */
1763                         IWL_DEBUG_RX("%s: 0x%04x, dst=0x%02x, "
1764                                      "src=0x%02x, rssi=%u, tim=%lu usec, "
1765                                      "phy=0x%02x, chnl=%d\n",
1766                                      title, fc, header->addr1[5],
1767                                      header->addr3[5], rssi,
1768                                      tsf_low - priv->scan_start_tsf,
1769                                      phy_flags, channel);
1770                 }
1771         }
1772         if (print_dump)
1773                 iwl3945_print_hex_dump(IWL_DL_RX, data, length);
1774 }
1775 #endif
1776
1777 static void iwl3945_unset_hw_setting(struct iwl3945_priv *priv)
1778 {
1779         if (priv->hw_setting.shared_virt)
1780                 pci_free_consistent(priv->pci_dev,
1781                                     sizeof(struct iwl3945_shared),
1782                                     priv->hw_setting.shared_virt,
1783                                     priv->hw_setting.shared_phys);
1784 }
1785
1786 /**
1787  * iwl3945_supported_rate_to_ie - fill in the supported rate in IE field
1788  *
1789  * return : set the bit for each supported rate insert in ie
1790  */
1791 static u16 iwl3945_supported_rate_to_ie(u8 *ie, u16 supported_rate,
1792                                     u16 basic_rate, int *left)
1793 {
1794         u16 ret_rates = 0, bit;
1795         int i;
1796         u8 *cnt = ie;
1797         u8 *rates = ie + 1;
1798
1799         for (bit = 1, i = 0; i < IWL_RATE_COUNT; i++, bit <<= 1) {
1800                 if (bit & supported_rate) {
1801                         ret_rates |= bit;
1802                         rates[*cnt] = iwl3945_rates[i].ieee |
1803                                 ((bit & basic_rate) ? 0x80 : 0x00);
1804                         (*cnt)++;
1805                         (*left)--;
1806                         if ((*left <= 0) ||
1807                             (*cnt >= IWL_SUPPORTED_RATES_IE_LEN))
1808                                 break;
1809                 }
1810         }
1811
1812         return ret_rates;
1813 }
1814
1815 /**
1816  * iwl3945_fill_probe_req - fill in all required fields and IE for probe request
1817  */
1818 static u16 iwl3945_fill_probe_req(struct iwl3945_priv *priv,
1819                               struct ieee80211_mgmt *frame,
1820                               int left, int is_direct)
1821 {
1822         int len = 0;
1823         u8 *pos = NULL;
1824         u16 active_rates, ret_rates, cck_rates;
1825
1826         /* Make sure there is enough space for the probe request,
1827          * two mandatory IEs and the data */
1828         left -= 24;
1829         if (left < 0)
1830                 return 0;
1831         len += 24;
1832
1833         frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
1834         memcpy(frame->da, iwl3945_broadcast_addr, ETH_ALEN);
1835         memcpy(frame->sa, priv->mac_addr, ETH_ALEN);
1836         memcpy(frame->bssid, iwl3945_broadcast_addr, ETH_ALEN);
1837         frame->seq_ctrl = 0;
1838
1839         /* fill in our indirect SSID IE */
1840         /* ...next IE... */
1841
1842         left -= 2;
1843         if (left < 0)
1844                 return 0;
1845         len += 2;
1846         pos = &(frame->u.probe_req.variable[0]);
1847         *pos++ = WLAN_EID_SSID;
1848         *pos++ = 0;
1849
1850         /* fill in our direct SSID IE... */
1851         if (is_direct) {
1852                 /* ...next IE... */
1853                 left -= 2 + priv->essid_len;
1854                 if (left < 0)
1855                         return 0;
1856                 /* ... fill it in... */
1857                 *pos++ = WLAN_EID_SSID;
1858                 *pos++ = priv->essid_len;
1859                 memcpy(pos, priv->essid, priv->essid_len);
1860                 pos += priv->essid_len;
1861                 len += 2 + priv->essid_len;
1862         }
1863
1864         /* fill in supported rate */
1865         /* ...next IE... */
1866         left -= 2;
1867         if (left < 0)
1868                 return 0;
1869
1870         /* ... fill it in... */
1871         *pos++ = WLAN_EID_SUPP_RATES;
1872         *pos = 0;
1873
1874         priv->active_rate = priv->rates_mask;
1875         active_rates = priv->active_rate;
1876         priv->active_rate_basic = priv->rates_mask & IWL_BASIC_RATES_MASK;
1877
1878         cck_rates = IWL_CCK_RATES_MASK & active_rates;
1879         ret_rates = iwl3945_supported_rate_to_ie(pos, cck_rates,
1880                         priv->active_rate_basic, &left);
1881         active_rates &= ~ret_rates;
1882
1883         ret_rates = iwl3945_supported_rate_to_ie(pos, active_rates,
1884                                  priv->active_rate_basic, &left);
1885         active_rates &= ~ret_rates;
1886
1887         len += 2 + *pos;
1888         pos += (*pos) + 1;
1889         if (active_rates == 0)
1890                 goto fill_end;
1891
1892         /* fill in supported extended rate */
1893         /* ...next IE... */
1894         left -= 2;
1895         if (left < 0)
1896                 return 0;
1897         /* ... fill it in... */
1898         *pos++ = WLAN_EID_EXT_SUPP_RATES;
1899         *pos = 0;
1900         iwl3945_supported_rate_to_ie(pos, active_rates,
1901                                  priv->active_rate_basic, &left);
1902         if (*pos > 0)
1903                 len += 2 + *pos;
1904
1905  fill_end:
1906         return (u16)len;
1907 }
1908
1909 /*
1910  * QoS  support
1911 */
1912 #ifdef CONFIG_IWL3945_QOS
1913 static int iwl3945_send_qos_params_command(struct iwl3945_priv *priv,
1914                                        struct iwl3945_qosparam_cmd *qos)
1915 {
1916
1917         return iwl3945_send_cmd_pdu(priv, REPLY_QOS_PARAM,
1918                                 sizeof(struct iwl3945_qosparam_cmd), qos);
1919 }
1920
1921 static void iwl3945_reset_qos(struct iwl3945_priv *priv)
1922 {
1923         u16 cw_min = 15;
1924         u16 cw_max = 1023;
1925         u8 aifs = 2;
1926         u8 is_legacy = 0;
1927         unsigned long flags;
1928         int i;
1929
1930         spin_lock_irqsave(&priv->lock, flags);
1931         priv->qos_data.qos_active = 0;
1932
1933         if (priv->iw_mode == IEEE80211_IF_TYPE_IBSS) {
1934                 if (priv->qos_data.qos_enable)
1935                         priv->qos_data.qos_active = 1;
1936                 if (!(priv->active_rate & 0xfff0)) {
1937                         cw_min = 31;
1938                         is_legacy = 1;
1939                 }
1940         } else if (priv->iw_mode == IEEE80211_IF_TYPE_AP) {
1941                 if (priv->qos_data.qos_enable)
1942                         priv->qos_data.qos_active = 1;
1943         } else if (!(priv->staging_rxon.flags & RXON_FLG_SHORT_SLOT_MSK)) {
1944                 cw_min = 31;
1945                 is_legacy = 1;
1946         }
1947
1948         if (priv->qos_data.qos_active)
1949                 aifs = 3;
1950
1951         priv->qos_data.def_qos_parm.ac[0].cw_min = cpu_to_le16(cw_min);
1952         priv->qos_data.def_qos_parm.ac[0].cw_max = cpu_to_le16(cw_max);
