1 /* orinoco.c - (formerly known as dldwd_cs.c and orinoco_cs.c)
 
   3  * A driver for Hermes or Prism 2 chipset based PCMCIA wireless
 
   4  * adaptors, with Lucent/Agere, Intersil or Symbol firmware.
 
   6  * Current maintainers (as of 29 September 2003) are:
 
   7  *      Pavel Roskin <proski AT gnu.org>
 
   8  * and  David Gibson <hermes AT gibson.dropbear.id.au>
 
  10  * (C) Copyright David Gibson, IBM Corporation 2001-2003.
 
  11  * Copyright (C) 2000 David Gibson, Linuxcare Australia.
 
  12  *      With some help from :
 
  13  * Copyright (C) 2001 Jean Tourrilhes, HP Labs
 
  14  * Copyright (C) 2001 Benjamin Herrenschmidt
 
  16  * Based on dummy_cs.c 1.27 2000/06/12 21:27:25
 
  18  * Portions based on wvlan_cs.c 1.0.6, Copyright Andreas Neuhaus <andy
 
  19  * AT fasta.fh-dortmund.de>
 
  20  *      http://www.stud.fh-dortmund.de/~andy/wvlan/
 
  22  * The contents of this file are subject to the Mozilla Public License
 
  23  * Version 1.1 (the "License"); you may not use this file except in
 
  24  * compliance with the License. You may obtain a copy of the License
 
  25  * at http://www.mozilla.org/MPL/
 
  27  * Software distributed under the License is distributed on an "AS IS"
 
  28  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
 
  29  * the License for the specific language governing rights and
 
  30  * limitations under the License.
 
  32  * The initial developer of the original code is David A. Hinds
 
  33  * <dahinds AT users.sourceforge.net>.  Portions created by David
 
  34  * A. Hinds are Copyright (C) 1999 David A. Hinds.  All Rights
 
  37  * Alternatively, the contents of this file may be used under the
 
  38  * terms of the GNU General Public License version 2 (the "GPL"), in
 
  39  * which case the provisions of the GPL are applicable instead of the
 
  40  * above.  If you wish to allow the use of your version of this file
 
  41  * only under the terms of the GPL and not to allow others to use your
 
  42  * version of this file under the MPL, indicate your decision by
 
  43  * deleting the provisions above and replace them with the notice and
 
  44  * other provisions required by the GPL.  If you do not delete the
 
  45  * provisions above, a recipient may use your version of this file
 
  46  * under either the MPL or the GPL.  */
 
  50  *      o Handle de-encapsulation within network layer, provide 802.11
 
  51  *        headers (patch from Thomas 'Dent' Mirlacher)
 
  52  *      o Fix possible races in SPY handling.
 
  53  *      o Disconnect wireless extensions from fundamental configuration.
 
  54  *      o (maybe) Software WEP support (patch from Stano Meduna).
 
  55  *      o (maybe) Use multiple Tx buffers - driver handling queue
 
  56  *        rather than firmware.
 
  59 /* Locking and synchronization:
 
  61  * The basic principle is that everything is serialized through a
 
  62  * single spinlock, priv->lock.  The lock is used in user, bh and irq
 
  63  * context, so when taken outside hardirq context it should always be
 
  64  * taken with interrupts disabled.  The lock protects both the
 
  65  * hardware and the struct orinoco_private.
 
  67  * Another flag, priv->hw_unavailable indicates that the hardware is
 
  68  * unavailable for an extended period of time (e.g. suspended, or in
 
  69  * the middle of a hard reset).  This flag is protected by the
 
  70  * spinlock.  All code which touches the hardware should check the
 
  71  * flag after taking the lock, and if it is set, give up on whatever
 
  72  * they are doing and drop the lock again.  The orinoco_lock()
 
  73  * function handles this (it unlocks and returns -EBUSY if
 
  74  * hw_unavailable is non-zero).
 
  77 #define DRIVER_NAME "orinoco"
 
  79 #include <linux/module.h>
 
  80 #include <linux/kernel.h>
 
  81 #include <linux/init.h>
 
  82 #include <linux/delay.h>
 
  83 #include <linux/netdevice.h>
 
  84 #include <linux/etherdevice.h>
 
  85 #include <linux/ethtool.h>
 
  86 #include <linux/firmware.h>
 
  87 #include <linux/suspend.h>
 
  88 #include <linux/if_arp.h>
 
  89 #include <linux/wireless.h>
 
  90 #include <linux/ieee80211.h>
 
  91 #include <net/iw_handler.h>
 
  93 #include <linux/scatterlist.h>
 
  94 #include <linux/crypto.h>
 
  96 #include "hermes_rid.h"
 
  97 #include "hermes_dld.h"
 
 100 /********************************************************************/
 
 101 /* Module information                                               */
 
 102 /********************************************************************/
 
 104 MODULE_AUTHOR("Pavel Roskin <proski@gnu.org> & David Gibson <hermes@gibson.dropbear.id.au>");
 
 105 MODULE_DESCRIPTION("Driver for Lucent Orinoco, Prism II based and similar wireless cards");
 
 106 MODULE_LICENSE("Dual MPL/GPL");
 
 108 /* Level of debugging. Used in the macros in orinoco.h */
 
 110 int orinoco_debug = ORINOCO_DEBUG;
 
 111 module_param(orinoco_debug, int, 0644);
 
 112 MODULE_PARM_DESC(orinoco_debug, "Debug level");
 
 113 EXPORT_SYMBOL(orinoco_debug);
 
 116 static int suppress_linkstatus; /* = 0 */
 
 117 module_param(suppress_linkstatus, bool, 0644);
 
 118 MODULE_PARM_DESC(suppress_linkstatus, "Don't log link status changes");
 
 119 static int ignore_disconnect; /* = 0 */
 
 120 module_param(ignore_disconnect, int, 0644);
 
 121 MODULE_PARM_DESC(ignore_disconnect, "Don't report lost link to the network layer");
 
 123 static int force_monitor; /* = 0 */
 
 124 module_param(force_monitor, int, 0644);
 
 125 MODULE_PARM_DESC(force_monitor, "Allow monitor mode for all firmware versions");
 
 127 /********************************************************************/
 
 128 /* Compile time configuration and compatibility stuff               */
 
 129 /********************************************************************/
 
 131 /* We do this this way to avoid ifdefs in the actual code */
 
 133 #define SPY_NUMBER(priv)        (priv->spy_data.spy_number)
 
 135 #define SPY_NUMBER(priv)        0
 
 136 #endif /* WIRELESS_SPY */
 
 138 /********************************************************************/
 
 139 /* Internal constants                                               */
 
 140 /********************************************************************/
 
 142 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
 
 143 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
 
 144 #define ENCAPS_OVERHEAD         (sizeof(encaps_hdr) + 2)
 
 146 #define ORINOCO_MIN_MTU         256
 
 147 #define ORINOCO_MAX_MTU         (IEEE80211_MAX_DATA_LEN - ENCAPS_OVERHEAD)
 
 149 #define SYMBOL_MAX_VER_LEN      (14)
 
 152 #define MAX_IRQLOOPS_PER_IRQ    10
 
 153 #define MAX_IRQLOOPS_PER_JIFFY  (20000/HZ) /* Based on a guestimate of
 
 154                                             * how many events the
 
 156                                             * legitimately generate */
 
 157 #define SMALL_KEY_SIZE          5
 
 158 #define LARGE_KEY_SIZE          13
 
 159 #define TX_NICBUF_SIZE_BUG      1585            /* Bug in Symbol firmware */
 
 161 #define DUMMY_FID               0xFFFF
 
 163 /*#define MAX_MULTICAST(priv)   (priv->firmware_type == FIRMWARE_TYPE_AGERE ? \
 
 164   HERMES_MAX_MULTICAST : 0)*/
 
 165 #define MAX_MULTICAST(priv)     (HERMES_MAX_MULTICAST)
 
 167 #define ORINOCO_INTEN           (HERMES_EV_RX | HERMES_EV_ALLOC \
 
 168                                  | HERMES_EV_TX | HERMES_EV_TXEXC \
 
 169                                  | HERMES_EV_WTERR | HERMES_EV_INFO \
 
 170                                  | HERMES_EV_INFDROP )
 
 172 #define MAX_RID_LEN 1024
 
 174 static const struct iw_handler_def orinoco_handler_def;
 
 175 static const struct ethtool_ops orinoco_ethtool_ops;
 
 177 /********************************************************************/
 
 179 /********************************************************************/
 
 181 #define NUM_CHANNELS 14
 
 183 /* This tables gives the actual meanings of the bitrate IDs returned
 
 184  * by the firmware. */
 
 186         int bitrate; /* in 100s of kilobits */
 
 188         u16 agere_txratectrl;
 
 189         u16 intersil_txratectrl;
 
 190 } bitrate_table[] = {
 
 191         {110, 1,  3, 15}, /* Entry 0 is the default */
 
 200 #define BITRATE_TABLE_SIZE ARRAY_SIZE(bitrate_table)
 
 202 /********************************************************************/
 
 204 /********************************************************************/
 
 206 /* Beginning of the Tx descriptor, used in TxExc handling */
 
 207 struct hermes_txexc_data {
 
 208         struct hermes_tx_descriptor desc;
 
 212 } __attribute__ ((packed));
 
 214 /* Rx frame header except compatibility 802.3 header */
 
 215 struct hermes_rx_descriptor {
 
 236 } __attribute__ ((packed));
 
 238 /********************************************************************/
 
 239 /* Function prototypes                                              */
 
 240 /********************************************************************/
 
 242 static int __orinoco_program_rids(struct net_device *dev);
 
 243 static void __orinoco_set_multicast_list(struct net_device *dev);
 
 245 /********************************************************************/
 
 246 /* Michael MIC crypto setup                                         */
 
 247 /********************************************************************/
 
 248 #define MICHAEL_MIC_LEN 8
 
 249 static int orinoco_mic_init(struct orinoco_private *priv)
 
 251         priv->tx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
 
 252         if (IS_ERR(priv->tx_tfm_mic)) {
 
 253                 printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
 
 254                        "crypto API michael_mic\n");
 
 255                 priv->tx_tfm_mic = NULL;
 
 259         priv->rx_tfm_mic = crypto_alloc_hash("michael_mic", 0, 0);
 
 260         if (IS_ERR(priv->rx_tfm_mic)) {
 
 261                 printk(KERN_DEBUG "orinoco_mic_init: could not allocate "
 
 262                        "crypto API michael_mic\n");
 
 263                 priv->rx_tfm_mic = NULL;
 
 270 static void orinoco_mic_free(struct orinoco_private *priv)
 
 272         if (priv->tx_tfm_mic)
 
 273                 crypto_free_hash(priv->tx_tfm_mic);
 
 274         if (priv->rx_tfm_mic)
 
 275                 crypto_free_hash(priv->rx_tfm_mic);
 
 278 static int michael_mic(struct crypto_hash *tfm_michael, u8 *key,
 
 279                        u8 *da, u8 *sa, u8 priority,
 
 280                        u8 *data, size_t data_len, u8 *mic)
 
 282         struct hash_desc desc;
 
 283         struct scatterlist sg[2];
 
 284         u8 hdr[ETH_HLEN + 2]; /* size of header + padding */
 
 286         if (tfm_michael == NULL) {
 
 287                 printk(KERN_WARNING "michael_mic: tfm_michael == NULL\n");
 
 291         /* Copy header into buffer. We need the padding on the end zeroed */
 
 292         memcpy(&hdr[0], da, ETH_ALEN);
 
 293         memcpy(&hdr[ETH_ALEN], sa, ETH_ALEN);
 
 294         hdr[ETH_ALEN*2] = priority;
 
 295         hdr[ETH_ALEN*2+1] = 0;
 
 296         hdr[ETH_ALEN*2+2] = 0;
 
 297         hdr[ETH_ALEN*2+3] = 0;
 
 299         /* Use scatter gather to MIC header and data in one go */
 
 300         sg_init_table(sg, 2);
 
 301         sg_set_buf(&sg[0], hdr, sizeof(hdr));
 
 302         sg_set_buf(&sg[1], data, data_len);
 
 304         if (crypto_hash_setkey(tfm_michael, key, MIC_KEYLEN))
 
 307         desc.tfm = tfm_michael;
 
 309         return crypto_hash_digest(&desc, sg, data_len + sizeof(hdr),
 
 313 /********************************************************************/
 
 314 /* Internal helper functions                                        */
 
 315 /********************************************************************/
 
 317 static inline void set_port_type(struct orinoco_private *priv)
 
 319         switch (priv->iw_mode) {
 
 322                 priv->createibss = 0;
 
 325                 if (priv->prefer_port3) {
 
 327                         priv->createibss = 0;
 
 329                         priv->port_type = priv->ibss_port;
 
 330                         priv->createibss = 1;
 
 333         case IW_MODE_MONITOR:
 
 335                 priv->createibss = 0;
 
 338                 printk(KERN_ERR "%s: Invalid priv->iw_mode in set_port_type()\n",
 
 343 #define ORINOCO_MAX_BSS_COUNT   64
 
 344 static int orinoco_bss_data_allocate(struct orinoco_private *priv)
 
 346         if (priv->bss_xbss_data)
 
 349         if (priv->has_ext_scan)
 
 350                 priv->bss_xbss_data = kzalloc(ORINOCO_MAX_BSS_COUNT *
 
 351                                               sizeof(struct xbss_element),
 
 354                 priv->bss_xbss_data = kzalloc(ORINOCO_MAX_BSS_COUNT *
 
 355                                               sizeof(struct bss_element),
 
 358         if (!priv->bss_xbss_data) {
 
 359                 printk(KERN_WARNING "Out of memory allocating beacons");
 
 365 static void orinoco_bss_data_free(struct orinoco_private *priv)
 
 367         kfree(priv->bss_xbss_data);
 
 368         priv->bss_xbss_data = NULL;
 
 371 #define PRIV_BSS        ((struct bss_element *)priv->bss_xbss_data)
 
 372 #define PRIV_XBSS       ((struct xbss_element *)priv->bss_xbss_data)
 
 373 static void orinoco_bss_data_init(struct orinoco_private *priv)
 
 377         INIT_LIST_HEAD(&priv->bss_free_list);
 
 378         INIT_LIST_HEAD(&priv->bss_list);
 
 379         if (priv->has_ext_scan)
 
 380                 for (i = 0; i < ORINOCO_MAX_BSS_COUNT; i++)
 
 381                         list_add_tail(&(PRIV_XBSS[i].list),
 
 382                                       &priv->bss_free_list);
 
 384                 for (i = 0; i < ORINOCO_MAX_BSS_COUNT; i++)
 
 385                         list_add_tail(&(PRIV_BSS[i].list),
 
 386                                       &priv->bss_free_list);
 
 390 static inline u8 *orinoco_get_ie(u8 *data, size_t len,
 
 391                                  enum ieee80211_eid eid)
 
 394         while ((p + 2) < (data + len)) {
 
 402 #define WPA_OUI_TYPE    "\x00\x50\xF2\x01"
 
 403 #define WPA_SELECTOR_LEN 4
 
 404 static inline u8 *orinoco_get_wpa_ie(u8 *data, size_t len)
 
 407         while ((p + 2 + WPA_SELECTOR_LEN) < (data + len)) {
 
 408                 if ((p[0] == WLAN_EID_GENERIC) &&
 
 409                     (memcmp(&p[2], WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0))
 
 417 /********************************************************************/
 
 418 /* Download functionality                                           */
 
 419 /********************************************************************/
 
 429 const static struct fw_info orinoco_fw[] = {
 
 430         { NULL, "agere_sta_fw.bin", "agere_ap_fw.bin", 0x00390000, 1000 },
 
 431         { NULL, "prism_sta_fw.bin", "prism_ap_fw.bin", 0, 1024 },
 
 432         { "symbol_sp24t_prim_fw", "symbol_sp24t_sec_fw", NULL, 0x00003100, 512 }
 
 435 /* Structure used to access fields in FW
 
 436  * Make sure LE decoding macros are used
 
 438 struct orinoco_fw_header {
 
 439         char hdr_vers[6];       /* ASCII string for header version */
 
 440         __le16 headersize;      /* Total length of header */
 
 441         __le32 entry_point;     /* NIC entry point */
 
 442         __le32 blocks;          /* Number of blocks to program */
 
 443         __le32 block_offset;    /* Offset of block data from eof header */
 
 444         __le32 pdr_offset;      /* Offset to PDR data from eof header */
 
 445         __le32 pri_offset;      /* Offset to primary plug data */
 
 446         __le32 compat_offset;   /* Offset to compatibility data*/
 
 447         char signature[0];      /* FW signature length headersize-20 */
 
 448 } __attribute__ ((packed));
 
 450 /* Download either STA or AP firmware into the card. */
 
 452 orinoco_dl_firmware(struct orinoco_private *priv,
 
 453                     const struct fw_info *fw,
 
 456         /* Plug Data Area (PDA) */
 
 459         hermes_t *hw = &priv->hw;
 
 460         const struct firmware *fw_entry;
 
 461         const struct orinoco_fw_header *hdr;
 
 462         const unsigned char *first_block;
 
 463         const unsigned char *end;
 
 464         const char *firmware;
 
 465         struct net_device *dev = priv->ndev;
 
 468         pda = kzalloc(fw->pda_size, GFP_KERNEL);
 
 473                 firmware = fw->ap_fw;
 
 475                 firmware = fw->sta_fw;
 
 477         printk(KERN_DEBUG "%s: Attempting to download firmware %s\n",
 
 478                dev->name, firmware);
 
 480         /* Read current plug data */
 
 481         err = hermes_read_pda(hw, pda, fw->pda_addr, fw->pda_size, 0);
 
 482         printk(KERN_DEBUG "%s: Read PDA returned %d\n", dev->name, err);
 
 486         if (!priv->cached_fw) {
 
 487                 err = request_firmware(&fw_entry, firmware, priv->dev);
 
 490                         printk(KERN_ERR "%s: Cannot find firmware %s\n",
 
 491                                dev->name, firmware);
 
 496                 fw_entry = priv->cached_fw;
 
 498         hdr = (const struct orinoco_fw_header *) fw_entry->data;
 
 500         /* Enable aux port to allow programming */
 
 501         err = hermesi_program_init(hw, le32_to_cpu(hdr->entry_point));
 
 502         printk(KERN_DEBUG "%s: Program init returned %d\n", dev->name, err);
 
 507         first_block = (fw_entry->data +
 
 508                        le16_to_cpu(hdr->headersize) +
 
 509                        le32_to_cpu(hdr->block_offset));
 
 510         end = fw_entry->data + fw_entry->size;
 
 512         err = hermes_program(hw, first_block, end);
 
 513         printk(KERN_DEBUG "%s: Program returned %d\n", dev->name, err);
 
 517         /* Update production data */
 
 518         first_block = (fw_entry->data +
 
 519                        le16_to_cpu(hdr->headersize) +
 
 520                        le32_to_cpu(hdr->pdr_offset));
 
 522         err = hermes_apply_pda_with_defaults(hw, first_block, pda);
 
 523         printk(KERN_DEBUG "%s: Apply PDA returned %d\n", dev->name, err);
 
 527         /* Tell card we've finished */
 
 528         err = hermesi_program_end(hw);
 
 529         printk(KERN_DEBUG "%s: Program end returned %d\n", dev->name, err);
 
 533         /* Check if we're running */
 
 534         printk(KERN_DEBUG "%s: hermes_present returned %d\n",
 
 535                dev->name, hermes_present(hw));
 
 538         /* If we requested the firmware, release it. */
 
 539         if (!priv->cached_fw)
 
 540                 release_firmware(fw_entry);
 
 548 #define TEXT_END        0x1A            /* End of text header */
 
 551  * Process a firmware image - stop the card, load the firmware, reset
 
 552  * the card and make sure it responds.  For the secondary firmware take
 
 553  * care of the PDA - read it and then write it on top of the firmware.
 
 556 symbol_dl_image(struct orinoco_private *priv, const struct fw_info *fw,
 
 557                 const unsigned char *image, const unsigned char *end,
 
 560         hermes_t *hw = &priv->hw;
 
 562         const unsigned char *ptr;
 
 563         const unsigned char *first_block;
 
 565         /* Plug Data Area (PDA) */
 
 568         /* Binary block begins after the 0x1A marker */
 
 570         while (*ptr++ != TEXT_END);
 
 573         /* Read the PDA from EEPROM */
 
 575                 pda = kzalloc(fw->pda_size, GFP_KERNEL);
 
 579                 ret = hermes_read_pda(hw, pda, fw->pda_addr, fw->pda_size, 1);
 
 584         /* Stop the firmware, so that it can be safely rewritten */
 
 586                 ret = priv->stop_fw(priv, 1);
 
 591         /* Program the adapter with new firmware */
 
 592         ret = hermes_program(hw, first_block, end);
 
 596         /* Write the PDA to the adapter */
 
 598                 size_t len = hermes_blocks_length(first_block);
 
 599                 ptr = first_block + len;
 
 600                 ret = hermes_apply_pda(hw, ptr, pda);
 
 606         /* Run the firmware */
 
 608                 ret = priv->stop_fw(priv, 0);
 
 613         /* Reset hermes chip and make sure it responds */
 
 614         ret = hermes_init(hw);
 
 616         /* hermes_reset() should return 0 with the secondary firmware */
 
 617         if (secondary && ret != 0)
 
 620         /* And this should work with any firmware */
 
 621         if (!hermes_present(hw))
 
 633  * Download the firmware into the card, this also does a PCMCIA soft
 
 634  * reset on the card, to make sure it's in a sane state.
 
 637 symbol_dl_firmware(struct orinoco_private *priv,
 
 638                    const struct fw_info *fw)
 
 640         struct net_device *dev = priv->ndev;
 
 642         const struct firmware *fw_entry;
 
 644         if (!priv->cached_pri_fw) {
 
 645                 if (request_firmware(&fw_entry, fw->pri_fw, priv->dev) != 0) {
 
 646                         printk(KERN_ERR "%s: Cannot find firmware: %s\n",
 
 647                                dev->name, fw->pri_fw);
 
 651                 fw_entry = priv->cached_pri_fw;
 
 653         /* Load primary firmware */
 
 654         ret = symbol_dl_image(priv, fw, fw_entry->data,
 
 655                               fw_entry->data + fw_entry->size, 0);
 
 657         if (!priv->cached_pri_fw)
 
 658                 release_firmware(fw_entry);
 
 660                 printk(KERN_ERR "%s: Primary firmware download failed\n",
 
 665         if (!priv->cached_fw) {
 
 666                 if (request_firmware(&fw_entry, fw->sta_fw, priv->dev) != 0) {
 
 667                         printk(KERN_ERR "%s: Cannot find firmware: %s\n",
 
 668                                dev->name, fw->sta_fw);
 
 672                 fw_entry = priv->cached_fw;
 
 674         /* Load secondary firmware */
 
 675         ret = symbol_dl_image(priv, fw, fw_entry->data,
 
 676                               fw_entry->data + fw_entry->size, 1);
 
 677         if (!priv->cached_fw)
 
 678                 release_firmware(fw_entry);
 
 680                 printk(KERN_ERR "%s: Secondary firmware download failed\n",
 
 687 static int orinoco_download(struct orinoco_private *priv)
 
 690         /* Reload firmware */
 
 691         switch (priv->firmware_type) {
 
 692         case FIRMWARE_TYPE_AGERE:
 
 693                 /* case FIRMWARE_TYPE_INTERSIL: */
 
 694                 err = orinoco_dl_firmware(priv,
 
 695                                           &orinoco_fw[priv->firmware_type], 0);
 
 698         case FIRMWARE_TYPE_SYMBOL:
 
 699                 err = symbol_dl_firmware(priv,
 
 700                                          &orinoco_fw[priv->firmware_type]);
 
 702         case FIRMWARE_TYPE_INTERSIL:
 
 705         /* TODO: if we fail we probably need to reinitialise
 
 711 #if defined(CONFIG_HERMES_CACHE_FW_ON_INIT) || defined(CONFIG_PM_SLEEP)
 
 712 static void orinoco_cache_fw(struct orinoco_private *priv, int ap)
 
 714         const struct firmware *fw_entry = NULL;
 
 718         pri_fw = orinoco_fw[priv->firmware_type].pri_fw;
 
 720                 fw = orinoco_fw[priv->firmware_type].ap_fw;
 
 722                 fw = orinoco_fw[priv->firmware_type].sta_fw;
 
 725                 if (request_firmware(&fw_entry, pri_fw, priv->dev) == 0)
 
 726                         priv->cached_pri_fw = fw_entry;
 
 730                 if (request_firmware(&fw_entry, fw, priv->dev) == 0)
 
 731                         priv->cached_fw = fw_entry;
 
 735 static void orinoco_uncache_fw(struct orinoco_private *priv)
 
 737         if (priv->cached_pri_fw)
 
 738                 release_firmware(priv->cached_pri_fw);
 
 740                 release_firmware(priv->cached_fw);
 
 742         priv->cached_pri_fw = NULL;
 
 743         priv->cached_fw = NULL;
 
 746 #define orinoco_cache_fw(priv, ap)
 
 747 #define orinoco_uncache_fw(priv)
 
 750 /********************************************************************/
 
 752 /********************************************************************/
 
 754 static int orinoco_open(struct net_device *dev)
 
 756         struct orinoco_private *priv = netdev_priv(dev);
 
 760         if (orinoco_lock(priv, &flags) != 0)
 
 763         err = __orinoco_up(dev);
 
 768         orinoco_unlock(priv, &flags);
 
 773 static int orinoco_stop(struct net_device *dev)
 
 775         struct orinoco_private *priv = netdev_priv(dev);
 
 778         /* We mustn't use orinoco_lock() here, because we need to be
 
 779            able to close the interface even if hw_unavailable is set
 
 780            (e.g. as we're released after a PC Card removal) */
 
 781         spin_lock_irq(&priv->lock);
 
 785         err = __orinoco_down(dev);
 
 787         spin_unlock_irq(&priv->lock);
 
 792 static struct net_device_stats *orinoco_get_stats(struct net_device *dev)
 
 794         struct orinoco_private *priv = netdev_priv(dev);
 
 799 static struct iw_statistics *orinoco_get_wireless_stats(struct net_device *dev)
 
 801         struct orinoco_private *priv = netdev_priv(dev);
 
 802         hermes_t *hw = &priv->hw;
 
 803         struct iw_statistics *wstats = &priv->wstats;
 
 807         if (! netif_device_present(dev)) {
 
 808                 printk(KERN_WARNING "%s: get_wireless_stats() called while device not present\n",
 
 810                 return NULL; /* FIXME: Can we do better than this? */
 
 813         /* If busy, return the old stats.  Returning NULL may cause
 
 814          * the interface to disappear from /proc/net/wireless */
 
 815         if (orinoco_lock(priv, &flags) != 0)
 
 818         /* We can't really wait for the tallies inquiry command to
 
 819          * complete, so we just use the previous results and trigger
 
 820          * a new tallies inquiry command for next time - Jean II */
 
 821         /* FIXME: Really we should wait for the inquiry to come back -
 
 822          * as it is the stats we give don't make a whole lot of sense.
 
