iwlwifi: clean up and clarify some comments after 3945/4965 split
[linux-2.6.git] / drivers / net / wireless / iwlwifi / iwl3945-base.c
1 /******************************************************************************
2  *
3  * Copyright(c) 2003 - 2007 Intel Corporation. All rights reserved.
4  *
5  * Portions of this file are derived from the ipw3945 project, as well
6  * as portions of the ieee80211 subsystem header files.
7  *
8  * This program is free software; you can redistribute it and/or modify it
9  * under the terms of version 2 of the GNU General Public License as
10  * published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it will be useful, but WITHOUT
13  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
15  * more details.
16  *
17  * You should have received a copy of the GNU General Public License along with
18  * this program; if not, write to the Free Software Foundation, Inc.,
19  * 51 Franklin Street, Fifth Floor, Boston, MA 02110, USA
20  *
21  * The full GNU General Public License is included in this distribution in the
22  * file called LICENSE.
23  *
24  * Contact Information:
25  * James P. Ketrenos <ipw2100-admin@linux.intel.com>
26  * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497
27  *
28  *****************************************************************************/
29
30 #include <linux/kernel.h>
31 #include <linux/module.h>
32 #include <linux/version.h>
33 #include <linux/init.h>
34 #include <linux/pci.h>
35 #include <linux/dma-mapping.h>
36 #include <linux/delay.h>
37 #include <linux/skbuff.h>
38 #include <linux/netdevice.h>
39 #include <linux/wireless.h>
40 #include <linux/firmware.h>
41 #include <linux/etherdevice.h>
42 #include <linux/if_arp.h>
43
44 #include <net/ieee80211_radiotap.h>
45 #include <net/mac80211.h>
46
47 #include <asm/div64.h>
48
49 #include "iwl-3945.h"
50 #include "iwl-helpers.h"
51
52 #ifdef CONFIG_IWL3945_DEBUG
53 u32 iwl3945_debug_level;
54 #endif
55
56 static int iwl3945_tx_queue_update_write_ptr(struct iwl3945_priv *priv,
57                                   struct iwl3945_tx_queue *txq);
58
59 /******************************************************************************
60  *
61  * module boiler plate
62  *
63  ******************************************************************************/
64
65 /* module parameters */
66 static int iwl3945_param_disable_hw_scan;
67 static int iwl3945_param_debug;
68 static int iwl3945_param_disable;  /* def: enable radio */
69 static int iwl3945_param_antenna;  /* def: 0 = both antennas (use diversity) */
70 int iwl3945_param_hwcrypto;        /* def: using software encryption */
71 static int iwl3945_param_qos_enable = 1;
72 int iwl3945_param_queues_num = IWL_MAX_NUM_QUEUES;
73
74 /*
75  * module name, copyright, version, etc.
76  * NOTE: DRV_NAME is defined in iwlwifi.h for use by iwl-debug.h and printk
77  */
78
79 #define DRV_DESCRIPTION \
80 "Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for Linux"
81
82 #ifdef CONFIG_IWL3945_DEBUG
83 #define VD "d"
84 #else
85 #define VD
86 #endif
87
88 #ifdef CONFIG_IWL3945_SPECTRUM_MEASUREMENT
89 #define VS "s"
90 #else
91 #define VS
92 #endif
93
94 #define IWLWIFI_VERSION "1.1.19k" VD VS
95 #define DRV_COPYRIGHT   "Copyright(c) 2003-2007 Intel Corporation"
96 #define DRV_VERSION     IWLWIFI_VERSION
97
98 /* Change firmware file name, using "-" and incrementing number,
99  *   *only* when uCode interface or architecture changes so that it
100  *   is not compatible with earlier drivers.
101  * This number will also appear in << 8 position of 1st dword of uCode file */
102 #define IWL3945_UCODE_API "-1"
103
104 MODULE_DESCRIPTION(DRV_DESCRIPTION);
105 MODULE_VERSION(DRV_VERSION);
106 MODULE_AUTHOR(DRV_COPYRIGHT);
107 MODULE_LICENSE("GPL");
108
109 static __le16 *ieee80211_get_qos_ctrl(struct ieee80211_hdr *hdr)
110 {
111         u16 fc = le16_to_cpu(hdr->frame_control);
112         int hdr_len = ieee80211_get_hdrlen(fc);
113
114         if ((fc & 0x00cc) == (IEEE80211_STYPE_QOS_DATA | IEEE80211_FTYPE_DATA))
115                 return (__le16 *) ((u8 *) hdr + hdr_len - QOS_CONTROL_LEN);
116         return NULL;
117 }
118
119 static const struct ieee80211_hw_mode *iwl3945_get_hw_mode(
120                 struct iwl3945_priv *priv, int mode)
121 {
122         int i;
123
124         for (i = 0; i < 3; i++)
125                 if (priv->modes[i].mode == mode)
126                         return &priv->modes[i];
127
128         return NULL;
129 }
130
131 static int iwl3945_is_empty_essid(const char *essid, int essid_len)
132 {
133         /* Single white space is for Linksys APs */
134         if (essid_len == 1 && essid[0] == ' ')
135                 return 1;
136
137         /* Otherwise, if the entire essid is 0, we assume it is hidden */
138         while (essid_len) {
139                 essid_len--;
140                 if (essid[essid_len] != '\0')
141                         return 0;
142         }
143
144         return 1;
145 }
146
147 static const char *iwl3945_escape_essid(const char *essid, u8 essid_len)
148 {
149         static char escaped[IW_ESSID_MAX_SIZE * 2 + 1];
150         const char *s = essid;
151         char *d = escaped;
152
153         if (iwl3945_is_empty_essid(essid, essid_len)) {
154                 memcpy(escaped, "<hidden>", sizeof("<hidden>"));
155                 return escaped;
156         }
157
158         essid_len = min(essid_len, (u8) IW_ESSID_MAX_SIZE);
159         while (essid_len--) {
160                 if (*s == '\0') {
161                         *d++ = '\\';
162                         *d++ = '0';
163                         s++;
164                 } else
165                         *d++ = *s++;
166         }
167         *d = '\0';
168         return escaped;
169 }
170
171 static void iwl3945_print_hex_dump(int level, void *p, u32 len)
172 {
173 #ifdef CONFIG_IWL3945_DEBUG
174         if (!(iwl3945_debug_level & level))
175                 return;
176
177         print_hex_dump(KERN_DEBUG, "iwl data: ", DUMP_PREFIX_OFFSET, 16, 1,
178                         p, len, 1);
179 #endif
180 }
181
182 /*************** DMA-QUEUE-GENERAL-FUNCTIONS  *****
183  * DMA services
184  *
185  * Theory of operation
186  *
187  * A queue is a circular buffers with 'Read' and 'Write' pointers.
188  * 2 empty entries always kept in the buffer to protect from overflow.
189  *
190  * For Tx queue, there are low mark and high mark limits. If, after queuing
191  * the packet for Tx, free space become < low mark, Tx queue stopped. When
192  * reclaiming packets (on 'tx done IRQ), if free space become > high mark,
193  * Tx queue resumed.
194  *
195  * The IWL operates with six queues, one receive queue in the device's
196  * sram, one transmit queue for sending commands to the device firmware,
197  * and four transmit queues for data.
198  ***************************************************/
199
200 static int iwl3945_queue_space(const struct iwl3945_queue *q)
201 {
202         int s = q->read_ptr - q->write_ptr;
203
204         if (q->read_ptr > q->write_ptr)
205                 s -= q->n_bd;
206
207         if (s <= 0)
208                 s += q->n_window;
209         /* keep some reserve to not confuse empty and full situations */
210         s -= 2;
211         if (s < 0)
212                 s = 0;
213         return s;
214 }
215
216 /* XXX: n_bd must be power-of-two size */
217 static inline int iwl3945_queue_inc_wrap(int index, int n_bd)
218 {
219         return ++index & (n_bd - 1);
220 }
221
222 /* XXX: n_bd must be power-of-two size */
223 static inline int iwl3945_queue_dec_wrap(int index, int n_bd)
224 {
225         return --index & (n_bd - 1);
226 }
227
228 static inline int x2_queue_used(const struct iwl3945_queue *q, int i)
229 {
230         return q->write_ptr > q->read_ptr ?
231                 (i >= q->read_ptr && i < q->write_ptr) :
232                 !(i < q->read_ptr && i >= q->write_ptr);
233 }
234
235 static inline u8 get_cmd_index(struct iwl3945_queue *q, u32 index, int is_huge)
236 {
237         if (is_huge)
238                 return q->n_window;
239
240         return index & (q->n_window - 1);
241 }
242
243 static int iwl3945_queue_init(struct iwl3945_priv *priv, struct iwl3945_queue *q,
244                           int count, int slots_num, u32 id)
245 {
246         q->n_bd = count;
247         q->n_window = slots_num;
248         q->id = id;
249
250         /* count must be power-of-two size, otherwise iwl3945_queue_inc_wrap
251          * and iwl3945_queue_dec_wrap are broken. */
252         BUG_ON(!is_power_of_2(count));
253
254         /* slots_num must be power-of-two size, otherwise
255          * get_cmd_index is broken. */
256         BUG_ON(!is_power_of_2(slots_num));
257
258         q->low_mark = q->n_window / 4;
259         if (q->low_mark < 4)
260                 q->low_mark = 4;
261
262         q->high_mark = q->n_window / 8;
263         if (q->high_mark < 2)
264                 q->high_mark = 2;
265
266         q->write_ptr = q->read_ptr = 0;
267
268         return 0;
269 }
270
271 static int iwl3945_tx_queue_alloc(struct iwl3945_priv *priv,
272                               struct iwl3945_tx_queue *txq, u32 id)
273 {
274         struct pci_dev *dev = priv->pci_dev;
275
276         if (id != IWL_CMD_QUEUE_NUM) {
277                 txq->txb = kmalloc(sizeof(txq->txb[0]) *
278                                    TFD_QUEUE_SIZE_MAX, GFP_KERNEL);
279                 if (!txq->txb) {
280                         IWL_ERROR("kmalloc for auxiliary BD "
281                                   "structures failed\n");
282                         goto error;
283                 }
284         } else
285                 txq->txb = NULL;
286
287         txq->bd = pci_alloc_consistent(dev,
288                         sizeof(txq->bd[0]) * TFD_QUEUE_SIZE_MAX,
289                         &txq->q.dma_addr);
290
291         if (!txq->bd) {
292                 IWL_ERROR("pci_alloc_consistent(%zd) failed\n",
293                           sizeof(txq->bd[0]) * TFD_QUEUE_SIZE_MAX);
294                 goto error;
295         }
296         txq->q.id = id;
297
298         return 0;
299
300  error:
301         if (txq->txb) {
302                 kfree(txq->txb);
303                 txq->txb = NULL;
304         }
305
306         return -ENOMEM;
307 }
308
309 int iwl3945_tx_queue_init(struct iwl3945_priv *priv,
310                       struct iwl3945_tx_queue *txq, int slots_num, u32 txq_id)
311 {
312         struct pci_dev *dev = priv->pci_dev;
313         int len;
314         int rc = 0;
315
316         /* allocate command space + one big command for scan since scan
317          * command is very huge the system will not have two scan at the
318          * same time */
319         len = sizeof(struct iwl3945_cmd) * slots_num;
320         if (txq_id == IWL_CMD_QUEUE_NUM)
321                 len +=  IWL_MAX_SCAN_SIZE;
322         txq->cmd = pci_alloc_consistent(dev, len, &txq->dma_addr_cmd);
323         if (!txq->cmd)
324                 return -ENOMEM;
325
326         rc = iwl3945_tx_queue_alloc(priv, txq, txq_id);
327         if (rc) {
328                 pci_free_consistent(dev, len, txq->cmd, txq->dma_addr_cmd);
329
330                 return -ENOMEM;
331         }
332         txq->need_update = 0;
333
334         /* TFD_QUEUE_SIZE_MAX must be power-of-two size, otherwise
335          * iwl3945_queue_inc_wrap and iwl3945_queue_dec_wrap are broken. */
336         BUILD_BUG_ON(TFD_QUEUE_SIZE_MAX & (TFD_QUEUE_SIZE_MAX - 1));
337         iwl3945_queue_init(priv, &txq->q, TFD_QUEUE_SIZE_MAX, slots_num, txq_id);
338
339         iwl3945_hw_tx_queue_init(priv, txq);
340
341         return 0;
342 }
343
344 /**
345  * iwl3945_tx_queue_free - Deallocate DMA queue.
346  * @txq: Transmit queue to deallocate.
347  *
348  * Empty queue by removing and destroying all BD's.
349  * Free all buffers.  txq itself is not freed.
