cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

airo.c (222840B)


      1/*======================================================================
      2
      3    Aironet driver for 4500 and 4800 series cards
      4
      5    This code is released under both the GPL version 2 and BSD licenses.
      6    Either license may be used.  The respective licenses are found at
      7    the end of this file.
      8
      9    This code was developed by Benjamin Reed <breed@users.sourceforge.net>
     10    including portions of which come from the Aironet PC4500
     11    Developer's Reference Manual and used with permission.  Copyright
     12    (C) 1999 Benjamin Reed.  All Rights Reserved.  Permission to use
     13    code in the Developer's manual was granted for this driver by
     14    Aironet.  Major code contributions were received from Javier Achirica
     15    <achirica@users.sourceforge.net> and Jean Tourrilhes <jt@hpl.hp.com>.
     16    Code was also integrated from the Cisco Aironet driver for Linux.
     17    Support for MPI350 cards was added by Fabrice Bellet
     18    <fabrice@bellet.info>.
     19
     20======================================================================*/
     21
     22#include <linux/err.h>
     23#include <linux/init.h>
     24
     25#include <linux/kernel.h>
     26#include <linux/module.h>
     27#include <linux/proc_fs.h>
     28
     29#include <linux/sched.h>
     30#include <linux/ptrace.h>
     31#include <linux/slab.h>
     32#include <linux/string.h>
     33#include <linux/timer.h>
     34#include <linux/interrupt.h>
     35#include <linux/in.h>
     36#include <linux/bitops.h>
     37#include <linux/scatterlist.h>
     38#include <linux/crypto.h>
     39#include <linux/io.h>
     40#include <asm/unaligned.h>
     41
     42#include <linux/netdevice.h>
     43#include <linux/etherdevice.h>
     44#include <linux/skbuff.h>
     45#include <linux/if_arp.h>
     46#include <linux/ioport.h>
     47#include <linux/pci.h>
     48#include <linux/uaccess.h>
     49#include <linux/kthread.h>
     50#include <linux/freezer.h>
     51
     52#include <crypto/aes.h>
     53#include <crypto/skcipher.h>
     54
     55#include <net/cfg80211.h>
     56#include <net/iw_handler.h>
     57
     58#include "airo.h"
     59
     60#define DRV_NAME "airo"
     61
     62#ifdef CONFIG_PCI
     63static const struct pci_device_id card_ids[] = {
     64	{ 0x14b9, 1, PCI_ANY_ID, PCI_ANY_ID, },
     65	{ 0x14b9, 0x4500, PCI_ANY_ID, PCI_ANY_ID },
     66	{ 0x14b9, 0x4800, PCI_ANY_ID, PCI_ANY_ID, },
     67	{ 0x14b9, 0x0340, PCI_ANY_ID, PCI_ANY_ID, },
     68	{ 0x14b9, 0x0350, PCI_ANY_ID, PCI_ANY_ID, },
     69	{ 0x14b9, 0x5000, PCI_ANY_ID, PCI_ANY_ID, },
     70	{ 0x14b9, 0xa504, PCI_ANY_ID, PCI_ANY_ID, },
     71	{ 0, }
     72};
     73MODULE_DEVICE_TABLE(pci, card_ids);
     74
     75static int airo_pci_probe(struct pci_dev *, const struct pci_device_id *);
     76static void airo_pci_remove(struct pci_dev *);
     77static int __maybe_unused airo_pci_suspend(struct device *dev);
     78static int __maybe_unused airo_pci_resume(struct device *dev);
     79
     80static SIMPLE_DEV_PM_OPS(airo_pci_pm_ops,
     81			 airo_pci_suspend,
     82			 airo_pci_resume);
     83
     84static struct pci_driver airo_driver = {
     85	.name      = DRV_NAME,
     86	.id_table  = card_ids,
     87	.probe     = airo_pci_probe,
     88	.remove    = airo_pci_remove,
     89	.driver.pm = &airo_pci_pm_ops,
     90};
     91#endif /* CONFIG_PCI */
     92
     93/* Include Wireless Extension definition and check version - Jean II */
     94#include <linux/wireless.h>
     95#define WIRELESS_SPY		/* enable iwspy support */
     96
     97#define CISCO_EXT		/* enable Cisco extensions */
     98#ifdef CISCO_EXT
     99#include <linux/delay.h>
    100#endif
    101
    102/* Hack to do some power saving */
    103#define POWER_ON_DOWN
    104
    105/* As you can see this list is HUGH!
    106   I really don't know what a lot of these counts are about, but they
    107   are all here for completeness.  If the IGNLABEL macro is put in
    108   infront of the label, that statistic will not be included in the list
    109   of statistics in the /proc filesystem */
    110
    111#define IGNLABEL(comment) NULL
    112static const char *statsLabels[] = {
    113	"RxOverrun",
    114	IGNLABEL("RxPlcpCrcErr"),
    115	IGNLABEL("RxPlcpFormatErr"),
    116	IGNLABEL("RxPlcpLengthErr"),
    117	"RxMacCrcErr",
    118	"RxMacCrcOk",
    119	"RxWepErr",
    120	"RxWepOk",
    121	"RetryLong",
    122	"RetryShort",
    123	"MaxRetries",
    124	"NoAck",
    125	"NoCts",
    126	"RxAck",
    127	"RxCts",
    128	"TxAck",
    129	"TxRts",
    130	"TxCts",
    131	"TxMc",
    132	"TxBc",
    133	"TxUcFrags",
    134	"TxUcPackets",
    135	"TxBeacon",
    136	"RxBeacon",
    137	"TxSinColl",
    138	"TxMulColl",
    139	"DefersNo",
    140	"DefersProt",
    141	"DefersEngy",
    142	"DupFram",
    143	"RxFragDisc",
    144	"TxAged",
    145	"RxAged",
    146	"LostSync-MaxRetry",
    147	"LostSync-MissedBeacons",
    148	"LostSync-ArlExceeded",
    149	"LostSync-Deauth",
    150	"LostSync-Disassoced",
    151	"LostSync-TsfTiming",
    152	"HostTxMc",
    153	"HostTxBc",
    154	"HostTxUc",
    155	"HostTxFail",
    156	"HostRxMc",
    157	"HostRxBc",
    158	"HostRxUc",
    159	"HostRxDiscard",
    160	IGNLABEL("HmacTxMc"),
    161	IGNLABEL("HmacTxBc"),
    162	IGNLABEL("HmacTxUc"),
    163	IGNLABEL("HmacTxFail"),
    164	IGNLABEL("HmacRxMc"),
    165	IGNLABEL("HmacRxBc"),
    166	IGNLABEL("HmacRxUc"),
    167	IGNLABEL("HmacRxDiscard"),
    168	IGNLABEL("HmacRxAccepted"),
    169	"SsidMismatch",
    170	"ApMismatch",
    171	"RatesMismatch",
    172	"AuthReject",
    173	"AuthTimeout",
    174	"AssocReject",
    175	"AssocTimeout",
    176	IGNLABEL("ReasonOutsideTable"),
    177	IGNLABEL("ReasonStatus1"),
    178	IGNLABEL("ReasonStatus2"),
    179	IGNLABEL("ReasonStatus3"),
    180	IGNLABEL("ReasonStatus4"),
    181	IGNLABEL("ReasonStatus5"),
    182	IGNLABEL("ReasonStatus6"),
    183	IGNLABEL("ReasonStatus7"),
    184	IGNLABEL("ReasonStatus8"),
    185	IGNLABEL("ReasonStatus9"),
    186	IGNLABEL("ReasonStatus10"),
    187	IGNLABEL("ReasonStatus11"),
    188	IGNLABEL("ReasonStatus12"),
    189	IGNLABEL("ReasonStatus13"),
    190	IGNLABEL("ReasonStatus14"),
    191	IGNLABEL("ReasonStatus15"),
    192	IGNLABEL("ReasonStatus16"),
    193	IGNLABEL("ReasonStatus17"),
    194	IGNLABEL("ReasonStatus18"),
    195	IGNLABEL("ReasonStatus19"),
    196	"RxMan",
    197	"TxMan",
    198	"RxRefresh",
    199	"TxRefresh",
    200	"RxPoll",
    201	"TxPoll",
    202	"HostRetries",
    203	"LostSync-HostReq",
    204	"HostTxBytes",
    205	"HostRxBytes",
    206	"ElapsedUsec",
    207	"ElapsedSec",
    208	"LostSyncBetterAP",
    209	"PrivacyMismatch",
    210	"Jammed",
    211	"DiscRxNotWepped",
    212	"PhyEleMismatch",
    213	(char*)-1 };
    214#ifndef RUN_AT
    215#define RUN_AT(x) (jiffies+(x))
    216#endif
    217
    218
    219/* These variables are for insmod, since it seems that the rates
    220   can only be set in setup_card.  Rates should be a comma separated
    221   (no spaces) list of rates (up to 8). */
    222
    223static int rates[8];
    224static char *ssids[3];
    225
    226static int io[4];
    227static int irq[4];
    228
    229static
    230int maxencrypt /* = 0 */; /* The highest rate that the card can encrypt at.
    231		       0 means no limit.  For old cards this was 4 */
    232
    233static int auto_wep /* = 0 */; /* If set, it tries to figure out the wep mode */
    234static int aux_bap /* = 0 */; /* Checks to see if the aux ports are needed to read
    235		    the bap, needed on some older cards and buses. */
    236static int adhoc;
    237
    238static int probe = 1;
    239
    240static kuid_t proc_kuid;
    241static int proc_uid /* = 0 */;
    242
    243static kgid_t proc_kgid;
    244static int proc_gid /* = 0 */;
    245
    246static int airo_perm = 0555;
    247
    248static int proc_perm = 0644;
    249
    250MODULE_AUTHOR("Benjamin Reed");
    251MODULE_DESCRIPTION("Support for Cisco/Aironet 802.11 wireless ethernet cards.  "
    252		   "Direct support for ISA/PCI/MPI cards and support for PCMCIA when used with airo_cs.");
    253MODULE_LICENSE("Dual BSD/GPL");
    254module_param_hw_array(io, int, ioport, NULL, 0);
    255module_param_hw_array(irq, int, irq, NULL, 0);
    256module_param_array(rates, int, NULL, 0);
    257module_param_array(ssids, charp, NULL, 0);
    258module_param(auto_wep, int, 0);
    259MODULE_PARM_DESC(auto_wep,
    260		 "If non-zero, the driver will keep looping through the authentication options until an association is made.  "
    261		 "The value of auto_wep is number of the wep keys to check.  "
    262		 "A value of 2 will try using the key at index 0 and index 1.");
    263module_param(aux_bap, int, 0);
    264MODULE_PARM_DESC(aux_bap,
    265		 "If non-zero, the driver will switch into a mode that seems to work better for older cards with some older buses.  "
    266		 "Before switching it checks that the switch is needed.");
    267module_param(maxencrypt, int, 0);
    268MODULE_PARM_DESC(maxencrypt,
    269		 "The maximum speed that the card can do encryption.  "
    270		 "Units are in 512kbs.  "
    271		 "Zero (default) means there is no limit.  "
    272		 "Older cards used to be limited to 2mbs (4).");
    273module_param(adhoc, int, 0);
    274MODULE_PARM_DESC(adhoc, "If non-zero, the card will start in adhoc mode.");
    275module_param(probe, int, 0);
    276MODULE_PARM_DESC(probe, "If zero, the driver won't start the card.");
    277
    278module_param(proc_uid, int, 0);
    279MODULE_PARM_DESC(proc_uid, "The uid that the /proc files will belong to.");
    280module_param(proc_gid, int, 0);
    281MODULE_PARM_DESC(proc_gid, "The gid that the /proc files will belong to.");
    282module_param(airo_perm, int, 0);
    283MODULE_PARM_DESC(airo_perm, "The permission bits of /proc/[driver/]aironet.");
    284module_param(proc_perm, int, 0);
    285MODULE_PARM_DESC(proc_perm, "The permission bits of the files in /proc");
    286
    287/* This is a kind of sloppy hack to get this information to OUT4500 and
    288   IN4500.  I would be extremely interested in the situation where this
    289   doesn't work though!!! */
    290static int do8bitIO /* = 0 */;
    291
    292/* Return codes */
    293#define SUCCESS 0
    294#define ERROR -1
    295#define NO_PACKET -2
    296
    297/* Commands */
    298#define NOP2		0x0000
    299#define MAC_ENABLE	0x0001
    300#define MAC_DISABLE	0x0002
    301#define CMD_LOSE_SYNC	0x0003 /* Not sure what this does... */
    302#define CMD_SOFTRESET	0x0004
    303#define HOSTSLEEP	0x0005
    304#define CMD_MAGIC_PKT	0x0006
    305#define CMD_SETWAKEMASK	0x0007
    306#define CMD_READCFG	0x0008
    307#define CMD_SETMODE	0x0009
    308#define CMD_ALLOCATETX	0x000a
    309#define CMD_TRANSMIT	0x000b
    310#define CMD_DEALLOCATETX 0x000c
    311#define NOP		0x0010
    312#define CMD_WORKAROUND	0x0011
    313#define CMD_ALLOCATEAUX 0x0020
    314#define CMD_ACCESS	0x0021
    315#define CMD_PCIBAP	0x0022
    316#define CMD_PCIAUX	0x0023
    317#define CMD_ALLOCBUF	0x0028
    318#define CMD_GETTLV	0x0029
    319#define CMD_PUTTLV	0x002a
    320#define CMD_DELTLV	0x002b
    321#define CMD_FINDNEXTTLV	0x002c
    322#define CMD_PSPNODES	0x0030
    323#define CMD_SETCW	0x0031
    324#define CMD_SETPCF	0x0032
    325#define CMD_SETPHYREG	0x003e
    326#define CMD_TXTEST	0x003f
    327#define MAC_ENABLETX	0x0101
    328#define CMD_LISTBSS	0x0103
    329#define CMD_SAVECFG	0x0108
    330#define CMD_ENABLEAUX	0x0111
    331#define CMD_WRITERID	0x0121
    332#define CMD_USEPSPNODES	0x0130
    333#define MAC_ENABLERX	0x0201
    334
    335/* Command errors */
    336#define ERROR_QUALIF 0x00
    337#define ERROR_ILLCMD 0x01
    338#define ERROR_ILLFMT 0x02
    339#define ERROR_INVFID 0x03
    340#define ERROR_INVRID 0x04
    341#define ERROR_LARGE 0x05
    342#define ERROR_NDISABL 0x06
    343#define ERROR_ALLOCBSY 0x07
    344#define ERROR_NORD 0x0B
    345#define ERROR_NOWR 0x0C
    346#define ERROR_INVFIDTX 0x0D
    347#define ERROR_TESTACT 0x0E
    348#define ERROR_TAGNFND 0x12
    349#define ERROR_DECODE 0x20
    350#define ERROR_DESCUNAV 0x21
    351#define ERROR_BADLEN 0x22
    352#define ERROR_MODE 0x80
    353#define ERROR_HOP 0x81
    354#define ERROR_BINTER 0x82
    355#define ERROR_RXMODE 0x83
    356#define ERROR_MACADDR 0x84
    357#define ERROR_RATES 0x85
    358#define ERROR_ORDER 0x86
    359#define ERROR_SCAN 0x87
    360#define ERROR_AUTH 0x88
    361#define ERROR_PSMODE 0x89
    362#define ERROR_RTYPE 0x8A
    363#define ERROR_DIVER 0x8B
    364#define ERROR_SSID 0x8C
    365#define ERROR_APLIST 0x8D
    366#define ERROR_AUTOWAKE 0x8E
    367#define ERROR_LEAP 0x8F
    368
    369/* Registers */
    370#define COMMAND 0x00
    371#define PARAM0 0x02
    372#define PARAM1 0x04
    373#define PARAM2 0x06
    374#define STATUS 0x08
    375#define RESP0 0x0a
    376#define RESP1 0x0c
    377#define RESP2 0x0e
    378#define LINKSTAT 0x10
    379#define SELECT0 0x18
    380#define OFFSET0 0x1c
    381#define RXFID 0x20
    382#define TXALLOCFID 0x22
    383#define TXCOMPLFID 0x24
    384#define DATA0 0x36
    385#define EVSTAT 0x30
    386#define EVINTEN 0x32
    387#define EVACK 0x34
    388#define SWS0 0x28
    389#define SWS1 0x2a
    390#define SWS2 0x2c
    391#define SWS3 0x2e
    392#define AUXPAGE 0x3A
    393#define AUXOFF 0x3C
    394#define AUXDATA 0x3E
    395
    396#define FID_TX 1
    397#define FID_RX 2
    398/* Offset into aux memory for descriptors */
    399#define AUX_OFFSET 0x800
    400/* Size of allocated packets */
    401#define PKTSIZE 1840
    402#define RIDSIZE 2048
    403/* Size of the transmit queue */
    404#define MAXTXQ 64
    405
    406/* BAP selectors */
    407#define BAP0 0 /* Used for receiving packets */
    408#define BAP1 2 /* Used for xmiting packets and working with RIDS */
    409
    410/* Flags */
    411#define COMMAND_BUSY 0x8000
    412
    413#define BAP_BUSY 0x8000
    414#define BAP_ERR 0x4000
    415#define BAP_DONE 0x2000
    416
    417#define PROMISC 0xffff
    418#define NOPROMISC 0x0000
    419
    420#define EV_CMD 0x10
    421#define EV_CLEARCOMMANDBUSY 0x4000
    422#define EV_RX 0x01
    423#define EV_TX 0x02
    424#define EV_TXEXC 0x04
    425#define EV_ALLOC 0x08
    426#define EV_LINK 0x80
    427#define EV_AWAKE 0x100
    428#define EV_TXCPY 0x400
    429#define EV_UNKNOWN 0x800
    430#define EV_MIC 0x1000 /* Message Integrity Check Interrupt */
    431#define EV_AWAKEN 0x2000
    432#define STATUS_INTS (EV_AWAKE|EV_LINK|EV_TXEXC|EV_TX|EV_TXCPY|EV_RX|EV_MIC)
    433
    434#ifdef CHECK_UNKNOWN_INTS
    435#define IGNORE_INTS (EV_CMD | EV_UNKNOWN)
    436#else
    437#define IGNORE_INTS (~STATUS_INTS)
    438#endif
    439
    440/* RID TYPES */
    441#define RID_RW 0x20
    442
    443/* The RIDs */
    444#define RID_CAPABILITIES 0xFF00
    445#define RID_APINFO     0xFF01
    446#define RID_RADIOINFO  0xFF02
    447#define RID_UNKNOWN3   0xFF03
    448#define RID_RSSI       0xFF04
    449#define RID_CONFIG     0xFF10
    450#define RID_SSID       0xFF11
    451#define RID_APLIST     0xFF12
    452#define RID_DRVNAME    0xFF13
    453#define RID_ETHERENCAP 0xFF14
    454#define RID_WEP_TEMP   0xFF15
    455#define RID_WEP_PERM   0xFF16
    456#define RID_MODULATION 0xFF17
    457#define RID_OPTIONS    0xFF18
    458#define RID_ACTUALCONFIG 0xFF20 /*readonly*/
    459#define RID_FACTORYCONFIG 0xFF21
    460#define RID_UNKNOWN22  0xFF22
    461#define RID_LEAPUSERNAME 0xFF23
    462#define RID_LEAPPASSWORD 0xFF24
    463#define RID_STATUS     0xFF50
    464#define RID_BEACON_HST 0xFF51
    465#define RID_BUSY_HST   0xFF52
    466#define RID_RETRIES_HST 0xFF53
    467#define RID_UNKNOWN54  0xFF54
    468#define RID_UNKNOWN55  0xFF55
    469#define RID_UNKNOWN56  0xFF56
    470#define RID_MIC        0xFF57
    471#define RID_STATS16    0xFF60
    472#define RID_STATS16DELTA 0xFF61
    473#define RID_STATS16DELTACLEAR 0xFF62
    474#define RID_STATS      0xFF68
    475#define RID_STATSDELTA 0xFF69
    476#define RID_STATSDELTACLEAR 0xFF6A
    477#define RID_ECHOTEST_RID 0xFF70
    478#define RID_ECHOTEST_RESULTS 0xFF71
    479#define RID_BSSLISTFIRST 0xFF72
    480#define RID_BSSLISTNEXT  0xFF73
    481#define RID_WPA_BSSLISTFIRST 0xFF74
    482#define RID_WPA_BSSLISTNEXT  0xFF75
    483
    484typedef struct {
    485	u16 cmd;
    486	u16 parm0;
    487	u16 parm1;
    488	u16 parm2;
    489} Cmd;
    490
    491typedef struct {
    492	u16 status;
    493	u16 rsp0;
    494	u16 rsp1;
    495	u16 rsp2;
    496} Resp;
    497
    498/*
    499 * Rids and endian-ness:  The Rids will always be in cpu endian, since
    500 * this all the patches from the big-endian guys end up doing that.
    501 * so all rid access should use the read/writeXXXRid routines.
    502 */
    503
    504/* This structure came from an email sent to me from an engineer at
    505   aironet for inclusion into this driver */
    506typedef struct WepKeyRid WepKeyRid;
    507struct WepKeyRid {
    508	__le16 len;
    509	__le16 kindex;
    510	u8 mac[ETH_ALEN];
    511	__le16 klen;
    512	u8 key[16];
    513} __packed;
    514
    515/* These structures are from the Aironet's PC4500 Developers Manual */
    516typedef struct Ssid Ssid;
    517struct Ssid {
    518	__le16 len;
    519	u8 ssid[32];
    520} __packed;
    521
    522typedef struct SsidRid SsidRid;
    523struct SsidRid {
    524	__le16 len;
    525	Ssid ssids[3];
    526} __packed;
    527
    528typedef struct ModulationRid ModulationRid;
    529struct ModulationRid {
    530        __le16 len;
    531        __le16 modulation;
    532#define MOD_DEFAULT cpu_to_le16(0)
    533#define MOD_CCK cpu_to_le16(1)
    534#define MOD_MOK cpu_to_le16(2)
    535} __packed;
    536
    537typedef struct ConfigRid ConfigRid;
    538struct ConfigRid {
    539	__le16 len; /* sizeof(ConfigRid) */
    540	__le16 opmode; /* operating mode */
    541#define MODE_STA_IBSS cpu_to_le16(0)
    542#define MODE_STA_ESS cpu_to_le16(1)
    543#define MODE_AP cpu_to_le16(2)
    544#define MODE_AP_RPTR cpu_to_le16(3)
    545#define MODE_CFG_MASK cpu_to_le16(0xff)
    546#define MODE_ETHERNET_HOST cpu_to_le16(0<<8) /* rx payloads converted */
    547#define MODE_LLC_HOST cpu_to_le16(1<<8) /* rx payloads left as is */
    548#define MODE_AIRONET_EXTEND cpu_to_le16(1<<9) /* enable Aironet extensions */
    549#define MODE_AP_INTERFACE cpu_to_le16(1<<10) /* enable ap interface extensions */
    550#define MODE_ANTENNA_ALIGN cpu_to_le16(1<<11) /* enable antenna alignment */
    551#define MODE_ETHER_LLC cpu_to_le16(1<<12) /* enable ethernet LLC */
    552#define MODE_LEAF_NODE cpu_to_le16(1<<13) /* enable leaf node bridge */
    553#define MODE_CF_POLLABLE cpu_to_le16(1<<14) /* enable CF pollable */
    554#define MODE_MIC cpu_to_le16(1<<15) /* enable MIC */
    555	__le16 rmode; /* receive mode */
    556#define RXMODE_BC_MC_ADDR cpu_to_le16(0)
    557#define RXMODE_BC_ADDR cpu_to_le16(1) /* ignore multicasts */
    558#define RXMODE_ADDR cpu_to_le16(2) /* ignore multicast and broadcast */
    559#define RXMODE_RFMON cpu_to_le16(3) /* wireless monitor mode */
    560#define RXMODE_RFMON_ANYBSS cpu_to_le16(4)
    561#define RXMODE_LANMON cpu_to_le16(5) /* lan style monitor -- data packets only */
    562#define RXMODE_MASK cpu_to_le16(255)
    563#define RXMODE_DISABLE_802_3_HEADER cpu_to_le16(1<<8) /* disables 802.3 header on rx */
    564#define RXMODE_FULL_MASK (RXMODE_MASK | RXMODE_DISABLE_802_3_HEADER)
    565#define RXMODE_NORMALIZED_RSSI cpu_to_le16(1<<9) /* return normalized RSSI */
    566	__le16 fragThresh;
    567	__le16 rtsThres;
    568	u8 macAddr[ETH_ALEN];
    569	u8 rates[8];
    570	__le16 shortRetryLimit;
    571	__le16 longRetryLimit;
    572	__le16 txLifetime; /* in kusec */
    573	__le16 rxLifetime; /* in kusec */
    574	__le16 stationary;
    575	__le16 ordering;
    576	__le16 u16deviceType; /* for overriding device type */
    577	__le16 cfpRate;
    578	__le16 cfpDuration;
    579	__le16 _reserved1[3];
    580	/*---------- Scanning/Associating ----------*/
    581	__le16 scanMode;
    582#define SCANMODE_ACTIVE cpu_to_le16(0)
    583#define SCANMODE_PASSIVE cpu_to_le16(1)
    584#define SCANMODE_AIROSCAN cpu_to_le16(2)
    585	__le16 probeDelay; /* in kusec */
    586	__le16 probeEnergyTimeout; /* in kusec */
    587        __le16 probeResponseTimeout;
    588	__le16 beaconListenTimeout;
    589	__le16 joinNetTimeout;
    590	__le16 authTimeout;
    591	__le16 authType;
    592#define AUTH_OPEN cpu_to_le16(0x1)
    593#define AUTH_ENCRYPT cpu_to_le16(0x101)
    594#define AUTH_SHAREDKEY cpu_to_le16(0x102)
    595#define AUTH_ALLOW_UNENCRYPTED cpu_to_le16(0x200)
    596	__le16 associationTimeout;
    597	__le16 specifiedApTimeout;
    598	__le16 offlineScanInterval;
    599	__le16 offlineScanDuration;
    600	__le16 linkLossDelay;
    601	__le16 maxBeaconLostTime;
    602	__le16 refreshInterval;
    603#define DISABLE_REFRESH cpu_to_le16(0xFFFF)
    604	__le16 _reserved1a[1];
    605	/*---------- Power save operation ----------*/
    606	__le16 powerSaveMode;
    607#define POWERSAVE_CAM cpu_to_le16(0)
    608#define POWERSAVE_PSP cpu_to_le16(1)
    609#define POWERSAVE_PSPCAM cpu_to_le16(2)
    610	__le16 sleepForDtims;
    611	__le16 listenInterval;
    612	__le16 fastListenInterval;
    613	__le16 listenDecay;
    614	__le16 fastListenDelay;
    615	__le16 _reserved2[2];
    616	/*---------- Ap/Ibss config items ----------*/
    617	__le16 beaconPeriod;
    618	__le16 atimDuration;
    619	__le16 hopPeriod;
    620	__le16 channelSet;
    621	__le16 channel;
    622	__le16 dtimPeriod;
    623	__le16 bridgeDistance;
    624	__le16 radioID;
    625	/*---------- Radio configuration ----------*/
    626	__le16 radioType;
    627#define RADIOTYPE_DEFAULT cpu_to_le16(0)
    628#define RADIOTYPE_802_11 cpu_to_le16(1)
    629#define RADIOTYPE_LEGACY cpu_to_le16(2)
    630	u8 rxDiversity;
    631	u8 txDiversity;
    632	__le16 txPower;
    633#define TXPOWER_DEFAULT 0
    634	__le16 rssiThreshold;
    635#define RSSI_DEFAULT 0
    636        __le16 modulation;
    637#define PREAMBLE_AUTO cpu_to_le16(0)
    638#define PREAMBLE_LONG cpu_to_le16(1)
    639#define PREAMBLE_SHORT cpu_to_le16(2)
    640	__le16 preamble;
    641	__le16 homeProduct;
    642	__le16 radioSpecific;
    643	/*---------- Aironet Extensions ----------*/
    644	u8 nodeName[16];
    645	__le16 arlThreshold;
    646	__le16 arlDecay;
    647	__le16 arlDelay;
    648	__le16 _reserved4[1];
    649	/*---------- Aironet Extensions ----------*/
    650	u8 magicAction;
    651#define MAGIC_ACTION_STSCHG 1
    652#define MAGIC_ACTION_RESUME 2
    653#define MAGIC_IGNORE_MCAST (1<<8)
    654#define MAGIC_IGNORE_BCAST (1<<9)
    655#define MAGIC_SWITCH_TO_PSP (0<<10)
    656#define MAGIC_STAY_IN_CAM (1<<10)
    657	u8 magicControl;
    658	__le16 autoWake;
    659} __packed;
    660
    661typedef struct StatusRid StatusRid;
    662struct StatusRid {
    663	__le16 len;
    664	u8 mac[ETH_ALEN];
    665	__le16 mode;
    666	__le16 errorCode;
    667	__le16 sigQuality;
    668	__le16 SSIDlen;
    669	char SSID[32];
    670	char apName[16];
    671	u8 bssid[4][ETH_ALEN];
    672	__le16 beaconPeriod;
    673	__le16 dimPeriod;
    674	__le16 atimDuration;
    675	__le16 hopPeriod;
    676	__le16 channelSet;
    677	__le16 channel;
    678	__le16 hopsToBackbone;
    679	__le16 apTotalLoad;
    680	__le16 generatedLoad;
    681	__le16 accumulatedArl;
    682	__le16 signalQuality;
    683	__le16 currentXmitRate;
    684	__le16 apDevExtensions;
    685	__le16 normalizedSignalStrength;
    686	__le16 shortPreamble;
    687	u8 apIP[4];
    688	u8 noisePercent; /* Noise percent in last second */
    689	u8 noisedBm; /* Noise dBm in last second */
    690	u8 noiseAvePercent; /* Noise percent in last minute */
    691	u8 noiseAvedBm; /* Noise dBm in last minute */
    692	u8 noiseMaxPercent; /* Highest noise percent in last minute */
    693	u8 noiseMaxdBm; /* Highest noise dbm in last minute */
    694	__le16 load;
    695	u8 carrier[4];
    696	__le16 assocStatus;
    697#define STAT_NOPACKETS 0
    698#define STAT_NOCARRIERSET 10
    699#define STAT_GOTCARRIERSET 11
    700#define STAT_WRONGSSID 20
    701#define STAT_BADCHANNEL 25
    702#define STAT_BADBITRATES 30
    703#define STAT_BADPRIVACY 35
    704#define STAT_APFOUND 40
    705#define STAT_APREJECTED 50
    706#define STAT_AUTHENTICATING 60
    707#define STAT_DEAUTHENTICATED 61
    708#define STAT_AUTHTIMEOUT 62
    709#define STAT_ASSOCIATING 70
    710#define STAT_DEASSOCIATED 71
    711#define STAT_ASSOCTIMEOUT 72
    712#define STAT_NOTAIROAP 73
    713#define STAT_ASSOCIATED 80
    714#define STAT_LEAPING 90
    715#define STAT_LEAPFAILED 91
    716#define STAT_LEAPTIMEDOUT 92
    717#define STAT_LEAPCOMPLETE 93
    718} __packed;
    719
    720typedef struct StatsRid StatsRid;
    721struct StatsRid {
    722	__le16 len;
    723	__le16 spacer;
    724	__le32 vals[100];
    725} __packed;
    726
    727typedef struct APListRid APListRid;
    728struct APListRid {
    729	__le16 len;
    730	u8 ap[4][ETH_ALEN];
    731} __packed;
    732
    733typedef struct CapabilityRid CapabilityRid;
    734struct CapabilityRid {
    735	__le16 len;
    736	char oui[3];
    737	char zero;
    738	__le16 prodNum;
    739	char manName[32];
    740	char prodName[16];
    741	char prodVer[8];
    742	char factoryAddr[ETH_ALEN];
    743	char aironetAddr[ETH_ALEN];
    744	__le16 radioType;
    745	__le16 country;
    746	char callid[ETH_ALEN];
    747	char supportedRates[8];
    748	char rxDiversity;
    749	char txDiversity;
    750	__le16 txPowerLevels[8];
    751	__le16 hardVer;
    752	__le16 hardCap;
    753	__le16 tempRange;
    754	__le16 softVer;
    755	__le16 softSubVer;
    756	__le16 interfaceVer;
    757	__le16 softCap;
    758	__le16 bootBlockVer;
    759	__le16 requiredHard;
    760	__le16 extSoftCap;
    761} __packed;
    762
    763/* Only present on firmware >= 5.30.17 */
    764typedef struct BSSListRidExtra BSSListRidExtra;
    765struct BSSListRidExtra {
    766  __le16 unknown[4];
    767  u8 fixed[12]; /* WLAN management frame */
    768  u8 iep[624];
    769} __packed;
    770
    771typedef struct BSSListRid BSSListRid;
    772struct BSSListRid {
    773  __le16 len;
    774  __le16 index; /* First is 0 and 0xffff means end of list */
    775#define RADIO_FH 1 /* Frequency hopping radio type */
    776#define RADIO_DS 2 /* Direct sequence radio type */
    777#define RADIO_TMA 4 /* Proprietary radio used in old cards (2500) */
    778  __le16 radioType;
    779  u8 bssid[ETH_ALEN]; /* Mac address of the BSS */
    780  u8 zero;
    781  u8 ssidLen;
    782  u8 ssid[32];
    783  __le16 dBm;
    784#define CAP_ESS cpu_to_le16(1<<0)
    785#define CAP_IBSS cpu_to_le16(1<<1)
    786#define CAP_PRIVACY cpu_to_le16(1<<4)
    787#define CAP_SHORTHDR cpu_to_le16(1<<5)
    788  __le16 cap;
    789  __le16 beaconInterval;
    790  u8 rates[8]; /* Same as rates for config rid */
    791  struct { /* For frequency hopping only */
    792    __le16 dwell;
    793    u8 hopSet;
    794    u8 hopPattern;
    795    u8 hopIndex;
    796    u8 fill;
    797  } fh;
    798  __le16 dsChannel;
    799  __le16 atimWindow;
    800
    801  /* Only present on firmware >= 5.30.17 */
    802  BSSListRidExtra extra;
    803} __packed;
    804
    805typedef struct {
    806  BSSListRid bss;
    807  struct list_head list;
    808} BSSListElement;
    809
    810typedef struct tdsRssiEntry tdsRssiEntry;
    811struct tdsRssiEntry {
    812  u8 rssipct;
    813  u8 rssidBm;
    814} __packed;
    815
    816typedef struct tdsRssiRid tdsRssiRid;
    817struct tdsRssiRid {
    818  u16 len;
    819  tdsRssiEntry x[256];
    820} __packed;
    821
    822typedef struct MICRid MICRid;
    823struct MICRid {
    824	__le16 len;
    825	__le16 state;
    826	__le16 multicastValid;
    827	u8  multicast[16];
    828	__le16 unicastValid;
    829	u8  unicast[16];
    830} __packed;
    831
    832typedef struct MICBuffer MICBuffer;
    833struct MICBuffer {
    834	__be16 typelen;
    835
    836	union {
    837	    u8 snap[8];
    838	    struct {
    839		u8 dsap;
    840		u8 ssap;
    841		u8 control;
    842		u8 orgcode[3];
    843		u8 fieldtype[2];
    844	    } llc;
    845	} u;
    846	__be32 mic;
    847	__be32 seq;
    848} __packed;
    849
    850typedef struct {
    851	u8 da[ETH_ALEN];
    852	u8 sa[ETH_ALEN];
    853} etherHead;
    854
    855#define TXCTL_TXOK (1<<1) /* report if tx is ok */
    856#define TXCTL_TXEX (1<<2) /* report if tx fails */
    857#define TXCTL_802_3 (0<<3) /* 802.3 packet */
    858#define TXCTL_802_11 (1<<3) /* 802.11 mac packet */
    859#define TXCTL_ETHERNET (0<<4) /* payload has ethertype */
    860#define TXCTL_LLC (1<<4) /* payload is llc */
    861#define TXCTL_RELEASE (0<<5) /* release after completion */
    862#define TXCTL_NORELEASE (1<<5) /* on completion returns to host */
    863
    864#define BUSY_FID 0x10000
    865
    866#ifdef CISCO_EXT
    867#define AIROMAGIC	0xa55a
    868/* Warning : SIOCDEVPRIVATE may disapear during 2.5.X - Jean II */
    869#ifdef SIOCIWFIRSTPRIV
    870#ifdef SIOCDEVPRIVATE
    871#define AIROOLDIOCTL	SIOCDEVPRIVATE
    872#define AIROOLDIDIFC 	AIROOLDIOCTL + 1
    873#endif /* SIOCDEVPRIVATE */
    874#else /* SIOCIWFIRSTPRIV */
    875#define SIOCIWFIRSTPRIV SIOCDEVPRIVATE
    876#endif /* SIOCIWFIRSTPRIV */
    877/* This may be wrong. When using the new SIOCIWFIRSTPRIV range, we probably
    878 * should use only "GET" ioctls (last bit set to 1). "SET" ioctls are root
    879 * only and don't return the modified struct ifreq to the application which
    880 * is usually a problem. - Jean II */
    881#define AIROIOCTL	SIOCIWFIRSTPRIV
    882#define AIROIDIFC 	AIROIOCTL + 1
    883
    884/* Ioctl constants to be used in airo_ioctl.command */
    885
    886#define	AIROGCAP  		0	// Capability rid
    887#define AIROGCFG		1       // USED A LOT
    888#define AIROGSLIST		2	// System ID list
    889#define AIROGVLIST		3       // List of specified AP's
    890#define AIROGDRVNAM		4	//  NOTUSED
    891#define AIROGEHTENC		5	// NOTUSED
    892#define AIROGWEPKTMP		6
    893#define AIROGWEPKNV		7
    894#define AIROGSTAT		8
    895#define AIROGSTATSC32		9
    896#define AIROGSTATSD32		10
    897#define AIROGMICRID		11
    898#define AIROGMICSTATS		12
    899#define AIROGFLAGS		13
    900#define AIROGID			14
    901#define AIRORRID		15
    902#define AIRORSWVERSION		17
    903
    904/* Leave gap of 40 commands after AIROGSTATSD32 for future */
    905
    906#define AIROPCAP               	AIROGSTATSD32 + 40
    907#define AIROPVLIST              AIROPCAP      + 1
    908#define AIROPSLIST		AIROPVLIST    + 1
    909#define AIROPCFG		AIROPSLIST    + 1
    910#define AIROPSIDS		AIROPCFG      + 1
    911#define AIROPAPLIST		AIROPSIDS     + 1
    912#define AIROPMACON		AIROPAPLIST   + 1	/* Enable mac  */
    913#define AIROPMACOFF		AIROPMACON    + 1 	/* Disable mac */
    914#define AIROPSTCLR		AIROPMACOFF   + 1
    915#define AIROPWEPKEY		AIROPSTCLR    + 1
    916#define AIROPWEPKEYNV		AIROPWEPKEY   + 1
    917#define AIROPLEAPPWD            AIROPWEPKEYNV + 1
    918#define AIROPLEAPUSR            AIROPLEAPPWD  + 1
    919
    920/* Flash codes */
    921
    922#define AIROFLSHRST	       AIROPWEPKEYNV  + 40
    923#define AIROFLSHGCHR           AIROFLSHRST    + 1
    924#define AIROFLSHSTFL           AIROFLSHGCHR   + 1
    925#define AIROFLSHPCHR           AIROFLSHSTFL   + 1
    926#define AIROFLPUTBUF           AIROFLSHPCHR   + 1
    927#define AIRORESTART            AIROFLPUTBUF   + 1
    928
    929#define FLASHSIZE	32768
    930#define AUXMEMSIZE	(256 * 1024)
    931
    932typedef struct aironet_ioctl {
    933	unsigned short command;		// What to do
    934	unsigned short len;		// Len of data
    935	unsigned short ridnum;		// rid number
    936	unsigned char __user *data;	// d-data
    937} aironet_ioctl;
    938
    939static const char swversion[] = "2.1";
    940#endif /* CISCO_EXT */
    941
    942#define NUM_MODULES       2
    943#define MIC_MSGLEN_MAX    2400
    944#define EMMH32_MSGLEN_MAX MIC_MSGLEN_MAX
    945#define AIRO_DEF_MTU      2312
    946
    947typedef struct {
    948	u32   size;            // size
    949	u8    enabled;         // MIC enabled or not
    950	u32   rxSuccess;       // successful packets received
    951	u32   rxIncorrectMIC;  // pkts dropped due to incorrect MIC comparison
    952	u32   rxNotMICed;      // pkts dropped due to not being MIC'd
    953	u32   rxMICPlummed;    // pkts dropped due to not having a MIC plummed
    954	u32   rxWrongSequence; // pkts dropped due to sequence number violation
    955	u32   reserve[32];
    956} mic_statistics;
    957
    958typedef struct {
    959	__be32 coeff[((EMMH32_MSGLEN_MAX)+3)>>2];
    960	u64 accum;	// accumulated mic, reduced to u32 in final()
    961	int position;	// current position (byte offset) in message
    962	union {
    963		u8  d8[4];
    964		__be32 d32;
    965	} part;	// saves partial message word across update() calls
    966} emmh32_context;
    967
    968typedef struct {
    969	emmh32_context seed;	    // Context - the seed
    970	u32		 rx;	    // Received sequence number
    971	u32		 tx;	    // Tx sequence number
    972	u32		 window;    // Start of window
    973	u8		 valid;	    // Flag to say if context is valid or not
    974	u8		 key[16];
    975} miccntx;
    976
    977typedef struct {
    978	miccntx mCtx;		// Multicast context
    979	miccntx uCtx;		// Unicast context
    980} mic_module;
    981
    982typedef struct {
    983	unsigned int  rid: 16;
    984	unsigned int  len: 15;
    985	unsigned int  valid: 1;
    986	dma_addr_t host_addr;
    987} Rid;
    988
    989typedef struct {
    990	unsigned int  offset: 15;
    991	unsigned int  eoc: 1;
    992	unsigned int  len: 15;
    993	unsigned int  valid: 1;
    994	dma_addr_t host_addr;
    995} TxFid;
    996
    997struct rx_hdr {
    998	__le16 status, len;
    999	u8 rssi[2];
   1000	u8 rate;
   1001	u8 freq;
   1002	__le16 tmp[4];
   1003} __packed;
   1004
   1005typedef struct {
   1006	unsigned int  ctl: 15;
   1007	unsigned int  rdy: 1;
   1008	unsigned int  len: 15;
   1009	unsigned int  valid: 1;
   1010	dma_addr_t host_addr;
   1011} RxFid;
   1012
   1013/*
   1014 * Host receive descriptor
   1015 */
   1016typedef struct {
   1017	unsigned char __iomem *card_ram_off; /* offset into card memory of the
   1018						desc */
   1019	RxFid         rx_desc;		     /* card receive descriptor */
   1020	char          *virtual_host_addr;    /* virtual address of host receive
   1021					        buffer */
   1022	int           pending;
   1023} HostRxDesc;
   1024
   1025/*
   1026 * Host transmit descriptor
   1027 */
   1028typedef struct {
   1029	unsigned char __iomem *card_ram_off;	     /* offset into card memory of the
   1030						desc */
   1031	TxFid         tx_desc;		     /* card transmit descriptor */
   1032	char          *virtual_host_addr;    /* virtual address of host receive
   1033					        buffer */
   1034	int           pending;
   1035} HostTxDesc;
   1036
   1037/*
   1038 * Host RID descriptor
   1039 */
   1040typedef struct {
   1041	unsigned char __iomem *card_ram_off;      /* offset into card memory of the
   1042					     descriptor */
   1043	Rid           rid_desc;		  /* card RID descriptor */
   1044	char          *virtual_host_addr; /* virtual address of host receive
   1045					     buffer */
   1046} HostRidDesc;
   1047
   1048typedef struct {
   1049	u16 sw0;
   1050	u16 sw1;
   1051	u16 status;
   1052	u16 len;
   1053#define HOST_SET (1 << 0)
   1054#define HOST_INT_TX (1 << 1) /* Interrupt on successful TX */
   1055#define HOST_INT_TXERR (1 << 2) /* Interrupt on unseccessful TX */
   1056#define HOST_LCC_PAYLOAD (1 << 4) /* LLC payload, 0 = Ethertype */
   1057#define HOST_DONT_RLSE (1 << 5) /* Don't release buffer when done */