 823          * Unfortunately, it's not clear how to do that within the
 
 824          * wireless extensions framework: I think we're in user
 
 825          * context, but a lock seems to be held by the time we get in
 
 826          * here so we're not safe to sleep here. */
 
 827         hermes_inquire(hw, HERMES_INQ_TALLIES);
 
 829         if (priv->iw_mode == IW_MODE_ADHOC) {
 
 830                 memset(&wstats->qual, 0, sizeof(wstats->qual));
 
 831                 /* If a spy address is defined, we report stats of the
 
 832                  * first spy address - Jean II */
 
 833                 if (SPY_NUMBER(priv)) {
 
 834                         wstats->qual.qual = priv->spy_data.spy_stat[0].qual;
 
 835                         wstats->qual.level = priv->spy_data.spy_stat[0].level;
 
 836                         wstats->qual.noise = priv->spy_data.spy_stat[0].noise;
 
 837                         wstats->qual.updated = priv->spy_data.spy_stat[0].updated;
 
 841                         __le16 qual, signal, noise, unused;
 
 842                 } __attribute__ ((packed)) cq;
 
 844                 err = HERMES_READ_RECORD(hw, USER_BAP,
 
 845                                          HERMES_RID_COMMSQUALITY, &cq);
 
 848                         wstats->qual.qual = (int)le16_to_cpu(cq.qual);
 
 849                         wstats->qual.level = (int)le16_to_cpu(cq.signal) - 0x95;
 
 850                         wstats->qual.noise = (int)le16_to_cpu(cq.noise) - 0x95;
 
 851                         wstats->qual.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
 
 855         orinoco_unlock(priv, &flags);
 
 859 static void orinoco_set_multicast_list(struct net_device *dev)
 
 861         struct orinoco_private *priv = netdev_priv(dev);
 
 864         if (orinoco_lock(priv, &flags) != 0) {
 
 865                 printk(KERN_DEBUG "%s: orinoco_set_multicast_list() "
 
 866                        "called when hw_unavailable\n", dev->name);
 
 870         __orinoco_set_multicast_list(dev);
 
 871         orinoco_unlock(priv, &flags);
 
 874 static int orinoco_change_mtu(struct net_device *dev, int new_mtu)
 
 876         struct orinoco_private *priv = netdev_priv(dev);
 
 878         if ( (new_mtu < ORINOCO_MIN_MTU) || (new_mtu > ORINOCO_MAX_MTU) )
 
 881         /* MTU + encapsulation + header length */
 
 882         if ( (new_mtu + ENCAPS_OVERHEAD + sizeof(struct ieee80211_hdr)) >
 
 883              (priv->nicbuf_size - ETH_HLEN) )
 
 891 /********************************************************************/
 
 893 /********************************************************************/
 
 895 static int orinoco_xmit(struct sk_buff *skb, struct net_device *dev)
 
 897         struct orinoco_private *priv = netdev_priv(dev);
 
 898         struct net_device_stats *stats = &priv->stats;
 
 899         hermes_t *hw = &priv->hw;
 
 901         u16 txfid = priv->txfid;
 
 906         if (! netif_running(dev)) {
 
 907                 printk(KERN_ERR "%s: Tx on stopped device!\n",
 
 909                 return NETDEV_TX_BUSY;
 
 912         if (netif_queue_stopped(dev)) {
 
 913                 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n", 
 
 915                 return NETDEV_TX_BUSY;
 
 918         if (orinoco_lock(priv, &flags) != 0) {
 
 919                 printk(KERN_ERR "%s: orinoco_xmit() called while hw_unavailable\n",
 
 921                 return NETDEV_TX_BUSY;
 
 924         if (! netif_carrier_ok(dev) || (priv->iw_mode == IW_MODE_MONITOR)) {
 
 925                 /* Oops, the firmware hasn't established a connection,
 
 926                    silently drop the packet (this seems to be the
 
 931         /* Check packet length */
 
 932         if (skb->len < ETH_HLEN)
 
 935         tx_control = HERMES_TXCTRL_TX_OK | HERMES_TXCTRL_TX_EX;
 
 937         if (priv->encode_alg == IW_ENCODE_ALG_TKIP)
 
 938                 tx_control |= (priv->tx_key << HERMES_MIC_KEY_ID_SHIFT) |
 
 941         if (priv->has_alt_txcntl) {
 
 942                 /* WPA enabled firmwares have tx_cntl at the end of
 
 943                  * the 802.11 header.  So write zeroed descriptor and
 
 944                  * 802.11 header at the same time
 
 946                 char desc[HERMES_802_3_OFFSET];
 
 947                 __le16 *txcntl = (__le16 *) &desc[HERMES_TXCNTL2_OFFSET];
 
 949                 memset(&desc, 0, sizeof(desc));
 
 951                 *txcntl = cpu_to_le16(tx_control);
 
 952                 err = hermes_bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
 
 956                                 printk(KERN_ERR "%s: Error %d writing Tx "
 
 957                                        "descriptor to BAP\n", dev->name, err);
 
 961                 struct hermes_tx_descriptor desc;
 
 963                 memset(&desc, 0, sizeof(desc));
 
 965                 desc.tx_control = cpu_to_le16(tx_control);
 
 966                 err = hermes_bap_pwrite(hw, USER_BAP, &desc, sizeof(desc),
 
 970                                 printk(KERN_ERR "%s: Error %d writing Tx "
 
 971                                        "descriptor to BAP\n", dev->name, err);
 
 975                 /* Clear the 802.11 header and data length fields - some
 
 976                  * firmwares (e.g. Lucent/Agere 8.xx) appear to get confused
 
 977                  * if this isn't done. */
 
 978                 hermes_clear_words(hw, HERMES_DATA0,
 
 979                                    HERMES_802_3_OFFSET - HERMES_802_11_OFFSET);
 
 982         eh = (struct ethhdr *)skb->data;
 
 984         /* Encapsulate Ethernet-II frames */
 
 985         if (ntohs(eh->h_proto) > ETH_DATA_LEN) { /* Ethernet-II frame */
 
 986                 struct header_struct {
 
 987                         struct ethhdr eth;      /* 802.3 header */
 
 988                         u8 encap[6];            /* 802.2 header */
 
 989                 } __attribute__ ((packed)) hdr;
 
 991                 /* Strip destination and source from the data */
 
 992                 skb_pull(skb, 2 * ETH_ALEN);
 
 994                 /* And move them to a separate header */
 
 995                 memcpy(&hdr.eth, eh, 2 * ETH_ALEN);
 
 996                 hdr.eth.h_proto = htons(sizeof(encaps_hdr) + skb->len);
 
 997                 memcpy(hdr.encap, encaps_hdr, sizeof(encaps_hdr));
 
 999                 /* Insert the SNAP header */
 
1000                 if (skb_headroom(skb) < sizeof(hdr)) {
 
1002                                "%s: Not enough headroom for 802.2 headers %d\n",
 
1003                                dev->name, skb_headroom(skb));
 
1006                 eh = (struct ethhdr *) skb_push(skb, sizeof(hdr));
 
1007                 memcpy(eh, &hdr, sizeof(hdr));
 
1010         err = hermes_bap_pwrite(hw, USER_BAP, skb->data, skb->len,
 
1011                                 txfid, HERMES_802_3_OFFSET);
 
1013                 printk(KERN_ERR "%s: Error %d writing packet to BAP\n",
 
1018         /* Calculate Michael MIC */
 
1019         if (priv->encode_alg == IW_ENCODE_ALG_TKIP) {
 
1020                 u8 mic_buf[MICHAEL_MIC_LEN + 1];
 
1026                         /* MIC start is on an odd boundary */
 
1027                         mic_buf[0] = skb->data[skb->len - 1];
 
1029                         offset = skb->len - 1;
 
1030                         len = MICHAEL_MIC_LEN + 1;
 
1034                         len = MICHAEL_MIC_LEN;
 
1037                 michael_mic(priv->tx_tfm_mic,
 
1038                             priv->tkip_key[priv->tx_key].tx_mic,
 
1039                             eh->h_dest, eh->h_source, 0 /* priority */,
 
1040                             skb->data + ETH_HLEN, skb->len - ETH_HLEN, mic);
 
1043                 err = hermes_bap_pwrite(hw, USER_BAP, &mic_buf[0], len,
 
1044                                         txfid, HERMES_802_3_OFFSET + offset);
 
1046                         printk(KERN_ERR "%s: Error %d writing MIC to BAP\n",
 
1052         /* Finally, we actually initiate the send */
 
1053         netif_stop_queue(dev);
 
1055         err = hermes_docmd_wait(hw, HERMES_CMD_TX | HERMES_CMD_RECL,
 
1058                 netif_start_queue(dev);
 
1059                 if (net_ratelimit())
 
1060                         printk(KERN_ERR "%s: Error %d transmitting packet\n",
 
1065         dev->trans_start = jiffies;
 
1066         stats->tx_bytes += HERMES_802_3_OFFSET + skb->len;
 
1071         stats->tx_dropped++;
 
1074         orinoco_unlock(priv, &flags);
 
1076         return NETDEV_TX_OK;
 
1080                 schedule_work(&priv->reset_work);
 
1081         orinoco_unlock(priv, &flags);
 
1082         return NETDEV_TX_BUSY;
 
1085 static void __orinoco_ev_alloc(struct net_device *dev, hermes_t *hw)
 
1087         struct orinoco_private *priv = netdev_priv(dev);
 
1088         u16 fid = hermes_read_regn(hw, ALLOCFID);
 
1090         if (fid != priv->txfid) {
 
1091                 if (fid != DUMMY_FID)
 
1092                         printk(KERN_WARNING "%s: Allocate event on unexpected fid (%04X)\n",
 
1097         hermes_write_regn(hw, ALLOCFID, DUMMY_FID);
 
1100 static void __orinoco_ev_tx(struct net_device *dev, hermes_t *hw)
 
1102         struct orinoco_private *priv = netdev_priv(dev);
 
1103         struct net_device_stats *stats = &priv->stats;
 
1105         stats->tx_packets++;
 
1107         netif_wake_queue(dev);
 
1109         hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
 
1112 static void __orinoco_ev_txexc(struct net_device *dev, hermes_t *hw)
 
1114         struct orinoco_private *priv = netdev_priv(dev);
 
1115         struct net_device_stats *stats = &priv->stats;
 
1116         u16 fid = hermes_read_regn(hw, TXCOMPLFID);
 
1118         struct hermes_txexc_data hdr;
 
1121         if (fid == DUMMY_FID)
 
1122                 return; /* Nothing's really happened */
 
1124         /* Read part of the frame header - we need status and addr1 */
 
1125         err = hermes_bap_pread(hw, IRQ_BAP, &hdr,
 
1126                                sizeof(struct hermes_txexc_data),
 
1129         hermes_write_regn(hw, TXCOMPLFID, DUMMY_FID);
 
1133                 printk(KERN_WARNING "%s: Unable to read descriptor on Tx error "
 
1134                        "(FID=%04X error %d)\n",
 
1135                        dev->name, fid, err);
 
1139         DEBUG(1, "%s: Tx error, err %d (FID=%04X)\n", dev->name,
 
1142         /* We produce a TXDROP event only for retry or lifetime
 
1143          * exceeded, because that's the only status that really mean
 
1144          * that this particular node went away.
 
1145          * Other errors means that *we* screwed up. - Jean II */
 
1146         status = le16_to_cpu(hdr.desc.status);
 
1147         if (status & (HERMES_TXSTAT_RETRYERR | HERMES_TXSTAT_AGEDERR)) {
 
1148                 union iwreq_data        wrqu;
 
1150                 /* Copy 802.11 dest address.
 
1151                  * We use the 802.11 header because the frame may
 
1152                  * not be 802.3 or may be mangled...
 
1153                  * In Ad-Hoc mode, it will be the node address.
 
1154                  * In managed mode, it will be most likely the AP addr
 
1155                  * User space will figure out how to convert it to
 
1156                  * whatever it needs (IP address or else).
 
1158                 memcpy(wrqu.addr.sa_data, hdr.addr1, ETH_ALEN);
 
1159                 wrqu.addr.sa_family = ARPHRD_ETHER;
 
1161                 /* Send event to user space */
 
1162                 wireless_send_event(dev, IWEVTXDROP, &wrqu, NULL);
 
1165         netif_wake_queue(dev);
 
1168 static void orinoco_tx_timeout(struct net_device *dev)
 
1170         struct orinoco_private *priv = netdev_priv(dev);
 
1171         struct net_device_stats *stats = &priv->stats;
 
1172         struct hermes *hw = &priv->hw;
 
1174         printk(KERN_WARNING "%s: Tx timeout! "
 
1175                "ALLOCFID=%04x, TXCOMPLFID=%04x, EVSTAT=%04x\n",
 
1176                dev->name, hermes_read_regn(hw, ALLOCFID),
 
1177                hermes_read_regn(hw, TXCOMPLFID), hermes_read_regn(hw, EVSTAT));
 
1181         schedule_work(&priv->reset_work);
 
1184 /********************************************************************/
 
1185 /* Rx path (data frames)                                            */
 
1186 /********************************************************************/
 
1188 /* Does the frame have a SNAP header indicating it should be
 
1189  * de-encapsulated to Ethernet-II? */
 
1190 static inline int is_ethersnap(void *_hdr)
 
1194         /* We de-encapsulate all packets which, a) have SNAP headers
 
1195          * (i.e. SSAP=DSAP=0xaa and CTRL=0x3 in the 802.2 LLC header
 
1196          * and where b) the OUI of the SNAP header is 00:00:00 or
 
1197          * 00:00:f8 - we need both because different APs appear to use
 
1198          * different OUIs for some reason */
 
1199         return (memcmp(hdr, &encaps_hdr, 5) == 0)
 
1200                 && ( (hdr[5] == 0x00) || (hdr[5] == 0xf8) );
 
1203 static inline void orinoco_spy_gather(struct net_device *dev, u_char *mac,
 
1204                                       int level, int noise)
 
1206         struct iw_quality wstats;
 
1207         wstats.level = level - 0x95;
 
1208         wstats.noise = noise - 0x95;
 
1209         wstats.qual = (level > noise) ? (level - noise) : 0;
 
1210         wstats.updated = IW_QUAL_ALL_UPDATED | IW_QUAL_DBM;
 
1211         /* Update spy records */
 
1212         wireless_spy_update(dev, mac, &wstats);
 
1215 static void orinoco_stat_gather(struct net_device *dev,
 
1216                                 struct sk_buff *skb,
 
1217                                 struct hermes_rx_descriptor *desc)
 
1219         struct orinoco_private *priv = netdev_priv(dev);
 
1221         /* Using spy support with lots of Rx packets, like in an
 
1222          * infrastructure (AP), will really slow down everything, because
 
1223          * the MAC address must be compared to each entry of the spy list.
 
1224          * If the user really asks for it (set some address in the
 
1225          * spy list), we do it, but he will pay the price.
 
1226          * Note that to get here, you need both WIRELESS_SPY
 
1227          * compiled in AND some addresses in the list !!!
 
1229         /* Note : gcc will optimise the whole section away if
 
1230          * WIRELESS_SPY is not defined... - Jean II */
 
1231         if (SPY_NUMBER(priv)) {
 
1232                 orinoco_spy_gather(dev, skb_mac_header(skb) + ETH_ALEN,
 
1233                                    desc->signal, desc->silence);
 
1238  * orinoco_rx_monitor - handle received monitor frames.
 
1241  *      dev             network device
 
1242  *      rxfid           received FID
 
1243  *      desc            rx descriptor of the frame
 
1245  * Call context: interrupt
 
1247 static void orinoco_rx_monitor(struct net_device *dev, u16 rxfid,
 
1248                                struct hermes_rx_descriptor *desc)
 
1250         u32 hdrlen = 30;        /* return full header by default */
 
1255         struct sk_buff *skb;
 
1256         struct orinoco_private *priv = netdev_priv(dev);
 
1257         struct net_device_stats *stats = &priv->stats;
 
1258         hermes_t *hw = &priv->hw;
 
1260         len = le16_to_cpu(desc->data_len);
 
1262         /* Determine the size of the header and the data */
 
1263         fc = le16_to_cpu(desc->frame_ctl);
 
1264         switch (fc & IEEE80211_FCTL_FTYPE) {
 
1265         case IEEE80211_FTYPE_DATA:
 
1266                 if ((fc & IEEE80211_FCTL_TODS)
 
1267                     && (fc & IEEE80211_FCTL_FROMDS))
 
1273         case IEEE80211_FTYPE_MGMT:
 
1277         case IEEE80211_FTYPE_CTL:
 
1278                 switch (fc & IEEE80211_FCTL_STYPE) {
 
1279                 case IEEE80211_STYPE_PSPOLL:
 
1280                 case IEEE80211_STYPE_RTS:
 
1281                 case IEEE80211_STYPE_CFEND:
 
1282                 case IEEE80211_STYPE_CFENDACK:
 
1285                 case IEEE80211_STYPE_CTS:
 
1286                 case IEEE80211_STYPE_ACK:
 
1292                 /* Unknown frame type */
 
1296         /* sanity check the length */
 
1297         if (datalen > IEEE80211_MAX_DATA_LEN + 12) {
 
1298                 printk(KERN_DEBUG "%s: oversized monitor frame, "
 
1299                        "data length = %d\n", dev->name, datalen);
 
1300                 stats->rx_length_errors++;
 
1304         skb = dev_alloc_skb(hdrlen + datalen);
 
1306                 printk(KERN_WARNING "%s: Cannot allocate skb for monitor frame\n",
 
1311         /* Copy the 802.11 header to the skb */
 
1312         memcpy(skb_put(skb, hdrlen), &(desc->frame_ctl), hdrlen);
 
1313         skb_reset_mac_header(skb);
 
1315         /* If any, copy the data from the card to the skb */
 
1317                 err = hermes_bap_pread(hw, IRQ_BAP, skb_put(skb, datalen),
 
1318                                        ALIGN(datalen, 2), rxfid,
 
1319                                        HERMES_802_2_OFFSET);
 
1321                         printk(KERN_ERR "%s: error %d reading monitor frame\n",
 
1328         skb->ip_summed = CHECKSUM_NONE;
 
1329         skb->pkt_type = PACKET_OTHERHOST;
 
1330         skb->protocol = __constant_htons(ETH_P_802_2);
 
1332         stats->rx_packets++;
 
1333         stats->rx_bytes += skb->len;
 
1339         dev_kfree_skb_irq(skb);
 
1342         stats->rx_dropped++;
 
1345 /* Get tsc from the firmware */
 
1346 static int orinoco_hw_get_tkip_iv(struct orinoco_private *priv, int key,
 
1349         hermes_t *hw = &priv->hw;
 
1351         u8 tsc_arr[4][IW_ENCODE_SEQ_MAX_SIZE];
 
1353         if ((key < 0) || (key > 4))
 
1356         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_TKIP_IV,
 
1357                               sizeof(tsc_arr), NULL, &tsc_arr);
 
1359                 memcpy(tsc, &tsc_arr[key][0], sizeof(tsc_arr[0]));
 
1364 static void __orinoco_ev_rx(struct net_device *dev, hermes_t *hw)
 
1366         struct orinoco_private *priv = netdev_priv(dev);
 
1367         struct net_device_stats *stats = &priv->stats;
 
1368         struct iw_statistics *wstats = &priv->wstats;
 
1369         struct sk_buff *skb = NULL;
 
1372         struct hermes_rx_descriptor *desc;
 
1373         struct orinoco_rx_data *rx_data;
 
1376         desc = kmalloc(sizeof(*desc), GFP_ATOMIC);
 
1379                        "%s: Can't allocate space for RX descriptor\n",
 
1384         rxfid = hermes_read_regn(hw, RXFID);
 
1386         err = hermes_bap_pread(hw, IRQ_BAP, desc, sizeof(*desc),
 
1389                 printk(KERN_ERR "%s: error %d reading Rx descriptor. "
 
1390                        "Frame dropped.\n", dev->name, err);
 
1394         status = le16_to_cpu(desc->status);
 
1396         if (status & HERMES_RXSTAT_BADCRC) {
 
1397                 DEBUG(1, "%s: Bad CRC on Rx. Frame dropped.\n",
 
1399                 stats->rx_crc_errors++;
 
1403         /* Handle frames in monitor mode */
 
1404         if (priv->iw_mode == IW_MODE_MONITOR) {
 
1405                 orinoco_rx_monitor(dev, rxfid, desc);
 
1409         if (status & HERMES_RXSTAT_UNDECRYPTABLE) {
 
1410                 DEBUG(1, "%s: Undecryptable frame on Rx. Frame dropped.\n",
 
1412                 wstats->discard.code++;
 
1416         length = le16_to_cpu(desc->data_len);
 
1419         if (length < 3) { /* No for even an 802.2 LLC header */
 
1420                 /* At least on Symbol firmware with PCF we get quite a
 
1421                    lot of these legitimately - Poll frames with no
 
1425         if (length > IEEE80211_MAX_DATA_LEN) {
 
1426                 printk(KERN_WARNING "%s: Oversized frame received (%d bytes)\n",
 
1428                 stats->rx_length_errors++;
 
1432         /* Payload size does not include Michael MIC. Increase payload
 
1433          * size to read it together with the data. */
 
1434         if (status & HERMES_RXSTAT_MIC)
 
1435                 length += MICHAEL_MIC_LEN;
 
1437         /* We need space for the packet data itself, plus an ethernet
 
1438            header, plus 2 bytes so we can align the IP header on a
 
1439            32bit boundary, plus 1 byte so we can read in odd length
 
1440            packets from the card, which has an IO granularity of 16
 
1442         skb = dev_alloc_skb(length+ETH_HLEN+2+1);
 
1444                 printk(KERN_WARNING "%s: Can't allocate skb for Rx\n",
 
1449         /* We'll prepend the header, so reserve space for it.  The worst
 
1450            case is no decapsulation, when 802.3 header is prepended and
 
1451            nothing is removed.  2 is for aligning the IP header.  */
 
1452         skb_reserve(skb, ETH_HLEN + 2);
 
1454         err = hermes_bap_pread(hw, IRQ_BAP, skb_put(skb, length),
 
1455                                ALIGN(length, 2), rxfid,
 
1456                                HERMES_802_2_OFFSET);
 
1458                 printk(KERN_ERR "%s: error %d reading frame. "
 
1459                        "Frame dropped.\n", dev->name, err);
 
1463         /* Add desc and skb to rx queue */
 
1464         rx_data = kzalloc(sizeof(*rx_data), GFP_ATOMIC);
 
1466                 printk(KERN_WARNING "%s: Can't allocate RX packet\n",
 
1470         rx_data->desc = desc;
 
1472         list_add_tail(&rx_data->list, &priv->rx_list);
 
1473         tasklet_schedule(&priv->rx_tasklet);
 
1478         dev_kfree_skb_irq(skb);
 
1481         stats->rx_dropped++;
 
1486 static void orinoco_rx(struct net_device *dev,
 
1487                        struct hermes_rx_descriptor *desc,
 
1488                        struct sk_buff *skb)
 
1490         struct orinoco_private *priv = netdev_priv(dev);
 
1491         struct net_device_stats *stats = &priv->stats;
 
1496         status = le16_to_cpu(desc->status);
 
1497         length = le16_to_cpu(desc->data_len);
 
1498         fc = le16_to_cpu(desc->frame_ctl);
 
1500         /* Calculate and check MIC */
 
1501         if (status & HERMES_RXSTAT_MIC) {
 
1502                 int key_id = ((status & HERMES_RXSTAT_MIC_KEY_ID) >>
 
1503                               HERMES_MIC_KEY_ID_SHIFT);
 
1504                 u8 mic[MICHAEL_MIC_LEN];
 
1506                 u8 *src = (fc & IEEE80211_FCTL_FROMDS) ?
 
