1 /* orinoco.c - (formerly known as dldwd_cs.c and orinoco_cs.c)
 
   3  * A driver for Hermes or Prism 2 chipset based PCMCIA wireless
 
   4  * adaptors, with Lucent/Agere, Intersil or Symbol firmware.
 
   6  * Current maintainers (as of 29 September 2003) are:
 
   7  *      Pavel Roskin <proski AT gnu.org>
 
   8  * and  David Gibson <hermes AT gibson.dropbear.id.au>
 
  10  * (C) Copyright David Gibson, IBM Corporation 2001-2003.
 
  11  * Copyright (C) 2000 David Gibson, Linuxcare Australia.
 
  12  *      With some help from :
 
  13  * Copyright (C) 2001 Jean Tourrilhes, HP Labs
 
  14  * Copyright (C) 2001 Benjamin Herrenschmidt
 
  16  * Based on dummy_cs.c 1.27 2000/06/12 21:27:25
 
  18  * Portions based on wvlan_cs.c 1.0.6, Copyright Andreas Neuhaus <andy
 
  19  * AT fasta.fh-dortmund.de>
 
  20  *      http://www.stud.fh-dortmund.de/~andy/wvlan/
 
  22  * The contents of this file are subject to the Mozilla Public License
 
  23  * Version 1.1 (the "License"); you may not use this file except in
 
  24  * compliance with the License. You may obtain a copy of the License
 
  25  * at http://www.mozilla.org/MPL/
 
  27  * Software distributed under the License is distributed on an "AS IS"
 
  28  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 
  29  * the License for the specific language governing rights and
 
  30  * limitations under the License.
 
  32  * The initial developer of the original code is David A. Hinds
 
  33  * <dahinds AT users.sourceforge.net>.  Portions created by David
 
  34  * A. Hinds are Copyright (C) 1999 David A. Hinds.  All Rights
 
  37  * Alternatively, the contents of this file may be used under the
 
  38  * terms of the GNU General Public License version 2 (the "GPL"), in
 
  39  * which case the provisions of the GPL are applicable instead of the
 
  40  * above.  If you wish to allow the use of your version of this file
 
  41  * only under the terms of the GPL and not to allow others to use your
 
  42  * version of this file under the MPL, indicate your decision by
 
  43  * deleting the provisions above and replace them with the notice and
 
  44  * other provisions required by the GPL.  If you do not delete the
 
  45  * provisions above, a recipient may use your version of this file
 
  46  * under either the MPL or the GPL.  */
 
  50  *      o Handle de-encapsulation within network layer, provide 802.11
 
  51  *        headers (patch from Thomas 'Dent' Mirlacher)
 
  52  *      o Fix possible races in SPY handling.
 
  53  *      o Disconnect wireless extensions from fundamental configuration.
 
  54  *      o (maybe) Software WEP support (patch from Stano Meduna).
 
  55  *      o (maybe) Use multiple Tx buffers - driver handling queue
 
  56  *        rather than firmware.
 
  59 /* Locking and synchronization:
 
  61  * The basic principle is that everything is serialized through a
 
  62  * single spinlock, priv->lock.  The lock is used in user, bh and irq
 
  63  * context, so when taken outside hardirq context it should always be
 
  64  * taken with interrupts disabled.  The lock protects both the
 
  65  * hardware and the struct orinoco_private.
 
  67  * Another flag, priv->hw_unavailable indicates that the hardware is
 
  68  * unavailable for an extended period of time (e.g. suspended, or in
 
  69  * the middle of a hard reset).  This flag is protected by the
 
  70  * spinlock.  All code which touches the hardware should check the
 
  71  * flag after taking the lock, and if it is set, give up on whatever
 
  72  * they are doing and drop the lock again.  The orinoco_lock()
 
  73  * function handles this (it unlocks and returns -EBUSY if
 
  74  * hw_unavailable is non-zero).
 
  77 #define DRIVER_NAME "orinoco"
 
  79 #include <linux/module.h>
 
  80 #include <linux/kernel.h>
 
  81 #include <linux/init.h>
 
  82 #include <linux/delay.h>
 
  83 #include <linux/netdevice.h>
 
  84 #include <linux/etherdevice.h>
 
  85 #include <linux/ethtool.h>
 
  86 #include <linux/firmware.h>
 
  87 #include <linux/suspend.h>
 
  88 #include <linux/if_arp.h>
 
  89 #include <linux/wireless.h>
 
  90 #include <linux/ieee80211.h>
 
  91 #include <net/iw_handler.h>
 
  93 #include <linux/scatterlist.h>
 
  94 #include <linux/crypto.h>
 
  96 #include "hermes_rid.h"
 
  97 #include "hermes_dld.h"
 
 100 /********************************************************************/
 
 101 /* Module information                                               */
 
 102 /********************************************************************/
 
 104 MODULE_AUTHOR("Pavel Roskin <proski@gnu.org> & David Gibson <hermes@gibson.dropbear.id.au>");
 
 105 MODULE_DESCRIPTION("Driver for Lucent Orinoco, Prism II based and similar wireless cards");
 
 106 MODULE_LICENSE("Dual MPL/GPL");
 
 108 /* Level of debugging. Used in the macros in orinoco.h */
 
 110 int orinoco_debug = ORINOCO_DEBUG;
 
 111 module_param(orinoco_debug, int, 0644);
 
 112 MODULE_PARM_DESC(orinoco_debug, "Debug level");
 
 113 EXPORT_SYMBOL(orinoco_debug);
 
 116 static int suppress_linkstatus; /* = 0 */
 
 117 module_param(suppress_linkstatus, bool, 0644);
 
 118 MODULE_PARM_DESC(suppress_linkstatus, "Don't log link status changes");
 
 119 static int ignore_disconnect; /* = 0 */
 
 120 module_param(ignore_disconnect, int, 0644);
 
 121 MODULE_PARM_DESC(ignore_disconnect, "Don't report lost link to the network layer");
 
 123 static int force_monitor; /* = 0 */
 
 124 module_param(force_monitor, int, 0644);
 
 125 MODULE_PARM_DESC(force_monitor, "Allow monitor mode for all firmware versions");
 
 127 /********************************************************************/
 
 128 /* Compile time configuration and compatibility stuff               */
 
 129 /********************************************************************/
 
 131 /* We do this this way to avoid ifdefs in the actual code */
 
 133 #define SPY_NUMBER(priv)        (priv->spy_data.spy_number)
 
 135 #define SPY_NUMBER(priv)        0
 
 136 #endif /* WIRELESS_SPY */
 
 138 /********************************************************************/
 
 139 /* Internal constants                                               */
 
 140 /********************************************************************/
 
 142 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
 
 143 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
 
 144 #define ENCAPS_OVERHEAD         (sizeof(encaps_hdr) + 2)
 
 146 #define ORINOCO_MIN_MTU         256
 
 147 #define ORINOCO_MAX_MTU         (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
 
 149 #define SYMBOL_MAX_VER_LEN      (14)
 
 152 #define MAX_IRQLOOPS_PER_IRQ    10
 
 153 #define MAX_IRQLOOPS_PER_JIFFY  (20000/HZ) /* Based on a guestimate of
 
 154                                             * how many events the
 
 156                                             * legitimately generate */
 
 157 #define SMALL_KEY_SIZE          5
 
 158 #define LARGE_KEY_SIZE          13
 
 159 #define TX_NICBUF_SIZE_BUG      1585            /* Bug in Symbol firmware */
 
 161 #define DUMMY_FID               0xFFFF
 
 163 /*#define MAX_MULTICAST(priv)   (priv->firmware_type == FIRMWARE_TYPE_AGERE ? \
 
 164   HERMES_MAX_MULTICAST : 0)*/
 
 165 #define MAX_MULTICAST(priv)     (HERMES_MAX_MULTICAST)
 
 167 #define ORINOCO_INTEN           (HERMES_EV_RX | HERMES_EV_ALLOC \
 
 168                                  | HERMES_EV_TX | HERMES_EV_TXEXC \
 
 169                                  | HERMES_EV_WTERR | HERMES_EV_INFO \
 
 170                                  | HERMES_EV_INFDROP )
 
 172 #define MAX_RID_LEN 1024
 
 174 static const struct iw_handler_def orinoco_handler_def;
 
 175 static const struct ethtool_ops orinoco_ethtool_ops;
 
 177 /********************************************************************/
 
 179 /********************************************************************/
 
 181 #define NUM_CHANNELS 14
 
 183 /* This tables gives the actual meanings of the bitrate IDs returned
 
 184  * by the firmware. */
 
 186         int bitrate; /* in 100s of kilobits */
 
 188         u16 agere_txratectrl;
 
 189         u16 intersil_txratectrl;
 
 190 } bitrate_table[] = {
 
 191         {110, 1,  3, 15}, /* Entry 0 is the default */
 
 200 #define BITRATE_TABLE_SIZE ARRAY_SIZE(bitrate_table)
 
 202 /********************************************************************/
 
 204 /********************************************************************/
 
 206 /* Beginning of the Tx descriptor, used in TxExc handling */
 
 207 struct hermes_txexc_data {
 
 208         struct hermes_tx_descriptor desc;
 
 212 } __attribute__ ((packed));
 
 214 /* Rx frame header except compatibility 802.3 header */
 
 215 struct hermes_rx_descriptor {
 
 236 } __attribute__ ((packed));
 
 238 struct orinoco_rx_data {
 
 239         struct hermes_rx_descriptor *desc;
 
 241         struct list_head list;
 
 244 /********************************************************************/
 
 245 /* Function prototypes                                              */
 
 246 /********************************************************************/
 
 248 static int __orinoco_program_rids(struct net_device *dev);
 
 249 static void __orinoco_set_multicast_list(struct net_device *dev);
 
 251 /********************************************************************/
 
 252 /* Michael MIC crypto setup                                         */
 
 253 /********************************************************************/
 
 254 #define MICHAEL_MIC_LEN 8
 
 255 static int orinoco_mic_init(struct orinoco_private *priv)
 
 257         priv->tx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
 
 258         if (IS_ERR(priv->tx_tfm_mic)) {
 
 259                 printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
 
 260                        "crypto API michael_mic\n");
 
 261                 priv->tx_tfm_mic = NULL;
 
 265         priv->rx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
 
 266         if (IS_ERR(priv->rx_tfm_mic)) {
 
 267                 printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
 
 268                        "crypto API michael_mic\n");
 
 269                 priv->rx_tfm_mic = NULL;
 
 276 static void orinoco_mic_free(struct orinoco_private *priv)
 
 278         if (priv->tx_tfm_mic)
 
 279                 crypto_free_hash(priv->tx_tfm_mic);
 
 280         if (priv->rx_tfm_mic)
 
 281                 crypto_free_hash(priv->rx_tfm_mic);
 
 284 static int michael_mic(struct crypto_hash *tfm_michael, u8 *key,
 
 285                        u8 *da, u8 *sa, u8 priority,
 
 286                        u8 *data, size_t data_len, u8 *mic)
 
 288         struct hash_desc desc;
 
 289         struct scatterlist sg[2];
 
 290         u8 hdr[ETH_HLEN + 2]; /* size of header + padding */
 
 292         if (tfm_michael == NULL) {
 
 293                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
 
 297         /* Copy header into buffer. We need the padding on the end zeroed */
 
 298         memcpy(&hdr[0], da, ETH_ALEN);
 
 299         memcpy(&hdr[ETH_ALEN], sa, ETH_ALEN);
 
 300         hdr[ETH_ALEN*2] = priority;
 
 301         hdr[ETH_ALEN*2+1] = 0;
 
 302         hdr[ETH_ALEN*2+2] = 0;
 
 303         hdr[ETH_ALEN*2+3] = 0;
 
 305         /* Use scatter gather to MIC header and data in one go */
 
 306         sg_init_table(sg, 2);
 
 307         sg_set_buf(&sg[0], hdr, sizeof(hdr));
 
 308         sg_set_buf(&sg[1], data, data_len);
 
 310         if (crypto_hash_setkey(tfm_michael, key, MIC_KEYLEN))
 
 313         desc.tfm = tfm_michael;
 
 315         return crypto_hash_digest(&desc, sg, data_len + sizeof(hdr),
 
 319 /********************************************************************/
 
 320 /* Internal helper functions                                        */
 
 321 /********************************************************************/
 
 323 static inline void set_port_type(struct orinoco_private *priv)
 
 325         switch (priv->iw_mode) {
 
 328                 priv->createibss = 0;
 
 331                 if (priv->prefer_port3) {
 
 333                         priv->createibss = 0;
 
 335                         priv->port_type = priv->ibss_port;
 
 336                         priv->createibss = 1;
 
 339         case IW_MODE_MONITOR:
 
 341                 priv->createibss = 0;
 
 344                 printk(KERN_ERR "%s: Invalid priv->iw_mode in set_port_type()\n",
 
 349 #define ORINOCO_MAX_BSS_COUNT   64
 
 350 static int orinoco_bss_data_allocate(struct orinoco_private *priv)
 
 352         if (priv->bss_xbss_data)
 
 355         if (priv->has_ext_scan)
 
 356                 priv->bss_xbss_data = kzalloc(ORINOCO_MAX_BSS_COUNT *
 
 357                                               sizeof(struct xbss_element),
 
 360                 priv->bss_xbss_data = kzalloc(ORINOCO_MAX_BSS_COUNT *
 
 361                                               sizeof(struct bss_element),
 
 364         if (!priv->bss_xbss_data) {
 
 365                 printk(KERN_WARNING "Out of memory allocating beacons");
 
 371 static void orinoco_bss_data_free(struct orinoco_private *priv)
 
 373         kfree(priv->bss_xbss_data);
 
 374         priv->bss_xbss_data = NULL;
 
 377 #define PRIV_BSS        ((struct bss_element *)priv->bss_xbss_data)
 
 378 #define PRIV_XBSS       ((struct xbss_element *)priv->bss_xbss_data)
 
 379 static void orinoco_bss_data_init(struct orinoco_private *priv)
 
 383         INIT_LIST_HEAD(&priv->bss_free_list);
 
 384         INIT_LIST_HEAD(&priv->bss_list);
 
 385         if (priv->has_ext_scan)
 
 386                 for (i = 0; i < ORINOCO_MAX_BSS_COUNT; i++)
 
 387                         list_add_tail(&(PRIV_XBSS[i].list),
 
 388                                       &priv->bss_free_list);
 
 390                 for (i = 0; i < ORINOCO_MAX_BSS_COUNT; i++)
 
 391                         list_add_tail(&(PRIV_BSS[i].list),
 
 392                                       &priv->bss_free_list);
 
 396 static inline u8 *orinoco_get_ie(u8 *data, size_t len,
 
 397                                  enum ieee80211_eid eid)
 
 400         while ((p + 2) < (data + len)) {
 
 408 #define WPA_OUI_TYPE    "\x00\x50\xF2\x01"
 
 409 #define WPA_SELECTOR_LEN 4
 
 410 static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len)
 
 413         while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
 
 414                 if ((p[0] == WLAN_EID_GENERIC) &&
 
 415                     (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
 
 423 /********************************************************************/
 
 424 /* Download functionality                                           */
 
 425 /********************************************************************/
 
 435 const static struct fw_info orinoco_fw[] = {
 
 436         { NULL, "agere_sta_fw.bin", "agere_ap_fw.bin", 0x00390000, 1000 },
 
 437         { NULL, "prism_sta_fw.bin", "prism_ap_fw.bin", 0, 1024 },
 
 438         { "symbol_sp24t_prim_fw", "symbol_sp24t_sec_fw", NULL, 0x00003100, 512 }
 
 441 /* Structure used to access fields in FW
 
 442  * Make sure LE decoding macros are used
 
 444 struct orinoco_fw_header {
 
 445         char hdr_vers[6];       /* ASCII string for header version */
 
 446         __le16 headersize;      /* Total length of header */
 
 447         __le32 entry_point;     /* NIC entry point */
 
 448         __le32 blocks;          /* Number of blocks to program */
 
 449         __le32 block_offset;    /* Offset of block data from eof header */
 
 450         __le32 pdr_offset;      /* Offset to PDR data from eof header */
 
 451         __le32 pri_offset;      /* Offset to primary plug data */
 
 452         __le32 compat_offset;   /* Offset to compatibility data*/
 
 453         char signature[0];      /* FW signature length headersize-20 */
 
 454 } __attribute__ ((packed));
 
 456 /* Download either STA or AP firmware into the card. */
 
 458 orinoco_dl_firmware(struct orinoco_private *priv,
 
 459                     const struct fw_info *fw,
 
 462         /* Plug Data Area (PDA) */
 
 465         hermes_t *hw = &priv->hw;
 
 466         const struct firmware *fw_entry;
 
 467         const struct orinoco_fw_header *hdr;
 
 468         const unsigned char *first_block;
 
 469         const unsigned char *end;
 
 470         const char *firmware;
 
 471         struct net_device *dev = priv->ndev;
 
 474         pda = kzalloc(fw->pda_size, GFP_KERNEL);
 
 479                 firmware = fw->ap_fw;
 
 481                 firmware = fw->sta_fw;
 
 483         printk(KERN_DEBUG "%s: Attempting to download firmware %s\n",
 
 484                dev->name, firmware);
 
 486         /* Read current plug data */
 
 487         err = hermes_read_pda(hw, pda, fw->pda_addr, fw->pda_size, 0);
 
 488         printk(KERN_DEBUG "%s: Read PDA returned %d\n", dev->name, err);
 
 492         if (!priv->cached_fw) {
 
 493                 err = request_firmware(&fw_entry, firmware, priv->dev);
 
 496                         printk(KERN_ERR "%s: Cannot find firmware %s\n",
 
 497                                dev->name, firmware);
 
 502                 fw_entry = priv->cached_fw;
 
 504         hdr = (const struct orinoco_fw_header *) fw_entry->data;
 
 506         /* Enable aux port to allow programming */
 
 507         err = hermesi_program_init(hw, le32_to_cpu(hdr->entry_point));
 
 508         printk(KERN_DEBUG "%s: Program init returned %d\n", dev->name, err);
 
 513         first_block = (fw_entry->data +
 
 514                        le16_to_cpu(hdr->headersize) +
 
 515                        le32_to_cpu(hdr->block_offset));
 
 516         end = fw_entry->data + fw_entry->size;
 
 518         err = hermes_program(hw, first_block, end);
 
 519         printk(KERN_DEBUG "%s: Program returned %d\n", dev->name, err);
 
 523         /* Update production data */
 
 524         first_block = (fw_entry->data +
 
 525                        le16_to_cpu(hdr->headersize) +
 
 526                        le32_to_cpu(hdr->pdr_offset));
 
 528         err = hermes_apply_pda_with_defaults(hw, first_block, pda);
 
 529         printk(KERN_DEBUG "%s: Apply PDA returned %d\n", dev->name, err);
 
 533         /* Tell card we've finished */
 
 534         err = hermesi_program_end(hw);
 
 535         printk(KERN_DEBUG "%s: Program end returned %d\n", dev->name, err);
 
 539         /* Check if we're running */
 
 540         printk(KERN_DEBUG "%s: hermes_present returned %d\n",
 
 541                dev->name, hermes_present(hw));
 
 544         /* If we requested the firmware, release it. */
 
 545         if (!priv->cached_fw)
 
 546                 release_firmware(fw_entry);
 
 554 #define TEXT_END        0x1A            /* End of text header */
 
 557  * Process a firmware image - stop the card, load the firmware, reset
 
 558  * the card and make sure it responds.  For the secondary firmware take
 
 559  * care of the PDA - read it and then write it on top of the firmware.
 
 562 symbol_dl_image(struct orinoco_private *priv, const struct fw_info *fw,
 
 563                 const unsigned char *image, const unsigned char *end,
 
 566         hermes_t *hw = &priv->hw;
 
 568         const unsigned char *ptr;
 
 569         const unsigned char *first_block;
 
 571         /* Plug Data Area (PDA) */
 
 574         /* Binary block begins after the 0x1A marker */
 
 576         while (*ptr++ != TEXT_END);
 
 579         /* Read the PDA from EEPROM */
 
 581                 pda = kzalloc(fw->pda_size, GFP_KERNEL);
 
 585                 ret = hermes_read_pda(hw, pda, fw->pda_addr, fw->pda_size, 1);
 
 590         /* Stop the firmware, so that it can be safely rewritten */
 
 592                 ret = priv->stop_fw(priv, 1);
 
 597         /* Program the adapter with new firmware */
 
 598         ret = hermes_program(hw, first_block, end);
 
 602         /* Write the PDA to the adapter */
 
 604                 size_t len = hermes_blocks_length(first_block);
 
 605                 ptr = first_block + len;
 
 606                 ret = hermes_apply_pda(hw, ptr, pda);
 
 612         /* Run the firmware */
 
 614                 ret = priv->stop_fw(priv, 0);
 
 619         /* Reset hermes chip and make sure it responds */
 
 620         ret = hermes_init(hw);
 
 622         /* hermes_reset() should return 0 with the secondary firmware */
 
 623         if (secondary && ret != 0)
 
 626         /* And this should work with any firmware */
 
 627         if (!hermes_present(hw))
 
 639  * Download the firmware into the card, this also does a PCMCIA soft
 
 640  * reset on the card, to make sure it's in a sane state.
 
 643 symbol_dl_firmware(struct orinoco_private *priv,
 
 644                    const struct fw_info *fw)
 
 646         struct net_device *dev = priv->ndev;
 
 648         const struct firmware *fw_entry;
 
 650         if (!priv->cached_pri_fw) {
 
 651                 if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) {
 
 652                         printk(KERN_ERR "%s: Cannot find firmware: %s\n",
 
 653                                dev->name, fw->pri_fw);
 
 657                 fw_entry = priv->cached_pri_fw;
 
 659         /* Load primary firmware */
 
 660         ret = symbol_dl_image(priv, fw, fw_entry->data,
 
 661                               fw_entry->data + fw_entry->size, 0);
 
 663         if (!priv->cached_pri_fw)
 
 664                 release_firmware(fw_entry);
 
 666                 printk(KERN_ERR "%s: Primary firmware download failed\n",
 
 671         if (!priv->cached_fw) {
 
 672                 if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) {
 
 673                         printk(KERN_ERR "%s: Cannot find firmware: %s\n",
 
 674                                dev->name, fw->sta_fw);
 
 678                 fw_entry = priv->cached_fw;
 
 680         /* Load secondary firmware */
 
 681         ret = symbol_dl_image(priv, fw, fw_entry->data,
 
 682                               fw_entry->data + fw_entry->size, 1);
 
 683         if (!priv->cached_fw)
 
 684                 release_firmware(fw_entry);
 
 686                 printk(KERN_ERR "%s: Secondary firmware download failed\n",
 
 693 static int orinoco_download(struct orinoco_private *priv)
 
 696         /* Reload firmware */
 
 697         switch (priv->firmware_type) {
 
 698         case FIRMWARE_TYPE_AGERE:
 
 699                 /* case FIRMWARE_TYPE_INTERSIL: */
 
 700                 err = orinoco_dl_firmware(priv,
 
 701                                           &orinoco_fw[priv->firmware_type], 0);
 
 704         case FIRMWARE_TYPE_SYMBOL:
 
 705                 err = symbol_dl_firmware(priv,
 
 706                                          &orinoco_fw[priv->firmware_type]);
 
 708         case FIRMWARE_TYPE_INTERSIL:
 
 711         /* TODO: if we fail we probably need to reinitialise
 
 717 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
 
 718 static void orinoco_cache_fw(struct orinoco_private *priv, int ap)
 
 720         const struct firmware *fw_entry = NULL;
 
 724         pri_fw = orinoco_fw[priv->firmware_type].pri_fw;
 
 726                 fw = orinoco_fw[priv->firmware_type].ap_fw;
 
 728                 fw = orinoco_fw[priv->firmware_type].sta_fw;
 
 731                 if (request_firmware(&fw_entry, pri_fw, priv->dev) == 0)
 
 732                         priv->cached_pri_fw = fw_entry;
 
 736                 if (request_firmware(&fw_entry, fw, priv->dev) == 0)
 
 737                         priv->cached_fw = fw_entry;
 
 741 static void orinoco_uncache_fw(struct orinoco_private *priv)
 
 743         if (priv->cached_pri_fw)
 
 744                 release_firmware(priv->cached_pri_fw);
 
 746                 release_firmware(priv->cached_fw);
 
 748         priv->cached_pri_fw = NULL;
 
 749         priv->cached_fw = NULL;
 
 752 #define orinoco_cache_fw(priv, ap)
 
 753 #define orinoco_uncache_fw(priv)
 
 756 /********************************************************************/
 
 758 /********************************************************************/
 
 760 static int orinoco_open(struct net_device *dev)
 
 762         struct orinoco_private *priv = netdev_priv(dev);
 
 766         if (orinoco_lock(priv, &flags) != 0)
 
 769         err = __orinoco_up(dev);
 
 774         orinoco_unlock(priv, &flags);
 
 779 static int orinoco_stop(struct net_device *dev)
 
 781         struct orinoco_private *priv = netdev_priv(dev);
 
 784         /* We mustn't use orinoco_lock() here, because we need to be
 
 785            able to close the interface even if hw_unavailable is set
 
 786            (e.g. as we're released after a PC Card removal) */
 
 787         spin_lock_irq(&priv->lock);
 
 791         err = __orinoco_down(dev);
 
 793         spin_unlock_irq(&priv->lock);
 
 798 static struct net_device_stats *orinoco_get_stats(struct net_device *dev)
 
 800         struct orinoco_private *priv = netdev_priv(dev);
 
 805 static struct iw_statistics *orinoco_get_wireless_stats(struct net_device *dev)
 
 807         struct orinoco_private *priv = netdev_priv(dev);
 
 808         hermes_t *hw = &priv->hw;
 
 809         struct iw_statistics *wstats = &priv->wstats;
 
 813         if (! netif_device_present(dev)) {
 
 814                 printk(KERN_WARNING "%s: get_wireless_stats() called while device not present\n",
 
 816                 return NULL; /* FIXME: Can we do better than this? */
 
 819         /* If busy, return the old stats.  Returning NULL may cause
 
 820          * the interface to disappear from /proc/net/wireless */
 
 821         if (orinoco_lock(priv, &flags) != 0)
 
 824         /* We can't really wait for the tallies inquiry command to
 
 825          * complete, so we just use the previous results and trigger
 
 826          * a new tallies inquiry command for next time - Jean II */
 
 827         /* FIXME: Really we should wait for the inquiry to come back -
 
 828          * as it is the stats we give don't make a whole lot of sense.
 