350  *
351  */
352 void iwl3945_tx_queue_free(struct iwl3945_priv *priv, struct iwl3945_tx_queue *txq)
353 {
354         struct iwl3945_queue *q = &txq->q;
355         struct pci_dev *dev = priv->pci_dev;
356         int len;
357
358         if (q->n_bd == 0)
359                 return;
360
361         /* first, empty all BD's */
362         for (; q->write_ptr != q->read_ptr;
363              q->read_ptr = iwl3945_queue_inc_wrap(q->read_ptr, q->n_bd))
364                 iwl3945_hw_txq_free_tfd(priv, txq);
365
366         len = sizeof(struct iwl3945_cmd) * q->n_window;
367         if (q->id == IWL_CMD_QUEUE_NUM)
368                 len += IWL_MAX_SCAN_SIZE;
369
370         pci_free_consistent(dev, len, txq->cmd, txq->dma_addr_cmd);
371
372         /* free buffers belonging to queue itself */
373         if (txq->q.n_bd)
374                 pci_free_consistent(dev, sizeof(struct iwl3945_tfd_frame) *
375                                     txq->q.n_bd, txq->bd, txq->q.dma_addr);
376
377         if (txq->txb) {
378                 kfree(txq->txb);
379                 txq->txb = NULL;
380         }
381
382         /* 0 fill whole structure */
383         memset(txq, 0, sizeof(*txq));
384 }
385
386 const u8 iwl3945_broadcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
387
388 /*************** STATION TABLE MANAGEMENT ****
389  * mac80211 should be examined to determine if sta_info is duplicating
390  * the functionality provided here
391  */
392
393 /**************************************************************/
394 #if 0 /* temporary disable till we add real remove station */
395 static u8 iwl3945_remove_station(struct iwl3945_priv *priv, const u8 *addr, int is_ap)
396 {
397         int index = IWL_INVALID_STATION;
398         int i;
399         unsigned long flags;
400
401         spin_lock_irqsave(&priv->sta_lock, flags);
402
403         if (is_ap)
404                 index = IWL_AP_ID;
405         else if (is_broadcast_ether_addr(addr))
406                 index = priv->hw_setting.bcast_sta_id;
407         else
408                 for (i = IWL_STA_ID; i < priv->hw_setting.max_stations; i++)
409                         if (priv->stations[i].used &&
410                             !compare_ether_addr(priv->stations[i].sta.sta.addr,
411                                                 addr)) {
412                                 index = i;
413                                 break;
414                         }
415
416         if (unlikely(index == IWL_INVALID_STATION))
417                 goto out;
418
419         if (priv->stations[index].used) {
420                 priv->stations[index].used = 0;
421                 priv->num_stations--;
422         }
423
424         BUG_ON(priv->num_stations < 0);
425
426 out:
427         spin_unlock_irqrestore(&priv->sta_lock, flags);
428         return 0;
429 }
430 #endif
431 static void iwl3945_clear_stations_table(struct iwl3945_priv *priv)
432 {
433         unsigned long flags;
434
435         spin_lock_irqsave(&priv->sta_lock, flags);
436
437         priv->num_stations = 0;
438         memset(priv->stations, 0, sizeof(priv->stations));
439
440         spin_unlock_irqrestore(&priv->sta_lock, flags);
441 }
442
443
444 u8 iwl3945_add_station(struct iwl3945_priv *priv, const u8 *addr, int is_ap, u8 flags)
445 {
446         int i;
447         int index = IWL_INVALID_STATION;
448         struct iwl3945_station_entry *station;
449         unsigned long flags_spin;
450         DECLARE_MAC_BUF(mac);
451         u8 rate;
452
453         spin_lock_irqsave(&priv->sta_lock, flags_spin);
454         if (is_ap)
455                 index = IWL_AP_ID;
456         else if (is_broadcast_ether_addr(addr))
457                 index = priv->hw_setting.bcast_sta_id;
458         else
459                 for (i = IWL_STA_ID; i < priv->hw_setting.max_stations; i++) {
460                         if (!compare_ether_addr(priv->stations[i].sta.sta.addr,
461                                                 addr)) {
462                                 index = i;
463                                 break;
464                         }
465
466                         if (!priv->stations[i].used &&
467                             index == IWL_INVALID_STATION)
468                                 index = i;
469                 }
470
471         /* These two conditions has the same outcome but keep them separate
472           since they have different meaning */
473         if (unlikely(index == IWL_INVALID_STATION)) {
474                 spin_unlock_irqrestore(&priv->sta_lock, flags_spin);
475                 return index;
476         }
477
478         if (priv->stations[index].used &&
479            !compare_ether_addr(priv->stations[index].sta.sta.addr, addr)) {
480                 spin_unlock_irqrestore(&priv->sta_lock, flags_spin);
481                 return index;
482         }
483
484         IWL_DEBUG_ASSOC("Add STA ID %d: %s\n", index, print_mac(mac, addr));
485         station = &priv->stations[index];
486         station->used = 1;
487         priv->num_stations++;
488
489         memset(&station->sta, 0, sizeof(struct iwl3945_addsta_cmd));
490         memcpy(station->sta.sta.addr, addr, ETH_ALEN);
491         station->sta.mode = 0;
492         station->sta.sta.sta_id = index;
493         station->sta.station_flags = 0;
494
495         if (priv->phymode == MODE_IEEE80211A)
496                 rate = IWL_RATE_6M_PLCP;
497         else
498                 rate =  IWL_RATE_1M_PLCP;
499
500         /* Turn on both antennas for the station... */
501         station->sta.rate_n_flags =
502                         iwl3945_hw_set_rate_n_flags(rate, RATE_MCS_ANT_AB_MSK);
503         station->current_rate.rate_n_flags =
504                         le16_to_cpu(station->sta.rate_n_flags);
505
506         spin_unlock_irqrestore(&priv->sta_lock, flags_spin);
507         iwl3945_send_add_station(priv, &station->sta, flags);
508         return index;
509
510 }
511
512 /*************** DRIVER STATUS FUNCTIONS   *****/
513
514 static inline int iwl3945_is_ready(struct iwl3945_priv *priv)
515 {
516         /* The adapter is 'ready' if READY and GEO_CONFIGURED bits are
517          * set but EXIT_PENDING is not */
518         return test_bit(STATUS_READY, &priv->status) &&
519                test_bit(STATUS_GEO_CONFIGURED, &priv->status) &&
520                !test_bit(STATUS_EXIT_PENDING, &priv->status);
521 }
522
523 static inline int iwl3945_is_alive(struct iwl3945_priv *priv)
524 {
525         return test_bit(STATUS_ALIVE, &priv->status);
526 }
527
528 static inline int iwl3945_is_init(struct iwl3945_priv *priv)
529 {
530         return test_bit(STATUS_INIT, &priv->status);
531 }
532
533 static inline int iwl3945_is_rfkill(struct iwl3945_priv *priv)
534 {
535         return test_bit(STATUS_RF_KILL_HW, &priv->status) ||
536                test_bit(STATUS_RF_KILL_SW, &priv->status);
537 }
538
539 static inline int iwl3945_is_ready_rf(struct iwl3945_priv *priv)
540 {
541
542         if (iwl3945_is_rfkill(priv))
543                 return 0;
544
545         return iwl3945_is_ready(priv);
546 }
547
548 /*************** HOST COMMAND QUEUE FUNCTIONS   *****/
549
550 #define IWL_CMD(x) case x : return #x
551
552 static const char *get_cmd_string(u8 cmd)
553 {
554         switch (cmd) {
555                 IWL_CMD(REPLY_ALIVE);
556                 IWL_CMD(REPLY_ERROR);
557                 IWL_CMD(REPLY_RXON);
558                 IWL_CMD(REPLY_RXON_ASSOC);
559                 IWL_CMD(REPLY_QOS_PARAM);
560                 IWL_CMD(REPLY_RXON_TIMING);
561                 IWL_CMD(REPLY_ADD_STA);
562                 IWL_CMD(REPLY_REMOVE_STA);
563                 IWL_CMD(REPLY_REMOVE_ALL_STA);
564                 IWL_CMD(REPLY_3945_RX);
565                 IWL_CMD(REPLY_TX);
566                 IWL_CMD(REPLY_RATE_SCALE);
567                 IWL_CMD(REPLY_LEDS_CMD);
568                 IWL_CMD(REPLY_TX_LINK_QUALITY_CMD);
569                 IWL_CMD(RADAR_NOTIFICATION);
570                 IWL_CMD(REPLY_QUIET_CMD);
571                 IWL_CMD(REPLY_CHANNEL_SWITCH);
572                 IWL_CMD(CHANNEL_SWITCH_NOTIFICATION);
573                 IWL_CMD(REPLY_SPECTRUM_MEASUREMENT_CMD);
574                 IWL_CMD(SPECTRUM_MEASURE_NOTIFICATION);
575                 IWL_CMD(POWER_TABLE_CMD);
576                 IWL_CMD(PM_SLEEP_NOTIFICATION);
577                 IWL_CMD(PM_DEBUG_STATISTIC_NOTIFIC);
578                 IWL_CMD(REPLY_SCAN_CMD);
579                 IWL_CMD(REPLY_SCAN_ABORT_CMD);
580                 IWL_CMD(SCAN_START_NOTIFICATION);
581                 IWL_CMD(SCAN_RESULTS_NOTIFICATION);
582                 IWL_CMD(SCAN_COMPLETE_NOTIFICATION);
583                 IWL_CMD(BEACON_NOTIFICATION);
584                 IWL_CMD(REPLY_TX_BEACON);
585                 IWL_CMD(WHO_IS_AWAKE_NOTIFICATION);
586                 IWL_CMD(QUIET_NOTIFICATION);
587                 IWL_CMD(REPLY_TX_PWR_TABLE_CMD);
588                 IWL_CMD(MEASURE_ABORT_NOTIFICATION);
589                 IWL_CMD(REPLY_BT_CONFIG);
590                 IWL_CMD(REPLY_STATISTICS_CMD);
591                 IWL_CMD(STATISTICS_NOTIFICATION);
592                 IWL_CMD(REPLY_CARD_STATE_CMD);
593                 IWL_CMD(CARD_STATE_NOTIFICATION);
594                 IWL_CMD(MISSED_BEACONS_NOTIFICATION);
595         default:
596                 return "UNKNOWN";
597
598         }
599 }
600
601 #define HOST_COMPLETE_TIMEOUT (HZ / 2)
602
603 /**
604  * iwl3945_enqueue_hcmd - enqueue a uCode command
605  * @priv: device private data point
606  * @cmd: a point to the ucode command structure
607  *
608  * The function returns < 0 values to indicate the operation is
609  * failed. On success, it turns the index (> 0) of command in the
610  * command queue.
611  */
612 static int iwl3945_enqueue_hcmd(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
613 {
614         struct iwl3945_tx_queue *txq = &priv->txq[IWL_CMD_QUEUE_NUM];
615         struct iwl3945_queue *q = &txq->q;
616         struct iwl3945_tfd_frame *tfd;
617         u32 *control_flags;
618         struct iwl3945_cmd *out_cmd;
619         u32 idx;
620         u16 fix_size = (u16)(cmd->len + sizeof(out_cmd->hdr));
621         dma_addr_t phys_addr;
622         int pad;
623         u16 count;
624         int ret;
625         unsigned long flags;
626
627         /* If any of the command structures end up being larger than
628          * the TFD_MAX_PAYLOAD_SIZE, and it sent as a 'small' command then
629          * we will need to increase the size of the TFD entries */
630         BUG_ON((fix_size > TFD_MAX_PAYLOAD_SIZE) &&
631                !(cmd->meta.flags & CMD_SIZE_HUGE));
632
633         if (iwl3945_queue_space(q) < ((cmd->meta.flags & CMD_ASYNC) ? 2 : 1)) {
634                 IWL_ERROR("No space for Tx\n");
635                 return -ENOSPC;
636         }
637
638         spin_lock_irqsave(&priv->hcmd_lock, flags);
639
640         tfd = &txq->bd[q->write_ptr];
641         memset(tfd, 0, sizeof(*tfd));
642
643         control_flags = (u32 *) tfd;
644
645         idx = get_cmd_index(q, q->write_ptr, cmd->meta.flags & CMD_SIZE_HUGE);
646         out_cmd = &txq->cmd[idx];
647
648         out_cmd->hdr.cmd = cmd->id;
649         memcpy(&out_cmd->meta, &cmd->meta, sizeof(cmd->meta));
650         memcpy(&out_cmd->cmd.payload, cmd->data, cmd->len);
651
652         /* At this point, the out_cmd now has all of the incoming cmd
653          * information */
654
655         out_cmd->hdr.flags = 0;
656         out_cmd->hdr.sequence = cpu_to_le16(QUEUE_TO_SEQ(IWL_CMD_QUEUE_NUM) |
657                         INDEX_TO_SEQ(q->write_ptr));
658         if (out_cmd->meta.flags & CMD_SIZE_HUGE)
659                 out_cmd->hdr.sequence |= cpu_to_le16(SEQ_HUGE_FRAME);
660
661         phys_addr = txq->dma_addr_cmd + sizeof(txq->cmd[0]) * idx +
662                         offsetof(struct iwl3945_cmd, hdr);
663         iwl3945_hw_txq_attach_buf_to_tfd(priv, tfd, phys_addr, fix_size);
664
665         pad = U32_PAD(cmd->len);
666         count = TFD_CTL_COUNT_GET(*control_flags);
667         *control_flags = TFD_CTL_COUNT_SET(count) | TFD_CTL_PAD_SET(pad);
668
669         IWL_DEBUG_HC("Sending command %s (#%x), seq: 0x%04X, "
670                      "%d bytes at %d[%d]:%d\n",
671                      get_cmd_string(out_cmd->hdr.cmd),
672                      out_cmd->hdr.cmd, le16_to_cpu(out_cmd->hdr.sequence),
673                      fix_size, q->write_ptr, idx, IWL_CMD_QUEUE_NUM);
674
675         txq->need_update = 1;
676         q->write_ptr = iwl3945_queue_inc_wrap(q->write_ptr, q->n_bd);
677         ret = iwl3945_tx_queue_update_write_ptr(priv, txq);
678
679         spin_unlock_irqrestore(&priv->hcmd_lock, flags);
680         return ret ? ret : idx;
681 }
682
683 static int iwl3945_send_cmd_async(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
684 {
685         int ret;
686
687         BUG_ON(!(cmd->meta.flags & CMD_ASYNC));
688
689         /* An asynchronous command can not expect an SKB to be set. */
690         BUG_ON(cmd->meta.flags & CMD_WANT_SKB);
691
692         /* An asynchronous command MUST have a callback. */
693         BUG_ON(!cmd->meta.u.callback);
694
695         if (test_bit(STATUS_EXIT_PENDING, &priv->status))
696                 return -EBUSY;
697
698         ret = iwl3945_enqueue_hcmd(priv, cmd);
699         if (ret < 0) {
700                 IWL_ERROR("Error sending %s: iwl3945_enqueue_hcmd failed: %d\n",
701                           get_cmd_string(cmd->id), ret);
702                 return ret;
703         }
704         return 0;
705 }
706
707 static int iwl3945_send_cmd_sync(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
708 {
709         int cmd_idx;
710         int ret;
711         static atomic_t entry = ATOMIC_INIT(0); /* reentrance protection */
712
713         BUG_ON(cmd->meta.flags & CMD_ASYNC);
714
715          /* A synchronous command can not have a callback set. */
716         BUG_ON(cmd->meta.u.callback != NULL);
717
718         if (atomic_xchg(&entry, 1)) {
719                 IWL_ERROR("Error sending %s: Already sending a host command\n",
720                           get_cmd_string(cmd->id));
721                 return -EBUSY;
722         }
723
724         set_bit(STATUS_HCMD_ACTIVE, &priv->status);
725
726         if (cmd->meta.flags & CMD_WANT_SKB)
727                 cmd->meta.source = &cmd->meta;
728
729         cmd_idx = iwl3945_enqueue_hcmd(priv, cmd);
730         if (cmd_idx < 0) {
731                 ret = cmd_idx;
732                 IWL_ERROR("Error sending %s: iwl3945_enqueue_hcmd failed: %d\n",
733                           get_cmd_string(cmd->id), ret);
734                 goto out;
735         }
736
737         ret = wait_event_interruptible_timeout(priv->wait_command_queue,
738                         !test_bit(STATUS_HCMD_ACTIVE, &priv->status),
739                         HOST_COMPLETE_TIMEOUT);
740         if (!ret) {
741                 if (test_bit(STATUS_HCMD_ACTIVE, &priv->status)) {
742                         IWL_ERROR("Error sending %s: time out after %dms.\n",
743                                   get_cmd_string(cmd->id),
744                                   jiffies_to_msecs(HOST_COMPLETE_TIMEOUT));
745
746                         clear_bit(STATUS_HCMD_ACTIVE, &priv->status);
747                         ret = -ETIMEDOUT;
748                         goto cancel;
749                 }
750         }
751
752         if (test_bit(STATUS_RF_KILL_HW, &priv->status)) {
753                 IWL_DEBUG_INFO("Command %s aborted: RF KILL Switch\n",
754                                get_cmd_string(cmd->id));
755                 ret = -ECANCELED;
756                 goto fail;
757         }
758         if (test_bit(STATUS_FW_ERROR, &priv->status)) {
759                 IWL_DEBUG_INFO("Command %s failed: FW Error\n",
760                                get_cmd_string(cmd->id));
761                 ret = -EIO;
762                 goto fail;
763         }
764         if ((cmd->meta.flags & CMD_WANT_SKB) && !cmd->meta.u.skb) {
765                 IWL_ERROR("Error: Response NULL in '%s'\n",
766                           get_cmd_string(cmd->id));
767                 ret = -EIO;
768                 goto out;
769         }
770
771         ret = 0;
772         goto out;
773
774 cancel:
775         if (cmd->meta.flags & CMD_WANT_SKB) {
776                 struct iwl3945_cmd *qcmd;
777
778                 /* Cancel the CMD_WANT_SKB flag for the cmd in the
779                  * TX cmd queue. Otherwise in case the cmd comes
780                  * in later, it will possibly set an invalid
781                  * address (cmd->meta.source). */
782                 qcmd = &priv->txq[IWL_CMD_QUEUE_NUM].cmd[cmd_idx];
783                 qcmd->meta.flags &= ~CMD_WANT_SKB;
784         }
785 fail:
786         if (cmd->meta.u.skb) {
787                 dev_kfree_skb_any(cmd->meta.u.skb);
788                 cmd->meta.u.skb = NULL;
789         }
790 out:
791         atomic_set(&entry, 0);
792         return ret;
793 }
794
795 int iwl3945_send_cmd(struct iwl3945_priv *priv, struct iwl3945_host_cmd *cmd)
796 {
797         if (cmd->meta.flags & CMD_ASYNC)
798                 return iwl3945_send_cmd_async(priv, cmd);
799
800         return iwl3945_send_cmd_sync(priv, cmd);
801 }
802
803 int iwl3945_send_cmd_pdu(struct iwl3945_priv *priv, u8 id, u16 len, const void *data)
804 {
805         struct iwl3945_host_cmd cmd = {
806                 .id = id,
807                 .len = len,
808                 .data = data,
809         };
810
811         return iwl3945_send_cmd_sync(priv, &cmd);
812 }
813
814 static int __must_check iwl3945_send_cmd_u32(struct iwl3945_priv *priv, u8 id, u32 val)
815 {
816         struct iwl3945_host_cmd cmd = {
817                 .id = id,
818                 .len = sizeof(val),
819                 .data = &val,
820         };
821
822         return iwl3945_send_cmd_sync(priv, &cmd);
823 }
824
825 int iwl3945_send_statistics_request(struct iwl3945_priv *priv)
826 {
827         return iwl3945_send_cmd_u32(priv, REPLY_STATISTICS_CMD, 0);
828 }
829
830 /**
831  * iwl3945_set_rxon_channel - Set the phymode and channel values in staging RXON
832  * @phymode: MODE_IEEE80211A sets to 5.2GHz; all else set to 2.4GHz
833  * @channel: Any channel valid for the requested phymode
834
835  * In addition to setting the staging RXON, priv->phymode is also set.