1507                         desc->addr3 : desc->addr2;
 
1509                 /* Extract Michael MIC from payload */
 
1510                 rxmic = skb->data + skb->len - MICHAEL_MIC_LEN;
 
1512                 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
 
1513                 length -= MICHAEL_MIC_LEN;
 
1515                 michael_mic(priv->rx_tfm_mic,
 
1516                             priv->tkip_key[key_id].rx_mic,
 
1519                             0, /* priority or QoS? */
 
1524                 if (memcmp(mic, rxmic,
 
1526                         union iwreq_data wrqu;
 
1527                         struct iw_michaelmicfailure wxmic;
 
1529                         printk(KERN_WARNING "%s: "
 
1530                                "Invalid Michael MIC in data frame from %pM, "
 
1532                                dev->name, src, key_id);
 
1534                         /* TODO: update stats */
 
1536                         /* Notify userspace */
 
1537                         memset(&wxmic, 0, sizeof(wxmic));
 
1538                         wxmic.flags = key_id & IW_MICFAILURE_KEY_ID;
 
1539                         wxmic.flags |= (desc->addr1[0] & 1) ?
 
1540                                 IW_MICFAILURE_GROUP : IW_MICFAILURE_PAIRWISE;
 
1541                         wxmic.src_addr.sa_family = ARPHRD_ETHER;
 
1542                         memcpy(wxmic.src_addr.sa_data, src, ETH_ALEN);
 
1544                         (void) orinoco_hw_get_tkip_iv(priv, key_id,
 
1547                         memset(&wrqu, 0, sizeof(wrqu));
 
1548                         wrqu.data.length = sizeof(wxmic);
 
1549                         wireless_send_event(dev, IWEVMICHAELMICFAILURE, &wrqu,
 
1556         /* Handle decapsulation
 
1557          * In most cases, the firmware tell us about SNAP frames.
 
1558          * For some reason, the SNAP frames sent by LinkSys APs
 
1559          * are not properly recognised by most firmwares.
 
1560          * So, check ourselves */
 
1561         if (length >= ENCAPS_OVERHEAD &&
 
1562             (((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_1042) ||
 
1563              ((status & HERMES_RXSTAT_MSGTYPE) == HERMES_RXSTAT_TUNNEL) ||
 
1564              is_ethersnap(skb->data))) {
 
1565                 /* These indicate a SNAP within 802.2 LLC within
 
1566                    802.11 frame which we'll need to de-encapsulate to
 
1567                    the original EthernetII frame. */
 
1568                 hdr = (struct ethhdr *)skb_push(skb, ETH_HLEN - ENCAPS_OVERHEAD);
 
1570                 /* 802.3 frame - prepend 802.3 header as is */
 
1571                 hdr = (struct ethhdr *)skb_push(skb, ETH_HLEN);
 
1572                 hdr->h_proto = htons(length);
 
1574         memcpy(hdr->h_dest, desc->addr1, ETH_ALEN);
 
1575         if (fc & IEEE80211_FCTL_FROMDS)
 
1576                 memcpy(hdr->h_source, desc->addr3, ETH_ALEN);
 
1578                 memcpy(hdr->h_source, desc->addr2, ETH_ALEN);
 
1580         skb->protocol = eth_type_trans(skb, dev);
 
1581         skb->ip_summed = CHECKSUM_NONE;
 
1582         if (fc & IEEE80211_FCTL_TODS)
 
1583                 skb->pkt_type = PACKET_OTHERHOST;
 
1585         /* Process the wireless stats if needed */
 
1586         orinoco_stat_gather(dev, skb, desc);
 
1588         /* Pass the packet to the networking stack */
 
1590         stats->rx_packets++;
 
1591         stats->rx_bytes += length;
 
1598         stats->rx_dropped++;
 
1601 static void orinoco_rx_isr_tasklet(unsigned long data)
 
1603         struct net_device *dev = (struct net_device *) data;
 
1604         struct orinoco_private *priv = netdev_priv(dev);
 
1605         struct orinoco_rx_data *rx_data, *temp;
 
1606         struct hermes_rx_descriptor *desc;
 
1607         struct sk_buff *skb;
 
1608         unsigned long flags;
 
1610         /* orinoco_rx requires the driver lock, and we also need to
 
1611          * protect priv->rx_list, so just hold the lock over the
 
1614          * If orinoco_lock fails, we've unplugged the card. In this
 
1615          * case just abort. */
 
1616         if (orinoco_lock(priv, &flags) != 0)
 
1619         /* extract desc and skb from queue */
 
1620         list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
 
1621                 desc = rx_data->desc;
 
1623                 list_del(&rx_data->list);
 
1626                 orinoco_rx(dev, desc, skb);
 
1631         orinoco_unlock(priv, &flags);
 
1634 /********************************************************************/
 
1635 /* Rx path (info frames)                                            */
 
1636 /********************************************************************/
 
1638 static void print_linkstatus(struct net_device *dev, u16 status)
 
1642         if (suppress_linkstatus)
 
1646         case HERMES_LINKSTATUS_NOT_CONNECTED:
 
1647                 s = "Not Connected";
 
1649         case HERMES_LINKSTATUS_CONNECTED:
 
1652         case HERMES_LINKSTATUS_DISCONNECTED:
 
1655         case HERMES_LINKSTATUS_AP_CHANGE:
 
1658         case HERMES_LINKSTATUS_AP_OUT_OF_RANGE:
 
1659                 s = "AP Out of Range";
 
1661         case HERMES_LINKSTATUS_AP_IN_RANGE:
 
1664         case HERMES_LINKSTATUS_ASSOC_FAILED:
 
1665                 s = "Association Failed";
 
1671         printk(KERN_DEBUG "%s: New link status: %s (%04x)\n",
 
1672                dev->name, s, status);
 
1675 /* Search scan results for requested BSSID, join it if found */
 
1676 static void orinoco_join_ap(struct work_struct *work)
 
1678         struct orinoco_private *priv =
 
1679                 container_of(work, struct orinoco_private, join_work);
 
1680         struct net_device *dev = priv->ndev;
 
1681         struct hermes *hw = &priv->hw;
 
1683         unsigned long flags;
 
1687         } __attribute__ ((packed)) req;
 
1688         const int atom_len = offsetof(struct prism2_scan_apinfo, atim);
 
1689         struct prism2_scan_apinfo *atom = NULL;
 
1695         /* Allocate buffer for scan results */
 
1696         buf = kmalloc(MAX_SCAN_LEN, GFP_KERNEL);
 
1700         if (orinoco_lock(priv, &flags) != 0)
 
1703         /* Sanity checks in case user changed something in the meantime */
 
1704         if (! priv->bssid_fixed)
 
1707         if (strlen(priv->desired_essid) == 0)
 
1710         /* Read scan results from the firmware */
 
1711         err = hermes_read_ltv(hw, USER_BAP,
 
1712                               HERMES_RID_SCANRESULTSTABLE,
 
1713                               MAX_SCAN_LEN, &len, buf);
 
1715                 printk(KERN_ERR "%s: Cannot read scan results\n",
 
1720         len = HERMES_RECLEN_TO_BYTES(len);
 
1722         /* Go through the scan results looking for the channel of the AP
 
1723          * we were requested to join */
 
1724         for (; offset + atom_len <= len; offset += atom_len) {
 
1725                 atom = (struct prism2_scan_apinfo *) (buf + offset);
 
1726                 if (memcmp(&atom->bssid, priv->desired_bssid, ETH_ALEN) == 0) {
 
1733                 DEBUG(1, "%s: Requested AP not found in scan results\n",
 
1738         memcpy(req.bssid, priv->desired_bssid, ETH_ALEN);
 
1739         req.channel = atom->channel;    /* both are little-endian */
 
1740         err = HERMES_WRITE_RECORD(hw, USER_BAP, HERMES_RID_CNFJOINREQUEST,
 
1743                 printk(KERN_ERR "%s: Error issuing join request\n", dev->name);
 
1746         orinoco_unlock(priv, &flags);
 
1752 /* Send new BSSID to userspace */
 
1753 static void orinoco_send_bssid_wevent(struct orinoco_private *priv)
 
1755         struct net_device *dev = priv->ndev;
 
1756         struct hermes *hw = &priv->hw;
 
1757         union iwreq_data wrqu;
 
1760         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
 
1761                               ETH_ALEN, NULL, wrqu.ap_addr.sa_data);
 
1765         wrqu.ap_addr.sa_family = ARPHRD_ETHER;
 
1767         /* Send event to user space */
 
1768         wireless_send_event(dev, SIOCGIWAP, &wrqu, NULL);
 
1771 static void orinoco_send_assocreqie_wevent(struct orinoco_private *priv)
 
1773         struct net_device *dev = priv->ndev;
 
1774         struct hermes *hw = &priv->hw;
 
1775         union iwreq_data wrqu;
 
1783         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_REQ_INFO,
 
1784                               sizeof(buf), NULL, &buf);
 
1788         ie = orinoco_get_wpa_ie(buf, sizeof(buf));
 
1790                 int rem = sizeof(buf) - (ie - &buf[0]);
 
1791                 wrqu.data.length = ie[1] + 2;
 
1792                 if (wrqu.data.length > rem)
 
1793                         wrqu.data.length = rem;
 
1795                 if (wrqu.data.length)
 
1796                         /* Send event to user space */
 
1797                         wireless_send_event(dev, IWEVASSOCREQIE, &wrqu, ie);
 
1801 static void orinoco_send_assocrespie_wevent(struct orinoco_private *priv)
 
1803         struct net_device *dev = priv->ndev;
 
1804         struct hermes *hw = &priv->hw;
 
1805         union iwreq_data wrqu;
 
1807         u8 buf[88]; /* TODO: verify max size or IW_GENERIC_IE_MAX */
 
1813         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENT_ASSOC_RESP_INFO,
 
1814                               sizeof(buf), NULL, &buf);
 
1818         ie = orinoco_get_wpa_ie(buf, sizeof(buf));
 
1820                 int rem = sizeof(buf) - (ie - &buf[0]);
 
1821                 wrqu.data.length = ie[1] + 2;
 
1822                 if (wrqu.data.length > rem)
 
1823                         wrqu.data.length = rem;
 
1825                 if (wrqu.data.length)
 
1826                         /* Send event to user space */
 
1827                         wireless_send_event(dev, IWEVASSOCRESPIE, &wrqu, ie);
 
1831 static void orinoco_send_wevents(struct work_struct *work)
 
1833         struct orinoco_private *priv =
 
1834                 container_of(work, struct orinoco_private, wevent_work);
 
1835         unsigned long flags;
 
1837         if (orinoco_lock(priv, &flags) != 0)
 
1840         orinoco_send_assocreqie_wevent(priv);
 
1841         orinoco_send_assocrespie_wevent(priv);
 
1842         orinoco_send_bssid_wevent(priv);
 
1844         orinoco_unlock(priv, &flags);
 
1847 static inline void orinoco_clear_scan_results(struct orinoco_private *priv,
 
1848                                               unsigned long scan_age)
 
1850         if (priv->has_ext_scan) {
 
1851                 struct xbss_element *bss;
 
1852                 struct xbss_element *tmp_bss;
 
1854                 /* Blow away current list of scan results */
 
1855                 list_for_each_entry_safe(bss, tmp_bss, &priv->bss_list, list) {
 
1857                             time_after(jiffies, bss->last_scanned + scan_age)) {
 
1858                                 list_move_tail(&bss->list,
 
1859                                                &priv->bss_free_list);
 
1860                                 /* Don't blow away ->list, just BSS data */
 
1861                                 memset(&bss->bss, 0, sizeof(bss->bss));
 
1862                                 bss->last_scanned = 0;
 
1866                 struct bss_element *bss;
 
1867                 struct bss_element *tmp_bss;
 
1869                 /* Blow away current list of scan results */
 
1870                 list_for_each_entry_safe(bss, tmp_bss, &priv->bss_list, list) {
 
1872                             time_after(jiffies, bss->last_scanned + scan_age)) {
 
1873                                 list_move_tail(&bss->list,
 
1874                                                &priv->bss_free_list);
 
1875                                 /* Don't blow away ->list, just BSS data */
 
1876                                 memset(&bss->bss, 0, sizeof(bss->bss));
 
1877                                 bss->last_scanned = 0;
 
1883 static void orinoco_add_ext_scan_result(struct orinoco_private *priv,
 
1884                                         struct agere_ext_scan_info *atom)
 
1886         struct xbss_element *bss = NULL;
 
1889         /* Try to update an existing bss first */
 
1890         list_for_each_entry(bss, &priv->bss_list, list) {
 
1891                 if (compare_ether_addr(bss->bss.bssid, atom->bssid))
 
1894                 if (bss->bss.data[1] != atom->data[1])
 
1896                 if (memcmp(&bss->bss.data[2], &atom->data[2],
 
1903         /* Grab a bss off the free list */
 
1904         if (!found && !list_empty(&priv->bss_free_list)) {
 
1905                 bss = list_entry(priv->bss_free_list.next,
 
1906                                  struct xbss_element, list);
 
1907                 list_del(priv->bss_free_list.next);
 
1909                 list_add_tail(&bss->list, &priv->bss_list);
 
1913                 /* Always update the BSS to get latest beacon info */
 
1914                 memcpy(&bss->bss, atom, sizeof(bss->bss));
 
1915                 bss->last_scanned = jiffies;
 
1919 static int orinoco_process_scan_results(struct net_device *dev,
 
1923         struct orinoco_private *priv = netdev_priv(dev);
 
1924         int                     offset;         /* In the scan data */
 
1925         union hermes_scan_info *atom;
 
1928         switch (priv->firmware_type) {
 
1929         case FIRMWARE_TYPE_AGERE:
 
1930                 atom_len = sizeof(struct agere_scan_apinfo);
 
1933         case FIRMWARE_TYPE_SYMBOL:
 
1934                 /* Lack of documentation necessitates this hack.
 
1935                  * Different firmwares have 68 or 76 byte long atoms.
 
1936                  * We try modulo first.  If the length divides by both,
 
1937                  * we check what would be the channel in the second
 
1938                  * frame for a 68-byte atom.  76-byte atoms have 0 there.
 
1939                  * Valid channel cannot be 0.  */
 
1944                 else if (len >= 1292 && buf[68] == 0)
 
1950         case FIRMWARE_TYPE_INTERSIL:
 
1952                 if (priv->has_hostscan) {
 
1953                         atom_len = le16_to_cpup((__le16 *)buf);
 
1954                         /* Sanity check for atom_len */
 
1955                         if (atom_len < sizeof(struct prism2_scan_apinfo)) {
 
1956                                 printk(KERN_ERR "%s: Invalid atom_len in scan "
 
1957                                        "data: %d\n", dev->name, atom_len);
 
1961                         atom_len = offsetof(struct prism2_scan_apinfo, atim);
 
1967         /* Check that we got an whole number of atoms */
 
1968         if ((len - offset) % atom_len) {
 
1969                 printk(KERN_ERR "%s: Unexpected scan data length %d, "
 
1970                        "atom_len %d, offset %d\n", dev->name, len,
 
1975         orinoco_clear_scan_results(priv, msecs_to_jiffies(15000));
 
1977         /* Read the entries one by one */
 
1978         for (; offset + atom_len <= len; offset += atom_len) {
 
1980                 struct bss_element *bss = NULL;
 
1983                 atom = (union hermes_scan_info *) (buf + offset);
 
1985                 /* Try to update an existing bss first */
 
1986                 list_for_each_entry(bss, &priv->bss_list, list) {
 
1987                         if (compare_ether_addr(bss->bss.a.bssid, atom->a.bssid))
 
1989                         if (le16_to_cpu(bss->bss.a.essid_len) !=
 
1990                               le16_to_cpu(atom->a.essid_len))
 
1992                         if (memcmp(bss->bss.a.essid, atom->a.essid,
 
1993                               le16_to_cpu(atom->a.essid_len)))
 
1999                 /* Grab a bss off the free list */
 
2000                 if (!found && !list_empty(&priv->bss_free_list)) {
 
2001                         bss = list_entry(priv->bss_free_list.next,
 
2002                                          struct bss_element, list);
 
2003                         list_del(priv->bss_free_list.next);
 
2005                         list_add_tail(&bss->list, &priv->bss_list);
 
2009                         /* Always update the BSS to get latest beacon info */
 
2010                         memcpy(&bss->bss, atom, sizeof(bss->bss));
 
2011                         bss->last_scanned = jiffies;
 
2018 static void __orinoco_ev_info(struct net_device *dev, hermes_t *hw)
 
2020         struct orinoco_private *priv = netdev_priv(dev);
 
2025         } __attribute__ ((packed)) info;
 
2029         /* This is an answer to an INQUIRE command that we did earlier,
 
2030          * or an information "event" generated by the card
 
2031          * The controller return to us a pseudo frame containing
 
2032          * the information in question - Jean II */
 
2033         infofid = hermes_read_regn(hw, INFOFID);
 
2035         /* Read the info frame header - don't try too hard */
 
2036         err = hermes_bap_pread(hw, IRQ_BAP, &info, sizeof(info),
 
2039                 printk(KERN_ERR "%s: error %d reading info frame. "
 
2040                        "Frame dropped.\n", dev->name, err);
 
2044         len = HERMES_RECLEN_TO_BYTES(le16_to_cpu(info.len));
 
2045         type = le16_to_cpu(info.type);
 
2048         case HERMES_INQ_TALLIES: {
 
2049                 struct hermes_tallies_frame tallies;
 
2050                 struct iw_statistics *wstats = &priv->wstats;
 
2052                 if (len > sizeof(tallies)) {
 
2053                         printk(KERN_WARNING "%s: Tallies frame too long (%d bytes)\n",
 
2055                         len = sizeof(tallies);
 
2058                 err = hermes_bap_pread(hw, IRQ_BAP, &tallies, len,
 
2059                                        infofid, sizeof(info));
 
2063                 /* Increment our various counters */
 
2064                 /* wstats->discard.nwid - no wrong BSSID stuff */
 
2065                 wstats->discard.code +=
 
2066                         le16_to_cpu(tallies.RxWEPUndecryptable);
 
2067                 if (len == sizeof(tallies))  
 
2068                         wstats->discard.code +=
 
2069                                 le16_to_cpu(tallies.RxDiscards_WEPICVError) +
 
2070                                 le16_to_cpu(tallies.RxDiscards_WEPExcluded);
 
2071                 wstats->discard.misc +=
 
2072                         le16_to_cpu(tallies.TxDiscardsWrongSA);
 
2073                 wstats->discard.fragment +=
 
2074                         le16_to_cpu(tallies.RxMsgInBadMsgFragments);
 
2075                 wstats->discard.retries +=
 
2076                         le16_to_cpu(tallies.TxRetryLimitExceeded);
 
2077                 /* wstats->miss.beacon - no match */
 
2080         case HERMES_INQ_LINKSTATUS: {
 
2081                 struct hermes_linkstatus linkstatus;
 
2085                 if (priv->iw_mode == IW_MODE_MONITOR)
 
2088                 if (len != sizeof(linkstatus)) {
 
2089                         printk(KERN_WARNING "%s: Unexpected size for linkstatus frame (%d bytes)\n",
 
2094                 err = hermes_bap_pread(hw, IRQ_BAP, &linkstatus, len,
 
2095                                        infofid, sizeof(info));
 
2098                 newstatus = le16_to_cpu(linkstatus.linkstatus);
 
2100                 /* Symbol firmware uses "out of range" to signal that
 
2101                  * the hostscan frame can be requested.  */
 
2102                 if (newstatus == HERMES_LINKSTATUS_AP_OUT_OF_RANGE &&
 
2103                     priv->firmware_type == FIRMWARE_TYPE_SYMBOL &&
 
2104                     priv->has_hostscan && priv->scan_inprogress) {
 
2105                         hermes_inquire(hw, HERMES_INQ_HOSTSCAN_SYMBOL);
 
2109                 connected = (newstatus == HERMES_LINKSTATUS_CONNECTED)
 
2110                         || (newstatus == HERMES_LINKSTATUS_AP_CHANGE)
 
2111                         || (newstatus == HERMES_LINKSTATUS_AP_IN_RANGE);
 
2114                         netif_carrier_on(dev);
 
2115                 else if (!ignore_disconnect)
 
2116                         netif_carrier_off(dev);
 
2118                 if (newstatus != priv->last_linkstatus) {
 
2119                         priv->last_linkstatus = newstatus;
 
2120                         print_linkstatus(dev, newstatus);
 
2121                         /* The info frame contains only one word which is the
 
2122                          * status (see hermes.h). The status is pretty boring
 
2123                          * in itself, that's why we export the new BSSID...
 
2125                         schedule_work(&priv->wevent_work);
 
2129         case HERMES_INQ_SCAN:
 
2130                 if (!priv->scan_inprogress && priv->bssid_fixed &&
 
2131                     priv->firmware_type == FIRMWARE_TYPE_INTERSIL) {
 
2132                         schedule_work(&priv->join_work);
 
2136         case HERMES_INQ_HOSTSCAN:
 
2137         case HERMES_INQ_HOSTSCAN_SYMBOL: {
 
2138                 /* Result of a scanning. Contains information about
 
2139                  * cells in the vicinity - Jean II */
 
2140                 union iwreq_data        wrqu;
 
2143                 /* Scan is no longer in progress */
 
2144                 priv->scan_inprogress = 0;
 
2148                         printk(KERN_WARNING "%s: Scan results too large (%d bytes)\n",
 
2153                 /* Allocate buffer for results */
 
2154                 buf = kmalloc(len, GFP_ATOMIC);
 
2156                         /* No memory, so can't printk()... */
 
2159                 /* Read scan data */
 
2160                 err = hermes_bap_pread(hw, IRQ_BAP, (void *) buf, len,
 
2161                                        infofid, sizeof(info));
 
2167 #ifdef ORINOCO_DEBUG
 
2170                         printk(KERN_DEBUG "Scan result [%02X", buf[0]);
 
2171                         for(i = 1; i < (len * 2); i++)
 
2172                                 printk(":%02X", buf[i]);
 
2175 #endif  /* ORINOCO_DEBUG */
 
2177                 if (orinoco_process_scan_results(dev, buf, len) == 0) {
 
2178                         /* Send an empty event to user space.
 