 829          * Unfortunately, it's not clear how to do that within the
 
 830          * wireless extensions framework: I think we're in user
 
 831          * context, but a lock seems to be held by the time we get in
 
 832          * here so we're not safe to sleep here. */
 
 833         hermes_inquire(hw, HERMES_INQ_TALLIES);
 
 835         if (priv->iw_mode == IW_MODE_ADHOC) {
 
 836                 memset(&wstats->qual, 0, sizeof(wstats->qual));
 
 837                 /* If a spy address is defined, we report stats of the
 
 838                  * first spy address - Jean II */
 
 839                 if (SPY_NUMBER(priv)) {
 
 840                         wstats->qual.qual = priv->spy_data.spy_stat[0].qual;
 
 841                         wstats->qual.level = priv->spy_data.spy_stat[0].level;
 
 842                         wstats->qual.noise = priv->spy_data.spy_stat[0].noise;
 
 843                         wstats->qual.updated = priv->spy_data.spy_stat[0].updated;
 
 847                         __le16 qual, signal, noise, unused;
 
 848                 } __attribute__ ((packed)) cq;
 
 850                 err = HERMES_READ_RECORD(hw, USER_BAP,
 
 851                                          HERMES_RID_COMMSQUALITY, &cq);
 
 854                         wstats->qual.qual = (int)le16_to_cpu(cq.qual);
 
 855                         wstats->qual.level = (int)le16_to_cpu(cq.signal) - 0x95;
 
 856                         wstats->qual.noise = (int)le16_to_cpu(cq.noise) - 0x95;
 
 857                         wstats->qual.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
 
 861         orinoco_unlock(priv, &flags);
 
 865 static void orinoco_set_multicast_list(struct net_device *dev)
 
 867         struct orinoco_private *priv = netdev_priv(dev);
 
 870         if (orinoco_lock(priv, &flags) != 0) {
 
 871                 printk(KERN_DEBUG "%s: orinoco_set_multicast_list() "
 
 872                        "called when hw_unavailable\n", dev->name);
 
 876         __orinoco_set_multicast_list(dev);
 
 877         orinoco_unlock(priv, &flags);
 
 880 static int orinoco_change_mtu(struct net_device *dev, int new_mtu)
 
 882         struct orinoco_private *priv = netdev_priv(dev);
 
 884         if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) )
 
 887         /* MTU + encapsulation + header length */
 
 888         if ( (new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
 
 889              (priv->nicbuf_size - ETH_HLEN) )
 
 897 /********************************************************************/
 
 899 /********************************************************************/
 
 901 static int orinoco_xmit(struct sk_buff *skb, struct net_device *dev)
 
 903         struct orinoco_private *priv = netdev_priv(dev);
 
 904         struct net_device_stats *stats = &priv->stats;
 
 905         hermes_t *hw = &priv->hw;
 
 907         u16 txfid = priv->txfid;
 
 912         if (! netif_running(dev)) {
 
 913                 printk(KERN_ERR "%s: Tx on stopped device!\n",
 
 915                 return NETDEV_TX_BUSY;
 
 918         if (netif_queue_stopped(dev)) {
 
 919                 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n", 
 
 921                 return NETDEV_TX_BUSY;
 
 924         if (orinoco_lock(priv, &flags) != 0) {
 
 925                 printk(KERN_ERR "%s: orinoco_xmit() called while hw_unavailable\n",
 
 927                 return NETDEV_TX_BUSY;
 
 930         if (! netif_carrier_ok(dev) || (priv->iw_mode == IW_MODE_MONITOR)) {
 
 931                 /* Oops, the firmware hasn't established a connection,
 
 932                    silently drop the packet (this seems to be the
 
 937         /* Check packet length */
 
 938         if (skb->len < ETH_HLEN)
 
 941         tx_control = HERMES_TXCTRL_TX_OK | HERMES_TXCTRL_TX_EX;
 
 943         if (priv->encode_alg == IW_ENCODE_ALG_TKIP)
 
 944                 tx_control |= (priv->tx_key << HERMES_MIC_KEY_ID_SHIFT) |
 
 947         if (priv->has_alt_txcntl) {
 
 948                 /* WPA enabled firmwares have tx_cntl at the end of
 
 949                  * the 802.11 header.  So write zeroed descriptor and
 
 950                  * 802.11 header at the same time
 
 952                 char desc[HERMES_802_3_OFFSET];
 
 953                 __le16 *txcntl = (__le16 *) &desc[HERMES_TXCNTL2_OFFSET];
 
 955                 memset(&desc, 0, sizeof(desc));
 
 957                 *txcntl = cpu_to_le16(tx_control);
 
 958                 err = hermes_bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
 
 962                                 printk(KERN_ERR "%s: Error %d writing Tx "
 
 963                                        "descriptor to BAP\n", dev->name, err);
 
 967                 struct hermes_tx_descriptor desc;
 
 969                 memset(&desc, 0, sizeof(desc));
 
 971                 desc.tx_control = cpu_to_le16(tx_control);
 
 972                 err = hermes_bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
 
 976                                 printk(KERN_ERR "%s: Error %d writing Tx "
 
 977                                        "descriptor to BAP\n", dev->name, err);
 
 981                 /* Clear the 802.11 header and data length fields - some
 
 982                  * firmwares (e.g. Lucent/Agere 8.xx) appear to get confused
 
 983                  * if this isn't done. */
 
 984                 hermes_clear_words(hw, HERMES_DATA0,
 
 985                                    HERMES_802_3_OFFSET - HERMES_802_11_OFFSET);
 
 988         eh = (struct ethhdr *)skb->data;
 
 990         /* Encapsulate Ethernet-II frames */
 
 991         if (ntohs(eh->h_proto) > ETH_DATA_LEN) { /* Ethernet-II frame */
 
 992                 struct header_struct {
 
 993                         struct ethhdr eth;      /* 802.3 header */
 
 994                         u8 encap[6];            /* 802.2 header */
 
 995                 } __attribute__ ((packed)) hdr;
 
 997                 /* Strip destination and source from the data */
 
 998                 skb_pull(skb, 2 * ETH_ALEN);
 
1000                 /* And move them to a separate header */
 
1001                 memcpy(&hdr.eth, eh, 2 * ETH_ALEN);
 
1002                 hdr.eth.h_proto = htons(sizeof(encaps_hdr) + skb->len);
 
1003                 memcpy(hdr.encap, encaps_hdr, sizeof(encaps_hdr));
 
1005                 /* Insert the SNAP header */
 
1006                 if (skb_headroom(skb) < sizeof(hdr)) {
 
1008                                "%s: Not enough headroom for 802.2 headers %d\n",
 
1009                                dev->name, skb_headroom(skb));
 
1012                 eh = (struct ethhdr *) skb_push(skb, sizeof(hdr));
 
1013                 memcpy(eh, &hdr, sizeof(hdr));
 
1016         err = hermes_bap_pwrite(hw, USER_BAP, skb->data, skb->len,
 
1017                                 txfid, HERMES_802_3_OFFSET);
 
1019                 printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
 
1024         /* Calculate Michael MIC */
 
1025         if (priv->encode_alg == IW_ENCODE_ALG_TKIP) {
 
1026                 u8 mic_buf[MICHAEL_MIC_LEN + 1];
 
1032                         /* MIC start is on an odd boundary */
 
1033                         mic_buf[0] = skb->data[skb->len - 1];
 
1035                         offset = skb->len - 1;
 
1036                         len = MICHAEL_MIC_LEN + 1;
 
1040                         len = MICHAEL_MIC_LEN;
 
1043                 michael_mic(priv->tx_tfm_mic,
 
1044                             priv->tkip_key[priv->tx_key].tx_mic,
 
1045                             eh->h_dest, eh->h_source, 0 /* priority */,
 
1046                             skb->data + ETH_HLEN, skb->len - ETH_HLEN, mic);
 
1049                 err = hermes_bap_pwrite(hw, USER_BAP, &mic_buf[0], len,
 
1050                                         txfid, HERMES_802_3_OFFSET + offset);
 
1052                         printk(KERN_ERR "%s: Error %d writing MIC to BAP\n",
 
1058         /* Finally, we actually initiate the send */
 
1059         netif_stop_queue(dev);
 
1061         err = hermes_docmd_wait(hw, HERMES_CMD_TX | HERMES_CMD_RECL,
 
1064                 netif_start_queue(dev);
 
1065                 if (net_ratelimit())
 
1066                         printk(KERN_ERR "%s: Error %d transmitting packet\n",
 
1071         dev->trans_start = jiffies;
 
1072         stats->tx_bytes += HERMES_802_3_OFFSET + skb->len;
 
1077         stats->tx_dropped++;
 
1080         orinoco_unlock(priv, &flags);
 
1082         return NETDEV_TX_OK;
 
1086                 schedule_work(&priv->reset_work);
 
1087         orinoco_unlock(priv, &flags);
 
1088         return NETDEV_TX_BUSY;
 
1091 static void __orinoco_ev_alloc(struct net_device *dev, hermes_t *hw)
 
1093         struct orinoco_private *priv = netdev_priv(dev);
 
1094         u16 fid = hermes_read_regn(hw, ALLOCFID);
 
1096         if (fid != priv->txfid) {
 
1097                 if (fid != DUMMY_FID)
 
1098                         printk(KERN_WARNING "%s: Allocate event on unexpected fid (%04X)\n",
 
1103         hermes_write_regn(hw, ALLOCFID, DUMMY_FID);
 
1106 static void __orinoco_ev_tx(struct net_device *dev, hermes_t *hw)
 
1108         struct orinoco_private *priv = netdev_priv(dev);
 
1109         struct net_device_stats *stats = &priv->stats;
 
1111         stats->tx_packets++;
 
1113         netif_wake_queue(dev);
 
1115         hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
 
1118 static void __orinoco_ev_txexc(struct net_device *dev, hermes_t *hw)
 
1120         struct orinoco_private *priv = netdev_priv(dev);
 
1121         struct net_device_stats *stats = &priv->stats;
 
1122         u16 fid = hermes_read_regn(hw, TXCOMPLFID);
 
1124         struct hermes_txexc_data hdr;
 
1127         if (fid == DUMMY_FID)
 
1128                 return; /* Nothing's really happened */
 
1130         /* Read part of the frame header - we need status and addr1 */
 
1131         err = hermes_bap_pread(hw, IRQ_BAP, &hdr,
 
1132                                sizeof(struct hermes_txexc_data),
 
1135         hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
 
1139                 printk(KERN_WARNING "%s: Unable to read descriptor on Tx error "
 
1140                        "(FID=%04X error %d)\n",
 
1141                        dev->name, fid, err);
 
1145         DEBUG(1, "%s: Tx error, err %d (FID=%04X)\n", dev->name,
 
1148         /* We produce a TXDROP event only for retry or lifetime
 
1149          * exceeded, because that's the only status that really mean
 
1150          * that this particular node went away.
 
1151          * Other errors means that *we* screwed up. - Jean II */
 
1152         status = le16_to_cpu(hdr.desc.status);
 
1153         if (status & (HERMES_TXSTAT_RETRYERR | HERMES_TXSTAT_AGEDERR)) {
 
1154                 union iwreq_data        wrqu;
 
1156                 /* Copy 802.11 dest address.
 
1157                  * We use the 802.11 header because the frame may
 
1158                  * not be 802.3 or may be mangled...
 
1159                  * In Ad-Hoc mode, it will be the node address.
 
1160                  * In managed mode, it will be most likely the AP addr
 
1161                  * User space will figure out how to convert it to
 
1162                  * whatever it needs (IP address or else).
 
1164                 memcpy(wrqu.addr.sa_data, hdr.addr1, ETH_ALEN);
 
1165                 wrqu.addr.sa_family = ARPHRD_ETHER;
 
1167                 /* Send event to user space */
 
1168                 wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
 
1171         netif_wake_queue(dev);
 
1174 static void orinoco_tx_timeout(struct net_device *dev)
 
1176         struct orinoco_private *priv = netdev_priv(dev);
 
1177         struct net_device_stats *stats = &priv->stats;
 
1178         struct hermes *hw = &priv->hw;
 
1180         printk(KERN_WARNING "%s: Tx timeout! "
 
1181                "ALLOCFID=%04x, TXCOMPLFID=%04x, EVSTAT=%04x\n",
 
1182                dev->name, hermes_read_regn(hw, ALLOCFID),
 
1183                hermes_read_regn(hw, TXCOMPLFID), hermes_read_regn(hw, EVSTAT));
 
1187         schedule_work(&priv->reset_work);
 
1190 /********************************************************************/
 
1191 /* Rx path (data frames)                                            */
 
1192 /********************************************************************/
 
1194 /* Does the frame have a SNAP header indicating it should be
 
1195  * de-encapsulated to Ethernet-II? */
 
1196 static inline int is_ethersnap(void *_hdr)
 
1200         /* We de-encapsulate all packets which, a) have SNAP headers
 
1201          * (i.e. SSAP=DSAP=0xaa and CTRL=0x3 in the 802.2 LLC header
 
1202          * and where b) the OUI of the SNAP header is 00:00:00 or
 
1203          * 00:00:f8 - we need both because different APs appear to use
 
1204          * different OUIs for some reason */
 
1205         return (memcmp(hdr, &encaps_hdr, 5) == 0)
 
1206                 && ( (hdr[5] == 0x00) || (hdr[5] == 0xf8) );
 
1209 static inline void orinoco_spy_gather(struct net_device *dev, u_char *mac,
 
1210                                       int level, int noise)
 
1212         struct iw_quality wstats;
 
1213         wstats.level = level - 0x95;
 
1214         wstats.noise = noise - 0x95;
 
1215         wstats.qual = (level > noise) ? (level - noise) : 0;
 
1216         wstats.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
 
1217         /* Update spy records */
 
1218         wireless_spy_update(dev, mac, &wstats);
 
1221 static void orinoco_stat_gather(struct net_device *dev,
 
1222                                 struct sk_buff *skb,
 
1223                                 struct hermes_rx_descriptor *desc)
 
1225         struct orinoco_private *priv = netdev_priv(dev);
 
1227         /* Using spy support with lots of Rx packets, like in an
 
1228          * infrastructure (AP), will really slow down everything, because
 
1229          * the MAC address must be compared to each entry of the spy list.
 
1230          * If the user really asks for it (set some address in the
 
1231          * spy list), we do it, but he will pay the price.
 
1232          * Note that to get here, you need both WIRELESS_SPY
 
1233          * compiled in AND some addresses in the list !!!
 
1235         /* Note : gcc will optimise the whole section away if
 
1236          * WIRELESS_SPY is not defined... - Jean II */
 
1237         if (SPY_NUMBER(priv)) {
 
1238                 orinoco_spy_gather(dev, skb_mac_header(skb) + ETH_ALEN,
 
1239                                    desc->signal, desc->silence);
 
1244  * orinoco_rx_monitor - handle received monitor frames.
 
1247  *      dev             network device
 
1248  *      rxfid           received FID
 
1249  *      desc            rx descriptor of the frame
 
1251  * Call context: interrupt
 
1253 static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
 
1254                                struct hermes_rx_descriptor *desc)
 
1256         u32 hdrlen = 30;        /* return full header by default */
 
1261         struct sk_buff *skb;
 
1262         struct orinoco_private *priv = netdev_priv(dev);
 
1263         struct net_device_stats *stats = &priv->stats;
 
1264         hermes_t *hw = &priv->hw;
 
1266         len = le16_to_cpu(desc->data_len);
 
1268         /* Determine the size of the header and the data */
 
1269         fc = le16_to_cpu(desc->frame_ctl);
 
1270         switch (fc & IEEE80211_FCTL_FTYPE) {
 
1271         case IEEE80211_FTYPE_DATA:
 
1272                 if ((fc & IEEE80211_FCTL_TODS)
 
1273                     && (fc & IEEE80211_FCTL_FROMDS))
 
1279         case IEEE80211_FTYPE_MGMT:
 
1283         case IEEE80211_FTYPE_CTL:
 
1284                 switch (fc & IEEE80211_FCTL_STYPE) {
 
1285                 case IEEE80211_STYPE_PSPOLL:
 
1286                 case IEEE80211_STYPE_RTS:
 
1287                 case IEEE80211_STYPE_CFEND:
 
1288                 case IEEE80211_STYPE_CFENDACK:
 
1291                 case IEEE80211_STYPE_CTS:
 
1292                 case IEEE80211_STYPE_ACK:
 
1298                 /* Unknown frame type */
 
1302         /* sanity check the length */
 
1303         if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
 
1304                 printk(KERN_DEBUG "%s: oversized monitor frame, "
 
1305                        "data length = %d\n", dev->name, datalen);
 
1306                 stats->rx_length_errors++;
 
1310         skb = dev_alloc_skb(hdrlen + datalen);
 
1312                 printk(KERN_WARNING "%s: Cannot allocate skb for monitor frame\n",
 
1317         /* Copy the 802.11 header to the skb */
 
1318         memcpy(skb_put(skb, hdrlen), &(desc->frame_ctl), hdrlen);
 
1319         skb_reset_mac_header(skb);
 
1321         /* If any, copy the data from the card to the skb */
 
1323                 err = hermes_bap_pread(hw, IRQ_BAP, skb_put(skb, datalen),
 
1324                                        ALIGN(datalen, 2), rxfid,
 
1325                                        HERMES_802_2_OFFSET);
 
1327                         printk(KERN_ERR "%s: error %d reading monitor frame\n",
 
1334         skb->ip_summed = CHECKSUM_NONE;
 
1335         skb->pkt_type = PACKET_OTHERHOST;
 
1336         skb->protocol = __constant_htons(ETH_P_802_2);
 
1338         stats->rx_packets++;
 
1339         stats->rx_bytes += skb->len;
 
1345         dev_kfree_skb_irq(skb);
 
1348         stats->rx_dropped++;
 
1351 /* Get tsc from the firmware */
 
1352 static int orinoco_hw_get_tkip_iv(struct orinoco_private *priv, int key,
 
1355         hermes_t *hw = &priv->hw;
 
1357         u8 tsc_arr[4][IW_ENCODE_SEQ_MAX_SIZE];
 
1359         if ((key < 0) || (key > 4))
 
1362         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_TKIP_IV,
 
1363                               sizeof(tsc_arr), NULL, &tsc_arr);
 
1365                 memcpy(tsc, &tsc_arr[key][0], sizeof(tsc_arr[0]));
 
1370 static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw)
 
1372         struct orinoco_private *priv = netdev_priv(dev);
 
1373         struct net_device_stats *stats = &priv->stats;
 
1374         struct iw_statistics *wstats = &priv->wstats;
 
1375         struct sk_buff *skb = NULL;
 
1378         struct hermes_rx_descriptor *desc;
 
1379         struct orinoco_rx_data *rx_data;
 
1382         desc = kmalloc(sizeof(*desc), GFP_ATOMIC);
 
1385                        "%s: Can't allocate space for RX descriptor\n",
 
1390         rxfid = hermes_read_regn(hw, RXFID);
 
1392         err = hermes_bap_pread(hw, IRQ_BAP, desc, sizeof(*desc),
 
1395                 printk(KERN_ERR "%s: error %d reading Rx descriptor. "
 
1396                        "Frame dropped.\n", dev->name, err);
 
1400         status = le16_to_cpu(desc->status);
 
1402         if (status & HERMES_RXSTAT_BADCRC) {
 
1403                 DEBUG(1, "%s: Bad CRC on Rx. Frame dropped.\n",
 
1405                 stats->rx_crc_errors++;
 
1409         /* Handle frames in monitor mode */
 
1410         if (priv->iw_mode == IW_MODE_MONITOR) {
 
1411                 orinoco_rx_monitor(dev, rxfid, desc);
 
1415         if (status & HERMES_RXSTAT_UNDECRYPTABLE) {
 
1416                 DEBUG(1, "%s: Undecryptable frame on Rx. Frame dropped.\n",
 
1418                 wstats->discard.code++;
 
1422         length = le16_to_cpu(desc->data_len);
 
1425         if (length < 3) { /* No for even an 802.2 LLC header */
 
1426                 /* At least on Symbol firmware with PCF we get quite a
 
1427                    lot of these legitimately - Poll frames with no
 
1431         if (length > IEEE80211_MAX_DATA_LEN) {
 
1432                 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
 
1434                 stats->rx_length_errors++;
 
1438         /* Payload size does not include Michael MIC. Increase payload
 
1439          * size to read it together with the data. */
 
1440         if (status & HERMES_RXSTAT_MIC)
 
1441                 length += MICHAEL_MIC_LEN;
 
1443         /* We need space for the packet data itself, plus an ethernet
 
1444            header, plus 2 bytes so we can align the IP header on a
 
1445            32bit boundary, plus 1 byte so we can read in odd length
 
1446            packets from the card, which has an IO granularity of 16
 
1448         skb = dev_alloc_skb(length+ETH_HLEN+2+1);
 
1450                 printk(KERN_WARNING "%s: Can't allocate skb for Rx\n",
 
1455         /* We'll prepend the header, so reserve space for it.  The worst
 
1456            case is no decapsulation, when 802.3 header is prepended and
 
1457            nothing is removed.  2 is for aligning the IP header.  */
 
1458         skb_reserve(skb, ETH_HLEN + 2);
 
1460         err = hermes_bap_pread(hw, IRQ_BAP, skb_put(skb, length),
 
1461                                ALIGN(length, 2), rxfid,
 
1462                                HERMES_802_2_OFFSET);
 
1464                 printk(KERN_ERR "%s: error %d reading frame. "
 
1465                        "Frame dropped.\n", dev->name, err);
 
1469         /* Add desc and skb to rx queue */
 
1470         rx_data = kzalloc(sizeof(*rx_data), GFP_ATOMIC);
 
1472                 printk(KERN_WARNING "%s: Can't allocate RX packet\n",
 
1476         rx_data->desc = desc;
 
1478         list_add_tail(&rx_data->list, &priv->rx_list);
 
1479         tasklet_schedule(&priv->rx_tasklet);
 
1484         dev_kfree_skb_irq(skb);
 
1487         stats->rx_dropped++;
 
1492 static void orinoco_rx(struct net_device *dev,
 
1493                        struct hermes_rx_descriptor *desc,
 
1494                        struct sk_buff *skb)
 
1496         struct orinoco_private *priv = netdev_priv(dev);
 
1497         struct net_device_stats *stats = &priv->stats;
 
1502         status = le16_to_cpu(desc->status);
 
1503         length = le16_to_cpu(desc->data_len);
 
1504         fc = le16_to_cpu(desc->frame_ctl);
 
1506         /* Calculate and check MIC */
 
1507         if (status & HERMES_RXSTAT_MIC) {
 
1508                 int key_id = ((status & HERMES_RXSTAT_MIC_KEY_ID) >>
 
1509                               HERMES_MIC_KEY_ID_SHIFT);
 
1510                 u8 mic[MICHAEL_MIC_LEN];
 
1512                 u8 *src = (fc & IEEE80211_FCTL_FROMDS) ?
 