836  *
837  * NOTE:  Does not commit to the hardware; it sets appropriate bit fields
838  * in the staging RXON flag structure based on the phymode
839  */
840 static int iwl3945_set_rxon_channel(struct iwl3945_priv *priv, u8 phymode, u16 channel)
841 {
842         if (!iwl3945_get_channel_info(priv, phymode, channel)) {
843                 IWL_DEBUG_INFO("Could not set channel to %d [%d]\n",
844                                channel, phymode);
845                 return -EINVAL;
846         }
847
848         if ((le16_to_cpu(priv->staging_rxon.channel) == channel) &&
849             (priv->phymode == phymode))
850                 return 0;
851
852         priv->staging_rxon.channel = cpu_to_le16(channel);
853         if (phymode == MODE_IEEE80211A)
854                 priv->staging_rxon.flags &= ~RXON_FLG_BAND_24G_MSK;
855         else
856                 priv->staging_rxon.flags |= RXON_FLG_BAND_24G_MSK;
857
858         priv->phymode = phymode;
859
860         IWL_DEBUG_INFO("Staging channel set to %d [%d]\n", channel, phymode);
861
862         return 0;
863 }
864
865 /**
866  * iwl3945_check_rxon_cmd - validate RXON structure is valid
867  *
868  * NOTE:  This is really only useful during development and can eventually
869  * be #ifdef'd out once the driver is stable and folks aren't actively
870  * making changes
871  */
872 static int iwl3945_check_rxon_cmd(struct iwl3945_rxon_cmd *rxon)
873 {
874         int error = 0;
875         int counter = 1;
876
877         if (rxon->flags & RXON_FLG_BAND_24G_MSK) {
878                 error |= le32_to_cpu(rxon->flags &
879                                 (RXON_FLG_TGJ_NARROW_BAND_MSK |
880                                  RXON_FLG_RADAR_DETECT_MSK));
881                 if (error)
882                         IWL_WARNING("check 24G fields %d | %d\n",
883                                     counter++, error);
884         } else {
885                 error |= (rxon->flags & RXON_FLG_SHORT_SLOT_MSK) ?
886                                 0 : le32_to_cpu(RXON_FLG_SHORT_SLOT_MSK);
887                 if (error)
888                         IWL_WARNING("check 52 fields %d | %d\n",
889                                     counter++, error);
890                 error |= le32_to_cpu(rxon->flags & RXON_FLG_CCK_MSK);
891                 if (error)
892                         IWL_WARNING("check 52 CCK %d | %d\n",
893                                     counter++, error);
894         }
895         error |= (rxon->node_addr[0] | rxon->bssid_addr[0]) & 0x1;
896         if (error)
897                 IWL_WARNING("check mac addr %d | %d\n", counter++, error);
898
899         /* make sure basic rates 6Mbps and 1Mbps are supported */
900         error |= (((rxon->ofdm_basic_rates & IWL_RATE_6M_MASK) == 0) &&
901                   ((rxon->cck_basic_rates & IWL_RATE_1M_MASK) == 0));
902         if (error)
903                 IWL_WARNING("check basic rate %d | %d\n", counter++, error);
904
905         error |= (le16_to_cpu(rxon->assoc_id) > 2007);
906         if (error)
907                 IWL_WARNING("check assoc id %d | %d\n", counter++, error);
908
909         error |= ((rxon->flags & (RXON_FLG_CCK_MSK | RXON_FLG_SHORT_SLOT_MSK))
910                         == (RXON_FLG_CCK_MSK | RXON_FLG_SHORT_SLOT_MSK));
911         if (error)
912                 IWL_WARNING("check CCK and short slot %d | %d\n",
913                             counter++, error);
914
915         error |= ((rxon->flags & (RXON_FLG_CCK_MSK | RXON_FLG_AUTO_DETECT_MSK))
916                         == (RXON_FLG_CCK_MSK | RXON_FLG_AUTO_DETECT_MSK));
917         if (error)
918                 IWL_WARNING("check CCK & auto detect %d | %d\n",
919                             counter++, error);
920
921         error |= ((rxon->flags & (RXON_FLG_AUTO_DETECT_MSK |
922                         RXON_FLG_TGG_PROTECT_MSK)) == RXON_FLG_TGG_PROTECT_MSK);
923         if (error)
924                 IWL_WARNING("check TGG and auto detect %d | %d\n",
925                             counter++, error);
926
927         if ((rxon->flags & RXON_FLG_DIS_DIV_MSK))
928                 error |= ((rxon->flags & (RXON_FLG_ANT_B_MSK |
929                                 RXON_FLG_ANT_A_MSK)) == 0);
930         if (error)
931                 IWL_WARNING("check antenna %d %d\n", counter++, error);
932
933         if (error)
934                 IWL_WARNING("Tuning to channel %d\n",
935                             le16_to_cpu(rxon->channel));
936
937         if (error) {
938                 IWL_ERROR("Not a valid iwl3945_rxon_assoc_cmd field values\n");
939                 return -1;
940         }
941         return 0;
942 }
943
944 /**
945  * iwl3945_full_rxon_required - check if full RXON (vs RXON_ASSOC) cmd is needed
946  * @priv: staging_rxon is compared to active_rxon
947  *
948  * If the RXON structure is changing enough to require a new tune,
949  * or is clearing the RXON_FILTER_ASSOC_MSK, then return 1 to indicate that
950  * a new tune (full RXON command, rather than RXON_ASSOC cmd) is required.
951  */
952 static int iwl3945_full_rxon_required(struct iwl3945_priv *priv)
953 {
954
955         /* These items are only settable from the full RXON command */
956         if (!(priv->active_rxon.filter_flags & RXON_FILTER_ASSOC_MSK) ||
957             compare_ether_addr(priv->staging_rxon.bssid_addr,
958                                priv->active_rxon.bssid_addr) ||
959             compare_ether_addr(priv->staging_rxon.node_addr,
960                                priv->active_rxon.node_addr) ||
961             compare_ether_addr(priv->staging_rxon.wlap_bssid_addr,
962                                priv->active_rxon.wlap_bssid_addr) ||
963             (priv->staging_rxon.dev_type != priv->active_rxon.dev_type) ||
964             (priv->staging_rxon.channel != priv->active_rxon.channel) ||
965             (priv->staging_rxon.air_propagation !=
966              priv->active_rxon.air_propagation) ||
967             (priv->staging_rxon.assoc_id != priv->active_rxon.assoc_id))
968                 return 1;
969
970         /* flags, filter_flags, ofdm_basic_rates, and cck_basic_rates can
971          * be updated with the RXON_ASSOC command -- however only some
972          * flag transitions are allowed using RXON_ASSOC */
973
974         /* Check if we are not switching bands */
975         if ((priv->staging_rxon.flags & RXON_FLG_BAND_24G_MSK) !=
976             (priv->active_rxon.flags & RXON_FLG_BAND_24G_MSK))
977                 return 1;
978
979         /* Check if we are switching association toggle */
980         if ((priv->staging_rxon.filter_flags & RXON_FILTER_ASSOC_MSK) !=
981                 (priv->active_rxon.filter_flags & RXON_FILTER_ASSOC_MSK))
982                 return 1;
983
984         return 0;
985 }
986
987 static int iwl3945_send_rxon_assoc(struct iwl3945_priv *priv)
988 {
989         int rc = 0;
990         struct iwl3945_rx_packet *res = NULL;
991         struct iwl3945_rxon_assoc_cmd rxon_assoc;
992         struct iwl3945_host_cmd cmd = {
993                 .id = REPLY_RXON_ASSOC,
994                 .len = sizeof(rxon_assoc),
995                 .meta.flags = CMD_WANT_SKB,
996                 .data = &rxon_assoc,
997         };
998         const struct iwl3945_rxon_cmd *rxon1 = &priv->staging_rxon;
999         const struct iwl3945_rxon_cmd *rxon2 = &priv->active_rxon;
1000
1001         if ((rxon1->flags == rxon2->flags) &&
1002             (rxon1->filter_flags == rxon2->filter_flags) &&
1003             (rxon1->cck_basic_rates == rxon2->cck_basic_rates) &&
1004             (rxon1->ofdm_basic_rates == rxon2->ofdm_basic_rates)) {
1005                 IWL_DEBUG_INFO("Using current RXON_ASSOC.  Not resending.\n");
1006                 return 0;
1007         }
1008
1009         rxon_assoc.flags = priv->staging_rxon.flags;
1010         rxon_assoc.filter_flags = priv->staging_rxon.filter_flags;
1011         rxon_assoc.ofdm_basic_rates = priv->staging_rxon.ofdm_basic_rates;
1012         rxon_assoc.cck_basic_rates = priv->staging_rxon.cck_basic_rates;
1013         rxon_assoc.reserved = 0;
1014
1015         rc = iwl3945_send_cmd_sync(priv, &cmd);
1016         if (rc)
1017                 return rc;
1018
1019         res = (struct iwl3945_rx_packet *)cmd.meta.u.skb->data;
1020         if (res->hdr.flags & IWL_CMD_FAILED_MSK) {
1021                 IWL_ERROR("Bad return from REPLY_RXON_ASSOC command\n");
1022                 rc = -EIO;
1023         }
1024
1025         priv->alloc_rxb_skb--;
1026         dev_kfree_skb_any(cmd.meta.u.skb);
1027
1028         return rc;
1029 }
1030
1031 /**
1032  * iwl3945_commit_rxon - commit staging_rxon to hardware
1033  *
1034  * The RXON command in staging_rxon is committed to the hardware and
1035  * the active_rxon structure is updated with the new data.  This
1036  * function correctly transitions out of the RXON_ASSOC_MSK state if
1037  * a HW tune is required based on the RXON structure changes.
1038  */
1039 static int iwl3945_commit_rxon(struct iwl3945_priv *priv)
1040 {
1041         /* cast away the const for active_rxon in this function */
1042         struct iwl3945_rxon_cmd *active_rxon = (void *)&priv->active_rxon;
1043         int rc = 0;
1044         DECLARE_MAC_BUF(mac);
1045
1046         if (!iwl3945_is_alive(priv))
1047                 return -1;
1048
1049         /* always get timestamp with Rx frame */
1050         priv->staging_rxon.flags |= RXON_FLG_TSF2HOST_MSK;
1051
1052         /* select antenna */
1053         priv->staging_rxon.flags &=
1054             ~(RXON_FLG_DIS_DIV_MSK | RXON_FLG_ANT_SEL_MSK);
1055         priv->staging_rxon.flags |= iwl3945_get_antenna_flags(priv);
1056
1057         rc = iwl3945_check_rxon_cmd(&priv->staging_rxon);
1058         if (rc) {
1059                 IWL_ERROR("Invalid RXON configuration.  Not committing.\n");
1060                 return -EINVAL;
1061         }
1062
1063         /* If we don't need to send a full RXON, we can use
1064          * iwl3945_rxon_assoc_cmd which is used to reconfigure filter
1065          * and other flags for the current radio configuration. */
1066         if (!iwl3945_full_rxon_required(priv)) {
1067                 rc = iwl3945_send_rxon_assoc(priv);
1068                 if (rc) {
1069                         IWL_ERROR("Error setting RXON_ASSOC "
1070                                   "configuration (%d).\n", rc);
1071                         return rc;
1072                 }
1073
1074                 memcpy(active_rxon, &priv->staging_rxon, sizeof(*active_rxon));
1075
1076                 return 0;
1077         }
1078
1079         /* If we are currently associated and the new config requires
1080          * an RXON_ASSOC and the new config wants the associated mask enabled,
1081          * we must clear the associated from the active configuration
1082          * before we apply the new config */
1083         if (iwl3945_is_associated(priv) &&
1084             (priv->staging_rxon.filter_flags & RXON_FILTER_ASSOC_MSK)) {
1085                 IWL_DEBUG_INFO("Toggling associated bit on current RXON\n");
1086                 active_rxon->filter_flags &= ~RXON_FILTER_ASSOC_MSK;
1087
1088                 rc = iwl3945_send_cmd_pdu(priv, REPLY_RXON,
1089                                       sizeof(struct iwl3945_rxon_cmd),
1090                                       &priv->active_rxon);
1091
1092                 /* If the mask clearing failed then we set
1093                  * active_rxon back to what it was previously */
1094                 if (rc) {
1095                         active_rxon->filter_flags |= RXON_FILTER_ASSOC_MSK;
1096                         IWL_ERROR("Error clearing ASSOC_MSK on current "
1097                                   "configuration (%d).\n", rc);
1098                         return rc;
1099                 }
1100         }
1101
1102         IWL_DEBUG_INFO("Sending RXON\n"
1103                        "* with%s RXON_FILTER_ASSOC_MSK\n"
1104                        "* channel = %d\n"
1105                        "* bssid = %s\n",
1106                        ((priv->staging_rxon.filter_flags &
1107                          RXON_FILTER_ASSOC_MSK) ? "" : "out"),
1108                        le16_to_cpu(priv->staging_rxon.channel),
1109                        print_mac(mac, priv->staging_rxon.bssid_addr));
1110
1111         /* Apply the new configuration */
1112         rc = iwl3945_send_cmd_pdu(priv, REPLY_RXON,
1113                               sizeof(struct iwl3945_rxon_cmd), &priv->staging_rxon);
1114         if (rc) {
1115                 IWL_ERROR("Error setting new configuration (%d).\n", rc);
1116                 return rc;
1117         }
1118
1119         memcpy(active_rxon, &priv->staging_rxon, sizeof(*active_rxon));
1120
1121         iwl3945_clear_stations_table(priv);
1122
1123         /* If we issue a new RXON command which required a tune then we must
1124          * send a new TXPOWER command or we won't be able to Tx any frames */
1125         rc = iwl3945_hw_reg_send_txpower(priv);
1126         if (rc) {
1127                 IWL_ERROR("Error setting Tx power (%d).\n", rc);
1128                 return rc;
1129         }
1130
1131         /* Add the broadcast address so we can send broadcast frames */
1132         if (iwl3945_add_station(priv, iwl3945_broadcast_addr, 0, 0) ==
1133             IWL_INVALID_STATION) {
1134                 IWL_ERROR("Error adding BROADCAST address for transmit.\n");
1135                 return -EIO;
1136         }
1137
1138         /* If we have set the ASSOC_MSK and we are in BSS mode then
1139          * add the IWL_AP_ID to the station rate table */
1140         if (iwl3945_is_associated(priv) &&
1141             (priv->iw_mode == IEEE80211_IF_TYPE_STA))
1142                 if (iwl3945_add_station(priv, priv->active_rxon.bssid_addr, 1, 0)
1143                     == IWL_INVALID_STATION) {
1144                         IWL_ERROR("Error adding AP address for transmit.\n");
1145                         return -EIO;
1146                 }
1147
1148         /* Init the hardware's rate fallback order based on the
1149          * phymode */
1150         rc = iwl3945_init_hw_rate_table(priv);
1151         if (rc) {
1152                 IWL_ERROR("Error setting HW rate table: %02X\n", rc);
1153                 return -EIO;
1154         }
1155
1156         return 0;
1157 }
1158
1159 static int iwl3945_send_bt_config(struct iwl3945_priv *priv)
1160 {
1161         struct iwl3945_bt_cmd bt_cmd = {
1162                 .flags = 3,
1163                 .lead_time = 0xAA,
1164                 .max_kill = 1,
1165                 .kill_ack_mask = 0,
1166                 .kill_cts_mask = 0,
1167         };
1168
1169         return iwl3945_send_cmd_pdu(priv, REPLY_BT_CONFIG,
1170                                 sizeof(struct iwl3945_bt_cmd), &bt_cmd);
1171 }
1172
1173 static int iwl3945_send_scan_abort(struct iwl3945_priv *priv)
1174 {
1175         int rc = 0;
1176         struct iwl3945_rx_packet *res;
1177         struct iwl3945_host_cmd cmd = {
1178                 .id = REPLY_SCAN_ABORT_CMD,
1179                 .meta.flags = CMD_WANT_SKB,
1180         };
1181
1182         /* If there isn't a scan actively going on in the hardware
1183          * then we are in between scan bands and not actually
1184          * actively scanning, so don't send the abort command */
1185         if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
1186                 clear_bit(STATUS_SCAN_ABORTING, &priv->status);
1187                 return 0;
1188         }
1189
1190         rc = iwl3945_send_cmd_sync(priv, &cmd);
1191         if (rc) {
1192                 clear_bit(STATUS_SCAN_ABORTING, &priv->status);
1193                 return rc;
1194         }
1195
1196         res = (struct iwl3945_rx_packet *)cmd.meta.u.skb->data;
1197         if (res->u.status != CAN_ABORT_STATUS) {
1198                 /* The scan abort will return 1 for success or
1199                  * 2 for "failure".  A failure condition can be
1200                  * due to simply not being in an active scan which
1201                  * can occur if we send the scan abort before we
1202                  * the microcode has notified us that a scan is
1203                  * completed. */
1204                 IWL_DEBUG_INFO("SCAN_ABORT returned %d.\n", res->u.status);
1205                 clear_bit(STATUS_SCAN_ABORTING, &priv->status);
1206                 clear_bit(STATUS_SCAN_HW, &priv->status);
1207         }
1208
1209         dev_kfree_skb_any(cmd.meta.u.skb);
1210
1211         return rc;
1212 }
1213
1214 static int iwl3945_card_state_sync_callback(struct iwl3945_priv *priv,
1215                                         struct iwl3945_cmd *cmd,
1216                                         struct sk_buff *skb)
1217 {
1218         return 1;
1219 }
1220
1221 /*
1222  * CARD_STATE_CMD
1223  *
1224  * Use: Sets the device's internal card state to enable, disable, or halt
1225  *
1226  * When in the 'enable' state the card operates as normal.
1227  * When in the 'disable' state, the card enters into a low power mode.
1228  * When in the 'halt' state, the card is shut down and must be fully
1229  * restarted to come back on.