1953         priv->qos_data.def_qos_parm.ac[0].aifsn = aifs;
1954         priv->qos_data.def_qos_parm.ac[0].edca_txop = 0;
1955         priv->qos_data.def_qos_parm.ac[0].reserved1 = 0;
1956
1957         if (priv->qos_data.qos_active) {
1958                 i = 1;
1959                 priv->qos_data.def_qos_parm.ac[i].cw_min = cpu_to_le16(cw_min);
1960                 priv->qos_data.def_qos_parm.ac[i].cw_max = cpu_to_le16(cw_max);
1961                 priv->qos_data.def_qos_parm.ac[i].aifsn = 7;
1962                 priv->qos_data.def_qos_parm.ac[i].edca_txop = 0;
1963                 priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1964
1965                 i = 2;
1966                 priv->qos_data.def_qos_parm.ac[i].cw_min =
1967                         cpu_to_le16((cw_min + 1) / 2 - 1);
1968                 priv->qos_data.def_qos_parm.ac[i].cw_max =
1969                         cpu_to_le16(cw_max);
1970                 priv->qos_data.def_qos_parm.ac[i].aifsn = 2;
1971                 if (is_legacy)
1972                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1973                                 cpu_to_le16(6016);
1974                 else
1975                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1976                                 cpu_to_le16(3008);
1977                 priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1978
1979                 i = 3;
1980                 priv->qos_data.def_qos_parm.ac[i].cw_min =
1981                         cpu_to_le16((cw_min + 1) / 4 - 1);
1982                 priv->qos_data.def_qos_parm.ac[i].cw_max =
1983                         cpu_to_le16((cw_max + 1) / 2 - 1);
1984                 priv->qos_data.def_qos_parm.ac[i].aifsn = 2;
1985                 priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1986                 if (is_legacy)
1987                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1988                                 cpu_to_le16(3264);
1989                 else
1990                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1991                                 cpu_to_le16(1504);
1992         } else {
1993                 for (i = 1; i < 4; i++) {
1994                         priv->qos_data.def_qos_parm.ac[i].cw_min =
1995                                 cpu_to_le16(cw_min);
1996                         priv->qos_data.def_qos_parm.ac[i].cw_max =
1997                                 cpu_to_le16(cw_max);
1998                         priv->qos_data.def_qos_parm.ac[i].aifsn = aifs;
1999                         priv->qos_data.def_qos_parm.ac[i].edca_txop = 0;
2000                         priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
2001                 }
2002         }
2003         IWL_DEBUG_QOS("set QoS to default \n");
2004
2005         spin_unlock_irqrestore(&priv->lock, flags);
2006 }
2007
2008 static void iwl3945_activate_qos(struct iwl3945_priv *priv, u8 force)
2009 {
2010         unsigned long flags;
2011
2012         if (test_bit(STATUS_EXIT_PENDING, &priv->status))
2013                 return;
2014
2015         if (!priv->qos_data.qos_enable)
2016                 return;
2017
2018         spin_lock_irqsave(&priv->lock, flags);
2019         priv->qos_data.def_qos_parm.qos_flags = 0;
2020
2021         if (priv->qos_data.qos_cap.q_AP.queue_request &&
2022             !priv->qos_data.qos_cap.q_AP.txop_request)
2023                 priv->qos_data.def_qos_parm.qos_flags |=
2024                         QOS_PARAM_FLG_TXOP_TYPE_MSK;
2025
2026         if (priv->qos_data.qos_active)
2027                 priv->qos_data.def_qos_parm.qos_flags |=
2028                         QOS_PARAM_FLG_UPDATE_EDCA_MSK;
2029
2030         spin_unlock_irqrestore(&priv->lock, flags);
2031
2032         if (force || iwl3945_is_associated(priv)) {
2033                 IWL_DEBUG_QOS("send QoS cmd with Qos active %d \n",
2034                               priv->qos_data.qos_active);
2035
2036                 iwl3945_send_qos_params_command(priv,
2037                                 &(priv->qos_data.def_qos_parm));
2038         }
2039 }
2040
2041 #endif /* CONFIG_IWL3945_QOS */
2042 /*
2043  * Power management (not Tx power!) functions
2044  */
2045 #define MSEC_TO_USEC 1024
2046
2047 #define NOSLP __constant_cpu_to_le32(0)
2048 #define SLP IWL_POWER_DRIVER_ALLOW_SLEEP_MSK
2049 #define SLP_TIMEOUT(T) __constant_cpu_to_le32((T) * MSEC_TO_USEC)
2050 #define SLP_VEC(X0, X1, X2, X3, X4) {__constant_cpu_to_le32(X0), \
2051                                      __constant_cpu_to_le32(X1), \
2052                                      __constant_cpu_to_le32(X2), \
2053                                      __constant_cpu_to_le32(X3), \
2054                                      __constant_cpu_to_le32(X4)}
2055
2056
2057 /* default power management (not Tx power) table values */
2058 /* for tim  0-10 */
2059 static struct iwl3945_power_vec_entry range_0[IWL_POWER_AC] = {
2060         {{NOSLP, SLP_TIMEOUT(0), SLP_TIMEOUT(0), SLP_VEC(0, 0, 0, 0, 0)}, 0},
2061         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(500), SLP_VEC(1, 2, 3, 4, 4)}, 0},
2062         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(300), SLP_VEC(2, 4, 6, 7, 7)}, 0},
2063         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(100), SLP_VEC(2, 6, 9, 9, 10)}, 0},
2064         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(25), SLP_VEC(2, 7, 9, 9, 10)}, 1},
2065         {{SLP, SLP_TIMEOUT(25), SLP_TIMEOUT(25), SLP_VEC(4, 7, 10, 10, 10)}, 1}
2066 };
2067
2068 /* for tim > 10 */
2069 static struct iwl3945_power_vec_entry range_1[IWL_POWER_AC] = {
2070         {{NOSLP, SLP_TIMEOUT(0), SLP_TIMEOUT(0), SLP_VEC(0, 0, 0, 0, 0)}, 0},
2071         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(500),
2072                  SLP_VEC(1, 2, 3, 4, 0xFF)}, 0},
2073         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(300),
2074                  SLP_VEC(2, 4, 6, 7, 0xFF)}, 0},
2075         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(100),
2076                  SLP_VEC(2, 6, 9, 9, 0xFF)}, 0},
2077         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(25), SLP_VEC(2, 7, 9, 9, 0xFF)}, 0},
2078         {{SLP, SLP_TIMEOUT(25), SLP_TIMEOUT(25),
2079                  SLP_VEC(4, 7, 10, 10, 0xFF)}, 0}
2080 };
2081
2082 int iwl3945_power_init_handle(struct iwl3945_priv *priv)
2083 {
2084         int rc = 0, i;
2085         struct iwl3945_power_mgr *pow_data;
2086         int size = sizeof(struct iwl3945_power_vec_entry) * IWL_POWER_AC;
2087         u16 pci_pm;
2088
2089         IWL_DEBUG_POWER("Initialize power \n");
2090
2091         pow_data = &(priv->power_data);
2092
2093         memset(pow_data, 0, sizeof(*pow_data));
2094
2095         pow_data->active_index = IWL_POWER_RANGE_0;
2096         pow_data->dtim_val = 0xffff;
2097
2098         memcpy(&pow_data->pwr_range_0[0], &range_0[0], size);
2099         memcpy(&pow_data->pwr_range_1[0], &range_1[0], size);
2100
2101         rc = pci_read_config_word(priv->pci_dev, PCI_LINK_CTRL, &pci_pm);
2102         if (rc != 0)
2103                 return 0;
2104         else {
2105                 struct iwl3945_powertable_cmd *cmd;