1513                         desc->addr3 : desc->addr2;
 
1515                 /* Extract Michael MIC from payload */
 
1516                 rxmic = skb->data + skb->len - MICHAEL_MIC_LEN;
 
1518                 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
 
1519                 length -= MICHAEL_MIC_LEN;
 
1521                 michael_mic(priv->rx_tfm_mic,
 
1522                             priv->tkip_key[key_id].rx_mic,
 
1525                             0, /* priority or QoS? */
 
1530                 if (memcmp(mic, rxmic,
 
1532                         union iwreq_data wrqu;
 
1533                         struct iw_michaelmicfailure wxmic;
 
1535                         printk(KERN_WARNING "%s: "
 
1536                                "Invalid Michael MIC in data frame from %pM, "
 
1538                                dev->name, src, key_id);
 
1540                         /* TODO: update stats */
 
1542                         /* Notify userspace */
 
1543                         memset(&wxmic, 0, sizeof(wxmic));
 
1544                         wxmic.flags = key_id & IW_MICFAILURE_KEY_ID;
 
1545                         wxmic.flags |= (desc->addr1[0] & 1) ?
 
1546                                 IW_MICFAILURE_GROUP : IW_MICFAILURE_PAIRWISE;
 
1547                         wxmic.src_addr.sa_family = ARPHRD_ETHER;
 
1548                         memcpy(wxmic.src_addr.sa_data, src, ETH_ALEN);
 
1550                         (void) orinoco_hw_get_tkip_iv(priv, key_id,
 
1553                         memset(&wrqu, 0, sizeof(wrqu));
 
1554                         wrqu.data.length = sizeof(wxmic);
 
1555                         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu,
 
1562         /* Handle decapsulation
 
1563          * In most cases, the firmware tell us about SNAP frames.
 
1564          * For some reason, the SNAP frames sent by LinkSys APs
 
1565          * are not properly recognised by most firmwares.
 
1566          * So, check ourselves */
 
1567         if (length >= ENCAPS_OVERHEAD &&
 
1568             (((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_1042) ||
 
1569              ((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_TUNNEL) ||
 
1570              is_ethersnap(skb->data))) {
 
1571                 /* These indicate a SNAP within 802.2 LLC within
 
1572                    802.11 frame which we'll need to de-encapsulate to
 
1573                    the original EthernetII frame. */
 
1574                 hdr = (struct ethhdr *)skb_push(skb, ETH_HLEN - ENCAPS_OVERHEAD);
 
1576                 /* 802.3 frame - prepend 802.3 header as is */
 
1577                 hdr = (struct ethhdr *)skb_push(skb, ETH_HLEN);
 
1578                 hdr->h_proto = htons(length);
 
1580         memcpy(hdr->h_dest, desc->addr1, ETH_ALEN);
 
1581         if (fc & IEEE80211_FCTL_FROMDS)
 
1582                 memcpy(hdr->h_source, desc->addr3, ETH_ALEN);
 
1584                 memcpy(hdr->h_source, desc->addr2, ETH_ALEN);
 
1586         skb->protocol = eth_type_trans(skb, dev);
 
1587         skb->ip_summed = CHECKSUM_NONE;
 
1588         if (fc & IEEE80211_FCTL_TODS)
 
1589                 skb->pkt_type = PACKET_OTHERHOST;
 
1591         /* Process the wireless stats if needed */
 
1592         orinoco_stat_gather(dev, skb, desc);
 
1594         /* Pass the packet to the networking stack */
 
1596         stats->rx_packets++;
 
1597         stats->rx_bytes += length;
 
1604         stats->rx_dropped++;
 
1607 static void orinoco_rx_isr_tasklet(unsigned long data)
 
1609         struct net_device *dev = (struct net_device *) data;
 
1610         struct orinoco_private *priv = netdev_priv(dev);
 
1611         struct orinoco_rx_data *rx_data, *temp;
 
1612         struct hermes_rx_descriptor *desc;
 
1613         struct sk_buff *skb;
 
1614         unsigned long flags;
 
1616         /* orinoco_rx requires the driver lock, and we also need to
 
1617          * protect priv->rx_list, so just hold the lock over the
 
1620          * If orinoco_lock fails, we've unplugged the card. In this
 
1621          * case just abort. */
 
1622         if (orinoco_lock(priv, &flags) != 0)
 
1625         /* extract desc and skb from queue */
 
1626         list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
 
1627                 desc = rx_data->desc;
 
1629                 list_del(&rx_data->list);
 
1632                 orinoco_rx(dev, desc, skb);
 
1637         orinoco_unlock(priv, &flags);
 
1640 /********************************************************************/
 
1641 /* Rx path (info frames)                                            */
 
1642 /********************************************************************/
 
1644 static void print_linkstatus(struct net_device *dev, u16 status)
 
1648         if (suppress_linkstatus)
 
1652         case HERMES_LINKSTATUS_NOT_CONNECTED:
 
1653                 s = "Not Connected";
 
1655         case HERMES_LINKSTATUS_CONNECTED:
 
1658         case HERMES_LINKSTATUS_DISCONNECTED:
 
1661         case HERMES_LINKSTATUS_AP_CHANGE:
 
1664         case HERMES_LINKSTATUS_AP_OUT_OF_RANGE:
 
1665                 s = "AP Out of Range";
 
1667         case HERMES_LINKSTATUS_AP_IN_RANGE:
 
1670         case HERMES_LINKSTATUS_ASSOC_FAILED:
 
1671                 s = "Association Failed";
 
1677         printk(KERN_DEBUG "%s: New link status: %s (%04x)\n",
 
1678                dev->name, s, status);
 
1681 /* Search scan results for requested BSSID, join it if found */
 
1682 static void orinoco_join_ap(struct work_struct *work)
 
1684         struct orinoco_private *priv =
 
1685                 container_of(work, struct orinoco_private, join_work);
 
1686         struct net_device *dev = priv->ndev;
 
1687         struct hermes *hw = &priv->hw;
 
1689         unsigned long flags;
 
1693         } __attribute__ ((packed)) req;
 
1694         const int atom_len = offsetof(struct prism2_scan_apinfo, atim);
 
1695         struct prism2_scan_apinfo *atom = NULL;
 
1701         /* Allocate buffer for scan results */
 
1702         buf = kmalloc(MAX_SCAN_LEN, GFP_KERNEL);
 
1706         if (orinoco_lock(priv, &flags) != 0)
 
1709         /* Sanity checks in case user changed something in the meantime */
 
1710         if (! priv->bssid_fixed)
 
1713         if (strlen(priv->desired_essid) == 0)
 
1716         /* Read scan results from the firmware */
 
1717         err = hermes_read_ltv(hw, USER_BAP,
 
1718                               HERMES_RID_SCANRESULTSTABLE,
 
1719                               MAX_SCAN_LEN, &len, buf);
 
1721                 printk(KERN_ERR "%s: Cannot read scan results\n",
 
1726         len = HERMES_RECLEN_TO_BYTES(len);
 
1728         /* Go through the scan results looking for the channel of the AP
 
1729          * we were requested to join */
 
1730         for (; offset + atom_len <= len; offset += atom_len) {
 
1731                 atom = (struct prism2_scan_apinfo *) (buf + offset);
 
1732                 if (memcmp(&atom->bssid, priv->desired_bssid, ETH_ALEN) == 0) {
 
1739                 DEBUG(1, "%s: Requested AP not found in scan results\n",
 
1744         memcpy(req.bssid, priv->desired_bssid, ETH_ALEN);
 
1745         req.channel = atom->channel;    /* both are little-endian */
 
1746         err = HERMES_WRITE_RECORD(hw, USER_BAP, HERMES_RID_CNFJOINREQUEST,
 
1749                 printk(KERN_ERR "%s: Error issuing join request\n", dev->name);
 
1752         orinoco_unlock(priv, &flags);
 
1758 /* Send new BSSID to userspace */
 
1759 static void orinoco_send_bssid_wevent(struct orinoco_private *priv)
 
1761         struct net_device *dev = priv->ndev;
 
1762         struct hermes *hw = &priv->hw;
 
1763         union iwreq_data wrqu;
 
1766         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
 
1767                               ETH_ALEN, NULL, wrqu.ap_addr.sa_data);
 
1771         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 
1773         /* Send event to user space */
 
1774         wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
 
1777 static void orinoco_send_assocreqie_wevent(struct orinoco_private *priv)
 
1779         struct net_device *dev = priv->ndev;
 
1780         struct hermes *hw = &priv->hw;
 
1781         union iwreq_data wrqu;
 
1789         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_REQ_INFO,
 
1790                               sizeof(buf), NULL, &buf);
 
1794         ie = orinoco_get_wpa_ie(buf, sizeof(buf));
 
1796                 int rem = sizeof(buf) - (ie - &buf[0]);
 
1797                 wrqu.data.length = ie[1] + 2;
 
1798                 if (wrqu.data.length > rem)
 
1799                         wrqu.data.length = rem;
 
1801                 if (wrqu.data.length)
 
1802                         /* Send event to user space */
 
1803                         wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, ie);
 
1807 static void orinoco_send_assocrespie_wevent(struct orinoco_private *priv)
 
1809         struct net_device *dev = priv->ndev;
 
1810         struct hermes *hw = &priv->hw;
 
1811         union iwreq_data wrqu;
 
1813         u8 buf[88]; /* TODO: verify max size or IW_GENERIC_IE_MAX */
 
1819         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_RESP_INFO,
 
1820                               sizeof(buf), NULL, &buf);
 
1824         ie = orinoco_get_wpa_ie(buf, sizeof(buf));
 
1826                 int rem = sizeof(buf) - (ie - &buf[0]);
 
1827                 wrqu.data.length = ie[1] + 2;
 
1828                 if (wrqu.data.length > rem)
 
1829                         wrqu.data.length = rem;
 
1831                 if (wrqu.data.length)
 
1832                         /* Send event to user space */
 
1833                         wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, ie);
 
1837 static void orinoco_send_wevents(struct work_struct *work)
 
1839         struct orinoco_private *priv =
 
1840                 container_of(work, struct orinoco_private, wevent_work);
 
1841         unsigned long flags;
 
1843         if (orinoco_lock(priv, &flags) != 0)
 
1846         orinoco_send_assocreqie_wevent(priv);
 
1847         orinoco_send_assocrespie_wevent(priv);
 
1848         orinoco_send_bssid_wevent(priv);
 
1850         orinoco_unlock(priv, &flags);
 
1853 static inline void orinoco_clear_scan_results(struct orinoco_private *priv,
 
1854                                               unsigned long scan_age)
 
1856         if (priv->has_ext_scan) {
 
1857                 struct xbss_element *bss;
 
1858                 struct xbss_element *tmp_bss;
 
1860                 /* Blow away current list of scan results */
 
1861                 list_for_each_entry_safe(bss, tmp_bss, &priv->bss_list, list) {
 
1863                             time_after(jiffies, bss->last_scanned + scan_age)) {
 
1864                                 list_move_tail(&bss->list,
 
1865                                                &priv->bss_free_list);
 
1866                                 /* Don't blow away ->list, just BSS data */
 
1867                                 memset(&bss->bss, 0, sizeof(bss->bss));
 
1868                                 bss->last_scanned = 0;
 
1872                 struct bss_element *bss;
 
1873                 struct bss_element *tmp_bss;
 
1875                 /* Blow away current list of scan results */
 
1876                 list_for_each_entry_safe(bss, tmp_bss, &priv->bss_list, list) {
 
1878                             time_after(jiffies, bss->last_scanned + scan_age)) {
 
1879                                 list_move_tail(&bss->list,
 
1880                                                &priv->bss_free_list);
 
1881                                 /* Don't blow away ->list, just BSS data */
 
1882                                 memset(&bss->bss, 0, sizeof(bss->bss));
 
1883                                 bss->last_scanned = 0;
 
1889 static void orinoco_add_ext_scan_result(struct orinoco_private *priv,
 
1890                                         struct agere_ext_scan_info *atom)
 
1892         struct xbss_element *bss = NULL;
 
1895         /* Try to update an existing bss first */
 
1896         list_for_each_entry(bss, &priv->bss_list, list) {
 
1897                 if (compare_ether_addr(bss->bss.bssid, atom->bssid))
 
1900                 if (bss->bss.data[1] != atom->data[1])
 
1902                 if (memcmp(&bss->bss.data[2], &atom->data[2],
 
1909         /* Grab a bss off the free list */
 
1910         if (!found && !list_empty(&priv->bss_free_list)) {
 
1911                 bss = list_entry(priv->bss_free_list.next,
 
1912                                  struct xbss_element, list);
 
1913                 list_del(priv->bss_free_list.next);
 
1915                 list_add_tail(&bss->list, &priv->bss_list);
 
1919                 /* Always update the BSS to get latest beacon info */
 
1920                 memcpy(&bss->bss, atom, sizeof(bss->bss));
 
1921                 bss->last_scanned = jiffies;
 
1925 static int orinoco_process_scan_results(struct net_device *dev,
 
1929         struct orinoco_private *priv = netdev_priv(dev);
 
1930         int                     offset;         /* In the scan data */
 
1931         union hermes_scan_info *atom;
 
1934         switch (priv->firmware_type) {
 
1935         case FIRMWARE_TYPE_AGERE:
 
1936                 atom_len = sizeof(struct agere_scan_apinfo);
 
1939         case FIRMWARE_TYPE_SYMBOL:
 
1940                 /* Lack of documentation necessitates this hack.
 
1941                  * Different firmwares have 68 or 76 byte long atoms.
 
1942                  * We try modulo first.  If the length divides by both,
 
1943                  * we check what would be the channel in the second
 
1944                  * frame for a 68-byte atom.  76-byte atoms have 0 there.
 
1945                  * Valid channel cannot be 0.  */
 
1950                 else if (len >= 1292 && buf[68] == 0)
 
1956         case FIRMWARE_TYPE_INTERSIL:
 
1958                 if (priv->has_hostscan) {
 
1959                         atom_len = le16_to_cpup((__le16 *)buf);
 
1960                         /* Sanity check for atom_len */
 
1961                         if (atom_len < sizeof(struct prism2_scan_apinfo)) {
 
1962                                 printk(KERN_ERR "%s: Invalid atom_len in scan "
 
1963                                        "data: %d\n", dev->name, atom_len);
 
1967                         atom_len = offsetof(struct prism2_scan_apinfo, atim);
 
1973         /* Check that we got an whole number of atoms */
 
1974         if ((len - offset) % atom_len) {
 
1975                 printk(KERN_ERR "%s: Unexpected scan data length %d, "
 
1976                        "atom_len %d, offset %d\n", dev->name, len,
 
1981         orinoco_clear_scan_results(priv, msecs_to_jiffies(15000));
 
1983         /* Read the entries one by one */
 
1984         for (; offset + atom_len <= len; offset += atom_len) {
 
1986                 struct bss_element *bss = NULL;
 
1989                 atom = (union hermes_scan_info *) (buf + offset);
 
1991                 /* Try to update an existing bss first */
 
1992                 list_for_each_entry(bss, &priv->bss_list, list) {
 
1993                         if (compare_ether_addr(bss->bss.a.bssid, atom->a.bssid))
 
1995                         if (le16_to_cpu(bss->bss.a.essid_len) !=
 
1996                               le16_to_cpu(atom->a.essid_len))
 
1998                         if (memcmp(bss->bss.a.essid, atom->a.essid,
 
1999                               le16_to_cpu(atom->a.essid_len)))
 
2005                 /* Grab a bss off the free list */
 
2006                 if (!found && !list_empty(&priv->bss_free_list)) {
 
2007                         bss = list_entry(priv->bss_free_list.next,
 
2008                                          struct bss_element, list);
 
2009                         list_del(priv->bss_free_list.next);
 
2011                         list_add_tail(&bss->list, &priv->bss_list);
 
2015                         /* Always update the BSS to get latest beacon info */
 
2016                         memcpy(&bss->bss, atom, sizeof(bss->bss));
 
2017                         bss->last_scanned = jiffies;
 
2024 static void __orinoco_ev_info(struct net_device *dev, hermes_t *hw)
 
2026         struct orinoco_private *priv = netdev_priv(dev);
 
2031         } __attribute__ ((packed)) info;
 
2035         /* This is an answer to an INQUIRE command that we did earlier,
 
2036          * or an information "event" generated by the card
 
2037          * The controller return to us a pseudo frame containing
 
2038          * the information in question - Jean II */
 
2039         infofid = hermes_read_regn(hw, INFOFID);
 
2041         /* Read the info frame header - don't try too hard */
 
2042         err = hermes_bap_pread(hw, IRQ_BAP, &info, sizeof(info),
 
2045                 printk(KERN_ERR "%s: error %d reading info frame. "
 
2046                        "Frame dropped.\n", dev->name, err);
 
2050         len = HERMES_RECLEN_TO_BYTES(le16_to_cpu(info.len));
 
2051         type = le16_to_cpu(info.type);
 
2054         case HERMES_INQ_TALLIES: {
 
2055                 struct hermes_tallies_frame tallies;
 
2056                 struct iw_statistics *wstats = &priv->wstats;
 
2058                 if (len > sizeof(tallies)) {
 
2059                         printk(KERN_WARNING "%s: Tallies frame too long (%d bytes)\n",
 
2061                         len = sizeof(tallies);
 
2064                 err = hermes_bap_pread(hw, IRQ_BAP, &tallies, len,
 
2065                                        infofid, sizeof(info));
 
2069                 /* Increment our various counters */
 
2070                 /* wstats->discard.nwid - no wrong BSSID stuff */
 
2071                 wstats->discard.code +=
 
2072                         le16_to_cpu(tallies.RxWEPUndecryptable);
 
2073                 if (len == sizeof(tallies))  
 
2074                         wstats->discard.code +=
 
2075                                 le16_to_cpu(tallies.RxDiscards_WEPICVError) +
 
2076                                 le16_to_cpu(tallies.RxDiscards_WEPExcluded);
 
2077                 wstats->discard.misc +=
 
2078                         le16_to_cpu(tallies.TxDiscardsWrongSA);
 
2079                 wstats->discard.fragment +=
 
2080                         le16_to_cpu(tallies.RxMsgInBadMsgFragments);
 
2081                 wstats->discard.retries +=
 
2082                         le16_to_cpu(tallies.TxRetryLimitExceeded);
 
2083                 /* wstats->miss.beacon - no match */
 
2086         case HERMES_INQ_LINKSTATUS: {
 
2087                 struct hermes_linkstatus linkstatus;
 
2091                 if (priv->iw_mode == IW_MODE_MONITOR)
 
2094                 if (len != sizeof(linkstatus)) {
 
2095                         printk(KERN_WARNING "%s: Unexpected size for linkstatus frame (%d bytes)\n",
 
2100                 err = hermes_bap_pread(hw, IRQ_BAP, &linkstatus, len,
 
2101                                        infofid, sizeof(info));
 
2104                 newstatus = le16_to_cpu(linkstatus.linkstatus);
 
2106                 /* Symbol firmware uses "out of range" to signal that
 
2107                  * the hostscan frame can be requested.  */
 
2108                 if (newstatus == HERMES_LINKSTATUS_AP_OUT_OF_RANGE &&
 
2109                     priv->firmware_type == FIRMWARE_TYPE_SYMBOL &&
 
2110                     priv->has_hostscan && priv->scan_inprogress) {
 
2111                         hermes_inquire(hw, HERMES_INQ_HOSTSCAN_SYMBOL);
 
2115                 connected = (newstatus == HERMES_LINKSTATUS_CONNECTED)
 
2116                         || (newstatus == HERMES_LINKSTATUS_AP_CHANGE)
 
2117                         || (newstatus == HERMES_LINKSTATUS_AP_IN_RANGE);
 
2120                         netif_carrier_on(dev);
 
2121                 else if (!ignore_disconnect)
 
2122                         netif_carrier_off(dev);
 
2124                 if (newstatus != priv->last_linkstatus) {
 
2125                         priv->last_linkstatus = newstatus;
 
2126                         print_linkstatus(dev, newstatus);
 
2127                         /* The info frame contains only one word which is the
 
2128                          * status (see hermes.h). The status is pretty boring
 
2129                          * in itself, that's why we export the new BSSID...
 
2131                         schedule_work(&priv->wevent_work);
 
2135         case HERMES_INQ_SCAN:
 
2136                 if (!priv->scan_inprogress && priv->bssid_fixed &&
 
2137                     priv->firmware_type == FIRMWARE_TYPE_INTERSIL) {
 
2138                         schedule_work(&priv->join_work);
 
2142         case HERMES_INQ_HOSTSCAN:
 
2143         case HERMES_INQ_HOSTSCAN_SYMBOL: {
 
2144                 /* Result of a scanning. Contains information about
 
2145                  * cells in the vicinity - Jean II */
 
2146                 union iwreq_data        wrqu;
 
2149                 /* Scan is no longer in progress */
 
2150                 priv->scan_inprogress = 0;
 
2154                         printk(KERN_WARNING "%s: Scan results too large (%d bytes)\n",
 
2159                 /* Allocate buffer for results */
 
2160                 buf = kmalloc(len, GFP_ATOMIC);
 
2162                         /* No memory, so can't printk()... */
 
2165                 /* Read scan data */
 
2166                 err = hermes_bap_pread(hw, IRQ_BAP, (void *) buf, len,
 
2167                                        infofid, sizeof(info));
 
2173 #ifdef ORINOCO_DEBUG
 
2176                         printk(KERN_DEBUG "Scan result [%02X", buf[0]);
 
2177                         for(i = 1; i < (len * 2); i++)
 
2178                                 printk(":%02X", buf[i]);
 
2181 #endif  /* ORINOCO_DEBUG */
 
2183                 if (orinoco_process_scan_results(dev, buf, len) == 0) {
 
2184                         /* Send an empty event to user space.
 