1230  */
1231 static int iwl3945_send_card_state(struct iwl3945_priv *priv, u32 flags, u8 meta_flag)
1232 {
1233         struct iwl3945_host_cmd cmd = {
1234                 .id = REPLY_CARD_STATE_CMD,
1235                 .len = sizeof(u32),
1236                 .data = &flags,
1237                 .meta.flags = meta_flag,
1238         };
1239
1240         if (meta_flag & CMD_ASYNC)
1241                 cmd.meta.u.callback = iwl3945_card_state_sync_callback;
1242
1243         return iwl3945_send_cmd(priv, &cmd);
1244 }
1245
1246 static int iwl3945_add_sta_sync_callback(struct iwl3945_priv *priv,
1247                                      struct iwl3945_cmd *cmd, struct sk_buff *skb)
1248 {
1249         struct iwl3945_rx_packet *res = NULL;
1250
1251         if (!skb) {
1252                 IWL_ERROR("Error: Response NULL in REPLY_ADD_STA.\n");
1253                 return 1;
1254         }
1255
1256         res = (struct iwl3945_rx_packet *)skb->data;
1257         if (res->hdr.flags & IWL_CMD_FAILED_MSK) {
1258                 IWL_ERROR("Bad return from REPLY_ADD_STA (0x%08X)\n",
1259                           res->hdr.flags);
1260                 return 1;
1261         }
1262
1263         switch (res->u.add_sta.status) {
1264         case ADD_STA_SUCCESS_MSK:
1265                 break;
1266         default:
1267                 break;
1268         }
1269
1270         /* We didn't cache the SKB; let the caller free it */
1271         return 1;
1272 }
1273
1274 int iwl3945_send_add_station(struct iwl3945_priv *priv,
1275                          struct iwl3945_addsta_cmd *sta, u8 flags)
1276 {
1277         struct iwl3945_rx_packet *res = NULL;
1278         int rc = 0;
1279         struct iwl3945_host_cmd cmd = {
1280                 .id = REPLY_ADD_STA,
1281                 .len = sizeof(struct iwl3945_addsta_cmd),
1282                 .meta.flags = flags,
1283                 .data = sta,
1284         };
1285
1286         if (flags & CMD_ASYNC)
1287                 cmd.meta.u.callback = iwl3945_add_sta_sync_callback;
1288         else
1289                 cmd.meta.flags |= CMD_WANT_SKB;
1290
1291         rc = iwl3945_send_cmd(priv, &cmd);
1292
1293         if (rc || (flags & CMD_ASYNC))
1294                 return rc;
1295
1296         res = (struct iwl3945_rx_packet *)cmd.meta.u.skb->data;
1297         if (res->hdr.flags & IWL_CMD_FAILED_MSK) {
1298                 IWL_ERROR("Bad return from REPLY_ADD_STA (0x%08X)\n",
1299                           res->hdr.flags);
1300                 rc = -EIO;
1301         }
1302
1303         if (rc == 0) {
1304                 switch (res->u.add_sta.status) {
1305                 case ADD_STA_SUCCESS_MSK:
1306                         IWL_DEBUG_INFO("REPLY_ADD_STA PASSED\n");
1307                         break;
1308                 default:
1309                         rc = -EIO;
1310                         IWL_WARNING("REPLY_ADD_STA failed\n");
1311                         break;
1312                 }
1313         }
1314
1315         priv->alloc_rxb_skb--;
1316         dev_kfree_skb_any(cmd.meta.u.skb);
1317
1318         return rc;
1319 }
1320
1321 static int iwl3945_update_sta_key_info(struct iwl3945_priv *priv,
1322                                    struct ieee80211_key_conf *keyconf,
1323                                    u8 sta_id)
1324 {
1325         unsigned long flags;
1326         __le16 key_flags = 0;
1327
1328         switch (keyconf->alg) {
1329         case ALG_CCMP:
1330                 key_flags |= STA_KEY_FLG_CCMP;
1331                 key_flags |= cpu_to_le16(
1332                                 keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
1333                 key_flags &= ~STA_KEY_FLG_INVALID;
1334                 break;
1335         case ALG_TKIP:
1336         case ALG_WEP:
1337         default:
1338                 return -EINVAL;
1339         }
1340         spin_lock_irqsave(&priv->sta_lock, flags);
1341         priv->stations[sta_id].keyinfo.alg = keyconf->alg;
1342         priv->stations[sta_id].keyinfo.keylen = keyconf->keylen;
1343         memcpy(priv->stations[sta_id].keyinfo.key, keyconf->key,
1344                keyconf->keylen);
1345
1346         memcpy(priv->stations[sta_id].sta.key.key, keyconf->key,
1347                keyconf->keylen);
1348         priv->stations[sta_id].sta.key.key_flags = key_flags;
1349         priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
1350         priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1351
1352         spin_unlock_irqrestore(&priv->sta_lock, flags);
1353
1354         IWL_DEBUG_INFO("hwcrypto: modify ucode station key info\n");
1355         iwl3945_send_add_station(priv, &priv->stations[sta_id].sta, 0);
1356         return 0;
1357 }
1358
1359 static int iwl3945_clear_sta_key_info(struct iwl3945_priv *priv, u8 sta_id)
1360 {
1361         unsigned long flags;
1362
1363         spin_lock_irqsave(&priv->sta_lock, flags);
1364         memset(&priv->stations[sta_id].keyinfo, 0, sizeof(struct iwl3945_hw_key));
1365         memset(&priv->stations[sta_id].sta.key, 0, sizeof(struct iwl3945_keyinfo));
1366         priv->stations[sta_id].sta.key.key_flags = STA_KEY_FLG_NO_ENC;
1367         priv->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK;
1368         priv->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK;
1369         spin_unlock_irqrestore(&priv->sta_lock, flags);
1370
1371         IWL_DEBUG_INFO("hwcrypto: clear ucode station key info\n");
1372         iwl3945_send_add_station(priv, &priv->stations[sta_id].sta, 0);
1373         return 0;
1374 }
1375
1376 static void iwl3945_clear_free_frames(struct iwl3945_priv *priv)
1377 {
1378         struct list_head *element;
1379
1380         IWL_DEBUG_INFO("%d frames on pre-allocated heap on clear.\n",
1381                        priv->frames_count);
1382
1383         while (!list_empty(&priv->free_frames)) {
1384                 element = priv->free_frames.next;
1385                 list_del(element);
1386                 kfree(list_entry(element, struct iwl3945_frame, list));
1387                 priv->frames_count--;
1388         }
1389
1390         if (priv->frames_count) {
1391                 IWL_WARNING("%d frames still in use.  Did we lose one?\n",
1392                             priv->frames_count);
1393                 priv->frames_count = 0;
1394         }
1395 }
1396
1397 static struct iwl3945_frame *iwl3945_get_free_frame(struct iwl3945_priv *priv)
1398 {
1399         struct iwl3945_frame *frame;
1400         struct list_head *element;
1401         if (list_empty(&priv->free_frames)) {
1402                 frame = kzalloc(sizeof(*frame), GFP_KERNEL);
1403                 if (!frame) {
1404                         IWL_ERROR("Could not allocate frame!\n");
1405                         return NULL;
1406                 }
1407
1408                 priv->frames_count++;
1409                 return frame;
1410         }
1411
1412         element = priv->free_frames.next;
1413         list_del(element);
1414         return list_entry(element, struct iwl3945_frame, list);
1415 }
1416
1417 static void iwl3945_free_frame(struct iwl3945_priv *priv, struct iwl3945_frame *frame)
1418 {
1419         memset(frame, 0, sizeof(*frame));
1420         list_add(&frame->list, &priv->free_frames);
1421 }
1422
1423 unsigned int iwl3945_fill_beacon_frame(struct iwl3945_priv *priv,
1424                                 struct ieee80211_hdr *hdr,
1425                                 const u8 *dest, int left)
1426 {
1427
1428         if (!iwl3945_is_associated(priv) || !priv->ibss_beacon ||
1429             ((priv->iw_mode != IEEE80211_IF_TYPE_IBSS) &&
1430              (priv->iw_mode != IEEE80211_IF_TYPE_AP)))
1431                 return 0;
1432
1433         if (priv->ibss_beacon->len > left)
1434                 return 0;
1435
1436         memcpy(hdr, priv->ibss_beacon->data, priv->ibss_beacon->len);
1437
1438         return priv->ibss_beacon->len;
1439 }
1440
1441 static int iwl3945_rate_index_from_plcp(int plcp)
1442 {
1443         int i = 0;
1444
1445         for (i = 0; i < IWL_RATE_COUNT; i++)
1446                 if (iwl3945_rates[i].plcp == plcp)
1447                         return i;
1448         return -1;
1449 }
1450
1451 static u8 iwl3945_rate_get_lowest_plcp(int rate_mask)
1452 {
1453         u8 i;
1454
1455         for (i = IWL_RATE_1M_INDEX; i != IWL_RATE_INVALID;
1456              i = iwl3945_rates[i].next_ieee) {
1457                 if (rate_mask & (1 << i))
1458                         return iwl3945_rates[i].plcp;
1459         }
1460
1461         return IWL_RATE_INVALID;
1462 }
1463
1464 static int iwl3945_send_beacon_cmd(struct iwl3945_priv *priv)
1465 {
1466         struct iwl3945_frame *frame;
1467         unsigned int frame_size;
1468         int rc;
1469         u8 rate;
1470
1471         frame = iwl3945_get_free_frame(priv);
1472
1473         if (!frame) {
1474                 IWL_ERROR("Could not obtain free frame buffer for beacon "
1475                           "command.\n");
1476                 return -ENOMEM;
1477         }
1478
1479         if (!(priv->staging_rxon.flags & RXON_FLG_BAND_24G_MSK)) {
1480                 rate = iwl3945_rate_get_lowest_plcp(priv->active_rate_basic &
1481                                                 0xFF0);
1482                 if (rate == IWL_INVALID_RATE)
1483                         rate = IWL_RATE_6M_PLCP;
1484         } else {
1485                 rate = iwl3945_rate_get_lowest_plcp(priv->active_rate_basic & 0xF);
1486                 if (rate == IWL_INVALID_RATE)
1487                         rate = IWL_RATE_1M_PLCP;
1488         }
1489
1490         frame_size = iwl3945_hw_get_beacon_cmd(priv, frame, rate);
1491
1492         rc = iwl3945_send_cmd_pdu(priv, REPLY_TX_BEACON, frame_size,
1493                               &frame->u.cmd[0]);
1494
1495         iwl3945_free_frame(priv, frame);
1496
1497         return rc;
1498 }
1499
1500 /******************************************************************************
1501  *
1502  * EEPROM related functions
1503  *
1504  ******************************************************************************/
1505
1506 static void get_eeprom_mac(struct iwl3945_priv *priv, u8 *mac)
1507 {
1508         memcpy(mac, priv->eeprom.mac_address, 6);
1509 }
1510
1511 /**
1512  * iwl3945_eeprom_init - read EEPROM contents
1513  *
1514  * Load the EEPROM from adapter into priv->eeprom
1515  *
1516  * NOTE:  This routine uses the non-debug IO access functions.
1517  */
1518 int iwl3945_eeprom_init(struct iwl3945_priv *priv)
1519 {
1520         u16 *e = (u16 *)&priv->eeprom;
1521         u32 gp = iwl3945_read32(priv, CSR_EEPROM_GP);
1522         u32 r;
1523         int sz = sizeof(priv->eeprom);
1524         int rc;
1525         int i;
1526         u16 addr;
1527
1528         /* The EEPROM structure has several padding buffers within it
1529          * and when adding new EEPROM maps is subject to programmer errors
1530          * which may be very difficult to identify without explicitly
1531          * checking the resulting size of the eeprom map. */
1532         BUILD_BUG_ON(sizeof(priv->eeprom) != IWL_EEPROM_IMAGE_SIZE);
1533
1534         if ((gp & CSR_EEPROM_GP_VALID_MSK) == CSR_EEPROM_GP_BAD_SIGNATURE) {
1535                 IWL_ERROR("EEPROM not found, EEPROM_GP=0x%08x", gp);
1536                 return -ENOENT;
1537         }
1538
1539         rc = iwl3945_eeprom_acquire_semaphore(priv);
1540         if (rc < 0) {
1541                 IWL_ERROR("Failed to acquire EEPROM semaphore.\n");
1542                 return -ENOENT;
1543         }
1544
1545         /* eeprom is an array of 16bit values */
1546         for (addr = 0; addr < sz; addr += sizeof(u16)) {
1547                 _iwl3945_write32(priv, CSR_EEPROM_REG, addr << 1);
1548                 _iwl3945_clear_bit(priv, CSR_EEPROM_REG, CSR_EEPROM_REG_BIT_CMD);
1549
1550                 for (i = 0; i < IWL_EEPROM_ACCESS_TIMEOUT;
1551                                         i += IWL_EEPROM_ACCESS_DELAY) {
1552                         r = _iwl3945_read_direct32(priv, CSR_EEPROM_REG);
1553                         if (r & CSR_EEPROM_REG_READ_VALID_MSK)
1554                                 break;
1555                         udelay(IWL_EEPROM_ACCESS_DELAY);
1556                 }
1557
1558                 if (!(r & CSR_EEPROM_REG_READ_VALID_MSK)) {
1559                         IWL_ERROR("Time out reading EEPROM[%d]", addr);
1560                         return -ETIMEDOUT;
1561                 }
1562                 e[addr / 2] = le16_to_cpu(r >> 16);
1563         }
1564
1565         return 0;
1566 }
1567
1568 /******************************************************************************
1569  *
1570  * Misc. internal state and helper functions
1571  *
1572  ******************************************************************************/
1573 #ifdef CONFIG_IWL3945_DEBUG
1574
1575 /**
1576  * iwl3945_report_frame - dump frame to syslog during debug sessions
1577  *
1578  * You may hack this function to show different aspects of received frames,
1579  * including selective frame dumps.
1580  * group100 parameter selects whether to show 1 out of 100 good frames.
1581  */
1582 void iwl3945_report_frame(struct iwl3945_priv *priv,
1583                       struct iwl3945_rx_packet *pkt,
1584                       struct ieee80211_hdr *header, int group100)
1585 {
1586         u32 to_us;
1587         u32 print_summary = 0;
1588         u32 print_dump = 0;     /* set to 1 to dump all frames' contents */
1589         u32 hundred = 0;
1590         u32 dataframe = 0;
1591         u16 fc;
1592         u16 seq_ctl;
1593         u16 channel;
1594         u16 phy_flags;
1595         int rate_sym;
1596         u16 length;
1597         u16 status;
1598         u16 bcn_tmr;
1599         u32 tsf_low;
1600         u64 tsf;
1601         u8 rssi;
1602         u8 agc;
1603         u16 sig_avg;
1604         u16 noise_diff;
1605         struct iwl3945_rx_frame_stats *rx_stats = IWL_RX_STATS(pkt);
1606         struct iwl3945_rx_frame_hdr *rx_hdr = IWL_RX_HDR(pkt);
1607         struct iwl3945_rx_frame_end *rx_end = IWL_RX_END(pkt);
1608         u8 *data = IWL_RX_DATA(pkt);
1609
1610         /* MAC header */
1611         fc = le16_to_cpu(header->frame_control);
1612         seq_ctl = le16_to_cpu(header->seq_ctrl);
1613
1614         /* metadata */
1615         channel = le16_to_cpu(rx_hdr->channel);
1616         phy_flags = le16_to_cpu(rx_hdr->phy_flags);
1617         rate_sym = rx_hdr->rate;
1618         length = le16_to_cpu(rx_hdr->len);
1619
1620         /* end-of-frame status and timestamp */
1621         status = le32_to_cpu(rx_end->status);
1622         bcn_tmr = le32_to_cpu(rx_end->beacon_timestamp);
1623         tsf_low = le64_to_cpu(rx_end->timestamp) & 0x0ffffffff;
1624         tsf = le64_to_cpu(rx_end->timestamp);
1625
1626         /* signal statistics */
1627         rssi = rx_stats->rssi;
1628         agc = rx_stats->agc;
1629         sig_avg = le16_to_cpu(rx_stats->sig_avg);
1630         noise_diff = le16_to_cpu(rx_stats->noise_diff);
1631
1632         to_us = !compare_ether_addr(header->addr1, priv->mac_addr);
1633
1634         /* if data frame is to us and all is good,
1635          *   (optionally) print summary for only 1 out of every 100 */
1636         if (to_us && (fc & ~IEEE80211_FCTL_PROTECTED) ==
1637             (IEEE80211_FCTL_FROMDS | IEEE80211_FTYPE_DATA)) {
1638                 dataframe = 1;
1639                 if (!group100)
1640                         print_summary = 1;      /* print each frame */
1641                 else if (priv->framecnt_to_us < 100) {
1642                         priv->framecnt_to_us++;
1643                         print_summary = 0;
1644                 } else {
1645                         priv->framecnt_to_us = 0;
1646                         print_summary = 1;
1647                         hundred = 1;
1648                 }
1649         } else {
1650                 /* print summary for all other frames */
1651                 print_summary = 1;
1652         }
1653
1654         if (print_summary) {
1655                 char *title;
1656                 u32 rate;
1657
1658                 if (hundred)
1659                         title = "100Frames";
1660                 else if (fc & IEEE80211_FCTL_RETRY)
1661                         title = "Retry";
1662                 else if (ieee80211_is_assoc_response(fc))
1663                         title = "AscRsp";
1664                 else if (ieee80211_is_reassoc_response(fc))
1665                         title = "RasRsp";
1666                 else if (ieee80211_is_probe_response(fc)) {
1667                         title = "PrbRsp";
1668                         print_dump = 1; /* dump frame contents */
1669                 } else if (ieee80211_is_beacon(fc)) {
1670                         title = "Beacon";
1671                         print_dump = 1; /* dump frame contents */
1672                 } else if (ieee80211_is_atim(fc))
1673                         title = "ATIM";
1674                 else if (ieee80211_is_auth(fc))
1675                         title = "Auth";
1676                 else if (ieee80211_is_deauth(fc))
1677                         title = "DeAuth";
1678                 else if (ieee80211_is_disassoc(fc))
1679                         title = "DisAssoc";
1680                 else
1681                         title = "Frame";
1682
1683                 rate = iwl3945_rate_index_from_plcp(rate_sym);
1684                 if (rate == -1)
1685                         rate = 0;
1686                 else
1687                         rate = iwl3945_rates[rate].ieee / 2;
1688
1689                 /* print frame summary.