   1058#define HOST_DONT_RETRY (1 << 6) /* Don't retry trasmit */
   1059#define HOST_CLR_AID (1 << 7) /* clear AID failure */
   1060#define HOST_RTS (1 << 9) /* Force RTS use */
   1061#define HOST_SHORT (1 << 10) /* Do short preamble */
   1062	u16 ctl;
   1063	u16 aid;
   1064	u16 retries;
   1065	u16 fill;
   1066} TxCtlHdr;
   1067
   1068typedef struct {
   1069        u16 ctl;
   1070        u16 duration;
   1071        char addr1[6];
   1072        char addr2[6];
   1073        char addr3[6];
   1074        u16 seq;
   1075        char addr4[6];
   1076} WifiHdr;
   1077
   1078
   1079typedef struct {
   1080	TxCtlHdr ctlhdr;
   1081	u16 fill1;
   1082	u16 fill2;
   1083	WifiHdr wifihdr;
   1084	u16 gaplen;
   1085	u16 status;
   1086} WifiCtlHdr;
   1087
   1088static WifiCtlHdr wifictlhdr8023 = {
   1089	.ctlhdr = {
   1090		.ctl	= HOST_DONT_RLSE,
   1091	}
   1092};
   1093
   1094// A few details needed for WEP (Wireless Equivalent Privacy)
   1095#define MAX_KEY_SIZE 13			// 128 (?) bits
   1096#define MIN_KEY_SIZE  5			// 40 bits RC4 - WEP
   1097typedef struct wep_key_t {
   1098	u16	len;
   1099	u8	key[16];	/* 40-bit and 104-bit keys */
   1100} wep_key_t;
   1101
   1102/* List of Wireless Handlers (new API) */
   1103static const struct iw_handler_def	airo_handler_def;
   1104
   1105static const char version[] = "airo.c 0.6 (Ben Reed & Javier Achirica)";
   1106
   1107struct airo_info;
   1108
   1109static int get_dec_u16(char *buffer, int *start, int limit);
   1110static void OUT4500(struct airo_info *, u16 reg, u16 value);
   1111static unsigned short IN4500(struct airo_info *, u16 reg);
   1112static u16 setup_card(struct airo_info*, struct net_device *dev, int lock);
   1113static int enable_MAC(struct airo_info *ai, int lock);
   1114static void disable_MAC(struct airo_info *ai, int lock);
   1115static void enable_interrupts(struct airo_info*);
   1116static void disable_interrupts(struct airo_info*);
   1117static u16 issuecommand(struct airo_info*, Cmd *pCmd, Resp *pRsp,
   1118			bool may_sleep);
   1119static int bap_setup(struct airo_info*, u16 rid, u16 offset, int whichbap);
   1120static int aux_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
   1121			int whichbap);
   1122static int fast_bap_read(struct airo_info*, __le16 *pu16Dst, int bytelen,
   1123			 int whichbap);
   1124static int bap_write(struct airo_info*, const __le16 *pu16Src, int bytelen,
   1125		     int whichbap);
   1126static int PC4500_accessrid(struct airo_info*, u16 rid, u16 accmd);
   1127static int PC4500_readrid(struct airo_info*, u16 rid, void *pBuf, int len, int lock);
   1128static int PC4500_writerid(struct airo_info*, u16 rid, const void
   1129			   *pBuf, int len, int lock);
   1130static int do_writerid(struct airo_info*, u16 rid, const void *rid_data,
   1131			int len, int dummy);
   1132static u16 transmit_allocate(struct airo_info*, int lenPayload, int raw);
   1133static int transmit_802_3_packet(struct airo_info*, int len, char *pPacket,
   1134				 bool may_sleep);
   1135static int transmit_802_11_packet(struct airo_info*, int len, char *pPacket,
   1136				  bool may_sleep);
   1137
   1138static int mpi_send_packet(struct net_device *dev);
   1139static void mpi_unmap_card(struct pci_dev *pci);
   1140static void mpi_receive_802_3(struct airo_info *ai);
   1141static void mpi_receive_802_11(struct airo_info *ai);
   1142static int waitbusy(struct airo_info *ai);
   1143
   1144static irqreturn_t airo_interrupt(int irq, void* dev_id);
   1145static int airo_thread(void *data);
   1146static void timer_func(struct net_device *dev);
   1147static int airo_siocdevprivate(struct net_device *dev, struct ifreq *rq, void __user *, int cmd);
   1148static struct iw_statistics *airo_get_wireless_stats(struct net_device *dev);
   1149#ifdef CISCO_EXT
   1150static int readrids(struct net_device *dev, aironet_ioctl *comp);
   1151static int writerids(struct net_device *dev, aironet_ioctl *comp);
   1152static int flashcard(struct net_device *dev, aironet_ioctl *comp);
   1153#endif /* CISCO_EXT */
   1154static void micinit(struct airo_info *ai);
   1155static int micsetup(struct airo_info *ai);
   1156static int encapsulate(struct airo_info *ai, etherHead *pPacket, MICBuffer *buffer, int len);
   1157static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *pPacket, u16 payLen);
   1158
   1159static u8 airo_rssi_to_dbm(tdsRssiEntry *rssi_rid, u8 rssi);
   1160static u8 airo_dbm_to_pct(tdsRssiEntry *rssi_rid, u8 dbm);
   1161
   1162static void airo_networks_free(struct airo_info *ai);
   1163
   1164struct airo_info {
   1165	struct net_device             *dev;
   1166	struct list_head              dev_list;
   1167	/* Note, we can have MAX_FIDS outstanding.  FIDs are 16-bits, so we
   1168	   use the high bit to mark whether it is in use. */
   1169#define MAX_FIDS 6
   1170#define MPI_MAX_FIDS 1
   1171	u32                           fids[MAX_FIDS];
   1172	ConfigRid config;
   1173	char keyindex; // Used with auto wep
   1174	char defindex; // Used with auto wep
   1175	struct proc_dir_entry *proc_entry;
   1176        spinlock_t aux_lock;
   1177#define FLAG_RADIO_OFF	0	/* User disabling of MAC */
   1178#define FLAG_RADIO_DOWN	1	/* ifup/ifdown disabling of MAC */
   1179#define FLAG_RADIO_MASK 0x03
   1180#define FLAG_ENABLED	2
   1181#define FLAG_ADHOC	3	/* Needed by MIC */
   1182#define FLAG_MIC_CAPABLE 4
   1183#define FLAG_UPDATE_MULTI 5
   1184#define FLAG_UPDATE_UNI 6
   1185#define FLAG_802_11	7
   1186#define FLAG_PROMISC	8	/* IFF_PROMISC 0x100 - include/linux/if.h */
   1187#define FLAG_PENDING_XMIT 9
   1188#define FLAG_PENDING_XMIT11 10
   1189#define FLAG_MPI	11
   1190#define FLAG_REGISTERED	12
   1191#define FLAG_COMMIT	13
   1192#define FLAG_RESET	14
   1193#define FLAG_FLASHING	15
   1194#define FLAG_WPA_CAPABLE	16
   1195	unsigned long flags;
   1196#define JOB_DIE	0
   1197#define JOB_XMIT	1
   1198#define JOB_XMIT11	2
   1199#define JOB_STATS	3
   1200#define JOB_PROMISC	4
   1201#define JOB_MIC	5
   1202#define JOB_EVENT	6
   1203#define JOB_AUTOWEP	7
   1204#define JOB_SCAN_RESULTS  9
   1205	unsigned long jobs;
   1206	int (*bap_read)(struct airo_info*, __le16 *pu16Dst, int bytelen,
   1207			int whichbap);
   1208	unsigned short *flash;
   1209	tdsRssiEntry *rssi;
   1210	struct task_struct *list_bss_task;
   1211	struct task_struct *airo_thread_task;
   1212	struct semaphore sem;
   1213	wait_queue_head_t thr_wait;
   1214	unsigned long expires;
   1215	struct {
   1216		struct sk_buff *skb;
   1217		int fid;
   1218	} xmit, xmit11;
   1219	struct net_device *wifidev;
   1220	struct iw_statistics	wstats;		// wireless stats
   1221	unsigned long		scan_timeout;	/* Time scan should be read */
   1222	struct iw_spy_data	spy_data;
   1223	struct iw_public_data	wireless_data;
   1224	/* MIC stuff */
   1225	struct crypto_sync_skcipher	*tfm;
   1226	mic_module		mod[2];
   1227	mic_statistics		micstats;
   1228	HostRxDesc rxfids[MPI_MAX_FIDS]; // rx/tx/config MPI350 descriptors
   1229	HostTxDesc txfids[MPI_MAX_FIDS];
   1230	HostRidDesc config_desc;
   1231	unsigned long ridbus; // phys addr of config_desc
   1232	struct sk_buff_head txq;// tx queue used by mpi350 code
   1233	struct pci_dev          *pci;
   1234	unsigned char		__iomem *pcimem;
   1235	unsigned char		__iomem *pciaux;
   1236	unsigned char		*shared;
   1237	dma_addr_t		shared_dma;
   1238	pm_message_t		power;
   1239	SsidRid			*SSID;
   1240	APListRid		APList;
   1241#define	PCI_SHARED_LEN		2*MPI_MAX_FIDS*PKTSIZE+RIDSIZE
   1242	char			proc_name[IFNAMSIZ];
   1243
   1244	int			wep_capable;
   1245	int			max_wep_idx;
   1246	int			last_auth;
   1247
   1248	/* WPA-related stuff */
   1249	unsigned int bssListFirst;
   1250	unsigned int bssListNext;
   1251	unsigned int bssListRidLen;
   1252
   1253	struct list_head network_list;
   1254	struct list_head network_free_list;
   1255	BSSListElement *networks;
   1256};
   1257
   1258static inline int bap_read(struct airo_info *ai, __le16 *pu16Dst, int bytelen,
   1259			   int whichbap)
   1260{
   1261	return ai->bap_read(ai, pu16Dst, bytelen, whichbap);
   1262}
   1263
   1264static int setup_proc_entry(struct net_device *dev,
   1265			     struct airo_info *apriv);
   1266static int takedown_proc_entry(struct net_device *dev,
   1267				struct airo_info *apriv);
   1268
   1269static int cmdreset(struct airo_info *ai);
   1270static int setflashmode(struct airo_info *ai);
   1271static int flashgchar(struct airo_info *ai, int matchbyte, int dwelltime);
   1272static int flashputbuf(struct airo_info *ai);
   1273static int flashrestart(struct airo_info *ai, struct net_device *dev);
   1274
   1275#define airo_print(type, name, fmt, args...) \
   1276	printk(type DRV_NAME "(%s): " fmt "\n", name, ##args)
   1277
   1278#define airo_print_info(name, fmt, args...) \
   1279	airo_print(KERN_INFO, name, fmt, ##args)
   1280
   1281#define airo_print_dbg(name, fmt, args...) \
   1282	airo_print(KERN_DEBUG, name, fmt, ##args)
   1283
   1284#define airo_print_warn(name, fmt, args...) \
   1285	airo_print(KERN_WARNING, name, fmt, ##args)
   1286
   1287#define airo_print_err(name, fmt, args...) \
   1288	airo_print(KERN_ERR, name, fmt, ##args)
   1289
   1290#define AIRO_FLASH(dev) (((struct airo_info *)dev->ml_priv)->flash)
   1291
   1292/***********************************************************************
   1293 *                              MIC ROUTINES                           *
   1294 ***********************************************************************
   1295 */
   1296
   1297static int RxSeqValid(struct airo_info *ai, miccntx *context, int mcast, u32 micSeq);
   1298static void MoveWindow(miccntx *context, u32 micSeq);
   1299static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
   1300			   struct crypto_sync_skcipher *tfm);
   1301static void emmh32_init(emmh32_context *context);
   1302static void emmh32_update(emmh32_context *context, u8 *pOctets, int len);
   1303static void emmh32_final(emmh32_context *context, u8 digest[4]);
   1304static int flashpchar(struct airo_info *ai, int byte, int dwelltime);
   1305
   1306static void age_mic_context(miccntx *cur, miccntx *old, u8 *key, int key_len,
   1307			    struct crypto_sync_skcipher *tfm)
   1308{
   1309	/* If the current MIC context is valid and its key is the same as
   1310	 * the MIC register, there's nothing to do.
   1311	 */
   1312	if (cur->valid && (memcmp(cur->key, key, key_len) == 0))
   1313		return;
   1314
   1315	/* Age current mic Context */
   1316	memcpy(old, cur, sizeof(*cur));
   1317
   1318	/* Initialize new context */
   1319	memcpy(cur->key, key, key_len);
   1320	cur->window  = 33; /* Window always points to the middle */
   1321	cur->rx      = 0;  /* Rx Sequence numbers */
   1322	cur->tx      = 0;  /* Tx sequence numbers */
   1323	cur->valid   = 1;  /* Key is now valid */
   1324
   1325	/* Give key to mic seed */
   1326	emmh32_setseed(&cur->seed, key, key_len, tfm);
   1327}
   1328
   1329/* micinit - Initialize mic seed */
   1330
   1331static void micinit(struct airo_info *ai)
   1332{
   1333	MICRid mic_rid;
   1334
   1335	clear_bit(JOB_MIC, &ai->jobs);
   1336	PC4500_readrid(ai, RID_MIC, &mic_rid, sizeof(mic_rid), 0);
   1337	up(&ai->sem);
   1338
   1339	ai->micstats.enabled = (le16_to_cpu(mic_rid.state) & 0x00FF) ? 1 : 0;
   1340	if (!ai->micstats.enabled) {
   1341		/* So next time we have a valid key and mic is enabled, we will
   1342		 * update the sequence number if the key is the same as before.
   1343		 */
   1344		ai->mod[0].uCtx.valid = 0;
   1345		ai->mod[0].mCtx.valid = 0;
   1346		return;
   1347	}
   1348
   1349	if (mic_rid.multicastValid) {
   1350		age_mic_context(&ai->mod[0].mCtx, &ai->mod[1].mCtx,
   1351		                mic_rid.multicast, sizeof(mic_rid.multicast),
   1352		                ai->tfm);
   1353	}
   1354
   1355	if (mic_rid.unicastValid) {
   1356		age_mic_context(&ai->mod[0].uCtx, &ai->mod[1].uCtx,
   1357				mic_rid.unicast, sizeof(mic_rid.unicast),
   1358				ai->tfm);
   1359	}
   1360}
   1361
   1362/* micsetup - Get ready for business */
   1363
   1364static int micsetup(struct airo_info *ai)
   1365{
   1366	int i;
   1367
   1368	if (ai->tfm == NULL)
   1369		ai->tfm = crypto_alloc_sync_skcipher("ctr(aes)", 0, 0);
   1370
   1371        if (IS_ERR(ai->tfm)) {
   1372                airo_print_err(ai->dev->name, "failed to load transform for AES");
   1373                ai->tfm = NULL;
   1374                return ERROR;
   1375        }
   1376
   1377	for (i = 0; i < NUM_MODULES; i++) {
   1378		memset(&ai->mod[i].mCtx, 0, sizeof(miccntx));
   1379		memset(&ai->mod[i].uCtx, 0, sizeof(miccntx));
   1380	}
   1381	return SUCCESS;
   1382}
   1383
   1384static const u8 micsnap[] = {0xAA, 0xAA, 0x03, 0x00, 0x40, 0x96, 0x00, 0x02};
   1385
   1386/*===========================================================================
   1387 * Description: Mic a packet
   1388 *
   1389 *      Inputs: etherHead * pointer to an 802.3 frame
   1390 *
   1391 *     Returns: BOOLEAN if successful, otherwise false.
   1392 *             PacketTxLen will be updated with the mic'd packets size.
   1393 *
   1394 *    Caveats: It is assumed that the frame buffer will already
   1395 *             be big enough to hold the largets mic message possible.
   1396 *            (No memory allocation is done here).
   1397 *
   1398 *    Author: sbraneky (10/15/01)
   1399 *    Merciless hacks by rwilcher (1/14/02)
   1400 */
   1401
   1402static int encapsulate(struct airo_info *ai, etherHead *frame, MICBuffer *mic, int payLen)
   1403{
   1404	miccntx   *context;
   1405
   1406	// Determine correct context
   1407	// If not adhoc, always use unicast key
   1408
   1409	if (test_bit(FLAG_ADHOC, &ai->flags) && (frame->da[0] & 0x1))
   1410		context = &ai->mod[0].mCtx;
   1411	else
   1412		context = &ai->mod[0].uCtx;
   1413
   1414	if (!context->valid)
   1415		return ERROR;
   1416
   1417	mic->typelen = htons(payLen + 16); //Length of Mic'd packet
   1418
   1419	memcpy(&mic->u.snap, micsnap, sizeof(micsnap)); // Add Snap
   1420
   1421	// Add Tx sequence
   1422	mic->seq = htonl(context->tx);
   1423	context->tx += 2;
   1424
   1425	emmh32_init(&context->seed); // Mic the packet
   1426	emmh32_update(&context->seed, frame->da, ETH_ALEN * 2); // DA, SA
   1427	emmh32_update(&context->seed, (u8*)&mic->typelen, 10); // Type/Length and Snap
   1428	emmh32_update(&context->seed, (u8*)&mic->seq, sizeof(mic->seq)); //SEQ
   1429	emmh32_update(&context->seed, (u8*)(frame + 1), payLen); //payload
   1430	emmh32_final(&context->seed, (u8*)&mic->mic);
   1431
   1432	/*    New Type/length ?????????? */
   1433	mic->typelen = 0; //Let NIC know it could be an oversized packet
   1434	return SUCCESS;
   1435}
   1436
   1437typedef enum {
   1438    NONE,
   1439    NOMIC,
   1440    NOMICPLUMMED,
   1441    SEQUENCE,
   1442    INCORRECTMIC,
   1443} mic_error;
   1444
   1445/*===========================================================================
   1446 *  Description: Decapsulates a MIC'd packet and returns the 802.3 packet
   1447 *               (removes the MIC stuff) if packet is a valid packet.
   1448 *
   1449 *       Inputs: etherHead  pointer to the 802.3 packet
   1450 *
   1451 *      Returns: BOOLEAN - TRUE if packet should be dropped otherwise FALSE
   1452 *
   1453 *      Author: sbraneky (10/15/01)
   1454 *    Merciless hacks by rwilcher (1/14/02)
   1455 *---------------------------------------------------------------------------
   1456 */
   1457
   1458static int decapsulate(struct airo_info *ai, MICBuffer *mic, etherHead *eth, u16 payLen)
   1459{
   1460	int      i;
   1461	u32      micSEQ;
   1462	miccntx  *context;
   1463	u8       digest[4];
   1464	mic_error micError = NONE;
   1465
   1466	// Check if the packet is a Mic'd packet
   1467
   1468	if (!ai->micstats.enabled) {
   1469		//No Mic set or Mic OFF but we received a MIC'd packet.
   1470		if (memcmp ((u8*)eth + 14, micsnap, sizeof(micsnap)) == 0) {
   1471			ai->micstats.rxMICPlummed++;
   1472			return ERROR;
   1473		}
   1474		return SUCCESS;
   1475	}
   1476
   1477	if (ntohs(mic->typelen) == 0x888E)
   1478		return SUCCESS;
   1479
   1480	if (memcmp (mic->u.snap, micsnap, sizeof(micsnap)) != 0) {
   1481	    // Mic enabled but packet isn't Mic'd
   1482		ai->micstats.rxMICPlummed++;
   1483	    	return ERROR;
   1484	}
   1485
   1486	micSEQ = ntohl(mic->seq);            //store SEQ as CPU order
   1487
   1488	//At this point we a have a mic'd packet and mic is enabled
   1489	//Now do the mic error checking.
   1490
   1491	//Receive seq must be odd
   1492	if ((micSEQ & 1) == 0) {
   1493		ai->micstats.rxWrongSequence++;
   1494		return ERROR;
   1495	}
   1496
   1497	for (i = 0; i < NUM_MODULES; i++) {
   1498		int mcast = eth->da[0] & 1;
   1499		//Determine proper context
   1500		context = mcast ? &ai->mod[i].mCtx : &ai->mod[i].uCtx;
   1501
   1502		//Make sure context is valid
   1503		if (!context->valid) {
   1504			if (i == 0)
   1505				micError = NOMICPLUMMED;
   1506			continue;
   1507		}
   1508		//DeMic it
   1509
   1510		if (!mic->typelen)
   1511			mic->typelen = htons(payLen + sizeof(MICBuffer) - 2);
   1512
   1513		emmh32_init(&context->seed);
   1514		emmh32_update(&context->seed, eth->da, ETH_ALEN*2);
   1515		emmh32_update(&context->seed, (u8 *)&mic->typelen, sizeof(mic->typelen)+sizeof(mic->u.snap));
   1516		emmh32_update(&context->seed, (u8 *)&mic->seq, sizeof(mic->seq));
   1517		emmh32_update(&context->seed, (u8 *)(eth + 1), payLen);
   1518		//Calculate MIC
   1519		emmh32_final(&context->seed, digest);
   1520
   1521		if (memcmp(digest, &mic->mic, 4)) { //Make sure the mics match
   1522		  //Invalid Mic
   1523			if (i == 0)
   1524				micError = INCORRECTMIC;
   1525			continue;
   1526		}
   1527
   1528		//Check Sequence number if mics pass
   1529		if (RxSeqValid(ai, context, mcast, micSEQ) == SUCCESS) {
   1530			ai->micstats.rxSuccess++;
   1531			return SUCCESS;
   1532		}
   1533		if (i == 0)
   1534			micError = SEQUENCE;
   1535	}
   1536
   1537	// Update statistics
   1538	switch (micError) {
   1539		case NOMICPLUMMED: ai->micstats.rxMICPlummed++;   break;
   1540		case SEQUENCE:    ai->micstats.rxWrongSequence++; break;
   1541		case INCORRECTMIC: ai->micstats.rxIncorrectMIC++; break;
   1542		case NONE:  break;
   1543		case NOMIC: break;
   1544	}
   1545	return ERROR;
   1546}
   1547
   1548/*===========================================================================
   1549 * Description:  Checks the Rx Seq number to make sure it is valid
   1550 *               and hasn't already been received
   1551 *
   1552 *     Inputs: miccntx - mic context to check seq against
   1553 *             micSeq  - the Mic seq number
   1554 *
   1555 *    Returns: TRUE if valid otherwise FALSE.
   1556 *
   1557 *    Author: sbraneky (10/15/01)
   1558 *    Merciless hacks by rwilcher (1/14/02)
   1559 *---------------------------------------------------------------------------
   1560 */
   1561
   1562static int RxSeqValid(struct airo_info *ai, miccntx *context, int mcast, u32 micSeq)
   1563{
   1564	u32 seq, index;
   1565
   1566	//Allow for the ap being rebooted - if it is then use the next
   1567	//sequence number of the current sequence number - might go backwards
   1568
   1569	if (mcast) {
   1570		if (test_bit(FLAG_UPDATE_MULTI, &ai->flags)) {
   1571			clear_bit (FLAG_UPDATE_MULTI, &ai->flags);
   1572			context->window = (micSeq > 33) ? micSeq : 33;
   1573			context->rx     = 0;        // Reset rx
   1574		}
   1575	} else if (test_bit(FLAG_UPDATE_UNI, &ai->flags)) {
   1576		clear_bit (FLAG_UPDATE_UNI, &ai->flags);
   1577		context->window = (micSeq > 33) ? micSeq : 33; // Move window
   1578		context->rx     = 0;        // Reset rx
   1579	}
   1580
   1581	//Make sequence number relative to START of window
   1582	seq = micSeq - (context->window - 33);
   1583
   1584	//Too old of a SEQ number to check.
   1585	if ((s32)seq < 0)
   1586		return ERROR;
   1587
   1588	if (seq > 64) {
   1589		//Window is infinite forward
   1590		MoveWindow(context, micSeq);
   1591		return SUCCESS;
   1592	}
   1593
   1594	// We are in the window. Now check the context rx bit to see if it was already sent
   1595	seq >>= 1;         //divide by 2 because we only have odd numbers
   1596	index = 1 << seq;  //Get an index number
   1597
   1598	if (!(context->rx & index)) {
   1599		//micSEQ falls inside the window.
   1600		//Add seqence number to the list of received numbers.
   1601		context->rx |= index;
   1602
   1603		MoveWindow(context, micSeq);
   1604
   1605		return SUCCESS;
   1606	}
   1607	return ERROR;
   1608}
   1609
   1610static void MoveWindow(miccntx *context, u32 micSeq)
   1611{
   1612	u32 shift;
   1613
   1614	//Move window if seq greater than the middle of the window
   1615	if (micSeq > context->window) {
   1616		shift = (micSeq - context->window) >> 1;
   1617
   1618		    //Shift out old
   1619		if (shift < 32)
   1620			context->rx >>= shift;
   1621		else
   1622			context->rx = 0;
   1623
   1624		context->window = micSeq;      //Move window
   1625	}
   1626}
   1627
   1628/*==============================================*/
   1629/*========== EMMH ROUTINES  ====================*/
   1630/*==============================================*/
   1631
   1632/* mic accumulate */
   1633#define MIC_ACCUM(val)	\
   1634	context->accum += (u64)(val) * be32_to_cpu(context->coeff[coeff_position++]);
   1635
   1636/* expand the key to fill the MMH coefficient array */
   1637static void emmh32_setseed(emmh32_context *context, u8 *pkey, int keylen,
   1638			   struct crypto_sync_skcipher *tfm)
   1639{
   1640  /* take the keying material, expand if necessary, truncate at 16-bytes */
   1641  /* run through AES counter mode to generate context->coeff[] */
   1642
   1643	SYNC_SKCIPHER_REQUEST_ON_STACK(req, tfm);
   1644	struct scatterlist sg;
   1645	u8 iv[AES_BLOCK_SIZE] = {};
   1646	int ret;
   1647
   1648	crypto_sync_skcipher_setkey(tfm, pkey, 16);
   1649
   1650	memset(context->coeff, 0, sizeof(context->coeff));
   1651	sg_init_one(&sg, context->coeff, sizeof(context->coeff));
   1652
   1653	skcipher_request_set_sync_tfm(req, tfm);
   1654	skcipher_request_set_callback(req, 0, NULL, NULL);
   1655	skcipher_request_set_crypt(req, &sg, &sg, sizeof(context->coeff), iv);
   1656
   1657	ret = crypto_skcipher_encrypt(req);
   1658	WARN_ON_ONCE(ret);
   1659}
   1660
   1661/* prepare for calculation of a new mic */
   1662static void emmh32_init(emmh32_context *context)
   1663{
   1664	/* prepare for new mic calculation */
   1665	context->accum = 0;
   1666	context->position = 0;
   1667}
   1668
   1669/* add some bytes to the mic calculation */
   1670static void emmh32_update(emmh32_context *context, u8 *pOctets, int len)
   1671{
   1672	int	coeff_position, byte_position;
   1673
   1674	if (len == 0) return;
   1675
   1676	coeff_position = context->position >> 2;
   1677
   1678	/* deal with partial 32-bit word left over from last update */
   1679	byte_position = context->position & 3;
   1680	if (byte_position) {
   1681		/* have a partial word in part to deal with */
   1682		do {
   1683			if (len == 0) return;
   1684			context->part.d8[byte_position++] = *pOctets++;
   1685			context->position++;
   1686			len--;
   1687		} while (byte_position < 4);
   1688		MIC_ACCUM(ntohl(context->part.d32));
   1689	}
   1690
   1691	/* deal with full 32-bit words */
   1692	while (len >= 4) {
   1693		MIC_ACCUM(ntohl(*(__be32 *)pOctets));
   1694		context->position += 4;
   1695		pOctets += 4;
   1696		len -= 4;
   1697	}
   1698
   1699	/* deal with partial 32-bit word that will be left over from this update */
   1700	byte_position = 0;
   1701	while (len > 0) {
   1702		context->part.d8[byte_position++] = *pOctets++;
   1703		context->position++;
   1704		len--;
   1705	}
   1706}
   1707
   1708/* mask used to zero empty bytes for final partial word */
   1709static u32 mask32[4] = { 0x00000000L, 0xFF000000L, 0xFFFF0000L, 0xFFFFFF00L };
   1710
   1711/* calculate the mic */
   1712static void emmh32_final(emmh32_context *context, u8 digest[4])
   1713{
   1714	int	coeff_position, byte_position;
   1715	u32	val;
   1716
   1717	u64 sum, utmp;
   1718	s64 stmp;
   1719
   1720	coeff_position = context->position >> 2;
   1721
   1722	/* deal with partial 32-bit word left over from last update */
   1723	byte_position = context->position & 3;
   1724	if (byte_position) {
   1725		/* have a partial word in part to deal with */
   1726		val = ntohl(context->part.d32);
   1727		MIC_ACCUM(val & mask32[byte_position]);	/* zero empty bytes */
   1728	}
   1729
   1730	/* reduce the accumulated u64 to a 32-bit MIC */
   1731	sum = context->accum;
   1732	stmp = (sum  & 0xffffffffLL) - ((sum >> 32)  * 15);
   1733	utmp = (stmp & 0xffffffffLL) - ((stmp >> 32) * 15);
   1734	sum = utmp & 0xffffffffLL;
   1735	if (utmp > 0x10000000fLL)
   1736		sum -= 15;
   1737
   1738	val = (u32)sum;
   1739	digest[0] = (val>>24) & 0xFF;
   1740	digest[1] = (val>>16) & 0xFF;
   1741	digest[2] = (val>>8) & 0xFF;
   1742	digest[3] = val & 0xFF;
   1743}
   1744
   1745static int readBSSListRid(struct airo_info *ai, int first,
   1746		      BSSListRid *list)
   1747{
   1748	Cmd cmd;
   1749	Resp rsp;
   1750
   1751	if (first == 1) {
   1752		if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
   1753		memset(&cmd, 0, sizeof(cmd));
   1754		cmd.cmd = CMD_LISTBSS;
   1755		if (down_interruptible(&ai->sem))
   1756			return -ERESTARTSYS;
   1757		ai->list_bss_task = current;
   1758		issuecommand(ai, &cmd, &rsp, true);
   1759		up(&ai->sem);
   1760		/* Let the command take effect */
   1761		schedule_timeout_uninterruptible(3 * HZ);
   1762		ai->list_bss_task = NULL;
   1763	}
   1764	return PC4500_readrid(ai, first ? ai->bssListFirst : ai->bssListNext,
   1765			    list, ai->bssListRidLen, 1);
   1766}
   1767
   1768static int readWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int temp, int lock)
   1769{
   1770	return PC4500_readrid(ai, temp ? RID_WEP_TEMP : RID_WEP_PERM,
   1771				wkr, sizeof(*wkr), lock);
   1772}
   1773
   1774static int writeWepKeyRid(struct airo_info *ai, WepKeyRid *wkr, int perm, int lock)
   1775{
   1776	int rc;
   1777	rc = PC4500_writerid(ai, RID_WEP_TEMP, wkr, sizeof(*wkr), lock);
   1778	if (rc!=SUCCESS)
   1779		airo_print_err(ai->dev->name, "WEP_TEMP set %x", rc);
   1780	if (perm) {
   1781		rc = PC4500_writerid(ai, RID_WEP_PERM, wkr, sizeof(*wkr), lock);
   1782		if (rc!=SUCCESS)
   1783			airo_print_err(ai->dev->name, "WEP_PERM set %x", rc);
   1784	}
   1785	return rc;
   1786}
   1787
   1788static int readSsidRid(struct airo_info*ai, SsidRid *ssidr)
   1789{
   1790	return PC4500_readrid(ai, RID_SSID, ssidr, sizeof(*ssidr), 1);
   1791}
   1792
   1793static int writeSsidRid(struct airo_info*ai, SsidRid *pssidr, int lock)
   1794{
   1795	return PC4500_writerid(ai, RID_SSID, pssidr, sizeof(*pssidr), lock);
   1796}
   1797
   1798static int readConfigRid(struct airo_info *ai, int lock)
   1799{
   1800	int rc;
   1801	ConfigRid cfg;
   1802
   1803	if (ai->config.len)
   1804		return SUCCESS;
   1805
   1806	rc = PC4500_readrid(ai, RID_ACTUALCONFIG, &cfg, sizeof(cfg), lock);
   1807	if (rc != SUCCESS)
   1808		return rc;
   1809
   1810	ai->config = cfg;
   1811	return SUCCESS;
   1812}
   1813
   1814static inline void checkThrottle(struct airo_info *ai)
   1815{
   1816	int i;
   1817/* Old hardware had a limit on encryption speed */
   1818	if (ai->config.authType != AUTH_OPEN && maxencrypt) {
   1819		for (i = 0; i<8; i++) {
   1820			if (ai->config.rates[i] > maxencrypt) {
   1821				ai->config.rates[i] = 0;
   1822			}
   1823		}
   1824	}
   1825}
   1826
   1827static int writeConfigRid(struct airo_info *ai, int lock)
   1828{
   1829	ConfigRid cfgr;
   1830
   1831	if (!test_bit (FLAG_COMMIT, &ai->flags))
   1832		return SUCCESS;
   1833
   1834	clear_bit (FLAG_COMMIT, &ai->flags);
   1835	clear_bit (FLAG_RESET, &ai->flags);
   1836	checkThrottle(ai);
   1837	cfgr = ai->config;
   1838
   1839	if ((cfgr.opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
   1840		set_bit(FLAG_ADHOC, &ai->flags);
   1841	else
   1842		clear_bit(FLAG_ADHOC, &ai->flags);
   1843
   1844	return PC4500_writerid(ai, RID_CONFIG, &cfgr, sizeof(cfgr), lock);
   1845}
   1846
   1847static int readStatusRid(struct airo_info *ai, StatusRid *statr, int lock)
   1848{
   1849	return PC4500_readrid(ai, RID_STATUS, statr, sizeof(*statr), lock);
   1850}
   1851
   1852static int writeAPListRid(struct airo_info *ai, APListRid *aplr, int lock)
   1853{
   1854	return PC4500_writerid(ai, RID_APLIST, aplr, sizeof(*aplr), lock);
   1855}
   1856
   1857static int readCapabilityRid(struct airo_info *ai, CapabilityRid *capr, int lock)
   1858{
   1859	return PC4500_readrid(ai, RID_CAPABILITIES, capr, sizeof(*capr), lock);
   1860}
   1861
   1862static int readStatsRid(struct airo_info*ai, StatsRid *sr, int rid, int lock)
   1863{
   1864	return PC4500_readrid(ai, rid, sr, sizeof(*sr), lock);
   1865}
   1866
   1867static void try_auto_wep(struct airo_info *ai)
   1868{
   1869	if (auto_wep && !test_bit(FLAG_RADIO_DOWN, &ai->flags)) {
   1870		ai->expires = RUN_AT(3*HZ);
   1871		wake_up_interruptible(&ai->thr_wait);
   1872	}
   1873}
   1874
   1875static int airo_open(struct net_device *dev)
   1876{
   1877	struct airo_info *ai = dev->ml_priv;
   1878	int rc = 0;
   1879
   1880	if (test_bit(FLAG_FLASHING, &ai->flags))
   1881		return -EIO;
   1882
   1883	/* Make sure the card is configured.
   1884	 * Wireless Extensions may postpone config changes until the card
   1885	 * is open (to pipeline changes and speed-up card setup). If
   1886	 * those changes are not yet committed, do it now - Jean II */
   1887	if (test_bit(FLAG_COMMIT, &ai->flags)) {
   1888		disable_MAC(ai, 1);
   1889		writeConfigRid(ai, 1);
   1890	}
   1891
   1892	if (ai->wifidev != dev) {
   1893		clear_bit(JOB_DIE, &ai->jobs);
   1894		ai->airo_thread_task = kthread_run(airo_thread, dev, "%s",
   1895						   dev->name);
   1896		if (IS_ERR(ai->airo_thread_task))
   1897			return (int)PTR_ERR(ai->airo_thread_task);
   1898
   1899		rc = request_irq(dev->irq, airo_interrupt, IRQF_SHARED,
   1900			dev->name, dev);
   1901		if (rc) {
   1902			airo_print_err(dev->name,
   1903				"register interrupt %d failed, rc %d",
   1904				dev->irq, rc);
   1905			set_bit(JOB_DIE, &ai->jobs);
   1906			kthread_stop(ai->airo_thread_task);
   1907			return rc;
   1908		}
   1909
   1910		/* Power on the MAC controller (which may have been disabled) */
   1911		clear_bit(FLAG_RADIO_DOWN, &ai->flags);
   1912		enable_interrupts(ai);
   1913
   1914		try_auto_wep(ai);
   1915	}
   1916	enable_MAC(ai, 1);
   1917
   1918	netif_start_queue(dev);
   1919	return 0;
   1920}
   1921
   1922static netdev_tx_t mpi_start_xmit(struct sk_buff *skb,
   1923					struct net_device *dev)
   1924{
   1925	int npacks, pending;
   1926	unsigned long flags;
   1927	struct airo_info *ai = dev->ml_priv;
   1928
   1929	if (!skb) {
   1930		airo_print_err(dev->name, "%s: skb == NULL!",__func__);
   1931		return NETDEV_TX_OK;
   1932	}
   1933	if (skb_padto(skb, ETH_ZLEN)) {
   1934		dev->stats.tx_dropped++;
   1935		return NETDEV_TX_OK;
   1936	}
   1937	npacks = skb_queue_len (&ai->txq);
   1938
   1939	if (npacks >= MAXTXQ - 1) {
   1940		netif_stop_queue (dev);
   1941		if (npacks > MAXTXQ) {
   1942			dev->stats.tx_fifo_errors++;
   1943			return NETDEV_TX_BUSY;
   1944		}
   1945		skb_queue_tail (&ai->txq, skb);
   1946		return NETDEV_TX_OK;
   1947	}
   1948
   1949	spin_lock_irqsave(&ai->aux_lock, flags);
   1950	skb_queue_tail (&ai->txq, skb);
   1951	pending = test_bit(FLAG_PENDING_XMIT, &ai->flags);
   1952	spin_unlock_irqrestore(&ai->aux_lock, flags);
   1953	netif_wake_queue (dev);
   1954
   1955	if (pending == 0) {
   1956		set_bit(FLAG_PENDING_XMIT, &ai->flags);
   1957		mpi_send_packet (dev);
   1958	}
   1959	return NETDEV_TX_OK;
   1960}
   1961
   1962/*
   1963 * @mpi_send_packet
   1964 *
   1965 * Attempt to transmit a packet. Can be called from interrupt
   1966 * or transmit . return number of packets we tried to send
   1967 */
   1968
   1969static int mpi_send_packet (struct net_device *dev)
   1970{
   1971	struct sk_buff *skb;
   1972	unsigned char *buffer;
   1973	s16 len;
   1974	__le16 *payloadLen;
   1975	struct airo_info *ai = dev->ml_priv;
   1976	u8 *sendbuf;
   1977
   1978	/* get a packet to send */
   1979
   1980	if ((skb = skb_dequeue(&ai->txq)) == NULL) {
   1981		airo_print_err(dev->name,
   1982			"%s: Dequeue'd zero in send_packet()",
   1983			__func__);
   1984		return 0;
   1985	}
   1986
   1987	/* check min length*/
   1988	len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
   1989	buffer = skb->data;
   1990
   1991	ai->txfids[0].tx_desc.offset = 0;
   1992	ai->txfids[0].tx_desc.valid = 1;
   1993	ai->txfids[0].tx_desc.eoc = 1;
   1994	ai->txfids[0].tx_desc.len =len+sizeof(WifiHdr);
   1995
   1996/*
   1997 * Magic, the cards firmware needs a length count (2 bytes) in the host buffer
   1998 * right after  TXFID_HDR.The TXFID_HDR contains the status short so payloadlen
   1999 * is immediately after it. ------------------------------------------------
   2000 *                         |TXFIDHDR+STATUS|PAYLOADLEN|802.3HDR|PACKETDATA|
   2001 *                         ------------------------------------------------
   2002 */
   2003
   2004	memcpy(ai->txfids[0].virtual_host_addr,
   2005		(char *)&wifictlhdr8023, sizeof(wifictlhdr8023));
   2006
   2007	payloadLen = (__le16 *)(ai->txfids[0].virtual_host_addr +
   2008		sizeof(wifictlhdr8023));
   2009	sendbuf = ai->txfids[0].virtual_host_addr +
   2010		sizeof(wifictlhdr8023) + 2 ;
   2011
   2012	/*
   2013	 * Firmware automatically puts 802 header on so
   2014	 * we don't need to account for it in the length
   2015	 */
   2016	if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
   2017		(ntohs(((__be16 *)buffer)[6]) != 0x888E)) {
   2018		MICBuffer pMic;
   2019
   2020		if (encapsulate(ai, (etherHead *)buffer, &pMic, len - sizeof(etherHead)) != SUCCESS)
   2021			return ERROR;
   2022
   2023		*payloadLen = cpu_to_le16(len-sizeof(etherHead)+sizeof(pMic));
   2024		ai->txfids[0].tx_desc.len += sizeof(pMic);
   2025		/* copy data into airo dma buffer */
   2026		memcpy (sendbuf, buffer, sizeof(etherHead));
   2027		buffer += sizeof(etherHead);
   2028		sendbuf += sizeof(etherHead);
   2029		memcpy (sendbuf, &pMic, sizeof(pMic));
   2030		sendbuf += sizeof(pMic);
   2031		memcpy (sendbuf, buffer, len - sizeof(etherHead));
   2032	} else {
   2033		*payloadLen = cpu_to_le16(len - sizeof(etherHead));
   2034
   2035		netif_trans_update(dev);
   2036
   2037		/* copy data into airo dma buffer */
   2038		memcpy(sendbuf, buffer, len);
   2039	}
   2040
   2041	memcpy_toio(ai->txfids[0].card_ram_off,
   2042		&ai->txfids[0].tx_desc, sizeof(TxFid));
   2043
   2044	OUT4500(ai, EVACK, 8);
   2045
   2046	dev_kfree_skb_any(skb);
   2047	return 1;
   2048}
   2049
   2050static void get_tx_error(struct airo_info *ai, s32 fid)
   2051{
   2052	__le16 status;
   2053
   2054	if (fid < 0)
   2055		status = ((WifiCtlHdr *)ai->txfids[0].virtual_host_addr)->ctlhdr.status;
   2056	else {
   2057		if (bap_setup(ai, ai->fids[fid] & 0xffff, 4, BAP0) != SUCCESS)
   2058			return;
   2059		bap_read(ai, &status, 2, BAP0);
   2060	}
   2061	if (le16_to_cpu(status) & 2) /* Too many retries */
   2062		ai->dev->stats.tx_aborted_errors++;
   2063	if (le16_to_cpu(status) & 4) /* Transmit lifetime exceeded */
   2064		ai->dev->stats.tx_heartbeat_errors++;
   2065	if (le16_to_cpu(status) & 8) /* Aid fail */
   2066		{ }
   2067	if (le16_to_cpu(status) & 0x10) /* MAC disabled */
   2068		ai->dev->stats.tx_carrier_errors++;
   2069	if (le16_to_cpu(status) & 0x20) /* Association lost */
   2070		{ }
   2071	/* We produce a TXDROP event only for retry or lifetime
   2072	 * exceeded, because that's the only status that really mean
   2073	 * that this particular node went away.