2185                          * We don't send the received data on the event because
 
2186                          * it would require us to do complex transcoding, and
 
2187                          * we want to minimise the work done in the irq handler
 
2188                          * Use a request to extract the data - Jean II */
 
2189                         wrqu.data.length = 0;
 
2190                         wrqu.data.flags = 0;
 
2191                         wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
 
2196         case HERMES_INQ_CHANNELINFO:
 
2198                 struct agere_ext_scan_info *bss;
 
2200                 if (!priv->scan_inprogress) {
 
2201                         printk(KERN_DEBUG "%s: Got chaninfo without scan, "
 
2202                                "len=%d\n", dev->name, len);
 
2206                 /* An empty result indicates that the scan is complete */
 
2208                         union iwreq_data        wrqu;
 
2210                         /* Scan is no longer in progress */
 
2211                         priv->scan_inprogress = 0;
 
2213                         wrqu.data.length = 0;
 
2214                         wrqu.data.flags = 0;
 
2215                         wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
 
2220                 else if (len > sizeof(*bss)) {
 
2222                                "%s: Ext scan results too large (%d bytes). "
 
2223                                "Truncating results to %zd bytes.\n",
 
2224                                dev->name, len, sizeof(*bss));
 
2226                 } else if (len < (offsetof(struct agere_ext_scan_info,
 
2228                         /* Drop this result now so we don't have to
 
2229                          * keep checking later */
 
2231                                "%s: Ext scan results too short (%d bytes)\n",
 
2236                 bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
 
2240                 /* Read scan data */
 
2241                 err = hermes_bap_pread(hw, IRQ_BAP, (void *) bss, len,
 
2242                                        infofid, sizeof(info));
 
2248                 orinoco_add_ext_scan_result(priv, bss);
 
2253         case HERMES_INQ_SEC_STAT_AGERE:
 
2254                 /* Security status (Agere specific) */
 
2255                 /* Ignore this frame for now */
 
2256                 if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
 
2260                 printk(KERN_DEBUG "%s: Unknown information frame received: "
 
2261                        "type 0x%04x, length %d\n", dev->name, type, len);
 
2262                 /* We don't actually do anything about it */
 
2267 static void __orinoco_ev_infdrop(struct net_device *dev, hermes_t *hw)
 
2269         if (net_ratelimit())
 
2270                 printk(KERN_DEBUG "%s: Information frame lost.\n", dev->name);
 
2273 /********************************************************************/
 
2274 /* Internal hardware control routines                               */
 
2275 /********************************************************************/
 
2277 int __orinoco_up(struct net_device *dev)
 
2279         struct orinoco_private *priv = netdev_priv(dev);
 
2280         struct hermes *hw = &priv->hw;
 
2283         netif_carrier_off(dev); /* just to make sure */
 
2285         err = __orinoco_program_rids(dev);
 
2287                 printk(KERN_ERR "%s: Error %d configuring card\n",
 
2292         /* Fire things up again */
 
2293         hermes_set_irqmask(hw, ORINOCO_INTEN);
 
2294         err = hermes_enable_port(hw, 0);
 
2296                 printk(KERN_ERR "%s: Error %d enabling MAC port\n",
 
2301         netif_start_queue(dev);
 
2306 int __orinoco_down(struct net_device *dev)
 
2308         struct orinoco_private *priv = netdev_priv(dev);
 
2309         struct hermes *hw = &priv->hw;
 
2312         netif_stop_queue(dev);
 
2314         if (! priv->hw_unavailable) {
 
2315                 if (! priv->broken_disableport) {
 
2316                         err = hermes_disable_port(hw, 0);
 
2318                                 /* Some firmwares (e.g. Intersil 1.3.x) seem
 
2319                                  * to have problems disabling the port, oh
 
2321                                 printk(KERN_WARNING "%s: Error %d disabling MAC port\n",
 
2323                                 priv->broken_disableport = 1;
 
2326                 hermes_set_irqmask(hw, 0);
 
2327                 hermes_write_regn(hw, EVACK, 0xffff);
 
2330         /* firmware will have to reassociate */
 
2331         netif_carrier_off(dev);
 
2332         priv->last_linkstatus = 0xffff;
 
2337 static int orinoco_allocate_fid(struct net_device *dev)
 
2339         struct orinoco_private *priv = netdev_priv(dev);
 
2340         struct hermes *hw = &priv->hw;
 
2343         err = hermes_allocate(hw, priv->nicbuf_size, &priv->txfid);
 
2344         if (err == -EIO && priv->nicbuf_size > TX_NICBUF_SIZE_BUG) {
 
2345                 /* Try workaround for old Symbol firmware bug */
 
2346                 printk(KERN_WARNING "%s: firmware ALLOC bug detected "
 
2347                        "(old Symbol firmware?). Trying to work around... ",
 
2350                 priv->nicbuf_size = TX_NICBUF_SIZE_BUG;
 
2351                 err = hermes_allocate(hw, priv->nicbuf_size, &priv->txfid);
 
2353                         printk("failed!\n");
 
2361 int orinoco_reinit_firmware(struct net_device *dev)
 
2363         struct orinoco_private *priv = netdev_priv(dev);
 
2364         struct hermes *hw = &priv->hw;
 
2367         err = hermes_init(hw);
 
2368         if (priv->do_fw_download && !err) {
 
2369                 err = orinoco_download(priv);
 
2371                         priv->do_fw_download = 0;
 
2374                 err = orinoco_allocate_fid(dev);
 
2379 static int __orinoco_hw_set_bitrate(struct orinoco_private *priv)
 
2381         hermes_t *hw = &priv->hw;
 
2384         if (priv->bitratemode >= BITRATE_TABLE_SIZE) {
 
2385                 printk(KERN_ERR "%s: BUG: Invalid bitrate mode %d\n",
 
2386                        priv->ndev->name, priv->bitratemode);
 
2390         switch (priv->firmware_type) {
 
2391         case FIRMWARE_TYPE_AGERE:
 
2392                 err = hermes_write_wordrec(hw, USER_BAP,
 
2393                                            HERMES_RID_CNFTXRATECONTROL,
 
2394                                            bitrate_table[priv->bitratemode].agere_txratectrl);
 
2396         case FIRMWARE_TYPE_INTERSIL:
 
2397         case FIRMWARE_TYPE_SYMBOL:
 
2398                 err = hermes_write_wordrec(hw, USER_BAP,
 
2399                                            HERMES_RID_CNFTXRATECONTROL,
 
2400                                            bitrate_table[priv->bitratemode].intersil_txratectrl);
 
2409 /* Set fixed AP address */
 
2410 static int __orinoco_hw_set_wap(struct orinoco_private *priv)
 
2414         hermes_t *hw = &priv->hw;
 
2416         switch (priv->firmware_type) {
 
2417         case FIRMWARE_TYPE_AGERE:
 
2420         case FIRMWARE_TYPE_INTERSIL:
 
2421                 if (priv->bssid_fixed)
 
2426                 err = hermes_write_wordrec(hw, USER_BAP,
 
2427                                            HERMES_RID_CNFROAMINGMODE,
 
2430         case FIRMWARE_TYPE_SYMBOL:
 
2431                 err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
2432                                           HERMES_RID_CNFMANDATORYBSSID_SYMBOL,
 
2433                                           &priv->desired_bssid);
 
2439 /* Change the WEP keys and/or the current keys.  Can be called
 
2440  * either from __orinoco_hw_setup_enc() or directly from
 
2441  * orinoco_ioctl_setiwencode().  In the later case the association
 
2442  * with the AP is not broken (if the firmware can handle it),
 
2443  * which is needed for 802.1x implementations. */
 
2444 static int __orinoco_hw_setup_wepkeys(struct orinoco_private *priv)
 
2446         hermes_t *hw = &priv->hw;
 
2449         switch (priv->firmware_type) {
 
2450         case FIRMWARE_TYPE_AGERE:
 
2451                 err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
2452                                           HERMES_RID_CNFWEPKEYS_AGERE,
 
2456                 err = hermes_write_wordrec(hw, USER_BAP,
 
2457                                            HERMES_RID_CNFTXKEY_AGERE,
 
2462         case FIRMWARE_TYPE_INTERSIL:
 
2463         case FIRMWARE_TYPE_SYMBOL:
 
2468                         /* Force uniform key length to work around firmware bugs */
 
2469                         keylen = le16_to_cpu(priv->keys[priv->tx_key].len);
 
2471                         if (keylen > LARGE_KEY_SIZE) {
 
2472                                 printk(KERN_ERR "%s: BUG: Key %d has oversize length %d.\n",
 
2473                                        priv->ndev->name, priv->tx_key, keylen);
 
2477                         /* Write all 4 keys */
 
2478                         for(i = 0; i < ORINOCO_MAX_KEYS; i++) {
 
2479                                 err = hermes_write_ltv(hw, USER_BAP,
 
2480                                                        HERMES_RID_CNFDEFAULTKEY0 + i,
 
2481                                                        HERMES_BYTES_TO_RECLEN(keylen),
 
2482                                                        priv->keys[i].data);
 
2487                         /* Write the index of the key used in transmission */
 
2488                         err = hermes_write_wordrec(hw, USER_BAP,
 
2489                                                    HERMES_RID_CNFWEPDEFAULTKEYID,
 
2500 static int __orinoco_hw_setup_enc(struct orinoco_private *priv)
 
2502         hermes_t *hw = &priv->hw;
 
2504         int master_wep_flag;
 
2508         /* Setup WEP keys for WEP and WPA */
 
2509         if (priv->encode_alg)
 
2510                 __orinoco_hw_setup_wepkeys(priv);
 
2512         if (priv->wep_restrict)
 
2513                 auth_flag = HERMES_AUTH_SHARED_KEY;
 
2515                 auth_flag = HERMES_AUTH_OPEN;
 
2517         if (priv->wpa_enabled)
 
2519         else if (priv->encode_alg == IW_ENCODE_ALG_WEP)
 
2524         switch (priv->firmware_type) {
 
2525         case FIRMWARE_TYPE_AGERE: /* Agere style WEP */
 
2526                 if (priv->encode_alg == IW_ENCODE_ALG_WEP) {
 
2527                         /* Enable the shared-key authentication. */
 
2528                         err = hermes_write_wordrec(hw, USER_BAP,
 
2529                                                    HERMES_RID_CNFAUTHENTICATION_AGERE,
 
2532                 err = hermes_write_wordrec(hw, USER_BAP,
 
2533                                            HERMES_RID_CNFWEPENABLED_AGERE,
 
2538                 if (priv->has_wpa) {
 
2539                         /* Set WPA key management */
 
2540                         err = hermes_write_wordrec(hw, USER_BAP,
 
2541                                   HERMES_RID_CNFSETWPAAUTHMGMTSUITE_AGERE,
 
2549         case FIRMWARE_TYPE_INTERSIL: /* Intersil style WEP */
 
2550         case FIRMWARE_TYPE_SYMBOL: /* Symbol style WEP */
 
2551                 if (priv->encode_alg == IW_ENCODE_ALG_WEP) {
 
2552                         if (priv->wep_restrict ||
 
2553                             (priv->firmware_type == FIRMWARE_TYPE_SYMBOL))
 
2554                                 master_wep_flag = HERMES_WEP_PRIVACY_INVOKED |
 
2555                                                   HERMES_WEP_EXCL_UNENCRYPTED;
 
2557                                 master_wep_flag = HERMES_WEP_PRIVACY_INVOKED;
 
2559                         err = hermes_write_wordrec(hw, USER_BAP,
 
2560                                                    HERMES_RID_CNFAUTHENTICATION,
 
2565                         master_wep_flag = 0;
 
2567                 if (priv->iw_mode == IW_MODE_MONITOR)
 
2568                         master_wep_flag |= HERMES_WEP_HOST_DECRYPT;
 
2570                 /* Master WEP setting : on/off */
 
2571                 err = hermes_write_wordrec(hw, USER_BAP,
 
2572                                            HERMES_RID_CNFWEPFLAGS_INTERSIL,
 
2583 /* key must be 32 bytes, including the tx and rx MIC keys.
 
2584  * rsc must be 8 bytes
 
2585  * tsc must be 8 bytes or NULL
 
2587 static int __orinoco_hw_set_tkip_key(hermes_t *hw, int key_idx, int set_tx,
 
2588                                      u8 *key, u8 *rsc, u8 *tsc)
 
2592                 u8 rsc[IW_ENCODE_SEQ_MAX_SIZE];
 
2593                 u8 key[TKIP_KEYLEN];
 
2594                 u8 tx_mic[MIC_KEYLEN];
 
2595                 u8 rx_mic[MIC_KEYLEN];
 
2596                 u8 tsc[IW_ENCODE_SEQ_MAX_SIZE];
 
2597         } __attribute__ ((packed)) buf;
 
2608         buf.idx = cpu_to_le16(key_idx);
 
2609         memcpy(buf.key, key,
 
2610                sizeof(buf.key) + sizeof(buf.tx_mic) + sizeof(buf.rx_mic));
 
2613                 memset(buf.rsc, 0, sizeof(buf.rsc));
 
2615                 memcpy(buf.rsc, rsc, sizeof(buf.rsc));
 
2618                 memset(buf.tsc, 0, sizeof(buf.tsc));
 
2621                 memcpy(buf.tsc, tsc, sizeof(buf.tsc));
 
2624         /* Wait upto 100ms for tx queue to empty */
 
2629                 ret = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_TXQUEUEEMPTY,
 
2633         } while ((k > 0) && xmitting);
 
2638         err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
2639                                   HERMES_RID_CNFADDDEFAULTTKIPKEY_AGERE,
 
2642         return ret ? ret : err;
 
2645 static int orinoco_clear_tkip_key(struct orinoco_private *priv,
 
2648         hermes_t *hw = &priv->hw;
 
2651         memset(&priv->tkip_key[key_idx], 0, sizeof(priv->tkip_key[key_idx]));
 
2652         err = hermes_write_wordrec(hw, USER_BAP,
 
2653                                    HERMES_RID_CNFREMDEFAULTTKIPKEY_AGERE,
 
2656                 printk(KERN_WARNING "%s: Error %d clearing TKIP key %d\n",
 
2657                        priv->ndev->name, err, key_idx);
 
2661 static int __orinoco_program_rids(struct net_device *dev)
 
2663         struct orinoco_private *priv = netdev_priv(dev);
 
2664         hermes_t *hw = &priv->hw;
 
2666         struct hermes_idstring idbuf;
 
2668         /* Set the MAC address */
 
2669         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNMACADDR,
 
2670                                HERMES_BYTES_TO_RECLEN(ETH_ALEN), dev->dev_addr);
 
2672                 printk(KERN_ERR "%s: Error %d setting MAC address\n",
 
2677         /* Set up the link mode */
 
2678         err = hermes_write_wordrec(hw, USER_BAP, HERMES_RID_CNFPORTTYPE,
 
2681                 printk(KERN_ERR "%s: Error %d setting port type\n",
 
2685         /* Set the channel/frequency */
 
2686         if (priv->channel != 0 && priv->iw_mode != IW_MODE_INFRA) {
 
2687                 err = hermes_write_wordrec(hw, USER_BAP,
 
2688                                            HERMES_RID_CNFOWNCHANNEL,
 
2691                         printk(KERN_ERR "%s: Error %d setting channel %d\n",
 
2692                                dev->name, err, priv->channel);
 
2697         if (priv->has_ibss) {
 
2700                 if ((strlen(priv->desired_essid) == 0) && (priv->createibss)) {
 
2701                         printk(KERN_WARNING "%s: This firmware requires an "
 
2702                                "ESSID in IBSS-Ad-Hoc mode.\n", dev->name);
 
2703                         /* With wvlan_cs, in this case, we would crash.
 
2704                          * hopefully, this driver will behave better...
 
2708                         createibss = priv->createibss;
 
2711                 err = hermes_write_wordrec(hw, USER_BAP,
 
2712                                            HERMES_RID_CNFCREATEIBSS,
 
2715                         printk(KERN_ERR "%s: Error %d setting CREATEIBSS\n",
 
2721         /* Set the desired BSSID */
 
2722         err = __orinoco_hw_set_wap(priv);
 
2724                 printk(KERN_ERR "%s: Error %d setting AP address\n",
 
2728         /* Set the desired ESSID */
 
2729         idbuf.len = cpu_to_le16(strlen(priv->desired_essid));
 
2730         memcpy(&idbuf.val, priv->desired_essid, sizeof(idbuf.val));
 
2731         /* WinXP wants partner to configure OWNSSID even in IBSS mode. (jimc) */
 
2732         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNSSID,
 
2733                                HERMES_BYTES_TO_RECLEN(strlen(priv->desired_essid)+2),
 
2736                 printk(KERN_ERR "%s: Error %d setting OWNSSID\n",
 
2740         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFDESIREDSSID,
 
2741                                HERMES_BYTES_TO_RECLEN(strlen(priv->desired_essid)+2),
 
2744                 printk(KERN_ERR "%s: Error %d setting DESIREDSSID\n",
 
2749         /* Set the station name */
 
2750         idbuf.len = cpu_to_le16(strlen(priv->nick));
 
2751         memcpy(&idbuf.val, priv->nick, sizeof(idbuf.val));
 
2752         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNNAME,
 
2753                                HERMES_BYTES_TO_RECLEN(strlen(priv->nick)+2),
 
2756                 printk(KERN_ERR "%s: Error %d setting nickname\n",
 
2761         /* Set AP density */
 
2762         if (priv->has_sensitivity) {
 
2763                 err = hermes_write_wordrec(hw, USER_BAP,
 
2764                                            HERMES_RID_CNFSYSTEMSCALE,
 
2767                         printk(KERN_WARNING "%s: Error %d setting SYSTEMSCALE.  "
 
2768                                "Disabling sensitivity control\n",
 
2771                         priv->has_sensitivity = 0;
 
2775         /* Set RTS threshold */
 
2776         err = hermes_write_wordrec(hw, USER_BAP, HERMES_RID_CNFRTSTHRESHOLD,
 
2779                 printk(KERN_ERR "%s: Error %d setting RTS threshold\n",
 
2784         /* Set fragmentation threshold or MWO robustness */
 
2786                 err = hermes_write_wordrec(hw, USER_BAP,
 
2787                                            HERMES_RID_CNFMWOROBUST_AGERE,
 
2790                 err = hermes_write_wordrec(hw, USER_BAP,
 
2791                                            HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
 
2794                 printk(KERN_ERR "%s: Error %d setting fragmentation\n",
 
2800         err = __orinoco_hw_set_bitrate(priv);
 
2802                 printk(KERN_ERR "%s: Error %d setting bitrate\n",
 
2807         /* Set power management */
 
2809                 err = hermes_write_wordrec(hw, USER_BAP,
 
2810                                            HERMES_RID_CNFPMENABLED,
 
2813                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2818                 err = hermes_write_wordrec(hw, USER_BAP,
 
2819                                            HERMES_RID_CNFMULTICASTRECEIVE,
 
2822                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2826                 err = hermes_write_wordrec(hw, USER_BAP,
 
2827                                            HERMES_RID_CNFMAXSLEEPDURATION,
 
2830                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2834                 err = hermes_write_wordrec(hw, USER_BAP,
 
2835                                            HERMES_RID_CNFPMHOLDOVERDURATION,
 
2838                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2844         /* Set preamble - only for Symbol so far... */
 
2845         if (priv->has_preamble) {
 
2846                 err = hermes_write_wordrec(hw, USER_BAP,
 
2847                                            HERMES_RID_CNFPREAMBLE_SYMBOL,
 
2850                         printk(KERN_ERR "%s: Error %d setting preamble\n",
 
2856         /* Set up encryption */
 
2857         if (priv->has_wep || priv->has_wpa) {
 
2858                 err = __orinoco_hw_setup_enc(priv);
 
2860                         printk(KERN_ERR "%s: Error %d activating encryption\n",
 
2866         if (priv->iw_mode == IW_MODE_MONITOR) {
 
2867                 /* Enable monitor mode */
 
2868                 dev->type = ARPHRD_IEEE80211;
 
2869                 err = hermes_docmd_wait(hw, HERMES_CMD_TEST | 
 
2870                                             HERMES_TEST_MONITOR, 0, NULL);
 
2872                 /* Disable monitor mode */
 
2873                 dev->type = ARPHRD_ETHER;
 
2874                 err = hermes_docmd_wait(hw, HERMES_CMD_TEST |
 
2875                                             HERMES_TEST_STOP, 0, NULL);
 
2880         /* Set promiscuity / multicast*/
 
2881         priv->promiscuous = 0;
 
2884         /* FIXME: what about netif_tx_lock */
 
2885         __orinoco_set_multicast_list(dev);
 
2890 /* FIXME: return int? */
 
2892 __orinoco_set_multicast_list(struct net_device *dev)
 
2894         struct orinoco_private *priv = netdev_priv(dev);
 
2895         hermes_t *hw = &priv->hw;
 
2897         int promisc, mc_count;
 
2899         /* The Hermes doesn't seem to have an allmulti mode, so we go
 
2900          * into promiscuous mode and let the upper levels deal. */
 
2901         if ( (dev->flags & IFF_PROMISC) || (dev->flags & IFF_ALLMULTI) ||
 
2902              (dev->mc_count > MAX_MULTICAST(priv)) ) {
 
2907                 mc_count = dev->mc_count;
 
2910         if (promisc != priv->promiscuous) {
 
2911                 err = hermes_write_wordrec(hw, USER_BAP,
 
2912                                            HERMES_RID_CNFPROMISCUOUSMODE,
 
2915                         printk(KERN_ERR "%s: Error %d setting PROMISCUOUSMODE to 1.\n",
 
2918                         priv->promiscuous = promisc;
 
2921         /* If we're not in promiscuous mode, then we need to set the
 
2922          * group address if either we want to multicast, or if we were
 
2923          * multicasting and want to stop */
 
2924         if (! promisc && (mc_count || priv->mc_count) ) {
 
2925                 struct dev_mc_list *p = dev->mc_list;
 
2926                 struct hermes_multicast mclist;
 
2929                 for (i = 0; i < mc_count; i++) {
 
2930                         /* paranoia: is list shorter than mc_count? */
 
2932                         /* paranoia: bad address size in list? */
 
2933                         BUG_ON(p->dmi_addrlen != ETH_ALEN);
 
2935                         memcpy(mclist.addr[i], p->dmi_addr, ETH_ALEN);
 
2940                         printk(KERN_WARNING "%s: Multicast list is "
 
2941                                "longer than mc_count\n", dev->name);
 
2943                 err = hermes_write_ltv(hw, USER_BAP,
 
2944                                    HERMES_RID_CNFGROUPADDRESSES,
 
2945                                    HERMES_BYTES_TO_RECLEN(mc_count * ETH_ALEN),
 
2948                         printk(KERN_ERR "%s: Error %d setting multicast list.\n",
 
2951                         priv->mc_count = mc_count;
 
2955 /* This must be called from user context, without locks held - use
 
2956  * schedule_work() */
 
2957 static void orinoco_reset(struct work_struct *work)
 
2959         struct orinoco_private *priv =
 
2960                 container_of(work, struct orinoco_private, reset_work);
 
2961         struct net_device *dev = priv->ndev;
 
2962         struct hermes *hw = &priv->hw;
 
2964         unsigned long flags;
 
2966         if (orinoco_lock(priv, &flags) != 0)
 
2967                 /* When the hardware becomes available again, whatever
 
2968                  * detects that is responsible for re-initializing
 
2969                  * it. So no need for anything further */
 
2972         netif_stop_queue(dev);
 
2974         /* Shut off interrupts.  Depending on what state the hardware
 
2975          * is in, this might not work, but we'll try anyway */
 
2976         hermes_set_irqmask(hw, 0);
 
2977         hermes_write_regn(hw, EVACK, 0xffff);
 
2979         priv->hw_unavailable++;
 
2980         priv->last_linkstatus = 0xffff; /* firmware will have to reassociate */
 
2981         netif_carrier_off(dev);
 
2983         orinoco_unlock(priv, &flags);
 
2985         /* Scanning support: Cleanup of driver struct */
 
2986         orinoco_clear_scan_results(priv, 0);
 
2987         priv->scan_inprogress = 0;
 
2989         if (priv->hard_reset) {
 
2990                 err = (*priv->hard_reset)(priv);
 
2992                         printk(KERN_ERR "%s: orinoco_reset: Error %d "
 
2993                                "performing hard reset\n", dev->name, err);
 
2998         err = orinoco_reinit_firmware(dev);
 
3000                 printk(KERN_ERR "%s: orinoco_reset: Error %d re-initializing firmware\n",
 
3005         spin_lock_irq(&priv->lock); /* This has to be called from user context */
 
3007         priv->hw_unavailable--;
 
3009         /* priv->open or priv->hw_unavailable might have changed while
 
3010          * we dropped the lock */
 
3011         if (priv->open && (! priv->hw_unavailable)) {
 
3012                 err = __orinoco_up(dev);
 
3014                         printk(KERN_ERR "%s: orinoco_reset: Error %d reenabling card\n",
 
3017                         dev->trans_start = jiffies;
 
3020         spin_unlock_irq(&priv->lock);
 
3024         hermes_set_irqmask(hw, 0);
 
3025         netif_device_detach(dev);
 
3026         printk(KERN_ERR "%s: Device has been disabled!\n", dev->name);
 
3029 /********************************************************************/
 
3030 /* Interrupt handler                                                */
 
3031 /********************************************************************/
 
3033 static void __orinoco_ev_tick(struct net_device *dev, hermes_t *hw)
 
3035         printk(KERN_DEBUG "%s: TICK\n", dev->name);
 
3038 static void __orinoco_ev_wterr(struct net_device *dev, hermes_t *hw)
 
3040         /* This seems to happen a fair bit under load, but ignoring it
 
3041            seems to work fine...*/
 
3042         printk(KERN_DEBUG "%s: MAC controller error (WTERR). Ignoring.\n",
 
3046 irqreturn_t orinoco_interrupt(int irq, void *dev_id)
 
3048         struct net_device *dev = dev_id;
 
3049         struct orinoco_private *priv = netdev_priv(dev);
 
3050         hermes_t *hw = &priv->hw;
 
3051         int count = MAX_IRQLOOPS_PER_IRQ;
 
3053         /* These are used to detect a runaway interrupt situation */
 
3054         /* If we get more than MAX_IRQLOOPS_PER_JIFFY iterations in a jiffy,
 
3055          * we panic and shut down the hardware */
 
3056         static int last_irq_jiffy = 0; /* jiffies value the last time
 
3058         static int loops_this_jiffy = 0;
 
3059         unsigned long flags;
 
3061         if (orinoco_lock(priv, &flags) != 0) {
 
3062                 /* If hw is unavailable - we don't know if the irq was
 
3067         evstat = hermes_read_regn(hw, EVSTAT);
 
3068         events = evstat & hw->inten;
 
3070                 orinoco_unlock(priv, &flags);
 
3074         if (jiffies != last_irq_jiffy)
 
3075                 loops_this_jiffy = 0;
 
3076         last_irq_jiffy = jiffies;
 
3078         while (events && count--) {
 
3079                 if (++loops_this_jiffy > MAX_IRQLOOPS_PER_JIFFY) {
 
3080                         printk(KERN_WARNING "%s: IRQ handler is looping too "
 
3081                                "much! Resetting.\n", dev->name);
 
3082                         /* Disable interrupts for now */
 
3083                         hermes_set_irqmask(hw, 0);
 
3084                         schedule_work(&priv->reset_work);
 
3088                 /* Check the card hasn't been removed */
 
3089                 if (! hermes_present(hw)) {
 
3090                         DEBUG(0, "orinoco_interrupt(): card removed\n");
 
3094                 if (events & HERMES_EV_TICK)
 
3095                         __orinoco_ev_tick(dev, hw);
 
3096                 if (events & HERMES_EV_WTERR)
 
3097                         __orinoco_ev_wterr(dev, hw);
 
3098                 if (events & HERMES_EV_INFDROP)
 
3099                         __orinoco_ev_infdrop(dev, hw);
 
3100                 if (events & HERMES_EV_INFO)
 
3101                         __orinoco_ev_info(dev, hw);
 
3102                 if (events & HERMES_EV_RX)
 
3103                         __orinoco_ev_rx(dev, hw);
 
3104                 if (events & HERMES_EV_TXEXC)
 
3105                         __orinoco_ev_txexc(dev, hw);
 
3106                 if (events & HERMES_EV_TX)
 
3107                         __orinoco_ev_tx(dev, hw);
 
3108                 if (events & HERMES_EV_ALLOC)
 
3109                         __orinoco_ev_alloc(dev, hw);
 
3111                 hermes_write_regn(hw, EVACK, evstat);
 
3113                 evstat = hermes_read_regn(hw, EVSTAT);
 
3114                 events = evstat & hw->inten;
 
3117         orinoco_unlock(priv, &flags);
 
3121 /********************************************************************/
 
3122 /* Power management                                                 */
 
3123 /********************************************************************/
 
3124 #if defined(CONFIG_PM_SLEEP) && !defined(CONFIG_HERMES_CACHE_FW_ON_INIT)
 
3125 static int orinoco_pm_notifier(struct notifier_block *notifier,
 
3126                                unsigned long pm_event,
 
3129         struct orinoco_private *priv = container_of(notifier,
 
3130                                                     struct orinoco_private,
 
3133         /* All we need to do is cache the firmware before suspend, and
 
3134          * release it when we come out.
 