1690                  * MAC addresses show just the last byte (for brevity),
1691                  *    but you can hack it to show more, if you'd like to. */
1692                 if (dataframe)
1693                         IWL_DEBUG_RX("%s: mhd=0x%04x, dst=0x%02x, "
1694                                      "len=%u, rssi=%d, chnl=%d, rate=%u, \n",
1695                                      title, fc, header->addr1[5],
1696                                      length, rssi, channel, rate);
1697                 else {
1698                         /* src/dst addresses assume managed mode */
1699                         IWL_DEBUG_RX("%s: 0x%04x, dst=0x%02x, "
1700                                      "src=0x%02x, rssi=%u, tim=%lu usec, "
1701                                      "phy=0x%02x, chnl=%d\n",
1702                                      title, fc, header->addr1[5],
1703                                      header->addr3[5], rssi,
1704                                      tsf_low - priv->scan_start_tsf,
1705                                      phy_flags, channel);
1706                 }
1707         }
1708         if (print_dump)
1709                 iwl3945_print_hex_dump(IWL_DL_RX, data, length);
1710 }
1711 #endif
1712
1713 static void iwl3945_unset_hw_setting(struct iwl3945_priv *priv)
1714 {
1715         if (priv->hw_setting.shared_virt)
1716                 pci_free_consistent(priv->pci_dev,
1717                                     sizeof(struct iwl3945_shared),
1718                                     priv->hw_setting.shared_virt,
1719                                     priv->hw_setting.shared_phys);
1720 }
1721
1722 /**
1723  * iwl3945_supported_rate_to_ie - fill in the supported rate in IE field
1724  *
1725  * return : set the bit for each supported rate insert in ie
1726  */
1727 static u16 iwl3945_supported_rate_to_ie(u8 *ie, u16 supported_rate,
1728                                     u16 basic_rate, int *left)
1729 {
1730         u16 ret_rates = 0, bit;
1731         int i;
1732         u8 *cnt = ie;
1733         u8 *rates = ie + 1;
1734
1735         for (bit = 1, i = 0; i < IWL_RATE_COUNT; i++, bit <<= 1) {
1736                 if (bit & supported_rate) {
1737                         ret_rates |= bit;
1738                         rates[*cnt] = iwl3945_rates[i].ieee |
1739                                 ((bit & basic_rate) ? 0x80 : 0x00);
1740                         (*cnt)++;
1741                         (*left)--;
1742                         if ((*left <= 0) ||
1743                             (*cnt >= IWL_SUPPORTED_RATES_IE_LEN))
1744                                 break;
1745                 }
1746         }
1747
1748         return ret_rates;
1749 }
1750
1751 /**
1752  * iwl3945_fill_probe_req - fill in all required fields and IE for probe request
1753  */
1754 static u16 iwl3945_fill_probe_req(struct iwl3945_priv *priv,
1755                               struct ieee80211_mgmt *frame,
1756                               int left, int is_direct)
1757 {
1758         int len = 0;
1759         u8 *pos = NULL;
1760         u16 active_rates, ret_rates, cck_rates;
1761
1762         /* Make sure there is enough space for the probe request,
1763          * two mandatory IEs and the data */
1764         left -= 24;
1765         if (left < 0)
1766                 return 0;
1767         len += 24;
1768
1769         frame->frame_control = cpu_to_le16(IEEE80211_STYPE_PROBE_REQ);
1770         memcpy(frame->da, iwl3945_broadcast_addr, ETH_ALEN);
1771         memcpy(frame->sa, priv->mac_addr, ETH_ALEN);
1772         memcpy(frame->bssid, iwl3945_broadcast_addr, ETH_ALEN);
1773         frame->seq_ctrl = 0;
1774
1775         /* fill in our indirect SSID IE */
1776         /* ...next IE... */
1777
1778         left -= 2;
1779         if (left < 0)
1780                 return 0;
1781         len += 2;
1782         pos = &(frame->u.probe_req.variable[0]);
1783         *pos++ = WLAN_EID_SSID;
1784         *pos++ = 0;
1785
1786         /* fill in our direct SSID IE... */
1787         if (is_direct) {
1788                 /* ...next IE... */
1789                 left -= 2 + priv->essid_len;
1790                 if (left < 0)
1791                         return 0;
1792                 /* ... fill it in... */
1793                 *pos++ = WLAN_EID_SSID;
1794                 *pos++ = priv->essid_len;
1795                 memcpy(pos, priv->essid, priv->essid_len);
1796                 pos += priv->essid_len;
1797                 len += 2 + priv->essid_len;
1798         }
1799
1800         /* fill in supported rate */
1801         /* ...next IE... */
1802         left -= 2;
1803         if (left < 0)
1804                 return 0;
1805
1806         /* ... fill it in... */
1807         *pos++ = WLAN_EID_SUPP_RATES;
1808         *pos = 0;
1809
1810         priv->active_rate = priv->rates_mask;
1811         active_rates = priv->active_rate;
1812         priv->active_rate_basic = priv->rates_mask & IWL_BASIC_RATES_MASK;
1813
1814         cck_rates = IWL_CCK_RATES_MASK & active_rates;
1815         ret_rates = iwl3945_supported_rate_to_ie(pos, cck_rates,
1816                         priv->active_rate_basic, &left);
1817         active_rates &= ~ret_rates;
1818
1819         ret_rates = iwl3945_supported_rate_to_ie(pos, active_rates,
1820                                  priv->active_rate_basic, &left);
1821         active_rates &= ~ret_rates;
1822
1823         len += 2 + *pos;
1824         pos += (*pos) + 1;
1825         if (active_rates == 0)
1826                 goto fill_end;
1827
1828         /* fill in supported extended rate */
1829         /* ...next IE... */
1830         left -= 2;
1831         if (left < 0)
1832                 return 0;
1833         /* ... fill it in... */
1834         *pos++ = WLAN_EID_EXT_SUPP_RATES;
1835         *pos = 0;
1836         iwl3945_supported_rate_to_ie(pos, active_rates,
1837                                  priv->active_rate_basic, &left);
1838         if (*pos > 0)
1839                 len += 2 + *pos;
1840
1841  fill_end:
1842         return (u16)len;
1843 }
1844
1845 /*
1846  * QoS  support
1847 */
1848 #ifdef CONFIG_IWL3945_QOS
1849 static int iwl3945_send_qos_params_command(struct iwl3945_priv *priv,
1850                                        struct iwl3945_qosparam_cmd *qos)
1851 {
1852
1853         return iwl3945_send_cmd_pdu(priv, REPLY_QOS_PARAM,
1854                                 sizeof(struct iwl3945_qosparam_cmd), qos);
1855 }
1856
1857 static void iwl3945_reset_qos(struct iwl3945_priv *priv)
1858 {
1859         u16 cw_min = 15;
1860         u16 cw_max = 1023;
1861         u8 aifs = 2;
1862         u8 is_legacy = 0;
1863         unsigned long flags;
1864         int i;
1865
1866         spin_lock_irqsave(&priv->lock, flags);
1867         priv->qos_data.qos_active = 0;
1868
1869         if (priv->iw_mode == IEEE80211_IF_TYPE_IBSS) {
1870                 if (priv->qos_data.qos_enable)
1871                         priv->qos_data.qos_active = 1;
1872                 if (!(priv->active_rate & 0xfff0)) {
1873                         cw_min = 31;
1874                         is_legacy = 1;
1875                 }
1876         } else if (priv->iw_mode == IEEE80211_IF_TYPE_AP) {
1877                 if (priv->qos_data.qos_enable)
1878                         priv->qos_data.qos_active = 1;
1879         } else if (!(priv->staging_rxon.flags & RXON_FLG_SHORT_SLOT_MSK)) {
1880                 cw_min = 31;
1881                 is_legacy = 1;
1882         }
1883
1884         if (priv->qos_data.qos_active)
1885                 aifs = 3;
1886
1887         priv->qos_data.def_qos_parm.ac[0].cw_min = cpu_to_le16(cw_min);
1888         priv->qos_data.def_qos_parm.ac[0].cw_max = cpu_to_le16(cw_max);
1889         priv->qos_data.def_qos_parm.ac[0].aifsn = aifs;
1890         priv->qos_data.def_qos_parm.ac[0].edca_txop = 0;
1891         priv->qos_data.def_qos_parm.ac[0].reserved1 = 0;
1892
1893         if (priv->qos_data.qos_active) {
1894                 i = 1;
1895                 priv->qos_data.def_qos_parm.ac[i].cw_min = cpu_to_le16(cw_min);
1896                 priv->qos_data.def_qos_parm.ac[i].cw_max = cpu_to_le16(cw_max);
1897                 priv->qos_data.def_qos_parm.ac[i].aifsn = 7;
1898                 priv->qos_data.def_qos_parm.ac[i].edca_txop = 0;
1899                 priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1900
1901                 i = 2;
1902                 priv->qos_data.def_qos_parm.ac[i].cw_min =
1903                         cpu_to_le16((cw_min + 1) / 2 - 1);
1904                 priv->qos_data.def_qos_parm.ac[i].cw_max =
1905                         cpu_to_le16(cw_max);
1906                 priv->qos_data.def_qos_parm.ac[i].aifsn = 2;
1907                 if (is_legacy)
1908                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1909                                 cpu_to_le16(6016);
1910                 else
1911                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1912                                 cpu_to_le16(3008);
1913                 priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1914
1915                 i = 3;
1916                 priv->qos_data.def_qos_parm.ac[i].cw_min =
1917                         cpu_to_le16((cw_min + 1) / 4 - 1);
1918                 priv->qos_data.def_qos_parm.ac[i].cw_max =
1919                         cpu_to_le16((cw_max + 1) / 2 - 1);
1920                 priv->qos_data.def_qos_parm.ac[i].aifsn = 2;
1921                 priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1922                 if (is_legacy)
1923                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1924                                 cpu_to_le16(3264);
1925                 else
1926                         priv->qos_data.def_qos_parm.ac[i].edca_txop =
1927                                 cpu_to_le16(1504);
1928         } else {
1929                 for (i = 1; i < 4; i++) {
1930                         priv->qos_data.def_qos_parm.ac[i].cw_min =
1931                                 cpu_to_le16(cw_min);
1932                         priv->qos_data.def_qos_parm.ac[i].cw_max =
1933                                 cpu_to_le16(cw_max);
1934                         priv->qos_data.def_qos_parm.ac[i].aifsn = aifs;
1935                         priv->qos_data.def_qos_parm.ac[i].edca_txop = 0;
1936                         priv->qos_data.def_qos_parm.ac[i].reserved1 = 0;
1937                 }
1938         }
1939         IWL_DEBUG_QOS("set QoS to default \n");
1940
1941         spin_unlock_irqrestore(&priv->lock, flags);
1942 }
1943
1944 static void iwl3945_activate_qos(struct iwl3945_priv *priv, u8 force)
1945 {
1946         unsigned long flags;
1947
1948         if (test_bit(STATUS_EXIT_PENDING, &priv->status))
1949                 return;
1950
1951         if (!priv->qos_data.qos_enable)
1952                 return;
1953
1954         spin_lock_irqsave(&priv->lock, flags);
1955         priv->qos_data.def_qos_parm.qos_flags = 0;
1956
1957         if (priv->qos_data.qos_cap.q_AP.queue_request &&
1958             !priv->qos_data.qos_cap.q_AP.txop_request)
1959                 priv->qos_data.def_qos_parm.qos_flags |=
1960                         QOS_PARAM_FLG_TXOP_TYPE_MSK;
1961
1962         if (priv->qos_data.qos_active)
1963                 priv->qos_data.def_qos_parm.qos_flags |=
1964                         QOS_PARAM_FLG_UPDATE_EDCA_MSK;
1965
1966         spin_unlock_irqrestore(&priv->lock, flags);
1967
1968         if (force || iwl3945_is_associated(priv)) {
1969                 IWL_DEBUG_QOS("send QoS cmd with Qos active %d \n",
1970                               priv->qos_data.qos_active);
1971
1972                 iwl3945_send_qos_params_command(priv,
1973                                 &(priv->qos_data.def_qos_parm));
1974         }
1975 }
1976
1977 #endif /* CONFIG_IWL3945_QOS */
1978 /*
1979  * Power management (not Tx power!) functions
1980  */
1981 #define MSEC_TO_USEC 1024
1982
1983 #define NOSLP __constant_cpu_to_le32(0)
1984 #define SLP IWL_POWER_DRIVER_ALLOW_SLEEP_MSK
1985 #define SLP_TIMEOUT(T) __constant_cpu_to_le32((T) * MSEC_TO_USEC)
1986 #define SLP_VEC(X0, X1, X2, X3, X4) {__constant_cpu_to_le32(X0), \
1987                                      __constant_cpu_to_le32(X1), \
1988                                      __constant_cpu_to_le32(X2), \
1989                                      __constant_cpu_to_le32(X3), \
1990                                      __constant_cpu_to_le32(X4)}
1991
1992
1993 /* default power management (not Tx power) table values */
1994 /* for tim  0-10 */
1995 static struct iwl3945_power_vec_entry range_0[IWL_POWER_AC] = {
1996         {{NOSLP, SLP_TIMEOUT(0), SLP_TIMEOUT(0), SLP_VEC(0, 0, 0, 0, 0)}, 0},
1997         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(500), SLP_VEC(1, 2, 3, 4, 4)}, 0},
1998         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(300), SLP_VEC(2, 4, 6, 7, 7)}, 0},
1999         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(100), SLP_VEC(2, 6, 9, 9, 10)}, 0},
2000         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(25), SLP_VEC(2, 7, 9, 9, 10)}, 1},
2001         {{SLP, SLP_TIMEOUT(25), SLP_TIMEOUT(25), SLP_VEC(4, 7, 10, 10, 10)}, 1}
2002 };
2003
2004 /* for tim > 10 */
2005 static struct iwl3945_power_vec_entry range_1[IWL_POWER_AC] = {
2006         {{NOSLP, SLP_TIMEOUT(0), SLP_TIMEOUT(0), SLP_VEC(0, 0, 0, 0, 0)}, 0},
2007         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(500),
2008                  SLP_VEC(1, 2, 3, 4, 0xFF)}, 0},
2009         {{SLP, SLP_TIMEOUT(200), SLP_TIMEOUT(300),
2010                  SLP_VEC(2, 4, 6, 7, 0xFF)}, 0},
2011         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(100),
2012                  SLP_VEC(2, 6, 9, 9, 0xFF)}, 0},
2013         {{SLP, SLP_TIMEOUT(50), SLP_TIMEOUT(25), SLP_VEC(2, 7, 9, 9, 0xFF)}, 0},
2014         {{SLP, SLP_TIMEOUT(25), SLP_TIMEOUT(25),
2015                  SLP_VEC(4, 7, 10, 10, 0xFF)}, 0}
2016 };
2017
2018 int iwl3945_power_init_handle(struct iwl3945_priv *priv)
2019 {
2020         int rc = 0, i;
2021         struct iwl3945_power_mgr *pow_data;
2022         int size = sizeof(struct iwl3945_power_vec_entry) * IWL_POWER_AC;
2023         u16 pci_pm;
2024
2025         IWL_DEBUG_POWER("Initialize power \n");
2026
2027         pow_data = &(priv->power_data);
2028
2029         memset(pow_data, 0, sizeof(*pow_data));
2030
2031         pow_data->active_index = IWL_POWER_RANGE_0;
2032         pow_data->dtim_val = 0xffff;
2033
2034         memcpy(&pow_data->pwr_range_0[0], &range_0[0], size);
2035         memcpy(&pow_data->pwr_range_1[0], &range_1[0], size);
2036
2037         rc = pci_read_config_word(priv->pci_dev, PCI_LINK_CTRL, &pci_pm);
2038         if (rc != 0)
2039                 return 0;
2040         else {
2041                 struct iwl3945_powertable_cmd *cmd;
2042
2043                 IWL_DEBUG_POWER("adjust power command flags\n");
2044
2045                 for (i = 0; i < IWL_POWER_AC; i++) {
2046                         cmd = &pow_data->pwr_range_0[i].cmd;