   2074	 * Other errors means that *we* screwed up. - Jean II */
   2075	if ((le16_to_cpu(status) & 2) ||
   2076	     (le16_to_cpu(status) & 4)) {
   2077		union iwreq_data	wrqu;
   2078		char junk[0x18];
   2079
   2080		/* Faster to skip over useless data than to do
   2081		 * another bap_setup(). We are at offset 0x6 and
   2082		 * need to go to 0x18 and read 6 bytes - Jean II */
   2083		bap_read(ai, (__le16 *) junk, 0x18, BAP0);
   2084
   2085		/* Copy 802.11 dest address.
   2086		 * We use the 802.11 header because the frame may
   2087		 * not be 802.3 or may be mangled...
   2088		 * In Ad-Hoc mode, it will be the node address.
   2089		 * In managed mode, it will be most likely the AP addr
   2090		 * User space will figure out how to convert it to
   2091		 * whatever it needs (IP address or else).
   2092		 * - Jean II */
   2093		memcpy(wrqu.addr.sa_data, junk + 0x12, ETH_ALEN);
   2094		wrqu.addr.sa_family = ARPHRD_ETHER;
   2095
   2096		/* Send event to user space */
   2097		wireless_send_event(ai->dev, IWEVTXDROP, &wrqu, NULL);
   2098	}
   2099}
   2100
   2101static void airo_end_xmit(struct net_device *dev, bool may_sleep)
   2102{
   2103	u16 status;
   2104	int i;
   2105	struct airo_info *priv = dev->ml_priv;
   2106	struct sk_buff *skb = priv->xmit.skb;
   2107	int fid = priv->xmit.fid;
   2108	u32 *fids = priv->fids;
   2109
   2110	clear_bit(JOB_XMIT, &priv->jobs);
   2111	clear_bit(FLAG_PENDING_XMIT, &priv->flags);
   2112	status = transmit_802_3_packet(priv, fids[fid], skb->data, may_sleep);
   2113	up(&priv->sem);
   2114
   2115	i = 0;
   2116	if (status == SUCCESS) {
   2117		netif_trans_update(dev);
   2118		for (; i < MAX_FIDS / 2 && (priv->fids[i] & 0xffff0000); i++);
   2119	} else {
   2120		priv->fids[fid] &= 0xffff;
   2121		dev->stats.tx_window_errors++;
   2122	}
   2123	if (i < MAX_FIDS / 2)
   2124		netif_wake_queue(dev);
   2125	dev_kfree_skb(skb);
   2126}
   2127
   2128static netdev_tx_t airo_start_xmit(struct sk_buff *skb,
   2129					 struct net_device *dev)
   2130{
   2131	s16 len;
   2132	int i, j;
   2133	struct airo_info *priv = dev->ml_priv;
   2134	u32 *fids = priv->fids;
   2135
   2136	if (skb == NULL) {
   2137		airo_print_err(dev->name, "%s: skb == NULL!", __func__);
   2138		return NETDEV_TX_OK;
   2139	}
   2140	if (skb_padto(skb, ETH_ZLEN)) {
   2141		dev->stats.tx_dropped++;
   2142		return NETDEV_TX_OK;
   2143	}
   2144
   2145	/* Find a vacant FID */
   2146	for (i = 0; i < MAX_FIDS / 2 && (fids[i] & 0xffff0000); i++);
   2147	for (j = i + 1; j < MAX_FIDS / 2 && (fids[j] & 0xffff0000); j++);
   2148
   2149	if (j >= MAX_FIDS / 2) {
   2150		netif_stop_queue(dev);
   2151
   2152		if (i == MAX_FIDS / 2) {
   2153			dev->stats.tx_fifo_errors++;
   2154			return NETDEV_TX_BUSY;
   2155		}
   2156	}
   2157	/* check min length*/
   2158	len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
   2159        /* Mark fid as used & save length for later */
   2160	fids[i] |= (len << 16);
   2161	priv->xmit.skb = skb;
   2162	priv->xmit.fid = i;
   2163	if (down_trylock(&priv->sem) != 0) {
   2164		set_bit(FLAG_PENDING_XMIT, &priv->flags);
   2165		netif_stop_queue(dev);
   2166		set_bit(JOB_XMIT, &priv->jobs);
   2167		wake_up_interruptible(&priv->thr_wait);
   2168	} else
   2169		airo_end_xmit(dev, false);
   2170	return NETDEV_TX_OK;
   2171}
   2172
   2173static void airo_end_xmit11(struct net_device *dev, bool may_sleep)
   2174{
   2175	u16 status;
   2176	int i;
   2177	struct airo_info *priv = dev->ml_priv;
   2178	struct sk_buff *skb = priv->xmit11.skb;
   2179	int fid = priv->xmit11.fid;
   2180	u32 *fids = priv->fids;
   2181
   2182	clear_bit(JOB_XMIT11, &priv->jobs);
   2183	clear_bit(FLAG_PENDING_XMIT11, &priv->flags);
   2184	status = transmit_802_11_packet(priv, fids[fid], skb->data, may_sleep);
   2185	up(&priv->sem);
   2186
   2187	i = MAX_FIDS / 2;
   2188	if (status == SUCCESS) {
   2189		netif_trans_update(dev);
   2190		for (; i < MAX_FIDS && (priv->fids[i] & 0xffff0000); i++);
   2191	} else {
   2192		priv->fids[fid] &= 0xffff;
   2193		dev->stats.tx_window_errors++;
   2194	}
   2195	if (i < MAX_FIDS)
   2196		netif_wake_queue(dev);
   2197	dev_kfree_skb(skb);
   2198}
   2199
   2200static netdev_tx_t airo_start_xmit11(struct sk_buff *skb,
   2201					   struct net_device *dev)
   2202{
   2203	s16 len;
   2204	int i, j;
   2205	struct airo_info *priv = dev->ml_priv;
   2206	u32 *fids = priv->fids;
   2207
   2208	if (test_bit(FLAG_MPI, &priv->flags)) {
   2209		/* Not implemented yet for MPI350 */
   2210		netif_stop_queue(dev);
   2211		dev_kfree_skb_any(skb);
   2212		return NETDEV_TX_OK;
   2213	}
   2214
   2215	if (skb == NULL) {
   2216		airo_print_err(dev->name, "%s: skb == NULL!", __func__);
   2217		return NETDEV_TX_OK;
   2218	}
   2219	if (skb_padto(skb, ETH_ZLEN)) {
   2220		dev->stats.tx_dropped++;
   2221		return NETDEV_TX_OK;
   2222	}
   2223
   2224	/* Find a vacant FID */
   2225	for (i = MAX_FIDS / 2; i < MAX_FIDS && (fids[i] & 0xffff0000); i++);
   2226	for (j = i + 1; j < MAX_FIDS && (fids[j] & 0xffff0000); j++);
   2227
   2228	if (j >= MAX_FIDS) {
   2229		netif_stop_queue(dev);
   2230
   2231		if (i == MAX_FIDS) {
   2232			dev->stats.tx_fifo_errors++;
   2233			return NETDEV_TX_BUSY;
   2234		}
   2235	}
   2236	/* check min length*/
   2237	len = ETH_ZLEN < skb->len ? skb->len : ETH_ZLEN;
   2238        /* Mark fid as used & save length for later */
   2239	fids[i] |= (len << 16);
   2240	priv->xmit11.skb = skb;
   2241	priv->xmit11.fid = i;
   2242	if (down_trylock(&priv->sem) != 0) {
   2243		set_bit(FLAG_PENDING_XMIT11, &priv->flags);
   2244		netif_stop_queue(dev);
   2245		set_bit(JOB_XMIT11, &priv->jobs);
   2246		wake_up_interruptible(&priv->thr_wait);
   2247	} else
   2248		airo_end_xmit11(dev, false);
   2249	return NETDEV_TX_OK;
   2250}
   2251
   2252static void airo_read_stats(struct net_device *dev)
   2253{
   2254	struct airo_info *ai = dev->ml_priv;
   2255	StatsRid stats_rid;
   2256	__le32 *vals = stats_rid.vals;
   2257
   2258	clear_bit(JOB_STATS, &ai->jobs);
   2259	if (ai->power.event) {
   2260		up(&ai->sem);
   2261		return;
   2262	}
   2263	readStatsRid(ai, &stats_rid, RID_STATS, 0);
   2264	up(&ai->sem);
   2265
   2266	dev->stats.rx_packets = le32_to_cpu(vals[43]) + le32_to_cpu(vals[44]) +
   2267			       le32_to_cpu(vals[45]);
   2268	dev->stats.tx_packets = le32_to_cpu(vals[39]) + le32_to_cpu(vals[40]) +
   2269			       le32_to_cpu(vals[41]);
   2270	dev->stats.rx_bytes = le32_to_cpu(vals[92]);
   2271	dev->stats.tx_bytes = le32_to_cpu(vals[91]);
   2272	dev->stats.rx_errors = le32_to_cpu(vals[0]) + le32_to_cpu(vals[2]) +
   2273			      le32_to_cpu(vals[3]) + le32_to_cpu(vals[4]);
   2274	dev->stats.tx_errors = le32_to_cpu(vals[42]) +
   2275			      dev->stats.tx_fifo_errors;
   2276	dev->stats.multicast = le32_to_cpu(vals[43]);
   2277	dev->stats.collisions = le32_to_cpu(vals[89]);
   2278
   2279	/* detailed rx_errors: */
   2280	dev->stats.rx_length_errors = le32_to_cpu(vals[3]);
   2281	dev->stats.rx_crc_errors = le32_to_cpu(vals[4]);
   2282	dev->stats.rx_frame_errors = le32_to_cpu(vals[2]);
   2283	dev->stats.rx_fifo_errors = le32_to_cpu(vals[0]);
   2284}
   2285
   2286static struct net_device_stats *airo_get_stats(struct net_device *dev)
   2287{
   2288	struct airo_info *local =  dev->ml_priv;
   2289
   2290	if (!test_bit(JOB_STATS, &local->jobs)) {
   2291		set_bit(JOB_STATS, &local->jobs);
   2292		wake_up_interruptible(&local->thr_wait);
   2293	}
   2294
   2295	return &dev->stats;
   2296}
   2297
   2298static void airo_set_promisc(struct airo_info *ai, bool may_sleep)
   2299{
   2300	Cmd cmd;
   2301	Resp rsp;
   2302
   2303	memset(&cmd, 0, sizeof(cmd));
   2304	cmd.cmd = CMD_SETMODE;
   2305	clear_bit(JOB_PROMISC, &ai->jobs);
   2306	cmd.parm0=(ai->flags&IFF_PROMISC) ? PROMISC : NOPROMISC;
   2307	issuecommand(ai, &cmd, &rsp, may_sleep);
   2308	up(&ai->sem);
   2309}
   2310
   2311static void airo_set_multicast_list(struct net_device *dev)
   2312{
   2313	struct airo_info *ai = dev->ml_priv;
   2314
   2315	if ((dev->flags ^ ai->flags) & IFF_PROMISC) {
   2316		change_bit(FLAG_PROMISC, &ai->flags);
   2317		if (down_trylock(&ai->sem) != 0) {
   2318			set_bit(JOB_PROMISC, &ai->jobs);
   2319			wake_up_interruptible(&ai->thr_wait);
   2320		} else
   2321			airo_set_promisc(ai, false);
   2322	}
   2323
   2324	if ((dev->flags&IFF_ALLMULTI) || !netdev_mc_empty(dev)) {
   2325		/* Turn on multicast.  (Should be already setup...) */
   2326	}
   2327}
   2328
   2329static int airo_set_mac_address(struct net_device *dev, void *p)
   2330{
   2331	struct airo_info *ai = dev->ml_priv;
   2332	struct sockaddr *addr = p;
   2333
   2334	readConfigRid(ai, 1);
   2335	memcpy (ai->config.macAddr, addr->sa_data, dev->addr_len);
   2336	set_bit (FLAG_COMMIT, &ai->flags);
   2337	disable_MAC(ai, 1);
   2338	writeConfigRid (ai, 1);
   2339	enable_MAC(ai, 1);
   2340	dev_addr_set(ai->dev, addr->sa_data);
   2341	if (ai->wifidev)
   2342		dev_addr_set(ai->wifidev, addr->sa_data);
   2343	return 0;
   2344}
   2345
   2346static LIST_HEAD(airo_devices);
   2347
   2348static void add_airo_dev(struct airo_info *ai)
   2349{
   2350	/* Upper layers already keep track of PCI devices,
   2351	 * so we only need to remember our non-PCI cards. */
   2352	if (!ai->pci)
   2353		list_add_tail(&ai->dev_list, &airo_devices);
   2354}
   2355
   2356static void del_airo_dev(struct airo_info *ai)
   2357{
   2358	if (!ai->pci)
   2359		list_del(&ai->dev_list);
   2360}
   2361
   2362static int airo_close(struct net_device *dev)
   2363{
   2364	struct airo_info *ai = dev->ml_priv;
   2365
   2366	netif_stop_queue(dev);
   2367
   2368	if (ai->wifidev != dev) {
   2369#ifdef POWER_ON_DOWN
   2370		/* Shut power to the card. The idea is that the user can save
   2371		 * power when he doesn't need the card with "ifconfig down".
   2372		 * That's the method that is most friendly towards the network
   2373		 * stack (i.e. the network stack won't try to broadcast
   2374		 * anything on the interface and routes are gone. Jean II */
   2375		set_bit(FLAG_RADIO_DOWN, &ai->flags);
   2376		disable_MAC(ai, 1);
   2377#endif
   2378		disable_interrupts(ai);
   2379
   2380		free_irq(dev->irq, dev);
   2381
   2382		set_bit(JOB_DIE, &ai->jobs);
   2383		kthread_stop(ai->airo_thread_task);
   2384	}
   2385	return 0;
   2386}
   2387
   2388void stop_airo_card(struct net_device *dev, int freeres)
   2389{
   2390	struct airo_info *ai = dev->ml_priv;
   2391
   2392	set_bit(FLAG_RADIO_DOWN, &ai->flags);
   2393	disable_MAC(ai, 1);
   2394	disable_interrupts(ai);
   2395	takedown_proc_entry(dev, ai);
   2396	if (test_bit(FLAG_REGISTERED, &ai->flags)) {
   2397		unregister_netdev(dev);
   2398		if (ai->wifidev) {
   2399			unregister_netdev(ai->wifidev);
   2400			free_netdev(ai->wifidev);
   2401			ai->wifidev = NULL;
   2402		}
   2403		clear_bit(FLAG_REGISTERED, &ai->flags);
   2404	}
   2405	/*
   2406	 * Clean out tx queue
   2407	 */
   2408	if (test_bit(FLAG_MPI, &ai->flags) && !skb_queue_empty(&ai->txq)) {
   2409		struct sk_buff *skb = NULL;
   2410		for (;(skb = skb_dequeue(&ai->txq));)
   2411			dev_kfree_skb(skb);
   2412	}
   2413
   2414	airo_networks_free (ai);
   2415
   2416	kfree(ai->flash);
   2417	kfree(ai->rssi);
   2418	kfree(ai->SSID);
   2419	if (freeres) {
   2420		/* PCMCIA frees this stuff, so only for PCI and ISA */
   2421		release_region(dev->base_addr, 64);
   2422		if (test_bit(FLAG_MPI, &ai->flags)) {
   2423			if (ai->pci)
   2424				mpi_unmap_card(ai->pci);
   2425			if (ai->pcimem)
   2426				iounmap(ai->pcimem);
   2427			if (ai->pciaux)
   2428				iounmap(ai->pciaux);
   2429			dma_free_coherent(&ai->pci->dev, PCI_SHARED_LEN,
   2430					  ai->shared, ai->shared_dma);
   2431		}
   2432        }
   2433	crypto_free_sync_skcipher(ai->tfm);
   2434	del_airo_dev(ai);
   2435	free_netdev(dev);
   2436}
   2437
   2438EXPORT_SYMBOL(stop_airo_card);
   2439
   2440static int wll_header_parse(const struct sk_buff *skb, unsigned char *haddr)
   2441{
   2442	memcpy(haddr, skb_mac_header(skb) + 10, ETH_ALEN);
   2443	return ETH_ALEN;
   2444}
   2445
   2446static void mpi_unmap_card(struct pci_dev *pci)
   2447{
   2448	unsigned long mem_start = pci_resource_start(pci, 1);
   2449	unsigned long mem_len = pci_resource_len(pci, 1);
   2450	unsigned long aux_start = pci_resource_start(pci, 2);
   2451	unsigned long aux_len = AUXMEMSIZE;
   2452
   2453	release_mem_region(aux_start, aux_len);
   2454	release_mem_region(mem_start, mem_len);
   2455}
   2456
   2457/*************************************************************
   2458 *  This routine assumes that descriptors have been setup .
   2459 *  Run at insmod time or after reset when the descriptors
   2460 *  have been initialized . Returns 0 if all is well nz
   2461 *  otherwise . Does not allocate memory but sets up card
   2462 *  using previously allocated descriptors.
   2463 */
   2464static int mpi_init_descriptors (struct airo_info *ai)
   2465{
   2466	Cmd cmd;
   2467	Resp rsp;
   2468	int i;
   2469	int rc = SUCCESS;
   2470
   2471	/* Alloc  card RX descriptors */
   2472	netif_stop_queue(ai->dev);
   2473
   2474	memset(&rsp, 0, sizeof(rsp));
   2475	memset(&cmd, 0, sizeof(cmd));
   2476
   2477	cmd.cmd = CMD_ALLOCATEAUX;
   2478	cmd.parm0 = FID_RX;
   2479	cmd.parm1 = (ai->rxfids[0].card_ram_off - ai->pciaux);
   2480	cmd.parm2 = MPI_MAX_FIDS;
   2481	rc = issuecommand(ai, &cmd, &rsp, true);
   2482	if (rc != SUCCESS) {
   2483		airo_print_err(ai->dev->name, "Couldn't allocate RX FID");
   2484		return rc;
   2485	}
   2486
   2487	for (i = 0; i<MPI_MAX_FIDS; i++) {
   2488		memcpy_toio(ai->rxfids[i].card_ram_off,
   2489			&ai->rxfids[i].rx_desc, sizeof(RxFid));
   2490	}
   2491
   2492	/* Alloc card TX descriptors */
   2493
   2494	memset(&rsp, 0, sizeof(rsp));
   2495	memset(&cmd, 0, sizeof(cmd));
   2496
   2497	cmd.cmd = CMD_ALLOCATEAUX;
   2498	cmd.parm0 = FID_TX;
   2499	cmd.parm1 = (ai->txfids[0].card_ram_off - ai->pciaux);
   2500	cmd.parm2 = MPI_MAX_FIDS;
   2501
   2502	for (i = 0; i<MPI_MAX_FIDS; i++) {
   2503		ai->txfids[i].tx_desc.valid = 1;
   2504		memcpy_toio(ai->txfids[i].card_ram_off,
   2505			&ai->txfids[i].tx_desc, sizeof(TxFid));
   2506	}
   2507	ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
   2508
   2509	rc = issuecommand(ai, &cmd, &rsp, true);
   2510	if (rc != SUCCESS) {
   2511		airo_print_err(ai->dev->name, "Couldn't allocate TX FID");
   2512		return rc;
   2513	}
   2514
   2515	/* Alloc card Rid descriptor */
   2516	memset(&rsp, 0, sizeof(rsp));
   2517	memset(&cmd, 0, sizeof(cmd));
   2518
   2519	cmd.cmd = CMD_ALLOCATEAUX;
   2520	cmd.parm0 = RID_RW;
   2521	cmd.parm1 = (ai->config_desc.card_ram_off - ai->pciaux);
   2522	cmd.parm2 = 1; /* Magic number... */
   2523	rc = issuecommand(ai, &cmd, &rsp, true);
   2524	if (rc != SUCCESS) {
   2525		airo_print_err(ai->dev->name, "Couldn't allocate RID");
   2526		return rc;
   2527	}
   2528
   2529	memcpy_toio(ai->config_desc.card_ram_off,
   2530		&ai->config_desc.rid_desc, sizeof(Rid));
   2531
   2532	return rc;
   2533}
   2534
   2535/*
   2536 * We are setting up three things here:
   2537 * 1) Map AUX memory for descriptors: Rid, TxFid, or RxFid.
   2538 * 2) Map PCI memory for issuing commands.
   2539 * 3) Allocate memory (shared) to send and receive ethernet frames.
   2540 */
   2541static int mpi_map_card(struct airo_info *ai, struct pci_dev *pci)
   2542{
   2543	unsigned long mem_start, mem_len, aux_start, aux_len;
   2544	int rc = -1;
   2545	int i;
   2546	dma_addr_t busaddroff;
   2547	unsigned char *vpackoff;
   2548	unsigned char __iomem *pciaddroff;
   2549
   2550	mem_start = pci_resource_start(pci, 1);
   2551	mem_len = pci_resource_len(pci, 1);
   2552	aux_start = pci_resource_start(pci, 2);
   2553	aux_len = AUXMEMSIZE;
   2554
   2555	if (!request_mem_region(mem_start, mem_len, DRV_NAME)) {
   2556		airo_print_err("", "Couldn't get region %x[%x]",
   2557			(int)mem_start, (int)mem_len);
   2558		goto out;
   2559	}
   2560	if (!request_mem_region(aux_start, aux_len, DRV_NAME)) {
   2561		airo_print_err("", "Couldn't get region %x[%x]",
   2562			(int)aux_start, (int)aux_len);
   2563		goto free_region1;
   2564	}
   2565
   2566	ai->pcimem = ioremap(mem_start, mem_len);
   2567	if (!ai->pcimem) {
   2568		airo_print_err("", "Couldn't map region %x[%x]",
   2569			(int)mem_start, (int)mem_len);
   2570		goto free_region2;
   2571	}
   2572	ai->pciaux = ioremap(aux_start, aux_len);
   2573	if (!ai->pciaux) {
   2574		airo_print_err("", "Couldn't map region %x[%x]",
   2575			(int)aux_start, (int)aux_len);
   2576		goto free_memmap;
   2577	}
   2578
   2579	/* Reserve PKTSIZE for each fid and 2K for the Rids */
   2580	ai->shared = dma_alloc_coherent(&pci->dev, PCI_SHARED_LEN,
   2581					&ai->shared_dma, GFP_KERNEL);
   2582	if (!ai->shared) {
   2583		airo_print_err("", "Couldn't alloc_coherent %d",
   2584			PCI_SHARED_LEN);
   2585		goto free_auxmap;
   2586	}
   2587
   2588	/*
   2589	 * Setup descriptor RX, TX, CONFIG
   2590	 */
   2591	busaddroff = ai->shared_dma;
   2592	pciaddroff = ai->pciaux + AUX_OFFSET;
   2593	vpackoff   = ai->shared;
   2594
   2595	/* RX descriptor setup */
   2596	for (i = 0; i < MPI_MAX_FIDS; i++) {
   2597		ai->rxfids[i].pending = 0;
   2598		ai->rxfids[i].card_ram_off = pciaddroff;
   2599		ai->rxfids[i].virtual_host_addr = vpackoff;
   2600		ai->rxfids[i].rx_desc.host_addr = busaddroff;
   2601		ai->rxfids[i].rx_desc.valid = 1;
   2602		ai->rxfids[i].rx_desc.len = PKTSIZE;
   2603		ai->rxfids[i].rx_desc.rdy = 0;
   2604
   2605		pciaddroff += sizeof(RxFid);
   2606		busaddroff += PKTSIZE;
   2607		vpackoff   += PKTSIZE;
   2608	}
   2609
   2610	/* TX descriptor setup */
   2611	for (i = 0; i < MPI_MAX_FIDS; i++) {
   2612		ai->txfids[i].card_ram_off = pciaddroff;
   2613		ai->txfids[i].virtual_host_addr = vpackoff;
   2614		ai->txfids[i].tx_desc.valid = 1;
   2615		ai->txfids[i].tx_desc.host_addr = busaddroff;
   2616		memcpy(ai->txfids[i].virtual_host_addr,
   2617			&wifictlhdr8023, sizeof(wifictlhdr8023));
   2618
   2619		pciaddroff += sizeof(TxFid);
   2620		busaddroff += PKTSIZE;
   2621		vpackoff   += PKTSIZE;
   2622	}
   2623	ai->txfids[i-1].tx_desc.eoc = 1; /* Last descriptor has EOC set */
   2624
   2625	/* Rid descriptor setup */
   2626	ai->config_desc.card_ram_off = pciaddroff;
   2627	ai->config_desc.virtual_host_addr = vpackoff;
   2628	ai->config_desc.rid_desc.host_addr = busaddroff;
   2629	ai->ridbus = busaddroff;
   2630	ai->config_desc.rid_desc.rid = 0;
   2631	ai->config_desc.rid_desc.len = RIDSIZE;
   2632	ai->config_desc.rid_desc.valid = 1;
   2633	pciaddroff += sizeof(Rid);
   2634	busaddroff += RIDSIZE;
   2635	vpackoff   += RIDSIZE;
   2636
   2637	/* Tell card about descriptors */
   2638	if (mpi_init_descriptors (ai) != SUCCESS)
   2639		goto free_shared;
   2640
   2641	return 0;
   2642 free_shared:
   2643	dma_free_coherent(&pci->dev, PCI_SHARED_LEN, ai->shared,
   2644			  ai->shared_dma);
   2645 free_auxmap:
   2646	iounmap(ai->pciaux);
   2647 free_memmap:
   2648	iounmap(ai->pcimem);
   2649 free_region2:
   2650	release_mem_region(aux_start, aux_len);
   2651 free_region1:
   2652	release_mem_region(mem_start, mem_len);
   2653 out:
   2654	return rc;
   2655}
   2656
   2657static const struct header_ops airo_header_ops = {
   2658	.parse = wll_header_parse,
   2659};
   2660
   2661static const struct net_device_ops airo11_netdev_ops = {
   2662	.ndo_open 		= airo_open,
   2663	.ndo_stop 		= airo_close,
   2664	.ndo_start_xmit 	= airo_start_xmit11,
   2665	.ndo_get_stats 		= airo_get_stats,
   2666	.ndo_set_mac_address	= airo_set_mac_address,
   2667	.ndo_siocdevprivate	= airo_siocdevprivate,
   2668};
   2669
   2670static void wifi_setup(struct net_device *dev)
   2671{
   2672	dev->netdev_ops = &airo11_netdev_ops;
   2673	dev->header_ops = &airo_header_ops;
   2674	dev->wireless_handlers = &airo_handler_def;
   2675
   2676	dev->type               = ARPHRD_IEEE80211;
   2677	dev->hard_header_len    = ETH_HLEN;
   2678	dev->mtu                = AIRO_DEF_MTU;
   2679	dev->min_mtu            = 68;
   2680	dev->max_mtu            = MIC_MSGLEN_MAX;
   2681	dev->addr_len           = ETH_ALEN;
   2682	dev->tx_queue_len       = 100;
   2683
   2684	eth_broadcast_addr(dev->broadcast);
   2685
   2686	dev->flags              = IFF_BROADCAST|IFF_MULTICAST;
   2687}
   2688
   2689static struct net_device *init_wifidev(struct airo_info *ai,
   2690					struct net_device *ethdev)
   2691{
   2692	int err;
   2693	struct net_device *dev = alloc_netdev(0, "wifi%d", NET_NAME_UNKNOWN,
   2694					      wifi_setup);
   2695	if (!dev)
   2696		return NULL;
   2697	dev->ml_priv = ethdev->ml_priv;
   2698	dev->irq = ethdev->irq;
   2699	dev->base_addr = ethdev->base_addr;
   2700	dev->wireless_data = ethdev->wireless_data;
   2701	SET_NETDEV_DEV(dev, ethdev->dev.parent);
   2702	eth_hw_addr_inherit(dev, ethdev);
   2703	err = register_netdev(dev);
   2704	if (err<0) {
   2705		free_netdev(dev);
   2706		return NULL;
   2707	}
   2708	return dev;
   2709}
   2710
   2711static int reset_card(struct net_device *dev, int lock)
   2712{
   2713	struct airo_info *ai = dev->ml_priv;
   2714
   2715	if (lock && down_interruptible(&ai->sem))
   2716		return -1;
   2717	waitbusy (ai);
   2718	OUT4500(ai, COMMAND, CMD_SOFTRESET);
   2719	msleep(200);
   2720	waitbusy (ai);
   2721	msleep(200);
   2722	if (lock)
   2723		up(&ai->sem);
   2724	return 0;
   2725}
   2726
   2727#define AIRO_MAX_NETWORK_COUNT	64
   2728static int airo_networks_allocate(struct airo_info *ai)
   2729{
   2730	if (ai->networks)
   2731		return 0;
   2732
   2733	ai->networks = kcalloc(AIRO_MAX_NETWORK_COUNT, sizeof(BSSListElement),
   2734			       GFP_KERNEL);
   2735	if (!ai->networks) {
   2736		airo_print_warn("", "Out of memory allocating beacons");
   2737		return -ENOMEM;
   2738	}
   2739
   2740	return 0;
   2741}
   2742
   2743static void airo_networks_free(struct airo_info *ai)
   2744{
   2745	kfree(ai->networks);
   2746	ai->networks = NULL;
   2747}
   2748
   2749static void airo_networks_initialize(struct airo_info *ai)
   2750{
   2751	int i;
   2752
   2753	INIT_LIST_HEAD(&ai->network_free_list);
   2754	INIT_LIST_HEAD(&ai->network_list);
   2755	for (i = 0; i < AIRO_MAX_NETWORK_COUNT; i++)
   2756		list_add_tail(&ai->networks[i].list,
   2757			      &ai->network_free_list);
   2758}
   2759
   2760static const struct net_device_ops airo_netdev_ops = {
   2761	.ndo_open		= airo_open,
   2762	.ndo_stop		= airo_close,
   2763	.ndo_start_xmit		= airo_start_xmit,
   2764	.ndo_get_stats		= airo_get_stats,
   2765	.ndo_set_rx_mode	= airo_set_multicast_list,
   2766	.ndo_set_mac_address	= airo_set_mac_address,
   2767	.ndo_siocdevprivate	= airo_siocdevprivate,
   2768	.ndo_validate_addr	= eth_validate_addr,
   2769};
   2770
   2771static const struct net_device_ops mpi_netdev_ops = {
   2772	.ndo_open		= airo_open,
   2773	.ndo_stop		= airo_close,
   2774	.ndo_start_xmit		= mpi_start_xmit,
   2775	.ndo_get_stats		= airo_get_stats,
   2776	.ndo_set_rx_mode	= airo_set_multicast_list,
   2777	.ndo_set_mac_address	= airo_set_mac_address,
   2778	.ndo_siocdevprivate	= airo_siocdevprivate,
   2779	.ndo_validate_addr	= eth_validate_addr,
   2780};
   2781
   2782
   2783static struct net_device *_init_airo_card(unsigned short irq, int port,
   2784					   int is_pcmcia, struct pci_dev *pci,
   2785					   struct device *dmdev)
   2786{
   2787	struct net_device *dev;
   2788	struct airo_info *ai;
   2789	int i, rc;
   2790	CapabilityRid cap_rid;
   2791
   2792	/* Create the network device object. */
   2793	dev = alloc_netdev(sizeof(*ai), "", NET_NAME_UNKNOWN, ether_setup);
   2794	if (!dev) {
   2795		airo_print_err("", "Couldn't alloc_etherdev");
   2796		return NULL;
   2797	}
   2798
   2799	ai = dev->ml_priv = netdev_priv(dev);
   2800	ai->wifidev = NULL;
   2801	ai->flags = 1 << FLAG_RADIO_DOWN;
   2802	ai->jobs = 0;
   2803	ai->dev = dev;
   2804	if (pci && (pci->device == 0x5000 || pci->device == 0xa504)) {
   2805		airo_print_dbg("", "Found an MPI350 card");
   2806		set_bit(FLAG_MPI, &ai->flags);
   2807	}
   2808	spin_lock_init(&ai->aux_lock);
   2809	sema_init(&ai->sem, 1);
   2810	ai->config.len = 0;
   2811	ai->pci = pci;
   2812	init_waitqueue_head (&ai->thr_wait);
   2813	ai->tfm = NULL;
   2814	add_airo_dev(ai);
   2815	ai->APList.len = cpu_to_le16(sizeof(struct APListRid));
   2816
   2817	if (airo_networks_allocate (ai))
   2818		goto err_out_free;
   2819	airo_networks_initialize (ai);
   2820
   2821	skb_queue_head_init (&ai->txq);
   2822
   2823	/* The Airo-specific entries in the device structure. */
   2824	if (test_bit(FLAG_MPI,&ai->flags))
   2825		dev->netdev_ops = &mpi_netdev_ops;
   2826	else
   2827		dev->netdev_ops = &airo_netdev_ops;
   2828	dev->wireless_handlers = &airo_handler_def;
   2829	ai->wireless_data.spy_data = &ai->spy_data;
   2830	dev->wireless_data = &ai->wireless_data;
   2831	dev->irq = irq;
   2832	dev->base_addr = port;
   2833	dev->priv_flags &= ~IFF_TX_SKB_SHARING;
   2834	dev->max_mtu = MIC_MSGLEN_MAX;
   2835
   2836	SET_NETDEV_DEV(dev, dmdev);
   2837
   2838	reset_card (dev, 1);
   2839	msleep(400);
   2840
   2841	if (!is_pcmcia) {
   2842		if (!request_region(dev->base_addr, 64, DRV_NAME)) {
   2843			rc = -EBUSY;
   2844			airo_print_err(dev->name, "Couldn't request region");
   2845			goto err_out_nets;
   2846		}
   2847	}
   2848
   2849	if (test_bit(FLAG_MPI,&ai->flags)) {
   2850		if (mpi_map_card(ai, pci)) {
   2851			airo_print_err("", "Could not map memory");
   2852			goto err_out_res;
   2853		}
   2854	}
   2855
   2856	if (probe) {
   2857		if (setup_card(ai, dev, 1) != SUCCESS) {
   2858			airo_print_err(dev->name, "MAC could not be enabled");
   2859			rc = -EIO;
   2860			goto err_out_map;
   2861		}
   2862	} else if (!test_bit(FLAG_MPI,&ai->flags)) {
   2863		ai->bap_read = fast_bap_read;
   2864		set_bit(FLAG_FLASHING, &ai->flags);
   2865	}
   2866
   2867	strcpy(dev->name, "eth%d");
   2868	rc = register_netdev(dev);
   2869	if (rc) {
   2870		airo_print_err(dev->name, "Couldn't register_netdev");
   2871		goto err_out_map;
   2872	}
   2873	ai->wifidev = init_wifidev(ai, dev);
   2874	if (!ai->wifidev)
   2875		goto err_out_reg;
   2876
   2877	rc = readCapabilityRid(ai, &cap_rid, 1);
   2878	if (rc != SUCCESS) {
   2879		rc = -EIO;
   2880		goto err_out_wifi;
   2881	}
   2882	/* WEP capability discovery */
   2883	ai->wep_capable = (cap_rid.softCap & cpu_to_le16(0x02)) ? 1 : 0;
   2884	ai->max_wep_idx = (cap_rid.softCap & cpu_to_le16(0x80)) ? 3 : 0;
   2885
   2886	airo_print_info(dev->name, "Firmware version %x.%x.%02d",
   2887	                ((le16_to_cpu(cap_rid.softVer) >> 8) & 0xF),
   2888	                (le16_to_cpu(cap_rid.softVer) & 0xFF),
   2889	                le16_to_cpu(cap_rid.softSubVer));
   2890
   2891	/* Test for WPA support */
   2892	/* Only firmware versions 5.30.17 or better can do WPA */
   2893	if (le16_to_cpu(cap_rid.softVer) > 0x530
   2894	 || (le16_to_cpu(cap_rid.softVer) == 0x530
   2895	      && le16_to_cpu(cap_rid.softSubVer) >= 17)) {
   2896		airo_print_info(ai->dev->name, "WPA supported.");
   2897
   2898		set_bit(FLAG_WPA_CAPABLE, &ai->flags);
   2899		ai->bssListFirst = RID_WPA_BSSLISTFIRST;
   2900		ai->bssListNext = RID_WPA_BSSLISTNEXT;
   2901		ai->bssListRidLen = sizeof(BSSListRid);
   2902	} else {
   2903		airo_print_info(ai->dev->name, "WPA unsupported with firmware "
   2904			"versions older than 5.30.17.");
   2905
   2906		ai->bssListFirst = RID_BSSLISTFIRST;
   2907		ai->bssListNext = RID_BSSLISTNEXT;
   2908		ai->bssListRidLen = sizeof(BSSListRid) - sizeof(BSSListRidExtra);
   2909	}
   2910
   2911	set_bit(FLAG_REGISTERED,&ai->flags);
   2912	airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
   2913
   2914	/* Allocate the transmit buffers */
   2915	if (probe && !test_bit(FLAG_MPI,&ai->flags))
   2916		for (i = 0; i < MAX_FIDS; i++)
   2917			ai->fids[i] = transmit_allocate(ai, AIRO_DEF_MTU, i>=MAX_FIDS/2);
   2918
   2919	if (setup_proc_entry(dev, dev->ml_priv) < 0)
   2920		goto err_out_wifi;
   2921
   2922	return dev;
   2923
   2924err_out_wifi:
   2925	unregister_netdev(ai->wifidev);
   2926	free_netdev(ai->wifidev);
   2927err_out_reg:
   2928	unregister_netdev(dev);
   2929err_out_map:
   2930	if (test_bit(FLAG_MPI,&ai->flags) && pci) {
   2931		dma_free_coherent(&pci->dev, PCI_SHARED_LEN, ai->shared,
   2932				  ai->shared_dma);
   2933		iounmap(ai->pciaux);
   2934		iounmap(ai->pcimem);
   2935		mpi_unmap_card(ai->pci);
   2936	}
   2937err_out_res:
   2938	if (!is_pcmcia)
   2939		release_region(dev->base_addr, 64);
   2940err_out_nets:
   2941	airo_networks_free(ai);
   2942err_out_free:
   2943	del_airo_dev(ai);
   2944	free_netdev(dev);
   2945	return NULL;
   2946}
   2947
   2948struct net_device *init_airo_card(unsigned short irq, int port, int is_pcmcia,
   2949				  struct device *dmdev)
   2950{
   2951	return _init_airo_card (irq, port, is_pcmcia, NULL, dmdev);
   2952}
   2953
   2954EXPORT_SYMBOL(init_airo_card);
   2955
   2956static int waitbusy (struct airo_info *ai)
   2957{
   2958	int delay = 0;
   2959	while ((IN4500(ai, COMMAND) & COMMAND_BUSY) && (delay < 10000)) {
   2960		udelay (10);
   2961		if ((++delay % 20) == 0)
   2962			OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
   2963	}
   2964	return delay < 10000;
   2965}
   2966
   2967int reset_airo_card(struct net_device *dev)
   2968{
   2969	int i;
   2970	struct airo_info *ai = dev->ml_priv;
   2971
   2972	if (reset_card (dev, 1))
   2973		return -1;
   2974
   2975	if (setup_card(ai, dev, 1) != SUCCESS) {
   2976		airo_print_err(dev->name, "MAC could not be enabled");
   2977		return -1;
   2978	}
   2979	airo_print_info(dev->name, "MAC enabled %pM", dev->dev_addr);
   2980	/* Allocate the transmit buffers if needed */
   2981	if (!test_bit(FLAG_MPI,&ai->flags))
   2982		for (i = 0; i < MAX_FIDS; i++)
   2983			ai->fids[i] = transmit_allocate (ai, AIRO_DEF_MTU, i>=MAX_FIDS/2);
   2984
   2985	enable_interrupts(ai);
   2986	netif_wake_queue(dev);
   2987	return 0;
   2988}
   2989
   2990EXPORT_SYMBOL(reset_airo_card);
   2991
   2992static void airo_send_event(struct net_device *dev)
   2993{
   2994	struct airo_info *ai = dev->ml_priv;
   2995	union iwreq_data wrqu;
   2996	StatusRid status_rid;
   2997
   2998	clear_bit(JOB_EVENT, &ai->jobs);
   2999	PC4500_readrid(ai, RID_STATUS, &status_rid, sizeof(status_rid), 0);
   3000	up(&ai->sem);
   3001	wrqu.data.length = 0;
   3002	wrqu.data.flags = 0;
   3003	memcpy(wrqu.ap_addr.sa_data, status_rid.bssid[0], ETH_ALEN);
   3004	wrqu.ap_addr.sa_family = ARPHRD_ETHER;
   3005
   3006	/* Send event to user space */
   3007	wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
   3008}
   3009
   3010static void airo_process_scan_results (struct airo_info *ai)
   3011{
   3012	union iwreq_data	wrqu;
   3013	BSSListRid bss;
   3014	int rc;
   3015	BSSListElement * loop_net;
   3016	BSSListElement * tmp_net;
   3017
   3018	/* Blow away current list of scan results */
   3019	list_for_each_entry_safe (loop_net, tmp_net, &ai->network_list, list) {
   3020		list_move_tail (&loop_net->list, &ai->network_free_list);
   3021		/* Don't blow away ->list, just BSS data */
   3022		memset (loop_net, 0, sizeof (loop_net->bss));
   3023	}
   3024
   3025	/* Try to read the first entry of the scan result */
   3026	rc = PC4500_readrid(ai, ai->bssListFirst, &bss, ai->bssListRidLen, 0);
   3027	if ((rc) || (bss.index == cpu_to_le16(0xffff))) {
   3028		/* No scan results */
   3029		goto out;
   3030	}
   3031
   3032	/* Read and parse all entries */
   3033	tmp_net = NULL;
   3034	while ((!rc) && (bss.index != cpu_to_le16(0xffff))) {
   3035		/* Grab a network off the free list */
   3036		if (!list_empty(&ai->network_free_list)) {
   3037			tmp_net = list_entry(ai->network_free_list.next,
   3038					    BSSListElement, list);
   3039			list_del(ai->network_free_list.next);
   3040		}
   3041
   3042		if (tmp_net != NULL) {
   3043			memcpy(tmp_net, &bss, sizeof(tmp_net->bss));
   3044			list_add_tail(&tmp_net->list, &ai->network_list);
   3045			tmp_net = NULL;
   3046		}
   3047
   3048		/* Read next entry */
   3049		rc = PC4500_readrid(ai, ai->bssListNext,
   3050				    &bss, ai->bssListRidLen, 0);
   3051	}
   3052
   3053out:
   3054	/* write APList back (we cleared it in airo_set_scan) */
   3055	disable_MAC(ai, 2);
   3056	writeAPListRid(ai, &ai->APList, 0);
   3057	enable_MAC(ai, 0);
   3058
   3059	ai->scan_timeout = 0;
   3060	clear_bit(JOB_SCAN_RESULTS, &ai->jobs);
   3061	up(&ai->sem);
   3062
   3063	/* Send an empty event to user space.