3136          * Only need to do this if we're downloading firmware. */
 
3137         if (!priv->do_fw_download)
 
3141         case PM_HIBERNATION_PREPARE:
 
3142         case PM_SUSPEND_PREPARE:
 
3143                 orinoco_cache_fw(priv, 0);
 
3146         case PM_POST_RESTORE:
 
3147                 /* Restore from hibernation failed. We need to clean
 
3148                  * up in exactly the same way, so fall through. */
 
3149         case PM_POST_HIBERNATION:
 
3150         case PM_POST_SUSPEND:
 
3151                 orinoco_uncache_fw(priv);
 
3154         case PM_RESTORE_PREPARE:
 
3161 #else /* !PM_SLEEP || HERMES_CACHE_FW_ON_INIT */
 
3162 #define orinoco_pm_notifier NULL
 
3165 /********************************************************************/
 
3166 /* Initialization                                                   */
 
3167 /********************************************************************/
 
3170         u16 id, variant, major, minor;
 
3171 } __attribute__ ((packed));
 
3173 static inline fwtype_t determine_firmware_type(struct comp_id *nic_id)
 
3175         if (nic_id->id < 0x8000)
 
3176                 return FIRMWARE_TYPE_AGERE;
 
3177         else if (nic_id->id == 0x8000 && nic_id->major == 0)
 
3178                 return FIRMWARE_TYPE_SYMBOL;
 
3180                 return FIRMWARE_TYPE_INTERSIL;
 
3183 /* Set priv->firmware type, determine firmware properties */
 
3184 static int determine_firmware(struct net_device *dev)
 
3186         struct orinoco_private *priv = netdev_priv(dev);
 
3187         hermes_t *hw = &priv->hw;
 
3189         struct comp_id nic_id, sta_id;
 
3190         unsigned int firmver;
 
3191         char tmp[SYMBOL_MAX_VER_LEN+1] __attribute__((aligned(2)));
 
3193         /* Get the hardware version */
 
3194         err = HERMES_READ_RECORD(hw, USER_BAP, HERMES_RID_NICID, &nic_id);
 
3196                 printk(KERN_ERR "%s: Cannot read hardware identity: error %d\n",
 
3201         le16_to_cpus(&nic_id.id);
 
3202         le16_to_cpus(&nic_id.variant);
 
3203         le16_to_cpus(&nic_id.major);
 
3204         le16_to_cpus(&nic_id.minor);
 
3205         printk(KERN_DEBUG "%s: Hardware identity %04x:%04x:%04x:%04x\n",
 
3206                dev->name, nic_id.id, nic_id.variant,
 
3207                nic_id.major, nic_id.minor);
 
3209         priv->firmware_type = determine_firmware_type(&nic_id);
 
3211         /* Get the firmware version */
 
3212         err = HERMES_READ_RECORD(hw, USER_BAP, HERMES_RID_STAID, &sta_id);
 
3214                 printk(KERN_ERR "%s: Cannot read station identity: error %d\n",
 
3219         le16_to_cpus(&sta_id.id);
 
3220         le16_to_cpus(&sta_id.variant);
 
3221         le16_to_cpus(&sta_id.major);
 
3222         le16_to_cpus(&sta_id.minor);
 
3223         printk(KERN_DEBUG "%s: Station identity  %04x:%04x:%04x:%04x\n",
 
3224                dev->name, sta_id.id, sta_id.variant,
 
3225                sta_id.major, sta_id.minor);
 
3227         switch (sta_id.id) {
 
3229                 printk(KERN_ERR "%s: Primary firmware is active\n",
 
3233                 printk(KERN_ERR "%s: Tertiary firmware is active\n",
 
3236         case 0x1f:      /* Intersil, Agere, Symbol Spectrum24 */
 
3237         case 0x21:      /* Symbol Spectrum24 Trilogy */
 
3240                 printk(KERN_NOTICE "%s: Unknown station ID, please report\n",
 
3245         /* Default capabilities */
 
3246         priv->has_sensitivity = 1;
 
3248         priv->has_preamble = 0;
 
3249         priv->has_port3 = 1;
 
3252         priv->has_big_wep = 0;
 
3253         priv->has_alt_txcntl = 0;
 
3254         priv->has_ext_scan = 0;
 
3256         priv->do_fw_download = 0;
 
3258         /* Determine capabilities from the firmware version */
 
3259         switch (priv->firmware_type) {
 
3260         case FIRMWARE_TYPE_AGERE:
 
3261                 /* Lucent Wavelan IEEE, Lucent Orinoco, Cabletron RoamAbout,
 
3262                    ELSA, Melco, HP, IBM, Dell 1150, Compaq 110/210 */
 
3263                 snprintf(priv->fw_name, sizeof(priv->fw_name) - 1,
 
3264                          "Lucent/Agere %d.%02d", sta_id.major, sta_id.minor);
 
3266                 firmver = ((unsigned long)sta_id.major << 16) | sta_id.minor;
 
3268                 priv->has_ibss = (firmver >= 0x60006);
 
3269                 priv->has_wep = (firmver >= 0x40020);
 
3270                 priv->has_big_wep = 1; /* FIXME: this is wrong - how do we tell
 
3271                                           Gold cards from the others? */
 
3272                 priv->has_mwo = (firmver >= 0x60000);
 
3273                 priv->has_pm = (firmver >= 0x40020); /* Don't work in 7.52 ? */
 
3274                 priv->ibss_port = 1;
 
3275                 priv->has_hostscan = (firmver >= 0x8000a);
 
3276                 priv->do_fw_download = 1;
 
3277                 priv->broken_monitor = (firmver >= 0x80000);
 
3278                 priv->has_alt_txcntl = (firmver >= 0x90000); /* All 9.x ? */
 
3279                 priv->has_ext_scan = (firmver >= 0x90000); /* All 9.x ? */
 
3280                 priv->has_wpa = (firmver >= 0x9002a);
 
3281                 /* Tested with Agere firmware :
 
3282                  *      1.16 ; 4.08 ; 4.52 ; 6.04 ; 6.16 ; 7.28 => Jean II
 
3283                  * Tested CableTron firmware : 4.32 => Anton */
 
3285         case FIRMWARE_TYPE_SYMBOL:
 
3286                 /* Symbol , 3Com AirConnect, Intel, Ericsson WLAN */
 
3287                 /* Intel MAC : 00:02:B3:* */
 
3288                 /* 3Com MAC : 00:50:DA:* */
 
3289                 memset(tmp, 0, sizeof(tmp));
 
3290                 /* Get the Symbol firmware version */
 
3291                 err = hermes_read_ltv(hw, USER_BAP,
 
3292                                       HERMES_RID_SECONDARYVERSION_SYMBOL,
 
3293                                       SYMBOL_MAX_VER_LEN, NULL, &tmp);
 
3296                                "%s: Error %d reading Symbol firmware info. Wildly guessing capabilities...\n",
 
3301                         /* The firmware revision is a string, the format is
 
3302                          * something like : "V2.20-01".
 
3303                          * Quick and dirty parsing... - Jean II
 
3305                         firmver = ((tmp[1] - '0') << 16) | ((tmp[3] - '0') << 12)
 
3306                                 | ((tmp[4] - '0') << 8) | ((tmp[6] - '0') << 4)
 
3309                         tmp[SYMBOL_MAX_VER_LEN] = '\0';
 
3312                 snprintf(priv->fw_name, sizeof(priv->fw_name) - 1,
 
3315                 priv->has_ibss = (firmver >= 0x20000);
 
3316                 priv->has_wep = (firmver >= 0x15012);
 
3317                 priv->has_big_wep = (firmver >= 0x20000);
 
3318                 priv->has_pm = (firmver >= 0x20000 && firmver < 0x22000) || 
 
3319                                (firmver >= 0x29000 && firmver < 0x30000) ||
 
3321                 priv->has_preamble = (firmver >= 0x20000);
 
3322                 priv->ibss_port = 4;
 
3324                 /* Symbol firmware is found on various cards, but
 
3325                  * there has been no attempt to check firmware
 
3326                  * download on non-spectrum_cs based cards.
 
3328                  * Given that the Agere firmware download works
 
3329                  * differently, we should avoid doing a firmware
 
3330                  * download with the Symbol algorithm on non-spectrum
 
3333                  * For now we can identify a spectrum_cs based card
 
3334                  * because it has a firmware reset function.
 
3336                 priv->do_fw_download = (priv->stop_fw != NULL);
 
3338                 priv->broken_disableport = (firmver == 0x25013) ||
 
3339                                            (firmver >= 0x30000 && firmver <= 0x31000);
 
3340                 priv->has_hostscan = (firmver >= 0x31001) ||
 
3341                                      (firmver >= 0x29057 && firmver < 0x30000);
 
3342                 /* Tested with Intel firmware : 0x20015 => Jean II */
 
3343                 /* Tested with 3Com firmware : 0x15012 & 0x22001 => Jean II */
 
3345         case FIRMWARE_TYPE_INTERSIL:
 
3346                 /* D-Link, Linksys, Adtron, ZoomAir, and many others...
 
3347                  * Samsung, Compaq 100/200 and Proxim are slightly
 
3348                  * different and less well tested */
 
3349                 /* D-Link MAC : 00:40:05:* */
 
3350                 /* Addtron MAC : 00:90:D1:* */
 
3351                 snprintf(priv->fw_name, sizeof(priv->fw_name) - 1,
 
3352                          "Intersil %d.%d.%d", sta_id.major, sta_id.minor,
 
3355                 firmver = ((unsigned long)sta_id.major << 16) |
 
3356                         ((unsigned long)sta_id.minor << 8) | sta_id.variant;
 
3358                 priv->has_ibss = (firmver >= 0x000700); /* FIXME */
 
3359                 priv->has_big_wep = priv->has_wep = (firmver >= 0x000800);
 
3360                 priv->has_pm = (firmver >= 0x000700);
 
3361                 priv->has_hostscan = (firmver >= 0x010301);
 
3363                 if (firmver >= 0x000800)
 
3364                         priv->ibss_port = 0;
 
3366                         printk(KERN_NOTICE "%s: Intersil firmware earlier "
 
3367                                "than v0.8.x - several features not supported\n",
 
3369                         priv->ibss_port = 1;
 
3373         printk(KERN_DEBUG "%s: Firmware determined as %s\n", dev->name,
 
3379 static int orinoco_init(struct net_device *dev)
 
3381         struct orinoco_private *priv = netdev_priv(dev);
 
3382         hermes_t *hw = &priv->hw;
 
3384         struct hermes_idstring nickbuf;
 
3388         /* No need to lock, the hw_unavailable flag is already set in
 
3389          * alloc_orinocodev() */
 
3390         priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
 
3392         /* Initialize the firmware */
 
3393         err = hermes_init(hw);
 
3395                 printk(KERN_ERR "%s: failed to initialize firmware (err = %d)\n",
 
3400         err = determine_firmware(dev);
 
3402                 printk(KERN_ERR "%s: Incompatible firmware, aborting\n",
 
3407         if (priv->do_fw_download) {
 
3408 #ifdef CONFIG_HERMES_CACHE_FW_ON_INIT
 
3409                 orinoco_cache_fw(priv, 0);
 
3412                 err = orinoco_download(priv);
 
3414                         priv->do_fw_download = 0;
 
3416                 /* Check firmware version again */
 
3417                 err = determine_firmware(dev);
 
3419                         printk(KERN_ERR "%s: Incompatible firmware, aborting\n",
 
3425         if (priv->has_port3)
 
3426                 printk(KERN_DEBUG "%s: Ad-hoc demo mode supported\n", dev->name);
 
3428                 printk(KERN_DEBUG "%s: IEEE standard IBSS ad-hoc mode supported\n",
 
3430         if (priv->has_wep) {
 
3431                 printk(KERN_DEBUG "%s: WEP supported, ", dev->name);
 
3432                 if (priv->has_big_wep)
 
3433                         printk("104-bit key\n");
 
3435                         printk("40-bit key\n");
 
3437         if (priv->has_wpa) {
 
3438                 printk(KERN_DEBUG "%s: WPA-PSK supported\n", dev->name);
 
3439                 if (orinoco_mic_init(priv)) {
 
3440                         printk(KERN_ERR "%s: Failed to setup MIC crypto "
 
3441                                "algorithm. Disabling WPA support\n", dev->name);
 
3446         /* Now we have the firmware capabilities, allocate appropiate
 
3447          * sized scan buffers */
 
3448         if (orinoco_bss_data_allocate(priv))
 
3450         orinoco_bss_data_init(priv);
 
3452         /* Get the MAC address */
 
3453         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CNFOWNMACADDR,
 
3454                               ETH_ALEN, NULL, dev->dev_addr);
 
3456                 printk(KERN_WARNING "%s: failed to read MAC address!\n",
 
3461         printk(KERN_DEBUG "%s: MAC address %pM\n",
 
3462                dev->name, dev->dev_addr);
 
3464         /* Get the station name */
 
3465         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CNFOWNNAME,
 
3466                               sizeof(nickbuf), &reclen, &nickbuf);
 
3468                 printk(KERN_ERR "%s: failed to read station name\n",
 
3473                 len = min(IW_ESSID_MAX_SIZE, (int)le16_to_cpu(nickbuf.len));
 
3475                 len = min(IW_ESSID_MAX_SIZE, 2 * reclen);
 
3476         memcpy(priv->nick, &nickbuf.val, len);
 
3477         priv->nick[len] = '\0';
 
3479         printk(KERN_DEBUG "%s: Station name \"%s\"\n", dev->name, priv->nick);
 
3481         err = orinoco_allocate_fid(dev);
 
3483                 printk(KERN_ERR "%s: failed to allocate NIC buffer!\n",
 
3488         /* Get allowed channels */
 
3489         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CHANNELLIST,
 
3490                                   &priv->channel_mask);
 
3492                 printk(KERN_ERR "%s: failed to read channel list!\n",
 
3497         /* Get initial AP density */
 
3498         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFSYSTEMSCALE,
 
3500         if (err || priv->ap_density < 1 || priv->ap_density > 3) {
 
3501                 priv->has_sensitivity = 0;
 
3504         /* Get initial RTS threshold */
 
3505         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFRTSTHRESHOLD,
 
3508                 printk(KERN_ERR "%s: failed to read RTS threshold!\n",
 
3513         /* Get initial fragmentation settings */
 
3515                 err = hermes_read_wordrec(hw, USER_BAP,
 
3516                                           HERMES_RID_CNFMWOROBUST_AGERE,
 
3519                 err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
 
3520                                           &priv->frag_thresh);
 
3522                 printk(KERN_ERR "%s: failed to read fragmentation settings!\n",
 
3527         /* Power management setup */
 
3531                 err = hermes_read_wordrec(hw, USER_BAP,
 
3532                                           HERMES_RID_CNFMAXSLEEPDURATION,
 
3535                         printk(KERN_ERR "%s: failed to read power management period!\n",
 
3539                 err = hermes_read_wordrec(hw, USER_BAP,
 
3540                                           HERMES_RID_CNFPMHOLDOVERDURATION,
 
3543                         printk(KERN_ERR "%s: failed to read power management timeout!\n",
 
3549         /* Preamble setup */
 
3550         if (priv->has_preamble) {
 
3551                 err = hermes_read_wordrec(hw, USER_BAP,
 
3552                                           HERMES_RID_CNFPREAMBLE_SYMBOL,
 
3558         /* Set up the default configuration */
 
3559         priv->iw_mode = IW_MODE_INFRA;
 
3560         /* By default use IEEE/IBSS ad-hoc mode if we have it */
 
3561         priv->prefer_port3 = priv->has_port3 && (! priv->has_ibss);
 
3562         set_port_type(priv);
 
3563         priv->channel = 0; /* use firmware default */
 
3565         priv->promiscuous = 0;
 
3566         priv->encode_alg = IW_ENCODE_ALG_NONE;
 
3568         priv->wpa_enabled = 0;
 
3569         priv->tkip_cm_active = 0;
 
3571         priv->wpa_ie_len = 0;
 
3572         priv->wpa_ie = NULL;
 
3574         /* Make the hardware available, as long as it hasn't been
 
3575          * removed elsewhere (e.g. by PCMCIA hot unplug) */
 
3576         spin_lock_irq(&priv->lock);
 
3577         priv->hw_unavailable--;
 
3578         spin_unlock_irq(&priv->lock);
 
3580         printk(KERN_DEBUG "%s: ready\n", dev->name);
 
3587 *alloc_orinocodev(int sizeof_card,
 
3588                   struct device *device,
 
3589                   int (*hard_reset)(struct orinoco_private *),
 
3590                   int (*stop_fw)(struct orinoco_private *, int))
 
3592         struct net_device *dev;
 
3593         struct orinoco_private *priv;
 
3595         dev = alloc_etherdev(sizeof(struct orinoco_private) + sizeof_card);
 
3598         priv = netdev_priv(dev);
 
3601                 priv->card = (void *)((unsigned long)priv
 
3602                                       + sizeof(struct orinoco_private));
 
3607         /* Setup / override net_device fields */
 
3608         dev->init = orinoco_init;
 
3609         dev->hard_start_xmit = orinoco_xmit;
 
3610         dev->tx_timeout = orinoco_tx_timeout;
 
3611         dev->watchdog_timeo = HZ; /* 1 second timeout */
 
3612         dev->get_stats = orinoco_get_stats;
 
3613         dev->ethtool_ops = &orinoco_ethtool_ops;
 
3614         dev->wireless_handlers = (struct iw_handler_def *)&orinoco_handler_def;
 
3616         priv->wireless_data.spy_data = &priv->spy_data;
 
3617         dev->wireless_data = &priv->wireless_data;
 
3619         dev->change_mtu = orinoco_change_mtu;
 
3620         dev->set_multicast_list = orinoco_set_multicast_list;
 
3621         /* we use the default eth_mac_addr for setting the MAC addr */
 
3623         /* Reserve space in skb for the SNAP header */
 
3624         dev->hard_header_len += ENCAPS_OVERHEAD;
 
3626         /* Set up default callbacks */
 
3627         dev->open = orinoco_open;
 
3628         dev->stop = orinoco_stop;
 
3629         priv->hard_reset = hard_reset;
 
3630         priv->stop_fw = stop_fw;
 
3632         spin_lock_init(&priv->lock);
 
3634         priv->hw_unavailable = 1; /* orinoco_init() must clear this
 
3635                                    * before anything else touches the
 
3637         INIT_WORK(&priv->reset_work, orinoco_reset);
 
3638         INIT_WORK(&priv->join_work, orinoco_join_ap);
 
3639         INIT_WORK(&priv->wevent_work, orinoco_send_wevents);
 
3641         INIT_LIST_HEAD(&priv->rx_list);
 
3642         tasklet_init(&priv->rx_tasklet, orinoco_rx_isr_tasklet,
 
3643                      (unsigned long) dev);
 
3645         netif_carrier_off(dev);
 
3646         priv->last_linkstatus = 0xffff;
 
3648         priv->cached_pri_fw = NULL;
 
3649         priv->cached_fw = NULL;
 
3651         /* Register PM notifiers */
 
3652         priv->pm_notifier.notifier_call = orinoco_pm_notifier;
 
3653         register_pm_notifier(&priv->pm_notifier);
 
3658 void free_orinocodev(struct net_device *dev)
 
3660         struct orinoco_private *priv = netdev_priv(dev);
 
3661         struct orinoco_rx_data *rx_data, *temp;
 
3663         /* If the tasklet is scheduled when we call tasklet_kill it
 
3664          * will run one final time. However the tasklet will only
 
3665          * drain priv->rx_list if the hw is still available. */
 
3666         tasklet_kill(&priv->rx_tasklet);
 
3668         /* Explicitly drain priv->rx_list */
 
3669         list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
 
3670                 list_del(&rx_data->list);
 
3672                 dev_kfree_skb(rx_data->skb);
 
3673                 kfree(rx_data->desc);
 
3677         unregister_pm_notifier(&priv->pm_notifier);
 
3678         orinoco_uncache_fw(priv);
 
3680         priv->wpa_ie_len = 0;
 
3681         kfree(priv->wpa_ie);
 
3682         orinoco_mic_free(priv);
 
3683         orinoco_bss_data_free(priv);
 
3687 /********************************************************************/
 
3688 /* Wireless extensions                                              */
 
3689 /********************************************************************/
 
3691 /* Return : < 0 -> error code ; >= 0 -> length */
 
3692 static int orinoco_hw_get_essid(struct orinoco_private *priv, int *active,
 
3693                                 char buf[IW_ESSID_MAX_SIZE+1])
 
3695         hermes_t *hw = &priv->hw;
 
3697         struct hermes_idstring essidbuf;
 
3698         char *p = (char *)(&essidbuf.val);
 
3700         unsigned long flags;
 
3702         if (orinoco_lock(priv, &flags) != 0)
 
3705         if (strlen(priv->desired_essid) > 0) {
 
3706                 /* We read the desired SSID from the hardware rather
 
3707                    than from priv->desired_essid, just in case the
 
3708                    firmware is allowed to change it on us. I'm not
 
3710                 /* My guess is that the OWNSSID should always be whatever
 
3711                  * we set to the card, whereas CURRENT_SSID is the one that
 
3712                  * may change... - Jean II */
 
3717                 rid = (priv->port_type == 3) ? HERMES_RID_CNFOWNSSID :
 
3718                         HERMES_RID_CNFDESIREDSSID;
 
3720                 err = hermes_read_ltv(hw, USER_BAP, rid, sizeof(essidbuf),
 
3727                 err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTSSID,
 
3728                                       sizeof(essidbuf), NULL, &essidbuf);
 
3733         len = le16_to_cpu(essidbuf.len);
 
3734         BUG_ON(len > IW_ESSID_MAX_SIZE);
 
3736         memset(buf, 0, IW_ESSID_MAX_SIZE);
 
3737         memcpy(buf, p, len);
 
3741         orinoco_unlock(priv, &flags);
 
3746 static int orinoco_hw_get_freq(struct orinoco_private *priv)
 
3749         hermes_t *hw = &priv->hw;
 
3753         unsigned long flags;
 
3755         if (orinoco_lock(priv, &flags) != 0)
 
3758         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CURRENTCHANNEL, &channel);
 
3762         /* Intersil firmware 1.3.5 returns 0 when the interface is down */
 
3768         if ( (channel < 1) || (channel > NUM_CHANNELS) ) {
 
3769                 printk(KERN_WARNING "%s: Channel out of range (%d)!\n",
 
3770                        priv->ndev->name, channel);
 