2047
2048                         if (pci_pm & 0x1)
2049                                 cmd->flags &= ~IWL_POWER_PCI_PM_MSK;
2050                         else
2051                                 cmd->flags |= IWL_POWER_PCI_PM_MSK;
2052                 }
2053         }
2054         return rc;
2055 }
2056
2057 static int iwl3945_update_power_cmd(struct iwl3945_priv *priv,
2058                                 struct iwl3945_powertable_cmd *cmd, u32 mode)
2059 {
2060         int rc = 0, i;
2061         u8 skip;
2062         u32 max_sleep = 0;
2063         struct iwl3945_power_vec_entry *range;
2064         u8 period = 0;
2065         struct iwl3945_power_mgr *pow_data;
2066
2067         if (mode > IWL_POWER_INDEX_5) {
2068                 IWL_DEBUG_POWER("Error invalid power mode \n");
2069                 return -1;
2070         }
2071         pow_data = &(priv->power_data);
2072
2073         if (pow_data->active_index == IWL_POWER_RANGE_0)
2074                 range = &pow_data->pwr_range_0[0];
2075         else
2076                 range = &pow_data->pwr_range_1[1];
2077
2078         memcpy(cmd, &range[mode].cmd, sizeof(struct iwl3945_powertable_cmd));
2079
2080 #ifdef IWL_MAC80211_DISABLE
2081         if (priv->assoc_network != NULL) {
2082                 unsigned long flags;
2083
2084                 period = priv->assoc_network->tim.tim_period;
2085         }
2086 #endif  /*IWL_MAC80211_DISABLE */
2087         skip = range[mode].no_dtim;
2088
2089         if (period == 0) {
2090                 period = 1;
2091                 skip = 0;
2092         }
2093
2094         if (skip == 0) {
2095                 max_sleep = period;
2096                 cmd->flags &= ~IWL_POWER_SLEEP_OVER_DTIM_MSK;
2097         } else {
2098                 __le32 slp_itrvl = cmd->sleep_interval[IWL_POWER_VEC_SIZE - 1];
2099                 max_sleep = (le32_to_cpu(slp_itrvl) / period) * period;
2100                 cmd->flags |= IWL_POWER_SLEEP_OVER_DTIM_MSK;
2101         }
2102
2103         for (i = 0; i < IWL_POWER_VEC_SIZE; i++) {
2104                 if (le32_to_cpu(cmd->sleep_interval[i]) > max_sleep)
2105                         cmd->sleep_interval[i] = cpu_to_le32(max_sleep);
2106         }
2107
2108         IWL_DEBUG_POWER("Flags value = 0x%08X\n", cmd->flags);
2109         IWL_DEBUG_POWER("Tx timeout = %u\n", le32_to_cpu(cmd->tx_data_timeout));
2110         IWL_DEBUG_POWER("Rx timeout = %u\n", le32_to_cpu(cmd->rx_data_timeout));
2111         IWL_DEBUG_POWER("Sleep interval vector = { %d , %d , %d , %d , %d }\n",
2112                         le32_to_cpu(cmd->sleep_interval[0]),
2113                         le32_to_cpu(cmd->sleep_interval[1]),
2114                         le32_to_cpu(cmd->sleep_interval[2]),
2115                         le32_to_cpu(cmd->sleep_interval[3]),
2116                         le32_to_cpu(cmd->sleep_interval[4]));
2117
2118         return rc;
2119 }
2120
2121 static int iwl3945_send_power_mode(struct iwl3945_priv *priv, u32 mode)
2122 {
2123         u32 uninitialized_var(final_mode);
2124         int rc;
2125         struct iwl3945_powertable_cmd cmd;
2126
2127         /* If on battery, set to 3,
2128          * if plugged into AC power, set to CAM ("continuously aware mode"),
2129          * else user level */
2130         switch (mode) {
2131         case IWL_POWER_BATTERY:
2132                 final_mode = IWL_POWER_INDEX_3;
2133                 break;
2134         case IWL_POWER_AC:
2135                 final_mode = IWL_POWER_MODE_CAM;
2136                 break;
2137         default:
2138                 final_mode = mode;
2139                 break;
2140         }
2141
2142         iwl3945_update_power_cmd(priv, &cmd, final_mode);
2143
2144         rc = iwl3945_send_cmd_pdu(priv, POWER_TABLE_CMD, sizeof(cmd), &cmd);
2145
2146         if (final_mode == IWL_POWER_MODE_CAM)
2147                 clear_bit(STATUS_POWER_PMI, &priv->status);
2148         else
2149                 set_bit(STATUS_POWER_PMI, &priv->status);
2150
2151         return rc;
2152 }
2153
2154 int iwl3945_is_network_packet(struct iwl3945_priv *priv, struct ieee80211_hdr *header)
2155 {
2156         /* Filter incoming packets to determine if they are targeted toward
2157          * this network, discarding packets coming from ourselves */
2158         switch (priv->iw_mode) {
2159         case IEEE80211_IF_TYPE_IBSS: /* Header: Dest. | Source    | BSSID */
2160                 /* packets from our adapter are dropped (echo) */
2161                 if (!compare_ether_addr(header->addr2, priv->mac_addr))
2162                         return 0;
2163                 /* {broad,multi}cast packets to our IBSS go through */
2164                 if (is_multicast_ether_addr(header->addr1))
2165                         return !compare_ether_addr(header->addr3, priv->bssid);
2166                 /* packets to our adapter go through */
2167                 return !compare_ether_addr(header->addr1, priv->mac_addr);
2168         case IEEE80211_IF_TYPE_STA: /* Header: Dest. | AP{BSSID} | Source */
2169                 /* packets from our adapter are dropped (echo) */
2170                 if (!compare_ether_addr(header->addr3, priv->mac_addr))
2171                         return 0;
2172                 /* {broad,multi}cast packets to our BSS go through */
2173                 if (is_multicast_ether_addr(header->addr1))
2174                         return !compare_ether_addr(header->addr2, priv->bssid);
2175                 /* packets to our adapter go through */
2176                 return !compare_ether_addr(header->addr1, priv->mac_addr);
2177         }
2178
2179         return 1;
2180 }
2181
2182 #define TX_STATUS_ENTRY(x) case TX_STATUS_FAIL_ ## x: return #x
2183
2184 static const char *iwl3945_get_tx_fail_reason(u32 status)
2185 {
2186         switch (status & TX_STATUS_MSK) {
2187         case TX_STATUS_SUCCESS:
2188                 return "SUCCESS";
2189                 TX_STATUS_ENTRY(SHORT_LIMIT);
2190                 TX_STATUS_ENTRY(LONG_LIMIT);
2191                 TX_STATUS_ENTRY(FIFO_UNDERRUN);
2192                 TX_STATUS_ENTRY(MGMNT_ABORT);
2193                 TX_STATUS_ENTRY(NEXT_FRAG);
2194                 TX_STATUS_ENTRY(LIFE_EXPIRE);
2195                 TX_STATUS_ENTRY(DEST_PS);
2196                 TX_STATUS_ENTRY(ABORTED);
2197                 TX_STATUS_ENTRY(BT_RETRY);
2198                 TX_STATUS_ENTRY(STA_INVALID);
2199                 TX_STATUS_ENTRY(FRAG_DROPPED);
2200                 TX_STATUS_ENTRY(TID_DISABLE);
2201                 TX_STATUS_ENTRY(FRAME_FLUSHED);
2202                 TX_STATUS_ENTRY(INSUFFICIENT_CF_POLL);
2203                 TX_STATUS_ENTRY(TX_LOCKED);
2204                 TX_STATUS_ENTRY(NO_BEACON_ON_RADAR);
2205         }
2206
2207         return "UNKNOWN";
2208 }
2209
2210 /**
2211  * iwl3945_scan_cancel - Cancel any currently executing HW scan
2212  *
2213  * NOTE: priv->mutex is not required before calling this function
2214  */
2215 static int iwl3945_scan_cancel(struct iwl3945_priv *priv)
2216 {
2217         if (!test_bit(STATUS_SCAN_HW, &priv->status)) {
2218                 clear_bit(STATUS_SCANNING, &priv->status);
2219                 return 0;
2220         }
2221
2222         if (test_bit(STATUS_SCANNING, &priv->status)) {
2223                 if (!test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
2224                         IWL_DEBUG_SCAN("Queuing scan abort.\n");
2225                         set_bit(STATUS_SCAN_ABORTING, &priv->status);
2226                         queue_work(priv->workqueue, &priv->abort_scan);
2227
2228                 } else
2229                         IWL_DEBUG_SCAN("Scan abort already in progress.\n");
2230
2231                 return test_bit(STATUS_SCANNING, &priv->status);
2232         }
2233
2234         return 0;
2235 }
2236
2237 /**
2238  * iwl3945_scan_cancel_timeout - Cancel any currently executing HW scan
2239  * @ms: amount of time to wait (in milliseconds) for scan to abort
2240  *
2241  * NOTE: priv->mutex must be held before calling this function
2242  */
2243 static int iwl3945_scan_cancel_timeout(struct iwl3945_priv *priv, unsigned long ms)
2244 {
2245         unsigned long now = jiffies;
2246         int ret;
2247
2248         ret = iwl3945_scan_cancel(priv);
2249         if (ret && ms) {
2250                 mutex_unlock(&priv->mutex);
2251                 while (!time_after(jiffies, now + msecs_to_jiffies(ms)) &&
2252                                 test_bit(STATUS_SCANNING, &priv->status))
2253                         msleep(1);
2254                 mutex_lock(&priv->mutex);
2255
2256                 return test_bit(STATUS_SCANNING, &priv->status);
2257         }
2258
2259         return ret;
2260 }
2261
2262 static void iwl3945_sequence_reset(struct iwl3945_priv *priv)
2263 {
2264         /* Reset ieee stats */
2265
2266         /* We don't reset the net_device_stats (ieee->stats) on
2267          * re-association */
2268
2269         priv->last_seq_num = -1;
2270         priv->last_frag_num = -1;
2271         priv->last_packet_time = 0;
2272
2273         iwl3945_scan_cancel(priv);
2274 }
2275
2276 #define MAX_UCODE_BEACON_INTERVAL       1024
2277 #define INTEL_CONN_LISTEN_INTERVAL      __constant_cpu_to_le16(0xA)
2278
2279 static __le16 iwl3945_adjust_beacon_interval(u16 beacon_val)
2280 {
2281         u16 new_val = 0;
2282         u16 beacon_factor = 0;
2283
2284         beacon_factor =
2285             (beacon_val + MAX_UCODE_BEACON_INTERVAL)
2286                 / MAX_UCODE_BEACON_INTERVAL;
2287         new_val = beacon_val / beacon_factor;
2288
2289         return cpu_to_le16(new_val);
2290 }
2291
2292 static void iwl3945_setup_rxon_timing(struct iwl3945_priv *priv)
2293 {
2294         u64 interval_tm_unit;
2295         u64 tsf, result;
2296         unsigned long flags;
2297         struct ieee80211_conf *conf = NULL;
2298         u16 beacon_int = 0;
2299
2300         conf = ieee80211_get_hw_conf(priv->hw);
2301
2302         spin_lock_irqsave(&priv->lock, flags);
2303         priv->rxon_timing.timestamp.dw[1] = cpu_to_le32(priv->timestamp1);
2304         priv->rxon_timing.timestamp.dw[0] = cpu_to_le32(priv->timestamp0);
2305
2306         priv->rxon_timing.listen_interval = INTEL_CONN_LISTEN_INTERVAL;
2307
2308         tsf = priv->timestamp1;
2309         tsf = ((tsf << 32) | priv->timestamp0);
2310
2311         beacon_int = priv->beacon_int;
2312         spin_unlock_irqrestore(&priv->lock, flags);
2313
2314         if (priv->iw_mode == IEEE80211_IF_TYPE_STA) {
2315                 if (beacon_int == 0) {
2316                         priv->rxon_timing.beacon_interval = cpu_to_le16(100);
2317                         priv->rxon_timing.beacon_init_val = cpu_to_le32(102400);
2318                 } else {
2319                         priv->rxon_timing.beacon_interval =
2320                                 cpu_to_le16(beacon_int);
2321                         priv->rxon_timing.beacon_interval =
2322                             iwl3945_adjust_beacon_interval(
2323                                 le16_to_cpu(priv->rxon_timing.beacon_interval));
2324                 }
2325
2326                 priv->rxon_timing.atim_window = 0;
2327         } else {
2328                 priv->rxon_timing.beacon_interval =
2329                         iwl3945_adjust_beacon_interval(conf->beacon_int);
2330                 /* TODO: we need to get atim_window from upper stack
2331                  * for now we set to 0 */
2332                 priv->rxon_timing.atim_window = 0;
2333         }
2334
2335         interval_tm_unit =
2336                 (le16_to_cpu(priv->rxon_timing.beacon_interval) * 1024);
2337         result = do_div(tsf, interval_tm_unit);
2338         priv->rxon_timing.beacon_init_val =
2339             cpu_to_le32((u32) ((u64) interval_tm_unit - result));
2340
2341         IWL_DEBUG_ASSOC
2342             ("beacon interval %d beacon timer %d beacon tim %d\n",
2343                 le16_to_cpu(priv->rxon_timing.beacon_interval),
2344                 le32_to_cpu(priv->rxon_timing.beacon_init_val),
2345                 le16_to_cpu(priv->rxon_timing.atim_window));
2346 }
2347
2348 static int iwl3945_scan_initiate(struct iwl3945_priv *priv)
2349 {
2350         if (priv->iw_mode == IEEE80211_IF_TYPE_AP) {
2351                 IWL_ERROR("APs don't scan.\n");
2352                 return 0;
2353         }
2354
2355         if (!iwl3945_is_ready_rf(priv)) {
2356                 IWL_DEBUG_SCAN("Aborting scan due to not ready.\n");
2357                 return -EIO;
2358         }
2359
2360         if (test_bit(STATUS_SCANNING, &priv->status)) {
2361                 IWL_DEBUG_SCAN("Scan already in progress.\n");
2362                 return -EAGAIN;
2363         }
2364
2365         if (test_bit(STATUS_SCAN_ABORTING, &priv->status)) {
2366                 IWL_DEBUG_SCAN("Scan request while abort pending.  "
2367                                "Queuing.\n");
2368                 return -EAGAIN;
2369         }
2370
2371         IWL_DEBUG_INFO("Starting scan...\n");
2372         priv->scan_bands = 2;
2373         set_bit(STATUS_SCANNING, &priv->status);
2374         priv->scan_start = jiffies;
2375         priv->scan_pass_start = priv->scan_start;
2376
2377         queue_work(priv->workqueue, &priv->request_scan);
2378
2379         return 0;
2380 }
2381
2382 static int iwl3945_set_rxon_hwcrypto(struct iwl3945_priv *priv, int hw_decrypt)
2383 {
2384         struct iwl3945_rxon_cmd *rxon = &priv->staging_rxon;
2385
2386         if (hw_decrypt)
2387                 rxon->filter_flags &= ~RXON_FILTER_DIS_DECRYPT_MSK;
2388         else
2389                 rxon->filter_flags |= RXON_FILTER_DIS_DECRYPT_MSK;
2390
2391         return 0;
2392 }
2393
2394 static void iwl3945_set_flags_for_phymode(struct iwl3945_priv *priv, u8 phymode)
2395 {
2396         if (phymode == MODE_IEEE80211A) {
2397                 priv->staging_rxon.flags &=
2398                     ~(RXON_FLG_BAND_24G_MSK | RXON_FLG_AUTO_DETECT_MSK
2399                       | RXON_FLG_CCK_MSK);
2400                 priv->staging_rxon.flags |= RXON_FLG_SHORT_SLOT_MSK;
2401         } else {
2402                 /* Copied from iwl3945_bg_post_associate() */
2403                 if (priv->assoc_capability & WLAN_CAPABILITY_SHORT_SLOT_TIME)
2404                         priv->staging_rxon.flags |= RXON_FLG_SHORT_SLOT_MSK;
2405                 else
2406                         priv->staging_rxon.flags &= ~RXON_FLG_SHORT_SLOT_MSK;
2407
2408                 if (priv->iw_mode == IEEE80211_IF_TYPE_IBSS)
2409                         priv->staging_rxon.flags &= ~RXON_FLG_SHORT_SLOT_MSK;
2410
2411                 priv->staging_rxon.flags |= RXON_FLG_BAND_24G_MSK;
2412                 priv->staging_rxon.flags |= RXON_FLG_AUTO_DETECT_MSK;
2413                 priv->staging_rxon.flags &= ~RXON_FLG_CCK_MSK;
2414         }
2415 }
2416
2417 /*
2418  * initialize rxon structure with default values from eeprom
2419  */
2420 static void iwl3945_connection_init_rx_config(struct iwl3945_priv *priv)
2421 {