   3064	 * We don't send the received data on
   3065	 * the event because it would require
   3066	 * us to do complex transcoding, and
   3067	 * we want to minimise the work done in
   3068	 * the irq handler. Use a request to
   3069	 * extract the data - Jean II */
   3070	wrqu.data.length = 0;
   3071	wrqu.data.flags = 0;
   3072	wireless_send_event(ai->dev, SIOCGIWSCAN, &wrqu, NULL);
   3073}
   3074
   3075static int airo_thread(void *data)
   3076{
   3077	struct net_device *dev = data;
   3078	struct airo_info *ai = dev->ml_priv;
   3079	int locked;
   3080
   3081	set_freezable();
   3082	while (1) {
   3083		/* make swsusp happy with our thread */
   3084		try_to_freeze();
   3085
   3086		if (test_bit(JOB_DIE, &ai->jobs))
   3087			break;
   3088
   3089		if (ai->jobs) {
   3090			locked = down_interruptible(&ai->sem);
   3091		} else {
   3092			wait_queue_entry_t wait;
   3093
   3094			init_waitqueue_entry(&wait, current);
   3095			add_wait_queue(&ai->thr_wait, &wait);
   3096			for (;;) {
   3097				set_current_state(TASK_INTERRUPTIBLE);
   3098				if (ai->jobs)
   3099					break;
   3100				if (ai->expires || ai->scan_timeout) {
   3101					if (ai->scan_timeout &&
   3102							time_after_eq(jiffies, ai->scan_timeout)) {
   3103						set_bit(JOB_SCAN_RESULTS, &ai->jobs);
   3104						break;
   3105					} else if (ai->expires &&
   3106							time_after_eq(jiffies, ai->expires)) {
   3107						set_bit(JOB_AUTOWEP, &ai->jobs);
   3108						break;
   3109					}
   3110					if (!kthread_should_stop() &&
   3111					    !freezing(current)) {
   3112						unsigned long wake_at;
   3113						if (!ai->expires || !ai->scan_timeout) {
   3114							wake_at = max(ai->expires,
   3115								ai->scan_timeout);
   3116						} else {
   3117							wake_at = min(ai->expires,
   3118								ai->scan_timeout);
   3119						}
   3120						schedule_timeout(wake_at - jiffies);
   3121						continue;
   3122					}
   3123				} else if (!kthread_should_stop() &&
   3124					   !freezing(current)) {
   3125					schedule();
   3126					continue;
   3127				}
   3128				break;
   3129			}
   3130			__set_current_state(TASK_RUNNING);
   3131			remove_wait_queue(&ai->thr_wait, &wait);
   3132			locked = 1;
   3133		}
   3134
   3135		if (locked)
   3136			continue;
   3137
   3138		if (test_bit(JOB_DIE, &ai->jobs)) {
   3139			up(&ai->sem);
   3140			break;
   3141		}
   3142
   3143		if (ai->power.event || test_bit(FLAG_FLASHING, &ai->flags)) {
   3144			up(&ai->sem);
   3145			continue;
   3146		}
   3147
   3148		if (test_bit(JOB_XMIT, &ai->jobs))
   3149			airo_end_xmit(dev, true);
   3150		else if (test_bit(JOB_XMIT11, &ai->jobs))
   3151			airo_end_xmit11(dev, true);
   3152		else if (test_bit(JOB_STATS, &ai->jobs))
   3153			airo_read_stats(dev);
   3154		else if (test_bit(JOB_PROMISC, &ai->jobs))
   3155			airo_set_promisc(ai, true);
   3156		else if (test_bit(JOB_MIC, &ai->jobs))
   3157			micinit(ai);
   3158		else if (test_bit(JOB_EVENT, &ai->jobs))
   3159			airo_send_event(dev);
   3160		else if (test_bit(JOB_AUTOWEP, &ai->jobs))
   3161			timer_func(dev);
   3162		else if (test_bit(JOB_SCAN_RESULTS, &ai->jobs))
   3163			airo_process_scan_results(ai);
   3164		else  /* Shouldn't get here, but we make sure to unlock */
   3165			up(&ai->sem);
   3166	}
   3167
   3168	return 0;
   3169}
   3170
   3171static int header_len(__le16 ctl)
   3172{
   3173	u16 fc = le16_to_cpu(ctl);
   3174	switch (fc & 0xc) {
   3175	case 4:
   3176		if ((fc & 0xe0) == 0xc0)
   3177			return 10;	/* one-address control packet */
   3178		return 16;	/* two-address control packet */
   3179	case 8:
   3180		if ((fc & 0x300) == 0x300)
   3181			return 30;	/* WDS packet */
   3182	}
   3183	return 24;
   3184}
   3185
   3186static void airo_handle_cisco_mic(struct airo_info *ai)
   3187{
   3188	if (test_bit(FLAG_MIC_CAPABLE, &ai->flags)) {
   3189		set_bit(JOB_MIC, &ai->jobs);
   3190		wake_up_interruptible(&ai->thr_wait);
   3191	}
   3192}
   3193
   3194/* Airo Status codes */
   3195#define STAT_NOBEACON	0x8000 /* Loss of sync - missed beacons */
   3196#define STAT_MAXRETRIES	0x8001 /* Loss of sync - max retries */
   3197#define STAT_MAXARL	0x8002 /* Loss of sync - average retry level exceeded*/
   3198#define STAT_FORCELOSS	0x8003 /* Loss of sync - host request */
   3199#define STAT_TSFSYNC	0x8004 /* Loss of sync - TSF synchronization */
   3200#define STAT_DEAUTH	0x8100 /* low byte is 802.11 reason code */
   3201#define STAT_DISASSOC	0x8200 /* low byte is 802.11 reason code */
   3202#define STAT_ASSOC_FAIL	0x8400 /* low byte is 802.11 reason code */
   3203#define STAT_AUTH_FAIL	0x0300 /* low byte is 802.11 reason code */
   3204#define STAT_ASSOC	0x0400 /* Associated */
   3205#define STAT_REASSOC    0x0600 /* Reassociated?  Only on firmware >= 5.30.17 */
   3206
   3207static void airo_print_status(const char *devname, u16 status)
   3208{
   3209	u8 reason = status & 0xFF;
   3210
   3211	switch (status & 0xFF00) {
   3212	case STAT_NOBEACON:
   3213		switch (status) {
   3214		case STAT_NOBEACON:
   3215			airo_print_dbg(devname, "link lost (missed beacons)");
   3216			break;
   3217		case STAT_MAXRETRIES:
   3218		case STAT_MAXARL:
   3219			airo_print_dbg(devname, "link lost (max retries)");
   3220			break;
   3221		case STAT_FORCELOSS:
   3222			airo_print_dbg(devname, "link lost (local choice)");
   3223			break;
   3224		case STAT_TSFSYNC:
   3225			airo_print_dbg(devname, "link lost (TSF sync lost)");
   3226			break;
   3227		default:
   3228			airo_print_dbg(devname, "unknown status %x\n", status);
   3229			break;
   3230		}
   3231		break;
   3232	case STAT_DEAUTH:
   3233		airo_print_dbg(devname, "deauthenticated (reason: %d)", reason);
   3234		break;
   3235	case STAT_DISASSOC:
   3236		airo_print_dbg(devname, "disassociated (reason: %d)", reason);
   3237		break;
   3238	case STAT_ASSOC_FAIL:
   3239		airo_print_dbg(devname, "association failed (reason: %d)",
   3240			       reason);
   3241		break;
   3242	case STAT_AUTH_FAIL:
   3243		airo_print_dbg(devname, "authentication failed (reason: %d)",
   3244			       reason);
   3245		break;
   3246	case STAT_ASSOC:
   3247	case STAT_REASSOC:
   3248		break;
   3249	default:
   3250		airo_print_dbg(devname, "unknown status %x\n", status);
   3251		break;
   3252	}
   3253}
   3254
   3255static void airo_handle_link(struct airo_info *ai)
   3256{
   3257	union iwreq_data wrqu;
   3258	int scan_forceloss = 0;
   3259	u16 status;
   3260
   3261	/* Get new status and acknowledge the link change */
   3262	status = le16_to_cpu(IN4500(ai, LINKSTAT));
   3263	OUT4500(ai, EVACK, EV_LINK);
   3264
   3265	if ((status == STAT_FORCELOSS) && (ai->scan_timeout > 0))
   3266		scan_forceloss = 1;
   3267
   3268	airo_print_status(ai->dev->name, status);
   3269
   3270	if ((status == STAT_ASSOC) || (status == STAT_REASSOC)) {
   3271		if (auto_wep)
   3272			ai->expires = 0;
   3273		if (ai->list_bss_task)
   3274			wake_up_process(ai->list_bss_task);
   3275		set_bit(FLAG_UPDATE_UNI, &ai->flags);
   3276		set_bit(FLAG_UPDATE_MULTI, &ai->flags);
   3277
   3278		set_bit(JOB_EVENT, &ai->jobs);
   3279		wake_up_interruptible(&ai->thr_wait);
   3280
   3281		netif_carrier_on(ai->dev);
   3282	} else if (!scan_forceloss) {
   3283		if (auto_wep && !ai->expires) {
   3284			ai->expires = RUN_AT(3*HZ);
   3285			wake_up_interruptible(&ai->thr_wait);
   3286		}
   3287
   3288		/* Send event to user space */
   3289		eth_zero_addr(wrqu.ap_addr.sa_data);
   3290		wrqu.ap_addr.sa_family = ARPHRD_ETHER;
   3291		wireless_send_event(ai->dev, SIOCGIWAP, &wrqu, NULL);
   3292		netif_carrier_off(ai->dev);
   3293	} else {
   3294		netif_carrier_off(ai->dev);
   3295	}
   3296}
   3297
   3298static void airo_handle_rx(struct airo_info *ai)
   3299{
   3300	struct sk_buff *skb = NULL;
   3301	__le16 fc, v, *buffer, tmpbuf[4];
   3302	u16 len, hdrlen = 0, gap, fid;
   3303	struct rx_hdr hdr;
   3304	int success = 0;
   3305
   3306	if (test_bit(FLAG_MPI, &ai->flags)) {
   3307		if (test_bit(FLAG_802_11, &ai->flags))
   3308			mpi_receive_802_11(ai);
   3309		else
   3310			mpi_receive_802_3(ai);
   3311		OUT4500(ai, EVACK, EV_RX);
   3312		return;
   3313	}
   3314
   3315	fid = IN4500(ai, RXFID);
   3316
   3317	/* Get the packet length */
   3318	if (test_bit(FLAG_802_11, &ai->flags)) {
   3319		bap_setup (ai, fid, 4, BAP0);
   3320		bap_read (ai, (__le16*)&hdr, sizeof(hdr), BAP0);
   3321		/* Bad CRC. Ignore packet */
   3322		if (le16_to_cpu(hdr.status) & 2)
   3323			hdr.len = 0;
   3324		if (ai->wifidev == NULL)
   3325			hdr.len = 0;
   3326	} else {
   3327		bap_setup(ai, fid, 0x36, BAP0);
   3328		bap_read(ai, &hdr.len, 2, BAP0);
   3329	}
   3330	len = le16_to_cpu(hdr.len);
   3331
   3332	if (len > AIRO_DEF_MTU) {
   3333		airo_print_err(ai->dev->name, "Bad size %d", len);
   3334		goto done;
   3335	}
   3336	if (len == 0)
   3337		goto done;
   3338
   3339	if (test_bit(FLAG_802_11, &ai->flags)) {
   3340		bap_read(ai, &fc, sizeof (fc), BAP0);
   3341		hdrlen = header_len(fc);
   3342	} else
   3343		hdrlen = ETH_ALEN * 2;
   3344
   3345	skb = dev_alloc_skb(len + hdrlen + 2 + 2);
   3346	if (!skb) {
   3347		ai->dev->stats.rx_dropped++;
   3348		goto done;
   3349	}
   3350
   3351	skb_reserve(skb, 2); /* This way the IP header is aligned */
   3352	buffer = skb_put(skb, len + hdrlen);
   3353	if (test_bit(FLAG_802_11, &ai->flags)) {
   3354		buffer[0] = fc;
   3355		bap_read(ai, buffer + 1, hdrlen - 2, BAP0);
   3356		if (hdrlen == 24)
   3357			bap_read(ai, tmpbuf, 6, BAP0);
   3358
   3359		bap_read(ai, &v, sizeof(v), BAP0);
   3360		gap = le16_to_cpu(v);
   3361		if (gap) {
   3362			if (gap <= 8) {
   3363				bap_read(ai, tmpbuf, gap, BAP0);
   3364			} else {
   3365				airo_print_err(ai->dev->name, "gaplen too "
   3366					"big. Problems will follow...");
   3367			}
   3368		}
   3369		bap_read(ai, buffer + hdrlen/2, len, BAP0);
   3370	} else {
   3371		MICBuffer micbuf;
   3372
   3373		bap_read(ai, buffer, ETH_ALEN * 2, BAP0);
   3374		if (ai->micstats.enabled) {
   3375			bap_read(ai, (__le16 *) &micbuf, sizeof (micbuf), BAP0);
   3376			if (ntohs(micbuf.typelen) > 0x05DC)
   3377				bap_setup(ai, fid, 0x44, BAP0);
   3378			else {
   3379				if (len <= sizeof (micbuf)) {
   3380					dev_kfree_skb_irq(skb);
   3381					goto done;
   3382				}
   3383
   3384				len -= sizeof(micbuf);
   3385				skb_trim(skb, len + hdrlen);
   3386			}
   3387		}
   3388
   3389		bap_read(ai, buffer + ETH_ALEN, len, BAP0);
   3390		if (decapsulate(ai, &micbuf, (etherHead*) buffer, len))
   3391			dev_kfree_skb_irq (skb);
   3392		else
   3393			success = 1;
   3394	}
   3395
   3396#ifdef WIRELESS_SPY
   3397	if (success && (ai->spy_data.spy_number > 0)) {
   3398		char *sa;
   3399		struct iw_quality wstats;
   3400
   3401		/* Prepare spy data : addr + qual */
   3402		if (!test_bit(FLAG_802_11, &ai->flags)) {
   3403			sa = (char *) buffer + 6;
   3404			bap_setup(ai, fid, 8, BAP0);
   3405			bap_read(ai, (__le16 *) hdr.rssi, 2, BAP0);
   3406		} else
   3407			sa = (char *) buffer + 10;
   3408		wstats.qual = hdr.rssi[0];
   3409		if (ai->rssi)
   3410			wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
   3411		else
   3412			wstats.level = (hdr.rssi[1] + 321) / 2;
   3413		wstats.noise = ai->wstats.qual.noise;
   3414		wstats.updated =  IW_QUAL_LEVEL_UPDATED
   3415				| IW_QUAL_QUAL_UPDATED
   3416				| IW_QUAL_DBM;
   3417		/* Update spy records */
   3418		wireless_spy_update(ai->dev, sa, &wstats);
   3419	}
   3420#endif /* WIRELESS_SPY */
   3421
   3422done:
   3423	OUT4500(ai, EVACK, EV_RX);
   3424
   3425	if (success) {
   3426		if (test_bit(FLAG_802_11, &ai->flags)) {
   3427			skb_reset_mac_header(skb);
   3428			skb->pkt_type = PACKET_OTHERHOST;
   3429			skb->dev = ai->wifidev;
   3430			skb->protocol = htons(ETH_P_802_2);
   3431		} else
   3432			skb->protocol = eth_type_trans(skb, ai->dev);
   3433		skb->ip_summed = CHECKSUM_NONE;
   3434
   3435		netif_rx(skb);
   3436	}
   3437}
   3438
   3439static void airo_handle_tx(struct airo_info *ai, u16 status)
   3440{
   3441	int i, index = -1;
   3442	u16 fid;
   3443
   3444	if (test_bit(FLAG_MPI, &ai->flags)) {
   3445		unsigned long flags;
   3446
   3447		if (status & EV_TXEXC)
   3448			get_tx_error(ai, -1);
   3449
   3450		spin_lock_irqsave(&ai->aux_lock, flags);
   3451		if (!skb_queue_empty(&ai->txq)) {
   3452			spin_unlock_irqrestore(&ai->aux_lock, flags);
   3453			mpi_send_packet(ai->dev);
   3454		} else {
   3455			clear_bit(FLAG_PENDING_XMIT, &ai->flags);
   3456			spin_unlock_irqrestore(&ai->aux_lock, flags);
   3457			netif_wake_queue(ai->dev);
   3458		}
   3459		OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
   3460		return;
   3461	}
   3462
   3463	fid = IN4500(ai, TXCOMPLFID);
   3464
   3465	for (i = 0; i < MAX_FIDS; i++) {
   3466		if ((ai->fids[i] & 0xffff) == fid)
   3467			index = i;
   3468	}
   3469
   3470	if (index != -1) {
   3471		if (status & EV_TXEXC)
   3472			get_tx_error(ai, index);
   3473
   3474		OUT4500(ai, EVACK, status & (EV_TX | EV_TXEXC));
   3475
   3476		/* Set up to be used again */
   3477		ai->fids[index] &= 0xffff;
   3478		if (index < MAX_FIDS / 2) {
   3479			if (!test_bit(FLAG_PENDING_XMIT, &ai->flags))
   3480				netif_wake_queue(ai->dev);
   3481		} else {
   3482			if (!test_bit(FLAG_PENDING_XMIT11, &ai->flags))
   3483				netif_wake_queue(ai->wifidev);
   3484		}
   3485	} else {
   3486		OUT4500(ai, EVACK, status & (EV_TX | EV_TXCPY | EV_TXEXC));
   3487		airo_print_err(ai->dev->name, "Unallocated FID was used to xmit");
   3488	}
   3489}
   3490
   3491static irqreturn_t airo_interrupt(int irq, void *dev_id)
   3492{
   3493	struct net_device *dev = dev_id;
   3494	u16 status, savedInterrupts = 0;
   3495	struct airo_info *ai = dev->ml_priv;
   3496	int handled = 0;
   3497
   3498	if (!netif_device_present(dev))
   3499		return IRQ_NONE;
   3500
   3501	for (;;) {
   3502		status = IN4500(ai, EVSTAT);
   3503		if (!(status & STATUS_INTS) || (status == 0xffff))
   3504			break;
   3505
   3506		handled = 1;
   3507
   3508		if (status & EV_AWAKE) {
   3509			OUT4500(ai, EVACK, EV_AWAKE);
   3510			OUT4500(ai, EVACK, EV_AWAKE);
   3511		}
   3512
   3513		if (!savedInterrupts) {
   3514			savedInterrupts = IN4500(ai, EVINTEN);
   3515			OUT4500(ai, EVINTEN, 0);
   3516		}
   3517
   3518		if (status & EV_MIC) {
   3519			OUT4500(ai, EVACK, EV_MIC);
   3520			airo_handle_cisco_mic(ai);
   3521		}
   3522
   3523		if (status & EV_LINK) {
   3524			/* Link status changed */
   3525			airo_handle_link(ai);
   3526		}
   3527
   3528		/* Check to see if there is something to receive */
   3529		if (status & EV_RX)
   3530			airo_handle_rx(ai);
   3531
   3532		/* Check to see if a packet has been transmitted */
   3533		if (status & (EV_TX | EV_TXCPY | EV_TXEXC))
   3534			airo_handle_tx(ai, status);
   3535
   3536		if (status & ~STATUS_INTS & ~IGNORE_INTS) {
   3537			airo_print_warn(ai->dev->name, "Got weird status %x",
   3538				status & ~STATUS_INTS & ~IGNORE_INTS);
   3539		}
   3540	}
   3541
   3542	if (savedInterrupts)
   3543		OUT4500(ai, EVINTEN, savedInterrupts);
   3544
   3545	return IRQ_RETVAL(handled);
   3546}
   3547
   3548/*
   3549 *  Routines to talk to the card
   3550 */
   3551
   3552/*
   3553 *  This was originally written for the 4500, hence the name
   3554 *  NOTE:  If use with 8bit mode and SMP bad things will happen!
   3555 *         Why would some one do 8 bit IO in an SMP machine?!?
   3556 */
   3557static void OUT4500(struct airo_info *ai, u16 reg, u16 val)
   3558{
   3559	if (test_bit(FLAG_MPI,&ai->flags))
   3560		reg <<= 1;
   3561	if (!do8bitIO)
   3562		outw(val, ai->dev->base_addr + reg);
   3563	else {
   3564		outb(val & 0xff, ai->dev->base_addr + reg);
   3565		outb(val >> 8, ai->dev->base_addr + reg + 1);
   3566	}
   3567}
   3568
   3569static u16 IN4500(struct airo_info *ai, u16 reg)
   3570{
   3571	unsigned short rc;
   3572
   3573	if (test_bit(FLAG_MPI,&ai->flags))
   3574		reg <<= 1;
   3575	if (!do8bitIO)
   3576		rc = inw(ai->dev->base_addr + reg);
   3577	else {
   3578		rc = inb(ai->dev->base_addr + reg);
   3579		rc += ((int)inb(ai->dev->base_addr + reg + 1)) << 8;
   3580	}
   3581	return rc;
   3582}
   3583
   3584static int enable_MAC(struct airo_info *ai, int lock)
   3585{
   3586	int rc;
   3587	Cmd cmd;
   3588	Resp rsp;
   3589
   3590	/* FLAG_RADIO_OFF : Radio disabled via /proc or Wireless Extensions
   3591	 * FLAG_RADIO_DOWN : Radio disabled via "ifconfig ethX down"
   3592	 * Note : we could try to use !netif_running(dev) in enable_MAC()
   3593	 * instead of this flag, but I don't trust it *within* the
   3594	 * open/close functions, and testing both flags together is
   3595	 * "cheaper" - Jean II */
   3596	if (ai->flags & FLAG_RADIO_MASK) return SUCCESS;
   3597
   3598	if (lock && down_interruptible(&ai->sem))
   3599		return -ERESTARTSYS;
   3600
   3601	if (!test_bit(FLAG_ENABLED, &ai->flags)) {
   3602		memset(&cmd, 0, sizeof(cmd));
   3603		cmd.cmd = MAC_ENABLE;
   3604		rc = issuecommand(ai, &cmd, &rsp, true);
   3605		if (rc == SUCCESS)
   3606			set_bit(FLAG_ENABLED, &ai->flags);
   3607	} else
   3608		rc = SUCCESS;
   3609
   3610	if (lock)
   3611	    up(&ai->sem);
   3612
   3613	if (rc)
   3614		airo_print_err(ai->dev->name, "Cannot enable MAC");
   3615	else if ((rsp.status & 0xFF00) != 0) {
   3616		airo_print_err(ai->dev->name, "Bad MAC enable reason=%x, "
   3617			"rid=%x, offset=%d", rsp.rsp0, rsp.rsp1, rsp.rsp2);
   3618		rc = ERROR;
   3619	}
   3620	return rc;
   3621}
   3622
   3623static void disable_MAC(struct airo_info *ai, int lock)
   3624{
   3625        Cmd cmd;
   3626	Resp rsp;
   3627
   3628	if (lock == 1 && down_interruptible(&ai->sem))
   3629		return;
   3630
   3631	if (test_bit(FLAG_ENABLED, &ai->flags)) {
   3632		if (lock != 2) /* lock == 2 means don't disable carrier */
   3633			netif_carrier_off(ai->dev);
   3634		memset(&cmd, 0, sizeof(cmd));
   3635		cmd.cmd = MAC_DISABLE; // disable in case already enabled
   3636		issuecommand(ai, &cmd, &rsp, true);
   3637		clear_bit(FLAG_ENABLED, &ai->flags);
   3638	}
   3639	if (lock == 1)
   3640		up(&ai->sem);
   3641}
   3642
   3643static void enable_interrupts(struct airo_info *ai)
   3644{
   3645	/* Enable the interrupts */
   3646	OUT4500(ai, EVINTEN, STATUS_INTS);
   3647}
   3648
   3649static void disable_interrupts(struct airo_info *ai)
   3650{
   3651	OUT4500(ai, EVINTEN, 0);
   3652}
   3653
   3654static void mpi_receive_802_3(struct airo_info *ai)
   3655{
   3656	RxFid rxd;
   3657	int len = 0;
   3658	struct sk_buff *skb;
   3659	char *buffer;
   3660	int off = 0;
   3661	MICBuffer micbuf;
   3662
   3663	memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
   3664	/* Make sure we got something */
   3665	if (rxd.rdy && rxd.valid == 0) {
   3666		len = rxd.len + 12;
   3667		if (len < 12 || len > 2048)
   3668			goto badrx;
   3669
   3670		skb = dev_alloc_skb(len);
   3671		if (!skb) {
   3672			ai->dev->stats.rx_dropped++;
   3673			goto badrx;
   3674		}
   3675		buffer = skb_put(skb, len);
   3676		memcpy(buffer, ai->rxfids[0].virtual_host_addr, ETH_ALEN * 2);
   3677		if (ai->micstats.enabled) {
   3678			memcpy(&micbuf,
   3679				ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2,
   3680				sizeof(micbuf));
   3681			if (ntohs(micbuf.typelen) <= 0x05DC) {
   3682				if (len <= sizeof(micbuf) + ETH_ALEN * 2)
   3683					goto badmic;
   3684
   3685				off = sizeof(micbuf);
   3686				skb_trim (skb, len - off);
   3687			}
   3688		}
   3689		memcpy(buffer + ETH_ALEN * 2,
   3690			ai->rxfids[0].virtual_host_addr + ETH_ALEN * 2 + off,
   3691			len - ETH_ALEN * 2 - off);
   3692		if (decapsulate (ai, &micbuf, (etherHead*)buffer, len - off - ETH_ALEN * 2)) {
   3693badmic:
   3694			dev_kfree_skb_irq (skb);
   3695			goto badrx;
   3696		}
   3697#ifdef WIRELESS_SPY
   3698		if (ai->spy_data.spy_number > 0) {
   3699			char *sa;
   3700			struct iw_quality wstats;
   3701			/* Prepare spy data : addr + qual */
   3702			sa = buffer + ETH_ALEN;
   3703			wstats.qual = 0; /* XXX Where do I get that info from ??? */
   3704			wstats.level = 0;
   3705			wstats.updated = 0;
   3706			/* Update spy records */
   3707			wireless_spy_update(ai->dev, sa, &wstats);
   3708		}
   3709#endif /* WIRELESS_SPY */
   3710
   3711		skb->ip_summed = CHECKSUM_NONE;
   3712		skb->protocol = eth_type_trans(skb, ai->dev);
   3713		netif_rx(skb);
   3714	}
   3715badrx:
   3716	if (rxd.valid == 0) {
   3717		rxd.valid = 1;
   3718		rxd.rdy = 0;
   3719		rxd.len = PKTSIZE;
   3720		memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
   3721	}
   3722}
   3723
   3724static void mpi_receive_802_11(struct airo_info *ai)
   3725{
   3726	RxFid rxd;
   3727	struct sk_buff *skb = NULL;
   3728	u16 len, hdrlen = 0;
   3729	__le16 fc;
   3730	struct rx_hdr hdr;
   3731	u16 gap;
   3732	u16 *buffer;
   3733	char *ptr = ai->rxfids[0].virtual_host_addr + 4;
   3734
   3735	memcpy_fromio(&rxd, ai->rxfids[0].card_ram_off, sizeof(rxd));
   3736	memcpy ((char *)&hdr, ptr, sizeof(hdr));
   3737	ptr += sizeof(hdr);
   3738	/* Bad CRC. Ignore packet */
   3739	if (le16_to_cpu(hdr.status) & 2)
   3740		hdr.len = 0;
   3741	if (ai->wifidev == NULL)
   3742		hdr.len = 0;
   3743	len = le16_to_cpu(hdr.len);
   3744	if (len > AIRO_DEF_MTU) {
   3745		airo_print_err(ai->dev->name, "Bad size %d", len);
   3746		goto badrx;
   3747	}
   3748	if (len == 0)
   3749		goto badrx;
   3750
   3751	fc = get_unaligned((__le16 *)ptr);
   3752	hdrlen = header_len(fc);
   3753
   3754	skb = dev_alloc_skb(len + hdrlen + 2);
   3755	if (!skb) {
   3756		ai->dev->stats.rx_dropped++;
   3757		goto badrx;
   3758	}
   3759	buffer = skb_put(skb, len + hdrlen);
   3760	memcpy ((char *)buffer, ptr, hdrlen);
   3761	ptr += hdrlen;
   3762	if (hdrlen == 24)
   3763		ptr += 6;
   3764	gap = get_unaligned_le16(ptr);
   3765	ptr += sizeof(__le16);
   3766	if (gap) {
   3767		if (gap <= 8)
   3768			ptr += gap;
   3769		else
   3770			airo_print_err(ai->dev->name,
   3771			    "gaplen too big. Problems will follow...");
   3772	}
   3773	memcpy ((char *)buffer + hdrlen, ptr, len);
   3774	ptr += len;
   3775#ifdef IW_WIRELESS_SPY	  /* defined in iw_handler.h */
   3776	if (ai->spy_data.spy_number > 0) {
   3777		char *sa;
   3778		struct iw_quality wstats;
   3779		/* Prepare spy data : addr + qual */
   3780		sa = (char*)buffer + 10;
   3781		wstats.qual = hdr.rssi[0];
   3782		if (ai->rssi)
   3783			wstats.level = 0x100 - ai->rssi[hdr.rssi[1]].rssidBm;
   3784		else
   3785			wstats.level = (hdr.rssi[1] + 321) / 2;
   3786		wstats.noise = ai->wstats.qual.noise;
   3787		wstats.updated = IW_QUAL_QUAL_UPDATED
   3788			| IW_QUAL_LEVEL_UPDATED
   3789			| IW_QUAL_DBM;
   3790		/* Update spy records */
   3791		wireless_spy_update(ai->dev, sa, &wstats);
   3792	}
   3793#endif /* IW_WIRELESS_SPY */
   3794	skb_reset_mac_header(skb);
   3795	skb->pkt_type = PACKET_OTHERHOST;
   3796	skb->dev = ai->wifidev;
   3797	skb->protocol = htons(ETH_P_802_2);
   3798	skb->ip_summed = CHECKSUM_NONE;
   3799	netif_rx(skb);
   3800
   3801badrx:
   3802	if (rxd.valid == 0) {
   3803		rxd.valid = 1;
   3804		rxd.rdy = 0;
   3805		rxd.len = PKTSIZE;
   3806		memcpy_toio(ai->rxfids[0].card_ram_off, &rxd, sizeof(rxd));
   3807	}
   3808}
   3809
   3810static inline void set_auth_type(struct airo_info *local, int auth_type)
   3811{
   3812	local->config.authType = auth_type;
   3813	/* Cache the last auth type used (of AUTH_OPEN and AUTH_ENCRYPT).
   3814	 * Used by airo_set_auth()
   3815	 */
   3816	if (auth_type == AUTH_OPEN || auth_type == AUTH_ENCRYPT)
   3817		local->last_auth = auth_type;
   3818}
   3819
   3820static int noinline_for_stack airo_readconfig(struct airo_info *ai,
   3821					      struct net_device *dev, int lock)
   3822{
   3823	int i, status;
   3824	/* large variables, so don't inline this function,
   3825	 * maybe change to kmalloc
   3826	 */
   3827	tdsRssiRid rssi_rid;
   3828	CapabilityRid cap_rid;
   3829
   3830	kfree(ai->SSID);
   3831	ai->SSID = NULL;
   3832	// general configuration (read/modify/write)
   3833	status = readConfigRid(ai, lock);
   3834	if (status != SUCCESS) return ERROR;
   3835
   3836	status = readCapabilityRid(ai, &cap_rid, lock);
   3837	if (status != SUCCESS) return ERROR;
   3838
   3839	status = PC4500_readrid(ai, RID_RSSI, &rssi_rid, sizeof(rssi_rid), lock);
   3840	if (status == SUCCESS) {
   3841		if (ai->rssi || (ai->rssi = kmalloc(512, GFP_KERNEL)) != NULL)
   3842			memcpy(ai->rssi, (u8*)&rssi_rid + 2, 512); /* Skip RID length member */
   3843	}
   3844	else {
   3845		kfree(ai->rssi);
   3846		ai->rssi = NULL;
   3847		if (cap_rid.softCap & cpu_to_le16(8))
   3848			ai->config.rmode |= RXMODE_NORMALIZED_RSSI;
   3849		else
   3850			airo_print_warn(ai->dev->name, "unknown received signal "
   3851					"level scale");
   3852	}
   3853	ai->config.opmode = adhoc ? MODE_STA_IBSS : MODE_STA_ESS;
   3854	set_auth_type(ai, AUTH_OPEN);
   3855	ai->config.modulation = MOD_CCK;
   3856
   3857	if (le16_to_cpu(cap_rid.len) >= sizeof(cap_rid) &&
   3858	    (cap_rid.extSoftCap & cpu_to_le16(1)) &&
   3859	    micsetup(ai) == SUCCESS) {
   3860		ai->config.opmode |= MODE_MIC;
   3861		set_bit(FLAG_MIC_CAPABLE, &ai->flags);
   3862	}
   3863
   3864	/* Save off the MAC */
   3865	eth_hw_addr_set(dev, ai->config.macAddr);
   3866
   3867	/* Check to see if there are any insmod configured
   3868	   rates to add */
   3869	if (rates[0]) {
   3870		memset(ai->config.rates, 0, sizeof(ai->config.rates));
   3871		for (i = 0; i < 8 && rates[i]; i++) {
   3872			ai->config.rates[i] = rates[i];
   3873		}
   3874	}
   3875	set_bit (FLAG_COMMIT, &ai->flags);
   3876
   3877	return SUCCESS;
   3878}
   3879
   3880
   3881static u16 setup_card(struct airo_info *ai, struct net_device *dev, int lock)
   3882{
   3883	Cmd cmd;
   3884	Resp rsp;
   3885	int status;
   3886	SsidRid mySsid;
   3887	__le16 lastindex;
   3888	WepKeyRid wkr;
   3889	int rc;
   3890
   3891	memset(&mySsid, 0, sizeof(mySsid));
   3892	kfree (ai->flash);
   3893	ai->flash = NULL;
   3894
   3895	/* The NOP is the first step in getting the card going */
   3896	cmd.cmd = NOP;
   3897	cmd.parm0 = cmd.parm1 = cmd.parm2 = 0;
   3898	if (lock && down_interruptible(&ai->sem))
   3899		return ERROR;
   3900	if (issuecommand(ai, &cmd, &rsp, true) != SUCCESS) {
   3901		if (lock)
   3902			up(&ai->sem);
   3903		return ERROR;
   3904	}
   3905	disable_MAC(ai, 0);
   3906
   3907	// Let's figure out if we need to use the AUX port
   3908	if (!test_bit(FLAG_MPI,&ai->flags)) {
   3909		cmd.cmd = CMD_ENABLEAUX;
   3910		if (issuecommand(ai, &cmd, &rsp, true) != SUCCESS) {
   3911			if (lock)
   3912				up(&ai->sem);
   3913			airo_print_err(ai->dev->name, "Error checking for AUX port");
   3914			return ERROR;
   3915		}
   3916		if (!aux_bap || rsp.status & 0xff00) {
   3917			ai->bap_read = fast_bap_read;
   3918			airo_print_dbg(ai->dev->name, "Doing fast bap_reads");
   3919		} else {
   3920			ai->bap_read = aux_bap_read;
   3921			airo_print_dbg(ai->dev->name, "Doing AUX bap_reads");
   3922		}
   3923	}
   3924	if (lock)
   3925		up(&ai->sem);
   3926	if (ai->config.len == 0) {
   3927		status = airo_readconfig(ai, dev, lock);
   3928		if (status != SUCCESS)
   3929			return ERROR;
   3930	}
   3931
   3932	/* Setup the SSIDs if present */
   3933	if (ssids[0]) {
   3934		int i;
   3935		for (i = 0; i < 3 && ssids[i]; i++) {
   3936			size_t len = strlen(ssids[i]);
   3937			if (len > 32)
   3938				len = 32;
   3939			mySsid.ssids[i].len = cpu_to_le16(len);
   3940			memcpy(mySsid.ssids[i].ssid, ssids[i], len);
   3941		}
   3942		mySsid.len = cpu_to_le16(sizeof(mySsid));
   3943	}
   3944
   3945	status = writeConfigRid(ai, lock);
   3946	if (status != SUCCESS) return ERROR;
   3947
   3948	/* Set up the SSID list */
   3949	if (ssids[0]) {
   3950		status = writeSsidRid(ai, &mySsid, lock);
   3951		if (status != SUCCESS) return ERROR;
   3952	}
   3953
   3954	status = enable_MAC(ai, lock);
   3955	if (status != SUCCESS)
   3956		return ERROR;
   3957
   3958	/* Grab the initial wep key, we gotta save it for auto_wep */
   3959	rc = readWepKeyRid(ai, &wkr, 1, lock);
   3960	if (rc == SUCCESS) do {
   3961		lastindex = wkr.kindex;
   3962		if (wkr.kindex == cpu_to_le16(0xffff)) {
   3963			ai->defindex = wkr.mac[0];
   3964		}
   3965		rc = readWepKeyRid(ai, &wkr, 0, lock);
   3966	} while (lastindex != wkr.kindex);
   3967
   3968	try_auto_wep(ai);
   3969
   3970	return SUCCESS;
   3971}
   3972
   3973static u16 issuecommand(struct airo_info *ai, Cmd *pCmd, Resp *pRsp,
   3974			bool may_sleep)
   3975{
   3976        // Im really paranoid about letting it run forever!