3775         freq = ieee80211_dsss_chan_to_freq(channel);
 
3778         orinoco_unlock(priv, &flags);
 
3782         return err ? err : freq;
 
3785 static int orinoco_hw_get_bitratelist(struct orinoco_private *priv,
 
3786                                       int *numrates, s32 *rates, int max)
 
3788         hermes_t *hw = &priv->hw;
 
3789         struct hermes_idstring list;
 
3790         unsigned char *p = (unsigned char *)&list.val;
 
3794         unsigned long flags;
 
3796         if (orinoco_lock(priv, &flags) != 0)
 
3799         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_SUPPORTEDDATARATES,
 
3800                               sizeof(list), NULL, &list);
 
3801         orinoco_unlock(priv, &flags);
 
3806         num = le16_to_cpu(list.len);
 
3808         num = min(num, max);
 
3810         for (i = 0; i < num; i++) {
 
3811                 rates[i] = (p[i] & 0x7f) * 500000; /* convert to bps */
 
3817 static int orinoco_ioctl_getname(struct net_device *dev,
 
3818                                  struct iw_request_info *info,
 
3822         struct orinoco_private *priv = netdev_priv(dev);
 
3826         err = orinoco_hw_get_bitratelist(priv, &numrates, NULL, 0);
 
3828         if (!err && (numrates > 2))
 
3829                 strcpy(name, "IEEE 802.11b");
 
3831                 strcpy(name, "IEEE 802.11-DS");
 
3836 static int orinoco_ioctl_setwap(struct net_device *dev,
 
3837                                 struct iw_request_info *info,
 
3838                                 struct sockaddr *ap_addr,
 
3841         struct orinoco_private *priv = netdev_priv(dev);
 
3842         int err = -EINPROGRESS;         /* Call commit handler */
 
3843         unsigned long flags;
 
3844         static const u8 off_addr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 
3845         static const u8 any_addr[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 
3847         if (orinoco_lock(priv, &flags) != 0)
 
3850         /* Enable automatic roaming - no sanity checks are needed */
 
3851         if (memcmp(&ap_addr->sa_data, off_addr, ETH_ALEN) == 0 ||
 
3852             memcmp(&ap_addr->sa_data, any_addr, ETH_ALEN) == 0) {
 
3853                 priv->bssid_fixed = 0;
 
3854                 memset(priv->desired_bssid, 0, ETH_ALEN);
 
3856                 /* "off" means keep existing connection */
 
3857                 if (ap_addr->sa_data[0] == 0) {
 
3858                         __orinoco_hw_set_wap(priv);
 
3864         if (priv->firmware_type == FIRMWARE_TYPE_AGERE) {
 
3865                 printk(KERN_WARNING "%s: Lucent/Agere firmware doesn't "
 
3866                        "support manual roaming\n",
 
3872         if (priv->iw_mode != IW_MODE_INFRA) {
 
3873                 printk(KERN_WARNING "%s: Manual roaming supported only in "
 
3874                        "managed mode\n", dev->name);
 
3879         /* Intersil firmware hangs without Desired ESSID */
 
3880         if (priv->firmware_type == FIRMWARE_TYPE_INTERSIL &&
 
3881             strlen(priv->desired_essid) == 0) {
 
3882                 printk(KERN_WARNING "%s: Desired ESSID must be set for "
 
3883                        "manual roaming\n", dev->name);
 
3888         /* Finally, enable manual roaming */
 
3889         priv->bssid_fixed = 1;
 
3890         memcpy(priv->desired_bssid, &ap_addr->sa_data, ETH_ALEN);
 
3893         orinoco_unlock(priv, &flags);
 
3897 static int orinoco_ioctl_getwap(struct net_device *dev,
 
3898                                 struct iw_request_info *info,
 
3899                                 struct sockaddr *ap_addr,
 
3902         struct orinoco_private *priv = netdev_priv(dev);
 
3904         hermes_t *hw = &priv->hw;
 
3906         unsigned long flags;
 
3908         if (orinoco_lock(priv, &flags) != 0)
 
3911         ap_addr->sa_family = ARPHRD_ETHER;
 
3912         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
 
3913                               ETH_ALEN, NULL, ap_addr->sa_data);
 
3915         orinoco_unlock(priv, &flags);
 
3920 static int orinoco_ioctl_setmode(struct net_device *dev,
 
3921                                  struct iw_request_info *info,
 
3925         struct orinoco_private *priv = netdev_priv(dev);
 
3926         int err = -EINPROGRESS;         /* Call commit handler */
 
3927         unsigned long flags;
 
3929         if (priv->iw_mode == *mode)
 
3932         if (orinoco_lock(priv, &flags) != 0)
 
3937                 if (!priv->has_ibss && !priv->has_port3)
 
3944         case IW_MODE_MONITOR:
 
3945                 if (priv->broken_monitor && !force_monitor) {
 
3946                         printk(KERN_WARNING "%s: Monitor mode support is "
 
3947                                "buggy in this firmware, not enabling\n",
 
3958         if (err == -EINPROGRESS) {
 
3959                 priv->iw_mode = *mode;
 
3960                 set_port_type(priv);
 
3963         orinoco_unlock(priv, &flags);
 
3968 static int orinoco_ioctl_getmode(struct net_device *dev,
 
3969                                  struct iw_request_info *info,
 
3973         struct orinoco_private *priv = netdev_priv(dev);
 
3975         *mode = priv->iw_mode;
 
3979 static int orinoco_ioctl_getiwrange(struct net_device *dev,
 
3980                                     struct iw_request_info *info,
 
3981                                     struct iw_point *rrq,
 
3984         struct orinoco_private *priv = netdev_priv(dev);
 
3986         struct iw_range *range = (struct iw_range *) extra;
 
3990         rrq->length = sizeof(struct iw_range);
 
3991         memset(range, 0, sizeof(struct iw_range));
 
3993         range->we_version_compiled = WIRELESS_EXT;
 
3994         range->we_version_source = 22;
 
3996         /* Set available channels/frequencies */
 
3997         range->num_channels = NUM_CHANNELS;
 
3999         for (i = 0; i < NUM_CHANNELS; i++) {
 
4000                 if (priv->channel_mask & (1 << i)) {
 
4001                         range->freq[k].i = i + 1;
 
4002                         range->freq[k].m = (ieee80211_dsss_chan_to_freq(i + 1) *
 
4004                         range->freq[k].e = 1;
 
4008                 if (k >= IW_MAX_FREQUENCIES)
 
4011         range->num_frequency = k;
 
4012         range->sensitivity = 3;
 
4014         if (priv->has_wep) {
 
4015                 range->max_encoding_tokens = ORINOCO_MAX_KEYS;
 
4016                 range->encoding_size[0] = SMALL_KEY_SIZE;
 
4017                 range->num_encoding_sizes = 1;
 
4019                 if (priv->has_big_wep) {
 
4020                         range->encoding_size[1] = LARGE_KEY_SIZE;
 
4021                         range->num_encoding_sizes = 2;
 
4026                 range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_CIPHER_TKIP;
 
4028         if ((priv->iw_mode == IW_MODE_ADHOC) && (!SPY_NUMBER(priv))){
 
4029                 /* Quality stats meaningless in ad-hoc mode */
 
4031                 range->max_qual.qual = 0x8b - 0x2f;
 
4032                 range->max_qual.level = 0x2f - 0x95 - 1;
 
4033                 range->max_qual.noise = 0x2f - 0x95 - 1;
 
4034                 /* Need to get better values */
 
4035                 range->avg_qual.qual = 0x24;
 
4036                 range->avg_qual.level = 0xC2;
 
4037                 range->avg_qual.noise = 0x9E;
 
4040         err = orinoco_hw_get_bitratelist(priv, &numrates,
 
4041                                          range->bitrate, IW_MAX_BITRATES);
 
4044         range->num_bitrates = numrates;
 
4046         /* Set an indication of the max TCP throughput in bit/s that we can
 
4047          * expect using this interface. May be use for QoS stuff...
 
4050                 range->throughput = 5 * 1000 * 1000;    /* ~5 Mb/s */
 
4052                 range->throughput = 1.5 * 1000 * 1000;  /* ~1.5 Mb/s */
 
4055         range->max_rts = 2347;
 
4056         range->min_frag = 256;
 
4057         range->max_frag = 2346;
 
4060         range->max_pmp = 65535000;
 
4062         range->max_pmt = 65535 * 1000;  /* ??? */
 
4063         range->pmp_flags = IW_POWER_PERIOD;
 
4064         range->pmt_flags = IW_POWER_TIMEOUT;
 
4065         range->pm_capa = IW_POWER_PERIOD | IW_POWER_TIMEOUT | IW_POWER_UNICAST_R;
 
4067         range->retry_capa = IW_RETRY_LIMIT | IW_RETRY_LIFETIME;
 
4068         range->retry_flags = IW_RETRY_LIMIT;
 
4069         range->r_time_flags = IW_RETRY_LIFETIME;
 
4070         range->min_retry = 0;
 
4071         range->max_retry = 65535;       /* ??? */
 
4072         range->min_r_time = 0;
 
4073         range->max_r_time = 65535 * 1000;       /* ??? */
 
4075         if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
 
4076                 range->scan_capa = IW_SCAN_CAPA_ESSID;
 
4078                 range->scan_capa = IW_SCAN_CAPA_NONE;
 
4080         /* Event capability (kernel) */
 
4081         IW_EVENT_CAPA_SET_KERNEL(range->event_capa);
 
4082         /* Event capability (driver) */
 
4083         IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWTHRSPY);
 
4084         IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWAP);
 
4085         IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWSCAN);
 
4086         IW_EVENT_CAPA_SET(range->event_capa, IWEVTXDROP);
 
4091 static int orinoco_ioctl_setiwencode(struct net_device *dev,
 
4092                                      struct iw_request_info *info,
 
4093                                      struct iw_point *erq,
 
4096         struct orinoco_private *priv = netdev_priv(dev);
 
4097         int index = (erq->flags & IW_ENCODE_INDEX) - 1;
 
4098         int setindex = priv->tx_key;
 
4099         int encode_alg = priv->encode_alg;
 
4100         int restricted = priv->wep_restrict;
 
4102         int err = -EINPROGRESS;         /* Call commit handler */
 
4103         unsigned long flags;
 
4105         if (! priv->has_wep)
 
4109                 /* We actually have a key to set - check its length */
 
4110                 if (erq->length > LARGE_KEY_SIZE)
 
4113                 if ( (erq->length > SMALL_KEY_SIZE) && !priv->has_big_wep )
 
4117         if (orinoco_lock(priv, &flags) != 0)
 
4120         /* Clear any TKIP key we have */
 
4121         if ((priv->has_wpa) && (priv->encode_alg == IW_ENCODE_ALG_TKIP))
 
4122                 (void) orinoco_clear_tkip_key(priv, setindex);
 
4124         if (erq->length > 0) {
 
4125                 if ((index < 0) || (index >= ORINOCO_MAX_KEYS))
 
4126                         index = priv->tx_key;
 
4128                 /* Adjust key length to a supported value */
 
4129                 if (erq->length > SMALL_KEY_SIZE) {
 
4130                         xlen = LARGE_KEY_SIZE;
 
4131                 } else if (erq->length > 0) {
 
4132                         xlen = SMALL_KEY_SIZE;
 
4136                 /* Switch on WEP if off */
 
4137                 if ((encode_alg != IW_ENCODE_ALG_WEP) && (xlen > 0)) {
 
4139                         encode_alg = IW_ENCODE_ALG_WEP;
 
4142                 /* Important note : if the user do "iwconfig eth0 enc off",
 
4143                  * we will arrive there with an index of -1. This is valid
 
4144                  * but need to be taken care off... Jean II */
 
4145                 if ((index < 0) || (index >= ORINOCO_MAX_KEYS)) {
 
4146                         if((index != -1) || (erq->flags == 0)) {
 
4151                         /* Set the index : Check that the key is valid */
 
4152                         if(priv->keys[index].len == 0) {
 
4160         if (erq->flags & IW_ENCODE_DISABLED)
 
4161                 encode_alg = IW_ENCODE_ALG_NONE;
 
4162         if (erq->flags & IW_ENCODE_OPEN)
 
4164         if (erq->flags & IW_ENCODE_RESTRICTED)
 
4167         if (erq->pointer && erq->length > 0) {
 
4168                 priv->keys[index].len = cpu_to_le16(xlen);
 
4169                 memset(priv->keys[index].data, 0,
 
4170                        sizeof(priv->keys[index].data));
 
4171                 memcpy(priv->keys[index].data, keybuf, erq->length);
 
4173         priv->tx_key = setindex;
 
4175         /* Try fast key change if connected and only keys are changed */
 
4176         if ((priv->encode_alg == encode_alg) &&
 
4177             (priv->wep_restrict == restricted) &&
 
4178             netif_carrier_ok(dev)) {
 
4179                 err = __orinoco_hw_setup_wepkeys(priv);
 
4180                 /* No need to commit if successful */
 
4184         priv->encode_alg = encode_alg;
 
4185         priv->wep_restrict = restricted;
 
4188         orinoco_unlock(priv, &flags);
 
4193 static int orinoco_ioctl_getiwencode(struct net_device *dev,
 
4194                                      struct iw_request_info *info,
 
4195                                      struct iw_point *erq,
 
4198         struct orinoco_private *priv = netdev_priv(dev);
 
4199         int index = (erq->flags & IW_ENCODE_INDEX) - 1;
 
4201         unsigned long flags;
 
4203         if (! priv->has_wep)
 
4206         if (orinoco_lock(priv, &flags) != 0)
 
4209         if ((index < 0) || (index >= ORINOCO_MAX_KEYS))
 
4210                 index = priv->tx_key;
 
4213         if (!priv->encode_alg)
 
4214                 erq->flags |= IW_ENCODE_DISABLED;
 
4215         erq->flags |= index + 1;
 
4217         if (priv->wep_restrict)
 
4218                 erq->flags |= IW_ENCODE_RESTRICTED;
 
4220                 erq->flags |= IW_ENCODE_OPEN;
 
4222         xlen = le16_to_cpu(priv->keys[index].len);
 
4226         memcpy(keybuf, priv->keys[index].data, ORINOCO_MAX_KEY_SIZE);
 
4228         orinoco_unlock(priv, &flags);
 
4232 static int orinoco_ioctl_setessid(struct net_device *dev,
 
4233                                   struct iw_request_info *info,
 
4234                                   struct iw_point *erq,
 
4237         struct orinoco_private *priv = netdev_priv(dev);
 
4238         unsigned long flags;
 
4240         /* Note : ESSID is ignored in Ad-Hoc demo mode, but we can set it
 
4241          * anyway... - Jean II */
 
4243         /* Hum... Should not use Wireless Extension constant (may change),
 
4244          * should use our own... - Jean II */
 
4245         if (erq->length > IW_ESSID_MAX_SIZE)
 
4248         if (orinoco_lock(priv, &flags) != 0)
 
4251         /* NULL the string (for NULL termination & ESSID = ANY) - Jean II */
 
4252         memset(priv->desired_essid, 0, sizeof(priv->desired_essid));
 
4254         /* If not ANY, get the new ESSID */
 
4256                 memcpy(priv->desired_essid, essidbuf, erq->length);
 
4259         orinoco_unlock(priv, &flags);
 
4261         return -EINPROGRESS;            /* Call commit handler */
 
4264 static int orinoco_ioctl_getessid(struct net_device *dev,
 
4265                                   struct iw_request_info *info,
 
4266                                   struct iw_point *erq,
 
4269         struct orinoco_private *priv = netdev_priv(dev);
 
4272         unsigned long flags;
 
4274         if (netif_running(dev)) {
 
4275                 err = orinoco_hw_get_essid(priv, &active, essidbuf);
 
4280                 if (orinoco_lock(priv, &flags) != 0)
 
4282                 memcpy(essidbuf, priv->desired_essid, IW_ESSID_MAX_SIZE);
 
4283                 erq->length = strlen(priv->desired_essid);
 
4284                 orinoco_unlock(priv, &flags);
 
4292 static int orinoco_ioctl_setnick(struct net_device *dev,
 
4293                                  struct iw_request_info *info,
 
4294                                  struct iw_point *nrq,
 
4297         struct orinoco_private *priv = netdev_priv(dev);
 
4298         unsigned long flags;
 
4300         if (nrq->length > IW_ESSID_MAX_SIZE)
 
4303         if (orinoco_lock(priv, &flags) != 0)
 
4306         memset(priv->nick, 0, sizeof(priv->nick));
 
4307         memcpy(priv->nick, nickbuf, nrq->length);
 
4309         orinoco_unlock(priv, &flags);
 
4311         return -EINPROGRESS;            /* Call commit handler */
 
4314 static int orinoco_ioctl_getnick(struct net_device *dev,
 
4315                                  struct iw_request_info *info,
 
4316                                  struct iw_point *nrq,
 
4319         struct orinoco_private *priv = netdev_priv(dev);
 
4320         unsigned long flags;
 
4322         if (orinoco_lock(priv, &flags) != 0)
 
4325         memcpy(nickbuf, priv->nick, IW_ESSID_MAX_SIZE);
 
4326         orinoco_unlock(priv, &flags);
 
4328         nrq->length = strlen(priv->nick);
 
4333 static int orinoco_ioctl_setfreq(struct net_device *dev,
 
4334                                  struct iw_request_info *info,
 
4335                                  struct iw_freq *frq,
 
4338         struct orinoco_private *priv = netdev_priv(dev);
 
4340         unsigned long flags;
 
4341         int err = -EINPROGRESS;         /* Call commit handler */
 
4343         /* In infrastructure mode the AP sets the channel */
 
4344         if (priv->iw_mode == IW_MODE_INFRA)
 
4347         if ( (frq->e == 0) && (frq->m <= 1000) ) {
 
4348                 /* Setting by channel number */
 
4351                 /* Setting by frequency */
 
4355                 /* Calculate denominator to rescale to MHz */
 
4356                 for (i = 0; i < (6 - frq->e); i++)
 
4359                 chan = ieee80211_freq_to_dsss_chan(frq->m / denom);
 
4362         if ( (chan < 1) || (chan > NUM_CHANNELS) ||
 
4363              ! (priv->channel_mask & (1 << (chan-1)) ) )
 
4366         if (orinoco_lock(priv, &flags) != 0)
 
4369         priv->channel = chan;
 
4370         if (priv->iw_mode == IW_MODE_MONITOR) {
 
4371                 /* Fast channel change - no commit if successful */
 
4372                 hermes_t *hw = &priv->hw;
 
4373                 err = hermes_docmd_wait(hw, HERMES_CMD_TEST |
 
4374                                             HERMES_TEST_SET_CHANNEL,
 
4377         orinoco_unlock(priv, &flags);
 
4382 static int orinoco_ioctl_getfreq(struct net_device *dev,
 
4383                                  struct iw_request_info *info,
 
4384                                  struct iw_freq *frq,
 
4387         struct orinoco_private *priv = netdev_priv(dev);
 
4390         /* Locking done in there */
 
4391         tmp = orinoco_hw_get_freq(priv);
 
4396         frq->m = tmp * 100000;
 
4402 static int orinoco_ioctl_getsens(struct net_device *dev,
 
4403                                  struct iw_request_info *info,
 
4404                                  struct iw_param *srq,
 
4407         struct orinoco_private *priv = netdev_priv(dev);
 
4408         hermes_t *hw = &priv->hw;
 
4411         unsigned long flags;
 
4413         if (!priv->has_sensitivity)
 
4416         if (orinoco_lock(priv, &flags) != 0)
 
4418         err = hermes_read_wordrec(hw, USER_BAP,
 
4419                                   HERMES_RID_CNFSYSTEMSCALE, &val);
 
4420         orinoco_unlock(priv, &flags);
 
4426         srq->fixed = 0; /* auto */
 
4431 static int orinoco_ioctl_setsens(struct net_device *dev,
 
4432                                  struct iw_request_info *info,
 
4433                                  struct iw_param *srq,
 
4436         struct orinoco_private *priv = netdev_priv(dev);
 
4437         int val = srq->value;
 
4438         unsigned long flags;
 
4440         if (!priv->has_sensitivity)
 
4443         if ((val < 1) || (val > 3))
 
4446         if (orinoco_lock(priv, &flags) != 0)
 
4448         priv->ap_density = val;
 
4449         orinoco_unlock(priv, &flags);
 
4451         return -EINPROGRESS;            /* Call commit handler */
 
4454 static int orinoco_ioctl_setrts(struct net_device *dev,
 
4455                                 struct iw_request_info *info,
 
4456                                 struct iw_param *rrq,
 
4459         struct orinoco_private *priv = netdev_priv(dev);
 
4460         int val = rrq->value;
 
4461         unsigned long flags;
 
4466         if ( (val < 0) || (val > 2347) )
 
4469         if (orinoco_lock(priv, &flags) != 0)
 
4472         priv->rts_thresh = val;
 
4473         orinoco_unlock(priv, &flags);
 
4475         return -EINPROGRESS;            /* Call commit handler */
 
4478 static int orinoco_ioctl_getrts(struct net_device *dev,
 
4479                                 struct iw_request_info *info,
 
4480                                 struct iw_param *rrq,
 
4483         struct orinoco_private *priv = netdev_priv(dev);
 
4485         rrq->value = priv->rts_thresh;
 
4486         rrq->disabled = (rrq->value == 2347);
 
4492 static int orinoco_ioctl_setfrag(struct net_device *dev,
 
4493                                  struct iw_request_info *info,
 
4494                                  struct iw_param *frq,
 
4497         struct orinoco_private *priv = netdev_priv(dev);
 
4498         int err = -EINPROGRESS;         /* Call commit handler */
 
4499         unsigned long flags;
 
4501         if (orinoco_lock(priv, &flags) != 0)
 
4504         if (priv->has_mwo) {
 
4506                         priv->mwo_robust = 0;
 
4509                                 printk(KERN_WARNING "%s: Fixed fragmentation is "
 
4510                                        "not supported on this firmware. "
 
4511                                        "Using MWO robust instead.\n", dev->name);
 
4512                         priv->mwo_robust = 1;
 
4516                         priv->frag_thresh = 2346;
 
4518                         if ( (frq->value < 256) || (frq->value > 2346) )
 
4521                                 priv->frag_thresh = frq->value & ~0x1; /* must be even */
 
4525         orinoco_unlock(priv, &flags);
 
4530 static int orinoco_ioctl_getfrag(struct net_device *dev,
 
4531                                  struct iw_request_info *info,
 
4532                                  struct iw_param *frq,
 
4535         struct orinoco_private *priv = netdev_priv(dev);
 
4536         hermes_t *hw = &priv->hw;
 
4539         unsigned long flags;
 
4541         if (orinoco_lock(priv, &flags) != 0)
 
4544         if (priv->has_mwo) {
 
4545                 err = hermes_read_wordrec(hw, USER_BAP,
 
4546                                           HERMES_RID_CNFMWOROBUST_AGERE,
 
4551                 frq->value = val ? 2347 : 0;
 
4552                 frq->disabled = ! val;
 
4555                 err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
 
4561                 frq->disabled = (val >= 2346);
 
4565         orinoco_unlock(priv, &flags);
 
4570 static int orinoco_ioctl_setrate(struct net_device *dev,
 
4571                                  struct iw_request_info *info,
 
4572                                  struct iw_param *rrq,
 
4575         struct orinoco_private *priv = netdev_priv(dev);
 
4577         int bitrate; /* 100s of kilobits */
 
4579         unsigned long flags;
 
4581         /* As the user space doesn't know our highest rate, it uses -1
 
4582          * to ask us to set the highest rate.  Test it using "iwconfig
 
4583          * ethX rate auto" - Jean II */
 
4584         if (rrq->value == -1)
 
4587                 if (rrq->value % 100000)
 
4589                 bitrate = rrq->value / 100000;
 
4592         if ( (bitrate != 10) && (bitrate != 20) &&
 
4593              (bitrate != 55) && (bitrate != 110) )
 
4596         for (i = 0; i < BITRATE_TABLE_SIZE; i++)
 
4597                 if ( (bitrate_table[i].bitrate == bitrate) &&
 
4598                      (bitrate_table[i].automatic == ! rrq->fixed) ) {
 
4606         if (orinoco_lock(priv, &flags) != 0)
 
4608         priv->bitratemode = ratemode;
 
4609         orinoco_unlock(priv, &flags);
 
4611         return -EINPROGRESS;
 
4614 static int orinoco_ioctl_getrate(struct net_device *dev,
 
4615                                  struct iw_request_info *info,
 
4616                                  struct iw_param *rrq,
 
4619         struct orinoco_private *priv = netdev_priv(dev);
 
4620         hermes_t *hw = &priv->hw;
 
4625         unsigned long flags;
 
4627         if (orinoco_lock(priv, &flags) != 0)
 
4630         ratemode = priv->bitratemode;
 
4632         BUG_ON((ratemode < 0) || (ratemode >= BITRATE_TABLE_SIZE));
 
4634         rrq->value = bitrate_table[ratemode].bitrate * 100000;
 
4635         rrq->fixed = ! bitrate_table[ratemode].automatic;
 
4638         /* If the interface is running we try to find more about the
 
4640         if (netif_running(dev)) {
 
4641                 err = hermes_read_wordrec(hw, USER_BAP,
 
4642                                           HERMES_RID_CURRENTTXRATE, &val);
 
4646                 switch (priv->firmware_type) {
 
4647                 case FIRMWARE_TYPE_AGERE: /* Lucent style rate */
 
4648                         /* Note : in Lucent firmware, the return value of
 
4649                          * HERMES_RID_CURRENTTXRATE is the bitrate in Mb/s,
 
4650                          * and therefore is totally different from the
 
4651                          * encoding of HERMES_RID_CNFTXRATECONTROL.
 