2179                          * We don't send the received data on the event because
 
2180                          * it would require us to do complex transcoding, and
 
2181                          * we want to minimise the work done in the irq handler
 
2182                          * Use a request to extract the data - Jean II */
 
2183                         wrqu.data.length = 0;
 
2184                         wrqu.data.flags = 0;
 
2185                         wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
 
2190         case HERMES_INQ_CHANNELINFO:
 
2192                 struct agere_ext_scan_info *bss;
 
2194                 if (!priv->scan_inprogress) {
 
2195                         printk(KERN_DEBUG "%s: Got chaninfo without scan, "
 
2196                                "len=%d\n", dev->name, len);
 
2200                 /* An empty result indicates that the scan is complete */
 
2202                         union iwreq_data        wrqu;
 
2204                         /* Scan is no longer in progress */
 
2205                         priv->scan_inprogress = 0;
 
2207                         wrqu.data.length = 0;
 
2208                         wrqu.data.flags = 0;
 
2209                         wireless_send_event(dev, SIOCGIWSCAN, &wrqu, NULL);
 
2214                 else if (len > sizeof(*bss)) {
 
2216                                "%s: Ext scan results too large (%d bytes). "
 
2217                                "Truncating results to %zd bytes.\n",
 
2218                                dev->name, len, sizeof(*bss));
 
2220                 } else if (len < (offsetof(struct agere_ext_scan_info,
 
2222                         /* Drop this result now so we don't have to
 
2223                          * keep checking later */
 
2225                                "%s: Ext scan results too short (%d bytes)\n",
 
2230                 bss = kmalloc(sizeof(*bss), GFP_ATOMIC);
 
2234                 /* Read scan data */
 
2235                 err = hermes_bap_pread(hw, IRQ_BAP, (void *) bss, len,
 
2236                                        infofid, sizeof(info));
 
2242                 orinoco_add_ext_scan_result(priv, bss);
 
2247         case HERMES_INQ_SEC_STAT_AGERE:
 
2248                 /* Security status (Agere specific) */
 
2249                 /* Ignore this frame for now */
 
2250                 if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
 
2254                 printk(KERN_DEBUG "%s: Unknown information frame received: "
 
2255                        "type 0x%04x, length %d\n", dev->name, type, len);
 
2256                 /* We don't actually do anything about it */
 
2261 static void __orinoco_ev_infdrop(struct net_device *dev, hermes_t *hw)
 
2263         if (net_ratelimit())
 
2264                 printk(KERN_DEBUG "%s: Information frame lost.\n", dev->name);
 
2267 /********************************************************************/
 
2268 /* Internal hardware control routines                               */
 
2269 /********************************************************************/
 
2271 int __orinoco_up(struct net_device *dev)
 
2273         struct orinoco_private *priv = netdev_priv(dev);
 
2274         struct hermes *hw = &priv->hw;
 
2277         netif_carrier_off(dev); /* just to make sure */
 
2279         err = __orinoco_program_rids(dev);
 
2281                 printk(KERN_ERR "%s: Error %d configuring card\n",
 
2286         /* Fire things up again */
 
2287         hermes_set_irqmask(hw, ORINOCO_INTEN);
 
2288         err = hermes_enable_port(hw, 0);
 
2290                 printk(KERN_ERR "%s: Error %d enabling MAC port\n",
 
2295         netif_start_queue(dev);
 
2300 int __orinoco_down(struct net_device *dev)
 
2302         struct orinoco_private *priv = netdev_priv(dev);
 
2303         struct hermes *hw = &priv->hw;
 
2306         netif_stop_queue(dev);
 
2308         if (! priv->hw_unavailable) {
 
2309                 if (! priv->broken_disableport) {
 
2310                         err = hermes_disable_port(hw, 0);
 
2312                                 /* Some firmwares (e.g. Intersil 1.3.x) seem
 
2313                                  * to have problems disabling the port, oh
 
2315                                 printk(KERN_WARNING "%s: Error %d disabling MAC port\n",
 
2317                                 priv->broken_disableport = 1;
 
2320                 hermes_set_irqmask(hw, 0);
 
2321                 hermes_write_regn(hw, EVACK, 0xffff);
 
2324         /* firmware will have to reassociate */
 
2325         netif_carrier_off(dev);
 
2326         priv->last_linkstatus = 0xffff;
 
2331 static int orinoco_allocate_fid(struct net_device *dev)
 
2333         struct orinoco_private *priv = netdev_priv(dev);
 
2334         struct hermes *hw = &priv->hw;
 
2337         err = hermes_allocate(hw, priv->nicbuf_size, &priv->txfid);
 
2338         if (err == -EIO && priv->nicbuf_size > TX_NICBUF_SIZE_BUG) {
 
2339                 /* Try workaround for old Symbol firmware bug */
 
2340                 printk(KERN_WARNING "%s: firmware ALLOC bug detected "
 
2341                        "(old Symbol firmware?). Trying to work around... ",
 
2344                 priv->nicbuf_size = TX_NICBUF_SIZE_BUG;
 
2345                 err = hermes_allocate(hw, priv->nicbuf_size, &priv->txfid);
 
2347                         printk("failed!\n");
 
2355 int orinoco_reinit_firmware(struct net_device *dev)
 
2357         struct orinoco_private *priv = netdev_priv(dev);
 
2358         struct hermes *hw = &priv->hw;
 
2361         err = hermes_init(hw);
 
2362         if (priv->do_fw_download && !err) {
 
2363                 err = orinoco_download(priv);
 
2365                         priv->do_fw_download = 0;
 
2368                 err = orinoco_allocate_fid(dev);
 
2373 static int __orinoco_hw_set_bitrate(struct orinoco_private *priv)
 
2375         hermes_t *hw = &priv->hw;
 
2378         if (priv->bitratemode >= BITRATE_TABLE_SIZE) {
 
2379                 printk(KERN_ERR "%s: BUG: Invalid bitrate mode %d\n",
 
2380                        priv->ndev->name, priv->bitratemode);
 
2384         switch (priv->firmware_type) {
 
2385         case FIRMWARE_TYPE_AGERE:
 
2386                 err = hermes_write_wordrec(hw, USER_BAP,
 
2387                                            HERMES_RID_CNFTXRATECONTROL,
 
2388                                            bitrate_table[priv->bitratemode].agere_txratectrl);
 
2390         case FIRMWARE_TYPE_INTERSIL:
 
2391         case FIRMWARE_TYPE_SYMBOL:
 
2392                 err = hermes_write_wordrec(hw, USER_BAP,
 
2393                                            HERMES_RID_CNFTXRATECONTROL,
 
2394                                            bitrate_table[priv->bitratemode].intersil_txratectrl);
 
2403 /* Set fixed AP address */
 
2404 static int __orinoco_hw_set_wap(struct orinoco_private *priv)
 
2408         hermes_t *hw = &priv->hw;
 
2410         switch (priv->firmware_type) {
 
2411         case FIRMWARE_TYPE_AGERE:
 
2414         case FIRMWARE_TYPE_INTERSIL:
 
2415                 if (priv->bssid_fixed)
 
2420                 err = hermes_write_wordrec(hw, USER_BAP,
 
2421                                            HERMES_RID_CNFROAMINGMODE,
 
2424         case FIRMWARE_TYPE_SYMBOL:
 
2425                 err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
2426                                           HERMES_RID_CNFMANDATORYBSSID_SYMBOL,
 
2427                                           &priv->desired_bssid);
 
2433 /* Change the WEP keys and/or the current keys.  Can be called
 
2434  * either from __orinoco_hw_setup_enc() or directly from
 
2435  * orinoco_ioctl_setiwencode().  In the later case the association
 
2436  * with the AP is not broken (if the firmware can handle it),
 
2437  * which is needed for 802.1x implementations. */
 
2438 static int __orinoco_hw_setup_wepkeys(struct orinoco_private *priv)
 
2440         hermes_t *hw = &priv->hw;
 
2443         switch (priv->firmware_type) {
 
2444         case FIRMWARE_TYPE_AGERE:
 
2445                 err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
2446                                           HERMES_RID_CNFWEPKEYS_AGERE,
 
2450                 err = hermes_write_wordrec(hw, USER_BAP,
 
2451                                            HERMES_RID_CNFTXKEY_AGERE,
 
2456         case FIRMWARE_TYPE_INTERSIL:
 
2457         case FIRMWARE_TYPE_SYMBOL:
 
2462                         /* Force uniform key length to work around firmware bugs */
 
2463                         keylen = le16_to_cpu(priv->keys[priv->tx_key].len);
 
2465                         if (keylen > LARGE_KEY_SIZE) {
 
2466                                 printk(KERN_ERR "%s: BUG: Key %d has oversize length %d.\n",
 
2467                                        priv->ndev->name, priv->tx_key, keylen);
 
2471                         /* Write all 4 keys */
 
2472                         for(i = 0; i < ORINOCO_MAX_KEYS; i++) {
 
2473                                 err = hermes_write_ltv(hw, USER_BAP,
 
2474                                                        HERMES_RID_CNFDEFAULTKEY0 + i,
 
2475                                                        HERMES_BYTES_TO_RECLEN(keylen),
 
2476                                                        priv->keys[i].data);
 
2481                         /* Write the index of the key used in transmission */
 
2482                         err = hermes_write_wordrec(hw, USER_BAP,
 
2483                                                    HERMES_RID_CNFWEPDEFAULTKEYID,
 
2494 static int __orinoco_hw_setup_enc(struct orinoco_private *priv)
 
2496         hermes_t *hw = &priv->hw;
 
2498         int master_wep_flag;
 
2502         /* Setup WEP keys for WEP and WPA */
 
2503         if (priv->encode_alg)
 
2504                 __orinoco_hw_setup_wepkeys(priv);
 
2506         if (priv->wep_restrict)
 
2507                 auth_flag = HERMES_AUTH_SHARED_KEY;
 
2509                 auth_flag = HERMES_AUTH_OPEN;
 
2511         if (priv->wpa_enabled)
 
2513         else if (priv->encode_alg == IW_ENCODE_ALG_WEP)
 
2518         switch (priv->firmware_type) {
 
2519         case FIRMWARE_TYPE_AGERE: /* Agere style WEP */
 
2520                 if (priv->encode_alg == IW_ENCODE_ALG_WEP) {
 
2521                         /* Enable the shared-key authentication. */
 
2522                         err = hermes_write_wordrec(hw, USER_BAP,
 
2523                                                    HERMES_RID_CNFAUTHENTICATION_AGERE,
 
2526                 err = hermes_write_wordrec(hw, USER_BAP,
 
2527                                            HERMES_RID_CNFWEPENABLED_AGERE,
 
2532                 if (priv->has_wpa) {
 
2533                         /* Set WPA key management */
 
2534                         err = hermes_write_wordrec(hw, USER_BAP,
 
2535                                   HERMES_RID_CNFSETWPAAUTHMGMTSUITE_AGERE,
 
2543         case FIRMWARE_TYPE_INTERSIL: /* Intersil style WEP */
 
2544         case FIRMWARE_TYPE_SYMBOL: /* Symbol style WEP */
 
2545                 if (priv->encode_alg == IW_ENCODE_ALG_WEP) {
 
2546                         if (priv->wep_restrict ||
 
2547                             (priv->firmware_type == FIRMWARE_TYPE_SYMBOL))
 
2548                                 master_wep_flag = HERMES_WEP_PRIVACY_INVOKED |
 
2549                                                   HERMES_WEP_EXCL_UNENCRYPTED;
 
2551                                 master_wep_flag = HERMES_WEP_PRIVACY_INVOKED;
 
2553                         err = hermes_write_wordrec(hw, USER_BAP,
 
2554                                                    HERMES_RID_CNFAUTHENTICATION,
 
2559                         master_wep_flag = 0;
 
2561                 if (priv->iw_mode == IW_MODE_MONITOR)
 
2562                         master_wep_flag |= HERMES_WEP_HOST_DECRYPT;
 
2564                 /* Master WEP setting : on/off */
 
2565                 err = hermes_write_wordrec(hw, USER_BAP,
 
2566                                            HERMES_RID_CNFWEPFLAGS_INTERSIL,
 
2577 /* key must be 32 bytes, including the tx and rx MIC keys.
 
2578  * rsc must be 8 bytes
 
2579  * tsc must be 8 bytes or NULL
 
2581 static int __orinoco_hw_set_tkip_key(hermes_t *hw, int key_idx, int set_tx,
 
2582                                      u8 *key, u8 *rsc, u8 *tsc)
 
2586                 u8 rsc[IW_ENCODE_SEQ_MAX_SIZE];
 
2587                 u8 key[TKIP_KEYLEN];
 
2588                 u8 tx_mic[MIC_KEYLEN];
 
2589                 u8 rx_mic[MIC_KEYLEN];
 
2590                 u8 tsc[IW_ENCODE_SEQ_MAX_SIZE];
 
2591         } __attribute__ ((packed)) buf;
 
2602         buf.idx = cpu_to_le16(key_idx);
 
2603         memcpy(buf.key, key,
 
2604                sizeof(buf.key) + sizeof(buf.tx_mic) + sizeof(buf.rx_mic));
 
2607                 memset(buf.rsc, 0, sizeof(buf.rsc));
 
2609                 memcpy(buf.rsc, rsc, sizeof(buf.rsc));
 
2612                 memset(buf.tsc, 0, sizeof(buf.tsc));
 
2615                 memcpy(buf.tsc, tsc, sizeof(buf.tsc));
 
2618         /* Wait upto 100ms for tx queue to empty */
 
2623                 ret = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_TXQUEUEEMPTY,
 
2627         } while ((k > 0) && xmitting);
 
2632         err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
2633                                   HERMES_RID_CNFADDDEFAULTTKIPKEY_AGERE,
 
2636         return ret ? ret : err;
 
2639 static int orinoco_clear_tkip_key(struct orinoco_private *priv,
 
2642         hermes_t *hw = &priv->hw;
 
2645         memset(&priv->tkip_key[key_idx], 0, sizeof(priv->tkip_key[key_idx]));
 
2646         err = hermes_write_wordrec(hw, USER_BAP,
 
2647                                    HERMES_RID_CNFREMDEFAULTTKIPKEY_AGERE,
 
2650                 printk(KERN_WARNING "%s: Error %d clearing TKIP key %d\n",
 
2651                        priv->ndev->name, err, key_idx);
 
2655 static int __orinoco_program_rids(struct net_device *dev)
 
2657         struct orinoco_private *priv = netdev_priv(dev);
 
2658         hermes_t *hw = &priv->hw;
 
2660         struct hermes_idstring idbuf;
 
2662         /* Set the MAC address */
 
2663         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNMACADDR,
 
2664                                HERMES_BYTES_TO_RECLEN(ETH_ALEN), dev->dev_addr);
 
2666                 printk(KERN_ERR "%s: Error %d setting MAC address\n",
 
2671         /* Set up the link mode */
 
2672         err = hermes_write_wordrec(hw, USER_BAP, HERMES_RID_CNFPORTTYPE,
 
2675                 printk(KERN_ERR "%s: Error %d setting port type\n",
 
2679         /* Set the channel/frequency */
 
2680         if (priv->channel != 0 && priv->iw_mode != IW_MODE_INFRA) {
 
2681                 err = hermes_write_wordrec(hw, USER_BAP,
 
2682                                            HERMES_RID_CNFOWNCHANNEL,
 
2685                         printk(KERN_ERR "%s: Error %d setting channel %d\n",
 
2686                                dev->name, err, priv->channel);
 
2691         if (priv->has_ibss) {
 
2694                 if ((strlen(priv->desired_essid) == 0) && (priv->createibss)) {
 
2695                         printk(KERN_WARNING "%s: This firmware requires an "
 
2696                                "ESSID in IBSS-Ad-Hoc mode.\n", dev->name);
 
2697                         /* With wvlan_cs, in this case, we would crash.
 
2698                          * hopefully, this driver will behave better...
 
2702                         createibss = priv->createibss;
 
2705                 err = hermes_write_wordrec(hw, USER_BAP,
 
2706                                            HERMES_RID_CNFCREATEIBSS,
 
2709                         printk(KERN_ERR "%s: Error %d setting CREATEIBSS\n",
 
2715         /* Set the desired BSSID */
 
2716         err = __orinoco_hw_set_wap(priv);
 
2718                 printk(KERN_ERR "%s: Error %d setting AP address\n",
 
2722         /* Set the desired ESSID */
 
2723         idbuf.len = cpu_to_le16(strlen(priv->desired_essid));
 
2724         memcpy(&idbuf.val, priv->desired_essid, sizeof(idbuf.val));
 
2725         /* WinXP wants partner to configure OWNSSID even in IBSS mode. (jimc) */
 
2726         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNSSID,
 
2727                                HERMES_BYTES_TO_RECLEN(strlen(priv->desired_essid)+2),
 
2730                 printk(KERN_ERR "%s: Error %d setting OWNSSID\n",
 
2734         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFDESIREDSSID,
 
2735                                HERMES_BYTES_TO_RECLEN(strlen(priv->desired_essid)+2),
 
2738                 printk(KERN_ERR "%s: Error %d setting DESIREDSSID\n",
 
2743         /* Set the station name */
 
2744         idbuf.len = cpu_to_le16(strlen(priv->nick));
 
2745         memcpy(&idbuf.val, priv->nick, sizeof(idbuf.val));
 
2746         err = hermes_write_ltv(hw, USER_BAP, HERMES_RID_CNFOWNNAME,
 
2747                                HERMES_BYTES_TO_RECLEN(strlen(priv->nick)+2),
 
2750                 printk(KERN_ERR "%s: Error %d setting nickname\n",
 
2755         /* Set AP density */
 
2756         if (priv->has_sensitivity) {
 
2757                 err = hermes_write_wordrec(hw, USER_BAP,
 
2758                                            HERMES_RID_CNFSYSTEMSCALE,
 
2761                         printk(KERN_WARNING "%s: Error %d setting SYSTEMSCALE.  "
 
2762                                "Disabling sensitivity control\n",
 
2765                         priv->has_sensitivity = 0;
 
2769         /* Set RTS threshold */
 
2770         err = hermes_write_wordrec(hw, USER_BAP, HERMES_RID_CNFRTSTHRESHOLD,
 
2773                 printk(KERN_ERR "%s: Error %d setting RTS threshold\n",
 
2778         /* Set fragmentation threshold or MWO robustness */
 
2780                 err = hermes_write_wordrec(hw, USER_BAP,
 
2781                                            HERMES_RID_CNFMWOROBUST_AGERE,
 
2784                 err = hermes_write_wordrec(hw, USER_BAP,
 
2785                                            HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
 
2788                 printk(KERN_ERR "%s: Error %d setting fragmentation\n",
 
2794         err = __orinoco_hw_set_bitrate(priv);
 
2796                 printk(KERN_ERR "%s: Error %d setting bitrate\n",
 
2801         /* Set power management */
 
2803                 err = hermes_write_wordrec(hw, USER_BAP,
 
2804                                            HERMES_RID_CNFPMENABLED,
 
2807                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2812                 err = hermes_write_wordrec(hw, USER_BAP,
 
2813                                            HERMES_RID_CNFMULTICASTRECEIVE,
 
2816                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2820                 err = hermes_write_wordrec(hw, USER_BAP,
 
2821                                            HERMES_RID_CNFMAXSLEEPDURATION,
 
2824                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2828                 err = hermes_write_wordrec(hw, USER_BAP,
 
2829                                            HERMES_RID_CNFPMHOLDOVERDURATION,
 
2832                         printk(KERN_ERR "%s: Error %d setting up PM\n",
 
2838         /* Set preamble - only for Symbol so far... */
 
2839         if (priv->has_preamble) {
 
2840                 err = hermes_write_wordrec(hw, USER_BAP,
 
2841                                            HERMES_RID_CNFPREAMBLE_SYMBOL,
 
2844                         printk(KERN_ERR "%s: Error %d setting preamble\n",
 
2850         /* Set up encryption */
 
2851         if (priv->has_wep || priv->has_wpa) {
 
2852                 err = __orinoco_hw_setup_enc(priv);
 
2854                         printk(KERN_ERR "%s: Error %d activating encryption\n",
 
2860         if (priv->iw_mode == IW_MODE_MONITOR) {
 
2861                 /* Enable monitor mode */
 
2862                 dev->type = ARPHRD_IEEE80211;
 
2863                 err = hermes_docmd_wait(hw, HERMES_CMD_TEST | 
 
2864                                             HERMES_TEST_MONITOR, 0, NULL);
 
2866                 /* Disable monitor mode */
 
2867                 dev->type = ARPHRD_ETHER;
 
2868                 err = hermes_docmd_wait(hw, HERMES_CMD_TEST |
 
2869                                             HERMES_TEST_STOP, 0, NULL);
 
2874         /* Set promiscuity / multicast*/
 
2875         priv->promiscuous = 0;
 
2878         /* FIXME: what about netif_tx_lock */
 
2879         __orinoco_set_multicast_list(dev);
 
2884 /* FIXME: return int? */
 
2886 __orinoco_set_multicast_list(struct net_device *dev)
 
2888         struct orinoco_private *priv = netdev_priv(dev);
 
2889         hermes_t *hw = &priv->hw;
 
2891         int promisc, mc_count;
 
2893         /* The Hermes doesn't seem to have an allmulti mode, so we go
 
2894          * into promiscuous mode and let the upper levels deal. */
 
2895         if ( (dev->flags & IFF_PROMISC) || (dev->flags & IFF_ALLMULTI) ||
 
2896              (dev->mc_count > MAX_MULTICAST(priv)) ) {
 
2901                 mc_count = dev->mc_count;
 
2904         if (promisc != priv->promiscuous) {
 
2905                 err = hermes_write_wordrec(hw, USER_BAP,
 
2906                                            HERMES_RID_CNFPROMISCUOUSMODE,
 
2909                         printk(KERN_ERR "%s: Error %d setting PROMISCUOUSMODE to 1.\n",
 
2912                         priv->promiscuous = promisc;
 
2915         /* If we're not in promiscuous mode, then we need to set the
 
2916          * group address if either we want to multicast, or if we were
 
2917          * multicasting and want to stop */
 
2918         if (! promisc && (mc_count || priv->mc_count) ) {
 
2919                 struct dev_mc_list *p = dev->mc_list;
 
2920                 struct hermes_multicast mclist;
 
2923                 for (i = 0; i < mc_count; i++) {
 
2924                         /* paranoia: is list shorter than mc_count? */
 
2926                         /* paranoia: bad address size in list? */
 
2927                         BUG_ON(p->dmi_addrlen != ETH_ALEN);
 
2929                         memcpy(mclist.addr[i], p->dmi_addr, ETH_ALEN);
 
2934                         printk(KERN_WARNING "%s: Multicast list is "
 
2935                                "longer than mc_count\n", dev->name);
 
2937                 err = hermes_write_ltv(hw, USER_BAP,
 
2938                                    HERMES_RID_CNFGROUPADDRESSES,
 
2939                                    HERMES_BYTES_TO_RECLEN(mc_count * ETH_ALEN),
 
2942                         printk(KERN_ERR "%s: Error %d setting multicast list.\n",
 
2945                         priv->mc_count = mc_count;
 
2949 /* This must be called from user context, without locks held - use
 
2950  * schedule_work() */
 
2951 static void orinoco_reset(struct work_struct *work)
 
2953         struct orinoco_private *priv =
 
2954                 container_of(work, struct orinoco_private, reset_work);
 
2955         struct net_device *dev = priv->ndev;
 
2956         struct hermes *hw = &priv->hw;
 
2958         unsigned long flags;
 
2960         if (orinoco_lock(priv, &flags) != 0)
 
2961                 /* When the hardware becomes available again, whatever
 
2962                  * detects that is responsible for re-initializing
 
2963                  * it. So no need for anything further */
 
2966         netif_stop_queue(dev);
 
2968         /* Shut off interrupts.  Depending on what state the hardware
 
2969          * is in, this might not work, but we'll try anyway */
 
2970         hermes_set_irqmask(hw, 0);
 
2971         hermes_write_regn(hw, EVACK, 0xffff);
 
2973         priv->hw_unavailable++;
 
2974         priv->last_linkstatus = 0xffff; /* firmware will have to reassociate */
 
2975         netif_carrier_off(dev);
 
2977         orinoco_unlock(priv, &flags);
 
2979         /* Scanning support: Cleanup of driver struct */
 
2980         orinoco_clear_scan_results(priv, 0);
 
2981         priv->scan_inprogress = 0;
 
2983         if (priv->hard_reset) {
 
2984                 err = (*priv->hard_reset)(priv);
 
2986                         printk(KERN_ERR "%s: orinoco_reset: Error %d "
 
2987                                "performing hard reset\n", dev->name, err);
 
2992         err = orinoco_reinit_firmware(dev);
 
2994                 printk(KERN_ERR "%s: orinoco_reset: Error %d re-initializing firmware\n",
 
2999         spin_lock_irq(&priv->lock); /* This has to be called from user context */
 
3001         priv->hw_unavailable--;
 
3003         /* priv->open or priv->hw_unavailable might have changed while
 
3004          * we dropped the lock */
 
3005         if (priv->open && (! priv->hw_unavailable)) {
 
3006                 err = __orinoco_up(dev);
 
3008                         printk(KERN_ERR "%s: orinoco_reset: Error %d reenabling card\n",
 
3011                         dev->trans_start = jiffies;
 
3014         spin_unlock_irq(&priv->lock);
 
3018         hermes_set_irqmask(hw, 0);
 
3019         netif_device_detach(dev);
 
3020         printk(KERN_ERR "%s: Device has been disabled!\n", dev->name);
 
3023 /********************************************************************/
 
3024 /* Interrupt handler                                                */
 
3025 /********************************************************************/
 
3027 static void __orinoco_ev_tick(struct net_device *dev, hermes_t *hw)
 
3029         printk(KERN_DEBUG "%s: TICK\n", dev->name);
 
3032 static void __orinoco_ev_wterr(struct net_device *dev, hermes_t *hw)
 
3034         /* This seems to happen a fair bit under load, but ignoring it
 
3035            seems to work fine...*/
 
3036         printk(KERN_DEBUG "%s: MAC controller error (WTERR). Ignoring.\n",
 
3040 irqreturn_t orinoco_interrupt(int irq, void *dev_id)
 
3042         struct net_device *dev = dev_id;
 
3043         struct orinoco_private *priv = netdev_priv(dev);
 
3044         hermes_t *hw = &priv->hw;
 
3045         int count = MAX_IRQLOOPS_PER_IRQ;
 
3047         /* These are used to detect a runaway interrupt situation */
 
3048         /* If we get more than MAX_IRQLOOPS_PER_JIFFY iterations in a jiffy,
 
3049          * we panic and shut down the hardware */
 
3050         static int last_irq_jiffy = 0; /* jiffies value the last time
 
3052         static int loops_this_jiffy = 0;
 
3053         unsigned long flags;
 
3055         if (orinoco_lock(priv, &flags) != 0) {
 
3056                 /* If hw is unavailable - we don't know if the irq was
 
3061         evstat = hermes_read_regn(hw, EVSTAT);
 
3062         events = evstat & hw->inten;
 
3064                 orinoco_unlock(priv, &flags);
 
3068         if (jiffies != last_irq_jiffy)
 
3069                 loops_this_jiffy = 0;
 
3070         last_irq_jiffy = jiffies;
 
3072         while (events && count--) {
 
3073                 if (++loops_this_jiffy > MAX_IRQLOOPS_PER_JIFFY) {
 
3074                         printk(KERN_WARNING "%s: IRQ handler is looping too "
 
3075                                "much! Resetting.\n", dev->name);
 
3076                         /* Disable interrupts for now */
 
3077                         hermes_set_irqmask(hw, 0);
 
3078                         schedule_work(&priv->reset_work);
 
3082                 /* Check the card hasn't been removed */
 
3083                 if (! hermes_present(hw)) {
 
3084                         DEBUG(0, "orinoco_interrupt(): card removed\n");
 
3088                 if (events & HERMES_EV_TICK)
 
3089                         __orinoco_ev_tick(dev, hw);
 
3090                 if (events & HERMES_EV_WTERR)
 
3091                         __orinoco_ev_wterr(dev, hw);
 
3092                 if (events & HERMES_EV_INFDROP)
 
3093                         __orinoco_ev_infdrop(dev, hw);
 
3094                 if (events & HERMES_EV_INFO)
 
3095                         __orinoco_ev_info(dev, hw);
 
3096                 if (events & HERMES_EV_RX)
 
3097                         __orinoco_ev_rx(dev, hw);
 
3098                 if (events & HERMES_EV_TXEXC)
 
3099                         __orinoco_ev_txexc(dev, hw);
 
3100                 if (events & HERMES_EV_TX)
 
3101                         __orinoco_ev_tx(dev, hw);
 
3102                 if (events & HERMES_EV_ALLOC)
 
3103                         __orinoco_ev_alloc(dev, hw);
 
3105                 hermes_write_regn(hw, EVACK, evstat);
 
3107                 evstat = hermes_read_regn(hw, EVSTAT);
 
3108                 events = evstat & hw->inten;
 
3111         orinoco_unlock(priv, &flags);
 
3115 /********************************************************************/
 
3116 /* Power management                                                 */
 
3117 /********************************************************************/
 
3118 #if defined(CONFIG_PM_SLEEP) && !defined(CONFIG_HERMES_CACHE_FW_ON_INIT)
 
3119 static int orinoco_pm_notifier(struct notifier_block *notifier,
 
3120                                unsigned long pm_event,
 
3123         struct orinoco_private *priv = container_of(notifier,
 
3124                                                     struct orinoco_private,
 
3127         /* All we need to do is cache the firmware before suspend, and
 
3128          * release it when we come out.
 