   3977	int max_tries = 600000;
   3978
   3979	if (IN4500(ai, EVSTAT) & EV_CMD)
   3980		OUT4500(ai, EVACK, EV_CMD);
   3981
   3982	OUT4500(ai, PARAM0, pCmd->parm0);
   3983	OUT4500(ai, PARAM1, pCmd->parm1);
   3984	OUT4500(ai, PARAM2, pCmd->parm2);
   3985	OUT4500(ai, COMMAND, pCmd->cmd);
   3986
   3987	while (max_tries-- && (IN4500(ai, EVSTAT) & EV_CMD) == 0) {
   3988		if ((IN4500(ai, COMMAND)) == pCmd->cmd)
   3989			// PC4500 didn't notice command, try again
   3990			OUT4500(ai, COMMAND, pCmd->cmd);
   3991		if (may_sleep && (max_tries & 255) == 0)
   3992			cond_resched();
   3993	}
   3994
   3995	if (max_tries == -1) {
   3996		airo_print_err(ai->dev->name,
   3997			"Max tries exceeded when issuing command");
   3998		if (IN4500(ai, COMMAND) & COMMAND_BUSY)
   3999			OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
   4000		return ERROR;
   4001	}
   4002
   4003	// command completed
   4004	pRsp->status = IN4500(ai, STATUS);
   4005	pRsp->rsp0 = IN4500(ai, RESP0);
   4006	pRsp->rsp1 = IN4500(ai, RESP1);
   4007	pRsp->rsp2 = IN4500(ai, RESP2);
   4008	if ((pRsp->status & 0xff00)!=0 && pCmd->cmd != CMD_SOFTRESET)
   4009		airo_print_err(ai->dev->name,
   4010			"cmd:%x status:%x rsp0:%x rsp1:%x rsp2:%x",
   4011			pCmd->cmd, pRsp->status, pRsp->rsp0, pRsp->rsp1,
   4012			pRsp->rsp2);
   4013
   4014	// clear stuck command busy if necessary
   4015	if (IN4500(ai, COMMAND) & COMMAND_BUSY) {
   4016		OUT4500(ai, EVACK, EV_CLEARCOMMANDBUSY);
   4017	}
   4018	// acknowledge processing the status/response
   4019	OUT4500(ai, EVACK, EV_CMD);
   4020
   4021	return SUCCESS;
   4022}
   4023
   4024/* Sets up the bap to start exchange data.  whichbap should
   4025 * be one of the BAP0 or BAP1 defines.  Locks should be held before
   4026 * calling! */
   4027static int bap_setup(struct airo_info *ai, u16 rid, u16 offset, int whichbap)
   4028{
   4029	int timeout = 50;
   4030	int max_tries = 3;
   4031
   4032	OUT4500(ai, SELECT0+whichbap, rid);
   4033	OUT4500(ai, OFFSET0+whichbap, offset);
   4034	while (1) {
   4035		int status = IN4500(ai, OFFSET0+whichbap);
   4036		if (status & BAP_BUSY) {
   4037                        /* This isn't really a timeout, but its kinda
   4038			   close */
   4039			if (timeout--) {
   4040				continue;
   4041			}
   4042		} else if (status & BAP_ERR) {
   4043			/* invalid rid or offset */
   4044			airo_print_err(ai->dev->name, "BAP error %x %d",
   4045				status, whichbap);
   4046			return ERROR;
   4047		} else if (status & BAP_DONE) { // success
   4048			return SUCCESS;
   4049		}
   4050		if (!(max_tries--)) {
   4051			airo_print_err(ai->dev->name,
   4052				"BAP setup error too many retries\n");
   4053			return ERROR;
   4054		}
   4055		// -- PC4500 missed it, try again
   4056		OUT4500(ai, SELECT0+whichbap, rid);
   4057		OUT4500(ai, OFFSET0+whichbap, offset);
   4058		timeout = 50;
   4059	}
   4060}
   4061
   4062/* should only be called by aux_bap_read.  This aux function and the
   4063   following use concepts not documented in the developers guide.  I
   4064   got them from a patch given to my by Aironet */
   4065static u16 aux_setup(struct airo_info *ai, u16 page,
   4066		     u16 offset, u16 *len)
   4067{
   4068	u16 next;
   4069
   4070	OUT4500(ai, AUXPAGE, page);
   4071	OUT4500(ai, AUXOFF, 0);
   4072	next = IN4500(ai, AUXDATA);
   4073	*len = IN4500(ai, AUXDATA)&0xff;
   4074	if (offset != 4) OUT4500(ai, AUXOFF, offset);
   4075	return next;
   4076}
   4077
   4078/* requires call to bap_setup() first */
   4079static int aux_bap_read(struct airo_info *ai, __le16 *pu16Dst,
   4080			int bytelen, int whichbap)
   4081{
   4082	u16 len;
   4083	u16 page;
   4084	u16 offset;
   4085	u16 next;
   4086	int words;
   4087	int i;
   4088	unsigned long flags;
   4089
   4090	spin_lock_irqsave(&ai->aux_lock, flags);
   4091	page = IN4500(ai, SWS0+whichbap);
   4092	offset = IN4500(ai, SWS2+whichbap);
   4093	next = aux_setup(ai, page, offset, &len);
   4094	words = (bytelen+1)>>1;
   4095
   4096	for (i = 0; i<words;) {
   4097		int count;
   4098		count = (len>>1) < (words-i) ? (len>>1) : (words-i);
   4099		if (!do8bitIO)
   4100			insw(ai->dev->base_addr+DATA0+whichbap,
   4101			      pu16Dst+i, count);
   4102		else
   4103			insb(ai->dev->base_addr+DATA0+whichbap,
   4104			      pu16Dst+i, count << 1);
   4105		i += count;
   4106		if (i<words) {
   4107			next = aux_setup(ai, next, 4, &len);
   4108		}
   4109	}
   4110	spin_unlock_irqrestore(&ai->aux_lock, flags);
   4111	return SUCCESS;
   4112}
   4113
   4114
   4115/* requires call to bap_setup() first */
   4116static int fast_bap_read(struct airo_info *ai, __le16 *pu16Dst,
   4117			 int bytelen, int whichbap)
   4118{
   4119	bytelen = (bytelen + 1) & (~1); // round up to even value
   4120	if (!do8bitIO)
   4121		insw(ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen>>1);
   4122	else
   4123		insb(ai->dev->base_addr+DATA0+whichbap, pu16Dst, bytelen);
   4124	return SUCCESS;
   4125}
   4126
   4127/* requires call to bap_setup() first */
   4128static int bap_write(struct airo_info *ai, const __le16 *pu16Src,
   4129		     int bytelen, int whichbap)
   4130{
   4131	bytelen = (bytelen + 1) & (~1); // round up to even value
   4132	if (!do8bitIO)
   4133		outsw(ai->dev->base_addr+DATA0+whichbap,
   4134		       pu16Src, bytelen>>1);
   4135	else
   4136		outsb(ai->dev->base_addr+DATA0+whichbap, pu16Src, bytelen);
   4137	return SUCCESS;
   4138}
   4139
   4140static int PC4500_accessrid(struct airo_info *ai, u16 rid, u16 accmd)
   4141{
   4142	Cmd cmd; /* for issuing commands */
   4143	Resp rsp; /* response from commands */
   4144	u16 status;
   4145
   4146	memset(&cmd, 0, sizeof(cmd));
   4147	cmd.cmd = accmd;
   4148	cmd.parm0 = rid;
   4149	status = issuecommand(ai, &cmd, &rsp, true);
   4150	if (status != 0) return status;
   4151	if ((rsp.status & 0x7F00) != 0) {
   4152		return (accmd << 8) + (rsp.rsp0 & 0xFF);
   4153	}
   4154	return 0;
   4155}
   4156
   4157/*  Note, that we are using BAP1 which is also used by transmit, so
   4158 *  we must get a lock. */
   4159static int PC4500_readrid(struct airo_info *ai, u16 rid, void *pBuf, int len, int lock)
   4160{
   4161	u16 status;
   4162        int rc = SUCCESS;
   4163
   4164	if (lock) {
   4165		if (down_interruptible(&ai->sem))
   4166			return ERROR;
   4167	}
   4168	if (test_bit(FLAG_MPI,&ai->flags)) {
   4169		Cmd cmd;
   4170		Resp rsp;
   4171
   4172		memset(&cmd, 0, sizeof(cmd));
   4173		memset(&rsp, 0, sizeof(rsp));
   4174		ai->config_desc.rid_desc.valid = 1;
   4175		ai->config_desc.rid_desc.len = RIDSIZE;
   4176		ai->config_desc.rid_desc.rid = 0;
   4177		ai->config_desc.rid_desc.host_addr = ai->ridbus;
   4178
   4179		cmd.cmd = CMD_ACCESS;
   4180		cmd.parm0 = rid;
   4181
   4182		memcpy_toio(ai->config_desc.card_ram_off,
   4183			&ai->config_desc.rid_desc, sizeof(Rid));
   4184
   4185		rc = issuecommand(ai, &cmd, &rsp, true);
   4186
   4187		if (rsp.status & 0x7f00)
   4188			rc = rsp.rsp0;
   4189		if (!rc)
   4190			memcpy(pBuf, ai->config_desc.virtual_host_addr, len);
   4191		goto done;
   4192	} else {
   4193		if ((status = PC4500_accessrid(ai, rid, CMD_ACCESS))!=SUCCESS) {
   4194	                rc = status;
   4195	                goto done;
   4196	        }
   4197		if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
   4198			rc = ERROR;
   4199	                goto done;
   4200	        }
   4201		// read the rid length field
   4202		bap_read(ai, pBuf, 2, BAP1);
   4203		// length for remaining part of rid
   4204		len = min(len, (int)le16_to_cpu(*(__le16*)pBuf)) - 2;
   4205
   4206		if (len <= 2) {
   4207			airo_print_err(ai->dev->name,
   4208				"Rid %x has a length of %d which is too short",
   4209				(int)rid, (int)len);
   4210			rc = ERROR;
   4211	                goto done;
   4212		}
   4213		// read remainder of the rid
   4214		rc = bap_read(ai, ((__le16*)pBuf)+1, len, BAP1);
   4215	}
   4216done:
   4217	if (lock)
   4218		up(&ai->sem);
   4219	return rc;
   4220}
   4221
   4222/*  Note, that we are using BAP1 which is also used by transmit, so
   4223 *  make sure this isn't called when a transmit is happening */
   4224static int PC4500_writerid(struct airo_info *ai, u16 rid,
   4225			   const void *pBuf, int len, int lock)
   4226{
   4227	u16 status;
   4228	int rc = SUCCESS;
   4229
   4230	*(__le16*)pBuf = cpu_to_le16((u16)len);
   4231
   4232	if (lock) {
   4233		if (down_interruptible(&ai->sem))
   4234			return ERROR;
   4235	}
   4236	if (test_bit(FLAG_MPI,&ai->flags)) {
   4237		Cmd cmd;
   4238		Resp rsp;
   4239
   4240		if (test_bit(FLAG_ENABLED, &ai->flags) && (RID_WEP_TEMP != rid))
   4241			airo_print_err(ai->dev->name,
   4242				"%s: MAC should be disabled (rid=%04x)",
   4243				__func__, rid);
   4244		memset(&cmd, 0, sizeof(cmd));
   4245		memset(&rsp, 0, sizeof(rsp));
   4246
   4247		ai->config_desc.rid_desc.valid = 1;
   4248		ai->config_desc.rid_desc.len = *((u16 *)pBuf);
   4249		ai->config_desc.rid_desc.rid = 0;
   4250
   4251		cmd.cmd = CMD_WRITERID;
   4252		cmd.parm0 = rid;
   4253
   4254		memcpy_toio(ai->config_desc.card_ram_off,
   4255			&ai->config_desc.rid_desc, sizeof(Rid));
   4256
   4257		if (len < 4 || len > 2047) {
   4258			airo_print_err(ai->dev->name, "%s: len=%d", __func__, len);
   4259			rc = -1;
   4260		} else {
   4261			memcpy(ai->config_desc.virtual_host_addr,
   4262				pBuf, len);
   4263
   4264			rc = issuecommand(ai, &cmd, &rsp, true);
   4265			if ((rc & 0xff00) != 0) {
   4266				airo_print_err(ai->dev->name, "%s: Write rid Error %d",
   4267						__func__, rc);
   4268				airo_print_err(ai->dev->name, "%s: Cmd=%04x",
   4269						__func__, cmd.cmd);
   4270			}
   4271
   4272			if ((rsp.status & 0x7f00))
   4273				rc = rsp.rsp0;
   4274		}
   4275	} else {
   4276		// --- first access so that we can write the rid data
   4277		if ((status = PC4500_accessrid(ai, rid, CMD_ACCESS)) != 0) {
   4278	                rc = status;
   4279	                goto done;
   4280	        }
   4281		// --- now write the rid data
   4282		if (bap_setup(ai, rid, 0, BAP1) != SUCCESS) {
   4283	                rc = ERROR;
   4284	                goto done;
   4285	        }
   4286		bap_write(ai, pBuf, len, BAP1);
   4287		// ---now commit the rid data
   4288		rc = PC4500_accessrid(ai, rid, 0x100|CMD_ACCESS);
   4289	}
   4290done:
   4291	if (lock)
   4292		up(&ai->sem);
   4293        return rc;
   4294}
   4295
   4296/* Allocates a FID to be used for transmitting packets.  We only use
   4297   one for now. */
   4298static u16 transmit_allocate(struct airo_info *ai, int lenPayload, int raw)
   4299{
   4300	unsigned int loop = 3000;
   4301	Cmd cmd;
   4302	Resp rsp;
   4303	u16 txFid;
   4304	__le16 txControl;
   4305
   4306	cmd.cmd = CMD_ALLOCATETX;
   4307	cmd.parm0 = lenPayload;
   4308	if (down_interruptible(&ai->sem))
   4309		return ERROR;
   4310	if (issuecommand(ai, &cmd, &rsp, true) != SUCCESS) {
   4311		txFid = ERROR;
   4312		goto done;
   4313	}
   4314	if ((rsp.status & 0xFF00) != 0) {
   4315		txFid = ERROR;
   4316		goto done;
   4317	}
   4318	/* wait for the allocate event/indication
   4319	 * It makes me kind of nervous that this can just sit here and spin,
   4320	 * but in practice it only loops like four times. */
   4321	while (((IN4500(ai, EVSTAT) & EV_ALLOC) == 0) && --loop);
   4322	if (!loop) {
   4323		txFid = ERROR;
   4324		goto done;
   4325	}
   4326
   4327	// get the allocated fid and acknowledge
   4328	txFid = IN4500(ai, TXALLOCFID);
   4329	OUT4500(ai, EVACK, EV_ALLOC);
   4330
   4331	/*  The CARD is pretty cool since it converts the ethernet packet
   4332	 *  into 802.11.  Also note that we don't release the FID since we
   4333	 *  will be using the same one over and over again. */
   4334	/*  We only have to setup the control once since we are not
   4335	 *  releasing the fid. */
   4336	if (raw)
   4337		txControl = cpu_to_le16(TXCTL_TXOK | TXCTL_TXEX | TXCTL_802_11
   4338			| TXCTL_ETHERNET | TXCTL_NORELEASE);
   4339	else
   4340		txControl = cpu_to_le16(TXCTL_TXOK | TXCTL_TXEX | TXCTL_802_3
   4341			| TXCTL_ETHERNET | TXCTL_NORELEASE);
   4342	if (bap_setup(ai, txFid, 0x0008, BAP1) != SUCCESS)
   4343		txFid = ERROR;
   4344	else
   4345		bap_write(ai, &txControl, sizeof(txControl), BAP1);
   4346
   4347done:
   4348	up(&ai->sem);
   4349
   4350	return txFid;
   4351}
   4352
   4353/* In general BAP1 is dedicated to transmiting packets.  However,
   4354   since we need a BAP when accessing RIDs, we also use BAP1 for that.
   4355   Make sure the BAP1 spinlock is held when this is called. */
   4356static int transmit_802_3_packet(struct airo_info *ai, int len, char *pPacket,
   4357				 bool may_sleep)
   4358{
   4359	__le16 payloadLen;
   4360	Cmd cmd;
   4361	Resp rsp;
   4362	int miclen = 0;
   4363	u16 txFid = len;
   4364	MICBuffer pMic;
   4365
   4366	len >>= 16;
   4367
   4368	if (len <= ETH_ALEN * 2) {
   4369		airo_print_warn(ai->dev->name, "Short packet %d", len);
   4370		return ERROR;
   4371	}
   4372	len -= ETH_ALEN * 2;
   4373
   4374	if (test_bit(FLAG_MIC_CAPABLE, &ai->flags) && ai->micstats.enabled &&
   4375	    (ntohs(((__be16 *)pPacket)[6]) != 0x888E)) {
   4376		if (encapsulate(ai, (etherHead *)pPacket,&pMic, len) != SUCCESS)
   4377			return ERROR;
   4378		miclen = sizeof(pMic);
   4379	}
   4380	// packet is destination[6], source[6], payload[len-12]
   4381	// write the payload length and dst/src/payload
   4382	if (bap_setup(ai, txFid, 0x0036, BAP1) != SUCCESS) return ERROR;
   4383	/* The hardware addresses aren't counted as part of the payload, so
   4384	 * we have to subtract the 12 bytes for the addresses off */
   4385	payloadLen = cpu_to_le16(len + miclen);
   4386	bap_write(ai, &payloadLen, sizeof(payloadLen), BAP1);
   4387	bap_write(ai, (__le16*)pPacket, sizeof(etherHead), BAP1);
   4388	if (miclen)
   4389		bap_write(ai, (__le16*)&pMic, miclen, BAP1);
   4390	bap_write(ai, (__le16*)(pPacket + sizeof(etherHead)), len, BAP1);
   4391	// issue the transmit command
   4392	memset(&cmd, 0, sizeof(cmd));
   4393	cmd.cmd = CMD_TRANSMIT;
   4394	cmd.parm0 = txFid;
   4395	if (issuecommand(ai, &cmd, &rsp, may_sleep) != SUCCESS)
   4396		return ERROR;
   4397	if ((rsp.status & 0xFF00) != 0) return ERROR;
   4398	return SUCCESS;
   4399}
   4400
   4401static int transmit_802_11_packet(struct airo_info *ai, int len, char *pPacket,
   4402				  bool may_sleep)
   4403{
   4404	__le16 fc, payloadLen;
   4405	Cmd cmd;
   4406	Resp rsp;
   4407	int hdrlen;
   4408	static u8 tail[(30-10) + 2 + 6] = {[30-10] = 6};
   4409	/* padding of header to full size + le16 gaplen (6) + gaplen bytes */
   4410	u16 txFid = len;
   4411	len >>= 16;
   4412
   4413	fc = *(__le16*)pPacket;
   4414	hdrlen = header_len(fc);
   4415
   4416	if (len < hdrlen) {
   4417		airo_print_warn(ai->dev->name, "Short packet %d", len);
   4418		return ERROR;
   4419	}
   4420
   4421	/* packet is 802.11 header +  payload
   4422	 * write the payload length and dst/src/payload */
   4423	if (bap_setup(ai, txFid, 6, BAP1) != SUCCESS) return ERROR;
   4424	/* The 802.11 header aren't counted as part of the payload, so
   4425	 * we have to subtract the header bytes off */
   4426	payloadLen = cpu_to_le16(len-hdrlen);
   4427	bap_write(ai, &payloadLen, sizeof(payloadLen), BAP1);
   4428	if (bap_setup(ai, txFid, 0x0014, BAP1) != SUCCESS) return ERROR;
   4429	bap_write(ai, (__le16 *)pPacket, hdrlen, BAP1);
   4430	bap_write(ai, (__le16 *)(tail + (hdrlen - 10)), 38 - hdrlen, BAP1);
   4431
   4432	bap_write(ai, (__le16 *)(pPacket + hdrlen), len - hdrlen, BAP1);
   4433	// issue the transmit command
   4434	memset(&cmd, 0, sizeof(cmd));
   4435	cmd.cmd = CMD_TRANSMIT;
   4436	cmd.parm0 = txFid;
   4437	if (issuecommand(ai, &cmd, &rsp, may_sleep) != SUCCESS)
   4438		return ERROR;
   4439	if ((rsp.status & 0xFF00) != 0) return ERROR;
   4440	return SUCCESS;
   4441}
   4442
   4443/*
   4444 *  This is the proc_fs routines.  It is a bit messier than I would
   4445 *  like!  Feel free to clean it up!
   4446 */
   4447
   4448static ssize_t proc_read(struct file *file,
   4449			  char __user *buffer,
   4450			  size_t len,
   4451			  loff_t *offset);
   4452
   4453static ssize_t proc_write(struct file *file,
   4454			   const char __user *buffer,
   4455			   size_t len,
   4456			   loff_t *offset);
   4457static int proc_close(struct inode *inode, struct file *file);
   4458
   4459static int proc_stats_open(struct inode *inode, struct file *file);
   4460static int proc_statsdelta_open(struct inode *inode, struct file *file);
   4461static int proc_status_open(struct inode *inode, struct file *file);
   4462static int proc_SSID_open(struct inode *inode, struct file *file);
   4463static int proc_APList_open(struct inode *inode, struct file *file);
   4464static int proc_BSSList_open(struct inode *inode, struct file *file);
   4465static int proc_config_open(struct inode *inode, struct file *file);
   4466static int proc_wepkey_open(struct inode *inode, struct file *file);
   4467
   4468static const struct proc_ops proc_statsdelta_ops = {
   4469	.proc_read	= proc_read,
   4470	.proc_open	= proc_statsdelta_open,
   4471	.proc_release	= proc_close,
   4472	.proc_lseek	= default_llseek,
   4473};
   4474
   4475static const struct proc_ops proc_stats_ops = {
   4476	.proc_read	= proc_read,
   4477	.proc_open	= proc_stats_open,
   4478	.proc_release	= proc_close,
   4479	.proc_lseek	= default_llseek,
   4480};
   4481
   4482static const struct proc_ops proc_status_ops = {
   4483	.proc_read	= proc_read,
   4484	.proc_open	= proc_status_open,
   4485	.proc_release	= proc_close,
   4486	.proc_lseek	= default_llseek,
   4487};
   4488
   4489static const struct proc_ops proc_SSID_ops = {
   4490	.proc_read	= proc_read,
   4491	.proc_write	= proc_write,
   4492	.proc_open	= proc_SSID_open,
   4493	.proc_release	= proc_close,
   4494	.proc_lseek	= default_llseek,
   4495};
   4496
   4497static const struct proc_ops proc_BSSList_ops = {
   4498	.proc_read	= proc_read,
   4499	.proc_write	= proc_write,
   4500	.proc_open	= proc_BSSList_open,
   4501	.proc_release	= proc_close,
   4502	.proc_lseek	= default_llseek,
   4503};
   4504
   4505static const struct proc_ops proc_APList_ops = {
   4506	.proc_read	= proc_read,
   4507	.proc_write	= proc_write,
   4508	.proc_open	= proc_APList_open,
   4509	.proc_release	= proc_close,
   4510	.proc_lseek	= default_llseek,
   4511};
   4512
   4513static const struct proc_ops proc_config_ops = {
   4514	.proc_read	= proc_read,
   4515	.proc_write	= proc_write,
   4516	.proc_open	= proc_config_open,
   4517	.proc_release	= proc_close,
   4518	.proc_lseek	= default_llseek,
   4519};
   4520
   4521static const struct proc_ops proc_wepkey_ops = {
   4522	.proc_read	= proc_read,
   4523	.proc_write	= proc_write,
   4524	.proc_open	= proc_wepkey_open,
   4525	.proc_release	= proc_close,
   4526	.proc_lseek	= default_llseek,
   4527};
   4528
   4529static struct proc_dir_entry *airo_entry;
   4530
   4531struct proc_data {
   4532	int release_buffer;
   4533	int readlen;
   4534	char *rbuffer;
   4535	int writelen;
   4536	int maxwritelen;
   4537	char *wbuffer;
   4538	void (*on_close) (struct inode *, struct file *);
   4539};
   4540
   4541static int setup_proc_entry(struct net_device *dev,
   4542			     struct airo_info *apriv)
   4543{
   4544	struct proc_dir_entry *entry;
   4545
   4546	/* First setup the device directory */
   4547	strcpy(apriv->proc_name, dev->name);
   4548	apriv->proc_entry = proc_mkdir_mode(apriv->proc_name, airo_perm,
   4549					    airo_entry);
   4550	if (!apriv->proc_entry)
   4551		return -ENOMEM;
   4552	proc_set_user(apriv->proc_entry, proc_kuid, proc_kgid);
   4553
   4554	/* Setup the StatsDelta */
   4555	entry = proc_create_data("StatsDelta", 0444 & proc_perm,
   4556				 apriv->proc_entry, &proc_statsdelta_ops, dev);
   4557	if (!entry)
   4558		goto fail;
   4559	proc_set_user(entry, proc_kuid, proc_kgid);
   4560
   4561	/* Setup the Stats */
   4562	entry = proc_create_data("Stats", 0444 & proc_perm,
   4563				 apriv->proc_entry, &proc_stats_ops, dev);
   4564	if (!entry)
   4565		goto fail;
   4566	proc_set_user(entry, proc_kuid, proc_kgid);
   4567
   4568	/* Setup the Status */
   4569	entry = proc_create_data("Status", 0444 & proc_perm,
   4570				 apriv->proc_entry, &proc_status_ops, dev);
   4571	if (!entry)
   4572		goto fail;
   4573	proc_set_user(entry, proc_kuid, proc_kgid);
   4574
   4575	/* Setup the Config */
   4576	entry = proc_create_data("Config", proc_perm,
   4577				 apriv->proc_entry, &proc_config_ops, dev);
   4578	if (!entry)
   4579		goto fail;
   4580	proc_set_user(entry, proc_kuid, proc_kgid);
   4581
   4582	/* Setup the SSID */
   4583	entry = proc_create_data("SSID", proc_perm,
   4584				 apriv->proc_entry, &proc_SSID_ops, dev);
   4585	if (!entry)
   4586		goto fail;
   4587	proc_set_user(entry, proc_kuid, proc_kgid);
   4588
   4589	/* Setup the APList */
   4590	entry = proc_create_data("APList", proc_perm,
   4591				 apriv->proc_entry, &proc_APList_ops, dev);
   4592	if (!entry)
   4593		goto fail;
   4594	proc_set_user(entry, proc_kuid, proc_kgid);
   4595
   4596	/* Setup the BSSList */
   4597	entry = proc_create_data("BSSList", proc_perm,
   4598				 apriv->proc_entry, &proc_BSSList_ops, dev);
   4599	if (!entry)
   4600		goto fail;
   4601	proc_set_user(entry, proc_kuid, proc_kgid);
   4602
   4603	/* Setup the WepKey */
   4604	entry = proc_create_data("WepKey", proc_perm,
   4605				 apriv->proc_entry, &proc_wepkey_ops, dev);
   4606	if (!entry)
   4607		goto fail;
   4608	proc_set_user(entry, proc_kuid, proc_kgid);
   4609	return 0;
   4610
   4611fail:
   4612	remove_proc_subtree(apriv->proc_name, airo_entry);
   4613	return -ENOMEM;
   4614}
   4615
   4616static int takedown_proc_entry(struct net_device *dev,
   4617				struct airo_info *apriv)
   4618{
   4619	remove_proc_subtree(apriv->proc_name, airo_entry);
   4620	return 0;
   4621}
   4622
   4623/*
   4624 *  What we want from the proc_fs is to be able to efficiently read
   4625 *  and write the configuration.  To do this, we want to read the
   4626 *  configuration when the file is opened and write it when the file is
   4627 *  closed.  So basically we allocate a read buffer at open and fill it
   4628 *  with data, and allocate a write buffer and read it at close.
   4629 */
   4630
   4631/*
   4632 *  The read routine is generic, it relies on the preallocated rbuffer
   4633 *  to supply the data.
   4634 */
   4635static ssize_t proc_read(struct file *file,
   4636			  char __user *buffer,
   4637			  size_t len,
   4638			  loff_t *offset)
   4639{
   4640	struct proc_data *priv = file->private_data;
   4641
   4642	if (!priv->rbuffer)
   4643		return -EINVAL;
   4644
   4645	return simple_read_from_buffer(buffer, len, offset, priv->rbuffer,
   4646					priv->readlen);
   4647}
   4648
   4649/*
   4650 *  The write routine is generic, it fills in a preallocated rbuffer
   4651 *  to supply the data.
   4652 */
   4653static ssize_t proc_write(struct file *file,
   4654			   const char __user *buffer,
   4655			   size_t len,
   4656			   loff_t *offset)
   4657{
   4658	ssize_t ret;
   4659	struct proc_data *priv = file->private_data;
   4660
   4661	if (!priv->wbuffer)
   4662		return -EINVAL;
   4663
   4664	ret = simple_write_to_buffer(priv->wbuffer, priv->maxwritelen, offset,
   4665					buffer, len);
   4666	if (ret > 0)
   4667		priv->writelen = max_t(int, priv->writelen, *offset);
   4668
   4669	return ret;
   4670}
   4671
   4672static int proc_status_open(struct inode *inode, struct file *file)
   4673{
   4674	struct proc_data *data;
   4675	struct net_device *dev = pde_data(inode);
   4676	struct airo_info *apriv = dev->ml_priv;
   4677	CapabilityRid cap_rid;
   4678	StatusRid status_rid;
   4679	u16 mode;
   4680	int i;
   4681
   4682	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   4683		return -ENOMEM;
   4684	data = file->private_data;
   4685	if ((data->rbuffer = kmalloc(2048, GFP_KERNEL)) == NULL) {
   4686		kfree (file->private_data);
   4687		return -ENOMEM;
   4688	}
   4689
   4690	readStatusRid(apriv, &status_rid, 1);
   4691	readCapabilityRid(apriv, &cap_rid, 1);
   4692
   4693	mode = le16_to_cpu(status_rid.mode);
   4694
   4695        i = sprintf(data->rbuffer, "Status: %s%s%s%s%s%s%s%s%s\n",
   4696                    mode & 1 ? "CFG ": "",
   4697                    mode & 2 ? "ACT ": "",
   4698                    mode & 0x10 ? "SYN ": "",
   4699                    mode & 0x20 ? "LNK ": "",
   4700                    mode & 0x40 ? "LEAP ": "",
   4701                    mode & 0x80 ? "PRIV ": "",
   4702                    mode & 0x100 ? "KEY ": "",
   4703                    mode & 0x200 ? "WEP ": "",
   4704                    mode & 0x8000 ? "ERR ": "");
   4705	sprintf(data->rbuffer+i, "Mode: %x\n"
   4706		 "Signal Strength: %d\n"
   4707		 "Signal Quality: %d\n"
   4708		 "SSID: %-.*s\n"
   4709		 "AP: %-.16s\n"
   4710		 "Freq: %d\n"
   4711		 "BitRate: %dmbs\n"
   4712		 "Driver Version: %s\n"
   4713		 "Device: %s\nManufacturer: %s\nFirmware Version: %s\n"
   4714		 "Radio type: %x\nCountry: %x\nHardware Version: %x\n"
   4715		 "Software Version: %x\nSoftware Subversion: %x\n"
   4716		 "Boot block version: %x\n",
   4717		 le16_to_cpu(status_rid.mode),
   4718		 le16_to_cpu(status_rid.normalizedSignalStrength),
   4719		 le16_to_cpu(status_rid.signalQuality),
   4720		 le16_to_cpu(status_rid.SSIDlen),
   4721		 status_rid.SSID,
   4722		 status_rid.apName,
   4723		 le16_to_cpu(status_rid.channel),
   4724		 le16_to_cpu(status_rid.currentXmitRate) / 2,
   4725		 version,
   4726		 cap_rid.prodName,
   4727		 cap_rid.manName,
   4728		 cap_rid.prodVer,
   4729		 le16_to_cpu(cap_rid.radioType),
   4730		 le16_to_cpu(cap_rid.country),
   4731		 le16_to_cpu(cap_rid.hardVer),
   4732		 le16_to_cpu(cap_rid.softVer),
   4733		 le16_to_cpu(cap_rid.softSubVer),
   4734		 le16_to_cpu(cap_rid.bootBlockVer));
   4735	data->readlen = strlen(data->rbuffer);
   4736	return 0;
   4737}
   4738
   4739static int proc_stats_rid_open(struct inode*, struct file*, u16);
   4740static int proc_statsdelta_open(struct inode *inode,
   4741				 struct file *file)
   4742{
   4743	if (file->f_mode&FMODE_WRITE) {
   4744		return proc_stats_rid_open(inode, file, RID_STATSDELTACLEAR);
   4745	}
   4746	return proc_stats_rid_open(inode, file, RID_STATSDELTA);
   4747}
   4748
   4749static int proc_stats_open(struct inode *inode, struct file *file)
   4750{
   4751	return proc_stats_rid_open(inode, file, RID_STATS);
   4752}
   4753
   4754static int proc_stats_rid_open(struct inode *inode,
   4755				struct file *file,
   4756				u16 rid)
   4757{
   4758	struct proc_data *data;
   4759	struct net_device *dev = pde_data(inode);
   4760	struct airo_info *apriv = dev->ml_priv;
   4761	StatsRid stats;
   4762	int i, j;
   4763	__le32 *vals = stats.vals;
   4764	int len;
   4765
   4766	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   4767		return -ENOMEM;
   4768	data = file->private_data;
   4769	if ((data->rbuffer = kmalloc(4096, GFP_KERNEL)) == NULL) {
   4770		kfree (file->private_data);
   4771		return -ENOMEM;
   4772	}
   4773
   4774	readStatsRid(apriv, &stats, rid, 1);
   4775	len = le16_to_cpu(stats.len);
   4776
   4777        j = 0;
   4778	for (i = 0; statsLabels[i]!=(char *)-1 && i*4<len; i++) {
   4779		if (!statsLabels[i]) continue;
   4780		if (j+strlen(statsLabels[i])+16>4096) {
   4781			airo_print_warn(apriv->dev->name,
   4782			       "Potentially disastrous buffer overflow averted!");
   4783			break;
   4784		}
   4785		j+=sprintf(data->rbuffer+j, "%s: %u\n", statsLabels[i],
   4786				le32_to_cpu(vals[i]));
   4787	}
   4788	if (i*4 >= len) {
   4789		airo_print_warn(apriv->dev->name, "Got a short rid");
   4790	}
   4791	data->readlen = j;
   4792	return 0;
   4793}
   4794
   4795static int get_dec_u16(char *buffer, int *start, int limit)
   4796{
   4797	u16 value;
   4798	int valid = 0;
   4799	for (value = 0; *start < limit && buffer[*start] >= '0' &&
   4800			buffer[*start] <= '9'; (*start)++) {
   4801		valid = 1;
   4802		value *= 10;
   4803		value += buffer[*start] - '0';
   4804	}
   4805	if (!valid) return -1;
   4806	return value;
   4807}
   4808
   4809static int airo_config_commit(struct net_device *dev,
   4810			      struct iw_request_info *info, void *zwrq,
   4811			      char *extra);
   4812
   4813static inline int sniffing_mode(struct airo_info *ai)
   4814{
   4815	return (le16_to_cpu(ai->config.rmode) & le16_to_cpu(RXMODE_MASK)) >=
   4816		le16_to_cpu(RXMODE_RFMON);
   4817}
   4818
   4819static void proc_config_on_close(struct inode *inode, struct file *file)
   4820{
   4821	struct proc_data *data = file->private_data;
   4822	struct net_device *dev = pde_data(inode);
   4823	struct airo_info *ai = dev->ml_priv;
   4824	char *line;
   4825
   4826	if (!data->writelen) return;
   4827
   4828	readConfigRid(ai, 1);
   4829	set_bit (FLAG_COMMIT, &ai->flags);
   4830
   4831	line = data->wbuffer;
   4832	while (line[0]) {
   4833/*** Mode processing */
   4834		if (!strncmp(line, "Mode: ", 6)) {
   4835			line += 6;
   4836			if (sniffing_mode(ai))
   4837				set_bit (FLAG_RESET, &ai->flags);
   4838			ai->config.rmode &= ~RXMODE_FULL_MASK;
   4839			clear_bit (FLAG_802_11, &ai->flags);
   4840			ai->config.opmode &= ~MODE_CFG_MASK;
   4841			ai->config.scanMode = SCANMODE_ACTIVE;
   4842			if (line[0] == 'a') {
   4843				ai->config.opmode |= MODE_STA_IBSS;
   4844			} else {
   4845				ai->config.opmode |= MODE_STA_ESS;
   4846				if (line[0] == 'r') {
   4847					ai->config.rmode |= RXMODE_RFMON | RXMODE_DISABLE_802_3_HEADER;
   4848					ai->config.scanMode = SCANMODE_PASSIVE;
   4849					set_bit (FLAG_802_11, &ai->flags);
   4850				} else if (line[0] == 'y') {
   4851					ai->config.rmode |= RXMODE_RFMON_ANYBSS | RXMODE_DISABLE_802_3_HEADER;
   4852					ai->config.scanMode = SCANMODE_PASSIVE;
   4853					set_bit (FLAG_802_11, &ai->flags);
   4854				} else if (line[0] == 'l')
   4855					ai->config.rmode |= RXMODE_LANMON;
   4856			}
   4857			set_bit (FLAG_COMMIT, &ai->flags);
   4858		}
   4859
   4860/*** Radio status */
   4861		else if (!strncmp(line,"Radio: ", 7)) {
   4862			line += 7;
   4863			if (!strncmp(line,"off", 3)) {
   4864				set_bit (FLAG_RADIO_OFF, &ai->flags);
   4865			} else {
   4866				clear_bit (FLAG_RADIO_OFF, &ai->flags);
   4867			}
   4868		}
   4869/*** NodeName processing */
   4870		else if (!strncmp(line, "NodeName: ", 10)) {
   4871			int j;
   4872
   4873			line += 10;
   4874			memset(ai->config.nodeName, 0, 16);
   4875/* Do the name, assume a space between the mode and node name */
   4876			for (j = 0; j < 16 && line[j] != '\n'; j++) {
   4877				ai->config.nodeName[j] = line[j];
   4878			}
   4879			set_bit (FLAG_COMMIT, &ai->flags);
   4880		}
   4881
   4882/*** PowerMode processing */
   4883		else if (!strncmp(line, "PowerMode: ", 11)) {
   4884			line += 11;
   4885			if (!strncmp(line, "PSPCAM", 6)) {
   4886				ai->config.powerSaveMode = POWERSAVE_PSPCAM;
   4887				set_bit (FLAG_COMMIT, &ai->flags);
   4888			} else if (!strncmp(line, "PSP", 3)) {
   4889				ai->config.powerSaveMode = POWERSAVE_PSP;
   4890				set_bit (FLAG_COMMIT, &ai->flags);
   4891			} else {
   4892				ai->config.powerSaveMode = POWERSAVE_CAM;
   4893				set_bit (FLAG_COMMIT, &ai->flags);
   4894			}
   4895		} else if (!strncmp(line, "DataRates: ", 11)) {
   4896			int v, i = 0, k = 0; /* i is index into line,
   4897						k is index to rates */
   4898
   4899			line += 11;
   4900			while ((v = get_dec_u16(line, &i, 3))!=-1) {
   4901				ai->config.rates[k++] = (u8)v;
   4902				line += i + 1;
   4903				i = 0;
   4904			}
   4905			set_bit (FLAG_COMMIT, &ai->flags);
   4906		} else if (!strncmp(line, "Channel: ", 9)) {
   4907			int v, i = 0;
   4908			line += 9;
   4909			v = get_dec_u16(line, &i, i+3);
   4910			if (v != -1) {
   4911				ai->config.channelSet = cpu_to_le16(v);
   4912				set_bit (FLAG_COMMIT, &ai->flags);
   4913			}
   4914		} else if (!strncmp(line, "XmitPower: ", 11)) {
   4915			int v, i = 0;
   4916			line += 11;
   4917			v = get_dec_u16(line, &i, i+3);
   4918			if (v != -1) {
   4919				ai->config.txPower = cpu_to_le16(v);
   4920				set_bit (FLAG_COMMIT, &ai->flags);
   4921			}
   4922		} else if (!strncmp(line, "WEP: ", 5)) {
   4923			line += 5;
   4924			switch(line[0]) {
   4925			case 's':
   4926				set_auth_type(ai, AUTH_SHAREDKEY);
   4927				break;
   4928			case 'e':
   4929				set_auth_type(ai, AUTH_ENCRYPT);
   4930				break;
   4931			default:
   4932				set_auth_type(ai, AUTH_OPEN);
   4933				break;
   4934			}
   4935			set_bit (FLAG_COMMIT, &ai->flags);
   4936		} else if (!strncmp(line, "LongRetryLimit: ", 16)) {
   4937			int v, i = 0;
   4938
   4939			line += 16;
   4940			v = get_dec_u16(line, &i, 3);
   4941			v = (v<0) ? 0 : ((v>255) ? 255 : v);
   4942			ai->config.longRetryLimit = cpu_to_le16(v);
   4943			set_bit (FLAG_COMMIT, &ai->flags);
   4944		} else if (!strncmp(line, "ShortRetryLimit: ", 17)) {
   4945			int v, i = 0;
   4946
   4947			line += 17;
   4948			v = get_dec_u16(line, &i, 3);
   4949			v = (v<0) ? 0 : ((v>255) ? 255 : v);
   4950			ai->config.shortRetryLimit = cpu_to_le16(v);
   4951			set_bit (FLAG_COMMIT, &ai->flags);
   4952		} else if (!strncmp(line, "RTSThreshold: ", 14)) {
   4953			int v, i = 0;
   4954
   4955			line += 14;
   4956			v = get_dec_u16(line, &i, 4);
   4957			v = (v<0) ? 0 : ((v>AIRO_DEF_MTU) ? AIRO_DEF_MTU : v);
   4958			ai->config.rtsThres = cpu_to_le16(v);
   4959			set_bit (FLAG_COMMIT, &ai->flags);
   4960		} else if (!strncmp(line, "TXMSDULifetime: ", 16)) {
   4961			int v, i = 0;
   4962
   4963			line += 16;
   4964			v = get_dec_u16(line, &i, 5);
   4965			v = (v<0) ? 0 : v;
   4966			ai->config.txLifetime = cpu_to_le16(v);
   4967			set_bit (FLAG_COMMIT, &ai->flags);
   4968		} else if (!strncmp(line, "RXMSDULifetime: ", 16)) {
   4969			int v, i = 0;
   4970
   4971			line += 16;
   4972			v = get_dec_u16(line, &i, 5);
   4973			v = (v<0) ? 0 : v;
   4974			ai->config.rxLifetime = cpu_to_le16(v);
   4975			set_bit (FLAG_COMMIT, &ai->flags);
   4976		} else if (!strncmp(line, "TXDiversity: ", 13)) {
   4977			ai->config.txDiversity =
   4978				(line[13]=='l') ? 1 :
   4979				((line[13]=='r')? 2: 3);
   4980			set_bit (FLAG_COMMIT, &ai->flags);
   4981		} else if (!strncmp(line, "RXDiversity: ", 13)) {
   4982			ai->config.rxDiversity =
   4983				(line[13]=='l') ? 1 :
   4984				((line[13]=='r')? 2: 3);
   4985			set_bit (FLAG_COMMIT, &ai->flags);
   4986		} else if (!strncmp(line, "FragThreshold: ", 15)) {
   4987			int v, i = 0;
   4988
   4989			line += 15;
   4990			v = get_dec_u16(line, &i, 4);
   4991			v = (v<256) ? 256 : ((v>AIRO_DEF_MTU) ? AIRO_DEF_MTU : v);
   4992			v = v & 0xfffe; /* Make sure its even */
   4993			ai->config.fragThresh = cpu_to_le16(v);
   4994			set_bit (FLAG_COMMIT, &ai->flags);
   4995		} else if (!strncmp(line, "Modulation: ", 12)) {
   4996			line += 12;
   4997			switch(*line) {
   4998			case 'd':  ai->config.modulation = MOD_DEFAULT; set_bit(FLAG_COMMIT, &ai->flags); break;
   4999			case 'c':  ai->config.modulation = MOD_CCK; set_bit(FLAG_COMMIT, &ai->flags); break;
   5000			case 'm':  ai->config.modulation = MOD_MOK; set_bit(FLAG_COMMIT, &ai->flags); break;
   5001			default: airo_print_warn(ai->dev->name, "Unknown modulation");
   5002			}
   5003		} else if (!strncmp(line, "Preamble: ", 10)) {
   5004			line += 10;
   5005			switch(*line) {
   5006			case 'a': ai->config.preamble = PREAMBLE_AUTO; set_bit(FLAG_COMMIT, &ai->flags); break;
   5007			case 'l': ai->config.preamble = PREAMBLE_LONG; set_bit(FLAG_COMMIT, &ai->flags); break;
   5008			case 's': ai->config.preamble = PREAMBLE_SHORT; set_bit(FLAG_COMMIT, &ai->flags); break;
   5009			default: airo_print_warn(ai->dev->name, "Unknown preamble");
   5010			}
   5011		} else {
   5012			airo_print_warn(ai->dev->name, "Couldn't figure out %s", line);
   5013		}
   5014		while (line[0] && line[0] != '\n') line++;
   5015		if (line[0]) line++;
   5016	}
   5017	airo_config_commit(dev, NULL, NULL, NULL);
   5018}
   5019
   5020static const char *get_rmode(__le16 mode)
   5021{
   5022        switch(mode & RXMODE_MASK) {
   5023        case RXMODE_RFMON:  return "rfmon";
   5024        case RXMODE_RFMON_ANYBSS:  return "yna (any) bss rfmon";
   5025        case RXMODE_LANMON:  return "lanmon";
   5026        }
   5027        return "ESS";
   5028}
   5029
   5030static int proc_config_open(struct inode *inode, struct file *file)
   5031{
   5032	struct proc_data *data;
   5033	struct net_device *dev = pde_data(inode);
   5034	struct airo_info *ai = dev->ml_priv;
   5035	int i;
   5036	__le16 mode;
   5037
   5038	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   5039		return -ENOMEM;
   5040	data = file->private_data;
   5041	if ((data->rbuffer = kmalloc(2048, GFP_KERNEL)) == NULL) {
   5042		kfree (file->private_data);
   5043		return -ENOMEM;
   5044	}
   5045	if ((data->wbuffer = kzalloc(2048, GFP_KERNEL)) == NULL) {
   5046		kfree (data->rbuffer);
   5047		kfree (file->private_data);
   5048		return -ENOMEM;
   5049	}
   5050	data->maxwritelen = 2048;
   5051	data->on_close = proc_config_on_close;
   5052
   5053	readConfigRid(ai, 1);
   5054
   5055	mode = ai->config.opmode & MODE_CFG_MASK;
   5056	i = sprintf(data->rbuffer,
   5057		     "Mode: %s\n"
   5058		     "Radio: %s\n"
   5059		     "NodeName: %-16s\n"
   5060		     "PowerMode: %s\n"
   5061		     "DataRates: %d %d %d %d %d %d %d %d\n"
   5062		     "Channel: %d\n"
   5063		     "XmitPower: %d\n",
   5064		     mode == MODE_STA_IBSS ? "adhoc" :
   5065		     mode == MODE_STA_ESS ? get_rmode(ai->config.rmode):
   5066		     mode == MODE_AP ? "AP" :
   5067		     mode == MODE_AP_RPTR ? "AP RPTR" : "Error",
   5068		     test_bit(FLAG_RADIO_OFF, &ai->flags) ? "off" : "on",
   5069		     ai->config.nodeName,
   5070		     ai->config.powerSaveMode == POWERSAVE_CAM ? "CAM" :
   5071		     ai->config.powerSaveMode == POWERSAVE_PSP ? "PSP" :
   5072		     ai->config.powerSaveMode == POWERSAVE_PSPCAM ? "PSPCAM" :
   5073		     "Error",
   5074		     (int)ai->config.rates[0],
   5075		     (int)ai->config.rates[1],
   5076		     (int)ai->config.rates[2],
   5077		     (int)ai->config.rates[3],
   5078		     (int)ai->config.rates[4],
   5079		     (int)ai->config.rates[5],
   5080		     (int)ai->config.rates[6],
   5081		     (int)ai->config.rates[7],
   5082		     le16_to_cpu(ai->config.channelSet),
   5083		     le16_to_cpu(ai->config.txPower)
   5084		);
   5085	sprintf(data->rbuffer + i,
   5086		 "LongRetryLimit: %d\n"
   5087		 "ShortRetryLimit: %d\n"
   5088		 "RTSThreshold: %d\n"
   5089		 "TXMSDULifetime: %d\n"
   5090		 "RXMSDULifetime: %d\n"
   5091		 "TXDiversity: %s\n"
   5092		 "RXDiversity: %s\n"
   5093		 "FragThreshold: %d\n"
   5094		 "WEP: %s\n"
   5095		 "Modulation: %s\n"
   5096		 "Preamble: %s\n",
   5097		 le16_to_cpu(ai->config.longRetryLimit),
   5098		 le16_to_cpu(ai->config.shortRetryLimit),
   5099		 le16_to_cpu(ai->config.rtsThres),
   5100		 le16_to_cpu(ai->config.txLifetime),
   5101		 le16_to_cpu(ai->config.rxLifetime),
   5102		 ai->config.txDiversity == 1 ? "left" :
   5103		 ai->config.txDiversity == 2 ? "right" : "both",
   5104		 ai->config.rxDiversity == 1 ? "left" :
   5105		 ai->config.rxDiversity == 2 ? "right" : "both",
   5106		 le16_to_cpu(ai->config.fragThresh),
   5107		 ai->config.authType == AUTH_ENCRYPT ? "encrypt" :
   5108		 ai->config.authType == AUTH_SHAREDKEY ? "shared" : "open",
   5109		 ai->config.modulation == MOD_DEFAULT ? "default" :
   5110		 ai->config.modulation == MOD_CCK ? "cck" :
   5111		 ai->config.modulation == MOD_MOK ? "mok" : "error",
   5112		 ai->config.preamble == PREAMBLE_AUTO ? "auto" :
   5113		 ai->config.preamble == PREAMBLE_LONG ? "long" :
   5114		 ai->config.preamble == PREAMBLE_SHORT ? "short" : "error"
   5115		);
   5116	data->readlen = strlen(data->rbuffer);
   5117	return 0;
   5118}
   5119
   5120static void proc_SSID_on_close(struct inode *inode, struct file *file)
   5121{
   5122	struct proc_data *data = file->private_data;
   5123	struct net_device *dev = pde_data(inode);
   5124	struct airo_info *ai = dev->ml_priv;
   5125	SsidRid SSID_rid;
   5126	int i;
   5127	char *p = data->wbuffer;
   5128	char *end = p + data->writelen;
   5129
   5130	if (!data->writelen)
   5131		return;
   5132
   5133	*end = '\n'; /* sentinel; we have space for it */
   5134
   5135	memset(&SSID_rid, 0, sizeof(SSID_rid));
   5136
   5137	for (i = 0; i < 3 && p < end; i++) {
   5138		int j = 0;
   5139		/* copy up to 32 characters from this line */
   5140		while (*p != '\n' && j < 32)
   5141			SSID_rid.ssids[i].ssid[j++] = *p++;
   5142		if (j == 0)
   5143			break;
   5144		SSID_rid.ssids[i].len = cpu_to_le16(j);
   5145		/* skip to the beginning of the next line */
   5146		while (*p++ != '\n')
   5147			;
   5148	}
   5149	if (i)
   5150		SSID_rid.len = cpu_to_le16(sizeof(SSID_rid));
   5151	disable_MAC(ai, 1);
   5152	writeSsidRid(ai, &SSID_rid, 1);
   5153	enable_MAC(ai, 1);
   5154}
   5155
   5156static void proc_APList_on_close(struct inode *inode, struct file *file)
   5157{
   5158	struct proc_data *data = file->private_data;
   5159	struct net_device *dev = pde_data(inode);
   5160	struct airo_info *ai = dev->ml_priv;
   5161	APListRid *APList_rid = &ai->APList;
   5162	int i;
   5163
   5164	if (!data->writelen) return;
   5165
   5166	memset(APList_rid, 0, sizeof(*APList_rid));
   5167	APList_rid->len = cpu_to_le16(sizeof(*APList_rid));
   5168
   5169	for (i = 0; i < 4 && data->writelen >= (i + 1) * 6 * 3; i++)
   5170		mac_pton(data->wbuffer + i * 6 * 3, APList_rid->ap[i]);
   5171
   5172	disable_MAC(ai, 1);
   5173	writeAPListRid(ai, APList_rid, 1);
   5174	enable_MAC(ai, 1);
   5175}
   5176
   5177/* This function wraps PC4500_writerid with a MAC disable */
   5178static int do_writerid(struct airo_info *ai, u16 rid, const void *rid_data,
   5179			int len, int dummy)
   5180{
   5181	int rc;
   5182
   5183	disable_MAC(ai, 1);
   5184	rc = PC4500_writerid(ai, rid, rid_data, len, 1);
   5185	enable_MAC(ai, 1);
   5186	return rc;
   5187}
   5188
   5189/* Returns the WEP key at the specified index, or -1 if that key does
   5190 * not exist.  The buffer is assumed to be at least 16 bytes in length.