2106
2107                 IWL_DEBUG_POWER("adjust power command flags\n");
2108
2109                 for (i = 0; i < IWL_POWER_AC; i++) {
2110                         cmd = &pow_data->pwr_range_0[i].cmd;
2111
2112                         if (pci_pm & 0x1)
2113                                 cmd->flags &= ~IWL_POWER_PCI_PM_MSK;
2114                         else
2115                                 cmd->flags |= IWL_POWER_PCI_PM_MSK;
2116                 }
2117         }
2118         return rc;
2119 }
2120
2121 static int iwl3945_update_power_cmd(struct iwl3945_priv *priv,
2122                                 struct iwl3945_powertable_cmd *cmd, u32 mode)
2123 {
2124         int rc = 0, i;
2125         u8 skip;
2126         u32 max_sleep = 0;
2127         struct iwl3945_power_vec_entry *range;
2128         u8 period = 0;
2129         struct iwl3945_power_mgr *pow_data;
2130
2131         if (mode > IWL_POWER_INDEX_5) {
2132                 IWL_DEBUG_POWER("Error invalid power mode \n");
2133                 return -1;
2134         }
2135         pow_data = &(priv->power_data);
2136
2137         if (pow_data->active_index == IWL_POWER_RANGE_0)
2138                 range = &pow_data->pwr_range_0[0];
2139         else
2140                 range = &pow_data->pwr_range_1[1];
2141
2142         memcpy(cmd, &range[mode].cmd, sizeof(struct iwl3945_powertable_cmd));
2143
2144 #ifdef IWL_MAC80211_DISABLE
2145         if (priv->assoc_network != NULL) {
2146                 unsigned long flags;
2147
2148                 period = priv->assoc_network->tim.tim_period;
2149         }
2150 #endif  /*IWL_MAC80211_DISABLE */
2151         skip = range[mode].no_dtim;
2152
2153         if (period == 0) {
2154                 period = 1;
2155                 skip = 0;
2156         }
2157
2158         if (skip == 0) {
2159                 max_sleep = period;
2160                 cmd->flags &= ~IWL_POWER_SLEEP_OVER_DTIM_MSK;
2161         } else {
2162                 __le32 slp_itrvl = cmd->sleep_interval[IWL_POWER_VEC_SIZE - 1];
2163                 max_sleep = (le32_to_cpu(slp_itrvl) / period) * period;
2164                 cmd->flags |= IWL_POWER_SLEEP_OVER_DTIM_MSK;
2165         }
2166
2167         for (i = 0; i < IWL_POWER_VEC_SIZE; i++) {
2168                 if (le32_to_cpu(cmd->sleep_interval[i]) > max_sleep)
2169                         cmd->sleep_interval[i] = cpu_to_le32(max_sleep);
2170         }
2171
2172         IWL_DEBUG_POWER("Flags value = 0x%08X\n", cmd->flags);
2173         IWL_DEBUG_POWER("Tx timeout = %u\n", le32_to_cpu(cmd->tx_data_timeout));
2174         IWL_DEBUG_POWER("Rx timeout = %u\n", le32_to_cpu(cmd->rx_data_timeout));
2175         IWL_DEBUG_POWER("Sleep interval vector = { %d , %d , %d , %d , %d }\n",
2176                         le32_to_cpu(cmd->sleep_interval[0]),
2177                         le32_to_cpu(cmd->sleep_interval[1]),
2178                         le32_to_cpu(cmd->sleep_interval[2]),
2179                         le32_to_cpu(cmd->sleep_interval[3]),
2180                         le32_to_cpu(cmd->sleep_interval[4]));
2181
2182         return rc;
2183 }
2184
2185 static int iwl3945_send_power_mode(struct iwl3945_priv *priv, u32 mode)
2186 {
2187         u32 uninitialized_var(final_mode);
2188         int rc;
2189         struct iwl3945_powertable_cmd cmd;
2190
2191         /* If on battery, set to 3,
2192          * if plugged into AC power, set to CAM ("continuously aware mode"),
2193          * else user level */
2194         switch (mode) {
2195         case IWL_POWER_BATTERY:
2196                 final_mode = IWL_POWER_INDEX_3;
2197                 break;
2198         case IWL_POWER_AC:
2199                 final_mode = IWL_POWER_MODE_CAM;
2200                 break;
2201         default:
2202                 final_mode = mode;
2203                 break;
2204         }
2205
2206         iwl3945_update_power_cmd(priv, &cmd, final_mode);
2207
2208         rc = iwl3945_send_cmd_pdu(priv, POWER_TABLE_CMD, sizeof(cmd), &cmd);
2209
2210         if (final_mode == IWL_POWER_MODE_CAM)
2211                 clear_bit(STATUS_POWER_PMI, &priv->status);
2212         else
2213                 set_bit(STATUS_POWER_PMI, &priv->status);
2214
2215         return rc;
2216 }
2217
2218 int iwl3945_is_network_packet(struct iwl3945_priv *priv, struct ieee80211_hdr *header)
2219 {
2220         /* Filter incoming packets to determine if they are targeted toward
2221          * this network, discarding packets coming from ourselves */
2222         switch (priv->iw_mode) {
2223         case IEEE80211_IF_TYPE_IBSS: /* Header: Dest. | Source    | BSSID */
2224                 /* packets from our adapter are dropped (echo) */
2225                 if (!compare_ether_addr(header->addr2, priv->mac_addr))
2226                         return 0;
2227                 /* {broad,multi}cast packets to our IBSS go through */
2228                 if (is_multicast_ether_addr(header->addr1))
2229                         return !compare_ether_addr(header->addr3, priv->bssid);
2230                 /* packets to our adapter go through */
2231                 return !compare_ether_addr(header->addr1, priv->mac_addr);
2232         case IEEE80211_IF_TYPE_STA: /* Header: Dest. | AP{BSSID} | Source */
2233                 /* packets from our adapter are dropped (echo) */
2234                 if (!compare_ether_addr(header->addr3, priv->mac_addr))
2235                         return 0;
2236                 /* {broad,multi}cast packets to our BSS go through */
2237                 if (is_multicast_ether_addr(header->addr1))
2238                         return !compare_ether_addr(header->addr2, priv->bssid);
2239                 /* packets to our adapter go through */
2240                 return !compare_ether_addr(header->addr1, priv->mac_addr);
2241         }
2242
2243         return 1;
2244 }
2245
2246 #define TX_STATUS_ENTRY(x) case TX_STATUS_FAIL_ ## x: return #x
2247
2248 static const char *iwl3945_get_tx_fail_reason(u32 status)
2249 {
2250         switch (status & TX_STATUS_MSK) {
2251         case TX_STATUS_SUCCESS:
2252                 return "SUCCESS";
2253                 TX_STATUS_ENTRY(SHORT_LIMIT);
2254                 TX_STATUS_ENTRY(LONG_LIMIT);
2255                 TX_STATUS_ENTRY(FIFO_UNDERRUN);
2256                 TX_STATUS_ENTRY(MGMNT_ABORT);
2257                 TX_STATUS_ENTRY(NEXT_FRAG);
2258                 TX_STATUS_ENTRY(LIFE_EXPIRE);
2259                 TX_STATUS_ENTRY(DEST_PS);
2260                 TX_STATUS_ENTRY(ABORTED);
2261                 TX_STATUS_ENTRY(BT_RETRY);
2262                 TX_STATUS_ENTRY(STA_INVALID);
2263                 TX_STATUS_ENTRY(FRAG_DROPPED);
2264                 TX_STATUS_ENTRY(TID_DISABLE);
2265                 TX_STATUS_ENTRY(FRAME_FLUSHED);
2266                 TX_STATUS_ENTRY(INSUFFICIENT_CF_POLL);
2267                 TX_STATUS_ENTRY(TX_LOCKED);
2268                 TX_STATUS_ENTRY(NO_BEACON_ON_RADAR);
2269         }
2270
2271         return "UNKNOWN";
2272 }
2273
2274 /**
2275  * iwl3945_scan_cancel - Cancel any currently executing HW scan
2276  *
2277  * NOTE: priv->mutex is not required before calling this function