3130          * Only need to do this if we're downloading firmware. */
 
3131         if (!priv->do_fw_download)
 
3135         case PM_HIBERNATION_PREPARE:
 
3136         case PM_SUSPEND_PREPARE:
 
3137                 orinoco_cache_fw(priv, 0);
 
3140         case PM_POST_RESTORE:
 
3141                 /* Restore from hibernation failed. We need to clean
 
3142                  * up in exactly the same way, so fall through. */
 
3143         case PM_POST_HIBERNATION:
 
3144         case PM_POST_SUSPEND:
 
3145                 orinoco_uncache_fw(priv);
 
3148         case PM_RESTORE_PREPARE:
 
3155 #else /* !PM_SLEEP || HERMES_CACHE_FW_ON_INIT */
 
3156 #define orinoco_pm_notifier NULL
 
3159 /********************************************************************/
 
3160 /* Initialization                                                   */
 
3161 /********************************************************************/
 
3164         u16 id, variant, major, minor;
 
3165 } __attribute__ ((packed));
 
3167 static inline fwtype_t determine_firmware_type(struct comp_id *nic_id)
 
3169         if (nic_id->id < 0x8000)
 
3170                 return FIRMWARE_TYPE_AGERE;
 
3171         else if (nic_id->id == 0x8000 && nic_id->major == 0)
 
3172                 return FIRMWARE_TYPE_SYMBOL;
 
3174                 return FIRMWARE_TYPE_INTERSIL;
 
3177 /* Set priv->firmware type, determine firmware properties */
 
3178 static int determine_firmware(struct net_device *dev)
 
3180         struct orinoco_private *priv = netdev_priv(dev);
 
3181         hermes_t *hw = &priv->hw;
 
3183         struct comp_id nic_id, sta_id;
 
3184         unsigned int firmver;
 
3185         char tmp[SYMBOL_MAX_VER_LEN+1] __attribute__((aligned(2)));
 
3187         /* Get the hardware version */
 
3188         err = HERMES_READ_RECORD(hw, USER_BAP, HERMES_RID_NICID, &nic_id);
 
3190                 printk(KERN_ERR "%s: Cannot read hardware identity: error %d\n",
 
3195         le16_to_cpus(&nic_id.id);
 
3196         le16_to_cpus(&nic_id.variant);
 
3197         le16_to_cpus(&nic_id.major);
 
3198         le16_to_cpus(&nic_id.minor);
 
3199         printk(KERN_DEBUG "%s: Hardware identity %04x:%04x:%04x:%04x\n",
 
3200                dev->name, nic_id.id, nic_id.variant,
 
3201                nic_id.major, nic_id.minor);
 
3203         priv->firmware_type = determine_firmware_type(&nic_id);
 
3205         /* Get the firmware version */
 
3206         err = HERMES_READ_RECORD(hw, USER_BAP, HERMES_RID_STAID, &sta_id);
 
3208                 printk(KERN_ERR "%s: Cannot read station identity: error %d\n",
 
3213         le16_to_cpus(&sta_id.id);
 
3214         le16_to_cpus(&sta_id.variant);
 
3215         le16_to_cpus(&sta_id.major);
 
3216         le16_to_cpus(&sta_id.minor);
 
3217         printk(KERN_DEBUG "%s: Station identity  %04x:%04x:%04x:%04x\n",
 
3218                dev->name, sta_id.id, sta_id.variant,
 
3219                sta_id.major, sta_id.minor);
 
3221         switch (sta_id.id) {
 
3223                 printk(KERN_ERR "%s: Primary firmware is active\n",
 
3227                 printk(KERN_ERR "%s: Tertiary firmware is active\n",
 
3230         case 0x1f:      /* Intersil, Agere, Symbol Spectrum24 */
 
3231         case 0x21:      /* Symbol Spectrum24 Trilogy */
 
3234                 printk(KERN_NOTICE "%s: Unknown station ID, please report\n",
 
3239         /* Default capabilities */
 
3240         priv->has_sensitivity = 1;
 
3242         priv->has_preamble = 0;
 
3243         priv->has_port3 = 1;
 
3246         priv->has_big_wep = 0;
 
3247         priv->has_alt_txcntl = 0;
 
3248         priv->has_ext_scan = 0;
 
3250         priv->do_fw_download = 0;
 
3252         /* Determine capabilities from the firmware version */
 
3253         switch (priv->firmware_type) {
 
3254         case FIRMWARE_TYPE_AGERE:
 
3255                 /* Lucent Wavelan IEEE, Lucent Orinoco, Cabletron RoamAbout,
 
3256                    ELSA, Melco, HP, IBM, Dell 1150, Compaq 110/210 */
 
3257                 snprintf(priv->fw_name, sizeof(priv->fw_name) - 1,
 
3258                          "Lucent/Agere %d.%02d", sta_id.major, sta_id.minor);
 
3260                 firmver = ((unsigned long)sta_id.major << 16) | sta_id.minor;
 
3262                 priv->has_ibss = (firmver >= 0x60006);
 
3263                 priv->has_wep = (firmver >= 0x40020);
 
3264                 priv->has_big_wep = 1; /* FIXME: this is wrong - how do we tell
 
3265                                           Gold cards from the others? */
 
3266                 priv->has_mwo = (firmver >= 0x60000);
 
3267                 priv->has_pm = (firmver >= 0x40020); /* Don't work in 7.52 ? */
 
3268                 priv->ibss_port = 1;
 
3269                 priv->has_hostscan = (firmver >= 0x8000a);
 
3270                 priv->do_fw_download = 1;
 
3271                 priv->broken_monitor = (firmver >= 0x80000);
 
3272                 priv->has_alt_txcntl = (firmver >= 0x90000); /* All 9.x ? */
 
3273                 priv->has_ext_scan = (firmver >= 0x90000); /* All 9.x ? */
 
3274                 priv->has_wpa = (firmver >= 0x9002a);
 
3275                 /* Tested with Agere firmware :
 
3276                  *      1.16 ; 4.08 ; 4.52 ; 6.04 ; 6.16 ; 7.28 => Jean II
 
3277                  * Tested CableTron firmware : 4.32 => Anton */
 
3279         case FIRMWARE_TYPE_SYMBOL:
 
3280                 /* Symbol , 3Com AirConnect, Intel, Ericsson WLAN */
 
3281                 /* Intel MAC : 00:02:B3:* */
 
3282                 /* 3Com MAC : 00:50:DA:* */
 
3283                 memset(tmp, 0, sizeof(tmp));
 
3284                 /* Get the Symbol firmware version */
 
3285                 err = hermes_read_ltv(hw, USER_BAP,
 
3286                                       HERMES_RID_SECONDARYVERSION_SYMBOL,
 
3287                                       SYMBOL_MAX_VER_LEN, NULL, &tmp);
 
3290                                "%s: Error %d reading Symbol firmware info. Wildly guessing capabilities...\n",
 
3295                         /* The firmware revision is a string, the format is
 
3296                          * something like : "V2.20-01".
 
3297                          * Quick and dirty parsing... - Jean II
 
3299                         firmver = ((tmp[1] - '0') << 16) | ((tmp[3] - '0') << 12)
 
3300                                 | ((tmp[4] - '0') << 8) | ((tmp[6] - '0') << 4)
 
3303                         tmp[SYMBOL_MAX_VER_LEN] = '\0';
 
3306                 snprintf(priv->fw_name, sizeof(priv->fw_name) - 1,
 
3309                 priv->has_ibss = (firmver >= 0x20000);
 
3310                 priv->has_wep = (firmver >= 0x15012);
 
3311                 priv->has_big_wep = (firmver >= 0x20000);
 
3312                 priv->has_pm = (firmver >= 0x20000 && firmver < 0x22000) || 
 
3313                                (firmver >= 0x29000 && firmver < 0x30000) ||
 
3315                 priv->has_preamble = (firmver >= 0x20000);
 
3316                 priv->ibss_port = 4;
 
3318                 /* Symbol firmware is found on various cards, but
 
3319                  * there has been no attempt to check firmware
 
3320                  * download on non-spectrum_cs based cards.
 
3322                  * Given that the Agere firmware download works
 
3323                  * differently, we should avoid doing a firmware
 
3324                  * download with the Symbol algorithm on non-spectrum
 
3327                  * For now we can identify a spectrum_cs based card
 
3328                  * because it has a firmware reset function.
 
3330                 priv->do_fw_download = (priv->stop_fw != NULL);
 
3332                 priv->broken_disableport = (firmver == 0x25013) ||
 
3333                                            (firmver >= 0x30000 && firmver <= 0x31000);
 
3334                 priv->has_hostscan = (firmver >= 0x31001) ||
 
3335                                      (firmver >= 0x29057 && firmver < 0x30000);
 
3336                 /* Tested with Intel firmware : 0x20015 => Jean II */
 
3337                 /* Tested with 3Com firmware : 0x15012 & 0x22001 => Jean II */
 
3339         case FIRMWARE_TYPE_INTERSIL:
 
3340                 /* D-Link, Linksys, Adtron, ZoomAir, and many others...
 
3341                  * Samsung, Compaq 100/200 and Proxim are slightly
 
3342                  * different and less well tested */
 
3343                 /* D-Link MAC : 00:40:05:* */
 
3344                 /* Addtron MAC : 00:90:D1:* */
 
3345                 snprintf(priv->fw_name, sizeof(priv->fw_name) - 1,
 
3346                          "Intersil %d.%d.%d", sta_id.major, sta_id.minor,
 
3349                 firmver = ((unsigned long)sta_id.major << 16) |
 
3350                         ((unsigned long)sta_id.minor << 8) | sta_id.variant;
 
3352                 priv->has_ibss = (firmver >= 0x000700); /* FIXME */
 
3353                 priv->has_big_wep = priv->has_wep = (firmver >= 0x000800);
 
3354                 priv->has_pm = (firmver >= 0x000700);
 
3355                 priv->has_hostscan = (firmver >= 0x010301);
 
3357                 if (firmver >= 0x000800)
 
3358                         priv->ibss_port = 0;
 
3360                         printk(KERN_NOTICE "%s: Intersil firmware earlier "
 
3361                                "than v0.8.x - several features not supported\n",
 
3363                         priv->ibss_port = 1;
 
3367         printk(KERN_DEBUG "%s: Firmware determined as %s\n", dev->name,
 
3373 static int orinoco_init(struct net_device *dev)
 
3375         struct orinoco_private *priv = netdev_priv(dev);
 
3376         hermes_t *hw = &priv->hw;
 
3378         struct hermes_idstring nickbuf;
 
3382         /* No need to lock, the hw_unavailable flag is already set in
 
3383          * alloc_orinocodev() */
 
3384         priv->nicbuf_size = IEEE80211_MAX_FRAME_LEN + ETH_HLEN;
 
3386         /* Initialize the firmware */
 
3387         err = hermes_init(hw);
 
3389                 printk(KERN_ERR "%s: failed to initialize firmware (err = %d)\n",
 
3394         err = determine_firmware(dev);
 
3396                 printk(KERN_ERR "%s: Incompatible firmware, aborting\n",
 
3401         if (priv->do_fw_download) {
 
3402 #ifdef CONFIG_HERMES_CACHE_FW_ON_INIT
 
3403                 orinoco_cache_fw(priv, 0);
 
3406                 err = orinoco_download(priv);
 
3408                         priv->do_fw_download = 0;
 
3410                 /* Check firmware version again */
 
3411                 err = determine_firmware(dev);
 
3413                         printk(KERN_ERR "%s: Incompatible firmware, aborting\n",
 
3419         if (priv->has_port3)
 
3420                 printk(KERN_DEBUG "%s: Ad-hoc demo mode supported\n", dev->name);
 
3422                 printk(KERN_DEBUG "%s: IEEE standard IBSS ad-hoc mode supported\n",
 
3424         if (priv->has_wep) {
 
3425                 printk(KERN_DEBUG "%s: WEP supported, ", dev->name);
 
3426                 if (priv->has_big_wep)
 
3427                         printk("104-bit key\n");
 
3429                         printk("40-bit key\n");
 
3431         if (priv->has_wpa) {
 
3432                 printk(KERN_DEBUG "%s: WPA-PSK supported\n", dev->name);
 
3433                 if (orinoco_mic_init(priv)) {
 
3434                         printk(KERN_ERR "%s: Failed to setup MIC crypto "
 
3435                                "algorithm. Disabling WPA support\n", dev->name);
 
3440         /* Now we have the firmware capabilities, allocate appropiate
 
3441          * sized scan buffers */
 
3442         if (orinoco_bss_data_allocate(priv))
 
3444         orinoco_bss_data_init(priv);
 
3446         /* Get the MAC address */
 
3447         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CNFOWNMACADDR,
 
3448                               ETH_ALEN, NULL, dev->dev_addr);
 
3450                 printk(KERN_WARNING "%s: failed to read MAC address!\n",
 
3455         printk(KERN_DEBUG "%s: MAC address %pM\n",
 
3456                dev->name, dev->dev_addr);
 
3458         /* Get the station name */
 
3459         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CNFOWNNAME,
 
3460                               sizeof(nickbuf), &reclen, &nickbuf);
 
3462                 printk(KERN_ERR "%s: failed to read station name\n",
 
3467                 len = min(IW_ESSID_MAX_SIZE, (int)le16_to_cpu(nickbuf.len));
 
3469                 len = min(IW_ESSID_MAX_SIZE, 2 * reclen);
 
3470         memcpy(priv->nick, &nickbuf.val, len);
 
3471         priv->nick[len] = '\0';
 
3473         printk(KERN_DEBUG "%s: Station name \"%s\"\n", dev->name, priv->nick);
 
3475         err = orinoco_allocate_fid(dev);
 
3477                 printk(KERN_ERR "%s: failed to allocate NIC buffer!\n",
 
3482         /* Get allowed channels */
 
3483         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CHANNELLIST,
 
3484                                   &priv->channel_mask);
 
3486                 printk(KERN_ERR "%s: failed to read channel list!\n",
 
3491         /* Get initial AP density */
 
3492         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFSYSTEMSCALE,
 
3494         if (err || priv->ap_density < 1 || priv->ap_density > 3) {
 
3495                 priv->has_sensitivity = 0;
 
3498         /* Get initial RTS threshold */
 
3499         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFRTSTHRESHOLD,
 
3502                 printk(KERN_ERR "%s: failed to read RTS threshold!\n",
 
3507         /* Get initial fragmentation settings */
 
3509                 err = hermes_read_wordrec(hw, USER_BAP,
 
3510                                           HERMES_RID_CNFMWOROBUST_AGERE,
 
3513                 err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
 
3514                                           &priv->frag_thresh);
 
3516                 printk(KERN_ERR "%s: failed to read fragmentation settings!\n",
 
3521         /* Power management setup */
 
3525                 err = hermes_read_wordrec(hw, USER_BAP,
 
3526                                           HERMES_RID_CNFMAXSLEEPDURATION,
 
3529                         printk(KERN_ERR "%s: failed to read power management period!\n",
 
3533                 err = hermes_read_wordrec(hw, USER_BAP,
 
3534                                           HERMES_RID_CNFPMHOLDOVERDURATION,
 
3537                         printk(KERN_ERR "%s: failed to read power management timeout!\n",
 
3543         /* Preamble setup */
 
3544         if (priv->has_preamble) {
 
3545                 err = hermes_read_wordrec(hw, USER_BAP,
 
3546                                           HERMES_RID_CNFPREAMBLE_SYMBOL,
 
3552         /* Set up the default configuration */
 
3553         priv->iw_mode = IW_MODE_INFRA;
 
3554         /* By default use IEEE/IBSS ad-hoc mode if we have it */
 
3555         priv->prefer_port3 = priv->has_port3 && (! priv->has_ibss);
 
3556         set_port_type(priv);
 
3557         priv->channel = 0; /* use firmware default */
 
3559         priv->promiscuous = 0;
 
3560         priv->encode_alg = IW_ENCODE_ALG_NONE;
 
3562         priv->wpa_enabled = 0;
 
3563         priv->tkip_cm_active = 0;
 
3565         priv->wpa_ie_len = 0;
 
3566         priv->wpa_ie = NULL;
 
3568         /* Make the hardware available, as long as it hasn't been
 
3569          * removed elsewhere (e.g. by PCMCIA hot unplug) */
 
3570         spin_lock_irq(&priv->lock);
 
3571         priv->hw_unavailable--;
 
3572         spin_unlock_irq(&priv->lock);
 
3574         printk(KERN_DEBUG "%s: ready\n", dev->name);
 
3581 *alloc_orinocodev(int sizeof_card,
 
3582                   struct device *device,
 
3583                   int (*hard_reset)(struct orinoco_private *),
 
3584                   int (*stop_fw)(struct orinoco_private *, int))
 
3586         struct net_device *dev;
 
3587         struct orinoco_private *priv;
 
3589         dev = alloc_etherdev(sizeof(struct orinoco_private) + sizeof_card);
 
3592         priv = netdev_priv(dev);
 
3595                 priv->card = (void *)((unsigned long)priv
 
3596                                       + sizeof(struct orinoco_private));
 
3601         /* Setup / override net_device fields */
 
3602         dev->init = orinoco_init;
 
3603         dev->hard_start_xmit = orinoco_xmit;
 
3604         dev->tx_timeout = orinoco_tx_timeout;
 
3605         dev->watchdog_timeo = HZ; /* 1 second timeout */
 
3606         dev->get_stats = orinoco_get_stats;
 
3607         dev->ethtool_ops = &orinoco_ethtool_ops;
 
3608         dev->wireless_handlers = (struct iw_handler_def *)&orinoco_handler_def;
 
3610         priv->wireless_data.spy_data = &priv->spy_data;
 
3611         dev->wireless_data = &priv->wireless_data;
 
3613         dev->change_mtu = orinoco_change_mtu;
 
3614         dev->set_multicast_list = orinoco_set_multicast_list;
 
3615         /* we use the default eth_mac_addr for setting the MAC addr */
 
3617         /* Reserve space in skb for the SNAP header */
 
3618         dev->hard_header_len += ENCAPS_OVERHEAD;
 
3620         /* Set up default callbacks */
 
3621         dev->open = orinoco_open;
 
3622         dev->stop = orinoco_stop;
 
3623         priv->hard_reset = hard_reset;
 
3624         priv->stop_fw = stop_fw;
 
3626         spin_lock_init(&priv->lock);
 
3628         priv->hw_unavailable = 1; /* orinoco_init() must clear this
 
3629                                    * before anything else touches the
 
3631         INIT_WORK(&priv->reset_work, orinoco_reset);
 
3632         INIT_WORK(&priv->join_work, orinoco_join_ap);
 
3633         INIT_WORK(&priv->wevent_work, orinoco_send_wevents);
 
3635         INIT_LIST_HEAD(&priv->rx_list);
 
3636         tasklet_init(&priv->rx_tasklet, orinoco_rx_isr_tasklet,
 
3637                      (unsigned long) dev);
 
3639         netif_carrier_off(dev);
 
3640         priv->last_linkstatus = 0xffff;
 
3642         priv->cached_pri_fw = NULL;
 
3643         priv->cached_fw = NULL;
 
3645         /* Register PM notifiers */
 
3646         priv->pm_notifier.notifier_call = orinoco_pm_notifier;
 
3647         register_pm_notifier(&priv->pm_notifier);
 
3652 void free_orinocodev(struct net_device *dev)
 
3654         struct orinoco_private *priv = netdev_priv(dev);
 
3655         struct orinoco_rx_data *rx_data, *temp;
 
3657         /* If the tasklet is scheduled when we call tasklet_kill it
 
3658          * will run one final time. However the tasklet will only
 
3659          * drain priv->rx_list if the hw is still available. */
 
3660         tasklet_kill(&priv->rx_tasklet);
 
3662         /* Explicitly drain priv->rx_list */
 
3663         list_for_each_entry_safe(rx_data, temp, &priv->rx_list, list) {
 
3664                 list_del(&rx_data->list);
 
3666                 dev_kfree_skb(rx_data->skb);
 
3667                 kfree(rx_data->desc);
 
3671         unregister_pm_notifier(&priv->pm_notifier);
 
3672         orinoco_uncache_fw(priv);
 
3674         priv->wpa_ie_len = 0;
 
3675         kfree(priv->wpa_ie);
 
3676         orinoco_mic_free(priv);
 
3677         orinoco_bss_data_free(priv);
 
3681 /********************************************************************/
 
3682 /* Wireless extensions                                              */
 
3683 /********************************************************************/
 
3685 /* Return : < 0 -> error code ; >= 0 -> length */
 
3686 static int orinoco_hw_get_essid(struct orinoco_private *priv, int *active,
 
3687                                 char buf[IW_ESSID_MAX_SIZE+1])
 
3689         hermes_t *hw = &priv->hw;
 
3691         struct hermes_idstring essidbuf;
 
3692         char *p = (char *)(&essidbuf.val);
 
3694         unsigned long flags;
 
3696         if (orinoco_lock(priv, &flags) != 0)
 
3699         if (strlen(priv->desired_essid) > 0) {
 
3700                 /* We read the desired SSID from the hardware rather
 
3701                    than from priv->desired_essid, just in case the
 
3702                    firmware is allowed to change it on us. I'm not
 
3704                 /* My guess is that the OWNSSID should always be whatever
 
3705                  * we set to the card, whereas CURRENT_SSID is the one that
 
3706                  * may change... - Jean II */
 
3711                 rid = (priv->port_type == 3) ? HERMES_RID_CNFOWNSSID :
 
3712                         HERMES_RID_CNFDESIREDSSID;
 
3714                 err = hermes_read_ltv(hw, USER_BAP, rid, sizeof(essidbuf),
 
3721                 err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTSSID,
 
3722                                       sizeof(essidbuf), NULL, &essidbuf);
 
3727         len = le16_to_cpu(essidbuf.len);
 
3728         BUG_ON(len > IW_ESSID_MAX_SIZE);
 
3730         memset(buf, 0, IW_ESSID_MAX_SIZE);
 
3731         memcpy(buf, p, len);
 
3735         orinoco_unlock(priv, &flags);
 
3740 static int orinoco_hw_get_freq(struct orinoco_private *priv)
 
3743         hermes_t *hw = &priv->hw;
 
3747         unsigned long flags;
 
3749         if (orinoco_lock(priv, &flags) != 0)
 
3752         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CURRENTCHANNEL, &channel);
 
3756         /* Intersil firmware 1.3.5 returns 0 when the interface is down */
 
3762         if ( (channel < 1) || (channel > NUM_CHANNELS) ) {
 
3763                 printk(KERN_WARNING "%s: Channel out of range (%d)!\n",
 
3764                        priv->ndev->name, channel);
 