2422         const struct iwl3945_channel_info *ch_info;
2423
2424         memset(&priv->staging_rxon, 0, sizeof(priv->staging_rxon));
2425
2426         switch (priv->iw_mode) {
2427         case IEEE80211_IF_TYPE_AP:
2428                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_AP;
2429                 break;
2430
2431         case IEEE80211_IF_TYPE_STA:
2432                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_ESS;
2433                 priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK;
2434                 break;
2435
2436         case IEEE80211_IF_TYPE_IBSS:
2437                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_IBSS;
2438                 priv->staging_rxon.flags = RXON_FLG_SHORT_PREAMBLE_MSK;
2439                 priv->staging_rxon.filter_flags = RXON_FILTER_BCON_AWARE_MSK |
2440                                                   RXON_FILTER_ACCEPT_GRP_MSK;
2441                 break;
2442
2443         case IEEE80211_IF_TYPE_MNTR:
2444                 priv->staging_rxon.dev_type = RXON_DEV_TYPE_SNIFFER;
2445                 priv->staging_rxon.filter_flags = RXON_FILTER_PROMISC_MSK |
2446                     RXON_FILTER_CTL2HOST_MSK | RXON_FILTER_ACCEPT_GRP_MSK;
2447                 break;
2448         }
2449
2450 #if 0
2451         /* TODO:  Figure out when short_preamble would be set and cache from
2452          * that */
2453         if (!hw_to_local(priv->hw)->short_preamble)
2454                 priv->staging_rxon.flags &= ~RXON_FLG_SHORT_PREAMBLE_MSK;
2455         else
2456                 priv->staging_rxon.flags |= RXON_FLG_SHORT_PREAMBLE_MSK;
2457 #endif
2458
2459         ch_info = iwl3945_get_channel_info(priv, priv->phymode,
2460                                        le16_to_cpu(priv->staging_rxon.channel));
2461
2462         if (!ch_info)
2463                 ch_info = &priv->channel_info[0];
2464
2465         /*
2466          * in some case A channels are all non IBSS
2467          * in this case force B/G channel
2468          */
2469         if ((priv->iw_mode == IEEE80211_IF_TYPE_IBSS) &&
2470             !(is_channel_ibss(ch_info)))
2471                 ch_info = &priv->channel_info[0];
2472
2473         priv->staging_rxon.channel = cpu_to_le16(ch_info->channel);
2474         if (is_channel_a_band(ch_info))
2475                 priv->phymode = MODE_IEEE80211A;
2476         else
2477                 priv->phymode = MODE_IEEE80211G;
2478
2479         iwl3945_set_flags_for_phymode(priv, priv->phymode);
2480
2481         priv->staging_rxon.ofdm_basic_rates =
2482             (IWL_OFDM_RATES_MASK >> IWL_FIRST_OFDM_RATE) & 0xFF;
2483         priv->staging_rxon.cck_basic_rates =
2484             (IWL_CCK_RATES_MASK >> IWL_FIRST_CCK_RATE) & 0xF;
2485 }
2486
2487 static int iwl3945_set_mode(struct iwl3945_priv *priv, int mode)
2488 {
2489         if (!iwl3945_is_ready_rf(priv))
2490                 return -EAGAIN;
2491
2492         if (mode == IEEE80211_IF_TYPE_IBSS) {
2493                 const struct iwl3945_channel_info *ch_info;
2494
2495                 ch_info = iwl3945_get_channel_info(priv,
2496                         priv->phymode,
2497                         le16_to_cpu(priv->staging_rxon.channel));
2498
2499                 if (!ch_info || !is_channel_ibss(ch_info)) {
2500                         IWL_ERROR("channel %d not IBSS channel\n",
2501                                   le16_to_cpu(priv->staging_rxon.channel));
2502                         return -EINVAL;
2503                 }
2504         }
2505
2506         cancel_delayed_work(&priv->scan_check);
2507         if (iwl3945_scan_cancel_timeout(priv, 100)) {
2508                 IWL_WARNING("Aborted scan still in progress after 100ms\n");
2509                 IWL_DEBUG_MAC80211("leaving - scan abort failed.\n");
2510                 return -EAGAIN;
2511         }
2512
2513         priv->iw_mode = mode;
2514
2515         iwl3945_connection_init_rx_config(priv);
2516         memcpy(priv->staging_rxon.node_addr, priv->mac_addr, ETH_ALEN);
2517
2518         iwl3945_clear_stations_table(priv);
2519
2520         iwl3945_commit_rxon(priv);
2521
2522         return 0;
2523 }
2524
2525 static void iwl3945_build_tx_cmd_hwcrypto(struct iwl3945_priv *priv,
2526                                       struct ieee80211_tx_control *ctl,
2527                                       struct iwl3945_cmd *cmd,
2528                                       struct sk_buff *skb_frag,
2529                                       int last_frag)
2530 {
2531         struct iwl3945_hw_key *keyinfo = &priv->stations[ctl->key_idx].keyinfo;
2532
2533         switch (keyinfo->alg) {
2534         case ALG_CCMP:
2535                 cmd->cmd.tx.sec_ctl = TX_CMD_SEC_CCM;
2536                 memcpy(cmd->cmd.tx.key, keyinfo->key, keyinfo->keylen);
2537                 IWL_DEBUG_TX("tx_cmd with aes hwcrypto\n");
2538                 break;
2539
2540         case ALG_TKIP:
2541 #if 0
2542                 cmd->cmd.tx.sec_ctl = TX_CMD_SEC_TKIP;
2543
2544                 if (last_frag)
2545                         memcpy(cmd->cmd.tx.tkip_mic.byte, skb_frag->tail - 8,
2546                                8);
2547                 else
2548                         memset(cmd->cmd.tx.tkip_mic.byte, 0, 8);
2549 #endif
2550                 break;
2551
2552         case ALG_WEP:
2553                 cmd->cmd.tx.sec_ctl = TX_CMD_SEC_WEP |
2554                     (ctl->key_idx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT;
2555
2556                 if (keyinfo->keylen == 13)
2557                         cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
2558
2559                 memcpy(&cmd->cmd.tx.key[3], keyinfo->key, keyinfo->keylen);
2560
2561                 IWL_DEBUG_TX("Configuring packet for WEP encryption "
2562                              "with key %d\n", ctl->key_idx);
2563                 break;
2564
2565         default:
2566                 printk(KERN_ERR "Unknown encode alg %d\n", keyinfo->alg);
2567                 break;
2568         }
2569 }
2570
2571 /*
2572  * handle build REPLY_TX command notification.
2573  */
2574 static void iwl3945_build_tx_cmd_basic(struct iwl3945_priv *priv,
2575                                   struct iwl3945_cmd *cmd,
2576                                   struct ieee80211_tx_control *ctrl,
2577                                   struct ieee80211_hdr *hdr,
2578                                   int is_unicast, u8 std_id)
2579 {
2580         __le16 *qc;
2581         u16 fc = le16_to_cpu(hdr->frame_control);
2582         __le32 tx_flags = cmd->cmd.tx.tx_flags;
2583
2584         cmd->cmd.tx.stop_time.life_time = TX_CMD_LIFE_TIME_INFINITE;
2585         if (!(ctrl->flags & IEEE80211_TXCTL_NO_ACK)) {
2586                 tx_flags |= TX_CMD_FLG_ACK_MSK;
2587                 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
2588                         tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
2589                 if (ieee80211_is_probe_response(fc) &&
2590                     !(le16_to_cpu(hdr->seq_ctrl) & 0xf))
2591                         tx_flags |= TX_CMD_FLG_TSF_MSK;
2592         } else {
2593                 tx_flags &= (~TX_CMD_FLG_ACK_MSK);
2594                 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
2595         }
2596
2597         cmd->cmd.tx.sta_id = std_id;
2598         if (ieee80211_get_morefrag(hdr))
2599                 tx_flags |= TX_CMD_FLG_MORE_FRAG_MSK;
2600
2601         qc = ieee80211_get_qos_ctrl(hdr);
2602         if (qc) {
2603                 cmd->cmd.tx.tid_tspec = (u8) (le16_to_cpu(*qc) & 0xf);
2604                 tx_flags &= ~TX_CMD_FLG_SEQ_CTL_MSK;
2605         } else
2606                 tx_flags |= TX_CMD_FLG_SEQ_CTL_MSK;
2607
2608         if (ctrl->flags & IEEE80211_TXCTL_USE_RTS_CTS) {
2609                 tx_flags |= TX_CMD_FLG_RTS_MSK;
2610                 tx_flags &= ~TX_CMD_FLG_CTS_MSK;
2611         } else if (ctrl->flags & IEEE80211_TXCTL_USE_CTS_PROTECT) {
2612                 tx_flags &= ~TX_CMD_FLG_RTS_MSK;
2613                 tx_flags |= TX_CMD_FLG_CTS_MSK;
2614         }
2615
2616         if ((tx_flags & TX_CMD_FLG_RTS_MSK) || (tx_flags & TX_CMD_FLG_CTS_MSK))
2617                 tx_flags |= TX_CMD_FLG_FULL_TXOP_PROT_MSK;
2618
2619         tx_flags &= ~(TX_CMD_FLG_ANT_SEL_MSK);
2620         if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT) {
2621                 if ((fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_ASSOC_REQ ||
2622                     (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_REASSOC_REQ)
2623                         cmd->cmd.tx.timeout.pm_frame_timeout = cpu_to_le16(3);
2624                 else
2625                         cmd->cmd.tx.timeout.pm_frame_timeout = cpu_to_le16(2);
2626         } else
2627                 cmd->cmd.tx.timeout.pm_frame_timeout = 0;
2628
2629         cmd->cmd.tx.driver_txop = 0;
2630         cmd->cmd.tx.tx_flags = tx_flags;
2631         cmd->cmd.tx.next_frame_len = 0;
2632 }
2633
2634 static int iwl3945_get_sta_id(struct iwl3945_priv *priv, struct ieee80211_hdr *hdr)
2635 {
2636         int sta_id;
2637         u16 fc = le16_to_cpu(hdr->frame_control);
2638
2639         /* If this frame is broadcast or not data then use the broadcast
2640          * station id */
2641         if (((fc & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_DATA) ||
2642             is_multicast_ether_addr(hdr->addr1))
2643                 return priv->hw_setting.bcast_sta_id;
2644
2645         switch (priv->iw_mode) {
2646
2647         /* If this frame is part of a BSS network (we're a station), then
2648          * we use the AP's station id */
2649         case IEEE80211_IF_TYPE_STA:
2650                 return IWL_AP_ID;
2651
2652         /* If we are an AP, then find the station, or use BCAST */
2653         case IEEE80211_IF_TYPE_AP:
2654                 sta_id = iwl3945_hw_find_station(priv, hdr->addr1);
2655                 if (sta_id != IWL_INVALID_STATION)
2656                         return sta_id;
2657                 return priv->hw_setting.bcast_sta_id;
2658
2659         /* If this frame is part of a IBSS network, then we use the
2660          * target specific station id */
2661         case IEEE80211_IF_TYPE_IBSS: {
2662                 DECLARE_MAC_BUF(mac);
2663
2664                 sta_id = iwl3945_hw_find_station(priv, hdr->addr1);
2665                 if (sta_id != IWL_INVALID_STATION)
2666                         return sta_id;
2667
2668                 sta_id = iwl3945_add_station(priv, hdr->addr1, 0, CMD_ASYNC);
2669
2670                 if (sta_id != IWL_INVALID_STATION)
2671                         return sta_id;
2672
2673                 IWL_DEBUG_DROP("Station %s not in station map. "
2674                                "Defaulting to broadcast...\n",
2675                                print_mac(mac, hdr->addr1));
2676                 iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
2677                 return priv->hw_setting.bcast_sta_id;
2678         }
2679         default:
2680                 IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
2681                 return priv->hw_setting.bcast_sta_id;
2682         }
2683 }
2684
2685 /*
2686  * start REPLY_TX command process
2687  */
2688 static int iwl3945_tx_skb(struct iwl3945_priv *priv,
2689                       struct sk_buff *skb, struct ieee80211_tx_control *ctl)
2690 {
2691         struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
2692         struct iwl3945_tfd_frame *tfd;
2693         u32 *control_flags;
2694         int txq_id = ctl->queue;
2695         struct iwl3945_tx_queue *txq = NULL;
2696         struct iwl3945_queue *q = NULL;
2697         dma_addr_t phys_addr;
2698         dma_addr_t txcmd_phys;
2699         struct iwl3945_cmd *out_cmd = NULL;
2700         u16 len, idx, len_org;
2701         u8 id, hdr_len, unicast;
2702         u8 sta_id;
2703         u16 seq_number = 0;
2704         u16 fc;
2705         __le16 *qc;
2706         u8 wait_write_ptr = 0;
2707         unsigned long flags;
2708         int rc;
2709
2710         spin_lock_irqsave(&priv->lock, flags);
2711         if (iwl3945_is_rfkill(priv)) {
2712                 IWL_DEBUG_DROP("Dropping - RF KILL\n");
2713                 goto drop_unlock;
2714         }
2715
2716         if (!priv->interface_id) {
2717                 IWL_DEBUG_DROP("Dropping - !priv->interface_id\n");
2718                 goto drop_unlock;
2719         }
2720
2721         if ((ctl->tx_rate & 0xFF) == IWL_INVALID_RATE) {
2722                 IWL_ERROR("ERROR: No TX rate available.\n");
2723                 goto drop_unlock;
2724         }
2725
2726         unicast = !is_multicast_ether_addr(hdr->addr1);
2727         id = 0;
2728
2729         fc = le16_to_cpu(hdr->frame_control);
2730
2731 #ifdef CONFIG_IWL3945_DEBUG
2732         if (ieee80211_is_auth(fc))
2733                 IWL_DEBUG_TX("Sending AUTH frame\n");
2734         else if (ieee80211_is_assoc_request(fc))
2735                 IWL_DEBUG_TX("Sending ASSOC frame\n");
2736         else if (ieee80211_is_reassoc_request(fc))
2737                 IWL_DEBUG_TX("Sending REASSOC frame\n");
2738 #endif
2739
2740         if (!iwl3945_is_associated(priv) &&
2741             ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
2742                 IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
2743                 goto drop_unlock;
2744         }
2745
2746         spin_unlock_irqrestore(&priv->lock, flags);
2747
2748         hdr_len = ieee80211_get_hdrlen(fc);
2749         sta_id = iwl3945_get_sta_id(priv, hdr);
2750         if (sta_id == IWL_INVALID_STATION) {
2751                 DECLARE_MAC_BUF(mac);
2752
2753                 IWL_DEBUG_DROP("Dropping - INVALID STATION: %s\n",
2754                                print_mac(mac, hdr->addr1));
2755                 goto drop;
2756         }
2757
2758         IWL_DEBUG_RATE("station Id %d\n", sta_id);
2759
2760         qc = ieee80211_get_qos_ctrl(hdr);
2761         if (qc) {
2762                 u8 tid = (u8)(le16_to_cpu(*qc) & 0xf);
2763                 seq_number = priv->stations[sta_id].tid[tid].seq_number &
2764                                 IEEE80211_SCTL_SEQ;
2765                 hdr->seq_ctrl = cpu_to_le16(seq_number) |
2766                         (hdr->seq_ctrl &
2767                                 __constant_cpu_to_le16(IEEE80211_SCTL_FRAG));
2768                 seq_number += 0x10;
2769         }
2770         txq = &priv->txq[txq_id];
2771         q = &txq->q;
2772
2773         spin_lock_irqsave(&priv->lock, flags);
2774
2775         tfd = &txq->bd[q->write_ptr];
2776         memset(tfd, 0, sizeof(*tfd));
2777         control_flags = (u32 *) tfd;
2778         idx = get_cmd_index(q, q->write_ptr, 0);
2779
2780         memset(&(txq->txb[q->write_ptr]), 0, sizeof(struct iwl3945_tx_info));
2781         txq->txb[q->write_ptr].skb[0] = skb;
2782         memcpy(&(txq->txb[q->write_ptr].status.control),
2783                ctl, sizeof(struct ieee80211_tx_control));
2784         out_cmd = &txq->cmd[idx];