4652                          * Don't forget that 6Mb/s is really 5.5Mb/s */
 
4654                                 rrq->value = 5500000;
 
4656                                 rrq->value = val * 1000000;
 
4658                 case FIRMWARE_TYPE_INTERSIL: /* Intersil style rate */
 
4659                 case FIRMWARE_TYPE_SYMBOL: /* Symbol style rate */
 
4660                         for (i = 0; i < BITRATE_TABLE_SIZE; i++)
 
4661                                 if (bitrate_table[i].intersil_txratectrl == val) {
 
4665                         if (i >= BITRATE_TABLE_SIZE)
 
4666                                 printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
 
4669                         rrq->value = bitrate_table[ratemode].bitrate * 100000;
 
4677         orinoco_unlock(priv, &flags);
 
4682 static int orinoco_ioctl_setpower(struct net_device *dev,
 
4683                                   struct iw_request_info *info,
 
4684                                   struct iw_param *prq,
 
4687         struct orinoco_private *priv = netdev_priv(dev);
 
4688         int err = -EINPROGRESS;         /* Call commit handler */
 
4689         unsigned long flags;
 
4691         if (orinoco_lock(priv, &flags) != 0)
 
4694         if (prq->disabled) {
 
4697                 switch (prq->flags & IW_POWER_MODE) {
 
4698                 case IW_POWER_UNICAST_R:
 
4702                 case IW_POWER_ALL_R:
 
4707                         /* No flags : but we may have a value - Jean II */
 
4714                 if (prq->flags & IW_POWER_TIMEOUT) {
 
4716                         priv->pm_timeout = prq->value / 1000;
 
4718                 if (prq->flags & IW_POWER_PERIOD) {
 
4720                         priv->pm_period = prq->value / 1000;
 
4722                 /* It's valid to not have a value if we are just toggling
 
4723                  * the flags... Jean II */
 
4731         orinoco_unlock(priv, &flags);
 
4736 static int orinoco_ioctl_getpower(struct net_device *dev,
 
4737                                   struct iw_request_info *info,
 
4738                                   struct iw_param *prq,
 
4741         struct orinoco_private *priv = netdev_priv(dev);
 
4742         hermes_t *hw = &priv->hw;
 
4744         u16 enable, period, timeout, mcast;
 
4745         unsigned long flags;
 
4747         if (orinoco_lock(priv, &flags) != 0)
 
4750         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFPMENABLED, &enable);
 
4754         err = hermes_read_wordrec(hw, USER_BAP,
 
4755                                   HERMES_RID_CNFMAXSLEEPDURATION, &period);
 
4759         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFPMHOLDOVERDURATION, &timeout);
 
4763         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFMULTICASTRECEIVE, &mcast);
 
4767         prq->disabled = !enable;
 
4768         /* Note : by default, display the period */
 
4769         if ((prq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
 
4770                 prq->flags = IW_POWER_TIMEOUT;
 
4771                 prq->value = timeout * 1000;
 
4773                 prq->flags = IW_POWER_PERIOD;
 
4774                 prq->value = period * 1000;
 
4777                 prq->flags |= IW_POWER_ALL_R;
 
4779                 prq->flags |= IW_POWER_UNICAST_R;
 
4782         orinoco_unlock(priv, &flags);
 
4787 static int orinoco_ioctl_set_encodeext(struct net_device *dev,
 
4788                                        struct iw_request_info *info,
 
4789                                        union iwreq_data *wrqu,
 
4792         struct orinoco_private *priv = netdev_priv(dev);
 
4793         struct iw_point *encoding = &wrqu->encoding;
 
4794         struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
 
4795         int idx, alg = ext->alg, set_key = 1;
 
4796         unsigned long flags;
 
4800         if (orinoco_lock(priv, &flags) != 0)
 
4803         /* Determine and validate the key index */
 
4804         idx = encoding->flags & IW_ENCODE_INDEX;
 
4806                 if ((idx < 1) || (idx > 4))
 
4812         if (encoding->flags & IW_ENCODE_DISABLED)
 
4813             alg = IW_ENCODE_ALG_NONE;
 
4815         if (priv->has_wpa && (alg != IW_ENCODE_ALG_TKIP)) {
 
4816                 /* Clear any TKIP TX key we had */
 
4817                 (void) orinoco_clear_tkip_key(priv, priv->tx_key);
 
4820         if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
 
4822                 set_key = ((alg == IW_ENCODE_ALG_TKIP) ||
 
4823                            (ext->key_len > 0)) ? 1 : 0;
 
4827                 /* Set the requested key first */
 
4829                 case IW_ENCODE_ALG_NONE:
 
4830                         priv->encode_alg = alg;
 
4831                         priv->keys[idx].len = 0;
 
4834                 case IW_ENCODE_ALG_WEP:
 
4835                         if (ext->key_len > SMALL_KEY_SIZE)
 
4836                                 key_len = LARGE_KEY_SIZE;
 
4837                         else if (ext->key_len > 0)
 
4838                                 key_len = SMALL_KEY_SIZE;
 
4842                         priv->encode_alg = alg;
 
4843                         priv->keys[idx].len = cpu_to_le16(key_len);
 
4845                         key_len = min(ext->key_len, key_len);
 
4847                         memset(priv->keys[idx].data, 0, ORINOCO_MAX_KEY_SIZE);
 
4848                         memcpy(priv->keys[idx].data, ext->key, key_len);
 
4851                 case IW_ENCODE_ALG_TKIP:
 
4853                         hermes_t *hw = &priv->hw;
 
4856                         if (!priv->has_wpa ||
 
4857                             (ext->key_len > sizeof(priv->tkip_key[0])))
 
4860                         priv->encode_alg = alg;
 
4861                         memset(&priv->tkip_key[idx], 0,
 
4862                                sizeof(priv->tkip_key[idx]));
 
4863                         memcpy(&priv->tkip_key[idx], ext->key, ext->key_len);
 
4865                         if (ext->ext_flags & IW_ENCODE_EXT_RX_SEQ_VALID)
 
4866                                 tkip_iv = &ext->rx_seq[0];
 
4868                         err = __orinoco_hw_set_tkip_key(hw, idx,
 
4869                                  ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY,
 
4870                                  (u8 *) &priv->tkip_key[idx],
 
4873                                 printk(KERN_ERR "%s: Error %d setting TKIP key"
 
4874                                        "\n", dev->name, err);
 
4884         orinoco_unlock(priv, &flags);
 
4889 static int orinoco_ioctl_get_encodeext(struct net_device *dev,
 
4890                                        struct iw_request_info *info,
 
4891                                        union iwreq_data *wrqu,
 
4894         struct orinoco_private *priv = netdev_priv(dev);
 
4895         struct iw_point *encoding = &wrqu->encoding;
 
4896         struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
 
4897         int idx, max_key_len;
 
4898         unsigned long flags;
 
4901         if (orinoco_lock(priv, &flags) != 0)
 
4905         max_key_len = encoding->length - sizeof(*ext);
 
4906         if (max_key_len < 0)
 
4909         idx = encoding->flags & IW_ENCODE_INDEX;
 
4911                 if ((idx < 1) || (idx > 4))
 
4917         encoding->flags = idx + 1;
 
4918         memset(ext, 0, sizeof(*ext));
 
4920         ext->alg = priv->encode_alg;
 
4921         switch (priv->encode_alg) {
 
4922         case IW_ENCODE_ALG_NONE:
 
4924                 encoding->flags |= IW_ENCODE_DISABLED;
 
4926         case IW_ENCODE_ALG_WEP:
 
4927                 ext->key_len = min_t(u16, le16_to_cpu(priv->keys[idx].len),
 
4929                 memcpy(ext->key, priv->keys[idx].data, ext->key_len);
 
4930                 encoding->flags |= IW_ENCODE_ENABLED;
 
4932         case IW_ENCODE_ALG_TKIP:
 
4933                 ext->key_len = min_t(u16, sizeof(struct orinoco_tkip_key),
 
4935                 memcpy(ext->key, &priv->tkip_key[idx], ext->key_len);
 
4936                 encoding->flags |= IW_ENCODE_ENABLED;
 
4942         orinoco_unlock(priv, &flags);
 
4947 static int orinoco_ioctl_set_auth(struct net_device *dev,
 
4948                                   struct iw_request_info *info,
 
4949                                   union iwreq_data *wrqu, char *extra)
 
4951         struct orinoco_private *priv = netdev_priv(dev);
 
4952         hermes_t *hw = &priv->hw;
 
4953         struct iw_param *param = &wrqu->param;
 
4954         unsigned long flags;
 
4955         int ret = -EINPROGRESS;
 
4957         if (orinoco_lock(priv, &flags) != 0)
 
4960         switch (param->flags & IW_AUTH_INDEX) {
 
4961         case IW_AUTH_WPA_VERSION:
 
4962         case IW_AUTH_CIPHER_PAIRWISE:
 
4963         case IW_AUTH_CIPHER_GROUP:
 
4964         case IW_AUTH_RX_UNENCRYPTED_EAPOL:
 
4965         case IW_AUTH_PRIVACY_INVOKED:
 
4966         case IW_AUTH_DROP_UNENCRYPTED:
 
4968                  * orinoco does not use these parameters
 
4972         case IW_AUTH_KEY_MGMT:
 
4973                 /* wl_lkm implies value 2 == PSK for Hermes I
 
4974                  * which ties in with WEXT
 
4975                  * no other hints tho :(
 
4977                 priv->key_mgmt = param->value;
 
4980         case IW_AUTH_TKIP_COUNTERMEASURES:
 
4981                 /* When countermeasures are enabled, shut down the
 
4982                  * card; when disabled, re-enable the card. This must
 
4983                  * take effect immediately.
 
4985                  * TODO: Make sure that the EAPOL message is getting
 
4986                  *       out before card disabled
 
4989                         priv->tkip_cm_active = 1;
 
4990                         ret = hermes_enable_port(hw, 0);
 
4992                         priv->tkip_cm_active = 0;
 
4993                         ret = hermes_disable_port(hw, 0);
 
4997         case IW_AUTH_80211_AUTH_ALG:
 
4998                 if (param->value & IW_AUTH_ALG_SHARED_KEY)
 
4999                         priv->wep_restrict = 1;
 
5000                 else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM)
 
5001                         priv->wep_restrict = 0;
 
5006         case IW_AUTH_WPA_ENABLED:
 
5007                 if (priv->has_wpa) {
 
5008                         priv->wpa_enabled = param->value ? 1 : 0;
 
5012                         /* else silently accept disable of WPA */
 
5013                         priv->wpa_enabled = 0;
 
5021         orinoco_unlock(priv, &flags);
 
5025 static int orinoco_ioctl_get_auth(struct net_device *dev,
 
5026                                   struct iw_request_info *info,
 
5027                                   union iwreq_data *wrqu, char *extra)
 
5029         struct orinoco_private *priv = netdev_priv(dev);
 
5030         struct iw_param *param = &wrqu->param;
 
5031         unsigned long flags;
 
5034         if (orinoco_lock(priv, &flags) != 0)
 
5037         switch (param->flags & IW_AUTH_INDEX) {
 
5038         case IW_AUTH_KEY_MGMT:
 
5039                 param->value = priv->key_mgmt;
 
5042         case IW_AUTH_TKIP_COUNTERMEASURES:
 
5043                 param->value = priv->tkip_cm_active;
 
5046         case IW_AUTH_80211_AUTH_ALG:
 
5047                 if (priv->wep_restrict)
 
5048                         param->value = IW_AUTH_ALG_SHARED_KEY;
 
5050                         param->value = IW_AUTH_ALG_OPEN_SYSTEM;
 
5053         case IW_AUTH_WPA_ENABLED:
 
5054                 param->value = priv->wpa_enabled;
 
5061         orinoco_unlock(priv, &flags);
 
5065 static int orinoco_ioctl_set_genie(struct net_device *dev,
 
5066                                    struct iw_request_info *info,
 
5067                                    union iwreq_data *wrqu, char *extra)
 
5069         struct orinoco_private *priv = netdev_priv(dev);
 
5071         unsigned long flags;
 
5073         /* cut off at IEEE80211_MAX_DATA_LEN */
 
5074         if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
 
5075             (wrqu->data.length && (extra == NULL)))
 
5078         if (wrqu->data.length) {
 
5079                 buf = kmalloc(wrqu->data.length, GFP_KERNEL);
 
5083                 memcpy(buf, extra, wrqu->data.length);
 
5087         if (orinoco_lock(priv, &flags) != 0) {
 
5092         kfree(priv->wpa_ie);
 
5094         priv->wpa_ie_len = wrqu->data.length;
 
5097                 /* Looks like wl_lkm wants to check the auth alg, and
 
5098                  * somehow pass it to the firmware.
 
5099                  * Instead it just calls the key mgmt rid
 
5100                  *   - we do this in set auth.
 
5104         orinoco_unlock(priv, &flags);
 
5108 static int orinoco_ioctl_get_genie(struct net_device *dev,
 
5109                                    struct iw_request_info *info,
 
5110                                    union iwreq_data *wrqu, char *extra)
 
5112         struct orinoco_private *priv = netdev_priv(dev);
 
5113         unsigned long flags;
 
5116         if (orinoco_lock(priv, &flags) != 0)
 
5119         if ((priv->wpa_ie_len == 0) || (priv->wpa_ie == NULL)) {
 
5120                 wrqu->data.length = 0;
 
5124         if (wrqu->data.length < priv->wpa_ie_len) {
 
5129         wrqu->data.length = priv->wpa_ie_len;
 
5130         memcpy(extra, priv->wpa_ie, priv->wpa_ie_len);
 
5133         orinoco_unlock(priv, &flags);
 
5137 static int orinoco_ioctl_set_mlme(struct net_device *dev,
 
5138                                   struct iw_request_info *info,
 
5139                                   union iwreq_data *wrqu, char *extra)
 
5141         struct orinoco_private *priv = netdev_priv(dev);
 
5142         hermes_t *hw = &priv->hw;
 
5143         struct iw_mlme *mlme = (struct iw_mlme *)extra;
 
5144         unsigned long flags;
 
5147         if (orinoco_lock(priv, &flags) != 0)
 
5150         switch (mlme->cmd) {
 
5151         case IW_MLME_DEAUTH:
 
5152                 /* silently ignore */
 
5155         case IW_MLME_DISASSOC:
 
5160                 } __attribute__ ((packed)) buf;
 
5162                 memcpy(buf.addr, mlme->addr.sa_data, ETH_ALEN);
 
5163                 buf.reason_code = cpu_to_le16(mlme->reason_code);
 
5164                 ret = HERMES_WRITE_RECORD(hw, USER_BAP,
 
5165                                           HERMES_RID_CNFDISASSOCIATE,
 
5173         orinoco_unlock(priv, &flags);
 
5177 static int orinoco_ioctl_getretry(struct net_device *dev,
 
5178                                   struct iw_request_info *info,
 
5179                                   struct iw_param *rrq,
 
5182         struct orinoco_private *priv = netdev_priv(dev);
 
5183         hermes_t *hw = &priv->hw;
 
5185         u16 short_limit, long_limit, lifetime;
 
5186         unsigned long flags;
 
5188         if (orinoco_lock(priv, &flags) != 0)
 
5191         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_SHORTRETRYLIMIT,
 
5196         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_LONGRETRYLIMIT,
 
5201         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_MAXTRANSMITLIFETIME,
 
5206         rrq->disabled = 0;              /* Can't be disabled */
 
5208         /* Note : by default, display the retry number */
 
5209         if ((rrq->flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME) {
 
5210                 rrq->flags = IW_RETRY_LIFETIME;
 
5211                 rrq->value = lifetime * 1000;   /* ??? */
 
5213                 /* By default, display the min number */
 
5214                 if ((rrq->flags & IW_RETRY_LONG)) {
 
5215                         rrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
 
5216                         rrq->value = long_limit;
 
5218                         rrq->flags = IW_RETRY_LIMIT;
 
5219                         rrq->value = short_limit;
 
5220                         if(short_limit != long_limit)
 
5221                                 rrq->flags |= IW_RETRY_SHORT;
 
5226         orinoco_unlock(priv, &flags);
 
5231 static int orinoco_ioctl_reset(struct net_device *dev,
 
5232                                struct iw_request_info *info,
 
5236         struct orinoco_private *priv = netdev_priv(dev);
 
5238         if (! capable(CAP_NET_ADMIN))
 
5241         if (info->cmd == (SIOCIWFIRSTPRIV + 0x1)) {
 
5242                 printk(KERN_DEBUG "%s: Forcing reset!\n", dev->name);
 
5244                 /* Firmware reset */
 
5245                 orinoco_reset(&priv->reset_work);
 
5247                 printk(KERN_DEBUG "%s: Force scheduling reset!\n", dev->name);
 
5249                 schedule_work(&priv->reset_work);
 
5255 static int orinoco_ioctl_setibssport(struct net_device *dev,
 
5256                                      struct iw_request_info *info,
 
5261         struct orinoco_private *priv = netdev_priv(dev);
 
5262         int val = *( (int *) extra );
 
5263         unsigned long flags;
 
5265         if (orinoco_lock(priv, &flags) != 0)
 
5268         priv->ibss_port = val ;
 
5270         /* Actually update the mode we are using */
 
5271         set_port_type(priv);
 
5273         orinoco_unlock(priv, &flags);
 
5274         return -EINPROGRESS;            /* Call commit handler */
 
5277 static int orinoco_ioctl_getibssport(struct net_device *dev,
 
5278                                      struct iw_request_info *info,
 
5282         struct orinoco_private *priv = netdev_priv(dev);
 
5283         int *val = (int *) extra;
 
5285         *val = priv->ibss_port;
 
5289 static int orinoco_ioctl_setport3(struct net_device *dev,
 
5290                                   struct iw_request_info *info,
 
5294         struct orinoco_private *priv = netdev_priv(dev);
 
5295         int val = *( (int *) extra );
 
5297         unsigned long flags;
 
5299         if (orinoco_lock(priv, &flags) != 0)
 
5303         case 0: /* Try to do IEEE ad-hoc mode */
 
5304                 if (! priv->has_ibss) {
 
5308                 priv->prefer_port3 = 0;
 
5312         case 1: /* Try to do Lucent proprietary ad-hoc mode */
 
5313                 if (! priv->has_port3) {
 
5317                 priv->prefer_port3 = 1;
 
5325                 /* Actually update the mode we are using */
 
5326                 set_port_type(priv);
 
5330         orinoco_unlock(priv, &flags);
 
5335 static int orinoco_ioctl_getport3(struct net_device *dev,
 
5336                                   struct iw_request_info *info,
 
5340         struct orinoco_private *priv = netdev_priv(dev);
 
5341         int *val = (int *) extra;
 
5343         *val = priv->prefer_port3;
 
5347 static int orinoco_ioctl_setpreamble(struct net_device *dev,
 
5348                                      struct iw_request_info *info,
 
5352         struct orinoco_private *priv = netdev_priv(dev);
 
5353         unsigned long flags;
 
5356         if (! priv->has_preamble)
 
5359         /* 802.11b has recently defined some short preamble.
 
5360          * Basically, the Phy header has been reduced in size.
 
5361          * This increase performance, especially at high rates
 
5362          * (the preamble is transmitted at 1Mb/s), unfortunately
 
5363          * this give compatibility troubles... - Jean II */
 
5364         val = *( (int *) extra );
 
5366         if (orinoco_lock(priv, &flags) != 0)
 
5374         orinoco_unlock(priv, &flags);
 
5376         return -EINPROGRESS;            /* Call commit handler */
 
5379 static int orinoco_ioctl_getpreamble(struct net_device *dev,
 
5380                                      struct iw_request_info *info,
 
5384         struct orinoco_private *priv = netdev_priv(dev);
 
5385         int *val = (int *) extra;
 
5387         if (! priv->has_preamble)
 
5390         *val = priv->preamble;
 
5394 /* ioctl interface to hermes_read_ltv()
 
5395  * To use with iwpriv, pass the RID as the token argument, e.g.
 
5396  * iwpriv get_rid [0xfc00]
 
5397  * At least Wireless Tools 25 is required to use iwpriv.
 
5398  * For Wireless Tools 25 and 26 append "dummy" are the end. */
 
5399 static int orinoco_ioctl_getrid(struct net_device *dev,
 
5400                                 struct iw_request_info *info,
 
5401                                 struct iw_point *data,
 
5404         struct orinoco_private *priv = netdev_priv(dev);
 
5405         hermes_t *hw = &priv->hw;
 
5406         int rid = data->flags;
 
5409         unsigned long flags;
 
5411         /* It's a "get" function, but we don't want users to access the
 
5412          * WEP key and other raw firmware data */
 
5413         if (! capable(CAP_NET_ADMIN))
 
5416         if (rid < 0xfc00 || rid > 0xffff)
 
5419         if (orinoco_lock(priv, &flags) != 0)
 
5422         err = hermes_read_ltv(hw, USER_BAP, rid, MAX_RID_LEN, &length,
 
5427         data->length = min_t(u16, HERMES_RECLEN_TO_BYTES(length),
 
5431         orinoco_unlock(priv, &flags);
 
5435 /* Trigger a scan (look for other cells in the vicinity) */
 
5436 static int orinoco_ioctl_setscan(struct net_device *dev,
 
5437                                  struct iw_request_info *info,
 
5438                                  struct iw_point *srq,
 
5441         struct orinoco_private *priv = netdev_priv(dev);
 
5442         hermes_t *hw = &priv->hw;
 
5443         struct iw_scan_req *si = (struct iw_scan_req *) extra;
 
5445         unsigned long flags;
 
5447         /* Note : you may have realised that, as this is a SET operation,
 
5448          * this is privileged and therefore a normal user can't
 
5450          * This is not an error, while the device perform scanning,
 
5451          * traffic doesn't flow, so it's a perfect DoS...
 
5454         if (orinoco_lock(priv, &flags) != 0)
 
5457         /* Scanning with port 0 disabled would fail */
 
5458         if (!netif_running(dev)) {
 
5463         /* In monitor mode, the scan results are always empty.
 
5464          * Probe responses are passed to the driver as received
 
5465          * frames and could be processed in software. */
 
5466         if (priv->iw_mode == IW_MODE_MONITOR) {
 
5471         /* Note : because we don't lock out the irq handler, the way
 
5472          * we access scan variables in priv is critical.
 
5473          *      o scan_inprogress : not touched by irq handler
 
5474          *      o scan_mode : not touched by irq handler
 
5475          * Before modifying anything on those variables, please think hard !
 
5479         priv->scan_mode = srq->flags;
 
5481         /* Always trigger scanning, even if it's in progress.
 