3769         freq = ieee80211_dsss_chan_to_freq(channel);
 
3772         orinoco_unlock(priv, &flags);
 
3776         return err ? err : freq;
 
3779 static int orinoco_hw_get_bitratelist(struct orinoco_private *priv,
 
3780                                       int *numrates, s32 *rates, int max)
 
3782         hermes_t *hw = &priv->hw;
 
3783         struct hermes_idstring list;
 
3784         unsigned char *p = (unsigned char *)&list.val;
 
3788         unsigned long flags;
 
3790         if (orinoco_lock(priv, &flags) != 0)
 
3793         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_SUPPORTEDDATARATES,
 
3794                               sizeof(list), NULL, &list);
 
3795         orinoco_unlock(priv, &flags);
 
3800         num = le16_to_cpu(list.len);
 
3802         num = min(num, max);
 
3804         for (i = 0; i < num; i++) {
 
3805                 rates[i] = (p[i] & 0x7f) * 500000; /* convert to bps */
 
3811 static int orinoco_ioctl_getname(struct net_device *dev,
 
3812                                  struct iw_request_info *info,
 
3816         struct orinoco_private *priv = netdev_priv(dev);
 
3820         err = orinoco_hw_get_bitratelist(priv, &numrates, NULL, 0);
 
3822         if (!err && (numrates > 2))
 
3823                 strcpy(name, "IEEE 802.11b");
 
3825                 strcpy(name, "IEEE 802.11-DS");
 
3830 static int orinoco_ioctl_setwap(struct net_device *dev,
 
3831                                 struct iw_request_info *info,
 
3832                                 struct sockaddr *ap_addr,
 
3835         struct orinoco_private *priv = netdev_priv(dev);
 
3836         int err = -EINPROGRESS;         /* Call commit handler */
 
3837         unsigned long flags;
 
3838         static const u8 off_addr[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
 
3839         static const u8 any_addr[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 
3841         if (orinoco_lock(priv, &flags) != 0)
 
3844         /* Enable automatic roaming - no sanity checks are needed */
 
3845         if (memcmp(&ap_addr->sa_data, off_addr, ETH_ALEN) == 0 ||
 
3846             memcmp(&ap_addr->sa_data, any_addr, ETH_ALEN) == 0) {
 
3847                 priv->bssid_fixed = 0;
 
3848                 memset(priv->desired_bssid, 0, ETH_ALEN);
 
3850                 /* "off" means keep existing connection */
 
3851                 if (ap_addr->sa_data[0] == 0) {
 
3852                         __orinoco_hw_set_wap(priv);
 
3858         if (priv->firmware_type == FIRMWARE_TYPE_AGERE) {
 
3859                 printk(KERN_WARNING "%s: Lucent/Agere firmware doesn't "
 
3860                        "support manual roaming\n",
 
3866         if (priv->iw_mode != IW_MODE_INFRA) {
 
3867                 printk(KERN_WARNING "%s: Manual roaming supported only in "
 
3868                        "managed mode\n", dev->name);
 
3873         /* Intersil firmware hangs without Desired ESSID */
 
3874         if (priv->firmware_type == FIRMWARE_TYPE_INTERSIL &&
 
3875             strlen(priv->desired_essid) == 0) {
 
3876                 printk(KERN_WARNING "%s: Desired ESSID must be set for "
 
3877                        "manual roaming\n", dev->name);
 
3882         /* Finally, enable manual roaming */
 
3883         priv->bssid_fixed = 1;
 
3884         memcpy(priv->desired_bssid, &ap_addr->sa_data, ETH_ALEN);
 
3887         orinoco_unlock(priv, &flags);
 
3891 static int orinoco_ioctl_getwap(struct net_device *dev,
 
3892                                 struct iw_request_info *info,
 
3893                                 struct sockaddr *ap_addr,
 
3896         struct orinoco_private *priv = netdev_priv(dev);
 
3898         hermes_t *hw = &priv->hw;
 
3900         unsigned long flags;
 
3902         if (orinoco_lock(priv, &flags) != 0)
 
3905         ap_addr->sa_family = ARPHRD_ETHER;
 
3906         err = hermes_read_ltv(hw, USER_BAP, HERMES_RID_CURRENTBSSID,
 
3907                               ETH_ALEN, NULL, ap_addr->sa_data);
 
3909         orinoco_unlock(priv, &flags);
 
3914 static int orinoco_ioctl_setmode(struct net_device *dev,
 
3915                                  struct iw_request_info *info,
 
3919         struct orinoco_private *priv = netdev_priv(dev);
 
3920         int err = -EINPROGRESS;         /* Call commit handler */
 
3921         unsigned long flags;
 
3923         if (priv->iw_mode == *mode)
 
3926         if (orinoco_lock(priv, &flags) != 0)
 
3931                 if (!priv->has_ibss && !priv->has_port3)
 
3938         case IW_MODE_MONITOR:
 
3939                 if (priv->broken_monitor && !force_monitor) {
 
3940                         printk(KERN_WARNING "%s: Monitor mode support is "
 
3941                                "buggy in this firmware, not enabling\n",
 
3952         if (err == -EINPROGRESS) {
 
3953                 priv->iw_mode = *mode;
 
3954                 set_port_type(priv);
 
3957         orinoco_unlock(priv, &flags);
 
3962 static int orinoco_ioctl_getmode(struct net_device *dev,
 
3963                                  struct iw_request_info *info,
 
3967         struct orinoco_private *priv = netdev_priv(dev);
 
3969         *mode = priv->iw_mode;
 
3973 static int orinoco_ioctl_getiwrange(struct net_device *dev,
 
3974                                     struct iw_request_info *info,
 
3975                                     struct iw_point *rrq,
 
3978         struct orinoco_private *priv = netdev_priv(dev);
 
3980         struct iw_range *range = (struct iw_range *) extra;
 
3984         rrq->length = sizeof(struct iw_range);
 
3985         memset(range, 0, sizeof(struct iw_range));
 
3987         range->we_version_compiled = WIRELESS_EXT;
 
3988         range->we_version_source = 22;
 
3990         /* Set available channels/frequencies */
 
3991         range->num_channels = NUM_CHANNELS;
 
3993         for (i = 0; i < NUM_CHANNELS; i++) {
 
3994                 if (priv->channel_mask & (1 << i)) {
 
3995                         range->freq[k].i = i + 1;
 
3996                         range->freq[k].m = (ieee80211_dsss_chan_to_freq(i + 1) *
 
3998                         range->freq[k].e = 1;
 
4002                 if (k >= IW_MAX_FREQUENCIES)
 
4005         range->num_frequency = k;
 
4006         range->sensitivity = 3;
 
4008         if (priv->has_wep) {
 
4009                 range->max_encoding_tokens = ORINOCO_MAX_KEYS;
 
4010                 range->encoding_size[0] = SMALL_KEY_SIZE;
 
4011                 range->num_encoding_sizes = 1;
 
4013                 if (priv->has_big_wep) {
 
4014                         range->encoding_size[1] = LARGE_KEY_SIZE;
 
4015                         range->num_encoding_sizes = 2;
 
4020                 range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_CIPHER_TKIP;
 
4022         if ((priv->iw_mode == IW_MODE_ADHOC) && (!SPY_NUMBER(priv))){
 
4023                 /* Quality stats meaningless in ad-hoc mode */
 
4025                 range->max_qual.qual = 0x8b - 0x2f;
 
4026                 range->max_qual.level = 0x2f - 0x95 - 1;
 
4027                 range->max_qual.noise = 0x2f - 0x95 - 1;
 
4028                 /* Need to get better values */
 
4029                 range->avg_qual.qual = 0x24;
 
4030                 range->avg_qual.level = 0xC2;
 
4031                 range->avg_qual.noise = 0x9E;
 
4034         err = orinoco_hw_get_bitratelist(priv, &numrates,
 
4035                                          range->bitrate, IW_MAX_BITRATES);
 
4038         range->num_bitrates = numrates;
 
4040         /* Set an indication of the max TCP throughput in bit/s that we can
 
4041          * expect using this interface. May be use for QoS stuff...
 
4044                 range->throughput = 5 * 1000 * 1000;    /* ~5 Mb/s */
 
4046                 range->throughput = 1.5 * 1000 * 1000;  /* ~1.5 Mb/s */
 
4049         range->max_rts = 2347;
 
4050         range->min_frag = 256;
 
4051         range->max_frag = 2346;
 
4054         range->max_pmp = 65535000;
 
4056         range->max_pmt = 65535 * 1000;  /* ??? */
 
4057         range->pmp_flags = IW_POWER_PERIOD;
 
4058         range->pmt_flags = IW_POWER_TIMEOUT;
 
4059         range->pm_capa = IW_POWER_PERIOD | IW_POWER_TIMEOUT | IW_POWER_UNICAST_R;
 
4061         range->retry_capa = IW_RETRY_LIMIT | IW_RETRY_LIFETIME;
 
4062         range->retry_flags = IW_RETRY_LIMIT;
 
4063         range->r_time_flags = IW_RETRY_LIFETIME;
 
4064         range->min_retry = 0;
 
4065         range->max_retry = 65535;       /* ??? */
 
4066         range->min_r_time = 0;
 
4067         range->max_r_time = 65535 * 1000;       /* ??? */
 
4069         if (priv->firmware_type == FIRMWARE_TYPE_AGERE)
 
4070                 range->scan_capa = IW_SCAN_CAPA_ESSID;
 
4072                 range->scan_capa = IW_SCAN_CAPA_NONE;
 
4074         /* Event capability (kernel) */
 
4075         IW_EVENT_CAPA_SET_KERNEL(range->event_capa);
 
4076         /* Event capability (driver) */
 
4077         IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWTHRSPY);
 
4078         IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWAP);
 
4079         IW_EVENT_CAPA_SET(range->event_capa, SIOCGIWSCAN);
 
4080         IW_EVENT_CAPA_SET(range->event_capa, IWEVTXDROP);
 
4085 static int orinoco_ioctl_setiwencode(struct net_device *dev,
 
4086                                      struct iw_request_info *info,
 
4087                                      struct iw_point *erq,
 
4090         struct orinoco_private *priv = netdev_priv(dev);
 
4091         int index = (erq->flags & IW_ENCODE_INDEX) - 1;
 
4092         int setindex = priv->tx_key;
 
4093         int encode_alg = priv->encode_alg;
 
4094         int restricted = priv->wep_restrict;
 
4096         int err = -EINPROGRESS;         /* Call commit handler */
 
4097         unsigned long flags;
 
4099         if (! priv->has_wep)
 
4103                 /* We actually have a key to set - check its length */
 
4104                 if (erq->length > LARGE_KEY_SIZE)
 
4107                 if ( (erq->length > SMALL_KEY_SIZE) && !priv->has_big_wep )
 
4111         if (orinoco_lock(priv, &flags) != 0)
 
4114         /* Clear any TKIP key we have */
 
4115         if ((priv->has_wpa) && (priv->encode_alg == IW_ENCODE_ALG_TKIP))
 
4116                 (void) orinoco_clear_tkip_key(priv, setindex);
 
4118         if (erq->length > 0) {
 
4119                 if ((index < 0) || (index >= ORINOCO_MAX_KEYS))
 
4120                         index = priv->tx_key;
 
4122                 /* Adjust key length to a supported value */
 
4123                 if (erq->length > SMALL_KEY_SIZE) {
 
4124                         xlen = LARGE_KEY_SIZE;
 
4125                 } else if (erq->length > 0) {
 
4126                         xlen = SMALL_KEY_SIZE;
 
4130                 /* Switch on WEP if off */
 
4131                 if ((encode_alg != IW_ENCODE_ALG_WEP) && (xlen > 0)) {
 
4133                         encode_alg = IW_ENCODE_ALG_WEP;
 
4136                 /* Important note : if the user do "iwconfig eth0 enc off",
 
4137                  * we will arrive there with an index of -1. This is valid
 
4138                  * but need to be taken care off... Jean II */
 
4139                 if ((index < 0) || (index >= ORINOCO_MAX_KEYS)) {
 
4140                         if((index != -1) || (erq->flags == 0)) {
 
4145                         /* Set the index : Check that the key is valid */
 
4146                         if(priv->keys[index].len == 0) {
 
4154         if (erq->flags & IW_ENCODE_DISABLED)
 
4155                 encode_alg = IW_ENCODE_ALG_NONE;
 
4156         if (erq->flags & IW_ENCODE_OPEN)
 
4158         if (erq->flags & IW_ENCODE_RESTRICTED)
 
4161         if (erq->pointer && erq->length > 0) {
 
4162                 priv->keys[index].len = cpu_to_le16(xlen);
 
4163                 memset(priv->keys[index].data, 0,
 
4164                        sizeof(priv->keys[index].data));
 
4165                 memcpy(priv->keys[index].data, keybuf, erq->length);
 
4167         priv->tx_key = setindex;
 
4169         /* Try fast key change if connected and only keys are changed */
 
4170         if ((priv->encode_alg == encode_alg) &&
 
4171             (priv->wep_restrict == restricted) &&
 
4172             netif_carrier_ok(dev)) {
 
4173                 err = __orinoco_hw_setup_wepkeys(priv);
 
4174                 /* No need to commit if successful */
 
4178         priv->encode_alg = encode_alg;
 
4179         priv->wep_restrict = restricted;
 
4182         orinoco_unlock(priv, &flags);
 
4187 static int orinoco_ioctl_getiwencode(struct net_device *dev,
 
4188                                      struct iw_request_info *info,
 
4189                                      struct iw_point *erq,
 
4192         struct orinoco_private *priv = netdev_priv(dev);
 
4193         int index = (erq->flags & IW_ENCODE_INDEX) - 1;
 
4195         unsigned long flags;
 
4197         if (! priv->has_wep)
 
4200         if (orinoco_lock(priv, &flags) != 0)
 
4203         if ((index < 0) || (index >= ORINOCO_MAX_KEYS))
 
4204                 index = priv->tx_key;
 
4207         if (!priv->encode_alg)
 
4208                 erq->flags |= IW_ENCODE_DISABLED;
 
4209         erq->flags |= index + 1;
 
4211         if (priv->wep_restrict)
 
4212                 erq->flags |= IW_ENCODE_RESTRICTED;
 
4214                 erq->flags |= IW_ENCODE_OPEN;
 
4216         xlen = le16_to_cpu(priv->keys[index].len);
 
4220         memcpy(keybuf, priv->keys[index].data, ORINOCO_MAX_KEY_SIZE);
 
4222         orinoco_unlock(priv, &flags);
 
4226 static int orinoco_ioctl_setessid(struct net_device *dev,
 
4227                                   struct iw_request_info *info,
 
4228                                   struct iw_point *erq,
 
4231         struct orinoco_private *priv = netdev_priv(dev);
 
4232         unsigned long flags;
 
4234         /* Note : ESSID is ignored in Ad-Hoc demo mode, but we can set it
 
4235          * anyway... - Jean II */
 
4237         /* Hum... Should not use Wireless Extension constant (may change),
 
4238          * should use our own... - Jean II */
 
4239         if (erq->length > IW_ESSID_MAX_SIZE)
 
4242         if (orinoco_lock(priv, &flags) != 0)
 
4245         /* NULL the string (for NULL termination & ESSID = ANY) - Jean II */
 
4246         memset(priv->desired_essid, 0, sizeof(priv->desired_essid));
 
4248         /* If not ANY, get the new ESSID */
 
4250                 memcpy(priv->desired_essid, essidbuf, erq->length);
 
4253         orinoco_unlock(priv, &flags);
 
4255         return -EINPROGRESS;            /* Call commit handler */
 
4258 static int orinoco_ioctl_getessid(struct net_device *dev,
 
4259                                   struct iw_request_info *info,
 
4260                                   struct iw_point *erq,
 
4263         struct orinoco_private *priv = netdev_priv(dev);
 
4266         unsigned long flags;
 
4268         if (netif_running(dev)) {
 
4269                 err = orinoco_hw_get_essid(priv, &active, essidbuf);
 
4274                 if (orinoco_lock(priv, &flags) != 0)
 
4276                 memcpy(essidbuf, priv->desired_essid, IW_ESSID_MAX_SIZE);
 
4277                 erq->length = strlen(priv->desired_essid);
 
4278                 orinoco_unlock(priv, &flags);
 
4286 static int orinoco_ioctl_setnick(struct net_device *dev,
 
4287                                  struct iw_request_info *info,
 
4288                                  struct iw_point *nrq,
 
4291         struct orinoco_private *priv = netdev_priv(dev);
 
4292         unsigned long flags;
 
4294         if (nrq->length > IW_ESSID_MAX_SIZE)
 
4297         if (orinoco_lock(priv, &flags) != 0)
 
4300         memset(priv->nick, 0, sizeof(priv->nick));
 
4301         memcpy(priv->nick, nickbuf, nrq->length);
 
4303         orinoco_unlock(priv, &flags);
 
4305         return -EINPROGRESS;            /* Call commit handler */
 
4308 static int orinoco_ioctl_getnick(struct net_device *dev,
 
4309                                  struct iw_request_info *info,
 
4310                                  struct iw_point *nrq,
 
4313         struct orinoco_private *priv = netdev_priv(dev);
 
4314         unsigned long flags;
 
4316         if (orinoco_lock(priv, &flags) != 0)
 
4319         memcpy(nickbuf, priv->nick, IW_ESSID_MAX_SIZE);
 
4320         orinoco_unlock(priv, &flags);
 
4322         nrq->length = strlen(priv->nick);
 
4327 static int orinoco_ioctl_setfreq(struct net_device *dev,
 
4328                                  struct iw_request_info *info,
 
4329                                  struct iw_freq *frq,
 
4332         struct orinoco_private *priv = netdev_priv(dev);
 
4334         unsigned long flags;
 
4335         int err = -EINPROGRESS;         /* Call commit handler */
 
4337         /* In infrastructure mode the AP sets the channel */
 
4338         if (priv->iw_mode == IW_MODE_INFRA)
 
4341         if ( (frq->e == 0) && (frq->m <= 1000) ) {
 
4342                 /* Setting by channel number */
 
4345                 /* Setting by frequency */
 
4349                 /* Calculate denominator to rescale to MHz */
 
4350                 for (i = 0; i < (6 - frq->e); i++)
 
4353                 chan = ieee80211_freq_to_dsss_chan(frq->m / denom);
 
4356         if ( (chan < 1) || (chan > NUM_CHANNELS) ||
 
4357              ! (priv->channel_mask & (1 << (chan-1)) ) )
 
4360         if (orinoco_lock(priv, &flags) != 0)
 
4363         priv->channel = chan;
 
4364         if (priv->iw_mode == IW_MODE_MONITOR) {
 
4365                 /* Fast channel change - no commit if successful */
 
4366                 hermes_t *hw = &priv->hw;
 
4367                 err = hermes_docmd_wait(hw, HERMES_CMD_TEST |
 
4368                                             HERMES_TEST_SET_CHANNEL,
 
4371         orinoco_unlock(priv, &flags);
 
4376 static int orinoco_ioctl_getfreq(struct net_device *dev,
 
4377                                  struct iw_request_info *info,
 
4378                                  struct iw_freq *frq,
 
4381         struct orinoco_private *priv = netdev_priv(dev);
 
4384         /* Locking done in there */
 
4385         tmp = orinoco_hw_get_freq(priv);
 
4390         frq->m = tmp * 100000;
 
4396 static int orinoco_ioctl_getsens(struct net_device *dev,
 
4397                                  struct iw_request_info *info,
 
4398                                  struct iw_param *srq,
 
4401         struct orinoco_private *priv = netdev_priv(dev);
 
4402         hermes_t *hw = &priv->hw;
 
4405         unsigned long flags;
 
4407         if (!priv->has_sensitivity)
 
4410         if (orinoco_lock(priv, &flags) != 0)
 
4412         err = hermes_read_wordrec(hw, USER_BAP,
 
4413                                   HERMES_RID_CNFSYSTEMSCALE, &val);
 
4414         orinoco_unlock(priv, &flags);
 
4420         srq->fixed = 0; /* auto */
 
4425 static int orinoco_ioctl_setsens(struct net_device *dev,
 
4426                                  struct iw_request_info *info,
 
4427                                  struct iw_param *srq,
 
4430         struct orinoco_private *priv = netdev_priv(dev);
 
4431         int val = srq->value;
 
4432         unsigned long flags;
 
4434         if (!priv->has_sensitivity)
 
4437         if ((val < 1) || (val > 3))
 
4440         if (orinoco_lock(priv, &flags) != 0)
 
4442         priv->ap_density = val;
 
4443         orinoco_unlock(priv, &flags);
 
4445         return -EINPROGRESS;            /* Call commit handler */
 
4448 static int orinoco_ioctl_setrts(struct net_device *dev,
 
4449                                 struct iw_request_info *info,
 
4450                                 struct iw_param *rrq,
 
4453         struct orinoco_private *priv = netdev_priv(dev);
 
4454         int val = rrq->value;
 
4455         unsigned long flags;
 
4460         if ( (val < 0) || (val > 2347) )
 
4463         if (orinoco_lock(priv, &flags) != 0)
 
4466         priv->rts_thresh = val;
 
4467         orinoco_unlock(priv, &flags);
 
4469         return -EINPROGRESS;            /* Call commit handler */
 
4472 static int orinoco_ioctl_getrts(struct net_device *dev,
 
4473                                 struct iw_request_info *info,
 
4474                                 struct iw_param *rrq,
 
4477         struct orinoco_private *priv = netdev_priv(dev);
 
4479         rrq->value = priv->rts_thresh;
 
4480         rrq->disabled = (rrq->value == 2347);
 
4486 static int orinoco_ioctl_setfrag(struct net_device *dev,
 
4487                                  struct iw_request_info *info,
 
4488                                  struct iw_param *frq,
 
4491         struct orinoco_private *priv = netdev_priv(dev);
 
4492         int err = -EINPROGRESS;         /* Call commit handler */
 
4493         unsigned long flags;
 
4495         if (orinoco_lock(priv, &flags) != 0)
 
4498         if (priv->has_mwo) {
 
4500                         priv->mwo_robust = 0;
 
4503                                 printk(KERN_WARNING "%s: Fixed fragmentation is "
 
4504                                        "not supported on this firmware. "
 
4505                                        "Using MWO robust instead.\n", dev->name);
 
4506                         priv->mwo_robust = 1;
 
4510                         priv->frag_thresh = 2346;
 
4512                         if ( (frq->value < 256) || (frq->value > 2346) )
 
4515                                 priv->frag_thresh = frq->value & ~0x1; /* must be even */
 
4519         orinoco_unlock(priv, &flags);
 
4524 static int orinoco_ioctl_getfrag(struct net_device *dev,
 
4525                                  struct iw_request_info *info,
 
4526                                  struct iw_param *frq,
 
4529         struct orinoco_private *priv = netdev_priv(dev);
 
4530         hermes_t *hw = &priv->hw;
 
4533         unsigned long flags;
 
4535         if (orinoco_lock(priv, &flags) != 0)
 
4538         if (priv->has_mwo) {
 
4539                 err = hermes_read_wordrec(hw, USER_BAP,
 
4540                                           HERMES_RID_CNFMWOROBUST_AGERE,
 
4545                 frq->value = val ? 2347 : 0;
 
4546                 frq->disabled = ! val;
 
4549                 err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFFRAGMENTATIONTHRESHOLD,
 
4555                 frq->disabled = (val >= 2346);
 
4559         orinoco_unlock(priv, &flags);
 
4564 static int orinoco_ioctl_setrate(struct net_device *dev,
 
4565                                  struct iw_request_info *info,
 
4566                                  struct iw_param *rrq,
 
4569         struct orinoco_private *priv = netdev_priv(dev);
 
4571         int bitrate; /* 100s of kilobits */
 
4573         unsigned long flags;
 
4575         /* As the user space doesn't know our highest rate, it uses -1
 
4576          * to ask us to set the highest rate.  Test it using "iwconfig
 
4577          * ethX rate auto" - Jean II */
 
4578         if (rrq->value == -1)
 
4581                 if (rrq->value % 100000)
 
4583                 bitrate = rrq->value / 100000;
 
4586         if ( (bitrate != 10) && (bitrate != 20) &&
 
4587              (bitrate != 55) && (bitrate != 110) )
 
4590         for (i = 0; i < BITRATE_TABLE_SIZE; i++)
 
4591                 if ( (bitrate_table[i].bitrate == bitrate) &&
 
4592                      (bitrate_table[i].automatic == ! rrq->fixed) ) {
 
4600         if (orinoco_lock(priv, &flags) != 0)
 
4602         priv->bitratemode = ratemode;
 
4603         orinoco_unlock(priv, &flags);
 
4605         return -EINPROGRESS;
 
4608 static int orinoco_ioctl_getrate(struct net_device *dev,
 
4609                                  struct iw_request_info *info,
 
4610                                  struct iw_param *rrq,
 
4613         struct orinoco_private *priv = netdev_priv(dev);
 
4614         hermes_t *hw = &priv->hw;
 
4619         unsigned long flags;
 
4621         if (orinoco_lock(priv, &flags) != 0)
 
4624         ratemode = priv->bitratemode;
 
4626         BUG_ON((ratemode < 0) || (ratemode >= BITRATE_TABLE_SIZE));
 
4628         rrq->value = bitrate_table[ratemode].bitrate * 100000;
 
4629         rrq->fixed = ! bitrate_table[ratemode].automatic;
 
4632         /* If the interface is running we try to find more about the
 
4634         if (netif_running(dev)) {
 
4635                 err = hermes_read_wordrec(hw, USER_BAP,
 
4636                                           HERMES_RID_CURRENTTXRATE, &val);
 
4640                 switch (priv->firmware_type) {
 
4641                 case FIRMWARE_TYPE_AGERE: /* Lucent style rate */
 
4642                         /* Note : in Lucent firmware, the return value of
 
4643                          * HERMES_RID_CURRENTTXRATE is the bitrate in Mb/s,
 
4644                          * and therefore is totally different from the
 
4645                          * encoding of HERMES_RID_CNFTXRATECONTROL.
 