2278  */
2279 static int iwl3945_scan_cancel(struct iwl3945_priv *priv)
2280 {
2281         if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
2282                 clear_bit(STATUS_SCANNING, &priv->status);
2283                 return 0;
2284         }
2285
2286         if (test_bit(STATUS_SCANNING, &priv->status)) {
2287                 if (!test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
2288                         IWL_DEBUG_SCAN("Queuing scan abort.\n");
2289                         set_bit(STATUS_SCAN_ABORTING, &priv->status);
2290                         queue_work(priv->workqueue, &priv->abort_scan);
2291
2292                 } else
2293                         IWL_DEBUG_SCAN("Scan abort already in progress.\n");
2294
2295                 return test_bit(STATUS_SCANNING, &priv->status);
2296         }
2297
2298         return 0;
2299 }
2300
2301 /**
2302  * iwl3945_scan_cancel_timeout - Cancel any currently executing HW scan
2303  * @ms: amount of time to wait (in milliseconds) for scan to abort
2304  *
2305  * NOTE: priv->mutex must be held before calling this function
2306  */
2307 static int iwl3945_scan_cancel_timeout(struct iwl3945_priv *priv, unsigned long ms)
2308 {
2309         unsigned long now = jiffies;
2310         int ret;
2311
2312         ret = iwl3945_scan_cancel(priv);
2313         if (ret && ms) {
2314                 mutex_unlock(&priv->mutex);
2315                 while (!time_after(jiffies, now + msecs_to_jiffies(ms)) &&
2316                                 test_bit(STATUS_SCANNING, &priv->status))
2317                         msleep(1);
2318                 mutex_lock(&priv->mutex);
2319
2320                 return test_bit(STATUS_SCANNING, &priv->status);
2321         }
2322
2323         return ret;
2324 }
2325
2326 static void iwl3945_sequence_reset(struct iwl3945_priv *priv)
2327 {
2328         /* Reset ieee stats */
2329
2330         /* We don't reset the net_device_stats (ieee->stats) on
2331          * re-association */
2332
2333         priv->last_seq_num = -1;
2334         priv->last_frag_num = -1;
2335         priv->last_packet_time = 0;
2336
2337         iwl3945_scan_cancel(priv);
2338 }
2339
2340 #define MAX_UCODE_BEACON_INTERVAL       1024
2341 #define INTEL_CONN_LISTEN_INTERVAL      __constant_cpu_to_le16(0xA)
2342
2343 static __le16 iwl3945_adjust_beacon_interval(u16 beacon_val)
2344 {
2345         u16 new_val = 0;
2346         u16 beacon_factor = 0;
2347
2348         beacon_factor =
2349             (beacon_val + MAX_UCODE_BEACON_INTERVAL)
2350                 / MAX_UCODE_BEACON_INTERVAL;
2351         new_val = beacon_val / beacon_factor;
2352
2353         return cpu_to_le16(new_val);
2354 }
2355
2356 static void iwl3945_setup_rxon_timing(struct iwl3945_priv *priv)
2357 {
2358         u64 interval_tm_unit;
2359         u64 tsf, result;
2360         unsigned long flags;
2361         struct ieee80211_conf *conf = NULL;
2362         u16 beacon_int = 0;
2363
2364         conf = ieee80211_get_hw_conf(priv->hw);
2365
2366         spin_lock_irqsave(&priv->lock, flags);
2367         priv->rxon_timing.timestamp.dw[1] = cpu_to_le32(priv->timestamp1);
2368         priv->rxon_timing.timestamp.dw[0] = cpu_to_le32(priv->timestamp0);
2369
2370         priv->rxon_timing.listen_interval = INTEL_CONN_LISTEN_INTERVAL;
2371
2372         tsf = priv->timestamp1;
2373         tsf = ((tsf << 32) | priv->timestamp0);
2374
2375         beacon_int = priv->beacon_int;
2376         spin_unlock_irqrestore(&priv->lock, flags);
2377
2378         if (priv->iw_mode == IEEE80211_IF_TYPE_STA) {
2379                 if (beacon_int == 0) {
2380                         priv->rxon_timing.beacon_interval = cpu_to_le16(100);
2381                         priv->rxon_timing.beacon_init_val = cpu_to_le32(102400);
2382                 } else {
2383                         priv->rxon_timing.beacon_interval =
2384                                 cpu_to_le16(beacon_int);
2385                         priv->rxon_timing.beacon_interval =
2386                             iwl3945_adjust_beacon_interval(
2387                                 le16_to_cpu(priv->rxon_timing.beacon_interval));
2388                 }
2389
2390                 priv->rxon_timing.atim_window = 0;
2391         } else {
2392                 priv->rxon_timing.beacon_interval =
2393                         iwl3945_adjust_beacon_interval(conf->beacon_int);
2394                 /* TODO: we need to get atim_window from upper stack
2395                  * for now we set to 0 */
2396                 priv->rxon_timing.atim_window = 0;
2397         }
2398
2399         interval_tm_unit =
2400                 (le16_to_cpu(priv->rxon_timing.beacon_interval) * 1024);
2401         result = do_div(tsf, interval_tm_unit);
2402         priv->rxon_timing.beacon_init_val =
2403             cpu_to_le32((u32) ((u64) interval_tm_unit - result));
2404
2405         IWL_DEBUG_ASSOC
2406             ("beacon interval %d beacon timer %d beacon tim %d\n",
2407                 le16_to_cpu(priv->rxon_timing.beacon_interval),
2408                 le32_to_cpu(priv->rxon_timing.beacon_init_val),
2409                 le16_to_cpu(priv->rxon_timing.atim_window));
2410 }
2411
2412 static int iwl3945_scan_initiate(struct iwl3945_priv *priv)
2413 {
2414         if (priv->iw_mode == IEEE80211_IF_TYPE_AP) {
2415                 IWL_ERROR("APs don't scan.\n");
2416                 return 0;
2417         }
2418
2419         if (!iwl3945_is_ready_rf(priv)) {
2420                 IWL_DEBUG_SCAN("Aborting scan due to not ready.\n");
2421                 return -EIO;
2422         }
2423
2424         if (test_bit(STATUS_SCANNING, &priv->status)) {
2425                 IWL_DEBUG_SCAN("Scan already in progress.\n");
2426                 return -EAGAIN;
2427         }
2428
2429         if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
2430                 IWL_DEBUG_SCAN("Scan request while abort pending.  "
2431                                "Queuing.\n");
2432                 return -EAGAIN;
2433         }
2434
2435         IWL_DEBUG_INFO("Starting scan...\n");
2436         priv->scan_bands = 2;
2437         set_bit(STATUS_SCANNING, &priv->status);
2438         priv->scan_start = jiffies;
2439         priv->scan_pass_start = priv->scan_start;
2440
2441         queue_work(priv->workqueue, &priv->request_scan);
2442
2443         return 0;
2444 }
2445
2446 static int iwl3945_set_rxon_hwcrypto(struct iwl3945_priv *priv, int hw_decrypt)
2447 {
2448         struct iwl3945_rxon_cmd *rxon = &priv->staging_rxon;
2449
2450         if (hw_decrypt)
2451                 rxon->filter_flags &= ~RXON_FILTER_DIS_DECRYPT_MSK;
2452         else
2453                 rxon->filter_flags |= RXON_FILTER_DIS_DECRYPT_MSK;
2454
2455         return 0;
2456 }
2457
2458 static void iwl3945_set_flags_for_phymode(struct iwl3945_priv *priv, u8 phymode)
2459 {
2460         if (phymode == MODE_IEEE80211A) {
2461                 priv->staging_rxon.flags &=
2462                     ~(RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK
2463                       | RXON_FLG_CCK_MSK);