2785         memset(&out_cmd->hdr, 0, sizeof(out_cmd->hdr));
2786         memset(&out_cmd->cmd.tx, 0, sizeof(out_cmd->cmd.tx));
2787         out_cmd->hdr.cmd = REPLY_TX;
2788         out_cmd->hdr.sequence = cpu_to_le16((u16)(QUEUE_TO_SEQ(txq_id) |
2789                                 INDEX_TO_SEQ(q->write_ptr)));
2790         /* copy frags header */
2791         memcpy(out_cmd->cmd.tx.hdr, hdr, hdr_len);
2792
2793         /* hdr = (struct ieee80211_hdr *)out_cmd->cmd.tx.hdr; */
2794         len = priv->hw_setting.tx_cmd_len +
2795                 sizeof(struct iwl3945_cmd_header) + hdr_len;
2796
2797         len_org = len;
2798         len = (len + 3) & ~3;
2799
2800         if (len_org != len)
2801                 len_org = 1;
2802         else
2803                 len_org = 0;
2804
2805         txcmd_phys = txq->dma_addr_cmd + sizeof(struct iwl3945_cmd) * idx +
2806                      offsetof(struct iwl3945_cmd, hdr);
2807
2808         iwl3945_hw_txq_attach_buf_to_tfd(priv, tfd, txcmd_phys, len);
2809
2810         if (!(ctl->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT))
2811                 iwl3945_build_tx_cmd_hwcrypto(priv, ctl, out_cmd, skb, 0);
2812
2813         /* 802.11 null functions have no payload... */
2814         len = skb->len - hdr_len;
2815         if (len) {
2816                 phys_addr = pci_map_single(priv->pci_dev, skb->data + hdr_len,
2817                                            len, PCI_DMA_TODEVICE);
2818                 iwl3945_hw_txq_attach_buf_to_tfd(priv, tfd, phys_addr, len);
2819         }
2820
2821         /* If there is no payload, then only one TFD is used */
2822         if (!len)
2823                 *control_flags = TFD_CTL_COUNT_SET(1);
2824         else
2825                 *control_flags = TFD_CTL_COUNT_SET(2) |
2826                         TFD_CTL_PAD_SET(U32_PAD(len));
2827
2828         len = (u16)skb->len;
2829         out_cmd->cmd.tx.len = cpu_to_le16(len);
2830
2831         /* TODO need this for burst mode later on */
2832         iwl3945_build_tx_cmd_basic(priv, out_cmd, ctl, hdr, unicast, sta_id);
2833
2834         /* set is_hcca to 0; it probably will never be implemented */
2835         iwl3945_hw_build_tx_cmd_rate(priv, out_cmd, ctl, hdr, sta_id, 0);
2836
2837         out_cmd->cmd.tx.tx_flags &= ~TX_CMD_FLG_ANT_A_MSK;
2838         out_cmd->cmd.tx.tx_flags &= ~TX_CMD_FLG_ANT_B_MSK;
2839
2840         if (!ieee80211_get_morefrag(hdr)) {
2841                 txq->need_update = 1;
2842                 if (qc) {
2843                         u8 tid = (u8)(le16_to_cpu(*qc) & 0xf);
2844                         priv->stations[sta_id].tid[tid].seq_number = seq_number;
2845                 }
2846         } else {
2847                 wait_write_ptr = 1;
2848                 txq->need_update = 0;
2849         }
2850
2851         iwl3945_print_hex_dump(IWL_DL_TX, out_cmd->cmd.payload,
2852                            sizeof(out_cmd->cmd.tx));
2853
2854         iwl3945_print_hex_dump(IWL_DL_TX, (u8 *)out_cmd->cmd.tx.hdr,
2855                            ieee80211_get_hdrlen(fc));
2856
2857         q->write_ptr = iwl3945_queue_inc_wrap(q->write_ptr, q->n_bd);
2858         rc = iwl3945_tx_queue_update_write_ptr(priv, txq);
2859         spin_unlock_irqrestore(&priv->lock, flags);
2860
2861         if (rc)
2862                 return rc;
2863
2864         if ((iwl3945_queue_space(q) < q->high_mark)
2865             && priv->mac80211_registered) {
2866                 if (wait_write_ptr) {
2867                         spin_lock_irqsave(&priv->lock, flags);
2868                         txq->need_update = 1;
2869                         iwl3945_tx_queue_update_write_ptr(priv, txq);
2870                         spin_unlock_irqrestore(&priv->lock, flags);
2871                 }
2872
2873                 ieee80211_stop_queue(priv->hw, ctl->queue);
2874         }
2875
2876         return 0;
2877
2878 drop_unlock:
2879         spin_unlock_irqrestore(&priv->lock, flags);
2880 drop:
2881         return -1;
2882 }
2883
2884 static void iwl3945_set_rate(struct iwl3945_priv *priv)
2885 {
2886         const struct ieee80211_hw_mode *hw = NULL;
2887         struct ieee80211_rate *rate;
2888         int i;
2889
2890         hw = iwl3945_get_hw_mode(priv, priv->phymode);
2891         if (!hw) {
2892                 IWL_ERROR("Failed to set rate: unable to get hw mode\n");
2893                 return;
2894         }
2895
2896         priv->active_rate = 0;
2897         priv->active_rate_basic = 0;
2898
2899         IWL_DEBUG_RATE("Setting rates for 802.11%c\n",
2900                        hw->mode == MODE_IEEE80211A ?
2901                        'a' : ((hw->mode == MODE_IEEE80211B) ? 'b' : 'g'));
2902
2903         for (i = 0; i < hw->num_rates; i++) {
2904                 rate = &(hw->rates[i]);
2905                 if ((rate->val < IWL_RATE_COUNT) &&
2906                     (rate->flags & IEEE80211_RATE_SUPPORTED)) {
2907                         IWL_DEBUG_RATE("Adding rate index %d (plcp %d)%s\n",
2908                                        rate->val, iwl3945_rates[rate->val].plcp,
2909                                        (rate->flags & IEEE80211_RATE_BASIC) ?
2910                                        "*" : "");
2911                         priv->active_rate |= (1 << rate->val);
2912                         if (rate->flags & IEEE80211_RATE_BASIC)
2913                                 priv->active_rate_basic |= (1 << rate->val);
2914                 } else
2915                         IWL_DEBUG_RATE("Not adding rate %d (plcp %d)\n",
2916                                        rate->val, iwl3945_rates[rate->val].plcp);
2917         }
2918
2919         IWL_DEBUG_RATE("Set active_rate = %0x, active_rate_basic = %0x\n",
2920                        priv->active_rate, priv->active_rate_basic);
2921
2922         /*
2923          * If a basic rate is configured, then use it (adding IWL_RATE_1M_MASK)
2924          * otherwise set it to the default of all CCK rates and 6, 12, 24 for
2925          * OFDM
2926          */
2927         if (priv->active_rate_basic & IWL_CCK_BASIC_RATES_MASK)
2928                 priv->staging_rxon.cck_basic_rates =
2929                     ((priv->active_rate_basic &
2930                       IWL_CCK_RATES_MASK) >> IWL_FIRST_CCK_RATE) & 0xF;
2931         else
2932                 priv->staging_rxon.cck_basic_rates =
2933                     (IWL_CCK_BASIC_RATES_MASK >> IWL_FIRST_CCK_RATE) & 0xF;
2934
2935         if (priv->active_rate_basic & IWL_OFDM_BASIC_RATES_MASK)
2936                 priv->staging_rxon.ofdm_basic_rates =
2937                     ((priv->active_rate_basic &
2938                       (IWL_OFDM_BASIC_RATES_MASK | IWL_RATE_6M_MASK)) >>
2939                       IWL_FIRST_OFDM_RATE) & 0xFF;
2940         else
2941                 priv->staging_rxon.ofdm_basic_rates =
2942                    (IWL_OFDM_BASIC_RATES_MASK >> IWL_FIRST_OFDM_RATE) & 0xFF;
2943 }
2944
2945 static void iwl3945_radio_kill_sw(struct iwl3945_priv *priv, int disable_radio)
2946 {
2947         unsigned long flags;
2948
2949         if (!!disable_radio == test_bit(STATUS_RF_KILL_SW, &priv->status))
2950                 return;
2951
2952         IWL_DEBUG_RF_KILL("Manual SW RF KILL set to: RADIO %s\n",
2953                           disable_radio ? "OFF" : "ON");
2954
2955         if (disable_radio) {
2956                 iwl3945_scan_cancel(priv);
2957                 /* FIXME: This is a workaround for AP */
2958                 if (priv->iw_mode != IEEE80211_IF_TYPE_AP) {
2959                         spin_lock_irqsave(&priv->lock, flags);
2960                         iwl3945_write32(priv, CSR_UCODE_DRV_GP1_SET,
2961                                     CSR_UCODE_SW_BIT_RFKILL);
2962                         spin_unlock_irqrestore(&priv->lock, flags);
2963                         iwl3945_send_card_state(priv, CARD_STATE_CMD_DISABLE, 0);
2964                         set_bit(STATUS_RF_KILL_SW, &priv->status);
2965                 }
2966                 return;
2967         }
2968
2969         spin_lock_irqsave(&priv->lock, flags);
2970         iwl3945_write32(priv, CSR_UCODE_DRV_GP1_CLR, CSR_UCODE_SW_BIT_RFKILL);
2971
2972         clear_bit(STATUS_RF_KILL_SW, &priv->status);
2973         spin_unlock_irqrestore(&priv->lock, flags);
2974
2975         /* wake up ucode */
2976         msleep(10);
2977
2978         spin_lock_irqsave(&priv->lock, flags);
2979         iwl3945_read32(priv, CSR_UCODE_DRV_GP1);
2980         if (!iwl3945_grab_nic_access(priv))
2981                 iwl3945_release_nic_access(priv);
2982         spin_unlock_irqrestore(&priv->lock, flags);
2983
2984         if (test_bit(STATUS_RF_KILL_HW, &priv->status)) {
2985                 IWL_DEBUG_RF_KILL("Can not turn radio back on - "
2986                                   "disabled by HW switch\n");
2987                 return;
2988         }
2989
2990         queue_work(priv->workqueue, &priv->restart);
2991         return;
2992 }
2993
2994 void iwl3945_set_decrypted_flag(struct iwl3945_priv *priv, struct sk_buff *skb,
2995                             u32 decrypt_res, struct ieee80211_rx_status *stats)
2996 {
2997         u16 fc =
2998             le16_to_cpu(((struct ieee80211_hdr *)skb->data)->frame_control);
2999
3000         if (priv->active_rxon.filter_flags & RXON_FILTER_DIS_DECRYPT_MSK)
3001                 return;
3002
3003         if (!(fc & IEEE80211_FCTL_PROTECTED))
3004                 return;
3005
3006         IWL_DEBUG_RX("decrypt_res:0x%x\n", decrypt_res);
3007         switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) {
3008         case RX_RES_STATUS_SEC_TYPE_TKIP:
3009                 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
3010                     RX_RES_STATUS_BAD_ICV_MIC)
3011                         stats->flag |= RX_FLAG_MMIC_ERROR;
3012         case RX_RES_STATUS_SEC_TYPE_WEP:
3013         case RX_RES_STATUS_SEC_TYPE_CCMP:
3014                 if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) ==
3015                     RX_RES_STATUS_DECRYPT_OK) {
3016                         IWL_DEBUG_RX("hw decrypt successfully!!!\n");
3017                         stats->flag |= RX_FLAG_DECRYPTED;
3018                 }
3019                 break;
3020
3021         default:
3022                 break;
3023         }
3024 }
3025
3026 void iwl3945_handle_data_packet_monitor(struct iwl3945_priv *priv,
3027                                     struct iwl3945_rx_mem_buffer *rxb,
3028                                     void *data, short len,
3029                                     struct ieee80211_rx_status *stats,
3030                                     u16 phy_flags)
3031 {
3032         struct iwl3945_rt_rx_hdr *iwl3945_rt;
3033
3034         /* First cache any information we need before we overwrite
3035          * the information provided in the skb from the hardware */
3036         s8 signal = stats->ssi;
3037         s8 noise = 0;
3038         int rate = stats->rate;
3039         u64 tsf = stats->mactime;
3040         __le16 phy_flags_hw = cpu_to_le16(phy_flags);
3041
3042         /* We received data from the HW, so stop the watchdog */
3043         if (len > IWL_RX_BUF_SIZE - sizeof(*iwl3945_rt)) {
3044                 IWL_DEBUG_DROP("Dropping too large packet in monitor\n");
3045                 return;
3046         }
3047
3048         /* copy the frame data to write after where the radiotap header goes */
3049         iwl3945_rt = (void *)rxb->skb->data;
3050         memmove(iwl3945_rt->payload, data, len);
3051
3052         iwl3945_rt->rt_hdr.it_version = PKTHDR_RADIOTAP_VERSION;
3053         iwl3945_rt->rt_hdr.it_pad = 0; /* always good to zero */
3054
3055         /* total header + data */
3056         iwl3945_rt->rt_hdr.it_len = cpu_to_le16(sizeof(*iwl3945_rt));
3057
3058         /* Set the size of the skb to the size of the frame */
3059         skb_put(rxb->skb, sizeof(*iwl3945_rt) + len);
3060
3061         /* Big bitfield of all the fields we provide in radiotap */
3062         iwl3945_rt->rt_hdr.it_present =
3063             cpu_to_le32((1 << IEEE80211_RADIOTAP_TSFT) |
3064                         (1 << IEEE80211_RADIOTAP_FLAGS) |
3065                         (1 << IEEE80211_RADIOTAP_RATE) |
3066                         (1 << IEEE80211_RADIOTAP_CHANNEL) |
3067                         (1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL) |
3068                         (1 << IEEE80211_RADIOTAP_DBM_ANTNOISE) |
3069                         (1 << IEEE80211_RADIOTAP_ANTENNA));
3070
3071         /* Zero the flags, we'll add to them as we go */
3072         iwl3945_rt->rt_flags = 0;
3073
3074         iwl3945_rt->rt_tsf = cpu_to_le64(tsf);
3075
3076         /* Convert to dBm */
3077         iwl3945_rt->rt_dbmsignal = signal;
3078         iwl3945_rt->rt_dbmnoise = noise;
3079
3080         /* Convert the channel frequency and set the flags */
3081         iwl3945_rt->rt_channelMHz = cpu_to_le16(stats->freq);
3082         if (!(phy_flags_hw & RX_RES_PHY_FLAGS_BAND_24_MSK))
3083                 iwl3945_rt->rt_chbitmask =
3084                     cpu_to_le16((IEEE80211_CHAN_OFDM | IEEE80211_CHAN_5GHZ));
3085         else if (phy_flags_hw & RX_RES_PHY_FLAGS_MOD_CCK_MSK)
3086                 iwl3945_rt->rt_chbitmask =
3087                     cpu_to_le16((IEEE80211_CHAN_CCK | IEEE80211_CHAN_2GHZ));
3088         else    /* 802.11g */
3089                 iwl3945_rt->rt_chbitmask =
3090                     cpu_to_le16((IEEE80211_CHAN_OFDM | IEEE80211_CHAN_2GHZ));
3091
3092         rate = iwl3945_rate_index_from_plcp(rate);
3093         if (rate == -1)
3094                 iwl3945_rt->rt_rate = 0;
3095         else
3096                 iwl3945_rt->rt_rate = iwl3945_rates[rate].ieee;
3097
3098         /* antenna number */
3099         iwl3945_rt->rt_antenna =
3100                 le16_to_cpu(phy_flags_hw & RX_RES_PHY_FLAGS_ANTENNA_MSK) >> 4;
3101
3102         /* set the preamble flag if we have it */
3103         if (phy_flags_hw & RX_RES_PHY_FLAGS_SHORT_PREAMBLE_MSK)
3104                 iwl3945_rt->rt_flags |= IEEE80211_RADIOTAP_F_SHORTPRE;
3105
3106         IWL_DEBUG_RX("Rx packet of %d bytes.\n", rxb->skb->len);
3107
3108         stats->flag |= RX_FLAG_RADIOTAP;
3109         ieee80211_rx_irqsafe(priv->hw, rxb->skb, stats);
3110         rxb->skb = NULL;
3111 }
3112
3113
3114 #define IWL_PACKET_RETRY_TIME HZ
3115
3116 int iwl3945_is_duplicate_packet(struct iwl3945_priv *priv, struct ieee80211_hdr *header)
3117 {
3118         u16 sc = le16_to_cpu(header->seq_ctrl);
3119         u16 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
3120         u16 frag = sc & IEEE80211_SCTL_FRAG;
3121         u16 *last_seq, *last_frag;
3122         unsigned long *last_time;
3123
3124         switch (priv->iw_mode) {
3125         case IEEE80211_IF_TYPE_IBSS:{
3126                 struct list_head *p;
3127                 struct iwl3945_ibss_seq *entry = NULL;
3128                 u8 *mac = header->addr2;
3129                 int index = mac[5] & (IWL_IBSS_MAC_HASH_SIZE - 1);
3130
3131                 __list_