4646                          * Don't forget that 6Mb/s is really 5.5Mb/s */
 
4648                                 rrq->value = 5500000;
 
4650                                 rrq->value = val * 1000000;
 
4652                 case FIRMWARE_TYPE_INTERSIL: /* Intersil style rate */
 
4653                 case FIRMWARE_TYPE_SYMBOL: /* Symbol style rate */
 
4654                         for (i = 0; i < BITRATE_TABLE_SIZE; i++)
 
4655                                 if (bitrate_table[i].intersil_txratectrl == val) {
 
4659                         if (i >= BITRATE_TABLE_SIZE)
 
4660                                 printk(KERN_INFO "%s: Unable to determine current bitrate (0x%04hx)\n",
 
4663                         rrq->value = bitrate_table[ratemode].bitrate * 100000;
 
4671         orinoco_unlock(priv, &flags);
 
4676 static int orinoco_ioctl_setpower(struct net_device *dev,
 
4677                                   struct iw_request_info *info,
 
4678                                   struct iw_param *prq,
 
4681         struct orinoco_private *priv = netdev_priv(dev);
 
4682         int err = -EINPROGRESS;         /* Call commit handler */
 
4683         unsigned long flags;
 
4685         if (orinoco_lock(priv, &flags) != 0)
 
4688         if (prq->disabled) {
 
4691                 switch (prq->flags & IW_POWER_MODE) {
 
4692                 case IW_POWER_UNICAST_R:
 
4696                 case IW_POWER_ALL_R:
 
4701                         /* No flags : but we may have a value - Jean II */
 
4708                 if (prq->flags & IW_POWER_TIMEOUT) {
 
4710                         priv->pm_timeout = prq->value / 1000;
 
4712                 if (prq->flags & IW_POWER_PERIOD) {
 
4714                         priv->pm_period = prq->value / 1000;
 
4716                 /* It's valid to not have a value if we are just toggling
 
4717                  * the flags... Jean II */
 
4725         orinoco_unlock(priv, &flags);
 
4730 static int orinoco_ioctl_getpower(struct net_device *dev,
 
4731                                   struct iw_request_info *info,
 
4732                                   struct iw_param *prq,
 
4735         struct orinoco_private *priv = netdev_priv(dev);
 
4736         hermes_t *hw = &priv->hw;
 
4738         u16 enable, period, timeout, mcast;
 
4739         unsigned long flags;
 
4741         if (orinoco_lock(priv, &flags) != 0)
 
4744         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFPMENABLED, &enable);
 
4748         err = hermes_read_wordrec(hw, USER_BAP,
 
4749                                   HERMES_RID_CNFMAXSLEEPDURATION, &period);
 
4753         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFPMHOLDOVERDURATION, &timeout);
 
4757         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_CNFMULTICASTRECEIVE, &mcast);
 
4761         prq->disabled = !enable;
 
4762         /* Note : by default, display the period */
 
4763         if ((prq->flags & IW_POWER_TYPE) == IW_POWER_TIMEOUT) {
 
4764                 prq->flags = IW_POWER_TIMEOUT;
 
4765                 prq->value = timeout * 1000;
 
4767                 prq->flags = IW_POWER_PERIOD;
 
4768                 prq->value = period * 1000;
 
4771                 prq->flags |= IW_POWER_ALL_R;
 
4773                 prq->flags |= IW_POWER_UNICAST_R;
 
4776         orinoco_unlock(priv, &flags);
 
4781 static int orinoco_ioctl_set_encodeext(struct net_device *dev,
 
4782                                        struct iw_request_info *info,
 
4783                                        union iwreq_data *wrqu,
 
4786         struct orinoco_private *priv = netdev_priv(dev);
 
4787         struct iw_point *encoding = &wrqu->encoding;
 
4788         struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
 
4789         int idx, alg = ext->alg, set_key = 1;
 
4790         unsigned long flags;
 
4794         if (orinoco_lock(priv, &flags) != 0)
 
4797         /* Determine and validate the key index */
 
4798         idx = encoding->flags & IW_ENCODE_INDEX;
 
4800                 if ((idx < 1) || (idx > 4))
 
4806         if (encoding->flags & IW_ENCODE_DISABLED)
 
4807             alg = IW_ENCODE_ALG_NONE;
 
4809         if (priv->has_wpa && (alg != IW_ENCODE_ALG_TKIP)) {
 
4810                 /* Clear any TKIP TX key we had */
 
4811                 (void) orinoco_clear_tkip_key(priv, priv->tx_key);
 
4814         if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY) {
 
4816                 set_key = ((alg == IW_ENCODE_ALG_TKIP) ||
 
4817                            (ext->key_len > 0)) ? 1 : 0;
 
4821                 /* Set the requested key first */
 
4823                 case IW_ENCODE_ALG_NONE:
 
4824                         priv->encode_alg = alg;
 
4825                         priv->keys[idx].len = 0;
 
4828                 case IW_ENCODE_ALG_WEP:
 
4829                         if (ext->key_len > SMALL_KEY_SIZE)
 
4830                                 key_len = LARGE_KEY_SIZE;
 
4831                         else if (ext->key_len > 0)
 
4832                                 key_len = SMALL_KEY_SIZE;
 
4836                         priv->encode_alg = alg;
 
4837                         priv->keys[idx].len = cpu_to_le16(key_len);
 
4839                         key_len = min(ext->key_len, key_len);
 
4841                         memset(priv->keys[idx].data, 0, ORINOCO_MAX_KEY_SIZE);
 
4842                         memcpy(priv->keys[idx].data, ext->key, key_len);
 
4845                 case IW_ENCODE_ALG_TKIP:
 
4847                         hermes_t *hw = &priv->hw;
 
4850                         if (!priv->has_wpa ||
 
4851                             (ext->key_len > sizeof(priv->tkip_key[0])))
 
4854                         priv->encode_alg = alg;
 
4855                         memset(&priv->tkip_key[idx], 0,
 
4856                                sizeof(priv->tkip_key[idx]));
 
4857                         memcpy(&priv->tkip_key[idx], ext->key, ext->key_len);
 
4859                         if (ext->ext_flags & IW_ENCODE_EXT_RX_SEQ_VALID)
 
4860                                 tkip_iv = &ext->rx_seq[0];
 
4862                         err = __orinoco_hw_set_tkip_key(hw, idx,
 
4863                                  ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY,
 
4864                                  (u8 *) &priv->tkip_key[idx],
 
4867                                 printk(KERN_ERR "%s: Error %d setting TKIP key"
 
4868                                        "\n", dev->name, err);
 
4878         orinoco_unlock(priv, &flags);
 
4883 static int orinoco_ioctl_get_encodeext(struct net_device *dev,
 
4884                                        struct iw_request_info *info,
 
4885                                        union iwreq_data *wrqu,
 
4888         struct orinoco_private *priv = netdev_priv(dev);
 
4889         struct iw_point *encoding = &wrqu->encoding;
 
4890         struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
 
4891         int idx, max_key_len;
 
4892         unsigned long flags;
 
4895         if (orinoco_lock(priv, &flags) != 0)
 
4899         max_key_len = encoding->length - sizeof(*ext);
 
4900         if (max_key_len < 0)
 
4903         idx = encoding->flags & IW_ENCODE_INDEX;
 
4905                 if ((idx < 1) || (idx > 4))
 
4911         encoding->flags = idx + 1;
 
4912         memset(ext, 0, sizeof(*ext));
 
4914         ext->alg = priv->encode_alg;
 
4915         switch (priv->encode_alg) {
 
4916         case IW_ENCODE_ALG_NONE:
 
4918                 encoding->flags |= IW_ENCODE_DISABLED;
 
4920         case IW_ENCODE_ALG_WEP:
 
4921                 ext->key_len = min_t(u16, le16_to_cpu(priv->keys[idx].len),
 
4923                 memcpy(ext->key, priv->keys[idx].data, ext->key_len);
 
4924                 encoding->flags |= IW_ENCODE_ENABLED;
 
4926         case IW_ENCODE_ALG_TKIP:
 
4927                 ext->key_len = min_t(u16, sizeof(struct orinoco_tkip_key),
 
4929                 memcpy(ext->key, &priv->tkip_key[idx], ext->key_len);
 
4930                 encoding->flags |= IW_ENCODE_ENABLED;
 
4936         orinoco_unlock(priv, &flags);
 
4941 static int orinoco_ioctl_set_auth(struct net_device *dev,
 
4942                                   struct iw_request_info *info,
 
4943                                   union iwreq_data *wrqu, char *extra)
 
4945         struct orinoco_private *priv = netdev_priv(dev);
 
4946         hermes_t *hw = &priv->hw;
 
4947         struct iw_param *param = &wrqu->param;
 
4948         unsigned long flags;
 
4949         int ret = -EINPROGRESS;
 
4951         if (orinoco_lock(priv, &flags) != 0)
 
4954         switch (param->flags & IW_AUTH_INDEX) {
 
4955         case IW_AUTH_WPA_VERSION:
 
4956         case IW_AUTH_CIPHER_PAIRWISE:
 
4957         case IW_AUTH_CIPHER_GROUP:
 
4958         case IW_AUTH_RX_UNENCRYPTED_EAPOL:
 
4959         case IW_AUTH_PRIVACY_INVOKED:
 
4960         case IW_AUTH_DROP_UNENCRYPTED:
 
4962                  * orinoco does not use these parameters
 
4966         case IW_AUTH_KEY_MGMT:
 
4967                 /* wl_lkm implies value 2 == PSK for Hermes I
 
4968                  * which ties in with WEXT
 
4969                  * no other hints tho :(
 
4971                 priv->key_mgmt = param->value;
 
4974         case IW_AUTH_TKIP_COUNTERMEASURES:
 
4975                 /* When countermeasures are enabled, shut down the
 
4976                  * card; when disabled, re-enable the card. This must
 
4977                  * take effect immediately.
 
4979                  * TODO: Make sure that the EAPOL message is getting
 
4980                  *       out before card disabled
 
4983                         priv->tkip_cm_active = 1;
 
4984                         ret = hermes_enable_port(hw, 0);
 
4986                         priv->tkip_cm_active = 0;
 
4987                         ret = hermes_disable_port(hw, 0);
 
4991         case IW_AUTH_80211_AUTH_ALG:
 
4992                 if (param->value & IW_AUTH_ALG_SHARED_KEY)
 
4993                         priv->wep_restrict = 1;
 
4994                 else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM)
 
4995                         priv->wep_restrict = 0;
 
5000         case IW_AUTH_WPA_ENABLED:
 
5001                 if (priv->has_wpa) {
 
5002                         priv->wpa_enabled = param->value ? 1 : 0;
 
5006                         /* else silently accept disable of WPA */
 
5007                         priv->wpa_enabled = 0;
 
5015         orinoco_unlock(priv, &flags);
 
5019 static int orinoco_ioctl_get_auth(struct net_device *dev,
 
5020                                   struct iw_request_info *info,
 
5021                                   union iwreq_data *wrqu, char *extra)
 
5023         struct orinoco_private *priv = netdev_priv(dev);
 
5024         struct iw_param *param = &wrqu->param;
 
5025         unsigned long flags;
 
5028         if (orinoco_lock(priv, &flags) != 0)
 
5031         switch (param->flags & IW_AUTH_INDEX) {
 
5032         case IW_AUTH_KEY_MGMT:
 
5033                 param->value = priv->key_mgmt;
 
5036         case IW_AUTH_TKIP_COUNTERMEASURES:
 
5037                 param->value = priv->tkip_cm_active;
 
5040         case IW_AUTH_80211_AUTH_ALG:
 
5041                 if (priv->wep_restrict)
 
5042                         param->value = IW_AUTH_ALG_SHARED_KEY;
 
5044                         param->value = IW_AUTH_ALG_OPEN_SYSTEM;
 
5047         case IW_AUTH_WPA_ENABLED:
 
5048                 param->value = priv->wpa_enabled;
 
5055         orinoco_unlock(priv, &flags);
 
5059 static int orinoco_ioctl_set_genie(struct net_device *dev,
 
5060                                    struct iw_request_info *info,
 
5061                                    union iwreq_data *wrqu, char *extra)
 
5063         struct orinoco_private *priv = netdev_priv(dev);
 
5065         unsigned long flags;
 
5067         /* cut off at IEEE80211_MAX_DATA_LEN */
 
5068         if ((wrqu->data.length > IEEE80211_MAX_DATA_LEN) ||
 
5069             (wrqu->data.length && (extra == NULL)))
 
5072         if (wrqu->data.length) {
 
5073                 buf = kmalloc(wrqu->data.length, GFP_KERNEL);
 
5077                 memcpy(buf, extra, wrqu->data.length);
 
5081         if (orinoco_lock(priv, &flags) != 0) {
 
5086         kfree(priv->wpa_ie);
 
5088         priv->wpa_ie_len = wrqu->data.length;
 
5091                 /* Looks like wl_lkm wants to check the auth alg, and
 
5092                  * somehow pass it to the firmware.
 
5093                  * Instead it just calls the key mgmt rid
 
5094                  *   - we do this in set auth.
 
5098         orinoco_unlock(priv, &flags);
 
5102 static int orinoco_ioctl_get_genie(struct net_device *dev,
 
5103                                    struct iw_request_info *info,
 
5104                                    union iwreq_data *wrqu, char *extra)
 
5106         struct orinoco_private *priv = netdev_priv(dev);
 
5107         unsigned long flags;
 
5110         if (orinoco_lock(priv, &flags) != 0)
 
5113         if ((priv->wpa_ie_len == 0) || (priv->wpa_ie == NULL)) {
 
5114                 wrqu->data.length = 0;
 
5118         if (wrqu->data.length < priv->wpa_ie_len) {
 
5123         wrqu->data.length = priv->wpa_ie_len;
 
5124         memcpy(extra, priv->wpa_ie, priv->wpa_ie_len);
 
5127         orinoco_unlock(priv, &flags);
 
5131 static int orinoco_ioctl_set_mlme(struct net_device *dev,
 
5132                                   struct iw_request_info *info,
 
5133                                   union iwreq_data *wrqu, char *extra)
 
5135         struct orinoco_private *priv = netdev_priv(dev);
 
5136         hermes_t *hw = &priv->hw;
 
5137         struct iw_mlme *mlme = (struct iw_mlme *)extra;
 
5138         unsigned long flags;
 
5141         if (orinoco_lock(priv, &flags) != 0)
 
5144         switch (mlme->cmd) {
 
5145         case IW_MLME_DEAUTH:
 
5146                 /* silently ignore */
 
5149         case IW_MLME_DISASSOC:
 
5154                 } __attribute__ ((packed)) buf;
 
5156                 memcpy(buf.addr, mlme->addr.sa_data, ETH_ALEN);
 
5157                 buf.reason_code = cpu_to_le16(mlme->reason_code);
 
5158                 ret = HERMES_WRITE_RECORD(hw, USER_BAP,
 
5159                                           HERMES_RID_CNFDISASSOCIATE,
 
5167         orinoco_unlock(priv, &flags);
 
5171 static int orinoco_ioctl_getretry(struct net_device *dev,
 
5172                                   struct iw_request_info *info,
 
5173                                   struct iw_param *rrq,
 
5176         struct orinoco_private *priv = netdev_priv(dev);
 
5177         hermes_t *hw = &priv->hw;
 
5179         u16 short_limit, long_limit, lifetime;
 
5180         unsigned long flags;
 
5182         if (orinoco_lock(priv, &flags) != 0)
 
5185         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_SHORTRETRYLIMIT,
 
5190         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_LONGRETRYLIMIT,
 
5195         err = hermes_read_wordrec(hw, USER_BAP, HERMES_RID_MAXTRANSMITLIFETIME,
 
5200         rrq->disabled = 0;              /* Can't be disabled */
 
5202         /* Note : by default, display the retry number */
 
5203         if ((rrq->flags & IW_RETRY_TYPE) == IW_RETRY_LIFETIME) {
 
5204                 rrq->flags = IW_RETRY_LIFETIME;
 
5205                 rrq->value = lifetime * 1000;   /* ??? */
 
5207                 /* By default, display the min number */
 
5208                 if ((rrq->flags & IW_RETRY_LONG)) {
 
5209                         rrq->flags = IW_RETRY_LIMIT | IW_RETRY_LONG;
 
5210                         rrq->value = long_limit;
 
5212                         rrq->flags = IW_RETRY_LIMIT;
 
5213                         rrq->value = short_limit;
 
5214                         if(short_limit != long_limit)
 
5215                                 rrq->flags |= IW_RETRY_SHORT;
 
5220         orinoco_unlock(priv, &flags);
 
5225 static int orinoco_ioctl_reset(struct net_device *dev,
 
5226                                struct iw_request_info *info,
 
5230         struct orinoco_private *priv = netdev_priv(dev);
 
5232         if (! capable(CAP_NET_ADMIN))
 
5235         if (info->cmd == (SIOCIWFIRSTPRIV + 0x1)) {
 
5236                 printk(KERN_DEBUG "%s: Forcing reset!\n", dev->name);
 
5238                 /* Firmware reset */
 
5239                 orinoco_reset(&priv->reset_work);
 
5241                 printk(KERN_DEBUG "%s: Force scheduling reset!\n", dev->name);
 
5243                 schedule_work(&priv->reset_work);
 
5249 static int orinoco_ioctl_setibssport(struct net_device *dev,
 
5250                                      struct iw_request_info *info,
 
5255         struct orinoco_private *priv = netdev_priv(dev);
 
5256         int val = *( (int *) extra );
 
5257         unsigned long flags;
 
5259         if (orinoco_lock(priv, &flags) != 0)
 
5262         priv->ibss_port = val ;
 
5264         /* Actually update the mode we are using */
 
5265         set_port_type(priv);
 
5267         orinoco_unlock(priv, &flags);
 
5268         return -EINPROGRESS;            /* Call commit handler */
 
5271 static int orinoco_ioctl_getibssport(struct net_device *dev,
 
5272                                      struct iw_request_info *info,
 
5276         struct orinoco_private *priv = netdev_priv(dev);
 
5277         int *val = (int *) extra;
 
5279         *val = priv->ibss_port;
 
5283 static int orinoco_ioctl_setport3(struct net_device *dev,
 
5284                                   struct iw_request_info *info,
 
5288         struct orinoco_private *priv = netdev_priv(dev);
 
5289         int val = *( (int *) extra );
 
5291         unsigned long flags;
 
5293         if (orinoco_lock(priv, &flags) != 0)
 
5297         case 0: /* Try to do IEEE ad-hoc mode */
 
5298                 if (! priv->has_ibss) {
 
5302                 priv->prefer_port3 = 0;
 
5306         case 1: /* Try to do Lucent proprietary ad-hoc mode */
 
5307                 if (! priv->has_port3) {
 
5311                 priv->prefer_port3 = 1;
 
5319                 /* Actually update the mode we are using */
 
5320                 set_port_type(priv);
 
5324         orinoco_unlock(priv, &flags);
 
5329 static int orinoco_ioctl_getport3(struct net_device *dev,
 
5330                                   struct iw_request_info *info,
 
5334         struct orinoco_private *priv = netdev_priv(dev);
 
5335         int *val = (int *) extra;
 
5337         *val = priv->prefer_port3;
 
5341 static int orinoco_ioctl_setpreamble(struct net_device *dev,
 
5342                                      struct iw_request_info *info,
 
5346         struct orinoco_private *priv = netdev_priv(dev);
 
5347         unsigned long flags;
 
5350         if (! priv->has_preamble)
 
5353         /* 802.11b has recently defined some short preamble.
 
5354          * Basically, the Phy header has been reduced in size.
 
5355          * This increase performance, especially at high rates
 
5356          * (the preamble is transmitted at 1Mb/s), unfortunately
 
5357          * this give compatibility troubles... - Jean II */
 
5358         val = *( (int *) extra );
 
5360         if (orinoco_lock(priv, &flags) != 0)
 
5368         orinoco_unlock(priv, &flags);
 
5370         return -EINPROGRESS;            /* Call commit handler */
 
5373 static int orinoco_ioctl_getpreamble(struct net_device *dev,
 
5374                                      struct iw_request_info *info,
 
5378         struct orinoco_private *priv = netdev_priv(dev);
 
5379         int *val = (int *) extra;
 
5381         if (! priv->has_preamble)
 
5384         *val = priv->preamble;
 
5388 /* ioctl interface to hermes_read_ltv()
 
5389  * To use with iwpriv, pass the RID as the token argument, e.g.
 
5390  * iwpriv get_rid [0xfc00]
 
5391  * At least Wireless Tools 25 is required to use iwpriv.
 
5392  * For Wireless Tools 25 and 26 append "dummy" are the end. */
 
5393 static int orinoco_ioctl_getrid(struct net_device *dev,
 
5394                                 struct iw_request_info *info,
 
5395                                 struct iw_point *data,
 
5398         struct orinoco_private *priv = netdev_priv(dev);
 
5399         hermes_t *hw = &priv->hw;
 
5400         int rid = data->flags;
 
5403         unsigned long flags;
 
5405         /* It's a "get" function, but we don't want users to access the
 
5406          * WEP key and other raw firmware data */
 
5407         if (! capable(CAP_NET_ADMIN))
 
5410         if (rid < 0xfc00 || rid > 0xffff)
 
5413         if (orinoco_lock(priv, &flags) != 0)
 
5416         err = hermes_read_ltv(hw, USER_BAP, rid, MAX_RID_LEN, &length,
 
5421         data->length = min_t(u16, HERMES_RECLEN_TO_BYTES(length),
 
5425         orinoco_unlock(priv, &flags);
 
5429 /* Trigger a scan (look for other cells in the vicinity) */
 
5430 static int orinoco_ioctl_setscan(struct net_device *dev,
 
5431                                  struct iw_request_info *info,
 
5432                                  struct iw_point *srq,
 
5435         struct orinoco_private *priv = netdev_priv(dev);
 
5436         hermes_t *hw = &priv->hw;
 
5437         struct iw_scan_req *si = (struct iw_scan_req *) extra;
 
5439         unsigned long flags;
 
5441         /* Note : you may have realised that, as this is a SET operation,
 
5442          * this is privileged and therefore a normal user can't
 
5444          * This is not an error, while the device perform scanning,
 
5445          * traffic doesn't flow, so it's a perfect DoS...
 
5448         if (orinoco_lock(priv, &flags) != 0)
 
5451         /* Scanning with port 0 disabled would fail */
 
5452         if (!netif_running(dev)) {
 
5457         /* In monitor mode, the scan results are always empty.
 
5458          * Probe responses are passed to the driver as received
 
5459          * frames and could be processed in software. */
 
5460         if (priv->iw_mode == IW_MODE_MONITOR) {
 
5465         /* Note : because we don't lock out the irq handler, the way
 
5466          * we access scan variables in priv is critical.
 
5467          *      o scan_inprogress : not touched by irq handler
 
5468          *      o scan_mode : not touched by irq handler
 
5469          * Before modifying anything on those variables, please think hard !
 
5473         priv->scan_mode = srq->flags;
 
5475         /* Always trigger scanning, even if it's in progress.
 