2464                 priv->staging_rxon.flags |= RXON_FLG_SHORT_SLOT_MSK;
2465         } else {
2466                 /* Copied from iwl3945_bg_post_associate() */
2467                 if (priv->assoc_capability & WLAN_CAPABILITY_SHORT_SLOT_TIME)
2468                         priv->staging_rxon.flags |= RXON_FLG_SHORT_SLOT_MSK;
2469                 else
2470                         priv->staging_rxon.flags &= ~RXON_FLG_SHORT_SLOT_MSK;
2471
2472                 if (priv->iw_mode == IEEE80211_IF_TYPE_IBSS)
2473                         priv->staging_rxon.flags &= ~RXON_FLG_SHORT_SLOT_MSK;
2474
2475                 priv->staging_rxon.flags |= RXON_FLG_BAND_24G_MSK;
2476                 priv->staging_rxon.flags |= RXON_FLG_AUTO_DETECT_MSK;
2477                 priv->staging_rxon.flags &= ~RXON_FLG_CCK_MSK;
2478         }
2479 }
2480
2481 /*
2482  * initialize rxon structure with default values from eeprom
2483  */
2484 static void iwl3945_connection_init_rx_config(struct iwl3945_priv *priv)
2485 {
2486         const struct iwl3945_channel_info *ch_info;
2487
2488         memset(&priv->staging_rxon, 0, sizeof(priv->staging_rxon));
2489
2490         switch (priv->iw_mode) {
2491         case IEEE80211_IF_TYPE_AP:
2492                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_AP;
2493                 break;
2494
2495         case IEEE80211_IF_TYPE_STA:
2496                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_ESS;
2497                 priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK;
2498                 break;
2499
2500         case IEEE80211_IF_TYPE_IBSS:
2501                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_IBSS;
2502                 priv->staging_rxon.flags = RXON_FLG_SHORT_PREAMBLE_MSK;
2503                 priv->staging_rxon.filter_flags = RXON_FILTER_BCON_AWARE_MSK |
2504                                                   RXON_FILTER_ACCEPT_GRP_MSK;
2505                 break;
2506
2507         case IEEE80211_IF_TYPE_MNTR:
2508                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_SNIFFER;
2509                 priv->staging_rxon.filter_flags = RXON_FILTER_PROMISC_MSK |
2510                     RXON_FILTER_CTL2HOST_MSK | RXON_FILTER_ACCEPT_GRP_MSK;
2511                 break;
2512         }
2513
2514 #if 0
2515         /* TODO:  Figure out when short_preamble would be set and cache from
2516          * that */
2517         if (!hw_to_local(priv->hw)->short_preamble)
2518                 priv->staging_rxon.flags &= ~RXON_FLG_SHORT_PREAMBLE_MSK;
2519         else
2520                 priv->staging_rxon.flags |= RXON_FLG_SHORT_PREAMBLE_MSK;
2521 #endif
2522
2523         ch_info = iwl3945_get_channel_info(priv, priv->phymode,
2524                                        le16_to_cpu(priv->staging_rxon.channel));
2525
2526         if (!ch_info)
2527                 ch_info = &priv->channel_info[0];
2528
2529         /*
2530          * in some case A channels are all non IBSS
2531          * in this case force B/G channel
2532          */
2533         if ((priv->iw_mode == IEEE80211_IF_TYPE_IBSS) &&
2534             !(is_channel_ibss(ch_info)))
2535                 ch_info = &priv->channel_info[0];
2536
2537         priv->staging_rxon.channel = cpu_to_le16(ch_info->channel);
2538         if (is_channel_a_band(ch_info))
2539                 priv->phymode = MODE_IEEE80211A;
2540         else
2541                 priv->phymode = MODE_IEEE80211G;
2542
2543         iwl3945_set_flags_for_phymode(priv, priv->phymode);
2544
2545         priv->staging_rxon.ofdm_basic_rates =
2546             (IWL_OFDM_RATES_MASK >> IWL_FIRST_OFDM_RATE) & 0xFF;
2547         priv->staging_rxon.cck_basic_rates =
2548             (IWL_CCK_RATES_MASK >> IWL_FIRST_CCK_RATE) & 0xF;
2549 }
2550
2551 static int iwl3945_set_mode(struct iwl3945_priv *priv, int mode)
2552 {
2553         if (mode == IEEE80211_IF_TYPE_IBSS) {
2554                 const struct iwl3945_channel_info *ch_info;
2555
2556                 ch_info = iwl3945_get_channel_info(priv,
2557                         priv->phymode,
2558                         le16_to_cpu(priv->staging_rxon.channel));
2559
2560                 if (!ch_info || !is_channel_ibss(ch_info)) {
2561                         IWL_ERROR("channel %d not IBSS channel\n",
2562                                   le16_to_cpu(priv->staging_rxon.channel));
2563                         return -EINVAL;
2564                 }
2565         }
2566
2567         priv->iw_mode = mode;
2568
2569         iwl3945_connection_init_rx_config(priv);
2570         memcpy(priv->staging_rxon.node_addr, priv->mac_addr, ETH_ALEN);
2571
2572         iwl3945_clear_stations_table(priv);
2573
2574         /* dont commit rxon if rf-kill is on*/
2575         if (!iwl3945_is_ready_rf(priv))
2576                 return -EAGAIN;
2577
2578         cancel_delayed_work(&priv->scan_check);
2579         if (iwl3945_scan_cancel_timeout(priv, 100)) {
2580                 IWL_WARNING("Aborted scan still in progress after 100ms\n");
2581                 IWL_DEBUG_MAC80211("leaving - scan abort failed.\n");
2582                 return -EAGAIN;
2583         }
2584
2585         iwl3945_commit_rxon(priv);
2586
2587         return 0;
2588 }
2589
2590 static void iwl3945_build_tx_cmd_hwcrypto(struct iwl3945_priv *priv,
2591                                       struct ieee80211_tx_control *ctl,
2592                                       struct iwl3945_cmd *cmd,
2593                                       struct sk_buff *skb_frag,
2594                                       int last_frag)
2595 {
2596         struct iwl3945_hw_key *keyinfo = &priv->stations[ctl->key_idx].keyinfo;
2597
2598         switch (keyinfo->alg) {
2599         case ALG_CCMP:
2600                 cmd->cmd.tx.sec_ctl = TX_CMD_SEC_CCM;
2601                 memcpy(cmd->cmd.tx.key, keyinfo->key, keyinfo->keylen);
2602                 IWL_DEBUG_TX("tx_cmd with aes hwcrypto\n");
2603                 break;
2604
2605         case ALG_TKIP:
2606 #if 0
2607                 cmd->cmd.tx.sec_ctl = TX_CMD_SEC_TKIP;
2608
2609                 if (last_frag)
2610                         memcpy(cmd->cmd.tx.tkip_mic.byte, skb_frag->tail - 8,
2611                                8);
2612                 else
2613                         memset(cmd->cmd.tx.tkip_mic.byte, 0, 8);
2614 #endif
2615                 break;
2616
2617         case ALG_WEP:
2618                 cmd->cmd.tx.sec_ctl = TX_CMD_SEC_WEP |
2619                     (ctl->key_idx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT;
2620
2621                 if (keyinfo->keylen == 13)
2622                         cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
2623
2624                 memcpy(&cmd->cmd.tx.key[3], keyinfo->key, keyinfo->keylen);
2625
2626                 IWL_DEBUG_TX("Configuring packet for WEP encryption "
2627                              "with key %d\n", ctl->key_idx);
2628                 break;
2629
2630         default:
2631                 printk(KERN_ERR "Unknown encode alg %d\n", keyinfo->alg);
2632                 break;
2633         }
2634 }
2635
2636 /*
2637  * handle build REPLY_TX command notification.