   5191 */
   5192static int get_wep_key(struct airo_info *ai, u16 index, char *buf, u16 buflen)
   5193{
   5194	WepKeyRid wkr;
   5195	int rc;
   5196	__le16 lastindex;
   5197
   5198	rc = readWepKeyRid(ai, &wkr, 1, 1);
   5199	if (rc != SUCCESS)
   5200		return -1;
   5201	do {
   5202		lastindex = wkr.kindex;
   5203		if (le16_to_cpu(wkr.kindex) == index) {
   5204			int klen = min_t(int, buflen, le16_to_cpu(wkr.klen));
   5205			memcpy(buf, wkr.key, klen);
   5206			return klen;
   5207		}
   5208		rc = readWepKeyRid(ai, &wkr, 0, 1);
   5209		if (rc != SUCCESS)
   5210			return -1;
   5211	} while (lastindex != wkr.kindex);
   5212	return -1;
   5213}
   5214
   5215static int get_wep_tx_idx(struct airo_info *ai)
   5216{
   5217	WepKeyRid wkr;
   5218	int rc;
   5219	__le16 lastindex;
   5220
   5221	rc = readWepKeyRid(ai, &wkr, 1, 1);
   5222	if (rc != SUCCESS)
   5223		return -1;
   5224	do {
   5225		lastindex = wkr.kindex;
   5226		if (wkr.kindex == cpu_to_le16(0xffff))
   5227			return wkr.mac[0];
   5228		rc = readWepKeyRid(ai, &wkr, 0, 1);
   5229		if (rc != SUCCESS)
   5230			return -1;
   5231	} while (lastindex != wkr.kindex);
   5232	return -1;
   5233}
   5234
   5235static int set_wep_key(struct airo_info *ai, u16 index, const char *key,
   5236		       u16 keylen, int perm, int lock)
   5237{
   5238	static const unsigned char macaddr[ETH_ALEN] = { 0x01, 0, 0, 0, 0, 0 };
   5239	WepKeyRid wkr;
   5240	int rc;
   5241
   5242	if (WARN_ON(keylen == 0))
   5243		return -1;
   5244
   5245	memset(&wkr, 0, sizeof(wkr));
   5246	wkr.len = cpu_to_le16(sizeof(wkr));
   5247	wkr.kindex = cpu_to_le16(index);
   5248	wkr.klen = cpu_to_le16(keylen);
   5249	memcpy(wkr.key, key, keylen);
   5250	memcpy(wkr.mac, macaddr, ETH_ALEN);
   5251
   5252	if (perm) disable_MAC(ai, lock);
   5253	rc = writeWepKeyRid(ai, &wkr, perm, lock);
   5254	if (perm) enable_MAC(ai, lock);
   5255	return rc;
   5256}
   5257
   5258static int set_wep_tx_idx(struct airo_info *ai, u16 index, int perm, int lock)
   5259{
   5260	WepKeyRid wkr;
   5261	int rc;
   5262
   5263	memset(&wkr, 0, sizeof(wkr));
   5264	wkr.len = cpu_to_le16(sizeof(wkr));
   5265	wkr.kindex = cpu_to_le16(0xffff);
   5266	wkr.mac[0] = (char)index;
   5267
   5268	if (perm) {
   5269		ai->defindex = (char)index;
   5270		disable_MAC(ai, lock);
   5271	}
   5272
   5273	rc = writeWepKeyRid(ai, &wkr, perm, lock);
   5274
   5275	if (perm)
   5276		enable_MAC(ai, lock);
   5277	return rc;
   5278}
   5279
   5280static void proc_wepkey_on_close(struct inode *inode, struct file *file)
   5281{
   5282	struct proc_data *data;
   5283	struct net_device *dev = pde_data(inode);
   5284	struct airo_info *ai = dev->ml_priv;
   5285	int i, rc;
   5286	char key[16];
   5287	u16 index = 0;
   5288	int j = 0;
   5289
   5290	memset(key, 0, sizeof(key));
   5291
   5292	data = file->private_data;
   5293	if (!data->writelen) return;
   5294
   5295	if (data->wbuffer[0] >= '0' && data->wbuffer[0] <= '3' &&
   5296	    (data->wbuffer[1] == ' ' || data->wbuffer[1] == '\n')) {
   5297		index = data->wbuffer[0] - '0';
   5298		if (data->wbuffer[1] == '\n') {
   5299			rc = set_wep_tx_idx(ai, index, 1, 1);
   5300			if (rc < 0) {
   5301				airo_print_err(ai->dev->name, "failed to set "
   5302				               "WEP transmit index to %d: %d.",
   5303				               index, rc);
   5304			}
   5305			return;
   5306		}
   5307		j = 2;
   5308	} else {
   5309		airo_print_err(ai->dev->name, "WepKey passed invalid key index");
   5310		return;
   5311	}
   5312
   5313	for (i = 0; i < 16*3 && data->wbuffer[i+j]; i++) {
   5314		switch(i%3) {
   5315		case 0:
   5316			key[i/3] = hex_to_bin(data->wbuffer[i+j])<<4;
   5317			break;
   5318		case 1:
   5319			key[i/3] |= hex_to_bin(data->wbuffer[i+j]);
   5320			break;
   5321		}
   5322	}
   5323
   5324	rc = set_wep_key(ai, index, key, i/3, 1, 1);
   5325	if (rc < 0) {
   5326		airo_print_err(ai->dev->name, "failed to set WEP key at index "
   5327		               "%d: %d.", index, rc);
   5328	}
   5329}
   5330
   5331static int proc_wepkey_open(struct inode *inode, struct file *file)
   5332{
   5333	struct proc_data *data;
   5334	struct net_device *dev = pde_data(inode);
   5335	struct airo_info *ai = dev->ml_priv;
   5336	char *ptr;
   5337	WepKeyRid wkr;
   5338	__le16 lastindex;
   5339	int j = 0;
   5340	int rc;
   5341
   5342	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   5343		return -ENOMEM;
   5344	memset(&wkr, 0, sizeof(wkr));
   5345	data = file->private_data;
   5346	if ((data->rbuffer = kzalloc(180, GFP_KERNEL)) == NULL) {
   5347		kfree (file->private_data);
   5348		return -ENOMEM;
   5349	}
   5350	data->writelen = 0;
   5351	data->maxwritelen = 80;
   5352	if ((data->wbuffer = kzalloc(80, GFP_KERNEL)) == NULL) {
   5353		kfree (data->rbuffer);
   5354		kfree (file->private_data);
   5355		return -ENOMEM;
   5356	}
   5357	data->on_close = proc_wepkey_on_close;
   5358
   5359	ptr = data->rbuffer;
   5360	strcpy(ptr, "No wep keys\n");
   5361	rc = readWepKeyRid(ai, &wkr, 1, 1);
   5362	if (rc == SUCCESS) do {
   5363		lastindex = wkr.kindex;
   5364		if (wkr.kindex == cpu_to_le16(0xffff)) {
   5365			j += sprintf(ptr+j, "Tx key = %d\n",
   5366				     (int)wkr.mac[0]);
   5367		} else {
   5368			j += sprintf(ptr+j, "Key %d set with length = %d\n",
   5369				     le16_to_cpu(wkr.kindex),
   5370				     le16_to_cpu(wkr.klen));
   5371		}
   5372		readWepKeyRid(ai, &wkr, 0, 1);
   5373	} while ((lastindex != wkr.kindex) && (j < 180-30));
   5374
   5375	data->readlen = strlen(data->rbuffer);
   5376	return 0;
   5377}
   5378
   5379static int proc_SSID_open(struct inode *inode, struct file *file)
   5380{
   5381	struct proc_data *data;
   5382	struct net_device *dev = pde_data(inode);
   5383	struct airo_info *ai = dev->ml_priv;
   5384	int i;
   5385	char *ptr;
   5386	SsidRid SSID_rid;
   5387
   5388	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   5389		return -ENOMEM;
   5390	data = file->private_data;
   5391	if ((data->rbuffer = kmalloc(104, GFP_KERNEL)) == NULL) {
   5392		kfree (file->private_data);
   5393		return -ENOMEM;
   5394	}
   5395	data->writelen = 0;
   5396	data->maxwritelen = 33*3;
   5397	/* allocate maxwritelen + 1; we'll want a sentinel */
   5398	if ((data->wbuffer = kzalloc(33*3 + 1, GFP_KERNEL)) == NULL) {
   5399		kfree (data->rbuffer);
   5400		kfree (file->private_data);
   5401		return -ENOMEM;
   5402	}
   5403	data->on_close = proc_SSID_on_close;
   5404
   5405	readSsidRid(ai, &SSID_rid);
   5406	ptr = data->rbuffer;
   5407	for (i = 0; i < 3; i++) {
   5408		int j;
   5409		size_t len = le16_to_cpu(SSID_rid.ssids[i].len);
   5410		if (!len)
   5411			break;
   5412		if (len > 32)
   5413			len = 32;
   5414		for (j = 0; j < len && SSID_rid.ssids[i].ssid[j]; j++)
   5415			*ptr++ = SSID_rid.ssids[i].ssid[j];
   5416		*ptr++ = '\n';
   5417	}
   5418	*ptr = '\0';
   5419	data->readlen = strlen(data->rbuffer);
   5420	return 0;
   5421}
   5422
   5423static int proc_APList_open(struct inode *inode, struct file *file)
   5424{
   5425	struct proc_data *data;
   5426	struct net_device *dev = pde_data(inode);
   5427	struct airo_info *ai = dev->ml_priv;
   5428	int i;
   5429	char *ptr;
   5430	APListRid *APList_rid = &ai->APList;
   5431
   5432	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   5433		return -ENOMEM;
   5434	data = file->private_data;
   5435	if ((data->rbuffer = kmalloc(104, GFP_KERNEL)) == NULL) {
   5436		kfree (file->private_data);
   5437		return -ENOMEM;
   5438	}
   5439	data->writelen = 0;
   5440	data->maxwritelen = 4*6*3;
   5441	if ((data->wbuffer = kzalloc(data->maxwritelen, GFP_KERNEL)) == NULL) {
   5442		kfree (data->rbuffer);
   5443		kfree (file->private_data);
   5444		return -ENOMEM;
   5445	}
   5446	data->on_close = proc_APList_on_close;
   5447
   5448	ptr = data->rbuffer;
   5449	for (i = 0; i < 4; i++) {
   5450// We end when we find a zero MAC
   5451		if (!*(int*)APList_rid->ap[i] &&
   5452		     !*(int*)&APList_rid->ap[i][2]) break;
   5453		ptr += sprintf(ptr, "%pM\n", APList_rid->ap[i]);
   5454	}
   5455	if (i==0) ptr += sprintf(ptr, "Not using specific APs\n");
   5456
   5457	*ptr = '\0';
   5458	data->readlen = strlen(data->rbuffer);
   5459	return 0;
   5460}
   5461
   5462static int proc_BSSList_open(struct inode *inode, struct file *file)
   5463{
   5464	struct proc_data *data;
   5465	struct net_device *dev = pde_data(inode);
   5466	struct airo_info *ai = dev->ml_priv;
   5467	char *ptr;
   5468	BSSListRid BSSList_rid;
   5469	int rc;
   5470	/* If doLoseSync is not 1, we won't do a Lose Sync */
   5471	int doLoseSync = -1;
   5472
   5473	if ((file->private_data = kzalloc(sizeof(struct proc_data), GFP_KERNEL)) == NULL)
   5474		return -ENOMEM;
   5475	data = file->private_data;
   5476	if ((data->rbuffer = kmalloc(1024, GFP_KERNEL)) == NULL) {
   5477		kfree (file->private_data);
   5478		return -ENOMEM;
   5479	}
   5480	data->writelen = 0;
   5481	data->maxwritelen = 0;
   5482	data->wbuffer = NULL;
   5483	data->on_close = NULL;
   5484
   5485	if (file->f_mode & FMODE_WRITE) {
   5486		if (!(file->f_mode & FMODE_READ)) {
   5487			Cmd cmd;
   5488			Resp rsp;
   5489
   5490			if (ai->flags & FLAG_RADIO_MASK) {
   5491				kfree(data->rbuffer);
   5492				kfree(file->private_data);
   5493				return -ENETDOWN;
   5494			}
   5495			memset(&cmd, 0, sizeof(cmd));
   5496			cmd.cmd = CMD_LISTBSS;
   5497			if (down_interruptible(&ai->sem)) {
   5498				kfree(data->rbuffer);
   5499				kfree(file->private_data);
   5500				return -ERESTARTSYS;
   5501			}
   5502			issuecommand(ai, &cmd, &rsp, true);
   5503			up(&ai->sem);
   5504			data->readlen = 0;
   5505			return 0;
   5506		}
   5507		doLoseSync = 1;
   5508	}
   5509	ptr = data->rbuffer;
   5510	/* There is a race condition here if there are concurrent opens.
   5511           Since it is a rare condition, we'll just live with it, otherwise
   5512           we have to add a spin lock... */
   5513	rc = readBSSListRid(ai, doLoseSync, &BSSList_rid);
   5514	while (rc == 0 && BSSList_rid.index != cpu_to_le16(0xffff)) {
   5515		ptr += sprintf(ptr, "%pM %.*s rssi = %d",
   5516			       BSSList_rid.bssid,
   5517				(int)BSSList_rid.ssidLen,
   5518				BSSList_rid.ssid,
   5519				le16_to_cpu(BSSList_rid.dBm));
   5520		ptr += sprintf(ptr, " channel = %d %s %s %s %s\n",
   5521				le16_to_cpu(BSSList_rid.dsChannel),
   5522				BSSList_rid.cap & CAP_ESS ? "ESS" : "",
   5523				BSSList_rid.cap & CAP_IBSS ? "adhoc" : "",
   5524				BSSList_rid.cap & CAP_PRIVACY ? "wep" : "",
   5525				BSSList_rid.cap & CAP_SHORTHDR ? "shorthdr" : "");
   5526		rc = readBSSListRid(ai, 0, &BSSList_rid);
   5527	}
   5528	*ptr = '\0';
   5529	data->readlen = strlen(data->rbuffer);
   5530	return 0;
   5531}
   5532
   5533static int proc_close(struct inode *inode, struct file *file)
   5534{
   5535	struct proc_data *data = file->private_data;
   5536
   5537	if (data->on_close != NULL)
   5538		data->on_close(inode, file);
   5539	kfree(data->rbuffer);
   5540	kfree(data->wbuffer);
   5541	kfree(data);
   5542	return 0;
   5543}
   5544
   5545/* Since the card doesn't automatically switch to the right WEP mode,
   5546   we will make it do it.  If the card isn't associated, every secs we
   5547   will switch WEP modes to see if that will help.  If the card is
   5548   associated we will check every minute to see if anything has
   5549   changed. */
   5550static void timer_func(struct net_device *dev)
   5551{
   5552	struct airo_info *apriv = dev->ml_priv;
   5553
   5554/* We don't have a link so try changing the authtype */
   5555	readConfigRid(apriv, 0);
   5556	disable_MAC(apriv, 0);
   5557	switch(apriv->config.authType) {
   5558		case AUTH_ENCRYPT:
   5559/* So drop to OPEN */
   5560			apriv->config.authType = AUTH_OPEN;
   5561			break;
   5562		case AUTH_SHAREDKEY:
   5563			if (apriv->keyindex < auto_wep) {
   5564				set_wep_tx_idx(apriv, apriv->keyindex, 0, 0);
   5565				apriv->config.authType = AUTH_SHAREDKEY;
   5566				apriv->keyindex++;
   5567			} else {
   5568			        /* Drop to ENCRYPT */
   5569				apriv->keyindex = 0;
   5570				set_wep_tx_idx(apriv, apriv->defindex, 0, 0);
   5571				apriv->config.authType = AUTH_ENCRYPT;
   5572			}
   5573			break;
   5574		default:  /* We'll escalate to SHAREDKEY */
   5575			apriv->config.authType = AUTH_SHAREDKEY;
   5576	}
   5577	set_bit (FLAG_COMMIT, &apriv->flags);
   5578	writeConfigRid(apriv, 0);
   5579	enable_MAC(apriv, 0);
   5580	up(&apriv->sem);
   5581
   5582/* Schedule check to see if the change worked */
   5583	clear_bit(JOB_AUTOWEP, &apriv->jobs);
   5584	apriv->expires = RUN_AT(HZ*3);
   5585}
   5586
   5587#ifdef CONFIG_PCI
   5588static int airo_pci_probe(struct pci_dev *pdev,
   5589				    const struct pci_device_id *pent)
   5590{
   5591	struct net_device *dev;
   5592
   5593	if (pci_enable_device(pdev))
   5594		return -ENODEV;
   5595	pci_set_master(pdev);
   5596
   5597	if (pdev->device == 0x5000 || pdev->device == 0xa504)
   5598			dev = _init_airo_card(pdev->irq, pdev->resource[0].start, 0, pdev, &pdev->dev);
   5599	else
   5600			dev = _init_airo_card(pdev->irq, pdev->resource[2].start, 0, pdev, &pdev->dev);
   5601	if (!dev) {
   5602		pci_disable_device(pdev);
   5603		return -ENODEV;
   5604	}
   5605
   5606	pci_set_drvdata(pdev, dev);
   5607	return 0;
   5608}
   5609
   5610static void airo_pci_remove(struct pci_dev *pdev)
   5611{
   5612	struct net_device *dev = pci_get_drvdata(pdev);
   5613
   5614	airo_print_info(dev->name, "Unregistering...");
   5615	stop_airo_card(dev, 1);
   5616	pci_disable_device(pdev);
   5617}
   5618
   5619static int __maybe_unused airo_pci_suspend(struct device *dev_d)
   5620{
   5621	struct net_device *dev = dev_get_drvdata(dev_d);
   5622	struct airo_info *ai = dev->ml_priv;
   5623	Cmd cmd;
   5624	Resp rsp;
   5625
   5626	if (!ai->SSID)
   5627		ai->SSID = kmalloc(sizeof(SsidRid), GFP_KERNEL);
   5628	if (!ai->SSID)
   5629		return -ENOMEM;
   5630	readSsidRid(ai, ai->SSID);
   5631	memset(&cmd, 0, sizeof(cmd));
   5632	/* the lock will be released at the end of the resume callback */
   5633	if (down_interruptible(&ai->sem))
   5634		return -EAGAIN;
   5635	disable_MAC(ai, 0);
   5636	netif_device_detach(dev);
   5637	ai->power = PMSG_SUSPEND;
   5638	cmd.cmd = HOSTSLEEP;
   5639	issuecommand(ai, &cmd, &rsp, true);
   5640
   5641	device_wakeup_enable(dev_d);
   5642	return 0;
   5643}
   5644
   5645static int __maybe_unused airo_pci_resume(struct device *dev_d)
   5646{
   5647	struct net_device *dev = dev_get_drvdata(dev_d);
   5648	struct airo_info *ai = dev->ml_priv;
   5649	pci_power_t prev_state = to_pci_dev(dev_d)->current_state;
   5650
   5651	device_wakeup_disable(dev_d);
   5652
   5653	if (prev_state != PCI_D1) {
   5654		reset_card(dev, 0);
   5655		mpi_init_descriptors(ai);
   5656		setup_card(ai, dev, 0);
   5657		clear_bit(FLAG_RADIO_OFF, &ai->flags);
   5658		clear_bit(FLAG_PENDING_XMIT, &ai->flags);
   5659	} else {
   5660		OUT4500(ai, EVACK, EV_AWAKEN);
   5661		OUT4500(ai, EVACK, EV_AWAKEN);
   5662		msleep(100);
   5663	}
   5664
   5665	set_bit(FLAG_COMMIT, &ai->flags);
   5666	disable_MAC(ai, 0);
   5667        msleep(200);
   5668	if (ai->SSID) {
   5669		writeSsidRid(ai, ai->SSID, 0);
   5670		kfree(ai->SSID);
   5671		ai->SSID = NULL;
   5672	}
   5673	writeAPListRid(ai, &ai->APList, 0);
   5674	writeConfigRid(ai, 0);
   5675	enable_MAC(ai, 0);
   5676	ai->power = PMSG_ON;
   5677	netif_device_attach(dev);
   5678	netif_wake_queue(dev);
   5679	enable_interrupts(ai);
   5680	up(&ai->sem);
   5681	return 0;
   5682}
   5683#endif
   5684
   5685static int __init airo_init_module(void)
   5686{
   5687	int i;
   5688
   5689	proc_kuid = make_kuid(&init_user_ns, proc_uid);
   5690	proc_kgid = make_kgid(&init_user_ns, proc_gid);
   5691	if (!uid_valid(proc_kuid) || !gid_valid(proc_kgid))
   5692		return -EINVAL;
   5693
   5694	airo_entry = proc_mkdir_mode("driver/aironet", airo_perm, NULL);
   5695
   5696	if (airo_entry)
   5697		proc_set_user(airo_entry, proc_kuid, proc_kgid);
   5698
   5699	for (i = 0; i < 4 && io[i] && irq[i]; i++) {
   5700		airo_print_info("", "Trying to configure ISA adapter at irq=%d "
   5701			"io = 0x%x", irq[i], io[i]);
   5702		if (init_airo_card(irq[i], io[i], 0, NULL)) {
   5703			/* do nothing */ ;
   5704		}
   5705	}
   5706
   5707#ifdef CONFIG_PCI
   5708	airo_print_info("", "Probing for PCI adapters");
   5709	i = pci_register_driver(&airo_driver);
   5710	airo_print_info("", "Finished probing for PCI adapters");
   5711
   5712	if (i) {
   5713		remove_proc_entry("driver/aironet", NULL);
   5714		return i;
   5715	}
   5716#endif
   5717
   5718	/* Always exit with success, as we are a library module
   5719	 * as well as a driver module
   5720	 */
   5721	return 0;
   5722}
   5723
   5724static void __exit airo_cleanup_module(void)
   5725{
   5726	struct airo_info *ai;
   5727	while (!list_empty(&airo_devices)) {
   5728		ai = list_entry(airo_devices.next, struct airo_info, dev_list);
   5729		airo_print_info(ai->dev->name, "Unregistering...");
   5730		stop_airo_card(ai->dev, 1);
   5731	}
   5732#ifdef CONFIG_PCI
   5733	pci_unregister_driver(&airo_driver);
   5734#endif
   5735	remove_proc_entry("driver/aironet", NULL);
   5736}
   5737
   5738/*
   5739 * Initial Wireless Extension code for Aironet driver by :
   5740 *	Jean Tourrilhes <jt@hpl.hp.com> - HPL - 17 November 00
   5741 * Conversion to new driver API by :
   5742 *	Jean Tourrilhes <jt@hpl.hp.com> - HPL - 26 March 02
   5743 * Javier also did a good amount of work here, adding some new extensions
   5744 * and fixing my code. Let's just say that without him this code just
   5745 * would not work at all... - Jean II
   5746 */
   5747
   5748static u8 airo_rssi_to_dbm (tdsRssiEntry *rssi_rid, u8 rssi)
   5749{
   5750	if (!rssi_rid)
   5751		return 0;
   5752
   5753	return (0x100 - rssi_rid[rssi].rssidBm);
   5754}
   5755
   5756static u8 airo_dbm_to_pct (tdsRssiEntry *rssi_rid, u8 dbm)
   5757{
   5758	int i;
   5759
   5760	if (!rssi_rid)
   5761		return 0;
   5762
   5763	for (i = 0; i < 256; i++)
   5764		if (rssi_rid[i].rssidBm == dbm)
   5765			return rssi_rid[i].rssipct;
   5766
   5767	return 0;
   5768}
   5769
   5770
   5771static int airo_get_quality (StatusRid *status_rid, CapabilityRid *cap_rid)
   5772{
   5773	int quality = 0;
   5774	u16 sq;
   5775
   5776	if ((status_rid->mode & cpu_to_le16(0x3f)) != cpu_to_le16(0x3f))
   5777		return 0;
   5778
   5779	if (!(cap_rid->hardCap & cpu_to_le16(8)))
   5780		return 0;
   5781
   5782	sq = le16_to_cpu(status_rid->signalQuality);
   5783	if (memcmp(cap_rid->prodName, "350", 3))
   5784		if (sq > 0x20)
   5785			quality = 0;
   5786		else
   5787			quality = 0x20 - sq;
   5788	else
   5789		if (sq > 0xb0)
   5790			quality = 0;
   5791		else if (sq < 0x10)
   5792			quality = 0xa0;
   5793		else
   5794			quality = 0xb0 - sq;
   5795	return quality;
   5796}
   5797
   5798#define airo_get_max_quality(cap_rid) (memcmp((cap_rid)->prodName, "350", 3) ? 0x20 : 0xa0)
   5799#define airo_get_avg_quality(cap_rid) (memcmp((cap_rid)->prodName, "350", 3) ? 0x10 : 0x50)
   5800
   5801/*------------------------------------------------------------------*/
   5802/*
   5803 * Wireless Handler : get protocol name
   5804 */
   5805static int airo_get_name(struct net_device *dev,
   5806			 struct iw_request_info *info,
   5807			 char *cwrq,
   5808			 char *extra)
   5809{
   5810	strcpy(cwrq, "IEEE 802.11-DS");
   5811	return 0;
   5812}
   5813
   5814/*------------------------------------------------------------------*/
   5815/*
   5816 * Wireless Handler : set frequency
   5817 */
   5818static int airo_set_freq(struct net_device *dev,
   5819			 struct iw_request_info *info,
   5820			 struct iw_freq *fwrq,
   5821			 char *extra)
   5822{
   5823	struct airo_info *local = dev->ml_priv;
   5824	int rc = -EINPROGRESS;		/* Call commit handler */
   5825
   5826	/* If setting by frequency, convert to a channel */
   5827	if (fwrq->e == 1) {
   5828		int f = fwrq->m / 100000;
   5829
   5830		/* Hack to fall through... */
   5831		fwrq->e = 0;
   5832		fwrq->m = ieee80211_frequency_to_channel(f);
   5833	}
   5834	/* Setting by channel number */
   5835	if (fwrq->m < 0 || fwrq->m > 1000 || fwrq->e > 0)
   5836		rc = -EOPNOTSUPP;
   5837	else {
   5838		int channel = fwrq->m;
   5839		/* We should do a better check than that,
   5840		 * based on the card capability !!! */
   5841		if ((channel < 1) || (channel > 14)) {
   5842			airo_print_dbg(dev->name, "New channel value of %d is invalid!",
   5843				fwrq->m);
   5844			rc = -EINVAL;
   5845		} else {
   5846			readConfigRid(local, 1);
   5847			/* Yes ! We can set it !!! */
   5848			local->config.channelSet = cpu_to_le16(channel);
   5849			set_bit (FLAG_COMMIT, &local->flags);
   5850		}
   5851	}
   5852	return rc;
   5853}
   5854
   5855/*------------------------------------------------------------------*/
   5856/*
   5857 * Wireless Handler : get frequency
   5858 */
   5859static int airo_get_freq(struct net_device *dev,
   5860			 struct iw_request_info *info,
   5861			 struct iw_freq *fwrq,
   5862			 char *extra)
   5863{
   5864	struct airo_info *local = dev->ml_priv;
   5865	StatusRid status_rid;		/* Card status info */
   5866	int ch;
   5867
   5868	readConfigRid(local, 1);
   5869	if ((local->config.opmode & MODE_CFG_MASK) == MODE_STA_ESS)
   5870		status_rid.channel = local->config.channelSet;
   5871	else
   5872		readStatusRid(local, &status_rid, 1);
   5873
   5874	ch = le16_to_cpu(status_rid.channel);
   5875	if ((ch > 0) && (ch < 15)) {
   5876		fwrq->m = 100000 *
   5877			ieee80211_channel_to_frequency(ch, NL80211_BAND_2GHZ);
   5878		fwrq->e = 1;
   5879	} else {
   5880		fwrq->m = ch;
   5881		fwrq->e = 0;
   5882	}
   5883
   5884	return 0;
   5885}
   5886
   5887/*------------------------------------------------------------------*/
   5888/*
   5889 * Wireless Handler : set ESSID
   5890 */
   5891static int airo_set_essid(struct net_device *dev,
   5892			  struct iw_request_info *info,
   5893			  struct iw_point *dwrq,
   5894			  char *extra)
   5895{
   5896	struct airo_info *local = dev->ml_priv;
   5897	SsidRid SSID_rid;		/* SSIDs */
   5898
   5899	/* Reload the list of current SSID */
   5900	readSsidRid(local, &SSID_rid);
   5901
   5902	/* Check if we asked for `any' */
   5903	if (dwrq->flags == 0) {
   5904		/* Just send an empty SSID list */
   5905		memset(&SSID_rid, 0, sizeof(SSID_rid));
   5906	} else {
   5907		unsigned index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
   5908
   5909		/* Check the size of the string */
   5910		if (dwrq->length > IW_ESSID_MAX_SIZE)
   5911			return -E2BIG ;
   5912
   5913		/* Check if index is valid */
   5914		if (index >= ARRAY_SIZE(SSID_rid.ssids))
   5915			return -EINVAL;
   5916
   5917		/* Set the SSID */
   5918		memset(SSID_rid.ssids[index].ssid, 0,
   5919		       sizeof(SSID_rid.ssids[index].ssid));
   5920		memcpy(SSID_rid.ssids[index].ssid, extra, dwrq->length);
   5921		SSID_rid.ssids[index].len = cpu_to_le16(dwrq->length);
   5922	}
   5923	SSID_rid.len = cpu_to_le16(sizeof(SSID_rid));
   5924	/* Write it to the card */
   5925	disable_MAC(local, 1);
   5926	writeSsidRid(local, &SSID_rid, 1);
   5927	enable_MAC(local, 1);
   5928
   5929	return 0;
   5930}
   5931
   5932/*------------------------------------------------------------------*/
   5933/*
   5934 * Wireless Handler : get ESSID
   5935 */
   5936static int airo_get_essid(struct net_device *dev,
   5937			  struct iw_request_info *info,
   5938			  struct iw_point *dwrq,
   5939			  char *extra)
   5940{
   5941	struct airo_info *local = dev->ml_priv;
   5942	StatusRid status_rid;		/* Card status info */
   5943
   5944	readStatusRid(local, &status_rid, 1);
   5945
   5946	/* Note : if dwrq->flags != 0, we should
   5947	 * get the relevant SSID from the SSID list... */
   5948
   5949	/* Get the current SSID */
   5950	memcpy(extra, status_rid.SSID, le16_to_cpu(status_rid.SSIDlen));
   5951	/* If none, we may want to get the one that was set */
   5952
   5953	/* Push it out ! */
   5954	dwrq->length = le16_to_cpu(status_rid.SSIDlen);
   5955	dwrq->flags = 1; /* active */
   5956
   5957	return 0;
   5958}
   5959
   5960/*------------------------------------------------------------------*/
   5961/*
   5962 * Wireless Handler : set AP address
   5963 */
   5964static int airo_set_wap(struct net_device *dev,
   5965			struct iw_request_info *info,
   5966			struct sockaddr *awrq,
   5967			char *extra)
   5968{
   5969	struct airo_info *local = dev->ml_priv;
   5970	Cmd cmd;
   5971	Resp rsp;
   5972	APListRid *APList_rid = &local->APList;
   5973
   5974	if (awrq->sa_family != ARPHRD_ETHER)
   5975		return -EINVAL;
   5976	else if (is_broadcast_ether_addr(awrq->sa_data) ||
   5977		 is_zero_ether_addr(awrq->sa_data)) {
   5978		memset(&cmd, 0, sizeof(cmd));
   5979		cmd.cmd = CMD_LOSE_SYNC;
   5980		if (down_interruptible(&local->sem))
   5981			return -ERESTARTSYS;
   5982		issuecommand(local, &cmd, &rsp, true);
   5983		up(&local->sem);
   5984	} else {
   5985		memset(APList_rid, 0, sizeof(*APList_rid));
   5986		APList_rid->len = cpu_to_le16(sizeof(*APList_rid));
   5987		memcpy(APList_rid->ap[0], awrq->sa_data, ETH_ALEN);
   5988		disable_MAC(local, 1);
   5989		writeAPListRid(local, APList_rid, 1);
   5990		enable_MAC(local, 1);
   5991	}
   5992	return 0;
   5993}
   5994
   5995/*------------------------------------------------------------------*/
   5996/*
   5997 * Wireless Handler : get AP address
   5998 */
   5999static int airo_get_wap(struct net_device *dev,
   6000			struct iw_request_info *info,
   6001			struct sockaddr *awrq,
   6002			char *extra)
   6003{
   6004	struct airo_info *local = dev->ml_priv;
   6005	StatusRid status_rid;		/* Card status info */
   6006
   6007	readStatusRid(local, &status_rid, 1);
   6008
   6009	/* Tentative. This seems to work, wow, I'm lucky !!! */
   6010	memcpy(awrq->sa_data, status_rid.bssid[0], ETH_ALEN);
   6011	awrq->sa_family = ARPHRD_ETHER;
   6012
   6013	return 0;
   6014}
   6015
   6016/*------------------------------------------------------------------*/
   6017/*
   6018 * Wireless Handler : set Nickname
   6019 */
   6020static int airo_set_nick(struct net_device *dev,
   6021			 struct iw_request_info *info,
   6022			 struct iw_point *dwrq,
   6023			 char *extra)
   6024{
   6025	struct airo_info *local = dev->ml_priv;
   6026
   6027	/* Check the size of the string */
   6028	if (dwrq->length > 16) {
   6029		return -E2BIG;
   6030	}
   6031	readConfigRid(local, 1);
   6032	memset(local->config.nodeName, 0, sizeof(local->config.nodeName));
   6033	memcpy(local->config.nodeName, extra, dwrq->length);
   6034	set_bit (FLAG_COMMIT, &local->flags);
   6035
   6036	return -EINPROGRESS;		/* Call commit handler */
   6037}
   6038
   6039/*------------------------------------------------------------------*/
   6040/*
   6041 * Wireless Handler : get Nickname
   6042 */
   6043static int airo_get_nick(struct net_device *dev,
   6044			 struct iw_request_info *info,
   6045			 struct iw_point *dwrq,
   6046			 char *extra)
   6047{
   6048	struct airo_info *local = dev->ml_priv;
   6049
   6050	readConfigRid(local, 1);
   6051	strncpy(extra, local->config.nodeName, 16);
   6052	extra[16] = '\0';
   6053	dwrq->length = strlen(extra);
   6054
   6055	return 0;
   6056}
   6057
   6058/*------------------------------------------------------------------*/
   6059/*
   6060 * Wireless Handler : set Bit-Rate
   6061 */
   6062static int airo_set_rate(struct net_device *dev,
   6063			 struct iw_request_info *info,
   6064			 struct iw_param *vwrq,
   6065			 char *extra)
   6066{
   6067	struct airo_info *local = dev->ml_priv;
   6068	CapabilityRid cap_rid;		/* Card capability info */
   6069	u8	brate = 0;
   6070	int	i;
   6071
   6072	/* First : get a valid bit rate value */
   6073	readCapabilityRid(local, &cap_rid, 1);
   6074
   6075	/* Which type of value ? */
   6076	if ((vwrq->value < 8) && (vwrq->value >= 0)) {
   6077		/* Setting by rate index */
   6078		/* Find value in the magic rate table */
   6079		brate = cap_rid.supportedRates[vwrq->value];
   6080	} else {
   6081		/* Setting by frequency value */
   6082		u8	normvalue = (u8) (vwrq->value/500000);
   6083
   6084		/* Check if rate is valid */
   6085		for (i = 0 ; i < 8 ; i++) {
   6086			if (normvalue == cap_rid.supportedRates[i]) {
   6087				brate = normvalue;
   6088				break;
   6089			}
   6090		}
   6091	}
   6092	/* -1 designed the max rate (mostly auto mode) */
   6093	if (vwrq->value == -1) {
   6094		/* Get the highest available rate */
   6095		for (i = 0 ; i < 8 ; i++) {
   6096			if (cap_rid.supportedRates[i] == 0)
   6097				break;
   6098		}
   6099		if (i != 0)
   6100			brate = cap_rid.supportedRates[i - 1];
   6101	}
   6102	/* Check that it is valid */
   6103	if (brate == 0) {
   6104		return -EINVAL;
   6105	}
   6106
   6107	readConfigRid(local, 1);
   6108	/* Now, check if we want a fixed or auto value */
   6109	if (vwrq->fixed == 0) {
   6110		/* Fill all the rates up to this max rate */
   6111		memset(local->config.rates, 0, 8);
   6112		for (i = 0 ; i < 8 ; i++) {
   6113			local->config.rates[i] = cap_rid.supportedRates[i];
   6114			if (local->config.rates[i] == brate)
   6115				break;
   6116		}
   6117	} else {
   6118		/* Fixed mode */
   6119		/* One rate, fixed */
   6120		memset(local->config.rates, 0, 8);
   6121		local->config.rates[0] = brate;
   6122	}
   6123	set_bit (FLAG_COMMIT, &local->flags);
   6124
   6125	return -EINPROGRESS;		/* Call commit handler */
   6126}
   6127
   6128/*------------------------------------------------------------------*/
   6129/*
   6130 * Wireless Handler : get Bit-Rate
   6131 */
   6132static int airo_get_rate(struct net_device *dev,
   6133			 struct iw_request_info *info,
   6134			 struct iw_param *vwrq,
   6135			 char *extra)
   6136{
   6137	struct airo_info *local = dev->ml_priv;
   6138	StatusRid status_rid;		/* Card status info */
   6139
   6140	readStatusRid(local, &status_rid, 1);
   6141
   6142	vwrq->value = le16_to_cpu(status_rid.currentXmitRate) * 500000;
   6143	/* If more than one rate, set auto */
   6144	readConfigRid(local, 1);
   6145	vwrq->fixed = (local->config.rates[1] == 0);
   6146
   6147	return 0;
   6148}
   6149
   6150/*------------------------------------------------------------------*/
   6151/*
   6152 * Wireless Handler : set RTS threshold
   6153 */
   6154static int airo_set_rts(struct net_device *dev,
   6155			struct iw_request_info *info,
   6156			struct iw_param *vwrq,
   6157			char *extra)
   6158{
   6159	struct airo_info *local = dev->ml_priv;
   6160	int rthr = vwrq->value;
   6161
   6162	if (vwrq->disabled)
   6163		rthr = AIRO_DEF_MTU;
   6164	if ((rthr < 0) || (rthr > AIRO_DEF_MTU)) {
   6165		return -EINVAL;
   6166	}
   6167	readConfigRid(local, 1);
   6168	local->config.rtsThres = cpu_to_le16(rthr);
   6169	set_bit (FLAG_COMMIT, &local->flags);
   6170
   6171	return -EINPROGRESS;		/* Call commit handler */
   6172}
   6173
   6174/*------------------------------------------------------------------*/
   6175/*
   6176 * Wireless Handler : get RTS threshold
   6177 */
   6178static int airo_get_rts(struct net_device *dev,
   6179			struct iw_request_info *info,
   6180			struct iw_param *vwrq,
   6181			char *extra)
   6182{
   6183	struct airo_info *local = dev->ml_priv;
   6184
   6185	readConfigRid(local, 1);
   6186	vwrq->value = le16_to_cpu(local->config.rtsThres);
   6187	vwrq->disabled = (vwrq->value >= AIRO_DEF_MTU);
   6188	vwrq->fixed = 1;
   6189
   6190	return 0;
   6191}
   6192
   6193/*------------------------------------------------------------------*/
   6194/*
   6195 * Wireless Handler : set Fragmentation threshold
   6196 */
   6197static int airo_set_frag(struct net_device *dev,
   6198			 struct iw_request_info *info,
   6199			 struct iw_param *vwrq,
   6200			 char *extra)
   6201{
   6202	struct airo_info *local = dev->ml_priv;
   6203	int fthr = vwrq->value;
   6204
   6205	if (vwrq->disabled)
   6206		fthr = AIRO_DEF_MTU;
   6207	if ((fthr < 256) || (fthr > AIRO_DEF_MTU)) {
   6208		return -EINVAL;
   6209	}
   6210	fthr &= ~0x1;	/* Get an even value - is it really needed ??? */
   6211	readConfigRid(local, 1);
   6212	local->config.fragThresh = cpu_to_le16(fthr);
   6213	set_bit (FLAG_COMMIT, &local->flags);
   6214
   6215	return -EINPROGRESS;		/* Call commit handler */
   6216}
   6217
   6218/*------------------------------------------------------------------*/
   6219/*
   6220 * Wireless Handler : get Fragmentation threshold
   6221 */
   6222static int airo_get_frag(struct net_device *dev,
   6223			 struct iw_request_info *info,
   6224			 struct iw_param *vwrq,
   6225			 char *extra)
   6226{
   6227	struct airo_info *local = dev->ml_priv;
   6228
   6229	readConfigRid(local, 1);
   6230	vwrq->value = le16_to_cpu(local->config.fragThresh);
   6231	vwrq->disabled = (vwrq->value >= AIRO_DEF_MTU);
   6232	vwrq->fixed = 1;
   6233
   6234	return 0;
   6235}
   6236
   6237/*------------------------------------------------------------------*/
   6238/*
   6239 * Wireless Handler : set Mode of Operation
   6240 */
   6241static int airo_set_mode(struct net_device *dev,
   6242			 struct iw_request_info *info,
   6243			 __u32 *uwrq,
   6244			 char *extra)
   6245{
   6246	struct airo_info *local = dev->ml_priv;
   6247	int reset = 0;
   6248
   6249	readConfigRid(local, 1);
   6250	if (sniffing_mode(local))
   6251		reset = 1;
   6252
   6253	switch(*uwrq) {
   6254		case IW_MODE_ADHOC:
   6255			local->config.opmode &= ~MODE_CFG_MASK;
   6256			local->config.opmode |= MODE_STA_IBSS;
   6257			local->config.rmode &= ~RXMODE_FULL_MASK;
   6258			local->config.scanMode = SCANMODE_ACTIVE;
   6259			clear_bit (FLAG_802_11, &local->flags);
   6260			break;
   6261		case IW_MODE_INFRA:
   6262			local->config.opmode &= ~MODE_CFG_MASK;
   6263			local->config.opmode |= MODE_STA_ESS;
   6264			local->config.rmode &= ~RXMODE_FULL_MASK;
   6265			local->config.scanMode = SCANMODE_ACTIVE;
   6266			clear_bit (FLAG_802_11, &local->flags);
   6267			break;
   6268		case IW_MODE_MASTER:
   6269			local->config.opmode &= ~MODE_CFG_MASK;
   6270			local->config.opmode |= MODE_AP;
   6271			local->config.rmode &= ~RXMODE_FULL_MASK;
   6272			local->config.scanMode = SCANMODE_ACTIVE;
   6273			clear_bit (FLAG_802_11, &local->flags);
   6274			break;
   6275		case IW_MODE_REPEAT:
   6276			local->config.opmode &= ~MODE_CFG_MASK;
   6277			local->config.opmode |= MODE_AP_RPTR;
   6278			local->config.rmode &= ~RXMODE_FULL_MASK;
   6279			local->config.scanMode = SCANMODE_ACTIVE;
   6280			clear_bit (FLAG_802_11, &local->flags);
   6281			break;
   6282		case IW_MODE_MONITOR:
   6283			local->config.opmode &= ~MODE_CFG_MASK;
   6284			local->config.opmode |= MODE_STA_ESS;
   6285			local->config.rmode &= ~RXMODE_FULL_MASK;
   6286			local->config.rmode |= RXMODE_RFMON | RXMODE_DISABLE_802_3_HEADER;
   6287			local->config.scanMode = SCANMODE_PASSIVE;
   6288			set_bit (FLAG_802_11, &local->flags);
   6289			break;
   6290		default:
   6291			return -EINVAL;
   6292	}
   6293	if (reset)
   6294		set_bit (FLAG_RESET, &local->flags);
   6295	set_bit (FLAG_COMMIT, &local->flags);
   6296
   6297	return -EINPROGRESS;		/* Call commit handler */
   6298}
   6299
   6300/*------------------------------------------------------------------*/
   6301/*
   6302 * Wireless Handler : get Mode of Operation
   6303 */
   6304static int airo_get_mode(struct net_device *dev,
   6305			 struct iw_request_info *info,
   6306			 __u32 *uwrq,
   6307			 char *extra)
   6308{
   6309	struct airo_info *local = dev->ml_priv;
   6310
   6311	readConfigRid(local, 1);
   6312	/* If not managed, assume it's ad-hoc */
   6313	switch (local->config.opmode & MODE_CFG_MASK) {
   6314		case MODE_STA_ESS:
   6315			*uwrq = IW_MODE_INFRA;
   6316			break;
   6317		case MODE_AP:
   6318			*uwrq = IW_MODE_MASTER;
   6319			break;
   6320		case MODE_AP_RPTR:
   6321			*uwrq = IW_MODE_REPEAT;
   6322			break;
   6323		default:
   6324			*uwrq = IW_MODE_ADHOC;
   6325	}
   6326
   6327	return 0;
   6328}
   6329
   6330static inline int valid_index(struct airo_info *ai, int index)
   6331{
   6332	return (index >= 0) && (index <= ai->max_wep_idx);
   6333}
   6334
   6335/*------------------------------------------------------------------*/
   6336/*
   6337 * Wireless Handler : set Encryption Key
   6338 */
   6339static int airo_set_encode(struct net_device *dev,
   6340			   struct iw_request_info *info,
   6341			   struct iw_point *dwrq,
   6342			   char *extra)
   6343{
   6344	struct airo_info *local = dev->ml_priv;
   6345	int perm = (dwrq->flags & IW_ENCODE_TEMP ? 0 : 1);
   6346	__le16 currentAuthType = local->config.authType;
   6347	int rc = 0;
   6348
   6349	if (!local->wep_capable)
   6350		return -EOPNOTSUPP;
   6351
   6352	readConfigRid(local, 1);
   6353
   6354	/* Basic checking: do we have a key to set ?