5476          * This way, if the info frame get lost, we will recover somewhat
 
5477          * gracefully  - Jean II */
 
5479         if (priv->has_hostscan) {
 
5480                 switch (priv->firmware_type) {
 
5481                 case FIRMWARE_TYPE_SYMBOL:
 
5482                         err = hermes_write_wordrec(hw, USER_BAP,
 
5483                                                    HERMES_RID_CNFHOSTSCAN_SYMBOL,
 
5484                                                    HERMES_HOSTSCAN_SYMBOL_ONCE |
 
5485                                                    HERMES_HOSTSCAN_SYMBOL_BCAST);
 
5487                 case FIRMWARE_TYPE_INTERSIL: {
 
5490                         req[0] = cpu_to_le16(0x3fff);   /* All channels */
 
5491                         req[1] = cpu_to_le16(0x0001);   /* rate 1 Mbps */
 
5492                         req[2] = 0;                     /* Any ESSID */
 
5493                         err = HERMES_WRITE_RECORD(hw, USER_BAP,
 
5494                                                   HERMES_RID_CNFHOSTSCAN, &req);
 
5497                 case FIRMWARE_TYPE_AGERE:
 
5498                         if (priv->scan_mode & IW_SCAN_THIS_ESSID) {
 
5499                                 struct hermes_idstring idbuf;
 
5500                                 size_t len = min(sizeof(idbuf.val),
 
5501                                                  (size_t) si->essid_len);
 
5502                                 idbuf.len = cpu_to_le16(len);
 
5503                                 memcpy(idbuf.val, si->essid, len);
 
5505                                 err = hermes_write_ltv(hw, USER_BAP,
 
5506                                                HERMES_RID_CNFSCANSSID_AGERE,
 
5507                                                HERMES_BYTES_TO_RECLEN(len + 2),
 
5510                                 err = hermes_write_wordrec(hw, USER_BAP,
 
5511                                                    HERMES_RID_CNFSCANSSID_AGERE,
 
5516                         if (priv->has_ext_scan) {
 
5517                                 /* Clear scan results at the start of
 
5518                                  * an extended scan */
 
5519                                 orinoco_clear_scan_results(priv,
 
5520                                                 msecs_to_jiffies(15000));
 
5522                                 /* TODO: Is this available on older firmware?
 
5523                                  *   Can we use it to scan specific channels
 
5524                                  *   for IW_SCAN_THIS_FREQ? */
 
5525                                 err = hermes_write_wordrec(hw, USER_BAP,
 
5526                                                 HERMES_RID_CNFSCANCHANNELS2GHZ,
 
5531                                 err = hermes_inquire(hw,
 
5532                                                      HERMES_INQ_CHANNELINFO);
 
5534                                 err = hermes_inquire(hw, HERMES_INQ_SCAN);
 
5538                 err = hermes_inquire(hw, HERMES_INQ_SCAN);
 
5540         /* One more client */
 
5542                 priv->scan_inprogress = 1;
 
5545         orinoco_unlock(priv, &flags);
 
5549 #define MAX_CUSTOM_LEN 64
 
5551 /* Translate scan data returned from the card to a card independant
 
5552  * format that the Wireless Tools will understand - Jean II */
 
5553 static inline char *orinoco_translate_scan(struct net_device *dev,
 
5554                                            struct iw_request_info *info,
 
5557                                            union hermes_scan_info *bss,
 
5558                                            unsigned long last_scanned)
 
5560         struct orinoco_private *priv = netdev_priv(dev);
 
5563         struct iw_event         iwe;            /* Temporary buffer */
 
5564         char custom[MAX_CUSTOM_LEN];
 
5566         memset(&iwe, 0, sizeof(iwe));
 
5568         /* First entry *MUST* be the AP MAC address */
 
5569         iwe.cmd = SIOCGIWAP;
 
5570         iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
 
5571         memcpy(iwe.u.ap_addr.sa_data, bss->a.bssid, ETH_ALEN);
 
5572         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5573                                           &iwe, IW_EV_ADDR_LEN);
 
5575         /* Other entries will be displayed in the order we give them */
 
5578         iwe.u.data.length = le16_to_cpu(bss->a.essid_len);
 
5579         if (iwe.u.data.length > 32)
 
5580                 iwe.u.data.length = 32;
 
5581         iwe.cmd = SIOCGIWESSID;
 
5582         iwe.u.data.flags = 1;
 
5583         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5584                                           &iwe, bss->a.essid);
 
5587         iwe.cmd = SIOCGIWMODE;
 
5588         capabilities = le16_to_cpu(bss->a.capabilities);
 
5589         if (capabilities & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
 
5590                 if (capabilities & WLAN_CAPABILITY_ESS)
 
5591                         iwe.u.mode = IW_MODE_MASTER;
 
5593                         iwe.u.mode = IW_MODE_ADHOC;
 
5594                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5595                                                   &iwe, IW_EV_UINT_LEN);
 
5598         channel = bss->s.channel;
 
5599         if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
 
5600                 /* Add channel and frequency */
 
5601                 iwe.cmd = SIOCGIWFREQ;
 
5602                 iwe.u.freq.m = channel;
 
5604                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5605                                                   &iwe, IW_EV_FREQ_LEN);
 
5607                 iwe.u.freq.m = ieee80211_dsss_chan_to_freq(channel) * 100000;
 
5609                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5610                                                   &iwe, IW_EV_FREQ_LEN);
 
5613         /* Add quality statistics. level and noise in dB. No link quality */
 
5615         iwe.u.qual.updated = IW_QUAL_DBM | IW_QUAL_QUAL_INVALID;
 
5616         iwe.u.qual.level = (__u8) le16_to_cpu(bss->a.level) - 0x95;
 
5617         iwe.u.qual.noise = (__u8) le16_to_cpu(bss->a.noise) - 0x95;
 
5618         /* Wireless tools prior to 27.pre22 will show link quality
 
5619          * anyway, so we provide a reasonable value. */
 
5620         if (iwe.u.qual.level > iwe.u.qual.noise)
 
5621                 iwe.u.qual.qual = iwe.u.qual.level - iwe.u.qual.noise;
 
5623                 iwe.u.qual.qual = 0;
 
5624         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5625                                           &iwe, IW_EV_QUAL_LEN);
 
5627         /* Add encryption capability */
 
5628         iwe.cmd = SIOCGIWENCODE;
 
5629         if (capabilities & WLAN_CAPABILITY_PRIVACY)
 
5630                 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
 
5632                 iwe.u.data.flags = IW_ENCODE_DISABLED;
 
5633         iwe.u.data.length = 0;
 
5634         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5637         /* Bit rate is not available in Lucent/Agere firmwares */
 
5638         if (priv->firmware_type != FIRMWARE_TYPE_AGERE) {
 
5639                 char *current_val = current_ev + iwe_stream_lcp_len(info);
 
5643                 if (priv->firmware_type == FIRMWARE_TYPE_SYMBOL)
 
5648                 iwe.cmd = SIOCGIWRATE;
 
5649                 /* Those two flags are ignored... */
 
5650                 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
 
5652                 for (i = 0; i < 10; i += step) {
 
5653                         /* NULL terminated */
 
5654                         if (bss->p.rates[i] == 0x0)
 
5656                         /* Bit rate given in 500 kb/s units (+ 0x80) */
 
5657                         iwe.u.bitrate.value =
 
5658                                 ((bss->p.rates[i] & 0x7f) * 500000);
 
5659                         current_val = iwe_stream_add_value(info, current_ev,
 
5664                 /* Check if we added any event */
 
5665                 if ((current_val - current_ev) > iwe_stream_lcp_len(info))
 
5666                         current_ev = current_val;
 
5669         /* Beacon interval */
 
5670         iwe.cmd = IWEVCUSTOM;
 
5671         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5673                                      le16_to_cpu(bss->a.beacon_interv));
 
5674         if (iwe.u.data.length)
 
5675                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5679         iwe.cmd = IWEVCUSTOM;
 
5680         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5683         if (iwe.u.data.length)
 
5684                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5687         /* Add EXTRA: Age to display seconds since last beacon/probe response
 
5688          * for given network. */
 
5689         iwe.cmd = IWEVCUSTOM;
 
5690         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5691                                      " Last beacon: %dms ago",
 
5692                                      jiffies_to_msecs(jiffies - last_scanned));
 
5693         if (iwe.u.data.length)
 
5694                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5700 static inline char *orinoco_translate_ext_scan(struct net_device *dev,
 
5701                                                struct iw_request_info *info,
 
5704                                                struct agere_ext_scan_info *bss,
 
5705                                                unsigned long last_scanned)
 
5709         struct iw_event         iwe;            /* Temporary buffer */
 
5710         char custom[MAX_CUSTOM_LEN];
 
5713         memset(&iwe, 0, sizeof(iwe));
 
5715         /* First entry *MUST* be the AP MAC address */
 
5716         iwe.cmd = SIOCGIWAP;
 
5717         iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
 
5718         memcpy(iwe.u.ap_addr.sa_data, bss->bssid, ETH_ALEN);
 
5719         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5720                                           &iwe, IW_EV_ADDR_LEN);
 
5722         /* Other entries will be displayed in the order we give them */
 
5726         iwe.u.data.length = ie[1];
 
5727         if (iwe.u.data.length) {
 
5728                 if (iwe.u.data.length > 32)
 
5729                         iwe.u.data.length = 32;
 
5730                 iwe.cmd = SIOCGIWESSID;
 
5731                 iwe.u.data.flags = 1;
 
5732                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5737         capabilities = le16_to_cpu(bss->capabilities);
 
5738         if (capabilities & (WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_IBSS)) {
 
5739                 iwe.cmd = SIOCGIWMODE;
 
5740                 if (capabilities & WLAN_CAPABILITY_ESS)
 
5741                         iwe.u.mode = IW_MODE_MASTER;
 
5743                         iwe.u.mode = IW_MODE_ADHOC;
 
5744                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5745                                                   &iwe, IW_EV_UINT_LEN);
 
5748         ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_DS_PARAMS);
 
5749         channel = ie ? ie[2] : 0;
 
5750         if ((channel >= 1) && (channel <= NUM_CHANNELS)) {
 
5751                 /* Add channel and frequency */
 
5752                 iwe.cmd = SIOCGIWFREQ;
 
5753                 iwe.u.freq.m = channel;
 
5755                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5756                                                   &iwe, IW_EV_FREQ_LEN);
 
5758                 iwe.u.freq.m = ieee80211_dsss_chan_to_freq(channel) * 100000;
 
5760                 current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5761                                                   &iwe, IW_EV_FREQ_LEN);
 
5764         /* Add quality statistics. level and noise in dB. No link quality */
 
5766         iwe.u.qual.updated = IW_QUAL_DBM | IW_QUAL_QUAL_INVALID;
 
5767         iwe.u.qual.level = bss->level - 0x95;
 
5768         iwe.u.qual.noise = bss->noise - 0x95;
 
5769         /* Wireless tools prior to 27.pre22 will show link quality
 
5770          * anyway, so we provide a reasonable value. */
 
5771         if (iwe.u.qual.level > iwe.u.qual.noise)
 
5772                 iwe.u.qual.qual = iwe.u.qual.level - iwe.u.qual.noise;
 
5774                 iwe.u.qual.qual = 0;
 
5775         current_ev = iwe_stream_add_event(info, current_ev, end_buf,
 
5776                                           &iwe, IW_EV_QUAL_LEN);
 
5778         /* Add encryption capability */
 
5779         iwe.cmd = SIOCGIWENCODE;
 
5780         if (capabilities & WLAN_CAPABILITY_PRIVACY)
 
5781                 iwe.u.data.flags = IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
 
5783                 iwe.u.data.flags = IW_ENCODE_DISABLED;
 
5784         iwe.u.data.length = 0;
 
5785         current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5789         ie = orinoco_get_wpa_ie(bss->data, sizeof(bss->data));
 
5791                 iwe.cmd = IWEVGENIE;
 
5792                 iwe.u.data.length = ie[1] + 2;
 
5793                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5798         ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_RSN);
 
5800                 iwe.cmd = IWEVGENIE;
 
5801                 iwe.u.data.length = ie[1] + 2;
 
5802                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5806         ie = orinoco_get_ie(bss->data, sizeof(bss->data), WLAN_EID_SUPP_RATES);
 
5808                 char *p = current_ev + iwe_stream_lcp_len(info);
 
5811                 iwe.cmd = SIOCGIWRATE;
 
5812                 /* Those two flags are ignored... */
 
5813                 iwe.u.bitrate.fixed = iwe.u.bitrate.disabled = 0;
 
5815                 for (i = 2; i < (ie[1] + 2); i++) {
 
5816                         iwe.u.bitrate.value = ((ie[i] & 0x7F) * 500000);
 
5817                         p = iwe_stream_add_value(info, current_ev, p, end_buf,
 
5818                                                  &iwe, IW_EV_PARAM_LEN);
 
5820                 /* Check if we added any event */
 
5821                 if (p > (current_ev + iwe_stream_lcp_len(info)))
 
5826         iwe.cmd = IWEVCUSTOM;
 
5828                 snprintf(custom, MAX_CUSTOM_LEN, "tsf=%016llx",
 
5829                          (unsigned long long) le64_to_cpu(bss->timestamp));
 
5830         if (iwe.u.data.length)
 
5831                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5834         /* Beacon interval */
 
5835         iwe.cmd = IWEVCUSTOM;
 
5836         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5838                                      le16_to_cpu(bss->beacon_interval));
 
5839         if (iwe.u.data.length)
 
5840                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5844         iwe.cmd = IWEVCUSTOM;
 
5845         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5848         if (iwe.u.data.length)
 
5849                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5852         /* Add EXTRA: Age to display seconds since last beacon/probe response
 
5853          * for given network. */
 
5854         iwe.cmd = IWEVCUSTOM;
 
5855         iwe.u.data.length = snprintf(custom, MAX_CUSTOM_LEN,
 
5856                                      " Last beacon: %dms ago",
 
5857                                      jiffies_to_msecs(jiffies - last_scanned));
 
5858         if (iwe.u.data.length)
 
5859                 current_ev = iwe_stream_add_point(info, current_ev, end_buf,
 
5865 /* Return results of a scan */
 
5866 static int orinoco_ioctl_getscan(struct net_device *dev,
 
5867                                  struct iw_request_info *info,
 
5868                                  struct iw_point *srq,
 
5871         struct orinoco_private *priv = netdev_priv(dev);
 
5873         unsigned long flags;
 
5874         char *current_ev = extra;
 
5876         if (orinoco_lock(priv, &flags) != 0)
 
5879         if (priv->scan_inprogress) {
 
5880                 /* Important note : we don't want to block the caller
 
5881                  * until results are ready for various reasons.
 
5882                  * First, managing wait queues is complex and racy.
 
5883                  * Second, we grab some rtnetlink lock before comming
 
5884                  * here (in dev_ioctl()).
 
5885                  * Third, we generate an Wireless Event, so the
 
5886                  * caller can wait itself on that - Jean II */
 
5891         if (priv->has_ext_scan) {
 
5892                 struct xbss_element *bss;
 
5894                 list_for_each_entry(bss, &priv->bss_list, list) {
 
5895                         /* Translate this entry to WE format */
 
5897                                 orinoco_translate_ext_scan(dev, info,
 
5899                                                            extra + srq->length,
 
5903                         /* Check if there is space for one more entry */
 
5904                         if ((extra + srq->length - current_ev)
 
5905                             <= IW_EV_ADDR_LEN) {
 
5906                                 /* Ask user space to try again with a
 
5914                 struct bss_element *bss;
 
5916                 list_for_each_entry(bss, &priv->bss_list, list) {
 
5917                         /* Translate this entry to WE format */
 
5918                         current_ev = orinoco_translate_scan(dev, info,
 
5920                                                             extra + srq->length,
 
5924                         /* Check if there is space for one more entry */
 
5925                         if ((extra + srq->length - current_ev)
 
5926                             <= IW_EV_ADDR_LEN) {
 
5927                                 /* Ask user space to try again with a
 
5935         srq->length = (current_ev - extra);
 
5936         srq->flags = (__u16) priv->scan_mode;
 
5939         orinoco_unlock(priv, &flags);
 
5943 /* Commit handler, called after set operations */
 
5944 static int orinoco_ioctl_commit(struct net_device *dev,
 
5945                                 struct iw_request_info *info,
 
5949         struct orinoco_private *priv = netdev_priv(dev);
 
5950         struct hermes *hw = &priv->hw;
 
5951         unsigned long flags;
 
5957         if (priv->broken_disableport) {
 
5958                 orinoco_reset(&priv->reset_work);
 
5962         if (orinoco_lock(priv, &flags) != 0)
 
5965         err = hermes_disable_port(hw, 0);
 
5967                 printk(KERN_WARNING "%s: Unable to disable port "
 
5968                        "while reconfiguring card\n", dev->name);
 
5969                 priv->broken_disableport = 1;
 
5973         err = __orinoco_program_rids(dev);
 
5975                 printk(KERN_WARNING "%s: Unable to reconfigure card\n",
 
5980         err = hermes_enable_port(hw, 0);
 
5982                 printk(KERN_WARNING "%s: Unable to enable port while reconfiguring card\n",
 
5989                 printk(KERN_WARNING "%s: Resetting instead...\n", dev->name);
 
5990                 schedule_work(&priv->reset_work);
 
5994         orinoco_unlock(priv, &flags);
 
5998 static const struct iw_priv_args orinoco_privtab[] = {
 
5999         { SIOCIWFIRSTPRIV + 0x0, 0, 0, "force_reset" },
 
6000         { SIOCIWFIRSTPRIV + 0x1, 0, 0, "card_reset" },
 
6001         { SIOCIWFIRSTPRIV + 0x2, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6003         { SIOCIWFIRSTPRIV + 0x3, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6005         { SIOCIWFIRSTPRIV + 0x4, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6006           0, "set_preamble" },
 
6007         { SIOCIWFIRSTPRIV + 0x5, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6009         { SIOCIWFIRSTPRIV + 0x6, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6010           0, "set_ibssport" },
 
6011         { SIOCIWFIRSTPRIV + 0x7, 0, IW_PRIV_TYPE_INT | IW_PRIV_SIZE_FIXED | 1,
 
6013         { SIOCIWFIRSTPRIV + 0x9, 0, IW_PRIV_TYPE_BYTE | MAX_RID_LEN,
 
6019  * Structures to export the Wireless Handlers
 
6022 #define STD_IW_HANDLER(id, func) \
 
6023         [IW_IOCTL_IDX(id)] = (iw_handler) func
 
6024 static const iw_handler orinoco_handler[] = {
 
6025         STD_IW_HANDLER(SIOCSIWCOMMIT,   orinoco_ioctl_commit),
 
6026         STD_IW_HANDLER(SIOCGIWNAME,     orinoco_ioctl_getname),
 
6027         STD_IW_HANDLER(SIOCSIWFREQ,     orinoco_ioctl_setfreq),
 
6028         STD_IW_HANDLER(SIOCGIWFREQ,     orinoco_ioctl_getfreq),
 
6029         STD_IW_HANDLER(SIOCSIWMODE,     orinoco_ioctl_setmode),
 
6030         STD_IW_HANDLER(SIOCGIWMODE,     orinoco_ioctl_getmode),
 
6031         STD_IW_HANDLER(SIOCSIWSENS,     orinoco_ioctl_setsens),
 
6032         STD_IW_HANDLER(SIOCGIWSENS,     orinoco_ioctl_getsens),
 
6033         STD_IW_HANDLER(SIOCGIWRANGE,    orinoco_ioctl_getiwrange),
 
6034         STD_IW_HANDLER(SIOCSIWSPY,      iw_handler_set_spy),
 
6035         STD_IW_HANDLER(SIOCGIWSPY,      iw_handler_get_spy),
 
6036         STD_IW_HANDLER(SIOCSIWTHRSPY,   iw_handler_set_thrspy),
 
6037         STD_IW_HANDLER(SIOCGIWTHRSPY,   iw_handler_get_thrspy),
 
6038         STD_IW_HANDLER(SIOCSIWAP,       orinoco_ioctl_setwap),
 
6039         STD_IW_HANDLER(SIOCGIWAP,       orinoco_ioctl_getwap),
 
6040         STD_IW_HANDLER(SIOCSIWSCAN,     orinoco_ioctl_setscan),
 
6041         STD_IW_HANDLER(SIOCGIWSCAN,     orinoco_ioctl_getscan),
 
6042         STD_IW_HANDLER(SIOCSIWESSID,    orinoco_ioctl_setessid),
 
6043         STD_IW_HANDLER(SIOCGIWESSID,    orinoco_ioctl_getessid),
 
6044         STD_IW_HANDLER(SIOCSIWNICKN,    orinoco_ioctl_setnick),
 
6045         STD_IW_HANDLER(SIOCGIWNICKN,    orinoco_ioctl_getnick),
 
6046         STD_IW_HANDLER(SIOCSIWRATE,     orinoco_ioctl_setrate),
 
6047         STD_IW_HANDLER(SIOCGIWRATE,     orinoco_ioctl_getrate),
 
6048         STD_IW_HANDLER(SIOCSIWRTS,      orinoco_ioctl_setrts),
 
6049         STD_IW_HANDLER(SIOCGIWRTS,      orinoco_ioctl_getrts),
 
6050         STD_IW_HANDLER(SIOCSIWFRAG,     orinoco_ioctl_setfrag),
 
6051         STD_IW_HANDLER(SIOCGIWFRAG,     orinoco_ioctl_getfrag),
 
6052         STD_IW_HANDLER(SIOCGIWRETRY,    orinoco_ioctl_getretry),
 
6053         STD_IW_HANDLER(SIOCSIWENCODE,   orinoco_ioctl_setiwencode),
 
6054         STD_IW_HANDLER(SIOCGIWENCODE,   orinoco_ioctl_getiwencode),
 
6055         STD_IW_HANDLER(SIOCSIWPOWER,    orinoco_ioctl_setpower),
 
6056         STD_IW_HANDLER(SIOCGIWPOWER,    orinoco_ioctl_getpower),
 
6057         STD_IW_HANDLER(SIOCSIWGENIE,    orinoco_ioctl_set_genie),
 
6058         STD_IW_HANDLER(SIOCGIWGENIE,    orinoco_ioctl_get_genie),
 
6059         STD_IW_HANDLER(SIOCSIWMLME,     orinoco_ioctl_set_mlme),
 
6060         STD_IW_HANDLER(SIOCSIWAUTH,     orinoco_ioctl_set_auth),
 
6061         STD_IW_HANDLER(SIOCGIWAUTH,     orinoco_ioctl_get_auth),
 
6062         STD_IW_HANDLER(SIOCSIWENCODEEXT, orinoco_ioctl_set_encodeext),
 
6063         STD_IW_HANDLER(SIOCGIWENCODEEXT, orinoco_ioctl_get_encodeext),
 
6068   Added typecasting since we no longer use iwreq_data -- Moustafa
 
6070 static const iw_handler orinoco_private_handler[] = {
 
6071         [0] = (iw_handler) orinoco_ioctl_reset,
 
6072         [1] = (iw_handler) orinoco_ioctl_reset,
 
6073         [2] = (iw_handler) orinoco_ioctl_setport3,
 
6074         [3] = (iw_handler) orinoco_ioctl_getport3,
 
6075         [4] = (iw_handler) orinoco_ioctl_setpreamble,
 
6076         [5] = (iw_handler) orinoco_ioctl_getpreamble,
 
6077         [6] = (iw_handler) orinoco_ioctl_setibssport,
 
6078         [7] = (iw_handler) orinoco_ioctl_getibssport,
 
6079         [9] = (iw_handler) orinoco_ioctl_getrid,
 
6082 static const struct iw_handler_def orinoco_handler_def = {
 
6083         .num_standard = ARRAY_SIZE(orinoco_handler),
 
6084         .num_private = ARRAY_SIZE(orinoco_private_handler),
 
6085         .num_private_args = ARRAY_SIZE(orinoco_privtab),
 
6086         .standard = orinoco_handler,
 
6087         .private = orinoco_private_handler,
 
6088         .private_args = orinoco_privtab,
 
6089         .get_wireless_stats = orinoco_get_wireless_stats,
 
6092 static void orinoco_get_drvinfo(struct net_device *dev,
 
6093                                 struct ethtool_drvinfo *info)
 
6095         struct orinoco_private *priv = netdev_priv(dev);
 
6097         strncpy(info->driver, DRIVER_NAME, sizeof(info->driver) - 1);
 
6098         strncpy(info->version, DRIVER_VERSION, sizeof(info->version) - 1);
 
6099         strncpy(info->fw_version, priv->fw_name, sizeof(info->fw_version) - 1);
 
6100         if (dev->dev.parent)
 
6101                 strncpy(info->bus_info, dev_name(dev->dev.parent),
 
6102                         sizeof(info->bus_info) - 1);
 
6104                 snprintf(info->bus_info, sizeof(info->bus_info) - 1,
 
6105                          "PCMCIA %p", priv->hw.iobase);
 
6108 static const struct ethtool_ops orinoco_ethtool_ops = {
 
6109         .get_drvinfo = orinoco_get_drvinfo,
 
6110         .get_link = ethtool_op_get_link,
 
6113 /********************************************************************/
 
6114 /* Module initialization                                            */
 
6115 /********************************************************************/
 
6117 EXPORT_SYMBOL(alloc_orinocodev);
 
6118 EXPORT_SYMBOL(free_orinocodev);
 
6120 EXPORT_SYMBOL(__orinoco_up);
 
6121 EXPORT_SYMBOL(__orinoco_down);
 
6122 EXPORT_SYMBOL(orinoco_reinit_firmware);
 
6124 EXPORT_SYMBOL(orinoco_interrupt);
 
6126 /* Can't be declared "const" or the whole __initdata section will
 
6128 static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
 
6129         " (David Gibson <hermes@gibson.dropbear.id.au>, "
 
6130         "Pavel Roskin <proski@gnu.org>, et al)";
 
6132 static int __init init_orinoco(void)
 
6134         printk(KERN_DEBUG "%s\n", version);
 
6138 static void __exit exit_orinoco(void)
 
6142 module_init(init_orinoco);
 
6143 module_exit(exit_orinoco);