2638  */
2639 static void iwl3945_build_tx_cmd_basic(struct iwl3945_priv *priv,
2640                                   struct iwl3945_cmd *cmd,
2641                                   struct ieee80211_tx_control *ctrl,
2642                                   struct ieee80211_hdr *hdr,
2643                                   int is_unicast, u8 std_id)
2644 {
2645         __le16 *qc;
2646         u16 fc = le16_to_cpu(hdr->frame_control);
2647         __le32 tx_flags = cmd->cmd.tx.tx_flags;
2648
2649         cmd->cmd.tx.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
2650         if (!(ctrl->flags & IEEE80211_TXCTL_NO_ACK)) {
2651                 tx_flags |= TX_CMD_FLG_ACK_MSK;
2652                 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
2653                         tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
2654                 if (ieee80211_is_probe_response(fc) &&
2655                     !(le16_to_cpu(hdr->seq_ctrl) & 0xf))
2656                         tx_flags |= TX_CMD_FLG_TSF_MSK;
2657         } else {
2658                 tx_flags &= (~TX_CMD_FLG_ACK_MSK);
2659                 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
2660         }
2661
2662         cmd->cmd.tx.sta_id = std_id;
2663         if (ieee80211_get_morefrag(hdr))
2664                 tx_flags |= TX_CMD_FLG_MORE_FRAG_MSK;
2665
2666         qc = ieee80211_get_qos_ctrl(hdr);
2667         if (qc) {
2668                 cmd->cmd.tx.tid_tspec = (u8) (le16_to_cpu(*qc) & 0xf);
2669                 tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK;
2670         } else
2671                 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
2672
2673         if (ctrl->flags & IEEE80211_TXCTL_USE_RTS_CTS) {
2674                 tx_flags |= TX_CMD_FLG_RTS_MSK;
2675                 tx_flags &= ~TX_CMD_FLG_CTS_MSK;
2676         } else if (ctrl->flags & IEEE80211_TXCTL_USE_CTS_PROTECT) {
2677                 tx_flags &= ~TX_CMD_FLG_RTS_MSK;
2678                 tx_flags |= TX_CMD_FLG_CTS_MSK;
2679         }
2680
2681         if ((tx_flags & TX_CMD_FLG_RTS_MSK) || (tx_flags & TX_CMD_FLG_CTS_MSK))
2682                 tx_flags |= TX_CMD_FLG_FULL_TXOP_PROT_MSK;
2683
2684         tx_flags &= ~(TX_CMD_FLG_ANT_SEL_MSK);
2685         if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
2686                 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_ASSOC_REQ ||
2687                     (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_REASSOC_REQ)
2688                         cmd->cmd.tx.timeout.pm_frame_timeout = cpu_to_le16(3);
2689                 else
2690                         cmd->cmd.tx.timeout.pm_frame_timeout = cpu_to_le16(2);
2691         } else
2692                 cmd->cmd.tx.timeout.pm_frame_timeout = 0;
2693
2694         cmd->cmd.tx.driver_txop = 0;
2695         cmd->cmd.tx.tx_flags = tx_flags;
2696         cmd->cmd.tx.next_frame_len = 0;
2697 }
2698
2699 /**
2700  * iwl3945_get_sta_id - Find station's index within station table
2701  */
2702 static int iwl3945_get_sta_id(struct iwl3945_priv *priv, struct ieee80211_hdr *hdr)
2703 {
2704         int sta_id;
2705         u16 fc = le16_to_cpu(hdr->frame_control);
2706
2707         /* If this frame is broadcast or management, use broadcast station id */
2708         if (((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) ||
2709             is_multicast_ether_addr(hdr->addr1))
2710                 return priv->hw_setting.bcast_sta_id;
2711
2712         switch (priv->iw_mode) {
2713
2714         /* If we are a client station in a BSS network, use the special
2715          * AP station entry (that's the only station we communicate with) */
2716         case IEEE80211_IF_TYPE_STA:
2717                 return IWL_AP_ID;
2718
2719         /* If we are an AP, then find the station, or use BCAST */
2720         case IEEE80211_IF_TYPE_AP:
2721                 sta_id = iwl3945_hw_find_station(priv, hdr->addr1);
2722                 if (sta_id != IWL_INVALID_STATION)
2723                         return sta_id;
2724                 return priv->hw_setting.bcast_sta_id;
2725
2726         /* If this frame is going out to an IBSS network, find the station,
2727          * or create a new station table entry */
2728         case IEEE80211_IF_TYPE_IBSS: {
2729                 DECLARE_MAC_BUF(mac);
2730
2731                 /* Create new station table entry */
2732                 sta_id = iwl3945_hw_find_station(priv, hdr->addr1);
2733                 if (sta_id != IWL_INVALID_STATION)
2734                         return sta_id;
2735
2736                 sta_id = iwl3945_add_station(priv, hdr->addr1, 0, CMD_ASYNC);
2737
2738                 if (sta_id != IWL_INVALID_STATION)
2739                         return sta_id;
2740
2741                 IWL_DEBUG_DROP("Station %s not in station map. "
2742                                "Defaulting to broadcast...\n",
2743                                print_mac(mac, hdr->addr1));
2744                 iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
2745                 return priv->hw_setting.bcast_sta_id;
2746         }
2747         default:
2748                 IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
2749                 return priv->hw_setting.bcast_sta_id;
2750         }
2751 }
2752
2753 /*
2754  * start REPLY_TX command process
2755  */
2756 static int iwl3945_tx_skb(struct iwl3945_priv *priv,
2757                       struct sk_buff *skb, struct ieee80211_tx_control *ctl)
2758 {
2759         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
2760         struct iwl3945_tfd_frame *tfd;
2761         u32 *control_flags;
2762         int txq_id = ctl->queue;
2763         struct iwl3945_tx_queue *txq = NULL;
2764         struct iwl3945_queue *q = NULL;
2765         dma_addr_t phys_addr;
2766         dma_addr_t txcmd_phys;
2767         struct iwl3945_cmd *out_cmd = NULL;
2768         u16 len, idx, len_org;
2769         u8 id, hdr_len, unicast;
2770         u8 sta_id;
2771         u16 seq_number = 0;
2772         u16 fc;
2773         __le16 *qc;
2774         u8 wait_write_ptr = 0;
2775         unsigned long flags;
2776         int rc;
2777
2778         spin_lock_irqsave(&priv->lock, flags);
2779         if (iwl3945_is_rfkill(priv)) {
2780                 IWL_DEBUG_DROP("Dropping - RF KILL\n");
2781                 goto drop_unlock;
2782         }
2783
2784         if (!priv->vif) {
2785                 IWL_DEBUG_DROP("Dropping - !priv->vif\n");
2786                 goto drop_unlock;
2787         }
2788
2789         if ((ctl->tx_rate & 0xFF) == IWL_INVALID_RATE) {
2790                 IWL_ERROR("ERROR: No TX rate available.\n");
2791                 goto drop_unlock;
2792         }
2793
2794         unicast = !is_multicast_ether_addr(hdr->addr1);
2795         id = 0;
2796
2797         fc = le16_to_cpu(hdr->frame_control);
2798
2799 #ifdef CONFIG_IWL3945_DEBUG
2800         if (ieee80211_is_auth(fc))
2801                 IWL_DEBUG_TX("Sending AUTH frame\n");
2802         else if (ieee80211_is_assoc_request(fc))
2803                 IWL_DEBUG_TX("Sending ASSOC frame\n");
2804         else if (ieee80211_is_reassoc_request(fc))
2805                 IWL_DEBUG_TX("Sending REASSOC frame\n");
2806 #endif
2807
2808         /* drop all data frame if we are not associated */
2809         if ((!iwl3945_is_associated(priv) || !priv->assoc_id) &&
2810             ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
2811                 IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
2812                 goto drop_unlock;
2813         }
2814
2815         spin_unlock_irqrestore(&priv->lock, flags);
2816
2817         hdr_len = ieee80211_get_hdrlen(fc);
2818
2819         /* Find (or create) index into station table for destination station */