   6355	 * Note : with the new API, it's impossible to get a NULL pointer.
   6356	 * Therefore, we need to check a key size == 0 instead.
   6357	 * New version of iwconfig properly set the IW_ENCODE_NOKEY flag
   6358	 * when no key is present (only change flags), but older versions
   6359	 * don't do it. - Jean II */
   6360	if (dwrq->length > 0) {
   6361		wep_key_t key;
   6362		int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
   6363		int current_index;
   6364
   6365		/* Check the size of the key */
   6366		if (dwrq->length > MAX_KEY_SIZE) {
   6367			return -EINVAL;
   6368		}
   6369
   6370		current_index = get_wep_tx_idx(local);
   6371		if (current_index < 0)
   6372			current_index = 0;
   6373
   6374		/* Check the index (none -> use current) */
   6375		if (!valid_index(local, index))
   6376			index = current_index;
   6377
   6378		/* Set the length */
   6379		if (dwrq->length > MIN_KEY_SIZE)
   6380			key.len = MAX_KEY_SIZE;
   6381		else
   6382			key.len = MIN_KEY_SIZE;
   6383		/* Check if the key is not marked as invalid */
   6384		if (!(dwrq->flags & IW_ENCODE_NOKEY)) {
   6385			/* Cleanup */
   6386			memset(key.key, 0, MAX_KEY_SIZE);
   6387			/* Copy the key in the driver */
   6388			memcpy(key.key, extra, dwrq->length);
   6389			/* Send the key to the card */
   6390			rc = set_wep_key(local, index, key.key, key.len, perm, 1);
   6391			if (rc < 0) {
   6392				airo_print_err(local->dev->name, "failed to set"
   6393				               " WEP key at index %d: %d.",
   6394				               index, rc);
   6395				return rc;
   6396			}
   6397		}
   6398		/* WE specify that if a valid key is set, encryption
   6399		 * should be enabled (user may turn it off later)
   6400		 * This is also how "iwconfig ethX key on" works */
   6401		if ((index == current_index) && (key.len > 0) &&
   6402		   (local->config.authType == AUTH_OPEN))
   6403			set_auth_type(local, AUTH_ENCRYPT);
   6404	} else {
   6405		/* Do we want to just set the transmit key index ? */
   6406		int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
   6407		if (valid_index(local, index)) {
   6408			rc = set_wep_tx_idx(local, index, perm, 1);
   6409			if (rc < 0) {
   6410				airo_print_err(local->dev->name, "failed to set"
   6411				               " WEP transmit index to %d: %d.",
   6412				               index, rc);
   6413				return rc;
   6414			}
   6415		} else {
   6416			/* Don't complain if only change the mode */
   6417			if (!(dwrq->flags & IW_ENCODE_MODE))
   6418				return -EINVAL;
   6419		}
   6420	}
   6421	/* Read the flags */
   6422	if (dwrq->flags & IW_ENCODE_DISABLED)
   6423		set_auth_type(local, AUTH_OPEN);	/* disable encryption */
   6424	if (dwrq->flags & IW_ENCODE_RESTRICTED)
   6425		set_auth_type(local, AUTH_SHAREDKEY);	/* Only Both */
   6426	if (dwrq->flags & IW_ENCODE_OPEN)
   6427		set_auth_type(local, AUTH_ENCRYPT);	/* Only Wep */
   6428	/* Commit the changes to flags if needed */
   6429	if (local->config.authType != currentAuthType)
   6430		set_bit (FLAG_COMMIT, &local->flags);
   6431	return -EINPROGRESS;		/* Call commit handler */
   6432}
   6433
   6434/*------------------------------------------------------------------*/
   6435/*
   6436 * Wireless Handler : get Encryption Key
   6437 */
   6438static int airo_get_encode(struct net_device *dev,
   6439			   struct iw_request_info *info,
   6440			   struct iw_point *dwrq,
   6441			   char *extra)
   6442{
   6443	struct airo_info *local = dev->ml_priv;
   6444	int index = (dwrq->flags & IW_ENCODE_INDEX) - 1;
   6445	int wep_key_len;
   6446	u8 buf[16];
   6447
   6448	if (!local->wep_capable)
   6449		return -EOPNOTSUPP;
   6450
   6451	readConfigRid(local, 1);
   6452
   6453	/* Check encryption mode */
   6454	switch(local->config.authType)	{
   6455		case AUTH_ENCRYPT:
   6456			dwrq->flags = IW_ENCODE_OPEN;
   6457			break;
   6458		case AUTH_SHAREDKEY:
   6459			dwrq->flags = IW_ENCODE_RESTRICTED;
   6460			break;
   6461		default:
   6462		case AUTH_OPEN:
   6463			dwrq->flags = IW_ENCODE_DISABLED;
   6464			break;
   6465	}
   6466	/* We can't return the key, so set the proper flag and return zero */
   6467	dwrq->flags |= IW_ENCODE_NOKEY;
   6468	memset(extra, 0, 16);
   6469
   6470	/* Which key do we want ? -1 -> tx index */
   6471	if (!valid_index(local, index)) {
   6472		index = get_wep_tx_idx(local);
   6473		if (index < 0)
   6474			index = 0;
   6475	}
   6476	dwrq->flags |= index + 1;
   6477
   6478	/* Copy the key to the user buffer */
   6479	wep_key_len = get_wep_key(local, index, &buf[0], sizeof(buf));
   6480	if (wep_key_len < 0) {
   6481		dwrq->length = 0;
   6482	} else {
   6483		dwrq->length = wep_key_len;
   6484		memcpy(extra, buf, dwrq->length);
   6485	}
   6486
   6487	return 0;
   6488}
   6489
   6490/*------------------------------------------------------------------*/
   6491/*
   6492 * Wireless Handler : set extended Encryption parameters
   6493 */
   6494static int airo_set_encodeext(struct net_device *dev,
   6495			   struct iw_request_info *info,
   6496			    union iwreq_data *wrqu,
   6497			    char *extra)
   6498{
   6499	struct airo_info *local = dev->ml_priv;
   6500	struct iw_point *encoding = &wrqu->encoding;
   6501	struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
   6502	int perm = (encoding->flags & IW_ENCODE_TEMP ? 0 : 1);
   6503	__le16 currentAuthType = local->config.authType;
   6504	int idx, key_len, alg = ext->alg, set_key = 1, rc;
   6505	wep_key_t key;
   6506
   6507	if (!local->wep_capable)
   6508		return -EOPNOTSUPP;
   6509
   6510	readConfigRid(local, 1);
   6511
   6512	/* Determine and validate the key index */
   6513	idx = encoding->flags & IW_ENCODE_INDEX;
   6514	if (idx) {
   6515		if (!valid_index(local, idx - 1))
   6516			return -EINVAL;
   6517		idx--;
   6518	} else {
   6519		idx = get_wep_tx_idx(local);
   6520		if (idx < 0)
   6521			idx = 0;
   6522	}
   6523
   6524	if (encoding->flags & IW_ENCODE_DISABLED)
   6525		alg = IW_ENCODE_ALG_NONE;
   6526
   6527	if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
   6528		/* Only set transmit key index here, actual
   6529		 * key is set below if needed.
   6530		 */
   6531		rc = set_wep_tx_idx(local, idx, perm, 1);
   6532		if (rc < 0) {
   6533			airo_print_err(local->dev->name, "failed to set "
   6534			               "WEP transmit index to %d: %d.",
   6535			               idx, rc);
   6536			return rc;
   6537		}
   6538		set_key = ext->key_len > 0 ? 1 : 0;
   6539	}
   6540
   6541	if (set_key) {
   6542		/* Set the requested key first */
   6543		memset(key.key, 0, MAX_KEY_SIZE);
   6544		switch (alg) {
   6545		case IW_ENCODE_ALG_NONE:
   6546			key.len = 0;
   6547			break;
   6548		case IW_ENCODE_ALG_WEP:
   6549			if (ext->key_len > MIN_KEY_SIZE) {
   6550				key.len = MAX_KEY_SIZE;
   6551			} else if (ext->key_len > 0) {
   6552				key.len = MIN_KEY_SIZE;
   6553			} else {
   6554				return -EINVAL;
   6555			}
   6556			key_len = min (ext->key_len, key.len);
   6557			memcpy(key.key, ext->key, key_len);
   6558			break;
   6559		default:
   6560			return -EINVAL;
   6561		}
   6562		if (key.len == 0) {
   6563			rc = set_wep_tx_idx(local, idx, perm, 1);
   6564			if (rc < 0) {
   6565				airo_print_err(local->dev->name,
   6566					       "failed to set WEP transmit index to %d: %d.",
   6567					       idx, rc);
   6568				return rc;
   6569			}
   6570		} else {
   6571			rc = set_wep_key(local, idx, key.key, key.len, perm, 1);
   6572			if (rc < 0) {
   6573				airo_print_err(local->dev->name,
   6574					       "failed to set WEP key at index %d: %d.",
   6575					       idx, rc);
   6576				return rc;
   6577			}
   6578		}
   6579	}
   6580
   6581	/* Read the flags */
   6582	if (encoding->flags & IW_ENCODE_DISABLED)
   6583		set_auth_type(local, AUTH_OPEN);	/* disable encryption */
   6584	if (encoding->flags & IW_ENCODE_RESTRICTED)
   6585		set_auth_type(local, AUTH_SHAREDKEY);	/* Only Both */
   6586	if (encoding->flags & IW_ENCODE_OPEN)
   6587		set_auth_type(local, AUTH_ENCRYPT);
   6588	/* Commit the changes to flags if needed */
   6589	if (local->config.authType != currentAuthType)
   6590		set_bit (FLAG_COMMIT, &local->flags);
   6591
   6592	return -EINPROGRESS;
   6593}
   6594
   6595
   6596/*------------------------------------------------------------------*/
   6597/*
   6598 * Wireless Handler : get extended Encryption parameters
   6599 */
   6600static int airo_get_encodeext(struct net_device *dev,
   6601			    struct iw_request_info *info,
   6602			    union iwreq_data *wrqu,
   6603			    char *extra)
   6604{
   6605	struct airo_info *local = dev->ml_priv;
   6606	struct iw_point *encoding = &wrqu->encoding;
   6607	struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
   6608	int idx, max_key_len, wep_key_len;
   6609	u8 buf[16];
   6610
   6611	if (!local->wep_capable)
   6612		return -EOPNOTSUPP;
   6613
   6614	readConfigRid(local, 1);
   6615
   6616	max_key_len = encoding->length - sizeof(*ext);
   6617	if (max_key_len < 0)
   6618		return -EINVAL;
   6619
   6620	idx = encoding->flags & IW_ENCODE_INDEX;
   6621	if (idx) {
   6622		if (!valid_index(local, idx - 1))
   6623			return -EINVAL;
   6624		idx--;
   6625	} else {
   6626		idx = get_wep_tx_idx(local);
   6627		if (idx < 0)
   6628			idx = 0;
   6629	}
   6630
   6631	encoding->flags = idx + 1;
   6632	memset(ext, 0, sizeof(*ext));
   6633
   6634	/* Check encryption mode */
   6635	switch(local->config.authType) {
   6636		case AUTH_ENCRYPT:
   6637			encoding->flags = IW_ENCODE_ALG_WEP | IW_ENCODE_ENABLED;
   6638			break;
   6639		case AUTH_SHAREDKEY:
   6640			encoding->flags = IW_ENCODE_ALG_WEP | IW_ENCODE_ENABLED;
   6641			break;
   6642		default:
   6643		case AUTH_OPEN:
   6644			encoding->flags = IW_ENCODE_ALG_NONE | IW_ENCODE_DISABLED;
   6645			break;
   6646	}
   6647	/* We can't return the key, so set the proper flag and return zero */
   6648	encoding->flags |= IW_ENCODE_NOKEY;
   6649	memset(extra, 0, 16);
   6650
   6651	/* Copy the key to the user buffer */
   6652	wep_key_len = get_wep_key(local, idx, &buf[0], sizeof(buf));
   6653	if (wep_key_len < 0) {
   6654		ext->key_len = 0;
   6655	} else {
   6656		ext->key_len = wep_key_len;
   6657		memcpy(extra, buf, ext->key_len);
   6658	}
   6659
   6660	return 0;
   6661}
   6662
   6663
   6664/*------------------------------------------------------------------*/
   6665/*
   6666 * Wireless Handler : set extended authentication parameters
   6667 */
   6668static int airo_set_auth(struct net_device *dev,
   6669			       struct iw_request_info *info,
   6670			       union iwreq_data *wrqu, char *extra)
   6671{
   6672	struct airo_info *local = dev->ml_priv;
   6673	struct iw_param *param = &wrqu->param;
   6674	__le16 currentAuthType = local->config.authType;
   6675
   6676	switch (param->flags & IW_AUTH_INDEX) {
   6677	case IW_AUTH_WPA_VERSION:
   6678	case IW_AUTH_CIPHER_PAIRWISE:
   6679	case IW_AUTH_CIPHER_GROUP:
   6680	case IW_AUTH_KEY_MGMT:
   6681	case IW_AUTH_RX_UNENCRYPTED_EAPOL:
   6682	case IW_AUTH_PRIVACY_INVOKED:
   6683		/*
   6684		 * airo does not use these parameters
   6685		 */
   6686		break;
   6687
   6688	case IW_AUTH_DROP_UNENCRYPTED:
   6689		if (param->value) {
   6690			/* Only change auth type if unencrypted */
   6691			if (currentAuthType == AUTH_OPEN)
   6692				set_auth_type(local, AUTH_ENCRYPT);
   6693		} else {
   6694			set_auth_type(local, AUTH_OPEN);
   6695		}
   6696
   6697		/* Commit the changes to flags if needed */
   6698		if (local->config.authType != currentAuthType)
   6699			set_bit (FLAG_COMMIT, &local->flags);
   6700		break;
   6701
   6702	case IW_AUTH_80211_AUTH_ALG: {
   6703			if (param->value & IW_AUTH_ALG_SHARED_KEY) {
   6704				set_auth_type(local, AUTH_SHAREDKEY);
   6705			} else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
   6706				/* We don't know here if WEP open system or
   6707				 * unencrypted mode was requested - so use the
   6708				 * last mode (of these two) used last time
   6709				 */
   6710				set_auth_type(local, local->last_auth);
   6711			} else
   6712				return -EINVAL;
   6713
   6714			/* Commit the changes to flags if needed */
   6715			if (local->config.authType != currentAuthType)
   6716				set_bit (FLAG_COMMIT, &local->flags);
   6717			break;
   6718		}
   6719
   6720	case IW_AUTH_WPA_ENABLED:
   6721		/* Silently accept disable of WPA */
   6722		if (param->value > 0)
   6723			return -EOPNOTSUPP;
   6724		break;
   6725
   6726	default:
   6727		return -EOPNOTSUPP;
   6728	}
   6729	return -EINPROGRESS;
   6730}
   6731
   6732
   6733/*------------------------------------------------------------------*/
   6734/*
   6735 * Wireless Handler : get extended authentication parameters
   6736 */
   6737static int airo_get_auth(struct net_device *dev,
   6738			       struct iw_request_info *info,
   6739			       union iwreq_data *wrqu, char *extra)
   6740{
   6741	struct airo_info *local = dev->ml_priv;
   6742	struct iw_param *param = &wrqu->param;
   6743	__le16 currentAuthType = local->config.authType;
   6744
   6745	switch (param->flags & IW_AUTH_INDEX) {
   6746	case IW_AUTH_DROP_UNENCRYPTED:
   6747		switch (currentAuthType) {
   6748		case AUTH_SHAREDKEY:
   6749		case AUTH_ENCRYPT:
   6750			param->value = 1;
   6751			break;
   6752		default:
   6753			param->value = 0;
   6754			break;
   6755		}
   6756		break;
   6757
   6758	case IW_AUTH_80211_AUTH_ALG:
   6759		switch (currentAuthType) {
   6760		case AUTH_SHAREDKEY:
   6761			param->value = IW_AUTH_ALG_SHARED_KEY;
   6762			break;
   6763		case AUTH_ENCRYPT:
   6764		default:
   6765			param->value = IW_AUTH_ALG_OPEN_SYSTEM;
   6766			break;
   6767		}
   6768		break;
   6769
   6770	case IW_AUTH_WPA_ENABLED:
   6771		param->value = 0;
   6772		break;
   6773
   6774	default:
   6775		return -EOPNOTSUPP;
   6776	}
   6777	return 0;
   6778}
   6779
   6780
   6781/*------------------------------------------------------------------*/
   6782/*
   6783 * Wireless Handler : set Tx-Power
   6784 */
   6785static int airo_set_txpow(struct net_device *dev,
   6786			  struct iw_request_info *info,
   6787			  struct iw_param *vwrq,
   6788			  char *extra)
   6789{
   6790	struct airo_info *local = dev->ml_priv;
   6791	CapabilityRid cap_rid;		/* Card capability info */
   6792	int i;
   6793	int rc = -EINVAL;
   6794	__le16 v = cpu_to_le16(vwrq->value);
   6795
   6796	readCapabilityRid(local, &cap_rid, 1);
   6797
   6798	if (vwrq->disabled) {
   6799		set_bit (FLAG_RADIO_OFF, &local->flags);
   6800		set_bit (FLAG_COMMIT, &local->flags);
   6801		return -EINPROGRESS;		/* Call commit handler */
   6802	}
   6803	if (vwrq->flags != IW_TXPOW_MWATT) {
   6804		return -EINVAL;
   6805	}
   6806	clear_bit (FLAG_RADIO_OFF, &local->flags);
   6807	for (i = 0; i < 8 && cap_rid.txPowerLevels[i]; i++)
   6808		if (v == cap_rid.txPowerLevels[i]) {
   6809			readConfigRid(local, 1);
   6810			local->config.txPower = v;
   6811			set_bit (FLAG_COMMIT, &local->flags);
   6812			rc = -EINPROGRESS;	/* Call commit handler */
   6813			break;
   6814		}
   6815	return rc;
   6816}
   6817
   6818/*------------------------------------------------------------------*/
   6819/*
   6820 * Wireless Handler : get Tx-Power
   6821 */
   6822static int airo_get_txpow(struct net_device *dev,
   6823			  struct iw_request_info *info,
   6824			  struct iw_param *vwrq,
   6825			  char *extra)
   6826{
   6827	struct airo_info *local = dev->ml_priv;
   6828
   6829	readConfigRid(local, 1);
   6830	vwrq->value = le16_to_cpu(local->config.txPower);
   6831	vwrq->fixed = 1;	/* No power control */
   6832	vwrq->disabled = test_bit(FLAG_RADIO_OFF, &local->flags);
   6833	vwrq->flags = IW_TXPOW_MWATT;
   6834
   6835	return 0;
   6836}
   6837
   6838/*------------------------------------------------------------------*/
   6839/*
   6840 * Wireless Handler : set Retry limits
   6841 */
   6842static int airo_set_retry(struct net_device *dev,
   6843			  struct iw_request_info *info,
   6844			  struct iw_param *vwrq,
   6845			  char *extra)
   6846{
   6847	struct airo_info *local = dev->ml_priv;
   6848	int rc = -EINVAL;
   6849
   6850	if (vwrq->disabled) {
   6851		return -EINVAL;
   6852	}
   6853	readConfigRid(local, 1);
   6854	if (vwrq->flags & IW_RETRY_LIMIT) {
   6855		__le16 v = cpu_to_le16(vwrq->value);
   6856		if (vwrq->flags & IW_RETRY_LONG)
   6857			local->config.longRetryLimit = v;
   6858		else if (vwrq->flags & IW_RETRY_SHORT)
   6859			local->config.shortRetryLimit = v;
   6860		else {
   6861			/* No modifier : set both */
   6862			local->config.longRetryLimit = v;
   6863			local->config.shortRetryLimit = v;
   6864		}
   6865		set_bit (FLAG_COMMIT, &local->flags);
   6866		rc = -EINPROGRESS;		/* Call commit handler */
   6867	}
   6868	if (vwrq->flags & IW_RETRY_LIFETIME) {
   6869		local->config.txLifetime = cpu_to_le16(vwrq->value / 1024);
   6870		set_bit (FLAG_COMMIT, &local->flags);
   6871		rc = -EINPROGRESS;		/* Call commit handler */
   6872	}
   6873	return rc;
   6874}
   6875
   6876/*------------------------------------------------------------------*/
   6877/*
   6878 * Wireless Handler : get Retry limits
   6879 */
   6880static int airo_get_retry(struct net_device *dev,
   6881			  struct iw_request_info *info,
   6882			  struct iw_param *vwrq,
   6883			  char *extra)
   6884{
   6885	struct airo_info *local = dev->ml_priv;
   6886
   6887	vwrq->disabled = 0;      /* Can't be disabled */
   6888
   6889	readConfigRid(local, 1);
   6890	/* Note : by default, display the min retry number */
   6891	if ((vwrq->flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME) {
   6892		vwrq->flags = IW_RETRY_LIFETIME;
   6893		vwrq->value = le16_to_cpu(local->config.txLifetime) * 1024;
   6894	} else if ((vwrq->flags & IW_RETRY_LONG)) {
   6895		vwrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
   6896		vwrq->value = le16_to_cpu(local->config.longRetryLimit);
   6897	} else {
   6898		vwrq->flags = IW_RETRY_LIMIT;
   6899		vwrq->value = le16_to_cpu(local->config.shortRetryLimit);
   6900		if (local->config.shortRetryLimit != local->config.longRetryLimit)
   6901			vwrq->flags |= IW_RETRY_SHORT;
   6902	}
   6903
   6904	return 0;
   6905}
   6906
   6907/*------------------------------------------------------------------*/
   6908/*
   6909 * Wireless Handler : get range info
   6910 */
   6911static int airo_get_range(struct net_device *dev,
   6912			  struct iw_request_info *info,
   6913			  struct iw_point *dwrq,
   6914			  char *extra)
   6915{
   6916	struct airo_info *local = dev->ml_priv;
   6917	struct iw_range *range = (struct iw_range *) extra;
   6918	CapabilityRid cap_rid;		/* Card capability info */
   6919	int		i;
   6920	int		k;
   6921
   6922	readCapabilityRid(local, &cap_rid, 1);
   6923
   6924	dwrq->length = sizeof(struct iw_range);
   6925	memset(range, 0, sizeof(*range));
   6926	range->min_nwid = 0x0000;
   6927	range->max_nwid = 0x0000;
   6928	range->num_channels = 14;
   6929	/* Should be based on cap_rid.country to give only
   6930	 * what the current card support */
   6931	k = 0;
   6932	for (i = 0; i < 14; i++) {
   6933		range->freq[k].i = i + 1; /* List index */
   6934		range->freq[k].m = 100000 *
   6935		     ieee80211_channel_to_frequency(i + 1, NL80211_BAND_2GHZ);
   6936		range->freq[k++].e = 1;	/* Values in MHz -> * 10^5 * 10 */
   6937	}
   6938	range->num_frequency = k;
   6939
   6940	range->sensitivity = 65535;
   6941
   6942	/* Hum... Should put the right values there */
   6943	if (local->rssi)
   6944		range->max_qual.qual = 100;	/* % */
   6945	else
   6946		range->max_qual.qual = airo_get_max_quality(&cap_rid);
   6947	range->max_qual.level = 0x100 - 120;	/* -120 dBm */
   6948	range->max_qual.noise = 0x100 - 120;	/* -120 dBm */
   6949
   6950	/* Experimental measurements - boundary 11/5.5 Mb/s */
   6951	/* Note : with or without the (local->rssi), results
   6952	 * are somewhat different. - Jean II */
   6953	if (local->rssi) {
   6954		range->avg_qual.qual = 50;		/* % */
   6955		range->avg_qual.level = 0x100 - 70;	/* -70 dBm */
   6956	} else {
   6957		range->avg_qual.qual = airo_get_avg_quality(&cap_rid);
   6958		range->avg_qual.level = 0x100 - 80;	/* -80 dBm */
   6959	}
   6960	range->avg_qual.noise = 0x100 - 85;		/* -85 dBm */
   6961
   6962	for (i = 0 ; i < 8 ; i++) {
   6963		range->bitrate[i] = cap_rid.supportedRates[i] * 500000;
   6964		if (range->bitrate[i] == 0)
   6965			break;
   6966	}
   6967	range->num_bitrates = i;
   6968
   6969	/* Set an indication of the max TCP throughput
   6970	 * in bit/s that we can expect using this interface.
   6971	 * May be use for QoS stuff... Jean II */
   6972	if (i > 2)
   6973		range->throughput = 5000 * 1000;
   6974	else
   6975		range->throughput = 1500 * 1000;
   6976
   6977	range->min_rts = 0;
   6978	range->max_rts = AIRO_DEF_MTU;
   6979	range->min_frag = 256;
   6980	range->max_frag = AIRO_DEF_MTU;
   6981
   6982	if (cap_rid.softCap & cpu_to_le16(2)) {
   6983		// WEP: RC4 40 bits
   6984		range->encoding_size[0] = 5;
   6985		// RC4 ~128 bits
   6986		if (cap_rid.softCap & cpu_to_le16(0x100)) {
   6987			range->encoding_size[1] = 13;
   6988			range->num_encoding_sizes = 2;
   6989		} else
   6990			range->num_encoding_sizes = 1;
   6991		range->max_encoding_tokens =
   6992			cap_rid.softCap & cpu_to_le16(0x80) ? 4 : 1;
   6993	} else {
   6994		range->num_encoding_sizes = 0;
   6995		range->max_encoding_tokens = 0;
   6996	}
   6997	range->min_pmp = 0;
   6998	range->max_pmp = 5000000;	/* 5 secs */
   6999	range->min_pmt = 0;
   7000	range->max_pmt = 65535 * 1024;	/* ??? */
   7001	range->pmp_flags = IW_POWER_PERIOD;
   7002	range->pmt_flags = IW_POWER_TIMEOUT;
   7003	range->pm_capa = IW_POWER_PERIOD | IW_POWER_TIMEOUT | IW_POWER_ALL_R;
   7004
   7005	/* Transmit Power - values are in mW */
   7006	for (i = 0 ; i < 8 ; i++) {
   7007		range->txpower[i] = le16_to_cpu(cap_rid.txPowerLevels[i]);
   7008		if (range->txpower[i] == 0)
   7009			break;
   7010	}
   7011	range->num_txpower = i;
   7012	range->txpower_capa = IW_TXPOW_MWATT;
   7013	range->we_version_source = 19;
   7014	range->we_version_compiled = WIRELESS_EXT;
   7015	range->retry_capa = IW_RETRY_LIMIT | IW_RETRY_LIFETIME;
   7016	range->retry_flags = IW_RETRY_LIMIT;
   7017	range->r_time_flags = IW_RETRY_LIFETIME;
   7018	range->min_retry = 1;
   7019	range->max_retry = 65535;
   7020	range->min_r_time = 1024;
   7021	range->max_r_time = 65535 * 1024;
   7022
   7023	/* Event capability (kernel + driver) */
   7024	range->event_capa[0] = (IW_EVENT_CAPA_K_0 |
   7025				IW_EVENT_CAPA_MASK(SIOCGIWTHRSPY) |
   7026				IW_EVENT_CAPA_MASK(SIOCGIWAP) |
   7027				IW_EVENT_CAPA_MASK(SIOCGIWSCAN));
   7028	range->event_capa[1] = IW_EVENT_CAPA_K_1;
   7029	range->event_capa[4] = IW_EVENT_CAPA_MASK(IWEVTXDROP);
   7030	return 0;
   7031}
   7032
   7033/*------------------------------------------------------------------*/
   7034/*
   7035 * Wireless Handler : set Power Management
   7036 */
   7037static int airo_set_power(struct net_device *dev,
   7038			  struct iw_request_info *info,
   7039			  struct iw_param *vwrq,
   7040			  char *extra)
   7041{
   7042	struct airo_info *local = dev->ml_priv;
   7043
   7044	readConfigRid(local, 1);
   7045	if (vwrq->disabled) {
   7046		if (sniffing_mode(local))
   7047			return -EINVAL;
   7048		local->config.powerSaveMode = POWERSAVE_CAM;
   7049		local->config.rmode &= ~RXMODE_MASK;
   7050		local->config.rmode |= RXMODE_BC_MC_ADDR;
   7051		set_bit (FLAG_COMMIT, &local->flags);
   7052		return -EINPROGRESS;		/* Call commit handler */
   7053	}
   7054	if ((vwrq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
   7055		local->config.fastListenDelay = cpu_to_le16((vwrq->value + 500) / 1024);
   7056		local->config.powerSaveMode = POWERSAVE_PSPCAM;
   7057		set_bit (FLAG_COMMIT, &local->flags);
   7058	} else if ((vwrq->flags & IW_POWER_TYPE) == IW_POWER_PERIOD) {
   7059		local->config.fastListenInterval =
   7060		local->config.listenInterval =
   7061			cpu_to_le16((vwrq->value + 500) / 1024);
   7062		local->config.powerSaveMode = POWERSAVE_PSPCAM;
   7063		set_bit (FLAG_COMMIT, &local->flags);
   7064	}
   7065	switch (vwrq->flags & IW_POWER_MODE) {
   7066		case IW_POWER_UNICAST_R:
   7067			if (sniffing_mode(local))
   7068				return -EINVAL;
   7069			local->config.rmode &= ~RXMODE_MASK;
   7070			local->config.rmode |= RXMODE_ADDR;
   7071			set_bit (FLAG_COMMIT, &local->flags);
   7072			break;
   7073		case IW_POWER_ALL_R:
   7074			if (sniffing_mode(local))
   7075				return -EINVAL;
   7076			local->config.rmode &= ~RXMODE_MASK;
   7077			local->config.rmode |= RXMODE_BC_MC_ADDR;
   7078			set_bit (FLAG_COMMIT, &local->flags);
   7079			break;
   7080		case IW_POWER_ON:
   7081			/* This is broken, fixme ;-) */
   7082			break;
   7083		default:
   7084			return -EINVAL;
   7085	}
   7086	// Note : we may want to factor local->need_commit here
   7087	// Note2 : may also want to factor RXMODE_RFMON test
   7088	return -EINPROGRESS;		/* Call commit handler */
   7089}
   7090
   7091/*------------------------------------------------------------------*/
   7092/*
   7093 * Wireless Handler : get Power Management
   7094 */
   7095static int airo_get_power(struct net_device *dev,
   7096			  struct iw_request_info *info,
   7097			  struct iw_param *vwrq,
   7098			  char *extra)
   7099{
   7100	struct airo_info *local = dev->ml_priv;
   7101	__le16 mode;
   7102
   7103	readConfigRid(local, 1);
   7104	mode = local->config.powerSaveMode;
   7105	if ((vwrq->disabled = (mode == POWERSAVE_CAM)))
   7106		return 0;
   7107	if ((vwrq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
   7108		vwrq->value = le16_to_cpu(local->config.fastListenDelay) * 1024;
   7109		vwrq->flags = IW_POWER_TIMEOUT;
   7110	} else {
   7111		vwrq->value = le16_to_cpu(local->config.fastListenInterval) * 1024;
   7112		vwrq->flags = IW_POWER_PERIOD;
   7113	}
   7114	if ((local->config.rmode & RXMODE_MASK) == RXMODE_ADDR)
   7115		vwrq->flags |= IW_POWER_UNICAST_R;
   7116	else
   7117		vwrq->flags |= IW_POWER_ALL_R;
   7118
   7119	return 0;
   7120}
   7121
   7122/*------------------------------------------------------------------*/
   7123/*
   7124 * Wireless Handler : set Sensitivity
   7125 */
   7126static int airo_set_sens(struct net_device *dev,
   7127			 struct iw_request_info *info,
   7128			 struct iw_param *vwrq,
   7129			 char *extra)
   7130{
   7131	struct airo_info *local = dev->ml_priv;
   7132
   7133	readConfigRid(local, 1);
   7134	local->config.rssiThreshold =
   7135		cpu_to_le16(vwrq->disabled ? RSSI_DEFAULT : vwrq->value);
   7136	set_bit (FLAG_COMMIT, &local->flags);
   7137
   7138	return -EINPROGRESS;		/* Call commit handler */
   7139}
   7140
   7141/*------------------------------------------------------------------*/
   7142/*
   7143 * Wireless Handler : get Sensitivity
   7144 */
   7145static int airo_get_sens(struct net_device *dev,
   7146			 struct iw_request_info *info,
   7147			 struct iw_param *vwrq,
   7148			 char *extra)
   7149{
   7150	struct airo_info *local = dev->ml_priv;
   7151
   7152	readConfigRid(local, 1);
   7153	vwrq->value = le16_to_cpu(local->config.rssiThreshold);
   7154	vwrq->disabled = (vwrq->value == 0);
   7155	vwrq->fixed = 1;
   7156
   7157	return 0;
   7158}
   7159
   7160/*------------------------------------------------------------------*/
   7161/*
   7162 * Wireless Handler : get AP List
   7163 * Note : this is deprecated in favor of IWSCAN
   7164 */
   7165static int airo_get_aplist(struct net_device *dev,
   7166			   struct iw_request_info *info,
   7167			   struct iw_point *dwrq,
   7168			   char *extra)
   7169{
   7170	struct airo_info *local = dev->ml_priv;
   7171	struct sockaddr *address = (struct sockaddr *) extra;
   7172	struct iw_quality *qual;
   7173	BSSListRid BSSList;
   7174	int i;
   7175	int loseSync = capable(CAP_NET_ADMIN) ? 1: -1;
   7176
   7177	qual = kmalloc_array(IW_MAX_AP, sizeof(*qual), GFP_KERNEL);
   7178	if (!qual)
   7179		return -ENOMEM;
   7180
   7181	for (i = 0; i < IW_MAX_AP; i++) {
   7182		u16 dBm;
   7183		if (readBSSListRid(local, loseSync, &BSSList))
   7184			break;
   7185		loseSync = 0;
   7186		memcpy(address[i].sa_data, BSSList.bssid, ETH_ALEN);
   7187		address[i].sa_family = ARPHRD_ETHER;
   7188		dBm = le16_to_cpu(BSSList.dBm);
   7189		if (local->rssi) {
   7190			qual[i].level = 0x100 - dBm;
   7191			qual[i].qual = airo_dbm_to_pct(local->rssi, dBm);
   7192			qual[i].updated = IW_QUAL_QUAL_UPDATED
   7193					| IW_QUAL_LEVEL_UPDATED
   7194					| IW_QUAL_DBM;
   7195		} else {
   7196			qual[i].level = (dBm + 321) / 2;
   7197			qual[i].qual = 0;
   7198			qual[i].updated = IW_QUAL_QUAL_INVALID
   7199					| IW_QUAL_LEVEL_UPDATED
   7200					| IW_QUAL_DBM;
   7201		}
   7202		qual[i].noise = local->wstats.qual.noise;
   7203		if (BSSList.index == cpu_to_le16(0xffff))
   7204			break;
   7205	}
   7206	if (!i) {
   7207		StatusRid status_rid;		/* Card status info */
   7208		readStatusRid(local, &status_rid, 1);
   7209		for (i = 0;
   7210		     i < min(IW_MAX_AP, 4) &&
   7211			     (status_rid.bssid[i][0]
   7212			      & status_rid.bssid[i][1]
   7213			      & status_rid.bssid[i][2]
   7214			      & status_rid.bssid[i][3]
   7215			      & status_rid.bssid[i][4]
   7216			      & status_rid.bssid[i][5])!=0xff &&
   7217			     (status_rid.bssid[i][0]
   7218			      | status_rid.bssid[i][1]
   7219			      | status_rid.bssid[i][2]
   7220			      | status_rid.bssid[i][3]
   7221			      | status_rid.bssid[i][4]
   7222			      | status_rid.bssid[i][5]);
   7223		     i++) {
   7224			memcpy(address[i].sa_data,
   7225			       status_rid.bssid[i], ETH_ALEN);
   7226			address[i].sa_family = ARPHRD_ETHER;
   7227		}
   7228	} else {
   7229		dwrq->flags = 1; /* Should be define'd */
   7230		memcpy(extra + sizeof(struct sockaddr) * i, qual,
   7231		       sizeof(struct iw_quality) * i);
   7232	}
   7233	dwrq->length = i;
   7234
   7235	kfree(qual);
   7236	return 0;
   7237}
   7238
   7239/*------------------------------------------------------------------*/
   7240/*
   7241 * Wireless Handler : Initiate Scan
   7242 */
   7243static int airo_set_scan(struct net_device *dev,
   7244			 struct iw_request_info *info,
   7245			 struct iw_point *dwrq,
   7246			 char *extra)
   7247{
   7248	struct airo_info *ai = dev->ml_priv;
   7249	Cmd cmd;
   7250	Resp rsp;
   7251	int wake = 0;
   7252	APListRid APList_rid_empty;
   7253
   7254	/* Note : you may have realised that, as this is a SET operation,
   7255	 * this is privileged and therefore a normal user can't
   7256	 * perform scanning.