5482          * This way, if the info frame get lost, we will recover somewhat
 
5483          * gracefully  - Jean II */
 
5485         if (priv->has_hostscan) {
 
5486                 switch (priv->firmware_type) {
 
5487                 case FIRMWARE_TYPE_SYMBOL:
 
5488                         err = hermes_write_wordrec(hw, USER_BAP,
 
5489                                                    HERMES_RID_CNFHOSTSCAN_SYMBOL,
 
5490                                                    HERMES_HOSTSCAN_SYMBOL_ONCE |
 
5491                                                    HERMES_HOSTSCAN_SYMBOL_BCAST);
 
5493                 case FIRMWARE_TYPE_INTERSIL: {
 
5496                         req[0] = cpu_to_le16(0x3fff);   /* All channels */
 
5497                         req[1] = cpu_to_le16(0x0001);   /* rate 1 Mbps */
 
5498                         req[2] = 0;                     /* Any ESSID */
 
5499                         err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
5500                                                   HERMES_RID_CNFHOSTSCAN, &req);
 
5503                 case FIRMWARE_TYPE_AGERE:
 
5504                         if (priv->scan_mode & IW_SCAN_THIS_ESSID) {
 
5505                                 struct hermes_idstring idbuf;
 
5506                                 size_t len = min(sizeof(idbuf.val),
 
5507                                                  (size_t) si->essid_len);
 
5508                                 idbuf.len = cpu_to_le16(len);
 
5509                                 memcpy(idbuf.val, si->essid, len);
 
5511                                 err = hermes_write_ltv(hw, USER_BAP,
 
5512                                                HERMES_RID_CNFSCANSSID_AGERE,
 
5513                                                HERMES_BYTES_TO_RECLEN(len + 2),
 
5516                                 err = hermes_write_wordrec(hw, USER_BAP,
 
5517                                                    HERMES_RID_CNFSCANSSID_AGERE,
 
5522                         if (priv->has_ext_scan) {
 
5523                                 /* Clear scan results at the start of
 
5524                                  * an extended scan */
 
5525                                 orinoco_clear_scan_results(priv,
 
5526                                                 msecs_to_jiffies(15000));
 
5528                                 /* TODO: Is this available on older firmware?
 
5529                                  *   Can we use it to scan specific channels
 
5530                                  *   for IW_SCAN_THIS_FREQ? */
 
5531                                 err = hermes_write_wordrec(hw, USER_BAP,
 
5532                                                 HERMES_RID_CNFSCANCHANNELS2GHZ,
 
5537                                 err = hermes_inquire(hw,
 
5538                                                      HERMES_INQ_CHANNELINFO);
 
5540                                 err = hermes_inquire(hw, HERMES_INQ_SCAN);
 
5544                 err = hermes_inquire(hw, HERMES_INQ_SCAN);
 
5546         /* One more client */
 
5548                 priv->scan_inprogress = 1;
 
5551         orinoco_unlock(priv, &flags);
 
5555 #define MAX_CUSTOM_LEN 64
 
5557 /* Translate scan data returned from the card to a card independant
 
5558  * format that the Wireless Tools will understand - Jean II */
 
5559 static inline char *orinoco_translate_scan(struct net_device *dev,
 
5560                                            struct iw_request_info *info,
 
5563                                            union hermes_scan_info *bss,
 
5564                                            unsigned long last_scanned)
 
5566         struct orinoco_private *priv = netdev_priv(dev);
 
5569         struct iw_event         iwe;            /* Temporary buffer */
 
5570         char custom[MAX_CUSTOM_LEN];
 
5572         memset(&iwe, 0, sizeof(iwe));
 
5574         /* First entry *MUST* be the AP MAC address */
 
5575         iwe.cmd = SIOCGIWAP;
 
5576         iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
 
5577         memcpy(iwe.u.ap_addr.sa_data, bss->a.bssid, ETH_ALEN);
 
5578         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5579                                           &iwe, IW_EV_ADDR_LEN);
 
5581         /* Other entries will be displayed in the order we give them */
 
5584         iwe.u.data.length = le16_to_cpu(bss->a.essid_len);
 
5585         if (iwe.u.data.length > 32)
 
5586                 iwe.u.data.length = 32;
 
5587         iwe.cmd = SIOCGIWESSID;
 
5588         iwe.u.data.flags = 1;
 
5589         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5590                                           &iwe, bss->a.essid);
 
5593         iwe.cmd = SIOCGIWMODE;
 
5594         capabilities = le16_to_cpu(bss->a.capabilities);
 
5595         if (capabilities & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
 
5596                 if (capabilities & WLAN_CAPABILITY_ESS)
 
5597                         iwe.u.mode = IW_MODE_MASTER;
 
5599                         iwe.u.mode = IW_MODE_ADHOC;
 
5600                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5601                                                   &iwe, IW_EV_UINT_LEN);
 
5604         channel = bss->s.channel;
 
5605         if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
 
5606                 /* Add channel and frequency */
 
5607                 iwe.cmd = SIOCGIWFREQ;
 
5608                 iwe.u.freq.m = channel;
 
5610                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5611                                                   &iwe, IW_EV_FREQ_LEN);
 
5613                 iwe.u.freq.m = ieee80211_dsss_chan_to_freq(channel) * 100000;
 
5615                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5616                                                   &iwe, IW_EV_FREQ_LEN);
 
5619         /* Add quality statistics. level and noise in dB. No link quality */
 
5621         iwe.u.qual.updated = IW_QUAL_DBM | IW_QUAL_QUAL_INVALID;
 
5622         iwe.u.qual.level = (__u8) le16_to_cpu(bss->a.level) - 0x95;
 
5623         iwe.u.qual.noise = (__u8) le16_to_cpu(bss->a.noise) - 0x95;
 
5624         /* Wireless tools prior to 27.pre22 will show link quality
 
5625          * anyway, so we provide a reasonable value. */
 
5626         if (iwe.u.qual.level > iwe.u.qual.noise)
 
5627                 iwe.u.qual.qual = iwe.u.qual.level - iwe.u.qual.noise;
 
5629                 iwe.u.qual.qual = 0;
 
5630         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5631                                           &iwe, IW_EV_QUAL_LEN);
 
5633         /* Add encryption capability */
 
5634         iwe.cmd = SIOCGIWENCODE;
 
5635         if (capabilities & WLAN_CAPABILITY_PRIVACY)
 
5636                 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
 
5638                 iwe.u.data.flags = IW_ENCODE_DISABLED;
 
5639         iwe.u.data.length = 0;
 
5640         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5643         /* Bit rate is not available in Lucent/Agere firmwares */
 
5644         if (priv->firmware_type != FIRMWARE_TYPE_AGERE) {
 
5645                 char *current_val = current_ev + iwe_stream_lcp_len(info);
 
5649                 if (priv->firmware_type == FIRMWARE_TYPE_SYMBOL)
 
5654                 iwe.cmd = SIOCGIWRATE;
 
5655                 /* Those two flags are ignored... */
 
5656                 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
 
5658                 for (i = 0; i < 10; i += step) {
 
5659                         /* NULL terminated */
 
5660                         if (bss->p.rates[i] == 0x0)
 
5662                         /* Bit rate given in 500 kb/s units (+ 0x80) */
 
5663                         iwe.u.bitrate.value =
 
5664                                 ((bss->p.rates[i] & 0x7f) * 500000);
 
5665                         current_val = iwe_stream_add_value(info, current_ev,
 
5670                 /* Check if we added any event */
 
5671                 if ((current_val - current_ev) > iwe_stream_lcp_len(info))
 
5672                         current_ev = current_val;
 
5675         /* Beacon interval */
 
5676         iwe.cmd = IWEVCUSTOM;
 
5677         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5679                                      le16_to_cpu(bss->a.beacon_interv));
 
5680         if (iwe.u.data.length)
 
5681                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5685         iwe.cmd = IWEVCUSTOM;
 
5686         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5689         if (iwe.u.data.length)
 
5690                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5693         /* Add EXTRA: Age to display seconds since last beacon/probe response
 
5694          * for given network. */
 
5695         iwe.cmd = IWEVCUSTOM;
 
5696         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5697                                      " Last beacon: %dms ago",
 
5698                                      jiffies_to_msecs(jiffies - last_scanned));
 
5699         if (iwe.u.data.length)
 
5700                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5706 static inline char *orinoco_translate_ext_scan(struct net_device *dev,
 
5707                                                struct iw_request_info *info,
 
5710                                                struct agere_ext_scan_info *bss,
 
5711                                                unsigned long last_scanned)
 
5715         struct iw_event         iwe;            /* Temporary buffer */
 
5716         char custom[MAX_CUSTOM_LEN];
 
5719         memset(&iwe, 0, sizeof(iwe));
 
5721         /* First entry *MUST* be the AP MAC address */
 
5722         iwe.cmd = SIOCGIWAP;
 
5723         iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
 
5724         memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
 
5725         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5726                                           &iwe, IW_EV_ADDR_LEN);
 
5728         /* Other entries will be displayed in the order we give them */
 
5732         iwe.u.data.length = ie[1];
 
5733         if (iwe.u.data.length) {
 
5734                 if (iwe.u.data.length > 32)
 
5735                         iwe.u.data.length = 32;
 
5736                 iwe.cmd = SIOCGIWESSID;
 
5737                 iwe.u.data.flags = 1;
 
5738                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5743         capabilities = le16_to_cpu(bss->capabilities);
 
5744         if (capabilities & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
 
5745                 iwe.cmd = SIOCGIWMODE;
 
5746                 if (capabilities & WLAN_CAPABILITY_ESS)
 
5747                         iwe.u.mode = IW_MODE_MASTER;
 
5749                         iwe.u.mode = IW_MODE_ADHOC;
 
5750                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5751                                                   &iwe, IW_EV_UINT_LEN);
 
5754         ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_DS_PARAMS);
 
5755         channel = ie ? ie[2] : 0;
 
5756         if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
 
5757                 /* Add channel and frequency */
 
5758                 iwe.cmd = SIOCGIWFREQ;
 
5759                 iwe.u.freq.m = channel;
 
5761                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5762                                                   &iwe, IW_EV_FREQ_LEN);
 
5764                 iwe.u.freq.m = ieee80211_dsss_chan_to_freq(channel) * 100000;
 
5766                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5767                                                   &iwe, IW_EV_FREQ_LEN);
 
5770         /* Add quality statistics. level and noise in dB. No link quality */
 
5772         iwe.u.qual.updated = IW_QUAL_DBM | IW_QUAL_QUAL_INVALID;
 
5773         iwe.u.qual.level = bss->level - 0x95;
 
5774         iwe.u.qual.noise = bss->noise - 0x95;
 
5775         /* Wireless tools prior to 27.pre22 will show link quality
 
5776          * anyway, so we provide a reasonable value. */
 
5777         if (iwe.u.qual.level > iwe.u.qual.noise)
 
5778                 iwe.u.qual.qual = iwe.u.qual.level - iwe.u.qual.noise;
 
5780                 iwe.u.qual.qual = 0;
 
5781         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5782                                           &iwe, IW_EV_QUAL_LEN);
 
5784         /* Add encryption capability */
 
5785         iwe.cmd = SIOCGIWENCODE;
 
5786         if (capabilities & WLAN_CAPABILITY_PRIVACY)
 
5787                 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
 
5789                 iwe.u.data.flags = IW_ENCODE_DISABLED;
 
5790         iwe.u.data.length = 0;
 
5791         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5795         ie = orinoco_get_wpa_ie(bss->data, sizeof(bss->data));
 
5797                 iwe.cmd = IWEVGENIE;
 
5798                 iwe.u.data.length = ie[1] + 2;
 
5799                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5804         ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_RSN);
 
5806                 iwe.cmd = IWEVGENIE;
 
5807                 iwe.u.data.length = ie[1] + 2;
 
5808                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5812         ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_SUPP_RATES);
 
5814                 char *p = current_ev + iwe_stream_lcp_len(info);
 
5817                 iwe.cmd = SIOCGIWRATE;
 
5818                 /* Those two flags are ignored... */
 
5819                 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
 
5821                 for (i = 2; i < (ie[1] + 2); i++) {
 
5822                         iwe.u.bitrate.value = ((ie[i] & 0x7F) * 500000);
 
5823                         p = iwe_stream_add_value(info, current_ev, p, end_buf,
 
5824                                                  &iwe, IW_EV_PARAM_LEN);
 
5826                 /* Check if we added any event */
 
5827                 if (p > (current_ev + iwe_stream_lcp_len(info)))
 
5832         iwe.cmd = IWEVCUSTOM;
 
5834                 snprintf(custom, MAX_CUSTOM_LEN, "tsf=%016llx",
 
5835                          (unsigned long long) le64_to_cpu(bss->timestamp));
 
5836         if (iwe.u.data.length)
 
5837                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5840         /* Beacon interval */
 
5841         iwe.cmd = IWEVCUSTOM;
 
5842         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5844                                      le16_to_cpu(bss->beacon_interval));
 
5845         if (iwe.u.data.length)
 
5846                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5850         iwe.cmd = IWEVCUSTOM;
 
5851         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5854         if (iwe.u.data.length)
 
5855                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5858         /* Add EXTRA: Age to display seconds since last beacon/probe response
 
5859          * for given network. */
 
5860         iwe.cmd = IWEVCUSTOM;
 
5861         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5862                                      " Last beacon: %dms ago",
 
5863                                      jiffies_to_msecs(jiffies - last_scanned));
 
5864         if (iwe.u.data.length)
 
5865                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5871 /* Return results of a scan */
 
5872 static int orinoco_ioctl_getscan(struct net_device *dev,
 
5873                                  struct iw_request_info *info,
 
5874                                  struct iw_point *srq,
 
5877         struct orinoco_private *priv = netdev_priv(dev);
 
5879         unsigned long flags;
 
5880         char *current_ev = extra;
 
5882         if (orinoco_lock(priv, &flags) != 0)
 
5885         if (priv->scan_inprogress) {
 
5886                 /* Important note : we don't want to block the caller
 
5887                  * until results are ready for various reasons.
 
5888                  * First, managing wait queues is complex and racy.
 
5889                  * Second, we grab some rtnetlink lock before comming
 
5890                  * here (in dev_ioctl()).
 
5891                  * Third, we generate an Wireless Event, so the
 
5892                  * caller can wait itself on that - Jean II */
 
5897         if (priv->has_ext_scan) {
 
5898                 struct xbss_element *bss;
 
5900                 list_for_each_entry(bss, &priv->bss_list, list) {
 
5901                         /* Translate this entry to WE format */
 
5903                                 orinoco_translate_ext_scan(dev, info,
 
5905                                                            extra + srq->length,
 
5909                         /* Check if there is space for one more entry */
 
5910                         if ((extra + srq->length - current_ev)
 
5911                             <= IW_EV_ADDR_LEN) {
 
5912                                 /* Ask user space to try again with a
 
5920                 struct bss_element *bss;
 
5922                 list_for_each_entry(bss, &priv->bss_list, list) {
 
5923                         /* Translate this entry to WE format */
 
5924                         current_ev = orinoco_translate_scan(dev, info,
 
5926                                                             extra + srq->length,
 
5930                         /* Check if there is space for one more entry */
 
5931                         if ((extra + srq->length - current_ev)
 
5932                             <= IW_EV_ADDR_LEN) {
 
5933                                 /* Ask user space to try again with a
 
5941         srq->length = (current_ev - extra);
 
5942         srq->flags = (__u16) priv->scan_mode;
 
5945         orinoco_unlock(priv, &flags);
 
5949 /* Commit handler, called after set operations */
 
5950 static int orinoco_ioctl_commit(struct net_device *dev,
 
5951                                 struct iw_request_info *info,
 
5955         struct orinoco_private *priv = netdev_priv(dev);
 
5956         struct hermes *hw = &priv->hw;
 
5957         unsigned long flags;
 
5963         if (priv->broken_disableport) {
 
5964                 orinoco_reset(&priv->reset_work);
 
5968         if (orinoco_lock(priv, &flags) != 0)
 
5971         err = hermes_disable_port(hw, 0);
 
5973                 printk(KERN_WARNING "%s: Unable to disable port "
 
5974                        "while reconfiguring card\n", dev->name);
 
5975                 priv->broken_disableport = 1;
 
5979         err = __orinoco_program_rids(dev);
 
5981                 printk(KERN_WARNING "%s: Unable to reconfigure card\n",
 
5986         err = hermes_enable_port(hw, 0);
 
5988                 printk(KERN_WARNING "%s: Unable to enable port while reconfiguring card\n",
 
5995                 printk(KERN_WARNING "%s: Resetting instead...\n", dev->name);
 
5996                 schedule_work(&priv->reset_work);
 
6000         orinoco_unlock(priv, &flags);
 
6004 static const struct iw_priv_args orinoco_privtab[] = {
 
6005         { SIOCIWFIRSTPRIV + 0x0, 0, 0, "force_reset" },
 
6006         { SIOCIWFIRSTPRIV + 0x1, 0, 0, "card_reset" },
 
6007         { SIOCIWFIRSTPRIV + 0x2, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6009         { SIOCIWFIRSTPRIV + 0x3, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6011         { SIOCIWFIRSTPRIV + 0x4, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6012           0, "set_preamble" },
 
6013         { SIOCIWFIRSTPRIV + 0x5, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6015         { SIOCIWFIRSTPRIV + 0x6, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6016           0, "set_ibssport" },
 
6017         { SIOCIWFIRSTPRIV + 0x7, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6019         { SIOCIWFIRSTPRIV + 0x9, 0, IW_PRIV_TYPE_BYTE | MAX_RID_LEN,
 
6025  * Structures to export the Wireless Handlers
 
6028 #define STD_IW_HANDLER(id, func) \
 
6029         [IW_IOCTL_IDX(id)] = (iw_handler) func
 
6030 static const iw_handler orinoco_handler[] = {
 
6031         STD_IW_HANDLER(SIOCSIWCOMMIT,   orinoco_ioctl_commit),
 
6032         STD_IW_HANDLER(SIOCGIWNAME,     orinoco_ioctl_getname),
 
6033         STD_IW_HANDLER(SIOCSIWFREQ,     orinoco_ioctl_setfreq),
 
6034         STD_IW_HANDLER(SIOCGIWFREQ,     orinoco_ioctl_getfreq),
 
6035         STD_IW_HANDLER(SIOCSIWMODE,     orinoco_ioctl_setmode),
 
6036         STD_IW_HANDLER(SIOCGIWMODE,     orinoco_ioctl_getmode),
 
6037         STD_IW_HANDLER(SIOCSIWSENS,     orinoco_ioctl_setsens),
 
6038         STD_IW_HANDLER(SIOCGIWSENS,     orinoco_ioctl_getsens),
 
6039         STD_IW_HANDLER(SIOCGIWRANGE,    orinoco_ioctl_getiwrange),
 
6040         STD_IW_HANDLER(SIOCSIWSPY,      iw_handler_set_spy),
 
6041         STD_IW_HANDLER(SIOCGIWSPY,      iw_handler_get_spy),
 
6042         STD_IW_HANDLER(SIOCSIWTHRSPY,   iw_handler_set_thrspy),
 
6043         STD_IW_HANDLER(SIOCGIWTHRSPY,   iw_handler_get_thrspy),
 
6044         STD_IW_HANDLER(SIOCSIWAP,       orinoco_ioctl_setwap),
 
6045         STD_IW_HANDLER(SIOCGIWAP,       orinoco_ioctl_getwap),
 
6046         STD_IW_HANDLER(SIOCSIWSCAN,     orinoco_ioctl_setscan),
 
6047         STD_IW_HANDLER(SIOCGIWSCAN,     orinoco_ioctl_getscan),
 
6048         STD_IW_HANDLER(SIOCSIWESSID,    orinoco_ioctl_setessid),
 
6049         STD_IW_HANDLER(SIOCGIWESSID,    orinoco_ioctl_getessid),
 
6050         STD_IW_HANDLER(SIOCSIWNICKN,    orinoco_ioctl_setnick),
 
6051         STD_IW_HANDLER(SIOCGIWNICKN,    orinoco_ioctl_getnick),
 
6052         STD_IW_HANDLER(SIOCSIWRATE,     orinoco_ioctl_setrate),
 
6053         STD_IW_HANDLER(SIOCGIWRATE,     orinoco_ioctl_getrate),
 
6054         STD_IW_HANDLER(SIOCSIWRTS,      orinoco_ioctl_setrts),
 
6055         STD_IW_HANDLER(SIOCGIWRTS,      orinoco_ioctl_getrts),
 
6056         STD_IW_HANDLER(SIOCSIWFRAG,     orinoco_ioctl_setfrag),
 
6057         STD_IW_HANDLER(SIOCGIWFRAG,     orinoco_ioctl_getfrag),
 
6058         STD_IW_HANDLER(SIOCGIWRETRY,    orinoco_ioctl_getretry),
 
6059         STD_IW_HANDLER(SIOCSIWENCODE,   orinoco_ioctl_setiwencode),
 
6060         STD_IW_HANDLER(SIOCGIWENCODE,   orinoco_ioctl_getiwencode),
 
6061         STD_IW_HANDLER(SIOCSIWPOWER,    orinoco_ioctl_setpower),
 
6062         STD_IW_HANDLER(SIOCGIWPOWER,    orinoco_ioctl_getpower),
 
6063         STD_IW_HANDLER(SIOCSIWGENIE,    orinoco_ioctl_set_genie),
 
6064         STD_IW_HANDLER(SIOCGIWGENIE,    orinoco_ioctl_get_genie),
 
6065         STD_IW_HANDLER(SIOCSIWMLME,     orinoco_ioctl_set_mlme),
 
6066         STD_IW_HANDLER(SIOCSIWAUTH,     orinoco_ioctl_set_auth),
 
6067         STD_IW_HANDLER(SIOCGIWAUTH,     orinoco_ioctl_get_auth),
 
6068         STD_IW_HANDLER(SIOCSIWENCODEEXT, orinoco_ioctl_set_encodeext),
 
6069         STD_IW_HANDLER(SIOCGIWENCODEEXT, orinoco_ioctl_get_encodeext),
 
6074   Added typecasting since we no longer use iwreq_data -- Moustafa
 
6076 static const iw_handler orinoco_private_handler[] = {
 
6077         [0] = (iw_handler) orinoco_ioctl_reset,
 
6078         [1] = (iw_handler) orinoco_ioctl_reset,
 
6079         [2] = (iw_handler) orinoco_ioctl_setport3,
 
6080         [3] = (iw_handler) orinoco_ioctl_getport3,
 
6081         [4] = (iw_handler) orinoco_ioctl_setpreamble,
 
6082         [5] = (iw_handler) orinoco_ioctl_getpreamble,
 
6083         [6] = (iw_handler) orinoco_ioctl_setibssport,
 
6084         [7] = (iw_handler) orinoco_ioctl_getibssport,
 
6085         [9] = (iw_handler) orinoco_ioctl_getrid,
 
6088 static const struct iw_handler_def orinoco_handler_def = {
 
6089         .num_standard = ARRAY_SIZE(orinoco_handler),
 
6090         .num_private = ARRAY_SIZE(orinoco_private_handler),
 
6091         .num_private_args = ARRAY_SIZE(orinoco_privtab),
 
6092         .standard = orinoco_handler,
 
6093         .private = orinoco_private_handler,
 
6094         .private_args = orinoco_privtab,
 
6095         .get_wireless_stats = orinoco_get_wireless_stats,
 
6098 static void orinoco_get_drvinfo(struct net_device *dev,
 
6099                                 struct ethtool_drvinfo *info)
 
6101         struct orinoco_private *priv = netdev_priv(dev);
 
6103         strncpy(info->driver, DRIVER_NAME, sizeof(info->driver) - 1);
 
6104         strncpy(info->version, DRIVER_VERSION, sizeof(info->version) - 1);
 
6105         strncpy(info->fw_version, priv->fw_name, sizeof(info->fw_version) - 1);
 
6106         if (dev->dev.parent)
 
6107                 strncpy(info->bus_info, dev_name(dev->dev.parent),
 
6108                         sizeof(info->bus_info) - 1);
 
6110                 snprintf(info->bus_info, sizeof(info->bus_info) - 1,
 
6111                          "PCMCIA %p", priv->hw.iobase);
 
6114 static const struct ethtool_ops orinoco_ethtool_ops = {
 
6115         .get_drvinfo = orinoco_get_drvinfo,
 
6116         .get_link = ethtool_op_get_link,
 
6119 /********************************************************************/
 
6120 /* Module initialization                                            */
 
6121 /********************************************************************/
 
6123 EXPORT_SYMBOL(alloc_orinocodev);
 
6124 EXPORT_SYMBOL(free_orinocodev);
 
6126 EXPORT_SYMBOL(__orinoco_up);
 
6127 EXPORT_SYMBOL(__orinoco_down);
 
6128 EXPORT_SYMBOL(orinoco_reinit_firmware);
 
6130 EXPORT_SYMBOL(orinoco_interrupt);
 
6132 /* Can't be declared "const" or the whole __initdata section will
 
6134 static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
 
6135         " (David Gibson <hermes@gibson.dropbear.id.au>, "
 
6136         "Pavel Roskin <proski@gnu.org>, et al)";
 
6138 static int __init init_orinoco(void)
 
6140         printk(KERN_DEBUG "%s\n", version);
 
6144 static void __exit exit_orinoco(void)
 
6148 module_init(init_orinoco);
 
6149 module_exit(exit_orinoco);