2820         sta_id = iwl3945_get_sta_id(priv, hdr);
2821         if (sta_id == IWL_INVALID_STATION) {
2822                 DECLARE_MAC_BUF(mac);
2823
2824                 IWL_DEBUG_DROP("Dropping - INVALID STATION: %s\n",
2825                                print_mac(mac, hdr->addr1));
2826                 goto drop;
2827         }
2828
2829         IWL_DEBUG_RATE("station Id %d\n", sta_id);
2830
2831         qc = ieee80211_get_qos_ctrl(hdr);
2832         if (qc) {
2833                 u8 tid = (u8)(le16_to_cpu(*qc) & 0xf);
2834                 seq_number = priv->stations[sta_id].tid[tid].seq_number &
2835                                 IEEE80211_SCTL_SEQ;
2836                 hdr->seq_ctrl = cpu_to_le16(seq_number) |
2837                         (hdr->seq_ctrl &
2838                                 __constant_cpu_to_le16(IEEE80211_SCTL_FRAG));
2839                 seq_number += 0x10;
2840         }
2841
2842         /* Descriptor for chosen Tx queue */
2843         txq = &priv->txq[txq_id];
2844         q = &txq->q;
2845
2846         spin_lock_irqsave(&priv->lock, flags);
2847
2848         /* Set up first empty TFD within this queue's circular TFD buffer */
2849         tfd = &txq->bd[q->write_ptr];
2850         memset(tfd, 0, sizeof(*tfd));
2851         control_flags = (u32 *) tfd;
2852         idx = get_cmd_index(q, q->write_ptr, 0);
2853
2854         /* Set up driver data for this TFD */
2855         memset(&(txq->txb[q->write_ptr]), 0, sizeof(struct iwl3945_tx_info));
2856         txq->txb[q->write_ptr].skb[0] = skb;
2857         memcpy(&(txq->txb[q->write_ptr].status.control),
2858                ctl, sizeof(struct ieee80211_tx_control));
2859
2860         /* Init first empty entry in queue's array of Tx/cmd buffers */
2861         out_cmd = &txq->cmd[idx];
2862         memset(&out_cmd->hdr, 0, sizeof(out_cmd->hdr));
2863         memset(&out_cmd->cmd.tx, 0, sizeof(out_cmd->cmd.tx));
2864
2865         /*
2866          * Set up the Tx-command (not MAC!) header.
2867          * Store the chosen Tx queue and TFD index within the sequence field;
2868          * after Tx, uCode's Tx response will return this value so driver can
2869          * locate the frame within the tx queue and do post-tx processing.
2870          */
2871         out_cmd->hdr.cmd = REPLY_TX;
2872         out_cmd->hdr.sequence = cpu_to_le16((u16)(QUEUE_TO_SEQ(txq_id) |
2873                                 INDEX_TO_SEQ(q->write_ptr)));
2874
2875         /* Copy MAC header from skb into command buffer */
2876         memcpy(out_cmd->cmd.tx.hdr, hdr, hdr_len);
2877
2878         /*
2879          * Use the first empty entry in this queue's command buffer array
2880          * to contain the Tx command and MAC header concatenated together
2881          * (payload data will be in another buffer).
2882          * Size of this varies, due to varying MAC header length.
2883          * If end is not dword aligned, we'll have 2 extra bytes at the end
2884          * of the MAC header (device reads on dword boundaries).
2885          * We'll tell device about this padding later.
2886          */
2887         len = priv->hw_setting.tx_cmd_len +
2888                 sizeof(struct iwl3945_cmd_header) + hdr_len;
2889
2890         len_org = len;
2891         len = (len + 3) & ~3;
2892
2893         if (len_org != len)
2894                 len_org = 1;
2895         else
2896                 len_org = 0;
2897
2898         /* Physical address of this Tx command's header (not MAC header!),
2899          * within command buffer array. */
2900         txcmd_phys = txq->dma_addr_cmd + sizeof(struct iwl3945_cmd) * idx +
2901                      offsetof(struct iwl3945_cmd, hdr);
2902
2903         /* Add buffer containing Tx command and MAC(!) header to TFD's
2904          * first entry */
2905         iwl3945_hw_txq_attach_buf_to_tfd(priv, tfd, txcmd_phys, len);
2906
2907         if (!(ctl->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
2908                 iwl3945_build_tx_cmd_hwcrypto(priv, ctl, out_cmd, skb, 0);
2909
2910         /* Set up TFD's 2nd entry to point directly to remainder of skb,
2911          * if any (802.11 null frames have no payload). */
2912         len = skb->len - hdr_len;
2913         if (len) {
2914                 phys_addr = pci_map_single(priv->pci_dev, skb->data + hdr_len,
2915                                            len, PCI_DMA_TODEVICE);
2916                 iwl3945_hw_txq_attach_buf_to_tfd(priv, tfd, phys_addr, len);
2917         }
2918
2919         if (!len)
2920                 /* If there is no payload, then we use only one Tx buffer */
2921                 *control_flags = TFD_CTL_COUNT_SET(1);
2922         else
2923                 /* Else use 2 buffers.
2924                  * Tell 3945 about any padding after MAC header */
2925                 *control_flags = TFD_CTL_COUNT_SET(2) |
2926                         TFD_CTL_PAD_SET(U32_PAD(len));
2927
2928         /* Total # bytes to be transmitted */
2929         len = (u16)skb->len;
2930         out_cmd->cmd.tx.len = cpu_to_le16(len);
2931
2932         /* TODO need this for burst mode later on */
2933         iwl3945_build_tx_cmd_basic(priv, out_cmd, ctl, hdr, unicast, sta_id);
2934
2935         /* set is_hcca to 0; it probably will never be implemented */
2936         iwl3945_hw_build_tx_cmd_rate(priv, out_cmd, ctl, hdr, sta_id, 0);
2937
2938         out_cmd->cmd.tx.tx_flags &= ~TX_CMD_FLG_ANT_A_MSK;
2939         out_cmd->cmd.tx.tx_flags &= ~TX_CMD_FLG_ANT_B_MSK;
2940
2941         if (!ieee80211_get_morefrag(hdr)) {
2942                 txq->need_update = 1;
2943                 if (qc) {
2944                         u8 tid = (u8)(le16_to_cpu(*qc) & 0xf);
2945                         priv->stations[sta_id].tid[tid].seq_number = seq_number;
2946                 }
2947         } else {
2948                 wait_write_ptr = 1;
2949                 txq->need_update = 0;
2950         }
2951
2952         iwl3945_print_hex_dump(IWL_DL_TX, out_cmd->cmd.payload,
2953                            sizeof(out_cmd->cmd.tx));
2954
2955         iwl3945_print_hex_dump(IWL_DL_TX, (u8 *)out_cmd->cmd.tx.hdr,
2956                            ieee80211_get_hdrlen(fc));
2957
2958         /* Tell device the write index *just past* this latest filled TFD */
2959         q->write_ptr = iwl3945_queue_inc_wrap(q->write_ptr, q->n_bd);
2960         rc = iwl3945_tx_queue_update_write_ptr(priv, txq);
2961         spin_unlock_irqrestore(&priv->lock, flags);
2962
2963         if (rc)
2964                 return rc;
2965
2966         if ((iwl3945_queue_space(q) < q->high_mark)
2967             && priv->mac80211_registered) {
2968                 if (wait_write_ptr) {
2969                         spin_lock_irqsave(&priv->lock, flags);
2970                         txq->need_update = 1;
2971                         iwl3945_tx_queue_update_write_ptr(priv, txq);
2972                         spin_unlock_irqrestore(&priv->lock, flags);
2973                 }
2974
2975                 ieee80211_stop_queue(priv->hw, ctl->queue);
2976         }
2977
2978         return 0;
2979
2980 drop_unlock:
2981         spin_unlock_irqrestore(&priv->lock, flags);
2982 drop:
2983         return -1;
2984 }
2985
2986 static void iwl3945_set_rate(struct iwl3945_priv *priv)
2987 {
2988         const struct ieee80211_hw_mode *hw = NULL;
2989         struct ieee80211_rate *rate;
2990         int i;
2991
2992         hw = iwl3945_get_hw_mode(priv, priv->phymode);
2993         if (!hw) {
2994                 IWL_ERROR("Failed to set rate: unable to get hw mode\n");
2995                 return;
2996         }
2997
2998         priv->active_rate = 0;
2999         priv->active_rate_basic = 0;
3000
3001         IWL_DEBUG_RATE("Setting rates for 802.11%c\n",
3002                        hw->mode == MODE_IEEE80211A ?