   7257	 * This is not an error, while the device perform scanning,
   7258	 * traffic doesn't flow, so it's a perfect DoS...
   7259	 * Jean II */
   7260	if (ai->flags & FLAG_RADIO_MASK) return -ENETDOWN;
   7261
   7262	if (down_interruptible(&ai->sem))
   7263		return -ERESTARTSYS;
   7264
   7265	/* If there's already a scan in progress, don't
   7266	 * trigger another one. */
   7267	if (ai->scan_timeout > 0)
   7268		goto out;
   7269
   7270	/* Clear APList as it affects scan results */
   7271	memset(&APList_rid_empty, 0, sizeof(APList_rid_empty));
   7272	APList_rid_empty.len = cpu_to_le16(sizeof(APList_rid_empty));
   7273	disable_MAC(ai, 2);
   7274	writeAPListRid(ai, &APList_rid_empty, 0);
   7275	enable_MAC(ai, 0);
   7276
   7277	/* Initiate a scan command */
   7278	ai->scan_timeout = RUN_AT(3*HZ);
   7279	memset(&cmd, 0, sizeof(cmd));
   7280	cmd.cmd = CMD_LISTBSS;
   7281	issuecommand(ai, &cmd, &rsp, true);
   7282	wake = 1;
   7283
   7284out:
   7285	up(&ai->sem);
   7286	if (wake)
   7287		wake_up_interruptible(&ai->thr_wait);
   7288	return 0;
   7289}
   7290
   7291/*------------------------------------------------------------------*/
   7292/*
   7293 * Translate scan data returned from the card to a card independent
   7294 * format that the Wireless Tools will understand - Jean II
   7295 */
   7296static inline char *airo_translate_scan(struct net_device *dev,
   7297					struct iw_request_info *info,
   7298					char *current_ev,
   7299					char *end_buf,
   7300					BSSListRid *bss)
   7301{
   7302	struct airo_info *ai = dev->ml_priv;
   7303	struct iw_event		iwe;		/* Temporary buffer */
   7304	__le16			capabilities;
   7305	char *			current_val;	/* For rates */
   7306	int			i;
   7307	char *		buf;
   7308	u16 dBm;
   7309
   7310	/* First entry *MUST* be the AP MAC address */
   7311	iwe.cmd = SIOCGIWAP;
   7312	iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
   7313	memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
   7314	current_ev = iwe_stream_add_event(info, current_ev, end_buf,
   7315					  &iwe, IW_EV_ADDR_LEN);
   7316
   7317	/* Other entries will be displayed in the order we give them */
   7318
   7319	/* Add the ESSID */
   7320	iwe.u.data.length = bss->ssidLen;
   7321	if (iwe.u.data.length > 32)
   7322		iwe.u.data.length = 32;
   7323	iwe.cmd = SIOCGIWESSID;
   7324	iwe.u.data.flags = 1;
   7325	current_ev = iwe_stream_add_point(info, current_ev, end_buf,
   7326					  &iwe, bss->ssid);
   7327
   7328	/* Add mode */
   7329	iwe.cmd = SIOCGIWMODE;
   7330	capabilities = bss->cap;
   7331	if (capabilities & (CAP_ESS | CAP_IBSS)) {
   7332		if (capabilities & CAP_ESS)
   7333			iwe.u.mode = IW_MODE_MASTER;
   7334		else
   7335			iwe.u.mode = IW_MODE_ADHOC;
   7336		current_ev = iwe_stream_add_event(info, current_ev, end_buf,
   7337						  &iwe, IW_EV_UINT_LEN);
   7338	}
   7339
   7340	/* Add frequency */
   7341	iwe.cmd = SIOCGIWFREQ;
   7342	iwe.u.freq.m = le16_to_cpu(bss->dsChannel);
   7343	iwe.u.freq.m = 100000 *
   7344	      ieee80211_channel_to_frequency(iwe.u.freq.m, NL80211_BAND_2GHZ);
   7345	iwe.u.freq.e = 1;
   7346	current_ev = iwe_stream_add_event(info, current_ev, end_buf,
   7347					  &iwe, IW_EV_FREQ_LEN);
   7348
   7349	dBm = le16_to_cpu(bss->dBm);
   7350
   7351	/* Add quality statistics */
   7352	iwe.cmd = IWEVQUAL;
   7353	if (ai->rssi) {
   7354		iwe.u.qual.level = 0x100 - dBm;
   7355		iwe.u.qual.qual = airo_dbm_to_pct(ai->rssi, dBm);
   7356		iwe.u.qual.updated = IW_QUAL_QUAL_UPDATED
   7357				| IW_QUAL_LEVEL_UPDATED
   7358				| IW_QUAL_DBM;
   7359	} else {
   7360		iwe.u.qual.level = (dBm + 321) / 2;
   7361		iwe.u.qual.qual = 0;
   7362		iwe.u.qual.updated = IW_QUAL_QUAL_INVALID
   7363				| IW_QUAL_LEVEL_UPDATED
   7364				| IW_QUAL_DBM;
   7365	}
   7366	iwe.u.qual.noise = ai->wstats.qual.noise;
   7367	current_ev = iwe_stream_add_event(info, current_ev, end_buf,
   7368					  &iwe, IW_EV_QUAL_LEN);
   7369
   7370	/* Add encryption capability */
   7371	iwe.cmd = SIOCGIWENCODE;
   7372	if (capabilities & CAP_PRIVACY)
   7373		iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
   7374	else
   7375		iwe.u.data.flags = IW_ENCODE_DISABLED;
   7376	iwe.u.data.length = 0;
   7377	current_ev = iwe_stream_add_point(info, current_ev, end_buf,
   7378					  &iwe, bss->ssid);
   7379
   7380	/* Rate : stuffing multiple values in a single event require a bit
   7381	 * more of magic - Jean II */
   7382	current_val = current_ev + iwe_stream_lcp_len(info);
   7383
   7384	iwe.cmd = SIOCGIWRATE;
   7385	/* Those two flags are ignored... */
   7386	iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
   7387	/* Max 8 values */
   7388	for (i = 0 ; i < 8 ; i++) {
   7389		/* NULL terminated */
   7390		if (bss->rates[i] == 0)
   7391			break;
   7392		/* Bit rate given in 500 kb/s units (+ 0x80) */
   7393		iwe.u.bitrate.value = ((bss->rates[i] & 0x7f) * 500000);
   7394		/* Add new value to event */
   7395		current_val = iwe_stream_add_value(info, current_ev,
   7396						   current_val, end_buf,
   7397						   &iwe, IW_EV_PARAM_LEN);
   7398	}
   7399	/* Check if we added any event */
   7400	if ((current_val - current_ev) > iwe_stream_lcp_len(info))
   7401		current_ev = current_val;
   7402
   7403	/* Beacon interval */
   7404	buf = kmalloc(30, GFP_KERNEL);
   7405	if (buf) {
   7406		iwe.cmd = IWEVCUSTOM;
   7407		sprintf(buf, "bcn_int=%d", bss->beaconInterval);
   7408		iwe.u.data.length = strlen(buf);
   7409		current_ev = iwe_stream_add_point(info, current_ev, end_buf,
   7410						  &iwe, buf);
   7411		kfree(buf);
   7412	}
   7413
   7414	/* Put WPA/RSN Information Elements into the event stream */
   7415	if (test_bit(FLAG_WPA_CAPABLE, &ai->flags)) {
   7416		unsigned int num_null_ies = 0;
   7417		u16 length = sizeof (bss->extra.iep);
   7418		u8 *ie = (void *)&bss->extra.iep;
   7419
   7420		while ((length >= 2) && (num_null_ies < 2)) {
   7421			if (2 + ie[1] > length) {
   7422				/* Invalid element, don't continue parsing IE */
   7423				break;
   7424			}
   7425
   7426			switch (ie[0]) {
   7427			case WLAN_EID_SSID:
   7428				/* Two zero-length SSID elements
   7429				 * mean we're done parsing elements */
   7430				if (!ie[1])
   7431					num_null_ies++;
   7432				break;
   7433
   7434			case WLAN_EID_VENDOR_SPECIFIC:
   7435				if (ie[1] >= 4 &&
   7436				    ie[2] == 0x00 &&
   7437				    ie[3] == 0x50 &&
   7438				    ie[4] == 0xf2 &&
   7439				    ie[5] == 0x01) {
   7440					iwe.cmd = IWEVGENIE;
   7441					/* 64 is an arbitrary cut-off */
   7442					iwe.u.data.length = min(ie[1] + 2,
   7443								64);
   7444					current_ev = iwe_stream_add_point(
   7445							info, current_ev,
   7446							end_buf, &iwe, ie);
   7447				}
   7448				break;
   7449
   7450			case WLAN_EID_RSN:
   7451				iwe.cmd = IWEVGENIE;
   7452				/* 64 is an arbitrary cut-off */
   7453				iwe.u.data.length = min(ie[1] + 2, 64);
   7454				current_ev = iwe_stream_add_point(
   7455					info, current_ev, end_buf,
   7456					&iwe, ie);
   7457				break;
   7458
   7459			default:
   7460				break;
   7461			}
   7462
   7463			length -= 2 + ie[1];
   7464			ie += 2 + ie[1];
   7465		}
   7466	}
   7467	return current_ev;
   7468}
   7469
   7470/*------------------------------------------------------------------*/
   7471/*
   7472 * Wireless Handler : Read Scan Results
   7473 */
   7474static int airo_get_scan(struct net_device *dev,
   7475			 struct iw_request_info *info,
   7476			 struct iw_point *dwrq,
   7477			 char *extra)
   7478{
   7479	struct airo_info *ai = dev->ml_priv;
   7480	BSSListElement *net;
   7481	int err = 0;
   7482	char *current_ev = extra;
   7483
   7484	/* If a scan is in-progress, return -EAGAIN */
   7485	if (ai->scan_timeout > 0)
   7486		return -EAGAIN;
   7487
   7488	if (down_interruptible(&ai->sem))
   7489		return -EAGAIN;
   7490
   7491	list_for_each_entry (net, &ai->network_list, list) {
   7492		/* Translate to WE format this entry */
   7493		current_ev = airo_translate_scan(dev, info, current_ev,
   7494						 extra + dwrq->length,
   7495						 &net->bss);
   7496
   7497		/* Check if there is space for one more entry */
   7498		if ((extra + dwrq->length - current_ev) <= IW_EV_ADDR_LEN) {
   7499			/* Ask user space to try again with a bigger buffer */
   7500			err = -E2BIG;
   7501			goto out;
   7502		}
   7503	}
   7504
   7505	/* Length of data */
   7506	dwrq->length = (current_ev - extra);
   7507	dwrq->flags = 0;	/* todo */
   7508
   7509out:
   7510	up(&ai->sem);
   7511	return err;
   7512}
   7513
   7514/*------------------------------------------------------------------*/
   7515/*
   7516 * Commit handler : called after a bunch of SET operations
   7517 */
   7518static int airo_config_commit(struct net_device *dev,
   7519			      struct iw_request_info *info,	/* NULL */
   7520			      void *zwrq,			/* NULL */
   7521			      char *extra)			/* NULL */
   7522{
   7523	struct airo_info *local = dev->ml_priv;
   7524
   7525	if (!test_bit (FLAG_COMMIT, &local->flags))
   7526		return 0;
   7527
   7528	/* Some of the "SET" function may have modified some of the
   7529	 * parameters. It's now time to commit them in the card */
   7530	disable_MAC(local, 1);
   7531	if (test_bit (FLAG_RESET, &local->flags)) {
   7532		SsidRid SSID_rid;
   7533
   7534		readSsidRid(local, &SSID_rid);
   7535		if (test_bit(FLAG_MPI,&local->flags))
   7536			setup_card(local, dev, 1);
   7537		else
   7538			reset_airo_card(dev);
   7539		disable_MAC(local, 1);
   7540		writeSsidRid(local, &SSID_rid, 1);
   7541		writeAPListRid(local, &local->APList, 1);
   7542	}
   7543	if (down_interruptible(&local->sem))
   7544		return -ERESTARTSYS;
   7545	writeConfigRid(local, 0);
   7546	enable_MAC(local, 0);
   7547	if (test_bit (FLAG_RESET, &local->flags))
   7548		airo_set_promisc(local, true);
   7549	else
   7550		up(&local->sem);
   7551
   7552	return 0;
   7553}
   7554
   7555/*------------------------------------------------------------------*/
   7556/*
   7557 * Structures to export the Wireless Handlers
   7558 */
   7559
   7560static const struct iw_priv_args airo_private_args[] = {
   7561/*{ cmd,         set_args,                            get_args, name } */
   7562  { AIROIOCTL, IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | sizeof (aironet_ioctl),
   7563    IW_PRIV_TYPE_BYTE | 2047, "airoioctl" },
   7564  { AIROIDIFC, IW_PRIV_TYPE_BYTE | IW_PRIV_SIZE_FIXED | sizeof (aironet_ioctl),
   7565    IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1, "airoidifc" },
   7566};
   7567
   7568static const iw_handler		airo_handler[] =
   7569{
   7570	(iw_handler) airo_config_commit,	/* SIOCSIWCOMMIT */
   7571	(iw_handler) airo_get_name,		/* SIOCGIWNAME */
   7572	(iw_handler) NULL,			/* SIOCSIWNWID */
   7573	(iw_handler) NULL,			/* SIOCGIWNWID */
   7574	(iw_handler) airo_set_freq,		/* SIOCSIWFREQ */
   7575	(iw_handler) airo_get_freq,		/* SIOCGIWFREQ */
   7576	(iw_handler) airo_set_mode,		/* SIOCSIWMODE */
   7577	(iw_handler) airo_get_mode,		/* SIOCGIWMODE */
   7578	(iw_handler) airo_set_sens,		/* SIOCSIWSENS */
   7579	(iw_handler) airo_get_sens,		/* SIOCGIWSENS */
   7580	(iw_handler) NULL,			/* SIOCSIWRANGE */
   7581	(iw_handler) airo_get_range,		/* SIOCGIWRANGE */
   7582	(iw_handler) NULL,			/* SIOCSIWPRIV */
   7583	(iw_handler) NULL,			/* SIOCGIWPRIV */
   7584	(iw_handler) NULL,			/* SIOCSIWSTATS */
   7585	(iw_handler) NULL,			/* SIOCGIWSTATS */
   7586	iw_handler_set_spy,			/* SIOCSIWSPY */
   7587	iw_handler_get_spy,			/* SIOCGIWSPY */
   7588	iw_handler_set_thrspy,			/* SIOCSIWTHRSPY */
   7589	iw_handler_get_thrspy,			/* SIOCGIWTHRSPY */
   7590	(iw_handler) airo_set_wap,		/* SIOCSIWAP */
   7591	(iw_handler) airo_get_wap,		/* SIOCGIWAP */
   7592	(iw_handler) NULL,			/* -- hole -- */
   7593	(iw_handler) airo_get_aplist,		/* SIOCGIWAPLIST */
   7594	(iw_handler) airo_set_scan,		/* SIOCSIWSCAN */
   7595	(iw_handler) airo_get_scan,		/* SIOCGIWSCAN */
   7596	(iw_handler) airo_set_essid,		/* SIOCSIWESSID */
   7597	(iw_handler) airo_get_essid,		/* SIOCGIWESSID */
   7598	(iw_handler) airo_set_nick,		/* SIOCSIWNICKN */
   7599	(iw_handler) airo_get_nick,		/* SIOCGIWNICKN */
   7600	(iw_handler) NULL,			/* -- hole -- */
   7601	(iw_handler) NULL,			/* -- hole -- */
   7602	(iw_handler) airo_set_rate,		/* SIOCSIWRATE */
   7603	(iw_handler) airo_get_rate,		/* SIOCGIWRATE */
   7604	(iw_handler) airo_set_rts,		/* SIOCSIWRTS */
   7605	(iw_handler) airo_get_rts,		/* SIOCGIWRTS */
   7606	(iw_handler) airo_set_frag,		/* SIOCSIWFRAG */
   7607	(iw_handler) airo_get_frag,		/* SIOCGIWFRAG */
   7608	(iw_handler) airo_set_txpow,		/* SIOCSIWTXPOW */
   7609	(iw_handler) airo_get_txpow,		/* SIOCGIWTXPOW */
   7610	(iw_handler) airo_set_retry,		/* SIOCSIWRETRY */
   7611	(iw_handler) airo_get_retry,		/* SIOCGIWRETRY */
   7612	(iw_handler) airo_set_encode,		/* SIOCSIWENCODE */
   7613	(iw_handler) airo_get_encode,		/* SIOCGIWENCODE */
   7614	(iw_handler) airo_set_power,		/* SIOCSIWPOWER */
   7615	(iw_handler) airo_get_power,		/* SIOCGIWPOWER */
   7616	(iw_handler) NULL,			/* -- hole -- */
   7617	(iw_handler) NULL,			/* -- hole -- */
   7618	(iw_handler) NULL,			/* SIOCSIWGENIE */
   7619	(iw_handler) NULL,			/* SIOCGIWGENIE */
   7620	(iw_handler) airo_set_auth,		/* SIOCSIWAUTH */
   7621	(iw_handler) airo_get_auth,		/* SIOCGIWAUTH */
   7622	(iw_handler) airo_set_encodeext,	/* SIOCSIWENCODEEXT */
   7623	(iw_handler) airo_get_encodeext,	/* SIOCGIWENCODEEXT */
   7624	(iw_handler) NULL,			/* SIOCSIWPMKSA */
   7625};
   7626
   7627/* Note : don't describe AIROIDIFC and AIROOLDIDIFC in here.
   7628 * We want to force the use of the ioctl code, because those can't be
   7629 * won't work the iw_handler code (because they simultaneously read
   7630 * and write data and iw_handler can't do that).
   7631 * Note that it's perfectly legal to read/write on a single ioctl command,
   7632 * you just can't use iwpriv and need to force it via the ioctl handler.
   7633 * Jean II */
   7634static const iw_handler		airo_private_handler[] =
   7635{
   7636	NULL,				/* SIOCIWFIRSTPRIV */
   7637};
   7638
   7639static const struct iw_handler_def	airo_handler_def =
   7640{
   7641	.num_standard	= ARRAY_SIZE(airo_handler),
   7642	.num_private	= ARRAY_SIZE(airo_private_handler),
   7643	.num_private_args = ARRAY_SIZE(airo_private_args),
   7644	.standard	= airo_handler,
   7645	.private	= airo_private_handler,
   7646	.private_args	= airo_private_args,
   7647	.get_wireless_stats = airo_get_wireless_stats,
   7648};
   7649
   7650/*
   7651 * This defines the configuration part of the Wireless Extensions
   7652 * Note : irq and spinlock protection will occur in the subroutines
   7653 *
   7654 * TODO :
   7655 *	o Check input value more carefully and fill correct values in range
   7656 *	o Test and shakeout the bugs (if any)
   7657 *
   7658 * Jean II
   7659 *
   7660 * Javier Achirica did a great job of merging code from the unnamed CISCO
   7661 * developer that added support for flashing the card.
   7662 */
   7663static int airo_siocdevprivate(struct net_device *dev, struct ifreq *rq,
   7664			       void __user *data, int cmd)
   7665{
   7666	int rc = 0;
   7667	struct airo_info *ai = dev->ml_priv;
   7668
   7669	if (ai->power.event)
   7670		return 0;
   7671
   7672	switch (cmd) {
   7673#ifdef CISCO_EXT
   7674	case AIROIDIFC:
   7675#ifdef AIROOLDIDIFC
   7676	case AIROOLDIDIFC:
   7677#endif
   7678	{
   7679		int val = AIROMAGIC;
   7680		aironet_ioctl com;
   7681		if (copy_from_user(&com, data, sizeof(com)))
   7682			rc = -EFAULT;
   7683		else if (copy_to_user(com.data, (char *)&val, sizeof(val)))
   7684			rc = -EFAULT;
   7685	}
   7686	break;
   7687
   7688	case AIROIOCTL:
   7689#ifdef AIROOLDIOCTL
   7690	case AIROOLDIOCTL:
   7691#endif
   7692		/* Get the command struct and hand it off for evaluation by
   7693		 * the proper subfunction
   7694		 */
   7695	{
   7696		aironet_ioctl com;
   7697		if (copy_from_user(&com, data, sizeof(com))) {
   7698			rc = -EFAULT;
   7699			break;
   7700		}
   7701
   7702		/* Separate R/W functions bracket legality here
   7703		 */
   7704		if (com.command == AIRORSWVERSION) {
   7705			if (copy_to_user(com.data, swversion, sizeof(swversion)))
   7706				rc = -EFAULT;
   7707			else
   7708				rc = 0;
   7709		}
   7710		else if (com.command <= AIRORRID)
   7711			rc = readrids(dev,&com);
   7712		else if (com.command >= AIROPCAP && com.command <= (AIROPLEAPUSR+2))
   7713			rc = writerids(dev,&com);
   7714		else if (com.command >= AIROFLSHRST && com.command <= AIRORESTART)
   7715			rc = flashcard(dev,&com);
   7716		else
   7717			rc = -EINVAL;      /* Bad command in ioctl */
   7718	}
   7719	break;
   7720#endif /* CISCO_EXT */
   7721
   7722	// All other calls are currently unsupported
   7723	default:
   7724		rc = -EOPNOTSUPP;
   7725	}
   7726	return rc;
   7727}
   7728
   7729/*
   7730 * Get the Wireless stats out of the driver
   7731 * Note : irq and spinlock protection will occur in the subroutines
   7732 *
   7733 * TODO :
   7734 *	o Check if work in Ad-Hoc mode (otherwise, use SPY, as in wvlan_cs)
   7735 *
   7736 * Jean
   7737 */
   7738static void airo_read_wireless_stats(struct airo_info *local)
   7739{
   7740	StatusRid status_rid;
   7741	StatsRid stats_rid;
   7742	CapabilityRid cap_rid;
   7743	__le32 *vals = stats_rid.vals;
   7744
   7745	/* Get stats out of the card */
   7746	if (local->power.event)
   7747		return;
   7748
   7749	readCapabilityRid(local, &cap_rid, 0);
   7750	readStatusRid(local, &status_rid, 0);
   7751	readStatsRid(local, &stats_rid, RID_STATS, 0);
   7752
   7753	/* The status */
   7754	local->wstats.status = le16_to_cpu(status_rid.mode);
   7755
   7756	/* Signal quality and co */
   7757	if (local->rssi) {
   7758		local->wstats.qual.level =
   7759			airo_rssi_to_dbm(local->rssi,
   7760					 le16_to_cpu(status_rid.sigQuality));
   7761		/* normalizedSignalStrength appears to be a percentage */
   7762		local->wstats.qual.qual =
   7763			le16_to_cpu(status_rid.normalizedSignalStrength);
   7764	} else {
   7765		local->wstats.qual.level =
   7766			(le16_to_cpu(status_rid.normalizedSignalStrength) + 321) / 2;
   7767		local->wstats.qual.qual = airo_get_quality(&status_rid, &cap_rid);
   7768	}
   7769	if (le16_to_cpu(status_rid.len) >= 124) {
   7770		local->wstats.qual.noise = 0x100 - status_rid.noisedBm;
   7771		local->wstats.qual.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
   7772	} else {
   7773		local->wstats.qual.noise = 0;
   7774		local->wstats.qual.updated = IW_QUAL_QUAL_UPDATED | IW_QUAL_LEVEL_UPDATED | IW_QUAL_NOISE_INVALID | IW_QUAL_DBM;
   7775	}
   7776
   7777	/* Packets discarded in the wireless adapter due to wireless
   7778	 * specific problems */
   7779	local->wstats.discard.nwid = le32_to_cpu(vals[56]) +
   7780				     le32_to_cpu(vals[57]) +
   7781				     le32_to_cpu(vals[58]); /* SSID Mismatch */
   7782	local->wstats.discard.code = le32_to_cpu(vals[6]);/* RxWepErr */
   7783	local->wstats.discard.fragment = le32_to_cpu(vals[30]);
   7784	local->wstats.discard.retries = le32_to_cpu(vals[10]);
   7785	local->wstats.discard.misc = le32_to_cpu(vals[1]) +
   7786				     le32_to_cpu(vals[32]);
   7787	local->wstats.miss.beacon = le32_to_cpu(vals[34]);
   7788}
   7789
   7790static struct iw_statistics *airo_get_wireless_stats(struct net_device *dev)
   7791{
   7792	struct airo_info *local =  dev->ml_priv;
   7793
   7794	if (!down_interruptible(&local->sem)) {
   7795		airo_read_wireless_stats(local);
   7796		up(&local->sem);
   7797	}
   7798	return &local->wstats;
   7799}
   7800
   7801#ifdef CISCO_EXT
   7802/*
   7803 * This just translates from driver IOCTL codes to the command codes to
   7804 * feed to the radio's host interface. Things can be added/deleted
   7805 * as needed.  This represents the READ side of control I/O to
   7806 * the card
   7807 */
   7808static int readrids(struct net_device *dev, aironet_ioctl *comp)
   7809{
   7810	unsigned short ridcode;
   7811	unsigned char *iobuf;
   7812	int len;
   7813	struct airo_info *ai = dev->ml_priv;
   7814
   7815	if (test_bit(FLAG_FLASHING, &ai->flags))
   7816		return -EIO;
   7817
   7818	switch(comp->command)
   7819	{
   7820	case AIROGCAP:      ridcode = RID_CAPABILITIES; break;
   7821	case AIROGCFG:      ridcode = RID_CONFIG;
   7822		if (test_bit(FLAG_COMMIT, &ai->flags)) {
   7823			disable_MAC (ai, 1);
   7824			writeConfigRid (ai, 1);
   7825			enable_MAC(ai, 1);
   7826		}
   7827		break;
   7828	case AIROGSLIST:    ridcode = RID_SSID;         break;
   7829	case AIROGVLIST:    ridcode = RID_APLIST;       break;
   7830	case AIROGDRVNAM:   ridcode = RID_DRVNAME;      break;
   7831	case AIROGEHTENC:   ridcode = RID_ETHERENCAP;   break;
   7832	case AIROGWEPKTMP:  ridcode = RID_WEP_TEMP;	break;
   7833	case AIROGWEPKNV:   ridcode = RID_WEP_PERM;	break;
   7834	case AIROGSTAT:     ridcode = RID_STATUS;       break;
   7835	case AIROGSTATSD32: ridcode = RID_STATSDELTA;   break;
   7836	case AIROGSTATSC32: ridcode = RID_STATS;        break;
   7837	case AIROGMICSTATS:
   7838		if (copy_to_user(comp->data, &ai->micstats,
   7839				 min((int)comp->len, (int)sizeof(ai->micstats))))
   7840			return -EFAULT;
   7841		return 0;
   7842	case AIRORRID:      ridcode = comp->ridnum;     break;
   7843	default:
   7844		return -EINVAL;
   7845	}
   7846
   7847	if (ridcode == RID_WEP_TEMP || ridcode == RID_WEP_PERM) {
   7848		/* Only super-user can read WEP keys */
   7849		if (!capable(CAP_NET_ADMIN))
   7850			return -EPERM;
   7851	}
   7852
   7853	if ((iobuf = kzalloc(RIDSIZE, GFP_KERNEL)) == NULL)
   7854		return -ENOMEM;
   7855
   7856	PC4500_readrid(ai, ridcode, iobuf, RIDSIZE, 1);
   7857	/* get the count of bytes in the rid  docs say 1st 2 bytes is it.
   7858	 * then return it to the user
   7859	 * 9/22/2000 Honor user given length
   7860	 */
   7861	len = comp->len;
   7862
   7863	if (copy_to_user(comp->data, iobuf, min(len, (int)RIDSIZE))) {
   7864		kfree (iobuf);
   7865		return -EFAULT;
   7866	}
   7867	kfree (iobuf);
   7868	return 0;
   7869}
   7870
   7871/*
   7872 * Danger Will Robinson write the rids here
   7873 */
   7874
   7875static int writerids(struct net_device *dev, aironet_ioctl *comp)
   7876{
   7877	struct airo_info *ai = dev->ml_priv;
   7878	int  ridcode;
   7879        int  enabled;
   7880	int (*writer)(struct airo_info *, u16 rid, const void *, int, int);
   7881	unsigned char *iobuf;
   7882
   7883	/* Only super-user can write RIDs */
   7884	if (!capable(CAP_NET_ADMIN))
   7885		return -EPERM;
   7886
   7887	if (test_bit(FLAG_FLASHING, &ai->flags))
   7888		return -EIO;
   7889
   7890	ridcode = 0;
   7891	writer = do_writerid;
   7892
   7893	switch(comp->command)
   7894	{
   7895	case AIROPSIDS:     ridcode = RID_SSID;         break;
   7896	case AIROPCAP:      ridcode = RID_CAPABILITIES; break;
   7897	case AIROPAPLIST:   ridcode = RID_APLIST;       break;
   7898	case AIROPCFG: ai->config.len = 0;
   7899			    clear_bit(FLAG_COMMIT, &ai->flags);
   7900			    ridcode = RID_CONFIG;       break;
   7901	case AIROPWEPKEYNV: ridcode = RID_WEP_PERM;     break;
   7902	case AIROPLEAPUSR:  ridcode = RID_LEAPUSERNAME; break;
   7903	case AIROPLEAPPWD:  ridcode = RID_LEAPPASSWORD; break;
   7904	case AIROPWEPKEY:   ridcode = RID_WEP_TEMP; writer = PC4500_writerid;
   7905		break;
   7906	case AIROPLEAPUSR+1: ridcode = 0xFF2A;          break;
   7907	case AIROPLEAPUSR+2: ridcode = 0xFF2B;          break;
   7908
   7909		/* this is not really a rid but a command given to the card
   7910		 * same with MAC off
   7911		 */
   7912	case AIROPMACON:
   7913		if (enable_MAC(ai, 1) != 0)
   7914			return -EIO;
   7915		return 0;
   7916
   7917		/*
   7918		 * Evidently this code in the airo driver does not get a symbol
   7919		 * as disable_MAC. it's probably so short the compiler does not gen one.
   7920		 */
   7921	case AIROPMACOFF:
   7922		disable_MAC(ai, 1);
   7923		return 0;
   7924
   7925		/* This command merely clears the counts does not actually store any data
   7926		 * only reads rid. But as it changes the cards state, I put it in the
   7927		 * writerid routines.
   7928		 */
   7929	case AIROPSTCLR:
   7930		if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL)
   7931			return -ENOMEM;
   7932
   7933		PC4500_readrid(ai, RID_STATSDELTACLEAR, iobuf, RIDSIZE, 1);
   7934
   7935		enabled = ai->micstats.enabled;
   7936		memset(&ai->micstats, 0, sizeof(ai->micstats));
   7937		ai->micstats.enabled = enabled;
   7938
   7939		if (copy_to_user(comp->data, iobuf,
   7940				 min((int)comp->len, (int)RIDSIZE))) {
   7941			kfree (iobuf);
   7942			return -EFAULT;
   7943		}
   7944		kfree (iobuf);
   7945		return 0;
   7946
   7947	default:
   7948		return -EOPNOTSUPP;	/* Blarg! */
   7949	}
   7950	if (comp->len > RIDSIZE)
   7951		return -EINVAL;
   7952
   7953	if ((iobuf = kmalloc(RIDSIZE, GFP_KERNEL)) == NULL)
   7954		return -ENOMEM;
   7955
   7956	if (copy_from_user(iobuf, comp->data, comp->len)) {
   7957		kfree (iobuf);
   7958		return -EFAULT;
   7959	}
   7960
   7961	if (comp->command == AIROPCFG) {
   7962		ConfigRid *cfg = (ConfigRid *)iobuf;
   7963
   7964		if (test_bit(FLAG_MIC_CAPABLE, &ai->flags))
   7965			cfg->opmode |= MODE_MIC;
   7966
   7967		if ((cfg->opmode & MODE_CFG_MASK) == MODE_STA_IBSS)
   7968			set_bit (FLAG_ADHOC, &ai->flags);
   7969		else
   7970			clear_bit (FLAG_ADHOC, &ai->flags);
   7971	}
   7972
   7973	if ((*writer)(ai, ridcode, iobuf, comp->len, 1)) {
   7974		kfree (iobuf);
   7975		return -EIO;
   7976	}
   7977	kfree (iobuf);
   7978	return 0;
   7979}
   7980
   7981/*****************************************************************************
   7982 * Ancillary flash / mod functions much black magic lurkes here              *
   7983 *****************************************************************************
   7984 */
   7985
   7986/*
   7987 * Flash command switch table
   7988 */
   7989
   7990static int flashcard(struct net_device *dev, aironet_ioctl *comp)
   7991{
   7992	int z;
   7993
   7994	/* Only super-user can modify flash */
   7995	if (!capable(CAP_NET_ADMIN))
   7996		return -EPERM;
   7997
   7998	switch(comp->command)
   7999	{
   8000	case AIROFLSHRST:
   8001		return cmdreset((struct airo_info *)dev->ml_priv);
   8002
   8003	case AIROFLSHSTFL:
   8004		if (!AIRO_FLASH(dev) &&
   8005		    (AIRO_FLASH(dev) = kmalloc(FLASHSIZE, GFP_KERNEL)) == NULL)
   8006			return -ENOMEM;
   8007		return setflashmode((struct airo_info *)dev->ml_priv);
   8008
   8009	case AIROFLSHGCHR: /* Get char from aux */
   8010		if (comp->len != sizeof(int))
   8011			return -EINVAL;
   8012		if (copy_from_user(&z, comp->data, comp->len))
   8013			return -EFAULT;
   8014		return flashgchar((struct airo_info *)dev->ml_priv, z, 8000);
   8015
   8016	case AIROFLSHPCHR: /* Send char to card. */
   8017		if (comp->len != sizeof(int))
   8018			return -EINVAL;
   8019		if (copy_from_user(&z, comp->data, comp->len))
   8020			return -EFAULT;
   8021		return flashpchar((struct airo_info *)dev->ml_priv, z, 8000);
   8022
   8023	case AIROFLPUTBUF: /* Send 32k to card */
   8024		if (!AIRO_FLASH(dev))
   8025			return -ENOMEM;
   8026		if (comp->len > FLASHSIZE)
   8027			return -EINVAL;
   8028		if (copy_from_user(AIRO_FLASH(dev), comp->data, comp->len))
   8029			return -EFAULT;
   8030
   8031		flashputbuf((struct airo_info *)dev->ml_priv);
   8032		return 0;
   8033
   8034	case AIRORESTART:
   8035		if (flashrestart((struct airo_info *)dev->ml_priv, dev))
   8036			return -EIO;
   8037		return 0;
   8038	}
   8039	return -EINVAL;
   8040}
   8041
   8042#define FLASH_COMMAND  0x7e7e
   8043
   8044/*
   8045 * STEP 1)
   8046 * Disable MAC and do soft reset on
   8047 * card.
   8048 */
   8049
   8050static int cmdreset(struct airo_info *ai)
   8051{
   8052	disable_MAC(ai, 1);
   8053
   8054	if (!waitbusy (ai)) {
   8055		airo_print_info(ai->dev->name, "Waitbusy hang before RESET");
   8056		return -EBUSY;
   8057	}
   8058
   8059	OUT4500(ai, COMMAND, CMD_SOFTRESET);
   8060
   8061	ssleep(1);			/* WAS 600 12/7/00 */
   8062
   8063	if (!waitbusy (ai)) {
   8064		airo_print_info(ai->dev->name, "Waitbusy hang AFTER RESET");
   8065		return -EBUSY;
   8066	}
   8067	return 0;
   8068}
   8069
   8070/* STEP 2)
   8071 * Put the card in legendary flash
   8072 * mode
   8073 */
   8074
   8075static int setflashmode (struct airo_info *ai)
   8076{
   8077	set_bit (FLAG_FLASHING, &ai->flags);
   8078
   8079	OUT4500(ai, SWS0, FLASH_COMMAND);
   8080	OUT4500(ai, SWS1, FLASH_COMMAND);
   8081	if (probe) {
   8082		OUT4500(ai, SWS0, FLASH_COMMAND);
   8083		OUT4500(ai, COMMAND, 0x10);
   8084	} else {
   8085		OUT4500(ai, SWS2, FLASH_COMMAND);
   8086		OUT4500(ai, SWS3, FLASH_COMMAND);
   8087		OUT4500(ai, COMMAND, 0);
   8088	}
   8089	msleep(500);		/* 500ms delay */
   8090
   8091	if (!waitbusy(ai)) {
   8092		clear_bit (FLAG_FLASHING, &ai->flags);
   8093		airo_print_info(ai->dev->name, "Waitbusy hang after setflash mode");
   8094		return -EIO;
   8095	}
   8096	return 0;
   8097}
   8098
   8099/* Put character to SWS0 wait for dwelltime
   8100 * x 50us for  echo .
   8101 */
   8102
   8103static int flashpchar(struct airo_info *ai, int byte, int dwelltime)
   8104{
   8105	int echo;
   8106	int waittime;
   8107
   8108	byte |= 0x8000;
   8109
   8110	if (dwelltime == 0)
   8111		dwelltime = 200;
   8112
   8113	waittime = dwelltime;
   8114
   8115	/* Wait for busy bit d15 to go false indicating buffer empty */
   8116	while ((IN4500 (ai, SWS0) & 0x8000) && waittime > 0) {
   8117		udelay (50);
   8118		waittime -= 50;
   8119	}
   8120
   8121	/* timeout for busy clear wait */
   8122	if (waittime <= 0) {
   8123		airo_print_info(ai->dev->name, "flash putchar busywait timeout!");
   8124		return -EBUSY;
   8125	}
   8126
   8127	/* Port is clear now write byte and wait for it to echo back */
   8128	do {
   8129		OUT4500(ai, SWS0, byte);
   8130		udelay(50);
   8131		dwelltime -= 50;
   8132		echo = IN4500(ai, SWS1);
   8133	} while (dwelltime >= 0 && echo != byte);
   8134
   8135	OUT4500(ai, SWS1, 0);
   8136
   8137	return (echo == byte) ? 0 : -EIO;
   8138}
   8139
   8140/*
   8141 * Get a character from the card matching matchbyte
   8142 * Step 3)
   8143 */
   8144static int flashgchar(struct airo_info *ai, int matchbyte, int dwelltime)
   8145{
   8146	int           rchar;
   8147	unsigned char rbyte = 0;
   8148
   8149	do {
   8150		rchar = IN4500(ai, SWS1);
   8151
   8152		if (dwelltime && !(0x8000 & rchar)) {
   8153			dwelltime -= 10;
   8154			mdelay(10);
   8155			continue;
   8156		}
   8157		rbyte = 0xff & rchar;
   8158
   8159		if ((rbyte == matchbyte) && (0x8000 & rchar)) {
   8160			OUT4500(ai, SWS1, 0);
   8161			return 0;
   8162		}
   8163		if (rbyte == 0x81 || rbyte == 0x82 || rbyte == 0x83 || rbyte == 0x1a || 0xffff == rchar)
   8164			break;
   8165		OUT4500(ai, SWS1, 0);
   8166
   8167	} while (dwelltime > 0);
   8168	return -EIO;
   8169}
   8170
   8171/*
   8172 * Transfer 32k of firmware data from user buffer to our buffer and
   8173 * send to the card
   8174 */
   8175
   8176static int flashputbuf(struct airo_info *ai)
   8177{
   8178	int            nwords;
   8179
   8180	/* Write stuff */
   8181	if (test_bit(FLAG_MPI,&ai->flags))
   8182		memcpy_toio(ai->pciaux + 0x8000, ai->flash, FLASHSIZE);
   8183	else {
   8184		OUT4500(ai, AUXPAGE, 0x100);
   8185		OUT4500(ai, AUXOFF, 0);
   8186
   8187		for (nwords = 0; nwords != FLASHSIZE / 2; nwords++) {
   8188			OUT4500(ai, AUXDATA, ai->flash[nwords] & 0xffff);
   8189		}
   8190	}
   8191	OUT4500(ai, SWS0, 0x8000);
   8192
   8193	return 0;
   8194}
   8195
   8196/*
   8197 *
   8198 */
   8199static int flashrestart(struct airo_info *ai, struct net_device *dev)
   8200{
   8201	int    i, status;
   8202
   8203	ssleep(1);			/* Added 12/7/00 */
   8204	clear_bit (FLAG_FLASHING, &ai->flags);
   8205	if (test_bit(FLAG_MPI, &ai->flags)) {
   8206		status = mpi_init_descriptors(ai);
   8207		if (status != SUCCESS)
   8208			return status;
   8209	}
   8210	status = setup_card(ai, dev, 1);
   8211
   8212	if (!test_bit(FLAG_MPI,&ai->flags))
   8213		for (i = 0; i < MAX_FIDS; i++) {
   8214			ai->fids[i] = transmit_allocate
   8215				(ai, AIRO_DEF_MTU, i >= MAX_FIDS / 2);
   8216		}
   8217
   8218	ssleep(1);			/* Added 12/7/00 */
   8219	return status;
   8220}
   8221#endif /* CISCO_EXT */
   8222
   8223/*
   8224    This program is free software; you can redistribute it and/or
   8225    modify it under the terms of the GNU General Public License
   8226    as published by the Free Software Foundation; either version 2
   8227    of the License, or (at your option) any later version.
   8228
   8229    This program is distributed in the hope that it will be useful,
   8230    but WITHOUT ANY WARRANTY; without even the implied warranty of
   8231    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   8232    GNU General Public License for more details.
   8233
   8234    In addition:
   8235
   8236    Redistribution and use in source and binary forms, with or without
   8237    modification, are permitted provided that the following conditions
   8238    are met:
   8239
   8240    1. Redistributions of source code must retain the above copyright
   8241       notice, this list of conditions and the following disclaimer.
   8242    2. Redistributions in binary form must reproduce the above copyright
   8243       notice, this list of conditions and the following disclaimer in the
   8244       documentation and/or other materials provided with the distribution.
   8245    3. The name of the author may not be used to endorse or promote
   8246       products derived from this software without specific prior written
   8247       permission.
   8248
   8249    THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   8250    IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
   8251    WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   8252    ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
   8253    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
   8254    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
   8255    SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   8256    HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
   8257    STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
   8258    IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   8259    POSSIBILITY OF SUCH DAMAGE.
   8260*/
   8261
   8262module_init(airo_init_module);
   8263module_exit(airo_cleanup_module);