3003                        'a' : ((hw->mode == MODE_IEEE80211B) ? 'b' : 'g'));
3004
3005         for (i = 0; i < hw->num_rates; i++) {
3006                 rate = &(hw->rates[i]);
3007                 if ((rate->val < IWL_RATE_COUNT) &&
3008                     (rate->flags & IEEE80211_RATE_SUPPORTED)) {
3009                         IWL_DEBUG_RATE("Adding rate index %d (plcp %d)%s\n",
3010                                        rate->val, iwl3945_rates[rate->val].plcp,
3011                                        (rate->flags & IEEE80211_RATE_BASIC) ?
3012                                        "*" : "");
3013                         priv->active_rate |= (1 << rate->val);
3014                         if (rate->flags & IEEE80211_RATE_BASIC)
3015                                 priv->active_rate_basic |= (1 << rate->val);
3016                 } else
3017                         IWL_DEBUG_RATE("Not adding rate %d (plcp %d)\n",
3018                                        rate->val, iwl3945_rates[rate->val].plcp);
3019         }
3020
3021         IWL_DEBUG_RATE("Set active_rate = %0x, active_rate_basic = %0x\n",
3022                        priv->active_rate, priv->active_rate_basic);
3023
3024         /*
3025          * If a basic rate is configured, then use it (adding IWL_RATE_1M_MASK)
3026          * otherwise set it to the default of all CCK rates and 6, 12, 24 for
3027          * OFDM
3028          */
3029         if (priv->active_rate_basic & IWL_CCK_BASIC_RATES_MASK)
3030                 priv->staging_rxon.cck_basic_rates =
3031                     ((priv->active_rate_basic &
3032                       IWL_CCK_RATES_MASK) >> IWL_FIRST_CCK_RATE) & 0xF;
3033         else
3034                 priv->staging_rxon.cck_basic_rates =
3035                     (IWL_CCK_BASIC_RATES_MASK >> IWL_FIRST_CCK_RATE) & 0xF;
3036
3037         if (priv->active_rate_basic & IWL_OFDM_BASIC_RATES_MASK)
3038                 priv->staging_rxon.ofdm_basic_rates =
3039                     ((priv->active_rate_basic &
3040                       (IWL_OFDM_BASIC_RATES_MASK | IWL_RATE_6M_MASK)) >>
3041                       IWL_FIRST_OFDM_RATE) & 0xFF;
3042         else
3043                 priv->staging_rxon.ofdm_basic_rates =
3044                    (IWL_OFDM_BASIC_RATES_MASK >> IWL_FIRST_OFDM_RATE) & 0xFF;
3045 }
3046
3047 static void iwl3945_radio_kill_sw(struct iwl3945_priv *priv, int disable_radio)
3048 {
3049         unsigned long flags;
3050
3051         if (!!disable_radio == test_bit(STATUS_RF_KILL_SW, &priv->status))
3052                 return;
3053
3054         IWL_DEBUG_RF_KILL("Manual SW RF KILL set to: RADIO %s\n",
3055                           disable_radio ? "OFF" : "ON");
3056
3057         if (disable_radio) {
3058                 iwl3945_scan_cancel(priv);
3059                 /* FIXME: This is a workaround for AP */
3060                 if (priv->iw_mode != IEEE80211_IF_TYPE_AP) {
3061                         spin_lock_irqsave(&priv->lock, flags);
3062                         iwl3945_write32(priv, CSR_UCODE_DRV_GP1_SET,
3063                                     CSR_UCODE_SW_BIT_RFKILL);
3064                         spin_unlock_irqrestore(&priv->lock, flags);
3065                         iwl3945_send_card_state(priv, CARD_STATE_CMD_DISABLE, 0);
3066                         set_bit(STATUS_RF_KILL_SW, &priv->status);
3067                 }
3068                 return;
3069         }
3070
3071         spin_lock_irqsave(&priv->lock, flags);
3072         iwl3945_write32(priv, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
3073
3074         clear_bit(STATUS_RF_KILL_SW, &priv->status);
3075         spin_unlock_irqrestore(&priv->lock, flags);
3076
3077         /* wake up ucode */
3078         msleep(10);
3079
3080         spin_lock_irqsave(&priv->lock, flags);
3081         iwl3945_read32(priv, CSR_UCODE_DRV_GP1);
3082         if (!iwl3945_grab_nic_access(priv))
3083                 iwl3945_release_nic_access(priv);
3084         spin_unlock_irqrestore(&priv->lock, flags);
3085
3086         if (test_bit(STATUS_RF_KILL_HW, &priv->status)) {
3087                 IWL_DEBUG_RF_KILL("Can not turn radio back on - "
3088                                   "disabled by HW switch\n");
3089                 return;
3090         }
3091
3092         queue_work(priv->workqueue, &priv->restart);
3093         return;
3094 }
3095
3096 void iwl3945_set_decrypted_flag(struct iwl3945_priv *priv, struct sk_buff *skb,
3097                             u32 decrypt_res, struct ieee80211_rx_status *stats)
3098 {
3099         u16 fc =
3100             le16_to_cpu(((struct ieee80211_hdr *)skb->data)->frame_control);
3101
3102         if (priv->active_rxon.filter_flags & RXON_FILTER_DIS_DECRYPT_MSK)
3103                 return;
3104
3105         if (!(fc & IEEE80211_FCTL_PROTECTED))
3106                 return;
3107
3108         IWL_DEBUG_RX("decrypt_res:0x%x\n", decrypt_res);
3109         switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) {
3110         case RX_RES_STATUS_SEC_TYPE_TKIP:
3111                 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
3112                     RX_RES_STATUS_BAD_ICV_MIC)
3113                         stats->flag |= RX_FLAG_MMIC_ERROR;
3114         case RX_RES_STATUS_SEC_TYPE_WEP:
3115         case RX_RES_STATUS_SEC_TYPE_CCMP:
3116                 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
3117                     RX_RES_STATUS_DECRYPT_OK) {
3118                         IWL_DEBUG_RX("hw decrypt successfully!!!\n");
3119                         stats->flag |= RX_FLAG_DECRYPTED;
3120                 }
3121                 break;
3122
3123         default:
3124                 break;
3125         }
3126 }
3127
3128 #define IWL_PACKET_RETRY_TIME HZ
3129
3130 int iwl3945_is_duplicate_packet(struct iwl3945_priv *priv, struct ieee80211_hdr *header)